Re: [RFC PATCH 23/27] vhost: unmap qemu's shadow virtqueues on sw live migration

[Eugenio Perez Martin]

On Fri, Nov 27, 2020 at 4:29 PM Stefano Garzarella  wrote:
>
> On Fri, Nov 20, 2020 at 07:51:01PM +0100, Eugenio Pérez wrote:
> >Since vhost does not need to access it, it has no sense to keep it
> >mapped.
> >
> >Signed-off-by: Eugenio Pérez 
> >---
> > hw/virtio/vhost.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> >diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
> >index f640d4edf0..eebfac4455 100644
> >--- a/hw/virtio/vhost.c
> >+++ b/hw/virtio/vhost.c
> >@@ -1124,6 +1124,7 @@ static int vhost_sw_live_migration_start(struct 
> >vhost_dev *dev)
> >
> > dev->sw_lm_shadow_vq[idx] = vhost_sw_lm_shadow_vq(dev, idx);
> > event_notifier_set_handler(>masked_notifier, vhost_handle_call);
> >+vhost_virtqueue_memory_unmap(dev, >vqs[idx], true);
>
> IIUC vhost_virtqueue_memory_unmap() is already called at the end of
> vhost_virtqueue_stop(), so we can skip this call, right?
>

You are totally right Stefano, thanks for the catch!

> >
> > vhost_vring_write_addr(dev->sw_lm_shadow_vq[idx], );
> > r = dev->vhost_ops->vhost_set_vring_addr(dev, );
> >-- 2.18.4
> >
>

Re: [PATCH 6/8] hvf: Use OS provided vcpu kick function

[Claudio Fontana]

On 11/30/20 3:42 AM, Alexander Graf wrote:
> 
> On 26.11.20 23:18, Eduardo Habkost wrote:
>> On Thu, Nov 26, 2020 at 10:50:15PM +0100, Alexander Graf wrote:
>>> When kicking another vCPU, we get an OS function that explicitly does that 
>>> for us
>>> on Apple Silicon. That works better than the current signaling logic, let's 
>>> make
>>> use of it there.
>>>
>>> Signed-off-by: Alexander Graf 
>>> ---
>>>   accel/hvf/hvf-cpus.c | 12 
>>>   1 file changed, 12 insertions(+)
>>>
>>> diff --git a/accel/hvf/hvf-cpus.c b/accel/hvf/hvf-cpus.c
>>> index b9f674478d..74a272d2e8 100644
>>> --- a/accel/hvf/hvf-cpus.c
>>> +++ b/accel/hvf/hvf-cpus.c
>>> @@ -418,8 +418,20 @@ static void hvf_start_vcpu_thread(CPUState *cpu)
>>>  cpu, QEMU_THREAD_JOINABLE);
>>>   }
>>>   
>>> +#ifdef __aarch64__
>>> +static void hvf_kick_vcpu_thread(CPUState *cpu)
>>> +{
>>> +if (!qemu_cpu_is_self(cpu)) {
>>> +hv_vcpus_exit(>hvf_fd, 1);
>>> +}
>>> +}
>>> +#endif
>>> +
>>>   static const CpusAccel hvf_cpus = {
>>>   .create_vcpu_thread = hvf_start_vcpu_thread,
>>> +#ifdef __aarch64__
>>> +.kick_vcpu_thread = hvf_kick_vcpu_thread,
>>> +#endif
>> Interesting.  We have considered the possibility of adding
>> arch-specific TYPE_ACCEL subclasses when discussing Claudio's,
>> series.  Here we have another arch-specific hack that could be
>> avoided if we had a TYPE_ARM_HVF_ACCEL QOM class.
> 
> 
> I don't think that's necessary in this case. I don't see how you could 
> ever have aarch64 and x86 HVF backends compiled into the same binary. 
> The header files even have a lot of #ifdef's.
> 
> Either way, I've changed it to a weak function in v2. That way it's a 
> bit easier to read.
> 
> 
> Alex
> 
> 

Ciao Alex!

you're in the news, congrats for your hack!

Ciao,

Claudio

RE: [PATCH v2 2/3] target/nios2: Move nios2_check_interrupts() into target/nios2

[Wu, Wentong]

On Monday, November 30, 2020 1:40 AM, Peter Maydell wrote:
> The function nios2_check_interrupts)() looks only at CPU-internal state; it
> belongs in target/nios2, not hw/nios2.  Move it into the same file as its only
> caller, so it can just be local to that file.
> 
> This removes the only remaining code from cpu_pic.c, so we can delete that 
> file
> entirely.
> 
> Signed-off-by: Peter Maydell 
> Reviewed-by: Philippe Mathieu-Daudé 
> ---
>  target/nios2/cpu.h   |  2 --
>  hw/nios2/cpu_pic.c   | 36 
>  target/nios2/op_helper.c |  9 +
>  hw/nios2/meson.build |  2 +-
>  4 files changed, 10 insertions(+), 39 deletions(-)  delete mode 100644
> hw/nios2/cpu_pic.c

Reviewed and tested.

RE: [PATCH v2 1/3] target/nios2: Move IIC code into CPU object proper

[Wu, Wentong]

On Monday, November 30, 2020 1:40 AM, Peter Maydell wrote:
> The Nios2 architecture supports two different interrupt controller
> options:
> 
>  * The IIC (Internal Interrupt Controller) is part of the CPU itself;
>it has 32 IRQ input lines and no NMI support.  Interrupt status is
>queried and controlled via the CPU's ipending and istatus
>registers.
> 
>  * The EIC (External Interrupt Controller) interface allows the CPU
>to connect to an external interrupt controller.  The interface
>allows the interrupt controller to present a packet of information
>containing:
> - handler address
> - interrupt level
> - register set
> - NMI mode
> 
> QEMU does not model an EIC currently.  We do model the IIC, but its
> implementation is split across code in hw/nios2/cpu_pic.c and
> hw/intc/nios2_iic.c.  The code in those two files has no state of its own -- 
> the IIC
> state is in the Nios2CPU state struct.
> 
> Because CPU objects now inherit (indirectly) from TYPE_DEVICE, they can have
> GPIO input lines themselves, so we can implement the IIC directly in the CPU
> object the same way that real hardware does.
> 
> Create named "IRQ" GPIO inputs to the Nios2 CPU object, and make the only
> user of the IIC wire up directly to those instead.
> 
> Note that the old code had an "NMI" concept which was entirely unused and
> also as far as I can see not architecturally correct, since only the EIC has a
> concept of an NMI.
> 
> This fixes a Coverity-reported trivial memory leak of the IRQ array allocated 
> in
> nios2_cpu_pic_init().
> 
> Fixes: Coverity CID 1421916
> Signed-off-by: Peter Maydell 
> ---
>  target/nios2/cpu.h|  1 -
>  hw/intc/nios2_iic.c   | 95 ---
>  hw/nios2/10m50_devboard.c | 13 +-
>  hw/nios2/cpu_pic.c| 31 -
>  target/nios2/cpu.c| 30 +
>  MAINTAINERS   |  1 -
>  hw/intc/meson.build   |  1 -
>  7 files changed, 32 insertions(+), 140 deletions(-)  delete mode 100644
> hw/intc/nios2_iic.c

Reviewed and tested. 

[PATCH v2] gitlab-ci.yml: Add openSUSE Leap 15.2 for gitlab CI/CD

[Cho, Yu-Chen]

v2:
Drop some package from dockerfile to make docker image more light.

v1:
Add build-system-opensuse jobs and opensuse-leap.docker dockerfile.
Use openSUSE Leap 15.2 container image in the gitlab-CI.

Signed-off-by: Cho, Yu-Chen 
---
 .gitlab-ci.d/containers.yml   |  5 ++
 .gitlab-ci.yml| 30 +++
 tests/docker/dockerfiles/opensuse-leap.docker | 54 +++
 3 files changed, 89 insertions(+)
 create mode 100644 tests/docker/dockerfiles/opensuse-leap.docker

diff --git a/.gitlab-ci.d/containers.yml b/.gitlab-ci.d/containers.yml
index 892ca8d838..910754a699 100644
--- a/.gitlab-ci.d/containers.yml
+++ b/.gitlab-ci.d/containers.yml
@@ -246,3 +246,8 @@ amd64-ubuntu-container:
   <<: *container_job_definition
   variables:
 NAME: ubuntu
+
+amd64-opensuse-leap-container:
+  <<: *container_job_definition
+  variables:
+NAME: opensuse-leap
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d0173e82b1..6a256fe07b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -195,6 +195,36 @@ acceptance-system-centos:
 MAKE_CHECK_ARGS: check-acceptance
   <<: *acceptance_definition
 
+build-system-opensuse:
+  <<: *native_build_job_definition
+  variables:
+IMAGE: opensuse-leap
+TARGETS: s390x-softmmu x86_64-softmmu aarch64-softmmu
+MAKE_CHECK_ARGS: check-build
+  artifacts:
+expire_in: 2 days
+paths:
+  - build
+
+check-system-opensuse:
+  <<: *native_test_job_definition
+  needs:
+- job: build-system-opensuse
+  artifacts: true
+  variables:
+IMAGE: opensuse-leap
+MAKE_CHECK_ARGS: check
+
+acceptance-system-opensuse:
+  <<: *native_test_job_definition
+  needs:
+- job: build-system-opensuse
+  artifacts: true
+  variables:
+IMAGE: opensuse-leap
+MAKE_CHECK_ARGS: check-acceptance
+  <<: *acceptance_definition
+
 build-disabled:
   <<: *native_build_job_definition
   variables:
diff --git a/tests/docker/dockerfiles/opensuse-leap.docker 
b/tests/docker/dockerfiles/opensuse-leap.docker
new file mode 100644
index 00..8b0d915bff
--- /dev/null
+++ b/tests/docker/dockerfiles/opensuse-leap.docker
@@ -0,0 +1,54 @@
+FROM opensuse/leap:15.2
+
+# Please keep this list sorted alphabetically
+ENV PACKAGES \
+bc \
+brlapi-devel \
+bzip2 \
+cyrus-sasl-devel \
+gcc \
+gcc-c++ \
+mkisofs \
+gettext-runtime \
+git \
+glib2-devel \
+glusterfs-devel \
+libgnutls-devel \
+gtk3-devel \
+libaio-devel \
+libattr-devel \
+libcap-ng-devel \
+libepoxy-devel \
+libfdt-devel \
+libiscsi-devel \
+libjpeg8-devel \
+libpmem-devel \
+libpng16-devel \
+librbd-devel \
+libseccomp-devel \
+libssh-devel \
+lzo-devel \
+make \
+libSDL2_image-devel \
+ncurses-devel \
+ninja \
+libnuma-devel \
+perl \
+libpixman-1-0-devel \
+python3-base \
+python3-virtualenv \
+rdma-core-devel \
+libSDL2-devel \
+snappy-devel \
+libspice-server-devel \
+systemd-devel \
+systemtap-sdt-devel \
+usbredir-devel \
+virglrenderer-devel \
+xen-devel \
+vte-devel \
+zlib-devel
+ENV QEMU_CONFIGURE_OPTS --python=/usr/bin/python3.8
+
+RUN zypper update -y && zypper --non-interactive install -y $PACKAGES
+RUN rpm -q $PACKAGES | sort > /packages.txt
-- 
2.29.2

[PATCH 2/2] hw/ssi: imx_spi: Disable chip selects in imx_spi_reset()

[Bin Meng]

From: Xuzhou Cheng 

When a write to ECSPI_CONREG register to disable the SPI controller,
imx_spi_reset() is called to reset the controller, during which CS
lines should have been disabled, otherwise the state machine of any
devices (e.g.: SPI flashes) connected to the SPI master is stuck to
its last state and responds incorrectly to any follow-up commands.

Fixes c906a3a01582: ("i.MX: Add the Freescale SPI Controller")
Signed-off-by: Xuzhou Cheng 
Signed-off-by: Bin Meng 

---

 hw/ssi/imx_spi.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/hw/ssi/imx_spi.c b/hw/ssi/imx_spi.c
index e605049..85c172e 100644
--- a/hw/ssi/imx_spi.c
+++ b/hw/ssi/imx_spi.c
@@ -231,6 +231,7 @@ static void imx_spi_flush_txfifo(IMXSPIState *s)
 static void imx_spi_reset(DeviceState *dev)
 {
 IMXSPIState *s = IMX_SPI(dev);
+int i;
 
 DPRINTF("\n");
 
@@ -243,6 +244,10 @@ static void imx_spi_reset(DeviceState *dev)
 
 imx_spi_update_irq(s);
 
+for (i = 0; i < ECSPI_NUM_CS; i++) {
+qemu_set_irq(s->cs_lines[i], 1);
+}
+
 s->burst_length = 0;
 }
 
-- 
2.7.4

[PATCH 1/2] hw/ssi: imx_spi: Use a macro for number of chip selects supported

[Bin Meng]

From: Bin Meng 

Avoid using a magic number (4) everywhere for the number of chip
selects supported.

Signed-off-by: Bin Meng 
---

 hw/ssi/imx_spi.c | 4 ++--
 include/hw/ssi/imx_spi.h | 5 -
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/hw/ssi/imx_spi.c b/hw/ssi/imx_spi.c
index d8885ae..e605049 100644
--- a/hw/ssi/imx_spi.c
+++ b/hw/ssi/imx_spi.c
@@ -361,7 +361,7 @@ static void imx_spi_write(void *opaque, hwaddr offset, 
uint64_t value,
 
 /* We are in master mode */
 
-for (i = 0; i < 4; i++) {
+for (i = 0; i < ECSPI_NUM_CS; i++) {
 qemu_set_irq(s->cs_lines[i],
  i == imx_spi_selected_channel(s) ? 0 : 1);
 }
@@ -424,7 +424,7 @@ static void imx_spi_realize(DeviceState *dev, Error **errp)
 sysbus_init_mmio(SYS_BUS_DEVICE(dev), >iomem);
 sysbus_init_irq(SYS_BUS_DEVICE(dev), >irq);
 
-for (i = 0; i < 4; ++i) {
+for (i = 0; i < ECSPI_NUM_CS; ++i) {
 sysbus_init_irq(SYS_BUS_DEVICE(dev), >cs_lines[i]);
 }
 
diff --git a/include/hw/ssi/imx_spi.h b/include/hw/ssi/imx_spi.h
index b82b17f..eeaf49b 100644
--- a/include/hw/ssi/imx_spi.h
+++ b/include/hw/ssi/imx_spi.h
@@ -77,6 +77,9 @@
 
 #define EXTRACT(value, name) extract32(value, name##_SHIFT, name##_LENGTH)
 
+/* number of chip selects supported */
+#define ECSPI_NUM_CS 4
+
 #define TYPE_IMX_SPI "imx.spi"
 OBJECT_DECLARE_SIMPLE_TYPE(IMXSPIState, IMX_SPI)
 
@@ -89,7 +92,7 @@ struct IMXSPIState {
 
 qemu_irq irq;
 
-qemu_irq cs_lines[4];
+qemu_irq cs_lines[ECSPI_NUM_CS];
 
 SSIBus *bus;
 
-- 
2.7.4

Re: [PULL 19/20] target/mips: Add Loongson-3 CPU definition

[Jiaxun Yang]

在 2020/11/30 上午6:09, Philippe Mathieu-Daudé 写道:

Hi Huacai,

On 6/9/20 6:28 PM, Aleksandar Markovic wrote:

From: Huacai Chen 

Loongson-3 CPU family include Loongson-3A R1/R2/R3/R4 and Loongson-3B
R1/R2. Loongson-3A R1 is the oldest and its ISA is the smallest, while
Loongson-3A R4 is the newest and its ISA is almost the superset of all
others. To reduce complexity, we just define two CPU types:

1) "Loongson-3A1000" CPU which is corresponding to Loongson-3A R1. It is
suitable for TCG because Loongson-3A R1 has fewest ASE.
2) "Loongson-3A4000" CPU which is corresponding to Loongson-3A R4. It is
suitable for KVM because Loongson-3A R4 has the VZ ASE.

Loongson-3A has CONFIG6 and CONFIG7, so add their bit-fields as well.

[AM: Rearranged insn_flags, added comments, renamed lmi_helper.c,
improved commit message, fixed checkpatch warnings]

Signed-off-by: Huacai Chen 
Co-developed-by: Jiaxun Yang 
Reviewed-by: Aleksandar Markovic 
Signed-off-by: Aleksandar Markovic 
Message-Id: <1591065557-9174-3-git-send-email-che...@lemote.com>
---
  target/mips/cpu.h   | 32 ++-
  target/mips/internal.h  |  2 +
  target/mips/mips-defs.h | 45 ---
  target/mips/{lmi_helper.c => lmmi_helper.c} |  0
  target/mips/translate.c |  2 +
  target/mips/translate_init.inc.c| 86 +
  target/mips/Makefile.objs   |  2 +-
  7 files changed, 146 insertions(+), 23 deletions(-)
  rename target/mips/{lmi_helper.c => lmmi_helper.c} (100%)

diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index 94d01ea..7cf7f52 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -198,8 +198,8 @@ typedef struct mips_def_t mips_def_t;
   * 3   Config3 WatchLo3  WatchHi
   * 4   Config4 WatchLo4  WatchHi
   * 5   Config5 WatchLo5  WatchHi
- * 6   WatchLo6  WatchHi
- * 7   WatchLo7  WatchHi
+ * 6   Config6 WatchLo6  WatchHi
+ * 7   Config7 WatchLo7  WatchHi
   *
   *
   * Register 20   Register 21   Register 22   Register 23
@@ -940,7 +940,35 @@ struct CPUMIPSState {
  #define CP0C5_UFR  2
  #define CP0C5_NFExists 0
  int32_t CP0_Config6;
+int32_t CP0_Config6_rw_bitmask;
+#define CP0C6_BPPASS  31
+#define CP0C6_KPOS24
+#define CP0C6_KE  23
+#define CP0C6_VTLBONLY22
+#define CP0C6_LASX21
+#define CP0C6_SSEN20
+#define CP0C6_DISDRTIME   19
+#define CP0C6_PIXNUEN 18
+#define CP0C6_SCRAND  17
+#define CP0C6_LLEXCEN 16
+#define CP0C6_DISVC   15
+#define CP0C6_VCLRU   14
+#define CP0C6_DCLRU   13
+#define CP0C6_PIXUEN  12
+#define CP0C6_DISBLKLYEN  11
+#define CP0C6_UMEMUALEN   10
+#define CP0C6_SFBEN   8
+#define CP0C6_FLTINT  7
+#define CP0C6_VLTINT  6
+#define CP0C6_DISBTB  5
+#define CP0C6_STPREFCTL   2
+#define CP0C6_INSTPREF1
+#define CP0C6_DATAPREF0
  int32_t CP0_Config7;
+int64_t CP0_Config7_rw_bitmask;
+#define CP0C7_NAPCGEN   2
+#define CP0C7_UNIMUEN   1
+#define CP0C7_VFPUCGEN  0
  uint64_t CP0_LLAddr;
  uint64_t CP0_MAAR[MIPS_MAAR_MAX];
  int32_t CP0_MAARI;
diff --git a/target/mips/internal.h b/target/mips/internal.h
index 684356e..7f159a9 100644
--- a/target/mips/internal.h
+++ b/target/mips/internal.h
@@ -36,7 +36,9 @@ struct mips_def_t {
  int32_t CP0_Config5;
  int32_t CP0_Config5_rw_bitmask;
  int32_t CP0_Config6;
+int32_t CP0_Config6_rw_bitmask;
  int32_t CP0_Config7;
+int32_t CP0_Config7_rw_bitmask;
  target_ulong CP0_LLAddr_rw_bitmask;
  int CP0_LLAddr_shift;
  int32_t SYNCI_Step;
diff --git a/target/mips/mips-defs.h b/target/mips/mips-defs.h
index a831bb4..0c12910 100644
--- a/target/mips/mips-defs.h
+++ b/target/mips/mips-defs.h
@@ -15,7 +15,7 @@
   * 
   */
  /*
- *   bits 0-31: MIPS base instruction sets
+ *   bits 0-23: MIPS base instruction sets
   */
  #define ISA_MIPS1 0x0001ULL
  #define ISA_MIPS2 0x0002ULL
@@ -34,30 +34,33 @@
  #define ISA_MIPS64R6  0x4000ULL
  #define ISA_NANOMIPS320x8000ULL
  /*
- *   bits 32-47: MIPS ASEs
+ *   bits 24-39: MIPS ASEs
   */
-#define ASE_MIPS160x0001ULL
-#define ASE_MIPS3D0x0002ULL
-#define ASE_MDMX  0x0004ULL
-#define ASE_DSP   0x0008ULL
-#define ASE_DSP_R20x0010ULL
-#define ASE_DSP_R30x0020ULL
-#define ASE_MT0x0040ULL
-#define 

Re: [PATCH v2 0/8] hvf: Implement Apple Silicon Support

[no-reply]

Patchew URL: https://patchew.org/QEMU/20201130030723.78326-1-ag...@csgraf.de/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20201130030723.78326-1-ag...@csgraf.de
Subject: [PATCH v2 0/8] hvf: Implement Apple Silicon Support

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] patchew/20201130030723.78326-1-ag...@csgraf.de -> 
patchew/20201130030723.78326-1-ag...@csgraf.de
Switched to a new branch 'test'
ae13163 arm: Add Hypervisor.framework build target
76a368a hvf: Add Apple Silicon support
ed57a9a hvf: arm: Mark CPU as dirty on reset
6d357c1 arm: Set PSCI to 0.2 for HVF
47e1fa7 hvf: Introduce hvf vcpu struct
d10d6e1 hvf: Actually set SIG_IPI mask
5bf37ca hvf: Move common code out
7b8f95a hvf: Add hypervisor entitlement to output binaries

=== OUTPUT BEGIN ===
1/8 Checking commit 7b8f95aad117 (hvf: Add hypervisor entitlement to output 
binaries)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#16: 
new file mode 100644

total: 0 errors, 1 warnings, 63 lines checked

Patch 1/8 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
2/8 Checking commit 5bf37ca7b0a0 (hvf: Move common code out)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1088 lines checked

Patch 2/8 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/8 Checking commit d10d6e1d8ec6 (hvf: Actually set SIG_IPI mask)
4/8 Checking commit 47e1fa754e85 (hvf: Introduce hvf vcpu struct)
WARNING: line over 80 characters
#138: FILE: target/i386/hvf/hvf.c:213:
+wvmcs(cpu->hvf->fd, VMCS_ENTRY_CTLS, 
cap2ctrl(hvf_state->hvf_caps->vmx_cap_entry,

ERROR: "(foo*)" should be "(foo *)"
#746: FILE: target/i386/hvf/x86hvf.c:85:
+if (hv_vcpu_write_fpstate(cpu_state->hvf->fd, (void*)xsave, 4096)) {

ERROR: "(foo*)" should be "(foo *)"
#827: FILE: target/i386/hvf/x86hvf.c:167:
+if (hv_vcpu_read_fpstate(cpu_state->hvf->fd, (void*)xsave, 4096)) {

total: 2 errors, 1 warnings, 996 lines checked

Patch 4/8 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

5/8 Checking commit 6d357c130379 (arm: Set PSCI to 0.2 for HVF)
6/8 Checking commit ed57a9a142df (hvf: arm: Mark CPU as dirty on reset)
7/8 Checking commit 76a368a42427 (hvf: Add Apple Silicon support)
WARNING: architecture specific defines should be avoided
#47: FILE: accel/hvf/hvf-cpus.c:63:
+#ifdef __aarch64__

WARNING: architecture specific defines should be avoided
#58: FILE: accel/hvf/hvf-cpus.c:351:
+#ifdef __aarch64__

WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#113: 
new file mode 100644

WARNING: line over 80 characters
#299: FILE: target/arm/hvf/hvf.c:182:
+{ HV_SYS_REG_CNTV_CTL_EL0, offsetof(CPUARMState, 
cp15.c14_timer[GTIMER_VIRT].ctl) },

WARNING: line over 80 characters
#300: FILE: target/arm/hvf/hvf.c:183:
+{ HV_SYS_REG_CNTV_CVAL_EL0, offsetof(CPUARMState, 
cp15.c14_timer[GTIMER_VIRT].cval) },

WARNING: line over 80 characters
#458: FILE: target/arm/hvf/hvf.c:341:
+hv_vcpu_set_pending_interrupt(cpu->hvf->fd, HV_INTERRUPT_TYPE_FIQ, 
true);

WARNING: line over 80 characters
#463: FILE: target/arm/hvf/hvf.c:346:
+hv_vcpu_set_pending_interrupt(cpu->hvf->fd, HV_INTERRUPT_TYPE_IRQ, 
true);

WARNING: line over 80 characters
#616: FILE: target/arm/hvf/hvf.c:499:
+r = hv_vcpu_get_sys_reg(cpu->hvf->fd, HV_SYS_REG_CNTV_CTL_EL0, 
);

WARNING: line over 80 characters
#618: FILE: target/arm/hvf/hvf.c:501:
+r = hv_vcpu_get_sys_reg(cpu->hvf->fd, 
HV_SYS_REG_CNTV_CVAL_EL0, );

WARNING: line over 80 characters
#651: FILE: target/arm/hvf/hvf.c:534:
+/* Set cpu->hvf->sleeping so that we get a SIG_IPI signal. 
*/

ERROR: memory barrier without comment
#653: FILE: target/arm/hvf/hvf.c:536:
+smp_mb();

total: 1 errors, 10 warnings, 673 lines checked

Patch 7/8 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

8/8 Checking commit ae13163aef39 (arm: Add Hypervisor.framework build target)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#47: 
new file mode 100644

total: 0 errors, 1 warnings, 36 lines checked

Patch 8/8 has style problems, please review.  If any of these errors
are false positives 

[PATCH v2 8/8] arm: Add Hypervisor.framework build target

[Alexander Graf]

Now that we have all logic in place that we need to handle Hypervisor.framework
on Apple Silicon systems, let's add CONFIG_HVF for aarch64 as well so that we
can build it.

Signed-off-by: Alexander Graf 

---

v1 -> v2:

  - Fix build on 32bit arm
---
 meson.build| 11 ++-
 target/arm/hvf/meson.build |  3 +++
 target/arm/meson.build |  2 ++
 3 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 target/arm/hvf/meson.build

diff --git a/meson.build b/meson.build
index 2a7ff5560c..bff3fe7089 100644
--- a/meson.build
+++ b/meson.build
@@ -74,16 +74,25 @@ else
 endif
 
 accelerator_targets = { 'CONFIG_KVM': kvm_targets }
+
+if cpu in ['x86', 'x86_64']
+  hvf_targets = ['i386-softmmu', 'x86_64-softmmu']
+elif cpu in ['aarch64']
+  hvf_targets = ['aarch64-softmmu']
+else
+  hvf_targets = []
+endif
+
 if cpu in ['x86', 'x86_64', 'arm', 'aarch64']
   # i368 emulator provides xenpv machine type for multiple architectures
   accelerator_targets += {
 'CONFIG_XEN': ['i386-softmmu', 'x86_64-softmmu'],
+'CONFIG_HVF': hvf_targets,
   }
 endif
 if cpu in ['x86', 'x86_64']
   accelerator_targets += {
 'CONFIG_HAX': ['i386-softmmu', 'x86_64-softmmu'],
-'CONFIG_HVF': ['x86_64-softmmu'],
 'CONFIG_WHPX': ['i386-softmmu', 'x86_64-softmmu'],
   }
 endif
diff --git a/target/arm/hvf/meson.build b/target/arm/hvf/meson.build
new file mode 100644
index 00..855e6cce5a
--- /dev/null
+++ b/target/arm/hvf/meson.build
@@ -0,0 +1,3 @@
+arm_softmmu_ss.add(when: [hvf, 'CONFIG_HVF'], if_true: files(
+  'hvf.c',
+))
diff --git a/target/arm/meson.build b/target/arm/meson.build
index f5de2a77b8..95bebae216 100644
--- a/target/arm/meson.build
+++ b/target/arm/meson.build
@@ -56,5 +56,7 @@ arm_softmmu_ss.add(files(
   'psci.c',
 ))
 
+subdir('hvf')
+
 target_arch += {'arm': arm_ss}
 target_softmmu_arch += {'arm': arm_softmmu_ss}
-- 
2.24.3 (Apple Git-128)

[PATCH v2 7/8] hvf: Add Apple Silicon support

[Alexander Graf]

With Apple Silicon available to the masses, it's a good time to add support
for driving its virtualization extensions from QEMU.

This patch adds all necessary architecture specific code to get basic VMs
working. It's still pretty raw, but definitely functional.

Known limitations:

  - Vtimer acknowledgement is hacky
  - Should implement more sysregs and fault on invalid ones then
  - WFI handling is missing, need to marry it with vtimer

Signed-off-by: Alexander Graf 

---

v1 -> v2:

  - Merge vcpu kick function patch
  - Implement WFI handling (allows vCPUs to sleep)
  - Synchronize system registers (fixes OVMF crashes and reboot)
  - Don't always call cpu_synchronize_state()
  - Use more fine grained iothread locking
  - Populate aa64mmfr0 from hardware
---
 MAINTAINERS  |   5 +
 accel/hvf/hvf-cpus.c |  14 +
 include/sysemu/hvf_int.h |   7 +-
 target/arm/hvf/hvf.c | 603 +++
 4 files changed, 628 insertions(+), 1 deletion(-)
 create mode 100644 target/arm/hvf/hvf.c

diff --git a/MAINTAINERS b/MAINTAINERS
index ca4b6d9279..9cd1d9d448 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -439,6 +439,11 @@ F: accel/accel.c
 F: accel/Makefile.objs
 F: accel/stubs/Makefile.objs
 
+Apple Silicon HVF CPUs
+M: Alexander Graf 
+S: Maintained
+F: target/arm/hvf/
+
 X86 HVF CPUs
 M: Cameron Esfahani 
 M: Roman Bolshakov 
diff --git a/accel/hvf/hvf-cpus.c b/accel/hvf/hvf-cpus.c
index e6dffcd9b5..4360f64671 100644
--- a/accel/hvf/hvf-cpus.c
+++ b/accel/hvf/hvf-cpus.c
@@ -60,6 +60,10 @@
 
 #include 
 
+#ifdef __aarch64__
+#define HV_VM_DEFAULT NULL
+#endif
+
 /* Memory slots */
 
 struct mac_slot {
@@ -344,7 +348,11 @@ static int hvf_init_vcpu(CPUState *cpu)
 sigdelset(, SIG_IPI);
 pthread_sigmask(SIG_SETMASK, , NULL);
 
+#ifdef __aarch64__
+r = hv_vcpu_create(>hvf->fd, (hv_vcpu_exit_t **)>hvf->exit, 
NULL);
+#else
 r = hv_vcpu_create((hv_vcpuid_t *)>hvf->fd, HV_VCPU_DEFAULT);
+#endif
 cpu->vcpu_dirty = 1;
 assert_hvf_ok(r);
 
@@ -415,8 +423,14 @@ static void hvf_start_vcpu_thread(CPUState *cpu)
cpu, QEMU_THREAD_JOINABLE);
 }
 
+__attribute__((weak)) void hvf_kick_vcpu_thread(CPUState *cpu)
+{
+cpus_kick_thread(cpu);
+}
+
 static const CpusAccel hvf_cpus = {
 .create_vcpu_thread = hvf_start_vcpu_thread,
+.kick_vcpu_thread = hvf_kick_vcpu_thread,
 
 .synchronize_post_reset = hvf_cpu_synchronize_post_reset,
 .synchronize_post_init = hvf_cpu_synchronize_post_init,
diff --git a/include/sysemu/hvf_int.h b/include/sysemu/hvf_int.h
index 7967e33727..c56baa3ae8 100644
--- a/include/sysemu/hvf_int.h
+++ b/include/sysemu/hvf_int.h
@@ -11,6 +11,7 @@
 #ifndef HVF_INT_H
 #define HVF_INT_H
 
+#include "qemu/osdep.h"
 #include 
 
 #define HVF_MAX_VCPU 0x10
@@ -59,7 +60,10 @@ struct HVFState {
 extern HVFState *hvf_state;
 
 struct hvf_vcpu_state {
-int fd;
+uint64_t fd;
+void *exit;
+struct timespec ts;
+bool sleeping;
 };
 
 void assert_hvf_ok(hv_return_t ret);
@@ -69,5 +73,6 @@ int hvf_arch_init_vcpu(CPUState *cpu);
 void hvf_arch_vcpu_destroy(CPUState *cpu);
 int hvf_vcpu_exec(CPUState *cpu);
 hvf_slot *hvf_find_overlap_slot(uint64_t, uint64_t);
+void hvf_kick_vcpu_thread(CPUState *cpu);
 
 #endif
diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
new file mode 100644
index 00..8fe10966d2
--- /dev/null
+++ b/target/arm/hvf/hvf.c
@@ -0,0 +1,603 @@
+/*
+ * QEMU Hypervisor.framework support for Apple Silicon
+
+ * Copyright 2020 Alexander Graf 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/error-report.h"
+
+#include "sysemu/runstate.h"
+#include "sysemu/hvf.h"
+#include "sysemu/hvf_int.h"
+#include "sysemu/hw_accel.h"
+
+#include 
+
+#include "exec/address-spaces.h"
+#include "hw/irq.h"
+#include "qemu/main-loop.h"
+#include "sysemu/accel.h"
+#include "sysemu/cpus.h"
+#include "target/arm/cpu.h"
+#include "target/arm/internals.h"
+
+#define HVF_DEBUG 0
+#define DPRINTF(...)\
+if (HVF_DEBUG) {\
+fprintf(stderr, "HVF %s:%d ", __func__, __LINE__);  \
+fprintf(stderr, __VA_ARGS__);   \
+fprintf(stderr, "\n");  \
+}
+
+#define SYSREG(op0, op1, op2, crn, crm) \
+((op0 << 20) | (op2 << 17) | (op1 << 14) | (crn << 10) | (crm << 1))
+#define SYSREG_MASK   SYSREG(0x3, 0x7, 0x7, 0xf, 0xf)
+#define SYSREG_CNTPCT_EL0 SYSREG(3, 3, 1, 14, 0)
+#define SYSREG_PMCCNTR_EL0SYSREG(3, 3, 0, 9, 13)
+
+#define WFX_IS_WFE (1 << 0)
+
+struct hvf_reg_match {
+int reg;
+uint64_t offset;
+};
+
+static const struct hvf_reg_match hvf_reg_match[] = {
+{ HV_REG_X0,   offsetof(CPUARMState, xregs[0]) },
+{ HV_REG_X1,   offsetof(CPUARMState, xregs[1]) },
+{ 

[PATCH v2 1/8] hvf: Add hypervisor entitlement to output binaries

[Alexander Graf]

In macOS 11, QEMU only gets access to Hypervisor.framework if it has the
respective entitlement. Add an entitlement template and automatically self
sign and apply the entitlement in the build.

Signed-off-by: Alexander Graf 

---

v1 -> v2:

  - Make safe to ctrl-C
---
 accel/hvf/entitlements.plist |  8 
 meson.build  | 30 ++
 scripts/entitlement.sh   | 13 +
 3 files changed, 47 insertions(+), 4 deletions(-)
 create mode 100644 accel/hvf/entitlements.plist
 create mode 100755 scripts/entitlement.sh

diff --git a/accel/hvf/entitlements.plist b/accel/hvf/entitlements.plist
new file mode 100644
index 00..154f3308ef
--- /dev/null
+++ b/accel/hvf/entitlements.plist
@@ -0,0 +1,8 @@
+
+http://www.apple.com/DTDs/PropertyList-1.0.dtd;>
+
+
+com.apple.security.hypervisor
+
+
+
diff --git a/meson.build b/meson.build
index 5062407c70..2a7ff5560c 100644
--- a/meson.build
+++ b/meson.build
@@ -1844,9 +1844,14 @@ foreach target : target_dirs
 }]
   endif
   foreach exe: execs
-emulators += {exe['name']:
- executable(exe['name'], exe['sources'],
-   install: true,
+exe_name = exe['name']
+exe_sign = 'CONFIG_HVF' in config_target
+if exe_sign
+  exe_name += '-unsigned'
+endif
+
+emulator = executable(exe_name, exe['sources'],
+   install: not exe_sign,
c_args: c_args,
dependencies: arch_deps + deps + exe['dependencies'],
objects: lib.extract_all_objects(recursive: true),
@@ -1854,7 +1859,24 @@ foreach target : target_dirs
link_depends: [block_syms, qemu_syms] + exe.get('link_depends', 
[]),
link_args: link_args,
gui_app: exe['gui'])
-}
+
+if exe_sign
+  exe_full = meson.current_build_dir() / exe['name']
+  emulators += {exe['name'] : custom_target(exe['name'],
+   install: true,
+   install_dir: get_option('bindir'),
+   depends: emulator,
+   output: exe['name'],
+   command: [
+ meson.current_source_dir() / 'scripts/entitlement.sh',
+ meson.current_build_dir() / exe['name'] + '-unsigned',
+ meson.current_build_dir() / exe['name'],
+ meson.current_source_dir() / 
'accel/hvf/entitlements.plist'
+   ])
+  }
+else
+  emulators += {exe['name']: emulator}
+endif
 
 if 'CONFIG_TRACE_SYSTEMTAP' in config_host
   foreach stp: [
diff --git a/scripts/entitlement.sh b/scripts/entitlement.sh
new file mode 100755
index 00..c540fa6435
--- /dev/null
+++ b/scripts/entitlement.sh
@@ -0,0 +1,13 @@
+#!/bin/sh -e
+#
+# Helper script for the build process to apply entitlements
+
+SRC="$1"
+DST="$2"
+ENTITLEMENT="$3"
+
+trap 'rm "$DST.tmp"' exit
+cp -af "$SRC" "$DST.tmp"
+codesign --entitlements "$ENTITLEMENT" --force -s - "$DST.tmp"
+mv "$DST.tmp" "$DST"
+trap '' exit
-- 
2.24.3 (Apple Git-128)

[PATCH v2 4/8] hvf: Introduce hvf vcpu struct

[Alexander Graf]

We will need more than a single field for hvf going forward. To keep
the global vcpu struct uncluttered, let's allocate a special hvf vcpu
struct, similar to how hax does it.

Signed-off-by: Alexander Graf 
---
 accel/hvf/hvf-cpus.c|   8 +-
 include/hw/core/cpu.h   |   3 +-
 include/sysemu/hvf_int.h|   4 +
 target/i386/hvf/hvf.c   | 102 +-
 target/i386/hvf/vmx.h   |  24 +++--
 target/i386/hvf/x86.c   |  28 ++---
 target/i386/hvf/x86_descr.c |  26 ++---
 target/i386/hvf/x86_emu.c   |  62 +--
 target/i386/hvf/x86_mmu.c   |   4 +-
 target/i386/hvf/x86_task.c  |  12 +--
 target/i386/hvf/x86hvf.c| 210 ++--
 11 files changed, 247 insertions(+), 236 deletions(-)

diff --git a/accel/hvf/hvf-cpus.c b/accel/hvf/hvf-cpus.c
index 38559ab649..e6dffcd9b5 100644
--- a/accel/hvf/hvf-cpus.c
+++ b/accel/hvf/hvf-cpus.c
@@ -314,10 +314,12 @@ static void hvf_cpu_synchronize_pre_loadvm(CPUState *cpu)
 
 static void hvf_vcpu_destroy(CPUState *cpu)
 {
-hv_return_t ret = hv_vcpu_destroy(cpu->hvf_fd);
+hv_return_t ret = hv_vcpu_destroy(cpu->hvf->fd);
 assert_hvf_ok(ret);
 
 hvf_arch_vcpu_destroy(cpu);
+free(cpu->hvf);
+cpu->hvf = NULL;
 }
 
 static void dummy_signal(int sig)
@@ -328,6 +330,8 @@ static int hvf_init_vcpu(CPUState *cpu)
 {
 int r;
 
+cpu->hvf = g_malloc0(sizeof(*cpu->hvf));
+
 /* init cpu signals */
 sigset_t set;
 struct sigaction sigact;
@@ -340,7 +344,7 @@ static int hvf_init_vcpu(CPUState *cpu)
 sigdelset(, SIG_IPI);
 pthread_sigmask(SIG_SETMASK, , NULL);
 
-r = hv_vcpu_create((hv_vcpuid_t *)>hvf_fd, HV_VCPU_DEFAULT);
+r = hv_vcpu_create((hv_vcpuid_t *)>hvf->fd, HV_VCPU_DEFAULT);
 cpu->vcpu_dirty = 1;
 assert_hvf_ok(r);
 
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 3d92c967ff..6032d8a52c 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -280,6 +280,7 @@ struct KVMState;
 struct kvm_run;
 
 struct hax_vcpu_state;
+struct hvf_vcpu_state;
 
 #define TB_JMP_CACHE_BITS 12
 #define TB_JMP_CACHE_SIZE (1 << TB_JMP_CACHE_BITS)
@@ -463,7 +464,7 @@ struct CPUState {
 
 struct hax_vcpu_state *hax_vcpu;
 
-int hvf_fd;
+struct hvf_vcpu_state *hvf;
 
 /* track IOMMUs whose translations we've cached in the TCG TLB */
 GArray *iommu_notifiers;
diff --git a/include/sysemu/hvf_int.h b/include/sysemu/hvf_int.h
index de9bad23a8..7967e33727 100644
--- a/include/sysemu/hvf_int.h
+++ b/include/sysemu/hvf_int.h
@@ -58,6 +58,10 @@ struct HVFState {
 };
 extern HVFState *hvf_state;
 
+struct hvf_vcpu_state {
+int fd;
+};
+
 void assert_hvf_ok(hv_return_t ret);
 int hvf_get_registers(CPUState *cpu);
 int hvf_put_registers(CPUState *cpu);
diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index 8b96ecd619..08b4adecd9 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -80,11 +80,11 @@ void vmx_update_tpr(CPUState *cpu)
 int tpr = cpu_get_apic_tpr(x86_cpu->apic_state) << 4;
 int irr = apic_get_highest_priority_irr(x86_cpu->apic_state);
 
-wreg(cpu->hvf_fd, HV_X86_TPR, tpr);
+wreg(cpu->hvf->fd, HV_X86_TPR, tpr);
 if (irr == -1) {
-wvmcs(cpu->hvf_fd, VMCS_TPR_THRESHOLD, 0);
+wvmcs(cpu->hvf->fd, VMCS_TPR_THRESHOLD, 0);
 } else {
-wvmcs(cpu->hvf_fd, VMCS_TPR_THRESHOLD, (irr > tpr) ? tpr >> 4 :
+wvmcs(cpu->hvf->fd, VMCS_TPR_THRESHOLD, (irr > tpr) ? tpr >> 4 :
   irr >> 4);
 }
 }
@@ -92,7 +92,7 @@ void vmx_update_tpr(CPUState *cpu)
 static void update_apic_tpr(CPUState *cpu)
 {
 X86CPU *x86_cpu = X86_CPU(cpu);
-int tpr = rreg(cpu->hvf_fd, HV_X86_TPR) >> 4;
+int tpr = rreg(cpu->hvf->fd, HV_X86_TPR) >> 4;
 cpu_set_apic_tpr(x86_cpu->apic_state, tpr);
 }
 
@@ -194,43 +194,43 @@ int hvf_arch_init_vcpu(CPUState *cpu)
 }
 
 /* set VMCS control fields */
-wvmcs(cpu->hvf_fd, VMCS_PIN_BASED_CTLS,
+wvmcs(cpu->hvf->fd, VMCS_PIN_BASED_CTLS,
   cap2ctrl(hvf_state->hvf_caps->vmx_cap_pinbased,
   VMCS_PIN_BASED_CTLS_EXTINT |
   VMCS_PIN_BASED_CTLS_NMI |
   VMCS_PIN_BASED_CTLS_VNMI));
-wvmcs(cpu->hvf_fd, VMCS_PRI_PROC_BASED_CTLS,
+wvmcs(cpu->hvf->fd, VMCS_PRI_PROC_BASED_CTLS,
   cap2ctrl(hvf_state->hvf_caps->vmx_cap_procbased,
   VMCS_PRI_PROC_BASED_CTLS_HLT |
   VMCS_PRI_PROC_BASED_CTLS_MWAIT |
   VMCS_PRI_PROC_BASED_CTLS_TSC_OFFSET |
   VMCS_PRI_PROC_BASED_CTLS_TPR_SHADOW) |
   VMCS_PRI_PROC_BASED_CTLS_SEC_CONTROL);
-wvmcs(cpu->hvf_fd, VMCS_SEC_PROC_BASED_CTLS,
+wvmcs(cpu->hvf->fd, VMCS_SEC_PROC_BASED_CTLS,
   cap2ctrl(hvf_state->hvf_caps->vmx_cap_procbased2,
VMCS_PRI_PROC_BASED2_CTLS_APIC_ACCESSES));
 
-wvmcs(cpu->hvf_fd, VMCS_ENTRY_CTLS, 
cap2ctrl(hvf_state->hvf_caps->vmx_cap_entry,
+wvmcs(cpu->hvf->fd, VMCS_ENTRY_CTLS, 
cap2ctrl(hvf_state->hvf_caps->vmx_cap_entry,
   0));
-

[PATCH v2 0/8] hvf: Implement Apple Silicon Support

[Alexander Graf]

Now that Apple Silicon is widely available, people are obviously excited
to try and run virtualized workloads on them, such as Linux and Windows.

This patch set implements a fully functional version to get the ball
going on that. With this applied, I can successfully run both Linux and
Windows as guests. I am not aware of any limitations specific to
Hypervisor.framework apart from:

  - Live migration / savevm
  - gdbstub debugging (SP register)


Enjoy!

Alex


v1 -> v2:

  - New patch: hvf: Actually set SIG_IPI mask
  - New patch: hvf: Introduce hvf vcpu struct
  - New patch: hvf: arm: Mark CPU as dirty on reset
  - Removed patch: hw/arm/virt: Disable highmem when on hypervisor.framework
  - Removed patch: arm: Synchronize CPU on PSCI on
  - Fix build on 32bit arm
  - Merge vcpu kick function patch into ARM enablement
  - Implement WFI handling (allows vCPUs to sleep)
  - Synchronize system registers (fixes OVMF crashes and reboot)
  - Don't always call cpu_synchronize_state()
  - Use more fine grained iothread locking
  - Populate aa64mmfr0 from hardware
  - Make safe to ctrl-C entitlement application

Alexander Graf (8):
  hvf: Add hypervisor entitlement to output binaries
  hvf: Move common code out
  hvf: Actually set SIG_IPI mask
  hvf: Introduce hvf vcpu struct
  arm: Set PSCI to 0.2 for HVF
  hvf: arm: Mark CPU as dirty on reset
  hvf: Add Apple Silicon support
  arm: Add Hypervisor.framework build target

 MAINTAINERS  |  14 +-
 accel/hvf/entitlements.plist |   8 +
 accel/hvf/hvf-all.c  |  56 
 accel/hvf/hvf-cpus.c | 483 
 accel/hvf/meson.build|   7 +
 accel/meson.build|   1 +
 include/hw/core/cpu.h|   3 +-
 include/sysemu/hvf_int.h |  78 +
 meson.build  |  41 ++-
 scripts/entitlement.sh   |  13 +
 target/arm/arm-powerctl.c|   1 +
 target/arm/cpu.c |   6 +
 target/arm/hvf/hvf.c | 603 +++
 target/arm/hvf/meson.build   |   3 +
 target/arm/meson.build   |   2 +
 target/i386/hvf/hvf-cpus.c   | 131 
 target/i386/hvf/hvf-cpus.h   |  25 --
 target/i386/hvf/hvf-i386.h   |  48 +--
 target/i386/hvf/hvf.c| 462 ---
 target/i386/hvf/meson.build  |   1 -
 target/i386/hvf/vmx.h|  24 +-
 target/i386/hvf/x86.c|  28 +-
 target/i386/hvf/x86_descr.c  |  26 +-
 target/i386/hvf/x86_emu.c|  62 ++--
 target/i386/hvf/x86_mmu.c|   4 +-
 target/i386/hvf/x86_task.c   |  12 +-
 target/i386/hvf/x86hvf.c | 221 ++---
 target/i386/hvf/x86hvf.h |   2 -
 28 files changed, 1557 insertions(+), 808 deletions(-)
 create mode 100644 accel/hvf/entitlements.plist
 create mode 100644 accel/hvf/hvf-all.c
 create mode 100644 accel/hvf/hvf-cpus.c
 create mode 100644 accel/hvf/meson.build
 create mode 100644 include/sysemu/hvf_int.h
 create mode 100755 scripts/entitlement.sh
 create mode 100644 target/arm/hvf/hvf.c
 create mode 100644 target/arm/hvf/meson.build
 delete mode 100644 target/i386/hvf/hvf-cpus.c
 delete mode 100644 target/i386/hvf/hvf-cpus.h

-- 
2.24.3 (Apple Git-128)

[PATCH v2 2/8] hvf: Move common code out

[Alexander Graf]

Until now, Hypervisor.framework has only been available on x86_64 systems.
With Apple Silicon shipping now, it extends its reach to aarch64. To
prepare for support for multiple architectures, let's move common code out
into its own accel directory.

Signed-off-by: Alexander Graf 
---
 MAINTAINERS |   9 +-
 accel/hvf/hvf-all.c |  56 +
 accel/hvf/hvf-cpus.c| 464 
 accel/hvf/meson.build   |   7 +
 accel/meson.build   |   1 +
 include/sysemu/hvf_int.h|  69 ++
 target/i386/hvf/hvf-cpus.c  | 131 --
 target/i386/hvf/hvf-cpus.h  |  25 --
 target/i386/hvf/hvf-i386.h  |  48 +---
 target/i386/hvf/hvf.c   | 360 +---
 target/i386/hvf/meson.build |   1 -
 target/i386/hvf/x86hvf.c|  11 +-
 target/i386/hvf/x86hvf.h|   2 -
 13 files changed, 615 insertions(+), 569 deletions(-)
 create mode 100644 accel/hvf/hvf-all.c
 create mode 100644 accel/hvf/hvf-cpus.c
 create mode 100644 accel/hvf/meson.build
 create mode 100644 include/sysemu/hvf_int.h
 delete mode 100644 target/i386/hvf/hvf-cpus.c
 delete mode 100644 target/i386/hvf/hvf-cpus.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 68bc160f41..ca4b6d9279 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -444,9 +444,16 @@ M: Cameron Esfahani 
 M: Roman Bolshakov 
 W: https://wiki.qemu.org/Features/HVF
 S: Maintained
-F: accel/stubs/hvf-stub.c
 F: target/i386/hvf/
+
+HVF
+M: Cameron Esfahani 
+M: Roman Bolshakov 
+W: https://wiki.qemu.org/Features/HVF
+S: Maintained
+F: accel/hvf/
 F: include/sysemu/hvf.h
+F: include/sysemu/hvf_int.h
 
 WHPX CPUs
 M: Sunil Muthuswamy 
diff --git a/accel/hvf/hvf-all.c b/accel/hvf/hvf-all.c
new file mode 100644
index 00..47d77a472a
--- /dev/null
+++ b/accel/hvf/hvf-all.c
@@ -0,0 +1,56 @@
+/*
+ * QEMU Hypervisor.framework support
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/error-report.h"
+#include "sysemu/hvf.h"
+#include "sysemu/hvf_int.h"
+#include "sysemu/runstate.h"
+
+#include "qemu/main-loop.h"
+#include "sysemu/accel.h"
+
+#include 
+
+bool hvf_allowed;
+HVFState *hvf_state;
+
+void assert_hvf_ok(hv_return_t ret)
+{
+if (ret == HV_SUCCESS) {
+return;
+}
+
+switch (ret) {
+case HV_ERROR:
+error_report("Error: HV_ERROR");
+break;
+case HV_BUSY:
+error_report("Error: HV_BUSY");
+break;
+case HV_BAD_ARGUMENT:
+error_report("Error: HV_BAD_ARGUMENT");
+break;
+case HV_NO_RESOURCES:
+error_report("Error: HV_NO_RESOURCES");
+break;
+case HV_NO_DEVICE:
+error_report("Error: HV_NO_DEVICE");
+break;
+case HV_UNSUPPORTED:
+error_report("Error: HV_UNSUPPORTED");
+break;
+default:
+error_report("Unknown Error");
+}
+
+abort();
+}
diff --git a/accel/hvf/hvf-cpus.c b/accel/hvf/hvf-cpus.c
new file mode 100644
index 00..4d1cca9d6e
--- /dev/null
+++ b/accel/hvf/hvf-cpus.c
@@ -0,0 +1,464 @@
+/*
+ * Copyright 2008 IBM Corporation
+ *   2008 Red Hat, Inc.
+ * Copyright 2011 Intel Corporation
+ * Copyright 2016 Veertu, Inc.
+ * Copyright 2017 The Android Open Source Project
+ *
+ * QEMU Hypervisor.framework support
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ *
+ * This file contain code under public domain from the hvdos project:
+ * https://github.com/mist64/hvdos
+ *
+ * Parts Copyright (c) 2011 NetApp, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY NETAPP, INC ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF 

[PATCH v2 5/8] arm: Set PSCI to 0.2 for HVF

[Alexander Graf]

In Hypervisor.framework, we just pass PSCI calls straight on to the QEMU 
emulation
of it. That means, if TCG is compatible with PSCI 0.2, so are we. Let's 
transpose
that fact in code too.

Signed-off-by: Alexander Graf 
---
 target/arm/cpu.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 07492e9f9a..db6f7c34ed 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1062,6 +1062,10 @@ static void arm_cpu_initfn(Object *obj)
 if (tcg_enabled()) {
 cpu->psci_version = 2; /* TCG implements PSCI 0.2 */
 }
+
+if (hvf_enabled()) {
+cpu->psci_version = 2; /* HVF uses TCG's PSCI */
+}
 }
 
 static Property arm_cpu_gt_cntfrq_property =
-- 
2.24.3 (Apple Git-128)

[PATCH v2 6/8] hvf: arm: Mark CPU as dirty on reset

[Alexander Graf]

When clearing internal state of a CPU, we should also make sure that HVF
knows about it and can push the new values down to vcpu state.

Make sure that with HVF enabled, we tell it that it should synchronize
CPU state on next entry after a reset.

This fixes PSCI handling, because now newly pushed state such as X0 and
PC on remote CPU enablement also get pushed into HVF.

Signed-off-by: Alexander Graf 
---
 target/arm/arm-powerctl.c | 1 +
 target/arm/cpu.c  | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/target/arm/arm-powerctl.c b/target/arm/arm-powerctl.c
index b75f813b40..a49a5b32e6 100644
--- a/target/arm/arm-powerctl.c
+++ b/target/arm/arm-powerctl.c
@@ -15,6 +15,7 @@
 #include "arm-powerctl.h"
 #include "qemu/log.h"
 #include "qemu/main-loop.h"
+#include "sysemu/hw_accel.h"
 
 #ifndef DEBUG_ARM_POWERCTL
 #define DEBUG_ARM_POWERCTL 0
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index db6f7c34ed..9a501ea4bd 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -411,6 +411,8 @@ static void arm_cpu_reset(DeviceState *dev)
 #ifndef CONFIG_USER_ONLY
 if (kvm_enabled()) {
 kvm_arm_reset_vcpu(cpu);
+} else if (hvf_enabled()) {
+s->vcpu_dirty = true;
 }
 #endif
 
-- 
2.24.3 (Apple Git-128)

[PATCH v2 3/8] hvf: Actually set SIG_IPI mask

[Alexander Graf]

In the hvf init function, we prepare a signal mask for SIG_IPI, but
then fail to set it. This seems to work by chance on some systems,
where SIGUSR2 is already unmasked by default. It fails however on
ARM Big Sur.

So let's set the signal mask as intended.

Signed-off-by: Alexander Graf 
---
 accel/hvf/hvf-cpus.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/accel/hvf/hvf-cpus.c b/accel/hvf/hvf-cpus.c
index 4d1cca9d6e..38559ab649 100644
--- a/accel/hvf/hvf-cpus.c
+++ b/accel/hvf/hvf-cpus.c
@@ -338,6 +338,7 @@ static int hvf_init_vcpu(CPUState *cpu)
 
 pthread_sigmask(SIG_BLOCK, NULL, );
 sigdelset(, SIG_IPI);
+pthread_sigmask(SIG_SETMASK, , NULL);
 
 r = hv_vcpu_create((hv_vcpuid_t *)>hvf_fd, HV_VCPU_DEFAULT);
 cpu->vcpu_dirty = 1;
-- 
2.24.3 (Apple Git-128)

Re: [PATCH v2] net/e1000e_core: adjust count if RDH exceeds RDT in e1000e_ring_advance()

[Jason Wang]

On 2020/11/27 下午10:49, Mauro Matteo Cascella wrote:

On Fri, Nov 27, 2020 at 6:21 AM Jason Wang  wrote:


On 2020/11/24 上午5:30, Mauro Matteo Cascella wrote:

On Thu, Nov 19, 2020 at 6:57 AM Jason Wang  wrote:

On 2020/11/18 下午4:53, Mauro Matteo Cascella wrote:

On Wed, Nov 18, 2020 at 4:56 AM Jason Wang  wrote:

On 2020/11/13 下午6:31, Mauro Matteo Cascella wrote:

The e1000e_write_packet_to_guest() function iterates over a set of
receive descriptors by advancing rx descriptor head register (RDH) from
its initial value to rx descriptor tail register (RDT). The check in
e1000e_ring_empty() is responsible for detecting whether RDH has reached
RDT, terminating the loop if that's the case. Additional checks have
been added in the past to deal with bogus values submitted by the guest
to prevent possible infinite loop. This is done by "wrapping around" RDH
at some point and detecting whether it assumes the original value during
the loop.

However, when e1000e is configured to use the packet split feature, RDH is
incremented by two instead of one, as the packet split descriptors are
32 bytes while regular descriptors are 16 bytes. A malicious or buggy
guest may set RDT to an odd value and transmit only null RX descriptors.
This corner case would prevent RDH from ever matching RDT, leading to an
infinite loop. This patch adds a check in e1000e_ring_advance() to make sure
RDH does not exceed RDT in a single incremental step, adjusting the count
value accordingly.

Can this patch solve this issue in another way?

https://patchew.org/QEMU/2020130636.2208620-1-ppan...@redhat.com/

Thanks


Yes, it does work nicely. Still, I think this patch is useful to avoid
possible inconsistent state in e1000e_ring_advance() when count > 1.

So if RDT is odd, it looks to me the following codes in
e1000e_write_packet_to_guest() needs to be fixed as well.


   base = e1000e_ring_head_descr(core, rxi);

   pci_dma_read(d, base, , core->rx_desc_len);

Otherwise e1000e may try to read out of descriptor ring.

Sorry, I'm not sure I understand what you mean. Isn't the base address
computed from RDH? How can e1000e read out of the descriptor ring if
RDT is odd?


Thanks

On Thu, Nov 19, 2020 at 6:57 AM Jason Wang  wrote:

On 2020/11/18 下午4:53, Mauro Matteo Cascella wrote:

On Wed, Nov 18, 2020 at 4:56 AM Jason Wang  wrote:

On 2020/11/13 下午6:31, Mauro Matteo Cascella wrote:

The e1000e_write_packet_to_guest() function iterates over a set of
receive descriptors by advancing rx descriptor head register (RDH) from
its initial value to rx descriptor tail register (RDT). The check in
e1000e_ring_empty() is responsible for detecting whether RDH has reached
RDT, terminating the loop if that's the case. Additional checks have
been added in the past to deal with bogus values submitted by the guest
to prevent possible infinite loop. This is done by "wrapping around" RDH
at some point and detecting whether it assumes the original value during
the loop.

However, when e1000e is configured to use the packet split feature, RDH is
incremented by two instead of one, as the packet split descriptors are
32 bytes while regular descriptors are 16 bytes. A malicious or buggy
guest may set RDT to an odd value and transmit only null RX descriptors.
This corner case would prevent RDH from ever matching RDT, leading to an
infinite loop. This patch adds a check in e1000e_ring_advance() to make sure
RDH does not exceed RDT in a single incremental step, adjusting the count
value accordingly.

Can this patch solve this issue in another way?

https://patchew.org/QEMU/2020130636.2208620-1-ppan...@redhat.com/

Thanks


Yes, it does work nicely. Still, I think this patch is useful to avoid
possible inconsistent state in e1000e_ring_advance() when count > 1.

So if RDT is odd, it looks to me the following codes in
e1000e_write_packet_to_guest() needs to be fixed as well.


   base = e1000e_ring_head_descr(core, rxi);

   pci_dma_read(d, base, , core->rx_desc_len);

Otherwise e1000e may try to read out of descriptor ring.

Thanks


Sorry, I meant RDH actually, when packet split descriptor is used, it
doesn't check whether DH exceeds DLEN?


When the packet split feature is used (i.e., count > 1) this patch
basically sets RDH=RDT in case the increment would exceed RDT.



Can software set RDH to an odd value? If not, I think we are probably fine.

Thanks



The
next iteration should detect that RDH equals RDT in
e1000e_ring_empty(), and exit the loop right before pci_dma_read(). On
the other hand RDH is set to zero if it exceeds DLEN in
e1000e_ring_advance() so we should be fine in either case, unless I'm
missing something?


Thank you for your time,
--
Mauro Matteo Cascella
Red Hat Product Security
PGP-Key ID: BB3410B0

Re: [RFC PATCH v2 0/5] eBPF RSS support for virtio-net

[Jason Wang]

On 2020/11/27 下午2:06, Yuri Benditovich wrote:



> After some experiments we can see that stripping of debug sections
> reduces the size of
> ELF from ~45K to ~20K (we tried to strip more but the libbpf
fails to
> load it, libbpf needs BTF and symbols)
> So I suggest to reevaluate the necessity of libbpf.
> For this specific BPF it does not present advantage and we
hardly can
> create some reusable code
> related to libbpf, i.e. any further BPF will need its own libbpf
wrapper.
> The BTF is really good feature and in case some later BPF will
need an
> access to kernel
> structures it will use libbpf loader.
> What you think about it?


If we can find a way to use BTF without libbpf, it should be
acceptable.

But the point is that the RSS BPF does not need the BTF as it does not 
use any kernel structures.



Kinds of, it tries to access skb. But yes, it doesn't access any 
metadata of skb.



When we have, for example, filter BPF that will need the BTF - we'll  
use libbpf for it.

Anyway we do not have here any infrastructural code related to libbpf,



Right, so I think we can probably start from a non BTF version without 
libbpf. And adding other features on top.


Thanks

[PATCH] hw/block: m25p80: Fix fast read for SST flashes

[Bin Meng]

From: Bin Meng 

SST flashes require a dummy byte after the address bits.

Signed-off-by: Bin Meng 
---

 hw/block/m25p80.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index 483925f..9b36762 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -825,6 +825,9 @@ static void decode_fast_read_cmd(Flash *s)
 s->needed_bytes = get_addr_length(s);
 switch (get_man(s)) {
 /* Dummy cycles - modeled with bytes writes instead of bits */
+case MAN_SST:
+s->needed_bytes += 1;
+break;
 case MAN_WINBOND:
 s->needed_bytes += 8;
 break;
-- 
2.7.4

Re: [PATCH 8/8] hw/arm/virt: Disable highmem when on hypervisor.framework

[Alexander Graf]

On 27.11.20 17:47, Peter Maydell wrote:

On Fri, 27 Nov 2020 at 16:38, Peter Maydell  wrote:

Having looked a bit more closely at some of the relevant target/arm
code, I think the best approach is going to be that in virt.c
we just check the PARange ID register field (probably via
a convenience function that does the conversion of that to
a nice number-of-bits return value; we might even have one
already).

Ha, in fact we're already doing something quite close to this,
though instead of saying "decide whether to use highmem based
on the CPU's PA range" we go for "report error to user if PA
range is insufficient" and let the user pick some command line
options that disable highmem if they want:

 if (aarch64 && vms->highmem) {
 int requested_pa_size = 64 - clz64(vms->highest_gpa);
 int pamax = arm_pamax(ARM_CPU(first_cpu));

 if (pamax < requested_pa_size) {
 error_report("VCPU supports less PA bits (%d) than "
  "requested by the memory map (%d)",
  pamax, requested_pa_size);
 exit(1);
 }
 }



Turns out I can sync aa64mfr0 just fine as well. So I'll just do that 
and remove this patch.



Alex

[RFC v7 22/22] cpu: introduce cpu_accel_instance_init

[Claudio Fontana]

centralize the calls to cpu->accel_cpu_interface

Signed-off-by: Claudio Fontana 
---
 hw/core/cpu.c | 9 +
 include/hw/core/cpu.h | 6 ++
 target/i386/cpu.c | 9 ++---
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/hw/core/cpu.c b/hw/core/cpu.c
index b1a495a383..c6838f171c 100644
--- a/hw/core/cpu.c
+++ b/hw/core/cpu.c
@@ -252,6 +252,15 @@ void cpu_accel_realize(CPUState *cpu, Error **errp)
 }
 }
 
+void cpu_accel_instance_init(CPUState *cpu)
+{
+CPUClass *cc = CPU_GET_CLASS(cpu);
+
+if (cc->accel_cpu_interface) {
+cc->accel_cpu_interface->cpu_instance_init(cpu);
+}
+}
+
 static void cpu_common_reset(DeviceState *dev)
 {
 CPUState *cpu = CPU(dev);
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 403f614559..4a7d82f821 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -683,6 +683,12 @@ void cpu_reset(CPUState *cpu);
  */
 void cpu_accel_realize(CPUState *cpu, Error **errp);
 
+/**
+ * cpu_accel_instance_init:
+ * @cpu: The CPU that needs to do accel-specific object initializations.
+ */
+void cpu_accel_instance_init(CPUState *cpu);
+
 /**
  * cpu_class_by_name:
  * @typename: The CPU base type.
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 485f3bc97b..40c3f7c423 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -28,7 +28,6 @@
 #include "sysemu/kvm.h"
 #include "sysemu/reset.h"
 #include "sysemu/hvf.h"
-#include "hw/core/accel-cpu.h"
 #include "sysemu/xen.h"
 #include "kvm/kvm_i386.h"
 #include "sev_i386.h"
@@ -6621,8 +6620,6 @@ static void x86_cpu_initfn(Object *obj)
 {
 X86CPU *cpu = X86_CPU(obj);
 X86CPUClass *xcc = X86_CPU_GET_CLASS(obj);
-CPUClass *cc = CPU_CLASS(xcc);
-
 CPUX86State *env = >env;
 FeatureWord w;
 
@@ -6680,10 +6677,8 @@ static void x86_cpu_initfn(Object *obj)
 x86_cpu_load_model(cpu, xcc->model);
 }
 
-/* if required, do the accelerator-specific cpu initialization */
-if (cc->accel_cpu_interface) {
-cc->accel_cpu_interface->cpu_instance_init(CPU(obj));
-}
+/* if required, do accelerator-specific cpu initializations */
+cpu_accel_instance_init(CPU(obj));
 }
 
 static int64_t x86_cpu_get_arch_id(CPUState *cs)
-- 
2.26.2

Re: [RFC PATCH-for-5.2 2/2] net: Assert no packet bigger than NET_BUFSIZE is queued

[Jason Wang]

On 2020/11/27 下午11:45, Philippe Mathieu-Daudé wrote:

Ensure no packet bigger then NET_BUFSIZE is queued via
qemu_net_queue_append*() by adding assertions.

Signed-off-by: Philippe Mathieu-Daudé 
---
  net/queue.c | 3 +++
  1 file changed, 3 insertions(+)

diff --git a/net/queue.c b/net/queue.c
index 221a1c87961..94b98b19ef9 100644
--- a/net/queue.c
+++ b/net/queue.c
@@ -102,6 +102,8 @@ static void qemu_net_queue_append(NetQueue *queue,
  if (queue->nq_count >= queue->nq_maxlen && !sent_cb) {
  return; /* drop if queue full and no callback */
  }
+
+assert(size <= NET_BUFSIZE);
  packet = g_malloc(sizeof(NetPacket) + size);
  packet->sender = sender;
  packet->flags = flags;
@@ -131,6 +133,7 @@ void qemu_net_queue_append_iov(NetQueue *queue,
  max_len += iov[i].iov_len;
  }
  
+assert(max_len <= NET_BUFSIZE);

  packet = g_malloc(sizeof(NetPacket) + max_len);
  packet->sender = sender;
  packet->sent_cb = sent_cb;



Anyway to avoid the assert here?

Thanks

[RFC v7 17/22] accel: extend AccelState and AccelClass to user-mode

[Claudio Fontana]

Signed-off-by: Claudio Fontana 
---
 MAINTAINERS|  2 +-
 accel/accel-common.c   | 50 ++
 accel/{accel.c => accel-softmmu.c} | 27 ++--
 accel/accel-user.c | 24 ++
 accel/meson.build  |  4 ++-
 accel/qtest/qtest.c|  2 +-
 accel/tcg/meson.build  |  2 +-
 accel/tcg/tcg-all.c|  7 -
 accel/xen/xen-all.c|  2 +-
 bsd-user/main.c|  7 +++--
 include/hw/boards.h|  2 +-
 include/{sysemu => qemu}/accel.h   | 14 +
 include/sysemu/hvf.h   |  2 +-
 include/sysemu/kvm.h   |  2 +-
 include/sysemu/kvm_int.h   |  2 +-
 linux-user/main.c  |  7 +++--
 softmmu/memory.c   |  2 +-
 softmmu/qtest.c|  2 +-
 softmmu/vl.c   |  2 +-
 target/i386/hax/hax-all.c  |  2 +-
 target/i386/hvf/hvf-i386.h |  2 +-
 target/i386/hvf/hvf.c  |  2 +-
 target/i386/hvf/x86_task.c |  2 +-
 target/i386/whpx/whpx-all.c|  2 +-
 24 files changed, 119 insertions(+), 53 deletions(-)
 create mode 100644 accel/accel-common.c
 rename accel/{accel.c => accel-softmmu.c} (75%)
 create mode 100644 accel/accel-user.c
 rename include/{sysemu => qemu}/accel.h (95%)

diff --git a/MAINTAINERS b/MAINTAINERS
index d876f504a6..6235dd3a9f 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -434,7 +434,7 @@ Overall
 M: Richard Henderson 
 R: Paolo Bonzini 
 S: Maintained
-F: include/sysemu/accel.h
+F: include/qemu/accel.h
 F: accel/accel.c
 F: accel/Makefile.objs
 F: accel/stubs/Makefile.objs
diff --git a/accel/accel-common.c b/accel/accel-common.c
new file mode 100644
index 00..ddec8cb5ae
--- /dev/null
+++ b/accel/accel-common.c
@@ -0,0 +1,50 @@
+/*
+ * QEMU accel class, components common to system emulation and user mode
+ *
+ * Copyright (c) 2003-2008 Fabrice Bellard
+ * Copyright (c) 2014 Red Hat Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/accel.h"
+
+static const TypeInfo accel_type = {
+.name = TYPE_ACCEL,
+.parent = TYPE_OBJECT,
+.class_size = sizeof(AccelClass),
+.instance_size = sizeof(AccelState),
+};
+
+/* Lookup AccelClass from opt_name. Returns NULL if not found */
+AccelClass *accel_find(const char *opt_name)
+{
+char *class_name = g_strdup_printf(ACCEL_CLASS_NAME("%s"), opt_name);
+AccelClass *ac = ACCEL_CLASS(object_class_by_name(class_name));
+g_free(class_name);
+return ac;
+}
+
+static void register_accel_types(void)
+{
+type_register_static(_type);
+}
+
+type_init(register_accel_types);
diff --git a/accel/accel.c b/accel/accel-softmmu.c
similarity index 75%
rename from accel/accel.c
rename to accel/accel-softmmu.c
index cb555e3b06..f89da8f9d1 100644
--- a/accel/accel.c
+++ b/accel/accel-softmmu.c
@@ -1,5 +1,5 @@
 /*
- * QEMU System Emulator, accelerator interfaces
+ * QEMU accel class, system emulation components
  *
  * Copyright (c) 2003-2008 Fabrice Bellard
  * Copyright (c) 2014 Red Hat Inc.
@@ -24,28 +24,12 @@
  */
 
 #include "qemu/osdep.h"
-#include "sysemu/accel.h"
+#include "qemu/accel.h"
 #include "hw/boards.h"
 #include "sysemu/arch_init.h"
 #include "sysemu/sysemu.h"
 #include "qom/object.h"
 
-static const TypeInfo accel_type = {
-.name = TYPE_ACCEL,
-.parent = TYPE_OBJECT,
-.class_size = sizeof(AccelClass),
-.instance_size = sizeof(AccelState),
-};
-
-/* Lookup AccelClass from opt_name. Returns NULL if not found */
-AccelClass *accel_find(const char *opt_name)
-{
-char *class_name = g_strdup_printf(ACCEL_CLASS_NAME("%s"), opt_name);
-AccelClass *ac = ACCEL_CLASS(object_class_by_name(class_name));
-g_free(class_name);
-return ac;
-}
-
 int accel_init_machine(AccelState *accel, MachineState *ms)
 {
 AccelClass *acc = 

[RFC v7 21/22] cpu-exec: refactor realizefn for all targets

[Claudio Fontana]

cpu_exec_realizefn and cpu_exec_unrealizefn are
TCG-only stuff, related to accel/tcg/cpu-exec.c

Introduce cpu_accel_realize to call it (for tcg-only),
and to call the other accel-specific arch-specific
realize functions if any are registered.

The only part that is not TCG-specific is common code
that should go in common_cpu_ code (hw/core/cpu.c)
base realizefn and unrealizefn (cpu_list_add, cpu_list_remove).

calls to cpu_exec_realizefn need not happen in each target
target/XXX/cpu.c, these calls can be centralized,
as part of the acceleration cpu interface,

and the call to qemu_init_vcpu can also be done in the
common cpu code.

The target/XXX/cpu.c realizefn body is now:

void mycpu_realizefn(DeviceState *dev, Error **errp)
{
/* ... */
cpu_accel_realize(CPU_STATE(dev), errp);

/* ... anything that needs done pre-qemu_vcpu_init */

scc->parent_realize(dev, errp); /* does qemu_vcpu_init */

/* ... anything that needs to be done after qemu_vcpu_init */
}

Note: better do some testing for all targets for this.

Signed-off-by: Claudio Fontana 
---
 accel/tcg/cpu-exec.c| 48 +
 cpu.c   | 53 +++--
 hw/core/cpu.c   | 22 ++
 include/exec/cpu-all.h  |  4 +++
 include/hw/core/cpu.h   | 12 
 target/alpha/cpu.c  |  5 +---
 target/arm/cpu.c|  6 ++--
 target/avr/cpu.c|  5 ++--
 target/cris/cpu.c   |  4 +--
 target/hppa/cpu.c   |  3 +-
 target/i386/cpu.c   | 20 -
 target/lm32/cpu.c   |  5 +---
 target/m68k/cpu.c   |  4 +--
 target/microblaze/cpu.c |  9 ++
 target/mips/cpu.c   |  4 +--
 target/moxie/cpu.c  |  6 ++--
 target/nios2/cpu.c  |  6 ++--
 target/openrisc/cpu.c   |  6 ++--
 target/ppc/translate_init.c.inc |  7 ++---
 target/riscv/cpu.c  | 10 +++
 target/rx/cpu.c | 10 +++
 target/s390x/cpu.c  |  5 ++--
 target/sh4/cpu.c|  4 +--
 target/sparc/cpu.c  |  6 ++--
 target/tilegx/cpu.c |  4 +--
 target/tricore/cpu.c|  4 +--
 target/unicore32/cpu.c  |  6 +---
 target/xtensa/cpu.c |  4 +--
 28 files changed, 134 insertions(+), 148 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index bd4ff224ee..24cd18f81b 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -40,6 +40,8 @@
 #include "exec/cpu-all.h"
 #include "sysemu/cpu-timers.h"
 #include "sysemu/replay.h"
+#include "migration/vmstate.h"
+#include "sysemu/tcg.h"
 
 /* -icount align implementation. */
 
@@ -801,6 +803,52 @@ int cpu_exec(CPUState *cpu)
 return ret;
 }
 
+void cpu_exec_realizefn(CPUState *cpu, Error **errp)
+{
+static bool tcg_target_initialized;
+CPUClass *cc = CPU_GET_CLASS(cpu);
+
+if (tcg_enabled() && !tcg_target_initialized) {
+tcg_target_initialized = true;
+cc->tcg_ops.initialize();
+}
+tlb_init(cpu);
+
+qemu_plugin_vcpu_init_hook(cpu);
+
+#ifdef CONFIG_USER_ONLY
+assert(cc->vmsd == NULL);
+#else /* !CONFIG_USER_ONLY */
+if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
+vmstate_register(NULL, cpu->cpu_index, _cpu_common, cpu);
+}
+if (cc->vmsd != NULL) {
+vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
+}
+
+tcg_iommu_init_notifier_list(cpu);
+#endif /* CONFIG_USER_ONLY */
+}
+
+void cpu_exec_unrealizefn(CPUState *cpu)
+{
+CPUClass *cc = CPU_GET_CLASS(cpu);
+
+tlb_destroy(cpu);
+
+#ifdef CONFIG_USER_ONLY
+assert(cc->vmsd == NULL);
+#else
+if (cc->vmsd != NULL) {
+vmstate_unregister(NULL, cc->vmsd, cpu);
+}
+if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
+vmstate_unregister(NULL, _cpu_common, cpu);
+}
+tcg_iommu_free_notifier_list(cpu);
+#endif
+}
+
 #ifndef CONFIG_USER_ONLY
 
 void dump_drift_info(void)
diff --git a/cpu.c b/cpu.c
index d02c2a17f1..a366c10181 100644
--- a/cpu.c
+++ b/cpu.c
@@ -124,26 +124,6 @@ const VMStateDescription vmstate_cpu_common = {
 };
 #endif
 
-void cpu_exec_unrealizefn(CPUState *cpu)
-{
-CPUClass *cc = CPU_GET_CLASS(cpu);
-
-tlb_destroy(cpu);
-cpu_list_remove(cpu);
-
-#ifdef CONFIG_USER_ONLY
-assert(cc->vmsd == NULL);
-#else
-if (cc->vmsd != NULL) {
-vmstate_unregister(NULL, cc->vmsd, cpu);
-}
-if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
-vmstate_unregister(NULL, _cpu_common, cpu);
-}
-tcg_iommu_free_notifier_list(cpu);
-#endif
-}
-
 Property cpu_common_props[] = {
 #ifndef CONFIG_USER_ONLY
 /* Create a memory property for softmmu CPU object,
@@ -159,6 +139,10 @@ Property cpu_common_props[] = {
 DEFINE_PROP_END_OF_LIST(),
 };
 
+/*
+ * this code needs to be here instead of just in hw/core/cpu.c,
+ * because there we cannot really use CONFIG_USER_ONLY
+ */
 

Re: [PATCH 6/8] hvf: Use OS provided vcpu kick function

[Alexander Graf]

On 26.11.20 23:18, Eduardo Habkost wrote:

On Thu, Nov 26, 2020 at 10:50:15PM +0100, Alexander Graf wrote:

When kicking another vCPU, we get an OS function that explicitly does that for 
us
on Apple Silicon. That works better than the current signaling logic, let's make
use of it there.

Signed-off-by: Alexander Graf 
---
  accel/hvf/hvf-cpus.c | 12 
  1 file changed, 12 insertions(+)

diff --git a/accel/hvf/hvf-cpus.c b/accel/hvf/hvf-cpus.c
index b9f674478d..74a272d2e8 100644
--- a/accel/hvf/hvf-cpus.c
+++ b/accel/hvf/hvf-cpus.c
@@ -418,8 +418,20 @@ static void hvf_start_vcpu_thread(CPUState *cpu)
 cpu, QEMU_THREAD_JOINABLE);
  }
  
+#ifdef __aarch64__

+static void hvf_kick_vcpu_thread(CPUState *cpu)
+{
+if (!qemu_cpu_is_self(cpu)) {
+hv_vcpus_exit(>hvf_fd, 1);
+}
+}
+#endif
+
  static const CpusAccel hvf_cpus = {
  .create_vcpu_thread = hvf_start_vcpu_thread,
+#ifdef __aarch64__
+.kick_vcpu_thread = hvf_kick_vcpu_thread,
+#endif

Interesting.  We have considered the possibility of adding
arch-specific TYPE_ACCEL subclasses when discussing Claudio's,
series.  Here we have another arch-specific hack that could be
avoided if we had a TYPE_ARM_HVF_ACCEL QOM class.



I don't think that's necessary in this case. I don't see how you could 
ever have aarch64 and x86 HVF backends compiled into the same binary. 
The header files even have a lot of #ifdef's.


Either way, I've changed it to a weak function in v2. That way it's a 
bit easier to read.



Alex

[RFC v7 15/22] cpu: Move tlb_fill to tcg_ops

[Claudio Fontana]

From: Eduardo Habkost 

Signed-off-by: Eduardo Habkost 
---
 accel/tcg/cputlb.c  |  6 +++---
 accel/tcg/user-exec.c   |  6 +++---
 include/hw/core/cpu.h   |  9 -
 include/hw/core/tcg-cpu-ops.h   | 12 
 target/alpha/cpu.c  |  2 +-
 target/arm/cpu.c|  2 +-
 target/avr/cpu.c|  2 +-
 target/cris/cpu.c   |  2 +-
 target/hppa/cpu.c   |  2 +-
 target/i386/tcg-cpu.c   |  2 +-
 target/lm32/cpu.c   |  2 +-
 target/m68k/cpu.c   |  2 +-
 target/microblaze/cpu.c |  2 +-
 target/mips/cpu.c   |  2 +-
 target/moxie/cpu.c  |  2 +-
 target/nios2/cpu.c  |  2 +-
 target/openrisc/cpu.c   |  2 +-
 target/ppc/translate_init.c.inc |  2 +-
 target/riscv/cpu.c  |  2 +-
 target/rx/cpu.c |  2 +-
 target/s390x/cpu.c  |  2 +-
 target/sh4/cpu.c|  2 +-
 target/sparc/cpu.c  |  2 +-
 target/tilegx/cpu.c |  2 +-
 target/tricore/cpu.c|  2 +-
 target/unicore32/cpu.c  |  2 +-
 target/xtensa/cpu.c |  2 +-
 27 files changed, 41 insertions(+), 38 deletions(-)

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 42ab79c1a5..2dc71b5528 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1286,7 +1286,7 @@ static void tlb_fill(CPUState *cpu, target_ulong addr, 
int size,
  * This is not a probe, so only valid return is success; failure
  * should result in exception + longjmp to the cpu loop.
  */
-ok = cc->tlb_fill(cpu, addr, size, access_type, mmu_idx, false, retaddr);
+ok = cc->tcg_ops.tlb_fill(cpu, addr, size, access_type, mmu_idx, false, 
retaddr);
 assert(ok);
 }
 
@@ -1557,8 +1557,8 @@ static int probe_access_internal(CPUArchState *env, 
target_ulong addr,
 CPUState *cs = env_cpu(env);
 CPUClass *cc = CPU_GET_CLASS(cs);
 
-if (!cc->tlb_fill(cs, addr, fault_size, access_type,
-  mmu_idx, nonfault, retaddr)) {
+if (!cc->tcg_ops.tlb_fill(cs, addr, fault_size, access_type,
+  mmu_idx, nonfault, retaddr)) {
 /* Non-faulting page table read failed.  */
 *phost = NULL;
 return TLB_INVALID_MASK;
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index 4ebe25461a..7f53992251 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -186,7 +186,7 @@ static inline int handle_cpu_signal(uintptr_t pc, siginfo_t 
*info,
 clear_helper_retaddr();
 
 cc = CPU_GET_CLASS(cpu);
-cc->tlb_fill(cpu, address, 0, access_type, MMU_USER_IDX, false, pc);
+cc->tcg_ops.tlb_fill(cpu, address, 0, access_type, MMU_USER_IDX, false, 
pc);
 g_assert_not_reached();
 }
 
@@ -216,8 +216,8 @@ static int probe_access_internal(CPUArchState *env, 
target_ulong addr,
 } else {
 CPUState *cpu = env_cpu(env);
 CPUClass *cc = CPU_GET_CLASS(cpu);
-cc->tlb_fill(cpu, addr, fault_size, access_type,
- MMU_USER_IDX, false, ra);
+cc->tcg_ops.tlb_fill(cpu, addr, fault_size, access_type,
+ MMU_USER_IDX, false, ra);
 g_assert_not_reached();
 }
 }
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 538f3e6cd3..67cc147aae 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -110,12 +110,6 @@ struct TranslationBlock;
  *   If the target behaviour here is anything other than "set
  *   the PC register to the value passed in" then the target must
  *   also implement the synchronize_from_tb hook.
- * @tlb_fill: Callback for handling a softmmu tlb miss or user-only
- *   address fault.  For system mode, if the access is valid, call
- *   tlb_set_page and return true; if the access is invalid, and
- *   probe is true, return false; otherwise raise an exception and
- *   do not return.  For user-only mode, always raise an exception
- *   and do not return.
  * @get_phys_page_debug: Callback for obtaining a physical address.
  * @get_phys_page_attrs_debug: Callback for obtaining a physical address and 
the
  *   associated memory transaction attributes to use for the access.
@@ -183,9 +177,6 @@ struct CPUClass {
 void (*get_memory_mapping)(CPUState *cpu, MemoryMappingList *list,
Error **errp);
 void (*set_pc)(CPUState *cpu, vaddr value);
-bool (*tlb_fill)(CPUState *cpu, vaddr address, int size,
- MMUAccessType access_type, int mmu_idx,
- bool probe, uintptr_t retaddr);
 hwaddr (*get_phys_page_debug)(CPUState *cpu, vaddr addr);
 hwaddr (*get_phys_page_attrs_debug)(CPUState *cpu, vaddr addr,
 MemTxAttrs *attrs);
diff --git 

[RFC v7 18/22] accel: replace struct CpusAccel with AccelOpsClass

[Claudio Fontana]

centralize the registration of the cpus.c module
accelerator operations in accel/accel-softmmu.c

Signed-off-by: Claudio Fontana 
---
 MAINTAINERS  |  3 ++-
 accel/accel-common.c | 11 +
 accel/accel-softmmu.c| 43 +++---
 accel/accel-softmmu.h| 15 
 accel/kvm/kvm-all.c  |  2 --
 accel/kvm/kvm-cpus.c | 26 -
 accel/kvm/kvm-cpus.h |  2 --
 accel/qtest/qtest.c  | 23 +-
 accel/tcg/tcg-all.c  | 14 ---
 accel/tcg/tcg-cpus-icount.c  | 11 +
 accel/tcg/tcg-cpus-icount.h  |  2 ++
 accel/tcg/tcg-cpus-mttcg.c   | 12 +++---
 accel/tcg/tcg-cpus-mttcg.h   | 19 +++
 accel/tcg/tcg-cpus-rr.c  |  7 --
 accel/tcg/tcg-cpus.c | 43 ++
 accel/tcg/tcg-cpus.h |  4 
 accel/xen/xen-all.c  | 22 --
 bsd-user/main.c  |  3 ++-
 include/qemu/accel.h |  2 ++
 include/sysemu/accel-ops.h   | 45 
 include/sysemu/cpus.h| 26 -
 linux-user/main.c|  1 +
 softmmu/cpus.c   | 12 +-
 softmmu/vl.c |  8 +--
 target/i386/hax/hax-all.c|  3 ---
 target/i386/hax/hax-cpus.c   | 29 +--
 target/i386/hax/hax-cpus.h   |  2 --
 target/i386/hvf/hvf-cpus.c   | 27 +-
 target/i386/hvf/hvf-cpus.h   |  2 --
 target/i386/hvf/hvf.c|  1 -
 target/i386/whpx/whpx-all.c  |  2 --
 target/i386/whpx/whpx-cpus.c | 29 +--
 target/i386/whpx/whpx-cpus.h |  2 --
 33 files changed, 320 insertions(+), 133 deletions(-)
 create mode 100644 accel/accel-softmmu.h
 create mode 100644 accel/tcg/tcg-cpus-mttcg.h
 create mode 100644 include/sysemu/accel-ops.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 6235dd3a9f..8f0e773a47 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -435,7 +435,8 @@ M: Richard Henderson 
 R: Paolo Bonzini 
 S: Maintained
 F: include/qemu/accel.h
-F: accel/accel.c
+F: include/sysemu/accel-ops.h
+F: accel/accel-*.c
 F: accel/Makefile.objs
 F: accel/stubs/Makefile.objs
 
diff --git a/accel/accel-common.c b/accel/accel-common.c
index ddec8cb5ae..3910b7dbe0 100644
--- a/accel/accel-common.c
+++ b/accel/accel-common.c
@@ -26,6 +26,10 @@
 #include "qemu/osdep.h"
 #include "qemu/accel.h"
 
+#ifndef CONFIG_USER_ONLY
+#include "accel-softmmu.h"
+#endif /* !CONFIG_USER_ONLY */
+
 static const TypeInfo accel_type = {
 .name = TYPE_ACCEL,
 .parent = TYPE_OBJECT,
@@ -42,6 +46,13 @@ AccelClass *accel_find(const char *opt_name)
 return ac;
 }
 
+void accel_init_interfaces(AccelClass *ac, const char *cpu_type)
+{
+#ifndef CONFIG_USER_ONLY
+accel_init_ops_interfaces(ac);
+#endif /* !CONFIG_USER_ONLY */
+}
+
 static void register_accel_types(void)
 {
 type_register_static(_type);
diff --git a/accel/accel-softmmu.c b/accel/accel-softmmu.c
index f89da8f9d1..2d15d3f2f4 100644
--- a/accel/accel-softmmu.c
+++ b/accel/accel-softmmu.c
@@ -26,9 +26,9 @@
 #include "qemu/osdep.h"
 #include "qemu/accel.h"
 #include "hw/boards.h"
-#include "sysemu/arch_init.h"
-#include "sysemu/sysemu.h"
-#include "qom/object.h"
+#include "sysemu/cpus.h"
+
+#include "accel-softmmu.h"
 
 int accel_init_machine(AccelState *accel, MachineState *ms)
 {
@@ -60,3 +60,40 @@ void accel_setup_post(MachineState *ms)
 acc->setup_post(ms, accel);
 }
 }
+
+/* initialize the arch-independent accel operation interfaces */
+void accel_init_ops_interfaces(AccelClass *ac)
+{
+const char *ac_name;
+char *ops_name;
+AccelOpsClass *ops;
+
+ac_name = object_class_get_name(OBJECT_CLASS(ac));
+g_assert(ac_name != NULL);
+
+ops_name = g_strdup_printf("%s" ACCEL_OPS_SUFFIX, ac_name);
+ops = ACCEL_OPS_CLASS(object_class_by_name(ops_name));
+g_free(ops_name);
+
+/*
+ * all accelerators need to define ops, providing at least a mandatory
+ * non-NULL create_vcpu_thread operation.
+ */
+g_assert(ops != NULL);
+if (ops->ops_init) {
+ops->ops_init(ops);
+}
+cpus_register_accel(ops);
+}
+
+static const TypeInfo accel_ops_type_info = {
+.name = TYPE_ACCEL_OPS,
+.parent = TYPE_OBJECT,
+.abstract = true,
+.class_size = sizeof(AccelOpsClass),
+};
+static void accel_softmmu_register_types(void)
+{
+type_register_static(_ops_type_info);
+}
+type_init(accel_softmmu_register_types);
diff --git a/accel/accel-softmmu.h b/accel/accel-softmmu.h
new file mode 100644
index 00..2877b5c234
--- /dev/null
+++ b/accel/accel-softmmu.h
@@ -0,0 +1,15 @@
+/*
+ * QEMU System Emulation accel internal functions
+ *
+ * Copyright 2020 SUSE LLC
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef ACCEL_SOFTMMU_H
+#define ACCEL_SOFTMMU_H
+
+void 

[RFC v7 11/22] cpu: Remove unnecessary noop methods

[Claudio Fontana]

From: Eduardo Habkost 

Signed-off-by: Eduardo Habkost 
---
 hw/core/cpu.c | 13 -
 1 file changed, 13 deletions(-)

diff --git a/hw/core/cpu.c b/hw/core/cpu.c
index 576fa1d7ba..994a12cb35 100644
--- a/hw/core/cpu.c
+++ b/hw/core/cpu.c
@@ -199,15 +199,6 @@ static bool cpu_common_virtio_is_big_endian(CPUState *cpu)
 return target_words_bigendian();
 }
 
-static void cpu_common_noop(CPUState *cpu)
-{
-}
-
-static bool cpu_common_exec_interrupt(CPUState *cpu, int int_req)
-{
-return false;
-}
-
 #if !defined(CONFIG_USER_ONLY)
 GuestPanicInformation *cpu_get_crash_info(CPUState *cpu)
 {
@@ -410,11 +401,7 @@ static void cpu_class_init(ObjectClass *klass, void *data)
 k->gdb_read_register = cpu_common_gdb_read_register;
 k->gdb_write_register = cpu_common_gdb_write_register;
 k->virtio_is_big_endian = cpu_common_virtio_is_big_endian;
-k->debug_excp_handler = cpu_common_noop;
 k->debug_check_watchpoint = cpu_common_debug_check_watchpoint;
-k->cpu_exec_enter = cpu_common_noop;
-k->cpu_exec_exit = cpu_common_noop;
-k->cpu_exec_interrupt = cpu_common_exec_interrupt;
 k->adjust_watchpoint_address = cpu_adjust_watchpoint_address;
 set_bit(DEVICE_CATEGORY_CPU, dc->categories);
 dc->realize = cpu_common_realizefn;
-- 
2.26.2

Re: [RFC PATCH-for-5.2 1/2] net: Do not accept packets bigger then NET_BUFSIZE

[Jason Wang]

On 2020/11/27 下午11:45, Philippe Mathieu-Daudé wrote:

Do not allow qemu_send_packet*() and qemu_net_queue_send()
functions to accept packets bigger then NET_BUFSIZE.

Signed-off-by: Philippe Mathieu-Daudé 
---
We have to put a limit somewhere. NET_BUFSIZE is defined as:

  /* Maximum GSO packet size (64k) plus plenty of room for
   * the ethernet and virtio_net headers
   */
  #define NET_BUFSIZE (4096 + 65536)

If we do want to accept bigger packets (i.e. multiple GSO packets
in a IOV), we could use INT32_MAX as limit...



This looks like a complaint for:

commit 25c01bd19d0e4b66f357618aeefda1ef7a41e21a
Author: Jason Wang 
Date:   Tue Dec 4 11:53:43 2018 +0800

    net: drop too large packet early

which only fixes the iov version of the function.

If you don't see any real bug, I suggest to merge the fix in next release.

Thanks



---
  net/net.c   | 4 
  net/queue.c | 4 
  2 files changed, 8 insertions(+)

diff --git a/net/net.c b/net/net.c
index 6a2c3d95670..f29bfac2b11 100644
--- a/net/net.c
+++ b/net/net.c
@@ -644,6 +644,10 @@ static ssize_t 
qemu_send_packet_async_with_flags(NetClientState *sender,
  qemu_hexdump(stdout, "net", buf, size);
  #endif
  
+if (size > NET_BUFSIZE) {

+return -1;
+}
+
  if (sender->link_down || !sender->peer) {
  return size;
  }
diff --git a/net/queue.c b/net/queue.c
index 19e32c80fda..221a1c87961 100644
--- a/net/queue.c
+++ b/net/queue.c
@@ -191,6 +191,10 @@ ssize_t qemu_net_queue_send(NetQueue *queue,
  {
  ssize_t ret;
  
+if (size > NET_BUFSIZE) {

+return -1;
+}
+
  if (queue->delivering || !qemu_can_send_packet(sender)) {
  qemu_net_queue_append(queue, sender, flags, data, size, sent_cb);
  return 0;

[RFC v7 10/22] tcg: Make CPUClass.debug_excp_handler optional

[Claudio Fontana]

From: Eduardo Habkost 

Signed-off-by: Eduardo Habkost 
---
 accel/tcg/cpu-exec.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 890b88861a..64cba89356 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -482,7 +482,9 @@ static inline void cpu_handle_debug_exception(CPUState *cpu)
 }
 }
 
-cc->debug_excp_handler(cpu);
+if (cc->debug_excp_handler) {
+cc->debug_excp_handler(cpu);
+}
 }
 
 static inline bool cpu_handle_exception(CPUState *cpu, int *ret)
-- 
2.26.2

[RFC v7 07/22] i386: move TCG cpu class initialization out of helper.c

[Claudio Fontana]

Signed-off-by: Claudio Fontana 
---
 target/i386/cpu.c |  33 --
 target/i386/cpu.h |  97 ++---
 target/i386/helper-tcg.h  | 112 ++
 target/i386/helper.c  |  23 ---
 target/i386/meson.build   |   1 +
 target/i386/tcg-cpu.c |  71 +
 target/i386/tcg-cpu.h |  15 +
 target/i386/tcg/bpt_helper.c  |   1 +
 target/i386/tcg/cc_helper.c   |   1 +
 target/i386/tcg/excp_helper.c |   1 +
 target/i386/tcg/fpu_helper.c  |  33 +-
 target/i386/tcg/int_helper.c  |   1 +
 target/i386/tcg/mem_helper.c  |   1 +
 target/i386/tcg/misc_helper.c |   1 +
 target/i386/tcg/mpx_helper.c  |   1 +
 target/i386/tcg/seg_helper.c  |   1 +
 target/i386/tcg/smm_helper.c  |   2 +
 target/i386/tcg/svm_helper.c  |   1 +
 target/i386/tcg/translate.c   |   1 +
 19 files changed, 244 insertions(+), 153 deletions(-)
 create mode 100644 target/i386/helper-tcg.h
 create mode 100644 target/i386/tcg-cpu.c
 create mode 100644 target/i386/tcg-cpu.h

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index b9bd249c8f..3462d0143f 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -24,6 +24,8 @@
 #include "qemu/qemu-print.h"
 
 #include "cpu.h"
+#include "tcg-cpu.h"
+#include "helper-tcg.h"
 #include "exec/exec-all.h"
 #include "sysemu/kvm.h"
 #include "sysemu/reset.h"
@@ -1495,7 +1497,8 @@ static inline uint64_t x86_cpu_xsave_components(X86CPU 
*cpu)
cpu->env.features[FEAT_XSAVE_COMP_LO];
 }
 
-const char *get_register_name_32(unsigned int reg)
+/* Return name of 32-bit register, from a R_* constant */
+static const char *get_register_name_32(unsigned int reg)
 {
 if (reg >= CPU_NB_REGS32) {
 return NULL;
@@ -7012,13 +7015,6 @@ static void x86_cpu_set_pc(CPUState *cs, vaddr value)
 cpu->env.eip = value;
 }
 
-static void x86_cpu_synchronize_from_tb(CPUState *cs, TranslationBlock *tb)
-{
-X86CPU *cpu = X86_CPU(cs);
-
-cpu->env.eip = tb->pc - tb->cs_base;
-}
-
 int x86_cpu_pending_interrupt(CPUState *cs, int interrupt_request)
 {
 X86CPU *cpu = X86_CPU(cs);
@@ -7252,17 +7248,18 @@ static void x86_cpu_common_class_init(ObjectClass *oc, 
void *data)
 cc->class_by_name = x86_cpu_class_by_name;
 cc->parse_features = x86_cpu_parse_featurestr;
 cc->has_work = x86_cpu_has_work;
+
 #ifdef CONFIG_TCG
-cc->do_interrupt = x86_cpu_do_interrupt;
-cc->cpu_exec_interrupt = x86_cpu_exec_interrupt;
-#endif
+tcg_cpu_common_class_init(cc);
+#endif /* CONFIG_TCG */
+
 cc->dump_state = x86_cpu_dump_state;
 cc->set_pc = x86_cpu_set_pc;
-cc->synchronize_from_tb = x86_cpu_synchronize_from_tb;
 cc->gdb_read_register = x86_cpu_gdb_read_register;
 cc->gdb_write_register = x86_cpu_gdb_write_register;
 cc->get_arch_id = x86_cpu_get_arch_id;
 cc->get_paging_enabled = x86_cpu_get_paging_enabled;
+
 #ifndef CONFIG_USER_ONLY
 cc->asidx_from_attrs = x86_asidx_from_attrs;
 cc->get_memory_mapping = x86_cpu_get_memory_mapping;
@@ -7273,7 +7270,8 @@ static void x86_cpu_common_class_init(ObjectClass *oc, 
void *data)
 cc->write_elf32_note = x86_cpu_write_elf32_note;
 cc->write_elf32_qemunote = x86_cpu_write_elf32_qemunote;
 cc->vmsd = _x86_cpu;
-#endif
+#endif /* !CONFIG_USER_ONLY */
+
 cc->gdb_arch_name = x86_gdb_arch_name;
 #ifdef TARGET_X86_64
 cc->gdb_core_xml_file = "i386-64bit.xml";
@@ -7281,15 +7279,6 @@ static void x86_cpu_common_class_init(ObjectClass *oc, 
void *data)
 #else
 cc->gdb_core_xml_file = "i386-32bit.xml";
 cc->gdb_num_core_regs = 50;
-#endif
-#if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY)
-cc->debug_excp_handler = breakpoint_handler;
-#endif
-cc->cpu_exec_enter = x86_cpu_exec_enter;
-cc->cpu_exec_exit = x86_cpu_exec_exit;
-#ifdef CONFIG_TCG
-cc->tcg_initialize = tcg_x86_init;
-cc->tlb_fill = x86_cpu_tlb_fill;
 #endif
 cc->disas_set_info = x86_disas_set_info;
 
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index d6ed45c5d7..a0d64613dc 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -31,9 +31,6 @@
 
 #define KVM_HAVE_MCE_INJECTION 1
 
-/* Maximum instruction code size */
-#define TARGET_MAX_INSN_SIZE 16
-
 /* support for self modifying code even if the modified instruction is
close to the modifying instruction */
 #define TARGET_HAS_PRECISE_SMC
@@ -1037,6 +1034,12 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS];
  * using this information. Condition codes are not generated if they
  * are only needed for conditional branches.
  */
+
+#define CC_DST  (env->cc_dst)
+#define CC_SRC  (env->cc_src)
+#define CC_SRC2 (env->cc_src2)
+#define CC_OP   (env->cc_op)
+
 typedef enum {
 CC_OP_DYNAMIC, /* must use dynamic code to get cc_op */
 CC_OP_EFLAGS,  /* all cc are explicitly computed, CC_SRC = flags */
@@ -1765,12 +1768,6 @@ struct X86CPU {
 extern VMStateDescription vmstate_x86_cpu;
 #endif
 
-/**
- * x86_cpu_do_interrupt:
- * @cpu: 

[RFC v7 20/22] i386: split cpu accelerators from cpu.c, using AccelCPUClass

[Claudio Fontana]

i386 is the first user of AccelCPUClass, allowing to split
cpu.c into:

cpu.ccpuid and common x86 cpu functionality
host-cpu.c   host x86 cpu functions and "host" cpu type
kvm/cpu.cKVM x86 AccelCPUClass
hvf/cpu.cHVF x86 AccelCPUClass
tcg/cpu.cTCG x86 AccelCPUClass

Signed-off-by: Claudio Fontana 
---
 MAINTAINERS |   2 +-
 hw/i386/pc_piix.c   |   1 +
 target/i386/cpu.c   | 386 
 target/i386/cpu.h   |  20 +-
 target/i386/host-cpu.c  | 198 ++
 target/i386/host-cpu.h  |  19 ++
 target/i386/hvf/cpu.c   |  65 ++
 target/i386/hvf/meson.build |   1 +
 target/i386/kvm/cpu.c   | 148 ++
 target/i386/kvm/kvm-cpu.h   |  41 
 target/i386/kvm/kvm.c   |   3 +-
 target/i386/kvm/meson.build |   7 +-
 target/i386/meson.build |   8 +-
 target/i386/tcg-cpu.c   |  71 ---
 target/i386/tcg-cpu.h   |  15 --
 target/i386/tcg/cpu.c   | 173 
 target/i386/tcg/meson.build |   3 +-
 17 files changed, 711 insertions(+), 450 deletions(-)
 create mode 100644 target/i386/host-cpu.c
 create mode 100644 target/i386/host-cpu.h
 create mode 100644 target/i386/hvf/cpu.c
 create mode 100644 target/i386/kvm/cpu.c
 create mode 100644 target/i386/kvm/kvm-cpu.h
 delete mode 100644 target/i386/tcg-cpu.c
 delete mode 100644 target/i386/tcg-cpu.h
 create mode 100644 target/i386/tcg/cpu.c

diff --git a/MAINTAINERS b/MAINTAINERS
index f084d73f6b..4f3f1e8b18 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -337,7 +337,7 @@ M: Paolo Bonzini 
 M: Richard Henderson 
 M: Eduardo Habkost 
 S: Maintained
-F: target/i386/
+F: target/i386/tcg/
 F: tests/tcg/i386/
 F: tests/tcg/x86_64/
 F: hw/i386/
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 13d1628f13..d3f013f3a1 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -64,6 +64,7 @@
 #include "hw/hyperv/vmbus-bridge.h"
 #include "hw/mem/nvdimm.h"
 #include "hw/i386/acpi-build.h"
+#include "kvm/kvm-cpu.h"
 
 #define MAX_IDE_BUS 2
 
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 3462d0143f..27fba3b003 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -22,37 +22,24 @@
 #include "qemu/cutils.h"
 #include "qemu/bitops.h"
 #include "qemu/qemu-print.h"
-
 #include "cpu.h"
-#include "tcg-cpu.h"
 #include "helper-tcg.h"
 #include "exec/exec-all.h"
 #include "sysemu/kvm.h"
 #include "sysemu/reset.h"
 #include "sysemu/hvf.h"
-#include "sysemu/cpus.h"
+#include "hw/core/accel-cpu.h"
 #include "sysemu/xen.h"
 #include "kvm/kvm_i386.h"
 #include "sev_i386.h"
-
-#include "qemu/error-report.h"
 #include "qemu/module.h"
-#include "qemu/option.h"
-#include "qemu/config-file.h"
-#include "qapi/error.h"
 #include "qapi/qapi-visit-machine.h"
 #include "qapi/qapi-visit-run-state.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qerror.h"
-#include "qapi/visitor.h"
 #include "qom/qom-qobject.h"
-#include "sysemu/arch_init.h"
 #include "qapi/qapi-commands-machine-target.h"
-
 #include "standard-headers/asm-x86/kvm_para.h"
-
-#include "sysemu/sysemu.h"
-#include "sysemu/tcg.h"
 #include "hw/qdev-properties.h"
 #include "hw/i386/topology.h"
 #ifndef CONFIG_USER_ONLY
@@ -594,8 +581,8 @@ static CPUCacheInfo legacy_l3_cache = {
 #define INTEL_PT_CYCLE_BITMAP0x1fff /* Support 0,2^(0~11) */
 #define INTEL_PT_PSB_BITMAP  (0x003f << 16) /* Support 
2K,4K,8K,16K,32K,64K */
 
-static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
- uint32_t vendor2, uint32_t vendor3)
+void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
+  uint32_t vendor2, uint32_t vendor3)
 {
 int i;
 for (i = 0; i < 4; i++) {
@@ -1563,25 +1550,6 @@ void host_cpuid(uint32_t function, uint32_t count,
 *edx = vec[3];
 }
 
-void host_vendor_fms(char *vendor, int *family, int *model, int *stepping)
-{
-uint32_t eax, ebx, ecx, edx;
-
-host_cpuid(0x0, 0, , , , );
-x86_cpu_vendor_words2str(vendor, ebx, edx, ecx);
-
-host_cpuid(0x1, 0, , , , );
-if (family) {
-*family = ((eax >> 8) & 0x0F) + ((eax >> 20) & 0xFF);
-}
-if (model) {
-*model = ((eax >> 4) & 0x0F) | ((eax & 0xF) >> 12);
-}
-if (stepping) {
-*stepping = eax & 0x0F;
-}
-}
-
 /* CPU class name definitions: */
 
 /* Return type name for a given CPU model name
@@ -1606,10 +1574,6 @@ static char *x86_cpu_class_get_model_name(X86CPUClass 
*cc)
  strlen(class_name) - strlen(X86_CPU_TYPE_SUFFIX));
 }
 
-typedef struct PropValue {
-const char *prop, *value;
-} PropValue;
-
 typedef struct X86CPUVersionDefinition {
 X86CPUVersion version;
 const char *alias;
@@ -4106,31 +4070,6 @@ static X86CPUDefinition builtin_x86_defs[] = {
 },
 };
 
-/* KVM-specific features that are automatically added/removed
- * from all CPU models when KVM is enabled.
- */
-static PropValue kvm_default_props[] 

[RFC v7 09/22] tcg: make CPUClass.cpu_exec_* optional

[Claudio Fontana]

From: Eduardo Habkost 

This will let us simplify the code that initializes CPU class
methods, when we move cpu_exec_*() to a separate struct.
Signed-off-by: Eduardo Habkost 
---
 accel/tcg/cpu-exec.c | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 8d31145ad2..890b88861a 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -240,14 +240,18 @@ static void cpu_exec_enter(CPUState *cpu)
 {
 CPUClass *cc = CPU_GET_CLASS(cpu);
 
-cc->cpu_exec_enter(cpu);
+if (cc->cpu_exec_enter) {
+cc->cpu_exec_enter(cpu);
+}
 }
 
 static void cpu_exec_exit(CPUState *cpu)
 {
 CPUClass *cc = CPU_GET_CLASS(cpu);
 
-cc->cpu_exec_exit(cpu);
+if (cc->cpu_exec_exit) {
+cc->cpu_exec_exit(cpu);
+}
 }
 
 void cpu_exec_step_atomic(CPUState *cpu)
@@ -619,7 +623,8 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
True when it is, and we should restart on a new TB,
and via longjmp via cpu_loop_exit.  */
 else {
-if (cc->cpu_exec_interrupt(cpu, interrupt_request)) {
+if (cc->cpu_exec_interrupt &&
+cc->cpu_exec_interrupt(cpu, interrupt_request)) {
 if (need_replay_interrupt(interrupt_request)) {
 replay_interrupt();
 }
-- 
2.26.2

[RFC v7 05/22] i386: move TCG accel files into tcg/

[Claudio Fontana]

Signed-off-by: Claudio Fontana 
---
 target/i386/meson.build | 14 +-
 target/i386/{ => tcg}/bpt_helper.c  |  0
 target/i386/{ => tcg}/cc_helper.c   |  0
 target/i386/{ => tcg}/excp_helper.c |  0
 target/i386/{ => tcg}/fpu_helper.c  |  0
 target/i386/{ => tcg}/int_helper.c  |  0
 target/i386/{ => tcg}/mem_helper.c  |  0
 target/i386/tcg/meson.build | 13 +
 target/i386/{ => tcg}/misc_helper.c |  0
 target/i386/{ => tcg}/mpx_helper.c  |  0
 target/i386/{ => tcg}/seg_helper.c  |  0
 target/i386/{ => tcg}/smm_helper.c  |  0
 target/i386/{ => tcg}/svm_helper.c  |  0
 target/i386/{ => tcg}/tcg-stub.c|  0
 target/i386/{ => tcg}/translate.c   |  0
 15 files changed, 14 insertions(+), 13 deletions(-)
 rename target/i386/{ => tcg}/bpt_helper.c (100%)
 rename target/i386/{ => tcg}/cc_helper.c (100%)
 rename target/i386/{ => tcg}/excp_helper.c (100%)
 rename target/i386/{ => tcg}/fpu_helper.c (100%)
 rename target/i386/{ => tcg}/int_helper.c (100%)
 rename target/i386/{ => tcg}/mem_helper.c (100%)
 create mode 100644 target/i386/tcg/meson.build
 rename target/i386/{ => tcg}/misc_helper.c (100%)
 rename target/i386/{ => tcg}/mpx_helper.c (100%)
 rename target/i386/{ => tcg}/seg_helper.c (100%)
 rename target/i386/{ => tcg}/smm_helper.c (100%)
 rename target/i386/{ => tcg}/svm_helper.c (100%)
 rename target/i386/{ => tcg}/tcg-stub.c (100%)
 rename target/i386/{ => tcg}/translate.c (100%)

diff --git a/target/i386/meson.build b/target/i386/meson.build
index 284d52ab81..750471c9f3 100644
--- a/target/i386/meson.build
+++ b/target/i386/meson.build
@@ -5,19 +5,6 @@ i386_ss.add(files(
   'helper.c',
   'xsave_helper.c',
 ))
-i386_ss.add(when: 'CONFIG_TCG', if_true: files(
-  'bpt_helper.c',
-  'cc_helper.c',
-  'excp_helper.c',
-  'fpu_helper.c',
-  'int_helper.c',
-  'mem_helper.c',
-  'misc_helper.c',
-  'mpx_helper.c',
-  'seg_helper.c',
-  'smm_helper.c',
-  'svm_helper.c',
-  'translate.c'), if_false: files('tcg-stub.c'))
 i386_ss.add(when: 'CONFIG_SEV', if_true: files('sev.c'), if_false: 
files('sev-stub.c'))
 
 i386_softmmu_ss = ss.source_set()
@@ -32,6 +19,7 @@ subdir('kvm')
 subdir('hax')
 subdir('whpx')
 subdir('hvf')
+subdir('tcg')
 
 target_arch += {'i386': i386_ss}
 target_softmmu_arch += {'i386': i386_softmmu_ss}
diff --git a/target/i386/bpt_helper.c b/target/i386/tcg/bpt_helper.c
similarity index 100%
rename from target/i386/bpt_helper.c
rename to target/i386/tcg/bpt_helper.c
diff --git a/target/i386/cc_helper.c b/target/i386/tcg/cc_helper.c
similarity index 100%
rename from target/i386/cc_helper.c
rename to target/i386/tcg/cc_helper.c
diff --git a/target/i386/excp_helper.c b/target/i386/tcg/excp_helper.c
similarity index 100%
rename from target/i386/excp_helper.c
rename to target/i386/tcg/excp_helper.c
diff --git a/target/i386/fpu_helper.c b/target/i386/tcg/fpu_helper.c
similarity index 100%
rename from target/i386/fpu_helper.c
rename to target/i386/tcg/fpu_helper.c
diff --git a/target/i386/int_helper.c b/target/i386/tcg/int_helper.c
similarity index 100%
rename from target/i386/int_helper.c
rename to target/i386/tcg/int_helper.c
diff --git a/target/i386/mem_helper.c b/target/i386/tcg/mem_helper.c
similarity index 100%
rename from target/i386/mem_helper.c
rename to target/i386/tcg/mem_helper.c
diff --git a/target/i386/tcg/meson.build b/target/i386/tcg/meson.build
new file mode 100644
index 00..02794226c2
--- /dev/null
+++ b/target/i386/tcg/meson.build
@@ -0,0 +1,13 @@
+i386_ss.add(when: 'CONFIG_TCG', if_true: files(
+  'bpt_helper.c',
+  'cc_helper.c',
+  'excp_helper.c',
+  'fpu_helper.c',
+  'int_helper.c',
+  'mem_helper.c',
+  'misc_helper.c',
+  'mpx_helper.c',
+  'seg_helper.c',
+  'smm_helper.c',
+  'svm_helper.c',
+  'translate.c'), if_false: files('tcg-stub.c'))
diff --git a/target/i386/misc_helper.c b/target/i386/tcg/misc_helper.c
similarity index 100%
rename from target/i386/misc_helper.c
rename to target/i386/tcg/misc_helper.c
diff --git a/target/i386/mpx_helper.c b/target/i386/tcg/mpx_helper.c
similarity index 100%
rename from target/i386/mpx_helper.c
rename to target/i386/tcg/mpx_helper.c
diff --git a/target/i386/seg_helper.c b/target/i386/tcg/seg_helper.c
similarity index 100%
rename from target/i386/seg_helper.c
rename to target/i386/tcg/seg_helper.c
diff --git a/target/i386/smm_helper.c b/target/i386/tcg/smm_helper.c
similarity index 100%
rename from target/i386/smm_helper.c
rename to target/i386/tcg/smm_helper.c
diff --git a/target/i386/svm_helper.c b/target/i386/tcg/svm_helper.c
similarity index 100%
rename from target/i386/svm_helper.c
rename to target/i386/tcg/svm_helper.c
diff --git a/target/i386/tcg-stub.c b/target/i386/tcg/tcg-stub.c
similarity index 100%
rename from target/i386/tcg-stub.c
rename to target/i386/tcg/tcg-stub.c
diff --git a/target/i386/translate.c b/target/i386/tcg/translate.c
similarity index 100%
rename from target/i386/translate.c
rename to target/i386/tcg/translate.c
-- 
2.26.2

[RFC v7 19/22] accel: introduce AccelCPUClass extending CPUClass

[Claudio Fontana]

add a new optional interface to CPUClass,
which allows accelerators to extend the CPUClass
with additional accelerator-specific initializations.

Signed-off-by: Claudio Fontana 
---
 MAINTAINERS |  1 +
 accel/accel-common.c| 46 -
 bsd-user/main.c |  2 +-
 include/hw/core/accel-cpu.h | 25 
 include/hw/core/cpu.h   | 13 +++
 include/qemu/accel.h|  2 +-
 linux-user/main.c   |  2 +-
 softmmu/vl.c| 10 
 8 files changed, 93 insertions(+), 8 deletions(-)
 create mode 100644 include/hw/core/accel-cpu.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 8f0e773a47..f084d73f6b 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -436,6 +436,7 @@ R: Paolo Bonzini 
 S: Maintained
 F: include/qemu/accel.h
 F: include/sysemu/accel-ops.h
+F: include/hw/core/accel-cpu.h
 F: accel/accel-*.c
 F: accel/Makefile.objs
 F: accel/stubs/Makefile.objs
diff --git a/accel/accel-common.c b/accel/accel-common.c
index 3910b7dbe0..ef73c761fc 100644
--- a/accel/accel-common.c
+++ b/accel/accel-common.c
@@ -26,6 +26,9 @@
 #include "qemu/osdep.h"
 #include "qemu/accel.h"
 
+#include "cpu.h"
+#include "hw/core/accel-cpu.h"
+
 #ifndef CONFIG_USER_ONLY
 #include "accel-softmmu.h"
 #endif /* !CONFIG_USER_ONLY */
@@ -46,16 +49,57 @@ AccelClass *accel_find(const char *opt_name)
 return ac;
 }
 
-void accel_init_interfaces(AccelClass *ac, const char *cpu_type)
+static void accel_init_cpu_int_aux(ObjectClass *klass, void *opaque)
+{
+CPUClass *cc = CPU_CLASS(klass);
+AccelCPUClass *accel_cpu_interface = opaque;
+
+cc->accel_cpu_interface = accel_cpu_interface;
+if (accel_cpu_interface->cpu_class_init) {
+accel_cpu_interface->cpu_class_init(cc);
+}
+}
+
+/* initialize the arch-specific accel CpuClass interfaces */
+static void accel_init_cpu_interfaces(AccelClass *ac)
+{
+const char *ac_name; /* AccelClass name */
+char *acc_name;  /* AccelCPUClass name */
+ObjectClass *acc;/* AccelCPUClass */
+
+ac_name = object_class_get_name(OBJECT_CLASS(ac));
+g_assert(ac_name != NULL);
+
+acc_name = g_strdup_printf("%s-%s", ac_name, CPU_RESOLVING_TYPE);
+acc = object_class_by_name(acc_name);
+g_free(acc_name);
+
+if (acc) {
+object_class_foreach(accel_init_cpu_int_aux,
+ CPU_RESOLVING_TYPE, false, acc);
+}
+}
+
+void accel_init_interfaces(AccelClass *ac)
 {
 #ifndef CONFIG_USER_ONLY
 accel_init_ops_interfaces(ac);
 #endif /* !CONFIG_USER_ONLY */
+
+accel_init_cpu_interfaces(ac);
 }
 
+static const TypeInfo accel_cpu_type = {
+.name = TYPE_ACCEL_CPU,
+.parent = TYPE_OBJECT,
+.abstract = true,
+.class_size = sizeof(AccelCPUClass),
+};
+
 static void register_accel_types(void)
 {
 type_register_static(_type);
+type_register_static(_cpu_type);
 }
 
 type_init(register_accel_types);
diff --git a/bsd-user/main.c b/bsd-user/main.c
index 25a757c746..7ff3cc8f87 100644
--- a/bsd-user/main.c
+++ b/bsd-user/main.c
@@ -914,7 +914,7 @@ int main(int argc, char **argv)
 AccelClass *ac = ACCEL_GET_CLASS(current_accel());
 
 ac->init_machine(NULL);
-accel_init_interfaces(ac, cpu_type);
+accel_init_interfaces(ac);
 }
 cpu = cpu_create(cpu_type);
 env = cpu->env_ptr;
diff --git a/include/hw/core/accel-cpu.h b/include/hw/core/accel-cpu.h
new file mode 100644
index 00..dce08a9100
--- /dev/null
+++ b/include/hw/core/accel-cpu.h
@@ -0,0 +1,25 @@
+/*
+ * Accelerator interface, specializes CPUClass
+ *
+ * Copyright 2020 SUSE LLC
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef ACCEL_CPU_H
+#define ACCEL_CPU_H
+
+/*
+ * these defines cannot be in cpu.h, because we are using
+ * CPU_RESOLVING_TYPE here.
+ * Use this header to define your accelerator-specific
+ * cpu-specific accelerator interfaces.
+ */
+
+#define TYPE_ACCEL_CPU "accel-" CPU_RESOLVING_TYPE
+#define ACCEL_CPU_NAME(name) (name "-" TYPE_ACCEL_CPU)
+typedef struct AccelCPUClass AccelCPUClass;
+DECLARE_CLASS_CHECKERS(AccelCPUClass, ACCEL_CPU, TYPE_ACCEL_CPU)
+
+#endif /* ACCEL_CPU_H */
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 89454c3d00..9f00c6635b 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -76,6 +76,17 @@ typedef struct CPUWatchpoint CPUWatchpoint;
 
 struct TranslationBlock;
 
+/* see also accel-cpu.h */
+typedef struct AccelCPUClass {
+/*< private >*/
+ObjectClass parent_class;
+/*< public >*/
+
+void (*cpu_class_init)(CPUClass *cc);
+void (*cpu_instance_init)(CPUState *cpu);
+void (*cpu_realizefn)(CPUState *cpu, Error **errp);
+} AccelCPUClass;
+
 #ifdef CONFIG_TCG
 #include "tcg-cpu-ops.h"
 #endif /* CONFIG_TCG */
@@ -209,6 +220,8 @@ struct CPUClass {
 #ifdef CONFIG_TCG
 TcgCpuOperations tcg_ops;
 #endif /* CONFIG_TCG 

[RFC v7 06/22] i386: move cpu dump out of helper.c into cpu-dump.c

[Claudio Fontana]

Signed-off-by: Claudio Fontana 
---
 target/i386/cpu-dump.c  | 538 
 target/i386/cpu.h   |   1 +
 target/i386/helper.c| 514 --
 target/i386/meson.build |   1 +
 4 files changed, 540 insertions(+), 514 deletions(-)
 create mode 100644 target/i386/cpu-dump.c

diff --git a/target/i386/cpu-dump.c b/target/i386/cpu-dump.c
new file mode 100644
index 00..1ddc47fb0c
--- /dev/null
+++ b/target/i386/cpu-dump.c
@@ -0,0 +1,538 @@
+/*
+ *  i386 CPU dump to FILE
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "qemu/qemu-print.h"
+#ifndef CONFIG_USER_ONLY
+#include "hw/i386/apic_internal.h"
+#endif
+
+/***/
+/* x86 debug */
+
+static const char *cc_op_str[CC_OP_NB] = {
+"DYNAMIC",
+"EFLAGS",
+
+"MULB",
+"MULW",
+"MULL",
+"MULQ",
+
+"ADDB",
+"ADDW",
+"ADDL",
+"ADDQ",
+
+"ADCB",
+"ADCW",
+"ADCL",
+"ADCQ",
+
+"SUBB",
+"SUBW",
+"SUBL",
+"SUBQ",
+
+"SBBB",
+"SBBW",
+"SBBL",
+"SBBQ",
+
+"LOGICB",
+"LOGICW",
+"LOGICL",
+"LOGICQ",
+
+"INCB",
+"INCW",
+"INCL",
+"INCQ",
+
+"DECB",
+"DECW",
+"DECL",
+"DECQ",
+
+"SHLB",
+"SHLW",
+"SHLL",
+"SHLQ",
+
+"SARB",
+"SARW",
+"SARL",
+"SARQ",
+
+"BMILGB",
+"BMILGW",
+"BMILGL",
+"BMILGQ",
+
+"ADCX",
+"ADOX",
+"ADCOX",
+
+"CLR",
+};
+
+static void
+cpu_x86_dump_seg_cache(CPUX86State *env, FILE *f,
+   const char *name, struct SegmentCache *sc)
+{
+#ifdef TARGET_X86_64
+if (env->hflags & HF_CS64_MASK) {
+qemu_fprintf(f, "%-3s=%04x %016" PRIx64 " %08x %08x", name,
+ sc->selector, sc->base, sc->limit,
+ sc->flags & 0x0000);
+} else
+#endif
+{
+qemu_fprintf(f, "%-3s=%04x %08x %08x %08x", name, sc->selector,
+ (uint32_t)sc->base, sc->limit,
+ sc->flags & 0x0000);
+}
+
+if (!(env->hflags & HF_PE_MASK) || !(sc->flags & DESC_P_MASK))
+goto done;
+
+qemu_fprintf(f, " DPL=%d ",
+ (sc->flags & DESC_DPL_MASK) >> DESC_DPL_SHIFT);
+if (sc->flags & DESC_S_MASK) {
+if (sc->flags & DESC_CS_MASK) {
+qemu_fprintf(f, (sc->flags & DESC_L_MASK) ? "CS64" :
+ ((sc->flags & DESC_B_MASK) ? "CS32" : "CS16"));
+qemu_fprintf(f, " [%c%c", (sc->flags & DESC_C_MASK) ? 'C' : '-',
+ (sc->flags & DESC_R_MASK) ? 'R' : '-');
+} else {
+qemu_fprintf(f, (sc->flags & DESC_B_MASK
+ || env->hflags & HF_LMA_MASK)
+ ? "DS  " : "DS16");
+qemu_fprintf(f, " [%c%c", (sc->flags & DESC_E_MASK) ? 'E' : '-',
+ (sc->flags & DESC_W_MASK) ? 'W' : '-');
+}
+qemu_fprintf(f, "%c]", (sc->flags & DESC_A_MASK) ? 'A' : '-');
+} else {
+static const char *sys_type_name[2][16] = {
+{ /* 32 bit mode */
+"Reserved", "TSS16-avl", "LDT", "TSS16-busy",
+"CallGate16", "TaskGate", "IntGate16", "TrapGate16",
+"Reserved", "TSS32-avl", "Reserved", "TSS32-busy",
+"CallGate32", "Reserved", "IntGate32", "TrapGate32"
+},
+{ /* 64 bit mode */
+"", "Reserved", "LDT", "Reserved", "Reserved",
+"Reserved", "Reserved", "Reserved", "Reserved",
+"TSS64-avl", "Reserved", "TSS64-busy", "CallGate64",
+"Reserved", "IntGate64", "TrapGate64"
+}
+};
+qemu_fprintf(f, "%s",
+ sys_type_name[(env->hflags & HF_LMA_MASK) ? 1 : 0]
+ [(sc->flags & DESC_TYPE_MASK) >> DESC_TYPE_SHIFT]);
+}
+done:
+qemu_fprintf(f, "\n");
+}
+
+#ifndef CONFIG_USER_ONLY
+
+/* ARRAY_SIZE check is not required because
+ * DeliveryMode(dm) has a size of 3 bit.
+ */
+static inline const char *dm2str(uint32_t dm)
+{
+static const char *str[] = {
+"Fixed",
+"...",
+"SMI",
+"...",
+"NMI",
+   

[RFC v7 13/22] cpu: Move synchronize_from_tb() to tcg_ops

[Claudio Fontana]

From: Eduardo Habkost 

Signed-off-by: Eduardo Habkost 
---
 accel/tcg/cpu-exec.c  |  4 ++--
 include/hw/core/cpu.h |  8 
 include/hw/core/tcg-cpu-ops.h | 14 +++---
 target/arm/cpu.c  |  2 +-
 target/avr/cpu.c  |  2 +-
 target/hppa/cpu.c |  2 +-
 target/i386/tcg-cpu.c |  2 +-
 target/microblaze/cpu.c   |  2 +-
 target/mips/cpu.c |  2 +-
 target/riscv/cpu.c|  2 +-
 target/rx/cpu.c   |  2 +-
 target/sh4/cpu.c  |  2 +-
 target/sparc/cpu.c|  2 +-
 target/tricore/cpu.c  |  2 +-
 14 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 64cba89356..816ef29f68 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -192,8 +192,8 @@ static inline tcg_target_ulong cpu_tb_exec(CPUState *cpu, 
TranslationBlock *itb)
TARGET_FMT_lx "] %s\n",
last_tb->tc.ptr, last_tb->pc,
lookup_symbol(last_tb->pc));
-if (cc->synchronize_from_tb) {
-cc->synchronize_from_tb(cpu, last_tb);
+if (cc->tcg_ops.synchronize_from_tb) {
+cc->tcg_ops.synchronize_from_tb(cpu, last_tb);
 } else {
 assert(cc->set_pc);
 cc->set_pc(cpu, last_tb->pc);
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index c93b08a0fb..19211cb409 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -110,13 +110,6 @@ struct TranslationBlock;
  *   If the target behaviour here is anything other than "set
  *   the PC register to the value passed in" then the target must
  *   also implement the synchronize_from_tb hook.
- * @synchronize_from_tb: Callback for synchronizing state from a TCG
- *   #TranslationBlock. This is called when we abandon execution
- *   of a TB before starting it, and must set all parts of the CPU
- *   state which the previous TB in the chain may not have updated.
- *   This always includes at least the program counter; some targets
- *   will need to do more. If this hook is not implemented then the
- *   default is to call @set_pc(tb->pc).
  * @tlb_fill: Callback for handling a softmmu tlb miss or user-only
  *   address fault.  For system mode, if the access is valid, call
  *   tlb_set_page and return true; if the access is invalid, and
@@ -193,7 +186,6 @@ struct CPUClass {
 void (*get_memory_mapping)(CPUState *cpu, MemoryMappingList *list,
Error **errp);
 void (*set_pc)(CPUState *cpu, vaddr value);
-void (*synchronize_from_tb)(CPUState *cpu, struct TranslationBlock *tb);
 bool (*tlb_fill)(CPUState *cpu, vaddr address, int size,
  MMUAccessType access_type, int mmu_idx,
  bool probe, uintptr_t retaddr);
diff --git a/include/hw/core/tcg-cpu-ops.h b/include/hw/core/tcg-cpu-ops.h
index 4475ef0996..109291ac52 100644
--- a/include/hw/core/tcg-cpu-ops.h
+++ b/include/hw/core/tcg-cpu-ops.h
@@ -10,9 +10,6 @@
 #ifndef TCG_CPU_OPS_H
 #define TCG_CPU_OPS_H
 
-/**
- * struct TcgCpuOperations: TCG operations specific to a CPU class
- */
 typedef struct TcgCpuOperations {
 /**
  * @initialize: Initalize TCG state
@@ -20,6 +17,17 @@ typedef struct TcgCpuOperations {
  * Called when the first CPU is realized.
  */
 void (*initialize)(void);
+/**
+ * @synchronize_from_tb: Synchronize state from a TCG #TranslationBlock
+ *
+ * This is called when we abandon execution of a TB before
+ * starting it, and must set all parts of the CPU state which
+ * the previous TB in the chain may not have updated. This
+ * will need to do more. If this hook is not implemented then
+ * the default is to call
+ * @set_pc(tb->pc).
+ */
+void (*synchronize_from_tb)(CPUState *cpu, struct TranslationBlock *tb);
 } TcgCpuOperations;
 
 #endif /* TCG_CPU_OPS_H */
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 1fa9382a7c..e29601d7db 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -2242,7 +2242,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void 
*data)
 cc->cpu_exec_interrupt = arm_cpu_exec_interrupt;
 cc->dump_state = arm_cpu_dump_state;
 cc->set_pc = arm_cpu_set_pc;
-cc->synchronize_from_tb = arm_cpu_synchronize_from_tb;
+cc->tcg_ops.synchronize_from_tb = arm_cpu_synchronize_from_tb;
 cc->gdb_read_register = arm_cpu_gdb_read_register;
 cc->gdb_write_register = arm_cpu_gdb_write_register;
 #ifndef CONFIG_USER_ONLY
diff --git a/target/avr/cpu.c b/target/avr/cpu.c
index 94306a2aa0..f753c15768 100644
--- a/target/avr/cpu.c
+++ b/target/avr/cpu.c
@@ -207,7 +207,7 @@ static void avr_cpu_class_init(ObjectClass *oc, void *data)
 cc->vmsd = _avr_cpu;
 cc->disas_set_info = avr_cpu_disas_set_info;
 cc->tcg_ops.initialize = avr_cpu_tcg_init;
-

[RFC v7 04/22] i386: hvf: remove stale MAINTAINERS entry for old hvf stubs

[Claudio Fontana]

Signed-off-by: Claudio Fontana 
Reviewed-by: Roman Bolshakov 
---
 MAINTAINERS | 1 -
 1 file changed, 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 448593c904..f53f2678d8 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -444,7 +444,6 @@ M: Cameron Esfahani 
 M: Roman Bolshakov 
 W: https://wiki.qemu.org/Features/HVF
 S: Maintained
-F: accel/stubs/hvf-stub.c
 F: target/i386/hvf/
 F: include/sysemu/hvf.h
 
-- 
2.26.2

[RFC v7 16/22] cpu: Move debug_excp_handler to tcg_ops

[Claudio Fontana]

From: Eduardo Habkost 

Signed-off-by: Eduardo Habkost 
---
 accel/tcg/cpu-exec.c  | 4 ++--
 include/hw/core/cpu.h | 2 --
 include/hw/core/tcg-cpu-ops.h | 2 ++
 target/arm/cpu.c  | 2 +-
 target/i386/tcg-cpu.c | 2 +-
 target/lm32/cpu.c | 2 +-
 target/s390x/cpu.c| 2 +-
 target/xtensa/cpu.c   | 2 +-
 8 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 07ff1fa4dc..bd4ff224ee 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -482,8 +482,8 @@ static inline void cpu_handle_debug_exception(CPUState *cpu)
 }
 }
 
-if (cc->debug_excp_handler) {
-cc->debug_excp_handler(cpu);
+if (cc->tcg_ops.debug_excp_handler) {
+cc->tcg_ops.debug_excp_handler(cpu);
 }
 }
 
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 67cc147aae..89454c3d00 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -121,7 +121,6 @@ struct TranslationBlock;
  * @gdb_write_register: Callback for letting GDB write a register.
  * @debug_check_watchpoint: Callback: return true if the architectural
  *   watchpoint whose address has matched should really fire.
- * @debug_excp_handler: Callback for handling debug exceptions.
  * @write_elf64_note: Callback for writing a CPU-specific ELF note to a
  * 64-bit VM coredump.
  * @write_elf32_qemunote: Callback for writing a CPU- and QEMU-specific ELF
@@ -184,7 +183,6 @@ struct CPUClass {
 int (*gdb_read_register)(CPUState *cpu, GByteArray *buf, int reg);
 int (*gdb_write_register)(CPUState *cpu, uint8_t *buf, int reg);
 bool (*debug_check_watchpoint)(CPUState *cpu, CPUWatchpoint *wp);
-void (*debug_excp_handler)(CPUState *cpu);
 
 int (*write_elf64_note)(WriteCoreDumpFunction f, CPUState *cpu,
 int cpuid, void *opaque);
diff --git a/include/hw/core/tcg-cpu-ops.h b/include/hw/core/tcg-cpu-ops.h
index 2ea94acca0..dbbc64418c 100644
--- a/include/hw/core/tcg-cpu-ops.h
+++ b/include/hw/core/tcg-cpu-ops.h
@@ -49,6 +49,8 @@ typedef struct TcgCpuOperations {
 bool (*tlb_fill)(CPUState *cpu, vaddr address, int size,
  MMUAccessType access_type, int mmu_idx,
  bool probe, uintptr_t retaddr);
+/** @debug_excp_handler: Callback for handling debug exceptions */
+void (*debug_excp_handler)(CPUState *cpu);
 } TcgCpuOperations;
 
 #endif /* TCG_CPU_OPS_H */
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index f117ae4b2d..1553d7b53c 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -2263,7 +2263,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void 
*data)
 #ifdef CONFIG_TCG
 cc->tcg_ops.initialize = arm_translate_init;
 cc->tcg_ops.tlb_fill = arm_cpu_tlb_fill;
-cc->debug_excp_handler = arm_debug_excp_handler;
+cc->tcg_ops.debug_excp_handler = arm_debug_excp_handler;
 cc->debug_check_watchpoint = arm_debug_check_watchpoint;
 cc->do_unaligned_access = arm_cpu_do_unaligned_access;
 #if !defined(CONFIG_USER_ONLY)
diff --git a/target/i386/tcg-cpu.c b/target/i386/tcg-cpu.c
index 8606dd6a3e..38ed8bf6d3 100644
--- a/target/i386/tcg-cpu.c
+++ b/target/i386/tcg-cpu.c
@@ -66,6 +66,6 @@ void tcg_cpu_common_class_init(CPUClass *cc)
 cc->tcg_ops.initialize = tcg_x86_init;
 cc->tcg_ops.tlb_fill = x86_cpu_tlb_fill;
 #ifndef CONFIG_USER_ONLY
-cc->debug_excp_handler = breakpoint_handler;
+cc->tcg_ops.debug_excp_handler = breakpoint_handler;
 #endif
 }
diff --git a/target/lm32/cpu.c b/target/lm32/cpu.c
index 76dc728858..bbe1405e32 100644
--- a/target/lm32/cpu.c
+++ b/target/lm32/cpu.c
@@ -235,7 +235,7 @@ static void lm32_cpu_class_init(ObjectClass *oc, void *data)
 #endif
 cc->gdb_num_core_regs = 32 + 7;
 cc->gdb_stop_before_watchpoint = true;
-cc->debug_excp_handler = lm32_debug_excp_handler;
+cc->tcg_ops.debug_excp_handler = lm32_debug_excp_handler;
 cc->disas_set_info = lm32_cpu_disas_set_info;
 cc->tcg_ops.initialize = lm32_translate_init;
 }
diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index 6cd2b30192..04856076b3 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -506,7 +506,7 @@ static void s390_cpu_class_init(ObjectClass *oc, void *data)
 cc->write_elf64_note = s390_cpu_write_elf64_note;
 #ifdef CONFIG_TCG
 cc->tcg_ops.cpu_exec_interrupt = s390_cpu_exec_interrupt;
-cc->debug_excp_handler = s390x_cpu_debug_excp_handler;
+cc->tcg_ops.debug_excp_handler = s390x_cpu_debug_excp_handler;
 cc->do_unaligned_access = s390x_cpu_do_unaligned_access;
 #endif
 #endif
diff --git a/target/xtensa/cpu.c b/target/xtensa/cpu.c
index e764dbeb73..b6f13ceb32 100644
--- a/target/xtensa/cpu.c
+++ b/target/xtensa/cpu.c
@@ -207,7 +207,7 @@ static void xtensa_cpu_class_init(ObjectClass *oc, void 
*data)
 cc->get_phys_page_debug = xtensa_cpu_get_phys_page_debug;
 cc->do_transaction_failed = xtensa_cpu_do_transaction_failed;
 #endif
-

[RFC v7 08/22] tcg: cpu_exec_{enter,exit} helpers

[Claudio Fontana]

From: Eduardo Habkost 

Move invocation of CPUClass.cpu_exec_*() to separate helpers,
to make it easier to refactor that code later.

Signed-off-by: Eduardo Habkost 
---
 accel/tcg/cpu-exec.c | 23 ++-
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 58aea605d8..8d31145ad2 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -236,9 +236,22 @@ static void cpu_exec_nocache(CPUState *cpu, int max_cycles,
 }
 #endif
 
+static void cpu_exec_enter(CPUState *cpu)
+{
+CPUClass *cc = CPU_GET_CLASS(cpu);
+
+cc->cpu_exec_enter(cpu);
+}
+
+static void cpu_exec_exit(CPUState *cpu)
+{
+CPUClass *cc = CPU_GET_CLASS(cpu);
+
+cc->cpu_exec_exit(cpu);
+}
+
 void cpu_exec_step_atomic(CPUState *cpu)
 {
-CPUClass *cc = CPU_GET_CLASS(cpu);
 TranslationBlock *tb;
 target_ulong cs_base, pc;
 uint32_t flags;
@@ -257,11 +270,11 @@ void cpu_exec_step_atomic(CPUState *cpu)
 
 /* Since we got here, we know that parallel_cpus must be true.  */
 parallel_cpus = false;
-cc->cpu_exec_enter(cpu);
+cpu_exec_enter(cpu);
 /* execute the generated code */
 trace_exec_tb(tb, pc);
 cpu_tb_exec(cpu, tb);
-cc->cpu_exec_exit(cpu);
+cpu_exec_exit(cpu);
 } else {
 /*
  * The mmap_lock is dropped by tb_gen_code if it runs out of
@@ -713,7 +726,7 @@ int cpu_exec(CPUState *cpu)
 
 rcu_read_lock();
 
-cc->cpu_exec_enter(cpu);
+cpu_exec_enter(cpu);
 
 /* Calculate difference between guest clock and host clock.
  * This delay includes the delay of the last cycle, so
@@ -775,7 +788,7 @@ int cpu_exec(CPUState *cpu)
 }
 }
 
-cc->cpu_exec_exit(cpu);
+cpu_exec_exit(cpu);
 rcu_read_unlock();
 
 return ret;
-- 
2.26.2

[RFC v7 14/22] cpu: Move cpu_exec_* to tcg_ops

[Claudio Fontana]

From: Eduardo Habkost 

Signed-off-by: Eduardo Habkost 
---
 accel/tcg/cpu-exec.c| 12 ++--
 include/hw/core/cpu.h   |  6 --
 include/hw/core/tcg-cpu-ops.h   |  9 +
 target/alpha/cpu.c  |  3 ++-
 target/arm/cpu.c|  2 +-
 target/arm/cpu64.c  |  2 +-
 target/arm/cpu_tcg.c|  2 +-
 target/avr/cpu.c|  2 +-
 target/cris/cpu.c   |  2 +-
 target/hppa/cpu.c   |  2 +-
 target/i386/tcg-cpu.c   |  6 +++---
 target/lm32/cpu.c   |  2 +-
 target/m68k/cpu.c   |  2 +-
 target/microblaze/cpu.c |  2 +-
 target/mips/cpu.c   |  2 +-
 target/nios2/cpu.c  |  2 +-
 target/openrisc/cpu.c   |  2 +-
 target/ppc/translate_init.c.inc |  6 +++---
 target/riscv/cpu.c  |  2 +-
 target/rx/cpu.c |  2 +-
 target/s390x/cpu.c  |  2 +-
 target/sh4/cpu.c|  2 +-
 target/sparc/cpu.c  |  2 +-
 target/tilegx/cpu.c |  2 +-
 target/unicore32/cpu.c  |  2 +-
 target/xtensa/cpu.c |  2 +-
 26 files changed, 43 insertions(+), 39 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 816ef29f68..07ff1fa4dc 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -240,8 +240,8 @@ static void cpu_exec_enter(CPUState *cpu)
 {
 CPUClass *cc = CPU_GET_CLASS(cpu);
 
-if (cc->cpu_exec_enter) {
-cc->cpu_exec_enter(cpu);
+if (cc->tcg_ops.cpu_exec_enter) {
+cc->tcg_ops.cpu_exec_enter(cpu);
 }
 }
 
@@ -249,8 +249,8 @@ static void cpu_exec_exit(CPUState *cpu)
 {
 CPUClass *cc = CPU_GET_CLASS(cpu);
 
-if (cc->cpu_exec_exit) {
-cc->cpu_exec_exit(cpu);
+if (cc->tcg_ops.cpu_exec_exit) {
+cc->tcg_ops.cpu_exec_exit(cpu);
 }
 }
 
@@ -625,8 +625,8 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
True when it is, and we should restart on a new TB,
and via longjmp via cpu_loop_exit.  */
 else {
-if (cc->cpu_exec_interrupt &&
-cc->cpu_exec_interrupt(cpu, interrupt_request)) {
+if (cc->tcg_ops.cpu_exec_interrupt &&
+cc->tcg_ops.cpu_exec_interrupt(cpu, interrupt_request)) {
 if (need_replay_interrupt(interrupt_request)) {
 replay_interrupt();
 }
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 19211cb409..538f3e6cd3 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -146,9 +146,6 @@ struct TranslationBlock;
  * @gdb_get_dynamic_xml: Callback to return dynamically generated XML for the
  *   gdb stub. Returns a pointer to the XML contents for the specified XML file
  *   or NULL if the CPU doesn't have a dynamically generated content for it.
- * @cpu_exec_enter: Callback for cpu_exec preparation.
- * @cpu_exec_exit: Callback for cpu_exec cleanup.
- * @cpu_exec_interrupt: Callback for processing interrupts in cpu_exec.
  * @disas_set_info: Setup architecture specific components of disassembly info
  * @adjust_watchpoint_address: Perform a target-specific adjustment to an
  * address before attempting to match it against watchpoints.
@@ -211,9 +208,6 @@ struct CPUClass {
 const char *gdb_core_xml_file;
 gchar * (*gdb_arch_name)(CPUState *cpu);
 const char * (*gdb_get_dynamic_xml)(CPUState *cpu, const char *xmlname);
-void (*cpu_exec_enter)(CPUState *cpu);
-void (*cpu_exec_exit)(CPUState *cpu);
-bool (*cpu_exec_interrupt)(CPUState *cpu, int interrupt_request);
 
 void (*disas_set_info)(CPUState *cpu, disassemble_info *info);
 vaddr (*adjust_watchpoint_address)(CPUState *cpu, vaddr addr, int len);
diff --git a/include/hw/core/tcg-cpu-ops.h b/include/hw/core/tcg-cpu-ops.h
index 109291ac52..e12f32919b 100644
--- a/include/hw/core/tcg-cpu-ops.h
+++ b/include/hw/core/tcg-cpu-ops.h
@@ -10,6 +10,9 @@
 #ifndef TCG_CPU_OPS_H
 #define TCG_CPU_OPS_H
 
+/**
+ * struct TcgCpuOperations: TCG operations specific to a CPU class
+ */
 typedef struct TcgCpuOperations {
 /**
  * @initialize: Initalize TCG state
@@ -28,6 +31,12 @@ typedef struct TcgCpuOperations {
  * @set_pc(tb->pc).
  */
 void (*synchronize_from_tb)(CPUState *cpu, struct TranslationBlock *tb);
+/** @cpu_exec_enter: Callback for cpu_exec preparation */
+void (*cpu_exec_enter)(CPUState *cpu);
+/** @cpu_exec_exit: Callback for cpu_exec cleanup */
+void (*cpu_exec_exit)(CPUState *cpu);
+/** @cpu_exec_interrupt: Callback for processing interrupts in cpu_exec */
+bool (*cpu_exec_interrupt)(CPUState *cpu, int interrupt_request);
 } TcgCpuOperations;
 
 #endif /* TCG_CPU_OPS_H */
diff --git a/target/alpha/cpu.c b/target/alpha/cpu.c
index d66f0351a9..4f206c154d 100644
--- a/target/alpha/cpu.c
+++ b/target/alpha/cpu.c
@@ -218,7 +218,6 @@ static void alpha_cpu_class_init(ObjectClass *oc, void 
*data)
 

[RFC v7 01/22] i386: move kvm accel files into kvm/

[Claudio Fontana]

Signed-off-by: Claudio Fontana 
---
 MAINTAINERS  | 2 +-
 hw/i386/fw_cfg.c | 2 +-
 hw/i386/intel_iommu.c| 2 +-
 hw/i386/kvm/apic.c   | 2 +-
 hw/i386/kvm/clock.c  | 2 +-
 hw/i386/microvm.c| 2 +-
 hw/i386/pc.c | 2 +-
 hw/i386/x86.c| 2 +-
 meson.build  | 1 +
 target/i386/cpu.c| 2 +-
 target/i386/cpu.h| 2 +-
 target/i386/helper.c | 2 +-
 target/i386/{ => kvm}/hyperv-proto.h | 0
 target/i386/{ => kvm}/hyperv-stub.c  | 0
 target/i386/{ => kvm}/hyperv.c   | 0
 target/i386/{ => kvm}/hyperv.h   | 0
 target/i386/{ => kvm}/kvm-stub.c | 0
 target/i386/{ => kvm}/kvm.c  | 0
 target/i386/{ => kvm}/kvm_i386.h | 0
 target/i386/kvm/meson.build  | 3 +++
 target/i386/kvm/trace-events | 7 +++
 target/i386/kvm/trace.h  | 1 +
 target/i386/machine.c| 4 ++--
 target/i386/meson.build  | 4 +---
 target/i386/trace-events | 6 --
 25 files changed, 26 insertions(+), 22 deletions(-)
 rename target/i386/{ => kvm}/hyperv-proto.h (100%)
 rename target/i386/{ => kvm}/hyperv-stub.c (100%)
 rename target/i386/{ => kvm}/hyperv.c (100%)
 rename target/i386/{ => kvm}/hyperv.h (100%)
 rename target/i386/{ => kvm}/kvm-stub.c (100%)
 rename target/i386/{ => kvm}/kvm.c (100%)
 rename target/i386/{ => kvm}/kvm_i386.h (100%)
 create mode 100644 target/i386/kvm/meson.build
 create mode 100644 target/i386/kvm/trace-events
 create mode 100644 target/i386/kvm/trace.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 68bc160f41..5b3eced829 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -425,7 +425,7 @@ M: Paolo Bonzini 
 M: Marcelo Tosatti 
 L: k...@vger.kernel.org
 S: Supported
-F: target/i386/kvm.c
+F: target/i386/kvm/
 F: scripts/kvm/vmxcap
 
 Guest CPU Cores (other accelerators)
diff --git a/hw/i386/fw_cfg.c b/hw/i386/fw_cfg.c
index e06579490c..fae1bb380f 100644
--- a/hw/i386/fw_cfg.c
+++ b/hw/i386/fw_cfg.c
@@ -21,7 +21,7 @@
 #include "hw/timer/hpet.h"
 #include "hw/nvram/fw_cfg.h"
 #include "e820_memory_layout.h"
-#include "kvm_i386.h"
+#include "kvm/kvm_i386.h"
 #include CONFIG_DEVICES
 
 struct hpet_fw_config hpet_cfg = {.count = UINT8_MAX};
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 70ac837733..361b6cd238 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -37,7 +37,7 @@
 #include "sysemu/kvm.h"
 #include "sysemu/sysemu.h"
 #include "hw/i386/apic_internal.h"
-#include "kvm_i386.h"
+#include "kvm/kvm_i386.h"
 #include "migration/vmstate.h"
 #include "trace.h"
 
diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c
index dd29906061..07bebc1282 100644
--- a/hw/i386/kvm/apic.c
+++ b/hw/i386/kvm/apic.c
@@ -17,7 +17,7 @@
 #include "hw/pci/msi.h"
 #include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
-#include "target/i386/kvm_i386.h"
+#include "kvm/kvm_i386.h"
 
 static inline void kvm_apic_set_reg(struct kvm_lapic_state *kapic,
 int reg_id, uint32_t val)
diff --git a/hw/i386/kvm/clock.c b/hw/i386/kvm/clock.c
index 24fe5091b6..2d8a366369 100644
--- a/hw/i386/kvm/clock.c
+++ b/hw/i386/kvm/clock.c
@@ -20,7 +20,7 @@
 #include "sysemu/kvm.h"
 #include "sysemu/runstate.h"
 #include "sysemu/hw_accel.h"
-#include "kvm_i386.h"
+#include "kvm/kvm_i386.h"
 #include "migration/vmstate.h"
 #include "hw/sysbus.h"
 #include "hw/kvm/clock.h"
diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c
index 5428448b70..3ed6adff83 100644
--- a/hw/i386/microvm.c
+++ b/hw/i386/microvm.c
@@ -51,7 +51,7 @@
 
 #include "cpu.h"
 #include "elf.h"
-#include "kvm_i386.h"
+#include "kvm/kvm_i386.h"
 #include "hw/xen/start_info.h"
 
 #define MICROVM_QBOOT_FILENAME "qboot.rom"
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 17b514d1da..299aaba8e9 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -61,7 +61,7 @@
 #include "sysemu/qtest.h"
 #include "sysemu/reset.h"
 #include "sysemu/runstate.h"
-#include "kvm_i386.h"
+#include "kvm/kvm_i386.h"
 #include "hw/xen/xen.h"
 #include "hw/xen/start_info.h"
 #include "ui/qemu-spice.h"
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index 5944fc44ed..88d0c70e12 100644
--- a/hw/i386/x86.c
+++ b/hw/i386/x86.c
@@ -52,7 +52,7 @@
 #include "elf.h"
 #include "standard-headers/asm-x86/bootparam.h"
 #include CONFIG_DEVICES
-#include "kvm_i386.h"
+#include "kvm/kvm_i386.h"
 
 #define BIOS_FILENAME "bios.bin"
 
diff --git a/meson.build b/meson.build
index e3386196ba..198298e9d8 100644
--- a/meson.build
+++ b/meson.build
@@ -1467,6 +1467,7 @@ trace_events_subdirs += [
   'target/arm',
   'target/hppa',
   'target/i386',
+  'target/i386/kvm',
   'target/mips',
   'target/ppc',
   'target/riscv',
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 5a8c96072e..b9bd249c8f 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -30,7 +30,7 @@
 #include "sysemu/hvf.h"
 

[RFC v7 12/22] cpu: Introduce TCGCpuOperations struct

[Claudio Fontana]

From: Eduardo Habkost 

The TCG-specific CPU methods will be moved to a separate struct,
to make it easier to move accel-specific code outside generic CPU
code in the future.  Start by moving tcg_initialize().

The new CPUClass.tcg_opts field may eventually become a pointer,
but keep it an embedded struct for now, to make code conversion
easier.

Signed-off-by: Eduardo Habkost 
---
 MAINTAINERS |  1 +
 cpu.c   |  2 +-
 include/hw/core/cpu.h   |  9 -
 include/hw/core/tcg-cpu-ops.h   | 25 +
 target/alpha/cpu.c  |  2 +-
 target/arm/cpu.c|  2 +-
 target/avr/cpu.c|  2 +-
 target/cris/cpu.c   | 12 ++--
 target/hppa/cpu.c   |  2 +-
 target/i386/tcg-cpu.c   |  2 +-
 target/lm32/cpu.c   |  2 +-
 target/m68k/cpu.c   |  2 +-
 target/microblaze/cpu.c |  2 +-
 target/mips/cpu.c   |  2 +-
 target/moxie/cpu.c  |  2 +-
 target/nios2/cpu.c  |  2 +-
 target/openrisc/cpu.c   |  2 +-
 target/ppc/translate_init.c.inc |  2 +-
 target/riscv/cpu.c  |  2 +-
 target/rx/cpu.c |  2 +-
 target/s390x/cpu.c  |  2 +-
 target/sh4/cpu.c|  2 +-
 target/sparc/cpu.c  |  2 +-
 target/tilegx/cpu.c |  2 +-
 target/tricore/cpu.c|  2 +-
 target/unicore32/cpu.c  |  2 +-
 target/xtensa/cpu.c |  2 +-
 27 files changed, 63 insertions(+), 30 deletions(-)
 create mode 100644 include/hw/core/tcg-cpu-ops.h

diff --git a/MAINTAINERS b/MAINTAINERS
index f53f2678d8..d876f504a6 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1535,6 +1535,7 @@ F: qapi/machine.json
 F: qapi/machine-target.json
 F: include/hw/boards.h
 F: include/hw/core/cpu.h
+F: include/hw/core/tcg-cpu-ops.h
 F: include/hw/cpu/cluster.h
 F: include/sysemu/numa.h
 T: git https://github.com/ehabkost/qemu.git machine-next
diff --git a/cpu.c b/cpu.c
index 0be5dcb6f3..d02c2a17f1 100644
--- a/cpu.c
+++ b/cpu.c
@@ -180,7 +180,7 @@ void cpu_exec_realizefn(CPUState *cpu, Error **errp)
 
 if (tcg_enabled() && !tcg_target_initialized) {
 tcg_target_initialized = true;
-cc->tcg_initialize();
+cc->tcg_ops.initialize();
 }
 tlb_init(cpu);
 
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 3d92c967ff..c93b08a0fb 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -76,6 +76,10 @@ typedef struct CPUWatchpoint CPUWatchpoint;
 
 struct TranslationBlock;
 
+#ifdef CONFIG_TCG
+#include "tcg-cpu-ops.h"
+#endif /* CONFIG_TCG */
+
 /**
  * CPUClass:
  * @class_by_name: Callback to map -cpu command line model name to an
@@ -221,12 +225,15 @@ struct CPUClass {
 
 void (*disas_set_info)(CPUState *cpu, disassemble_info *info);
 vaddr (*adjust_watchpoint_address)(CPUState *cpu, vaddr addr, int len);
-void (*tcg_initialize)(void);
 
 const char *deprecation_note;
 /* Keep non-pointer data at the end to minimize holes.  */
 int gdb_num_core_regs;
 bool gdb_stop_before_watchpoint;
+
+#ifdef CONFIG_TCG
+TcgCpuOperations tcg_ops;
+#endif /* CONFIG_TCG */
 };
 
 /*
diff --git a/include/hw/core/tcg-cpu-ops.h b/include/hw/core/tcg-cpu-ops.h
new file mode 100644
index 00..4475ef0996
--- /dev/null
+++ b/include/hw/core/tcg-cpu-ops.h
@@ -0,0 +1,25 @@
+/*
+ * TCG-Specific operations that are not meaningful for hardware accelerators
+ *
+ * Copyright 2020 SUSE LLC
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef TCG_CPU_OPS_H
+#define TCG_CPU_OPS_H
+
+/**
+ * struct TcgCpuOperations: TCG operations specific to a CPU class
+ */
+typedef struct TcgCpuOperations {
+/**
+ * @initialize: Initalize TCG state
+ *
+ * Called when the first CPU is realized.
+ */
+void (*initialize)(void);
+} TcgCpuOperations;
+
+#endif /* TCG_CPU_OPS_H */
diff --git a/target/alpha/cpu.c b/target/alpha/cpu.c
index b3fd6643e8..d66f0351a9 100644
--- a/target/alpha/cpu.c
+++ b/target/alpha/cpu.c
@@ -231,7 +231,7 @@ static void alpha_cpu_class_init(ObjectClass *oc, void 
*data)
 dc->vmsd = _alpha_cpu;
 #endif
 cc->disas_set_info = alpha_cpu_disas_set_info;
-cc->tcg_initialize = alpha_translate_init;
+cc->tcg_ops.initialize = alpha_translate_init;
 
 cc->gdb_num_core_regs = 67;
 }
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 07492e9f9a..1fa9382a7c 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -2261,7 +2261,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void 
*data)
 cc->gdb_stop_before_watchpoint = true;
 cc->disas_set_info = arm_disas_set_info;
 #ifdef CONFIG_TCG
-cc->tcg_initialize = arm_translate_init;
+cc->tcg_ops.initialize = arm_translate_init;
 cc->tlb_fill = arm_cpu_tlb_fill;
 cc->debug_excp_handler = 

[RFC v7 03/22] i386: move hax accel files into hax/

[Claudio Fontana]

Signed-off-by: Claudio Fontana 
---
 MAINTAINERS   | 2 +-
 target/i386/{ => hax}/hax-all.c   | 0
 target/i386/{ => hax}/hax-cpus.c  | 0
 target/i386/{ => hax}/hax-cpus.h  | 0
 target/i386/{ => hax}/hax-i386.h  | 6 +++---
 target/i386/{ => hax}/hax-interface.h | 0
 target/i386/{ => hax}/hax-mem.c   | 0
 target/i386/{ => hax}/hax-posix.c | 0
 target/i386/{ => hax}/hax-posix.h | 0
 target/i386/{ => hax}/hax-windows.c   | 0
 target/i386/{ => hax}/hax-windows.h   | 0
 target/i386/hax/meson.build   | 7 +++
 target/i386/meson.build   | 8 +---
 13 files changed, 12 insertions(+), 11 deletions(-)
 rename target/i386/{ => hax}/hax-all.c (100%)
 rename target/i386/{ => hax}/hax-cpus.c (100%)
 rename target/i386/{ => hax}/hax-cpus.h (100%)
 rename target/i386/{ => hax}/hax-i386.h (95%)
 rename target/i386/{ => hax}/hax-interface.h (100%)
 rename target/i386/{ => hax}/hax-mem.c (100%)
 rename target/i386/{ => hax}/hax-posix.c (100%)
 rename target/i386/{ => hax}/hax-posix.h (100%)
 rename target/i386/{ => hax}/hax-windows.c (100%)
 rename target/i386/{ => hax}/hax-windows.h (100%)
 create mode 100644 target/i386/hax/meson.build

diff --git a/MAINTAINERS b/MAINTAINERS
index 20e079f40c..448593c904 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -491,7 +491,7 @@ W: https://github.com/intel/haxm/issues
 S: Maintained
 F: accel/stubs/hax-stub.c
 F: include/sysemu/hax.h
-F: target/i386/hax-*
+F: target/i386/hax/
 
 Hosts
 -
diff --git a/target/i386/hax-all.c b/target/i386/hax/hax-all.c
similarity index 100%
rename from target/i386/hax-all.c
rename to target/i386/hax/hax-all.c
diff --git a/target/i386/hax-cpus.c b/target/i386/hax/hax-cpus.c
similarity index 100%
rename from target/i386/hax-cpus.c
rename to target/i386/hax/hax-cpus.c
diff --git a/target/i386/hax-cpus.h b/target/i386/hax/hax-cpus.h
similarity index 100%
rename from target/i386/hax-cpus.h
rename to target/i386/hax/hax-cpus.h
diff --git a/target/i386/hax-i386.h b/target/i386/hax/hax-i386.h
similarity index 95%
rename from target/i386/hax-i386.h
rename to target/i386/hax/hax-i386.h
index 48c4abe14e..efbb346238 100644
--- a/target/i386/hax-i386.h
+++ b/target/i386/hax/hax-i386.h
@@ -84,13 +84,13 @@ void hax_memory_init(void);
 
 
 #ifdef CONFIG_POSIX
-#include "target/i386/hax-posix.h"
+#include "hax-posix.h"
 #endif
 
 #ifdef CONFIG_WIN32
-#include "target/i386/hax-windows.h"
+#include "hax-windows.h"
 #endif
 
-#include "target/i386/hax-interface.h"
+#include "hax-interface.h"
 
 #endif
diff --git a/target/i386/hax-interface.h b/target/i386/hax/hax-interface.h
similarity index 100%
rename from target/i386/hax-interface.h
rename to target/i386/hax/hax-interface.h
diff --git a/target/i386/hax-mem.c b/target/i386/hax/hax-mem.c
similarity index 100%
rename from target/i386/hax-mem.c
rename to target/i386/hax/hax-mem.c
diff --git a/target/i386/hax-posix.c b/target/i386/hax/hax-posix.c
similarity index 100%
rename from target/i386/hax-posix.c
rename to target/i386/hax/hax-posix.c
diff --git a/target/i386/hax-posix.h b/target/i386/hax/hax-posix.h
similarity index 100%
rename from target/i386/hax-posix.h
rename to target/i386/hax/hax-posix.h
diff --git a/target/i386/hax-windows.c b/target/i386/hax/hax-windows.c
similarity index 100%
rename from target/i386/hax-windows.c
rename to target/i386/hax/hax-windows.c
diff --git a/target/i386/hax-windows.h b/target/i386/hax/hax-windows.h
similarity index 100%
rename from target/i386/hax-windows.h
rename to target/i386/hax/hax-windows.h
diff --git a/target/i386/hax/meson.build b/target/i386/hax/meson.build
new file mode 100644
index 00..77ea431b30
--- /dev/null
+++ b/target/i386/hax/meson.build
@@ -0,0 +1,7 @@
+i386_softmmu_ss.add(when: 'CONFIG_HAX', if_true: files(
+  'hax-all.c',
+  'hax-mem.c',
+  'hax-cpus.c',
+))
+i386_softmmu_ss.add(when: ['CONFIG_HAX', 'CONFIG_POSIX'], if_true: 
files('hax-posix.c'))
+i386_softmmu_ss.add(when: ['CONFIG_HAX', 'CONFIG_WIN32'], if_true: 
files('hax-windows.c'))
diff --git a/target/i386/meson.build b/target/i386/meson.build
index 62cd042915..284d52ab81 100644
--- a/target/i386/meson.build
+++ b/target/i386/meson.build
@@ -27,15 +27,9 @@ i386_softmmu_ss.add(files(
   'machine.c',
   'monitor.c',
 ))
-i386_softmmu_ss.add(when: 'CONFIG_HAX', if_true: files(
-  'hax-all.c',
-  'hax-mem.c',
-  'hax-cpus.c',
-))
-i386_softmmu_ss.add(when: ['CONFIG_HAX', 'CONFIG_POSIX'], if_true: 
files('hax-posix.c'))
-i386_softmmu_ss.add(when: ['CONFIG_HAX', 'CONFIG_WIN32'], if_true: 
files('hax-windows.c'))
 
 subdir('kvm')
+subdir('hax')
 subdir('whpx')
 subdir('hvf')
 
-- 
2.26.2

[RFC v7 02/22] i386: move whpx accel files into whpx/

[Claudio Fontana]

Signed-off-by: Claudio Fontana 
---
 MAINTAINERS   | 5 +
 target/i386/meson.build   | 5 +
 target/i386/whpx/meson.build  | 4 
 target/i386/{ => whpx}/whp-dispatch.h | 0
 target/i386/{ => whpx}/whpx-all.c | 0
 target/i386/{ => whpx}/whpx-cpus.c| 0
 target/i386/{ => whpx}/whpx-cpus.h| 0
 7 files changed, 6 insertions(+), 8 deletions(-)
 create mode 100644 target/i386/whpx/meson.build
 rename target/i386/{ => whpx}/whp-dispatch.h (100%)
 rename target/i386/{ => whpx}/whpx-all.c (100%)
 rename target/i386/{ => whpx}/whpx-cpus.c (100%)
 rename target/i386/{ => whpx}/whpx-cpus.h (100%)

diff --git a/MAINTAINERS b/MAINTAINERS
index 5b3eced829..20e079f40c 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -451,10 +451,7 @@ F: include/sysemu/hvf.h
 WHPX CPUs
 M: Sunil Muthuswamy 
 S: Supported
-F: target/i386/whpx-all.c
-F: target/i386/whpx-cpus.c
-F: target/i386/whp-dispatch.h
-F: accel/stubs/whpx-stub.c
+F: target/i386/whpx/
 F: include/sysemu/whpx.h
 
 Guest CPU Cores (Xen)
diff --git a/target/i386/meson.build b/target/i386/meson.build
index 0209542a8a..62cd042915 100644
--- a/target/i386/meson.build
+++ b/target/i386/meson.build
@@ -27,10 +27,6 @@ i386_softmmu_ss.add(files(
   'machine.c',
   'monitor.c',
 ))
-i386_softmmu_ss.add(when: 'CONFIG_WHPX', if_true: files(
-  'whpx-all.c',
-  'whpx-cpus.c',
-))
 i386_softmmu_ss.add(when: 'CONFIG_HAX', if_true: files(
   'hax-all.c',
   'hax-mem.c',
@@ -40,6 +36,7 @@ i386_softmmu_ss.add(when: ['CONFIG_HAX', 'CONFIG_POSIX'], 
if_true: files('hax-po
 i386_softmmu_ss.add(when: ['CONFIG_HAX', 'CONFIG_WIN32'], if_true: 
files('hax-windows.c'))
 
 subdir('kvm')
+subdir('whpx')
 subdir('hvf')
 
 target_arch += {'i386': i386_ss}
diff --git a/target/i386/whpx/meson.build b/target/i386/whpx/meson.build
new file mode 100644
index 00..94a72c8efc
--- /dev/null
+++ b/target/i386/whpx/meson.build
@@ -0,0 +1,4 @@
+i386_softmmu_ss.add(when: 'CONFIG_WHPX', if_true: files(
+  'whpx-all.c',
+  'whpx-cpus.c',
+))
diff --git a/target/i386/whp-dispatch.h b/target/i386/whpx/whp-dispatch.h
similarity index 100%
rename from target/i386/whp-dispatch.h
rename to target/i386/whpx/whp-dispatch.h
diff --git a/target/i386/whpx-all.c b/target/i386/whpx/whpx-all.c
similarity index 100%
rename from target/i386/whpx-all.c
rename to target/i386/whpx/whpx-all.c
diff --git a/target/i386/whpx-cpus.c b/target/i386/whpx/whpx-cpus.c
similarity index 100%
rename from target/i386/whpx-cpus.c
rename to target/i386/whpx/whpx-cpus.c
diff --git a/target/i386/whpx-cpus.h b/target/i386/whpx/whpx-cpus.h
similarity index 100%
rename from target/i386/whpx-cpus.h
rename to target/i386/whpx/whpx-cpus.h
-- 
2.26.2

[RFC v7 00/22] i386 cleanup

[Claudio Fontana]

Hi all, this is v7 of the i386 cleanup,
with the most interesting patches at the end.

v6 -> v7: integrate TCGCpuOperations, refactored cpu_exec_realizefn

* integrate TCGCpuOperations (Eduardo)

Taken some refactoring from Eduardo for Tcg-only operations on
CPUClass.

* refactored cpu_exec_realizefn

The other main change is a refactoring of cpu_exec_realizefn,
directly linked to the effort of making many cpu_exec operations
TCG-only (Eduardo series above):

cpu_exec_realizefn is actually a TCG-only thing, with the
exception of a couple things that can be done in base cpu code.

This changes all targets realizefn, so I guess I have to Cc:
the Multiverse? (Universe was already CCed for all accelerators).


v5 -> v6: remove MODULE_INIT_ACCEL_CPU


instead, use a call to accel_init_interfaces().

* The class lookups are now general and performed in accel/

  new AccelCPUClass for new archs are supported as new
  ones appear in the class hierarchy, no need for stubs.

* Split the code a bit better


v4 -> v5: centralized and simplified initializations

I put in Cc: Emilio G. Cota, specifically because in patch 8
I (re)moved for user-mode the call to tcg_regions_init().

The call happens now inside the tcg AccelClass machine_init,
(so earlier). This seems to work fine, but thought to get the
author opinion on this.

Rebased on "tcg-cpus: split into 3 tcg variants" series
(queued by Richard), to avoid some code churn:


https://lists.gnu.org/archive/html/qemu-devel/2020-10/msg04356.html


* Extended AccelClass to user-mode.

user-mode now does not call tcg_exec_init directly,
instead it uses the tcg accel class, and its init_machine method.

Since user-mode does not define or use a machine state,
the machine is just passed as NULL.

The immediate advantage is that now we can call current_accel()
from both user mode and softmmu, so we can work out the correct
class to use for accelerator initializations.

* QOMification of CpusAccelOps

simple QOMification of CpusAccelOps abstract class.

* Centralized all accel_cpu_init, so only one per cpu-arch,
  plus one for all accels will remain.

  So we can expect accel_cpu_init() to be limited to:
  
  softmmu/cpus.c - initializes the chosen softmmu accel ops for the cpus module.
  target/ARCH/cpu.c - initializes the chosen arch-specific cpu accelerator.
  
These changes are meant to address concerns/issues (Paolo):

1) the use of if (tcg_enabled()) and similar in the module_init call path

2) the excessive number of accel_cpu_init() to hunt down in the codebase.


* Fixed wrong use of host_cpu_class_init (Eduardo)


v3 -> v4: QOMification of X86CPUAccelClass


In this version I basically QOMified X86CPUAccel, taking the
suggestions from Eduardo as the starting point,
but stopping just short of making it an actual QOM interface,
using a plain abstract class, and then subclasses for the
actual objects.

Initialization is still using the existing qemu initialization
framework (module_call_init), which is I still think is better
than the alternatives proposed, in the current state.

Possibly some improvements could be developed in the future here.
In this case, effort should be put in keeping things extendible,
in order not to be blocked once accelerators also become modules.

Motivation and higher level steps:

https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg04628.html

Looking forward to your comments on this proposal,

Ciao,

Claudio

Claudio Fontana (13):
  i386: move kvm accel files into kvm/
  i386: move whpx accel files into whpx/
  i386: move hax accel files into hax/
  i386: hvf: remove stale MAINTAINERS entry for old hvf stubs
  i386: move TCG accel files into tcg/
  i386: move cpu dump out of helper.c into cpu-dump.c
  i386: move TCG cpu class initialization out of helper.c
  accel: extend AccelState and AccelClass to user-mode
  accel: replace struct CpusAccel with AccelOpsClass
  accel: introduce AccelCPUClass extending CPUClass
  i386: split cpu accelerators from cpu.c, using AccelCPUClass
  cpu-exec: refactor realizefn for all targets
  cpu: introduce cpu_accel_instance_init

Eduardo Habkost (9):
  tcg: cpu_exec_{enter,exit} helpers
  tcg: make CPUClass.cpu_exec_* optional
  tcg: Make CPUClass.debug_excp_handler optional
  cpu: Remove unnecessary noop methods
  cpu: Introduce TCGCpuOperations struct
  cpu: Move synchronize_from_tb() to tcg_ops
  cpu: Move cpu_exec_* to tcg_ops
  cpu: Move tlb_fill to tcg_ops
  cpu: Move debug_excp_handler to tcg_ops

 MAINTAINERS   |  19 +-
 accel/accel-common.c  | 105 +
 accel/{accel.c => accel-softmmu.c}|  60 +--
 accel/accel-softmmu.h |  15 +
 accel/accel-user.c|  24 ++
 accel/kvm/kvm-all.c   |   2 -
 accel/kvm/kvm-cpus.c  |  26 +-
 accel/kvm/kvm-cpus.h  |   2 -
 accel/meson.build |   4 +-
 accel/qtest/qtest.c   |  25 +-
 accel/tcg/cpu-exec.c  

[PATCH] target/riscv: Fix the bug of HLVX/HLV/HSV

[Yifei Jiang]

We found that the hypervisor virtual-machine load and store instructions, 
included HLVX/HLV/HSV, couldn't access guest userspace memory.

In the riscv-privileged spec, HLVX/HLV/HSV is defined as follow: 
"As usual when V=1, two-stage address translation is applied, and
the HS-level sstatus.SUM is ignored."

But get_physical_address() doesn't ignore sstatus.SUM, when HLVX/HLV/HSV
accesses guest userspace memory. So this patch fixes it.

Signed-off-by: Yifei Jiang 
Signed-off-by: Yipeng Yin 
---
 target/riscv/cpu_helper.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index a2787b1d48..7274f971a4 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -367,7 +367,8 @@ static int get_physical_address(CPURISCVState *env, hwaddr 
*physical,
 vm = get_field(env->hgatp, HGATP_MODE);
 widened = 2;
 }
-sum = get_field(env->mstatus, MSTATUS_SUM);
+/* status.SUM will be ignored if execute on background */
+sum = get_field(env->mstatus, MSTATUS_SUM) || use_background;
 switch (vm) {
 case VM_1_10_SV32:
   levels = 2; ptidxbits = 10; ptesize = 4; break;
-- 
2.19.1

[Bug 1906193] [NEW] riscv32 user mode emulation: fork return values broken

[Dilfridge]

Public bug reported:

When running in a chroot with riscv32 (on x86_64; qemu git master as of
today):

The following short program forks; the child immediately returns with
exit(42). The parent checks for the return value - and obtains 40!

gcc-10.2

===
#include 
#include 
#include 
#include 

main(c, v)
 int c;
 char **v;
{
  pid_t pid, p;
  int s, i, n;

  s = 0;
  pid = fork();
  if (pid == 0)
exit(42);

  /* wait for the process */
  p = wait();
  if (p != pid)
exit (255);

  if (WIFEXITED(s))
  {
 int r=WEXITSTATUS(s);
 if (r!=42) {
  printf("child wants to return %i (0x%X), parent received %i (0x%X), 
difference %i\n",42,42,r,r,r-42);
 }
  }
}
===

(riscv-ilp32 chroot) farino /tmp # ./wait-test-short 
child wants to return 42 (0x2A), parent received 40 (0x28), difference -2

===
(riscv-ilp32 chroot) farino /tmp # gcc --version
gcc (Gentoo 10.2.0-r1 p2) 10.2.0
Copyright (C) 2020 Free Software Foundation, Inc.
Dies ist freie Software; die Kopierbedingungen stehen in den Quellen. Es
gibt KEINE Garantie; auch nicht für MARKTGÄNGIGKEIT oder FÜR SPEZIELLE ZWECKE.

(riscv-ilp32 chroot) farino /tmp # ld --version
GNU ld (Gentoo 2.34 p6) 2.34.0
Copyright (C) 2020 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) a later version.
This program has absolutely no warranty.

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1906193

Title:
  riscv32 user mode emulation: fork return values broken

Status in QEMU:
  New

Bug description:
  When running in a chroot with riscv32 (on x86_64; qemu git master as
  of today):

  The following short program forks; the child immediately returns with
  exit(42). The parent checks for the return value - and obtains 40!

  gcc-10.2

  ===
  #include 
  #include 
  #include 
  #include 

  main(c, v)
   int c;
   char **v;
  {
pid_t pid, p;
int s, i, n;

s = 0;
pid = fork();
if (pid == 0)
  exit(42);

/* wait for the process */
p = wait();
if (p != pid)
  exit (255);

if (WIFEXITED(s))
{
   int r=WEXITSTATUS(s);
   if (r!=42) {
printf("child wants to return %i (0x%X), parent received %i (0x%X), 
difference %i\n",42,42,r,r,r-42);
   }
}
  }
  ===

  (riscv-ilp32 chroot) farino /tmp # ./wait-test-short 
  child wants to return 42 (0x2A), parent received 40 (0x28), difference -2

  ===
  (riscv-ilp32 chroot) farino /tmp # gcc --version
  gcc (Gentoo 10.2.0-r1 p2) 10.2.0
  Copyright (C) 2020 Free Software Foundation, Inc.
  Dies ist freie Software; die Kopierbedingungen stehen in den Quellen. Es
  gibt KEINE Garantie; auch nicht für MARKTGÄNGIGKEIT oder FÜR SPEZIELLE ZWECKE.

  (riscv-ilp32 chroot) farino /tmp # ld --version
  GNU ld (Gentoo 2.34 p6) 2.34.0
  Copyright (C) 2020 Free Software Foundation, Inc.
  This program is free software; you may redistribute it under the terms of
  the GNU General Public License version 3 or (at your option) a later version.
  This program has absolutely no warranty.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1906193/+subscriptions

Re: [PULL 19/20] target/mips: Add Loongson-3 CPU definition

[Philippe Mathieu-Daudé]

Hi Huacai,

On 6/9/20 6:28 PM, Aleksandar Markovic wrote:
> From: Huacai Chen 
> 
> Loongson-3 CPU family include Loongson-3A R1/R2/R3/R4 and Loongson-3B
> R1/R2. Loongson-3A R1 is the oldest and its ISA is the smallest, while
> Loongson-3A R4 is the newest and its ISA is almost the superset of all
> others. To reduce complexity, we just define two CPU types:
> 
> 1) "Loongson-3A1000" CPU which is corresponding to Loongson-3A R1. It is
>suitable for TCG because Loongson-3A R1 has fewest ASE.
> 2) "Loongson-3A4000" CPU which is corresponding to Loongson-3A R4. It is
>suitable for KVM because Loongson-3A R4 has the VZ ASE.
> 
> Loongson-3A has CONFIG6 and CONFIG7, so add their bit-fields as well.
> 
> [AM: Rearranged insn_flags, added comments, renamed lmi_helper.c,
> improved commit message, fixed checkpatch warnings]
> 
> Signed-off-by: Huacai Chen 
> Co-developed-by: Jiaxun Yang 
> Reviewed-by: Aleksandar Markovic 
> Signed-off-by: Aleksandar Markovic 
> Message-Id: <1591065557-9174-3-git-send-email-che...@lemote.com>
> ---
>  target/mips/cpu.h   | 32 ++-
>  target/mips/internal.h  |  2 +
>  target/mips/mips-defs.h | 45 ---
>  target/mips/{lmi_helper.c => lmmi_helper.c} |  0
>  target/mips/translate.c |  2 +
>  target/mips/translate_init.inc.c| 86 
> +
>  target/mips/Makefile.objs   |  2 +-
>  7 files changed, 146 insertions(+), 23 deletions(-)
>  rename target/mips/{lmi_helper.c => lmmi_helper.c} (100%)
> 
> diff --git a/target/mips/cpu.h b/target/mips/cpu.h
> index 94d01ea..7cf7f52 100644
> --- a/target/mips/cpu.h
> +++ b/target/mips/cpu.h
> @@ -198,8 +198,8 @@ typedef struct mips_def_t mips_def_t;
>   * 3   Config3 WatchLo3  WatchHi
>   * 4   Config4 WatchLo4  WatchHi
>   * 5   Config5 WatchLo5  WatchHi
> - * 6   WatchLo6  WatchHi
> - * 7   WatchLo7  WatchHi
> + * 6   Config6 WatchLo6  WatchHi
> + * 7   Config7 WatchLo7  WatchHi
>   *
>   *
>   * Register 20   Register 21   Register 22   Register 23
> @@ -940,7 +940,35 @@ struct CPUMIPSState {
>  #define CP0C5_UFR  2
>  #define CP0C5_NFExists 0
>  int32_t CP0_Config6;
> +int32_t CP0_Config6_rw_bitmask;
> +#define CP0C6_BPPASS  31
> +#define CP0C6_KPOS24
> +#define CP0C6_KE  23
> +#define CP0C6_VTLBONLY22
> +#define CP0C6_LASX21
> +#define CP0C6_SSEN20
> +#define CP0C6_DISDRTIME   19
> +#define CP0C6_PIXNUEN 18
> +#define CP0C6_SCRAND  17
> +#define CP0C6_LLEXCEN 16
> +#define CP0C6_DISVC   15
> +#define CP0C6_VCLRU   14
> +#define CP0C6_DCLRU   13
> +#define CP0C6_PIXUEN  12
> +#define CP0C6_DISBLKLYEN  11
> +#define CP0C6_UMEMUALEN   10
> +#define CP0C6_SFBEN   8
> +#define CP0C6_FLTINT  7
> +#define CP0C6_VLTINT  6
> +#define CP0C6_DISBTB  5
> +#define CP0C6_STPREFCTL   2
> +#define CP0C6_INSTPREF1
> +#define CP0C6_DATAPREF0
>  int32_t CP0_Config7;
> +int64_t CP0_Config7_rw_bitmask;
> +#define CP0C7_NAPCGEN   2
> +#define CP0C7_UNIMUEN   1
> +#define CP0C7_VFPUCGEN  0
>  uint64_t CP0_LLAddr;
>  uint64_t CP0_MAAR[MIPS_MAAR_MAX];
>  int32_t CP0_MAARI;
> diff --git a/target/mips/internal.h b/target/mips/internal.h
> index 684356e..7f159a9 100644
> --- a/target/mips/internal.h
> +++ b/target/mips/internal.h
> @@ -36,7 +36,9 @@ struct mips_def_t {
>  int32_t CP0_Config5;
>  int32_t CP0_Config5_rw_bitmask;
>  int32_t CP0_Config6;
> +int32_t CP0_Config6_rw_bitmask;
>  int32_t CP0_Config7;
> +int32_t CP0_Config7_rw_bitmask;
>  target_ulong CP0_LLAddr_rw_bitmask;
>  int CP0_LLAddr_shift;
>  int32_t SYNCI_Step;
> diff --git a/target/mips/mips-defs.h b/target/mips/mips-defs.h
> index a831bb4..0c12910 100644
> --- a/target/mips/mips-defs.h
> +++ b/target/mips/mips-defs.h
> @@ -15,7 +15,7 @@
>   * 
>   */
>  /*
> - *   bits 0-31: MIPS base instruction sets
> + *   bits 0-23: MIPS base instruction sets
>   */
>  #define ISA_MIPS1 0x0001ULL
>  #define ISA_MIPS2 0x0002ULL
> @@ -34,30 +34,33 @@
>  #define ISA_MIPS64R6  0x4000ULL
>  #define ISA_NANOMIPS320x8000ULL
>  /*
> - *   bits 32-47: MIPS ASEs
> + *   bits 24-39: MIPS ASEs
>   */
> -#define ASE_MIPS160x0001ULL
> -#define ASE_MIPS3D0x0002ULL
> -#define ASE_MDMX  0x0004ULL
> -#define ASE_DSP   0x0008ULL
> 

[Bug 1906185] [NEW] Guest display resolution cannot be changed when using certain graphics/interface combinations

[johannes]

Public bug reported:

Guest display resolution cannot be changed with certain virtual graphics
card (-vga) and interface (-display) combinations.

For example, resolution changing doesn't work with the following QEMU
start commands, it resets to the default resolution immediately:

QXL with SDL interface:
qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom 
./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga qxl -soundhw hda -display 
sdl

QXL with GTK interface:
qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom 
./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga qxl -soundhw hda -display 
gtk

QXL with "remote" SPICE interface via unix socket:
qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom 
./linux/kubuntu-20.04-desktop-amd64.iso -boot d -soundhw hda -vga qxl -device 
virtio-serial-pci -device 
virtserialport,chardev=spicechannel0,name=com.redhat.spice.0 -chardev 
spicevmc,id=spicechannel0,name=vdagent -spice 
unix,addr=/tmp/vm_spice.socket,disable-ticketing

for "remote" access:
remote-viewer spice+unix:///tmp/vm_spice.socket


Other tested combinations:
-- virtio + SDL (GL on): works!
-- virtio + GTK (GL on): does not work properly. The resolution is changed but 
window size is not so the guest screen will look like garbage.
-- vmware: The initial Kubuntu setup screen is visible but booting does not 
progress to the desktop
-- std + GTK: works!
-- std + SDL: works!


QEMU version: 5.1.0
Guest: Kubuntu 20.04 64-bit (live) with 5.4.0-26 kernel; may occur with other 
guests as well
Host: Arch Linux, with KDE desktop

** Affects: qemu
 Importance: Undecided
 Status: New


** Tags: graphics resolution

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1906185

Title:
  Guest display resolution cannot be changed when using certain
  graphics/interface combinations

Status in QEMU:
  New

Bug description:
  Guest display resolution cannot be changed with certain virtual
  graphics card (-vga) and interface (-display) combinations.

  For example, resolution changing doesn't work with the following QEMU
  start commands, it resets to the default resolution immediately:

  QXL with SDL interface:
  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom 
./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga qxl -soundhw hda -display 
sdl

  QXL with GTK interface:
  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom 
./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga qxl -soundhw hda -display 
gtk

  QXL with "remote" SPICE interface via unix socket:
  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom 
./linux/kubuntu-20.04-desktop-amd64.iso -boot d -soundhw hda -vga qxl -device 
virtio-serial-pci -device 
virtserialport,chardev=spicechannel0,name=com.redhat.spice.0 -chardev 
spicevmc,id=spicechannel0,name=vdagent -spice 
unix,addr=/tmp/vm_spice.socket,disable-ticketing

  for "remote" access:
  remote-viewer spice+unix:///tmp/vm_spice.socket


  Other tested combinations:
  -- virtio + SDL (GL on): works!
  -- virtio + GTK (GL on): does not work properly. The resolution is changed 
but window size is not so the guest screen will look like garbage.
  -- vmware: The initial Kubuntu setup screen is visible but booting does not 
progress to the desktop
  -- std + GTK: works!
  -- std + SDL: works!

  
  QEMU version: 5.1.0
  Guest: Kubuntu 20.04 64-bit (live) with 5.4.0-26 kernel; may occur with other 
guests as well
  Host: Arch Linux, with KDE desktop

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1906185/+subscriptions

Re: [PATCH v4 3/6] support UFFD write fault processing in ram_save_iterate()

[Andrey Gruzdev]

On 28.11.2020 00:49, Peter Xu wrote:

On Thu, Nov 26, 2020 at 06:17:31PM +0300, Andrey Gruzdev wrote:

In this particular implementation the same single migration
thread is responsible for both normal linear dirty page
migration and procesing UFFD page fault events.

Processing write faults includes reading UFFD file descriptor,
finding respective RAM block and saving faulting page to
the migration stream. After page has been saved, write protection
can be removed. Since asynchronous version of qemu_put_buffer()
is expected to be used to save pages, we also have to flush
migraion stream prior to un-protecting saved memory range.

Write protection is being removed for any previously protected
memory chunk that has hit the migration stream. That's valid
for pages from linear page scan along with write fault pages.


Thanks for working on this version, it looks much cleaner.
>>

Signed-off-by: Andrey Gruzdev 
---
  migration/ram.c | 155 +---
  1 file changed, 147 insertions(+), 8 deletions(-)

diff --git a/migration/ram.c b/migration/ram.c
index 3adfd1948d..bcdccdaef7 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -1441,6 +1441,76 @@ static RAMBlock *unqueue_page(RAMState *rs, ram_addr_t 
*offset)
  return block;
  }
  
+#ifdef CONFIG_LINUX

+/**
+ * ram_find_block_by_host_address: find RAM block containing host page
+ *
+ * Returns pointer to RAMBlock if found, NULL otherwise
+ *
+ * @rs: current RAM state
+ * @page_address: host page address
+ */
+static RAMBlock *ram_find_block_by_host_address(RAMState *rs, hwaddr 
page_address)


Reuse qemu_ram_block_from_host() somehow?



Seems not very suitable here, since we use rs->last_seen_block to 
restart search..



+{
+RAMBlock *bs = rs->last_seen_block;
+
+do {
+if (page_address >= (hwaddr) bs->host && (page_address + 
TARGET_PAGE_SIZE) <=
+((hwaddr) bs->host + bs->max_length)) {
+return bs;
+}
+
+bs = QLIST_NEXT_RCU(bs, next);
+if (!bs) {
+/* Hit the end of the list */
+bs = QLIST_FIRST_RCU(_list.blocks);
+}
+} while (bs != rs->last_seen_block);
+
+return NULL;
+}
+
+/**
+ * poll_fault_page: try to get next UFFD write fault page and, if pending fault
+ *   is found, return RAM block pointer and page offset
+ *
+ * Returns pointer to the RAMBlock containing faulting page,
+ *   NULL if no write faults are pending
+ *
+ * @rs: current RAM state
+ * @offset: page offset from the beginning of the block
+ */
+static RAMBlock *poll_fault_page(RAMState *rs, ram_addr_t *offset)
+{
+struct uffd_msg uffd_msg;
+hwaddr page_address;
+RAMBlock *bs;
+int res;
+
+if (!migrate_background_snapshot()) {
+return NULL;
+}
+
+res = uffd_read_events(rs->uffdio_fd, _msg, 1);
+if (res <= 0) {
+return NULL;
+}
+
+page_address = uffd_msg.arg.pagefault.address;
+bs = ram_find_block_by_host_address(rs, page_address);
+if (!bs) {
+/* In case we couldn't find respective block, just unprotect faulting 
page. */
+uffd_protect_memory(rs->uffdio_fd, page_address, TARGET_PAGE_SIZE, 
false);
+error_report("ram_find_block_by_host_address() failed: address=0x%0lx",
+page_address);


Looks ok to error_report() instead of assert(), but I'll suggest drop the call
to uffd_protect_memory() at least.  The only reason to not use assert() is
because we try our best to avoid crashing the vm, however I really doubt
whether uffd_protect_memory() is the right thing to do even if it happens - we
may at last try to unprotect some strange pages that we don't even know where
it is...



IMHO better to unprotect these strange pages then to leave them 
protected by UFFD.. To avoid getting VM completely in-operational.
At least we know the page generated wr-fault, maybe due to incorrect 
write-tracking initialization, or RAMBlock somehow has gone. 
Nevertheless if leave the page as is, VM would certainly lock.


Hmm, I wonder about assert(). In QEMU it would do something in release 
builds?



+return NULL;
+}
+
+*offset = (ram_addr_t) (page_address - (hwaddr) bs->host);
+return bs;
+}
+#endif /* CONFIG_LINUX */
+
  /**
   * get_queued_page: unqueue a page from the postcopy requests
   *
@@ -1480,6 +1550,16 @@ static bool get_queued_page(RAMState *rs, 
PageSearchStatus *pss)
  
  } while (block && !dirty);
  
+#ifdef CONFIG_LINUX

+if (!block) {
+/*
+ * Poll write faults too if background snapshot is enabled; that's
+ * when we have vcpus got blocked by the write protected pages.
+ */
+block = poll_fault_page(rs, );
+}
+#endif /* CONFIG_LINUX */
+
  if (block) {
  /*
   * As soon as we start servicing pages out of order, then we have
@@ -1753,6 +1833,55 @@ static int ram_save_host_page(RAMState *rs, 
PageSearchStatus *pss,
  return pages;
  }
  
+/**

+ * 

[Bug 1906184] [NEW] Lots of stuttering/crackling in guest sound

[johannes]

Public bug reported:

When listening to music (e.g. with VLC) or watching Youtube on the
guest, there's lots of stuttering and crackling in the sound.


Tested with the following QEMU start commands:

qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom
./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga virtio -soundhw hda
-display sdl,gl=on

qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom
./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga qxl -soundhw hda
-display sdl

qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom
./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga qxl -soundhw hda
-display gtk


If I use the following command (QXL graphics, "remote" access via SPICE over 
unix socket), stuttering is not completely gone but MUCH less annoying:

qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom
./linux/kubuntu-20.04-desktop-amd64.iso -boot d -soundhw hda -vga qxl
-device virtio-serial-pci -device
virtserialport,chardev=spicechannel0,name=com.redhat.spice.0 -chardev
spicevmc,id=spicechannel0,name=vdagent -spice
unix,addr=/tmp/vm_spice.socket,disable-ticketing

and this command for accessing the VM:
remote-viewer spice+unix:///tmp/vm_spice.socket 


Guest: Kubuntu 20.04 64-bit (live), but occurs with many other as well
Host: Arch Linux, with KDE desktop
CPU: Intel Xeon E3-1230v2 (4 cores + hyperthreading)
RAM: 16 GB
GPU: Nvidia GTX 980 Ti

** Affects: qemu
 Importance: Undecided
 Status: New


** Tags: linux sound stuttering

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1906184

Title:
  Lots of stuttering/crackling in guest sound

Status in QEMU:
  New

Bug description:
  When listening to music (e.g. with VLC) or watching Youtube on the
  guest, there's lots of stuttering and crackling in the sound.

  
  Tested with the following QEMU start commands:

  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom
  ./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga virtio -soundhw
  hda -display sdl,gl=on

  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom
  ./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga qxl -soundhw hda
  -display sdl

  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom
  ./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga qxl -soundhw hda
  -display gtk

  
  If I use the following command (QXL graphics, "remote" access via SPICE over 
unix socket), stuttering is not completely gone but MUCH less annoying:

  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom
  ./linux/kubuntu-20.04-desktop-amd64.iso -boot d -soundhw hda -vga qxl
  -device virtio-serial-pci -device
  virtserialport,chardev=spicechannel0,name=com.redhat.spice.0 -chardev
  spicevmc,id=spicechannel0,name=vdagent -spice
  unix,addr=/tmp/vm_spice.socket,disable-ticketing

  and this command for accessing the VM:
  remote-viewer spice+unix:///tmp/vm_spice.socket 


  Guest: Kubuntu 20.04 64-bit (live), but occurs with many other as well
  Host: Arch Linux, with KDE desktop
  CPU: Intel Xeon E3-1230v2 (4 cores + hyperthreading)
  RAM: 16 GB
  GPU: Nvidia GTX 980 Ti

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1906184/+subscriptions

[PATCH 4/4] elf_ops.h: Be more verbose with ROM blob names

[Peter Maydell]

Instead of making the ROM blob name something like:
  phdr #0: /home/petmay01/linaro/qemu-misc-tests/ldmia-fault.axf
make it a little more self-explanatory for people who don't know
ELF format details:
  /home/petmay01/linaro/qemu-misc-tests/ldmia-fault.axf ELF program header 
segment 0

Signed-off-by: Peter Maydell 
---
This seems nicer to me, but it's a matter of taste, so if people
prefer the current name form we should probably leave it be.
---
 include/hw/elf_ops.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/hw/elf_ops.h b/include/hw/elf_ops.h
index 53e0152af53..8e8436831d2 100644
--- a/include/hw/elf_ops.h
+++ b/include/hw/elf_ops.h
@@ -544,7 +544,8 @@ static int glue(load_elf, SZ)(const char *name, int fd,
 if (mem_size != 0) {
 if (load_rom) {
 g_autofree char *label =
-g_strdup_printf("phdr #%d: %s", i, name);
+g_strdup_printf("%s ELF program header segment %d",
+name, i);
 
 /*
  * rom_add_elf_program() takes its own reference to
-- 
2.20.1

[PATCH 1/4] hw/core/loader.c: Track last-seen ROM in rom_check_and_register_reset()

[Peter Maydell]

In rom_check_and_register_reset() we detect overlaps by looking at
whether the ROM blob we're currently examining is in the same address
space and starts before the previous ROM blob ends.  (This works
because the ROM list is kept sorted in order by AddressSpace and then
by address.)

Instead of keeping the AddressSpace and last address of the previous ROM
blob in local variables, just keep a pointer to it.

This will allow us to print more useful information when we do detect
an overlap.

Signed-off-by: Peter Maydell 
---
 hw/core/loader.c | 23 +++
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/hw/core/loader.c b/hw/core/loader.c
index 8bbb1797a4c..05052ee797e 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -1165,28 +1165,35 @@ static void rom_reset(void *unused)
 }
 }
 
+/* Return true if two consecutive ROMs in the ROM list overlap */
+static bool roms_overlap(Rom *last_rom, Rom *this_rom)
+{
+if (!last_rom) {
+return false;
+}
+return last_rom->as == this_rom->as &&
+last_rom->addr + last_rom->romsize > this_rom->addr;
+}
+
 int rom_check_and_register_reset(void)
 {
-hwaddr addr = 0;
 MemoryRegionSection section;
-Rom *rom;
-AddressSpace *as = NULL;
+Rom *rom, *last_rom = NULL;
 
 QTAILQ_FOREACH(rom, , next) {
 if (rom->fw_file) {
 continue;
 }
 if (!rom->mr) {
-if ((addr > rom->addr) && (as == rom->as)) {
+if (roms_overlap(last_rom, rom)) {
 fprintf(stderr, "rom: requested regions overlap "
 "(rom %s. free=0x" TARGET_FMT_plx
 ", addr=0x" TARGET_FMT_plx ")\n",
-rom->name, addr, rom->addr);
+rom->name, last_rom->addr + last_rom->romsize,
+rom->addr);
 return -1;
 }
-addr  = rom->addr;
-addr += rom->romsize;
-as = rom->as;
+last_rom = rom;
 }
 section = memory_region_find(rom->mr ? rom->mr : get_system_memory(),
  rom->addr, 1);
-- 
2.20.1

[PATCH 2/4] hw/core/loader.c: Improve reporting of ROM overlap errors

[Peter Maydell]

In rom_check_and_register_reset() we report to the user if there is
a "ROM region overlap". This has a couple of problems:
 * the reported information is not very easy to intepret
 * the function just prints the overlap to stderr (and relies on
   its single callsite in vl.c to do an error_report() and exit)
 * only the first overlap encountered is diagnosed

Make this function use error_report() and error_printf() and
report a more user-friendly report with all the overlaps
diagnosed.

Sample old output:

rom: requested regions overlap (rom dtb. free=0x8000, 
addr=0x)
qemu-system-aarch64: rom check and register reset failed

Sample new output:

qemu-system-aarch64: Some ROM regions are overlapping
These ROM regions might have been loaded by direct user request or by default.
They could be BIOS/firmware images, a guest kernel, initrd or some other file 
loaded into guest memory.
Check whether you intended to load all this guest code, and whether it has been 
built to load to the correct addresses.

The following two regions overlap (in the cpu-memory-0 address space):
  phdr #0: /home/petmay01/linaro/qemu-misc-tests/ldmia-fault.axf (addresses 
0x - 0x8000)
  dtb (addresses 0x - 0x0010)

The following two regions overlap (in the cpu-memory-0 address space):
  phdr #1: /home/petmay01/linaro/qemu-misc-tests/bad-psci-call.axf (addresses 
0x4000 - 0x4010)
  phdr #0: /home/petmay01/linaro/qemu-misc-tests/bp-test.elf (addresses 
0x4000 - 0x4020)

Signed-off-by: Peter Maydell 
---
The sample output is from a completely bogus commandline where I just
loaded multiple clashing ELF files I had to hand using -device loader.
---
 hw/core/loader.c | 48 ++--
 softmmu/vl.c |  1 -
 2 files changed, 42 insertions(+), 7 deletions(-)

diff --git a/hw/core/loader.c b/hw/core/loader.c
index 05052ee797e..de3c319e34f 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -1175,10 +1175,42 @@ static bool roms_overlap(Rom *last_rom, Rom *this_rom)
 last_rom->addr + last_rom->romsize > this_rom->addr;
 }
 
+static const char *rom_as_name(Rom *rom)
+{
+const char *name = rom->as ? rom->as->name : NULL;
+return name ?: "anonymous";
+}
+
+static void rom_print_overlap_error_header(void)
+{
+error_report("Some ROM regions are overlapping");
+error_printf(
+"These ROM regions might have been loaded by "
+"direct user request or by default.\n"
+"They could be BIOS/firmware images, a guest kernel, "
+"initrd or some other file loaded into guest memory.\n"
+"Check whether you intended to load all this guest code, and "
+"whether it has been built to load to the correct addresses.\n");
+}
+
+static void rom_print_one_overlap_error(Rom *last_rom, Rom *rom)
+{
+error_printf(
+"\nThe following two regions overlap (in the %s address space):\n",
+rom_as_name(rom));
+error_printf(
+"  %s (addresses 0x" TARGET_FMT_plx " - 0x" TARGET_FMT_plx ")\n",
+last_rom->name, last_rom->addr, last_rom->addr + last_rom->romsize);
+error_printf(
+"  %s (addresses 0x" TARGET_FMT_plx " - 0x" TARGET_FMT_plx ")\n",
+rom->name, rom->addr, rom->addr + rom->romsize);
+}
+
 int rom_check_and_register_reset(void)
 {
 MemoryRegionSection section;
 Rom *rom, *last_rom = NULL;
+bool found_overlap = false;
 
 QTAILQ_FOREACH(rom, , next) {
 if (rom->fw_file) {
@@ -1186,12 +1218,12 @@ int rom_check_and_register_reset(void)
 }
 if (!rom->mr) {
 if (roms_overlap(last_rom, rom)) {
-fprintf(stderr, "rom: requested regions overlap "
-"(rom %s. free=0x" TARGET_FMT_plx
-", addr=0x" TARGET_FMT_plx ")\n",
-rom->name, last_rom->addr + last_rom->romsize,
-rom->addr);
-return -1;
+if (!found_overlap) {
+found_overlap = true;
+rom_print_overlap_error_header();
+}
+rom_print_one_overlap_error(last_rom, rom);
+/* Keep going through the list so we report all overlaps */
 }
 last_rom = rom;
 }
@@ -1200,6 +1232,10 @@ int rom_check_and_register_reset(void)
 rom->isrom = int128_nz(section.size) && 
memory_region_is_rom(section.mr);
 memory_region_unref(section.mr);
 }
+if (found_overlap) {
+return -1;
+}
+
 qemu_register_reset(rom_reset, NULL);
 roms_loaded = 1;
 return 0;
diff --git a/softmmu/vl.c b/softmmu/vl.c
index e6e0ad5a925..aa6fd3243d5 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -4459,7 +4459,6 @@ void qemu_init(int argc, char **argv, char **envp)
 qemu_run_machine_init_done_notifiers();
 
 if 

[PATCH 3/4] elf_ops.h: Don't truncate name of the ROM blobs we create

[Peter Maydell]

Currently the load_elf code assembles the ROM blob name into a
local 128 byte fixed-size array. Use g_strdup_printf() instead so
that we don't truncate the pathname if it happens to be long.
(This matters mostly for monitor 'info roms' output and for the
error messages if ROM blobs overlap.)

Signed-off-by: Peter Maydell 
---
 include/hw/elf_ops.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/hw/elf_ops.h b/include/hw/elf_ops.h
index 6fdff3dced5..53e0152af53 100644
--- a/include/hw/elf_ops.h
+++ b/include/hw/elf_ops.h
@@ -330,7 +330,6 @@ static int glue(load_elf, SZ)(const char *name, int fd,
 uint64_t addr, low = (uint64_t)-1, high = 0;
 GMappedFile *mapped_file = NULL;
 uint8_t *data = NULL;
-char label[128];
 int ret = ELF_LOAD_FAILED;
 
 if (read(fd, , sizeof(ehdr)) != sizeof(ehdr))
@@ -544,7 +543,8 @@ static int glue(load_elf, SZ)(const char *name, int fd,
  */
 if (mem_size != 0) {
 if (load_rom) {
-snprintf(label, sizeof(label), "phdr #%d: %s", i, name);
+g_autofree char *label =
+g_strdup_printf("phdr #%d: %s", i, name);
 
 /*
  * rom_add_elf_program() takes its own reference to
-- 
2.20.1

[PATCH 0/4] Improve reporting of ROM blob overlap errors

[Peter Maydell]

(This was inspired by a conversation on IRC with a user.)

We report an error if we detect that there's an overlap in guest
memory between two ROM blobs, but the warning is pretty opaque.
Currently it looks like this:

rom: requested regions overlap (rom dtb. free=0x8000, 
addr=0x)
qemu-system-aarch64: rom check and register reset failed

which is pretty cryptic and also is missing information that we
could fairly easily tell the user (like the name of both the ROMs
involved in the overlap rather than just one of them...)


After this patchset it looks like:

qemu-system-aarch64: Some ROM regions are overlapping
These ROM regions might have been loaded by direct user request or by default.
They could be BIOS/firmware images, a guest kernel, initrd or some other file 
loaded into guest memory.
Check whether you intended to load all this guest code, and whether it has been 
built to load to the correct addresses.

The following two regions overlap (in the cpu-memory-0 address space):
  /home/petmay01/linaro/qemu-misc-tests/ldmia-fault.axf ELF program header 
segment 0 (addresses 0x - 0x8000)
  dtb (addresses 0x - 0x0010)

The following two regions overlap (in the cpu-memory-0 address space):
  /home/petmay01/linaro/qemu-misc-tests/bad-psci-call.axf ELF program header 
segment 1 (addresses 0x4000 - 0x4010)
  /home/petmay01/linaro/qemu-misc-tests/bp-test.elf ELF program header segment 
0 (addresses 0x4000 - 0x4020)



We're still somewhat at the mercy of QEMU code that creates ROM blobs
to give them usefully diagnostic names (in this example, for example
"dtb" is a bit unhelpfully brief -- it's the virt board's "let me put
the autogenerated DTB at the base of RAM" rather than a DTB passed by
the user). I tweaked the names that the ELF loader uses in the last
patch of the series because that's a pretty common source of one of
the ROMs in a conflict.

thanks
-- PMM

Peter Maydell (4):
  hw/core/loader.c: Track last-seen ROM in
rom_check_and_register_reset()
  hw/core/loader.c: Improve reporting of ROM overlap errors
  elf_ops.h: Don't truncate name of the ROM blobs we create
  elf_ops.h: Be more verbose with ROM blob names

 include/hw/elf_ops.h |  5 ++--
 hw/core/loader.c | 67 
 softmmu/vl.c |  1 -
 3 files changed, 58 insertions(+), 15 deletions(-)

-- 
2.20.1

[Bug 1906181] [NEW] Mouse starts jumping wildly on guest desktop

[johannes]

Public bug reported:

Sometimes mouse goes completely crazy and starts jumping around the
guest desktop by itself and becomes completely unusable.

This does not happen on every boot, only sometimes. It may be caused by
some input combination but I haven't yet found any specific cause. It
happens soon after the desktop has been loaded and rebooting seems to be
the only way to resolve the situation.


Guest: Kubuntu 20.04 64-bit (live), with KDE desktop
Host: Arch Linux, with KDE desktop
QEMU version: 5.1.0

QEMU start command:
qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom 
./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga virtio -soundhw hda 
-display sdl,gl=on

** Affects: qemu
 Importance: Undecided
 Status: New


** Tags: input linux mouse

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1906181

Title:
  Mouse starts jumping wildly on guest desktop

Status in QEMU:
  New

Bug description:
  Sometimes mouse goes completely crazy and starts jumping around the
  guest desktop by itself and becomes completely unusable.

  This does not happen on every boot, only sometimes. It may be caused
  by some input combination but I haven't yet found any specific cause.
  It happens soon after the desktop has been loaded and rebooting seems
  to be the only way to resolve the situation.

  
  Guest: Kubuntu 20.04 64-bit (live), with KDE desktop
  Host: Arch Linux, with KDE desktop
  QEMU version: 5.1.0

  QEMU start command:
  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom 
./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga virtio -soundhw hda 
-display sdl,gl=on

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1906181/+subscriptions

Re: [PATCH v4 2/6] introduce UFFD-WP low-level interface helpers

[Andrey Gruzdev]

On 28.11.2020 00:04, Peter Xu wrote:

On Thu, Nov 26, 2020 at 06:17:30PM +0300, Andrey Gruzdev wrote:

Implemented support for the whole RAM block memory
protection/un-protection. Introduced higher level
ram_write_tracking_start() and ram_write_tracking_stop()
to start/stop tracking guest memory writes.


The whole patch looks good to me in general.  A few nitpickings below..



Signed-off-by: Andrey Gruzdev 
---
  include/exec/memory.h  |   7 ++
  include/qemu/userfaultfd.h |  29 +
  migration/ram.c| 120 +
  migration/ram.h|   4 +
  util/meson.build   |   1 +
  util/userfaultfd.c | 215 +
  6 files changed, 376 insertions(+)
  create mode 100644 include/qemu/userfaultfd.h
  create mode 100644 util/userfaultfd.c

diff --git a/include/exec/memory.h b/include/exec/memory.h
index 0f3e6bcd5e..3d798fce16 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -139,6 +139,13 @@ typedef struct IOMMUNotifier IOMMUNotifier;
  /* RAM is a persistent kind memory */
  #define RAM_PMEM (1 << 5)
  
+/*

+ * UFFDIO_WRITEPROTECT is used on this RAMBlock to
+ * support 'write-tracking' migration type.
+ * Implies ram_state->ram_wt_enabled.
+ */
+#define RAM_UF_WRITEPROTECT (1 << 6)
+
  static inline void iommu_notifier_init(IOMMUNotifier *n, IOMMUNotify fn,
 IOMMUNotifierFlag flags,
 hwaddr start, hwaddr end,
diff --git a/include/qemu/userfaultfd.h b/include/qemu/userfaultfd.h
new file mode 100644
index 00..fb843c76db
--- /dev/null
+++ b/include/qemu/userfaultfd.h
@@ -0,0 +1,29 @@
+/*
+ * Linux UFFD-WP support
+ *
+ * Copyright Virtuozzo GmbH, 2020
+ *
+ * Authors:
+ *  Andrey Gruzdev   
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ */
+
+#ifndef USERFAULTFD_H
+#define USERFAULTFD_H
+
+#include "qemu/osdep.h"
+#include "exec/hwaddr.h"
+#include 
+
+int uffd_create_fd(void);
+void uffd_close_fd(int uffd);
+int uffd_register_memory(int uffd, hwaddr start, hwaddr length,
+bool track_missing, bool track_wp);
+int uffd_unregister_memory(int uffd, hwaddr start, hwaddr length);
+int uffd_protect_memory(int uffd, hwaddr start, hwaddr length, bool wp);
+int uffd_read_events(int uffd, struct uffd_msg *msgs, int count);
+bool uffd_poll_events(int uffd, int tmo);
+
+#endif /* USERFAULTFD_H */
diff --git a/migration/ram.c b/migration/ram.c
index 7811cde643..3adfd1948d 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -56,6 +56,11 @@
  #include "savevm.h"
  #include "qemu/iov.h"
  #include "multifd.h"
+#include "sysemu/runstate.h"
+
+#ifdef CONFIG_LINUX
+#include "qemu/userfaultfd.h"
+#endif
  
  /***/

  /* ram save/restore */
@@ -298,6 +303,8 @@ struct RAMSrcPageRequest {
  struct RAMState {
  /* QEMUFile used for this migration */
  QEMUFile *f;
+/* UFFD file descriptor, used in 'write-tracking' migration */
+int uffdio_fd;
  /* Last block that we have visited searching for dirty pages */
  RAMBlock *last_seen_block;
  /* Last block from where we have sent data */
@@ -3788,6 +3795,119 @@ static int ram_resume_prepare(MigrationState *s, void 
*opaque)
  return 0;
  }
  
+/*

+ * ram_write_tracking_start: start UFFD-WP memory tracking
+ *
+ * Returns 0 for success or negative value in case of error
+ *


(extra new line)



Ok, see.


+ */
+int ram_write_tracking_start(void)
+{
+#ifdef CONFIG_LINUX
+int uffd;
+RAMState *rs = ram_state;
+RAMBlock *bs;
+
+/* Open UFFD file descriptor */
+uffd = uffd_create_fd();
+if (uffd < 0) {
+return uffd;
+}
+rs->uffdio_fd = uffd;


May need a rcu_read_lock() here to guarantee safe access to
RAMBLOCK_FOREACH_NOT_IGNORED.



Yeah, really better to add RCU read lock here.


+
+RAMBLOCK_FOREACH_NOT_IGNORED(bs) {
+/* Nothing to do with read-only and MMIO-writable regions */
+if (bs->mr->readonly || bs->mr->rom_device) {
+continue;
+}
+
+bs->flags |= RAM_UF_WRITEPROTECT;
+/* Register block memory with UFFD to track writes */
+if (uffd_register_memory(rs->uffdio_fd, (hwaddr) bs->host,
+bs->max_length, false, true)) {
+goto fail;
+}
+/* Apply UFFD write protection to the block memory range */
+if (uffd_protect_memory(rs->uffdio_fd, (hwaddr) bs->host,
+bs->max_length, true)) {
+goto fail;
+}
+
+info_report("UFFD-WP write-tracking enabled: "
+"block_id=%s page_size=%zu start=%p length=%lu "
+"romd_mode=%i ram=%i readonly=%i nonvolatile=%i rom_device=%i",
+bs->idstr, bs->page_size, bs->host, bs->max_length,
+bs->mr->romd_mode, bs->mr->ram, bs->mr->readonly,
+  

[Bug 1906180] [NEW] Keyboard keys get stuck

[johannes]

Public bug reported:

Keyboard keys get "stuck" quite often, on certain Linux guests at least,
and start repeating themselves until another key is pressed. This is
especially noticeable with key combinations like Ctrl+V for pasting.
When it happens, you get the pasted text and
v...

This bug has been present for quite some time but I don't remember any
specific version that had it first.


QEMU version: 5.1.0
Guest: Debian stable 64-bit (live), with Gnome desktop (may occur with other 
Linux guests too)
Host: Arch Linux with KDE desktop (X11, wayland not tested); both default and 
hardened kernel tested

QEMU start command:
qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom debian.iso -boot d 
-vga std

** Affects: qemu
 Importance: Undecided
 Status: New


** Tags: input keyboard

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1906180

Title:
  Keyboard keys get stuck

Status in QEMU:
  New

Bug description:
  Keyboard keys get "stuck" quite often, on certain Linux guests at
  least, and start repeating themselves until another key is pressed.
  This is especially noticeable with key combinations like Ctrl+V for
  pasting. When it happens, you get the pasted text and
  v...

  This bug has been present for quite some time but I don't remember any
  specific version that had it first.

  
  QEMU version: 5.1.0
  Guest: Debian stable 64-bit (live), with Gnome desktop (may occur with other 
Linux guests too)
  Host: Arch Linux with KDE desktop (X11, wayland not tested); both default and 
hardened kernel tested

  QEMU start command:
  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom debian.iso -boot 
d -vga std

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1906180/+subscriptions

Re: [PATCH] contrib/rdmacm-mux: Fix error condition in hash_tbl_search_fd_by_ifid()

[Marcel Apfelbaum]

Hi Alex,

On Wed, Nov 25, 2020 at 3:17 AM Alex Chen  wrote:

> On 2020/11/24 23:29, Peter Maydell wrote:
> > On Tue, 24 Nov 2020 at 12:15, Alex Chen  wrote:
> >>
> >> Hi everyone，
> >>
> >> Who can help me merge this patch into the master branch? This patch may
> be need for qemu-5.2
> >
> > This code has been like this since 2018, so this is not
> > a regression in 5.2. At this point in the release cycle
> > (rc3 imminent) I think it's best to just leave it until 6.0.
> >
>
> OK, I see.
>
>
I will send  a pull request as soon as the 6.0 cycle starts.

Thanks,
Marcel


> Thanks
> Alex
>
>
>
>
>
>

[PATCH v2 2/3] target/nios2: Move nios2_check_interrupts() into target/nios2

[Peter Maydell]

The function nios2_check_interrupts)() looks only at CPU-internal
state; it belongs in target/nios2, not hw/nios2.  Move it into the
same file as its only caller, so it can just be local to that file.

This removes the only remaining code from cpu_pic.c, so we can delete
that file entirely.

Signed-off-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
---
 target/nios2/cpu.h   |  2 --
 hw/nios2/cpu_pic.c   | 36 
 target/nios2/op_helper.c |  9 +
 hw/nios2/meson.build |  2 +-
 4 files changed, 10 insertions(+), 39 deletions(-)
 delete mode 100644 hw/nios2/cpu_pic.c

diff --git a/target/nios2/cpu.h b/target/nios2/cpu.h
index b7efb54ba7e..2ab82fdc713 100644
--- a/target/nios2/cpu.h
+++ b/target/nios2/cpu.h
@@ -201,8 +201,6 @@ void nios2_cpu_do_unaligned_access(CPUState *cpu, vaddr 
addr,
MMUAccessType access_type,
int mmu_idx, uintptr_t retaddr);
 
-void nios2_check_interrupts(CPUNios2State *env);
-
 void do_nios2_semihosting(CPUNios2State *env);
 
 #define CPU_RESOLVING_TYPE TYPE_NIOS2_CPU
diff --git a/hw/nios2/cpu_pic.c b/hw/nios2/cpu_pic.c
deleted file mode 100644
index 3fb621c5c85..000
--- a/hw/nios2/cpu_pic.c
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Altera Nios2 CPU PIC
- *
- * Copyright (c) 2016 Marek Vasut 
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see
- * 
- */
-
-#include "qemu/osdep.h"
-#include "cpu.h"
-#include "hw/irq.h"
-
-#include "qemu/config-file.h"
-
-#include "boot.h"
-
-void nios2_check_interrupts(CPUNios2State *env)
-{
-if (env->irq_pending &&
-(env->regs[CR_STATUS] & CR_STATUS_PIE)) {
-env->irq_pending = 0;
-cpu_interrupt(env_cpu(env), CPU_INTERRUPT_HARD);
-}
-}
diff --git a/target/nios2/op_helper.c b/target/nios2/op_helper.c
index a60730faac3..a59003855ab 100644
--- a/target/nios2/op_helper.c
+++ b/target/nios2/op_helper.c
@@ -36,6 +36,15 @@ void helper_mmu_write(CPUNios2State *env, uint32_t rn, 
uint32_t v)
 mmu_write(env, rn, v);
 }
 
+static void nios2_check_interrupts(CPUNios2State *env)
+{
+if (env->irq_pending &&
+(env->regs[CR_STATUS] & CR_STATUS_PIE)) {
+env->irq_pending = 0;
+cpu_interrupt(env_cpu(env), CPU_INTERRUPT_HARD);
+}
+}
+
 void helper_check_interrupts(CPUNios2State *env)
 {
 qemu_mutex_lock_iothread();
diff --git a/hw/nios2/meson.build b/hw/nios2/meson.build
index dd66ebb32f6..6c58e8082b4 100644
--- a/hw/nios2/meson.build
+++ b/hw/nios2/meson.build
@@ -1,5 +1,5 @@
 nios2_ss = ss.source_set()
-nios2_ss.add(files('boot.c', 'cpu_pic.c'))
+nios2_ss.add(files('boot.c'))
 nios2_ss.add(when: 'CONFIG_NIOS2_10M50', if_true: files('10m50_devboard.c'))
 nios2_ss.add(when: 'CONFIG_NIOS2_GENERIC_NOMMU', if_true: 
files('generic_nommu.c'))
 
-- 
2.20.1

[PATCH v2 1/3] target/nios2: Move IIC code into CPU object proper

[Peter Maydell]

The Nios2 architecture supports two different interrupt controller
options:

 * The IIC (Internal Interrupt Controller) is part of the CPU itself;
   it has 32 IRQ input lines and no NMI support.  Interrupt status is
   queried and controlled via the CPU's ipending and istatus
   registers.

 * The EIC (External Interrupt Controller) interface allows the CPU
   to connect to an external interrupt controller.  The interface
   allows the interrupt controller to present a packet of information
   containing:
- handler address
- interrupt level
- register set
- NMI mode

QEMU does not model an EIC currently.  We do model the IIC, but its
implementation is split across code in hw/nios2/cpu_pic.c and
hw/intc/nios2_iic.c.  The code in those two files has no state of its
own -- the IIC state is in the Nios2CPU state struct.

Because CPU objects now inherit (indirectly) from TYPE_DEVICE, they
can have GPIO input lines themselves, so we can implement the IIC
directly in the CPU object the same way that real hardware does.

Create named "IRQ" GPIO inputs to the Nios2 CPU object, and make the
only user of the IIC wire up directly to those instead.

Note that the old code had an "NMI" concept which was entirely unused
and also as far as I can see not architecturally correct, since only
the EIC has a concept of an NMI.

This fixes a Coverity-reported trivial memory leak of the IRQ array
allocated in nios2_cpu_pic_init().

Fixes: Coverity CID 1421916
Signed-off-by: Peter Maydell 
---
 target/nios2/cpu.h|  1 -
 hw/intc/nios2_iic.c   | 95 ---
 hw/nios2/10m50_devboard.c | 13 +-
 hw/nios2/cpu_pic.c| 31 -
 target/nios2/cpu.c| 30 +
 MAINTAINERS   |  1 -
 hw/intc/meson.build   |  1 -
 7 files changed, 32 insertions(+), 140 deletions(-)
 delete mode 100644 hw/intc/nios2_iic.c

diff --git a/target/nios2/cpu.h b/target/nios2/cpu.h
index 86bbe1d8670..b7efb54ba7e 100644
--- a/target/nios2/cpu.h
+++ b/target/nios2/cpu.h
@@ -201,7 +201,6 @@ void nios2_cpu_do_unaligned_access(CPUState *cpu, vaddr 
addr,
MMUAccessType access_type,
int mmu_idx, uintptr_t retaddr);
 
-qemu_irq *nios2_cpu_pic_init(Nios2CPU *cpu);
 void nios2_check_interrupts(CPUNios2State *env);
 
 void do_nios2_semihosting(CPUNios2State *env);
diff --git a/hw/intc/nios2_iic.c b/hw/intc/nios2_iic.c
deleted file mode 100644
index 216db670594..000
--- a/hw/intc/nios2_iic.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * QEMU Altera Internal Interrupt Controller.
- *
- * Copyright (c) 2012 Chris Wulff 
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see
- * 
- */
-
-#include "qemu/osdep.h"
-#include "qemu/module.h"
-#include "qapi/error.h"
-
-#include "hw/irq.h"
-#include "hw/sysbus.h"
-#include "cpu.h"
-#include "qom/object.h"
-
-#define TYPE_ALTERA_IIC "altera,iic"
-OBJECT_DECLARE_SIMPLE_TYPE(AlteraIIC, ALTERA_IIC)
-
-struct AlteraIIC {
-SysBusDevice  parent_obj;
-void *cpu;
-qemu_irq  parent_irq;
-};
-
-static void update_irq(AlteraIIC *pv)
-{
-CPUNios2State *env = &((Nios2CPU *)(pv->cpu))->env;
-
-qemu_set_irq(pv->parent_irq,
- env->regs[CR_IPENDING] & env->regs[CR_IENABLE]);
-}
-
-static void irq_handler(void *opaque, int irq, int level)
-{
-AlteraIIC *pv = opaque;
-CPUNios2State *env = &((Nios2CPU *)(pv->cpu))->env;
-
-env->regs[CR_IPENDING] &= ~(1 << irq);
-env->regs[CR_IPENDING] |= !!level << irq;
-
-update_irq(pv);
-}
-
-static void altera_iic_init(Object *obj)
-{
-AlteraIIC *pv = ALTERA_IIC(obj);
-
-qdev_init_gpio_in(DEVICE(pv), irq_handler, 32);
-sysbus_init_irq(SYS_BUS_DEVICE(obj), >parent_irq);
-}
-
-static void altera_iic_realize(DeviceState *dev, Error **errp)
-{
-struct AlteraIIC *pv = ALTERA_IIC(dev);
-
-pv->cpu = object_property_get_link(OBJECT(dev), "cpu", _abort);
-}
-
-static void altera_iic_class_init(ObjectClass *klass, void *data)
-{
-DeviceClass *dc = DEVICE_CLASS(klass);
-
-/* Reason: needs to be wired up, e.g. by nios2_10m50_ghrd_init() */
-dc->user_creatable = false;
-dc->realize = altera_iic_realize;
-}
-
-static TypeInfo altera_iic_info = {
-.name  = TYPE_ALTERA_IIC,
-.parent= TYPE_SYS_BUS_DEVICE,

[PATCH v2 3/3] target/nios2: Use deposit32() to update ipending register

[Peter Maydell]

In nios2_cpu_set_irq(), use deposit32() rather than raw shift-and-mask
operations to set the appropriate bit in the ipending register.

Signed-off-by: Peter Maydell 
---
In patch 1 I left the code for this identical to the old
code from nios2_iic.c for clarity of that refactoring,
but deposit32() is a clearer way to write it.
---
 target/nios2/cpu.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/target/nios2/cpu.c b/target/nios2/cpu.c
index 52ebda89ca7..58688e1623a 100644
--- a/target/nios2/cpu.c
+++ b/target/nios2/cpu.c
@@ -71,8 +71,7 @@ static void nios2_cpu_set_irq(void *opaque, int irq, int 
level)
 CPUNios2State *env = >env;
 CPUState *cs = CPU(cpu);
 
-env->regs[CR_IPENDING] &= ~(1 << irq);
-env->regs[CR_IPENDING] |= !!level << irq;
+env->regs[CR_IPENDING] = deposit32(env->regs[CR_IPENDING], irq, 1, 
!!level);
 
 env->irq_pending = env->regs[CR_IPENDING] & env->regs[CR_IENABLE];
 
-- 
2.20.1

[PATCH v2 0/3] target/nios2: Roll cpu_pic/nios2_iic code into CPU itself

[Peter Maydell]

The Nios2 architecture supports two different interrupt controller
options:

 * The IIC (Internal Interrupt Controller) is part of the CPU itself;
   it has 32 IRQ input lines and no NMI support.  Interrupt status is
   queried and controlled via the CPU's ipending and istatus
   registers.

 * The EIC (External Interrupt Controller) interface allows the CPU
   to connect to an external interrupt controller.  The interface
   allows the interrupt controller to present a packet of information
   containing:
- handler address
- interrupt level
- register set
- NMI mode

QEMU does not model an EIC currently.  We do model the IIC, but its
implementation is split across code in hw/nios2/cpu_pic.c and
hw/intc/nios2_iic.c.  The code in those two files has no state of its
own -- the IIC state is in the Nios2CPU state struct.

Because CPU objects now inherit (indirectly) from TYPE_DEVICE, they
can have GPIO input lines themselves, so we can implement the IIC
directly in the CPU object the same way that real hardware does.

This fixes a Coverity-reported trivial memory leak of the IRQ array
allocated in nios2_cpu_pic_init().  I think the diffstat on the
overall patchset is also a pretty good argument for the refactor :-)


If we did ever want to model an EIC we'd do it like this:
 * define a TYPE_EIC_INTERFACE QOM interface corresponding to the
   hardware's EIC interface.  This would probably be something like
   just a single method function (to be implemented by the CPU) with
   a signature
request_interrupt(uint32_t handler_address,
  uint8_t register_set,
  uint8_t irq_level,
  bool is_nmi)
 * implement that interface on the CPU to have the required behaviour
   (take the interrupt if irq_level allows, etc, etc)
 * add a QOM property to the CPU for "disable the IIC" (I think the
   only needed behaviour change for IIC disabled would be to make
   "ipending" and "ienable" RAZ/WI)
 * implement the EIC as an external device in hw/intc/ with whatever
   internal state, guest-visible registers, etc the specific EIC
   implementation defines. If the EIC allows daisy-chaining, it
   should implement TYPE_EIC_INTERFACE itself as well.
 * the EIC object defines a QOM link property that accepts links
   to objects defining TYPE_EIC_INTERFACE
 * board models using the EIC should:
- set the "disable the IIC" property on the CPU
- create the EIC
- pass the CPU to the EIC's TYPE_EIC_INTERFACE link property


Changes v1->v2:
 * patch 1 now rolls the hw/intc/nios2_iic.c code into the CPU too
 * patch 3 is new: a trivial change to some code that I moved
   without changing in patch 1 to use deposit32()

thanks
-- PMM

Peter Maydell (3):
  target/nios2: Move IIC code into CPU object proper
  target/nios2: Move nios2_check_interrupts() into target/nios2
  target/nios2: Use deposit32() to update ipending register

 target/nios2/cpu.h|  3 --
 hw/intc/nios2_iic.c   | 95 ---
 hw/nios2/10m50_devboard.c | 13 +-
 hw/nios2/cpu_pic.c| 67 ---
 target/nios2/cpu.c| 29 
 target/nios2/op_helper.c  |  9 
 MAINTAINERS   |  1 -
 hw/intc/meson.build   |  1 -
 hw/nios2/meson.build  |  2 +-
 9 files changed, 41 insertions(+), 179 deletions(-)
 delete mode 100644 hw/intc/nios2_iic.c
 delete mode 100644 hw/nios2/cpu_pic.c

-- 
2.20.1

Re: [PATCH v2 25/28] target/mips: Extract Toshiba TX79 multimedia translation routines

[Richard Henderson]

On 11/23/20 2:44 PM, Philippe Mathieu-Daudé wrote:
> Extract 600 lines of the the Toshiba TX79 multimedia
> translation routines to 'vendor-tx-mmi_translate.c.inc'.
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  target/mips/translate.c   | 568 +
>  target/mips/vendor-tx-mmi_translate.c.inc | 573 ++
>  2 files changed, 574 insertions(+), 567 deletions(-)
>  create mode 100644 target/mips/vendor-tx-mmi_translate.c.inc

Reviewed-by: Richard Henderson 

r~

[Bug 1906156] [NEW] Host OS Reboot Required, for Guest kext to Load (Fully)

[Russell Morris]

Public bug reported:

Hi,

Finding this one a bit odd, but I am loading a driver (kext) in a macOS
guest ... and it works, on the first VM (domain) startup after a full /
clean host OS boot (or reboot). However, if I even reboot the guest OS,
then the driver load fails => can be "corrected" by a full host OS
reboot (which seems very extreme).

Is this a known issue, and/or is there a workaround?

FYI, running,
QEMU emulator version 5.0.0 (Debian 1:5.0-5ubuntu9.1)
Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers

This is for a macOS guest, on a Linux host.

Thanks!

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1906156

Title:
  Host OS Reboot Required, for Guest kext to Load (Fully)

Status in QEMU:
  New

Bug description:
  Hi,

  Finding this one a bit odd, but I am loading a driver (kext) in a
  macOS guest ... and it works, on the first VM (domain) startup after a
  full / clean host OS boot (or reboot). However, if I even reboot the
  guest OS, then the driver load fails => can be "corrected" by a full
  host OS reboot (which seems very extreme).

  Is this a known issue, and/or is there a workaround?

  FYI, running,
  QEMU emulator version 5.0.0 (Debian 1:5.0-5ubuntu9.1)
  Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers

  This is for a macOS guest, on a Linux host.

  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1906156/+subscriptions

[Bug 1906155] [NEW] USB Passthrough Fails on Start, Needs domain Reset

[Russell Morris]

Public bug reported:

Hi,

I am seeing (consistently = always), USB Passthrough for my Logitech
Keyboard and Mouse ... they don't work / no response on domain (VM)
startup. After a reset of the VM they then work - but why are they
"dead" on initial startup of the VM? Is this a known issue?

Running,
QEMU emulator version 5.0.0 (Debian 1:5.0-5ubuntu9.1)
Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers

And if it makes a difference, this is a macOS guest (on a Linux host).

Thanks!

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1906155

Title:
  USB Passthrough Fails on Start, Needs domain Reset

Status in QEMU:
  New

Bug description:
  Hi,

  I am seeing (consistently = always), USB Passthrough for my Logitech
  Keyboard and Mouse ... they don't work / no response on domain (VM)
  startup. After a reset of the VM they then work - but why are they
  "dead" on initial startup of the VM? Is this a known issue?

  Running,
  QEMU emulator version 5.0.0 (Debian 1:5.0-5ubuntu9.1)
  Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers

  And if it makes a difference, this is a macOS guest (on a Linux host).

  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1906155/+subscriptions

Re: [PATCH 3/3] target/openrisc: Move pic_cpu code into CPU object proper

[Stafford Horne]

On Fri, Nov 27, 2020 at 10:51:27PM +, Peter Maydell wrote:
> The openrisc code uses an old style of interrupt handling, where a
> separate standalone set of qemu_irqs invoke a function
> openrisc_pic_cpu_handler() which signals the interrupt to the CPU
> proper by directly calling cpu_interrupt() and cpu_reset_interrupt().
> Because CPU objects now inherit (indirectly) from TYPE_DEVICE, they
> can have GPIO input lines themselves, and the neater modern way to
> implement this is to simply have the CPU object itself provide the
> input IRQ lines.
> 
> Create GPIO inputs to the OpenRISC CPU object, and make the only user
> of cpu_openrisc_pic_init() wire up directly to those instead.
> 
> This allows us to delete the hw/openrisc/pic_cpu.c file entirely.
> 
> This fixes a trivial memory leak reported by Coverity of the IRQs
> allocated in cpu_openrisc_pic_init().
> 
> Fixes: Coverity CID 1421934
> Signed-off-by: Peter Maydell 
> ---
>  target/openrisc/cpu.h  |  1 -
>  hw/openrisc/openrisc_sim.c |  3 +-
>  hw/openrisc/pic_cpu.c  | 61 --
>  target/openrisc/cpu.c  | 32 
>  hw/openrisc/meson.build|  2 +-
>  5 files changed, 34 insertions(+), 65 deletions(-)
>  delete mode 100644 hw/openrisc/pic_cpu.c
> 
> diff --git a/target/openrisc/cpu.h b/target/openrisc/cpu.h
> index bd42faf144f..82cbaeb4f84 100644
> --- a/target/openrisc/cpu.h
> +++ b/target/openrisc/cpu.h
> @@ -293,7 +293,6 @@ typedef struct CPUOpenRISCState {
>  uint32_t picmr; /* Interrupt mask register */
>  uint32_t picsr; /* Interrupt contrl register*/
>  #endif
> -void *irq[32];  /* Interrupt irq input */
>  } CPUOpenRISCState;
>  
>  /**
> diff --git a/hw/openrisc/openrisc_sim.c b/hw/openrisc/openrisc_sim.c
> index 75ba0f47444..39f1d344ae9 100644
> --- a/hw/openrisc/openrisc_sim.c
> +++ b/hw/openrisc/openrisc_sim.c
> @@ -54,7 +54,7 @@ static void main_cpu_reset(void *opaque)
>  
>  static qemu_irq get_cpu_irq(OpenRISCCPU *cpus[], int cpunum, int irq_pin)
>  {
> -return cpus[cpunum]->env.irq[irq_pin];
> +return qdev_get_gpio_in_named(DEVICE(cpus[cpunum]), "IRQ", irq_pin);
>  }
>  
>  static void openrisc_sim_net_init(hwaddr base, hwaddr descriptors,
> @@ -154,7 +154,6 @@ static void openrisc_sim_init(MachineState *machine)
>  fprintf(stderr, "Unable to find CPU definition!\n");
>  exit(1);
>  }
> -cpu_openrisc_pic_init(cpus[n]);
>  
>  cpu_openrisc_clock_init(cpus[n]);
>  
> diff --git a/hw/openrisc/pic_cpu.c b/hw/openrisc/pic_cpu.c
> deleted file mode 100644
> index 36f93508309..000
> --- a/hw/openrisc/pic_cpu.c
> +++ /dev/null
> @@ -1,61 +0,0 @@
> -/*
> - * OpenRISC Programmable Interrupt Controller support.
> - *
> - * Copyright (c) 2011-2012 Jia Liu 
> - * Feng Gao 
> - *
> - * This library is free software; you can redistribute it and/or
> - * modify it under the terms of the GNU Lesser General Public
> - * License as published by the Free Software Foundation; either
> - * version 2.1 of the License, or (at your option) any later version.
> - *
> - * This library is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> - * Lesser General Public License for more details.
> - *
> - * You should have received a copy of the GNU Lesser General Public
> - * License along with this library; if not, see 
> .
> - */
> -
> -#include "qemu/osdep.h"
> -#include "hw/irq.h"
> -#include "cpu.h"
> -
> -/* OpenRISC pic handler */
> -static void openrisc_pic_cpu_handler(void *opaque, int irq, int level)
> -{
> -OpenRISCCPU *cpu = (OpenRISCCPU *)opaque;
> -CPUState *cs = CPU(cpu);
> -uint32_t irq_bit;
> -
> -if (irq > 31 || irq < 0) {
> -return;
> -}
> -
> -irq_bit = 1U << irq;
> -
> -if (level) {
> -cpu->env.picsr |= irq_bit;
> -} else {
> -cpu->env.picsr &= ~irq_bit;
> -}
> -
> -if (cpu->env.picsr & cpu->env.picmr) {
> -cpu_interrupt(cs, CPU_INTERRUPT_HARD);
> -} else {
> -cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
> -cpu->env.picsr = 0;
> -}
> -}
> -
> -void cpu_openrisc_pic_init(OpenRISCCPU *cpu)
> -{
> -int i;
> -qemu_irq *qi;
> -qi = qemu_allocate_irqs(openrisc_pic_cpu_handler, cpu, NR_IRQS);
> -
> -for (i = 0; i < NR_IRQS; i++) {
> -cpu->env.irq[i] = qi[i];
> -}
> -}
> diff --git a/target/openrisc/cpu.c b/target/openrisc/cpu.c
> index 5528c0918f4..b0bdfbe4fe2 100644
> --- a/target/openrisc/cpu.c
> +++ b/target/openrisc/cpu.c
> @@ -65,6 +65,34 @@ static void openrisc_cpu_reset(DeviceState *dev)
>  #endif
>  }
>  
> +#ifndef CONFIG_USER_ONLY
> +static void openrisc_cpu_set_irq(void *opaque, int irq, int level)
> +{
> +OpenRISCCPU *cpu = (OpenRISCCPU *)opaque;
> +

Re: [PATCH 2/3] hw/openrisc/openrisc_sim: Abstract out "get IRQ x of CPU y"

[Stafford Horne]

On Fri, Nov 27, 2020 at 10:51:26PM +, Peter Maydell wrote:
> We're about to refactor the OpenRISC pic_cpu code in a way that means
> that just grabbing the whole qemu_irq[] array of inbound IRQs for a
> CPU won't be possible any more.  Abstract out a function for "return
> the qemu_irq for IRQ x input of CPU y" so we can more easily replace
> the implementation.
> 
> Signed-off-by: Peter Maydell 
> ---
>  hw/openrisc/openrisc_sim.c | 38 +-
>  1 file changed, 21 insertions(+), 17 deletions(-)
> 
> diff --git a/hw/openrisc/openrisc_sim.c b/hw/openrisc/openrisc_sim.c
> index a8adf6b70d7..75ba0f47444 100644
> --- a/hw/openrisc/openrisc_sim.c
> +++ b/hw/openrisc/openrisc_sim.c
> @@ -52,8 +52,13 @@ static void main_cpu_reset(void *opaque)
>  cpu_set_pc(cs, boot_info.bootstrap_pc);
>  }
>  
> +static qemu_irq get_cpu_irq(OpenRISCCPU *cpus[], int cpunum, int irq_pin)
> +{
> +return cpus[cpunum]->env.irq[irq_pin];
> +}
> +
>  static void openrisc_sim_net_init(hwaddr base, hwaddr descriptors,
> -  int num_cpus, qemu_irq **cpu_irqs,
> +  int num_cpus, OpenRISCCPU *cpus[],
>int irq_pin, NICInfo *nd)
>  {
>  DeviceState *dev;
> @@ -70,18 +75,18 @@ static void openrisc_sim_net_init(hwaddr base, hwaddr 
> descriptors,
>  qdev_prop_set_uint32(splitter, "num-lines", num_cpus);
>  qdev_realize_and_unref(splitter, NULL, _fatal);
>  for (i = 0; i < num_cpus; i++) {
> -qdev_connect_gpio_out(splitter, i, cpu_irqs[i][irq_pin]);
> +qdev_connect_gpio_out(splitter, i, get_cpu_irq(cpus, i, 
> irq_pin));
>  }
>  sysbus_connect_irq(s, 0, qdev_get_gpio_in(splitter, 0));
>  } else {
> -sysbus_connect_irq(s, 0, cpu_irqs[0][irq_pin]);
> +sysbus_connect_irq(s, 0, get_cpu_irq(cpus, 0, irq_pin));
>  }
>  sysbus_mmio_map(s, 0, base);
>  sysbus_mmio_map(s, 1, descriptors);
>  }
>  
>  static void openrisc_sim_ompic_init(hwaddr base, int num_cpus,
> -qemu_irq **cpu_irqs, int irq_pin)
> +OpenRISCCPU *cpus[], int irq_pin)
>  {
>  DeviceState *dev;
>  SysBusDevice *s;
> @@ -93,7 +98,7 @@ static void openrisc_sim_ompic_init(hwaddr base, int 
> num_cpus,
>  s = SYS_BUS_DEVICE(dev);
>  sysbus_realize_and_unref(s, _fatal);
>  for (i = 0; i < num_cpus; i++) {
> -sysbus_connect_irq(s, i, cpu_irqs[i][irq_pin]);
> +sysbus_connect_irq(s, i, get_cpu_irq(cpus, i, irq_pin));
>  }
>  sysbus_mmio_map(s, 0, base);
>  }
> @@ -136,26 +141,24 @@ static void openrisc_sim_init(MachineState *machine)
>  {
>  ram_addr_t ram_size = machine->ram_size;
>  const char *kernel_filename = machine->kernel_filename;
> -OpenRISCCPU *cpu = NULL;
> +OpenRISCCPU *cpus[2] = {};
>  MemoryRegion *ram;
> -qemu_irq *cpu_irqs[2];
>  qemu_irq serial_irq;
>  int n;
>  unsigned int smp_cpus = machine->smp.cpus;
>  
>  assert(smp_cpus >= 1 && smp_cpus <= 2);
>  for (n = 0; n < smp_cpus; n++) {
> -cpu = OPENRISC_CPU(cpu_create(machine->cpu_type));
> -if (cpu == NULL) {
> +cpus[n] = OPENRISC_CPU(cpu_create(machine->cpu_type));
> +if (cpus[n] == NULL) {
>  fprintf(stderr, "Unable to find CPU definition!\n");
>  exit(1);
>  }
> -cpu_openrisc_pic_init(cpu);
> -cpu_irqs[n] = (qemu_irq *) cpu->env.irq;
> +cpu_openrisc_pic_init(cpus[n]);
>  
> -cpu_openrisc_clock_init(cpu);
> +cpu_openrisc_clock_init(cpus[n]);
>  
> -qemu_register_reset(main_cpu_reset, cpu);
> +qemu_register_reset(main_cpu_reset, cpus[n]);
>  }
>  
>  ram = g_malloc(sizeof(*ram));
> @@ -164,15 +167,16 @@ static void openrisc_sim_init(MachineState *machine)
>  
>  if (nd_table[0].used) {
>  openrisc_sim_net_init(0x9200, 0x92000400, smp_cpus,
> -  cpu_irqs, 4, nd_table);
> +  cpus, 4, nd_table);
>  }
>  
>  if (smp_cpus > 1) {
> -openrisc_sim_ompic_init(0x9800, smp_cpus, cpu_irqs, 1);
> +openrisc_sim_ompic_init(0x9800, smp_cpus, cpus, 1);
>  
> -serial_irq = qemu_irq_split(cpu_irqs[0][2], cpu_irqs[1][2]);
> +serial_irq = qemu_irq_split(get_cpu_irq(cpus, 0, 2),
> +get_cpu_irq(cpus, 1, 2));
>  } else {
> -serial_irq = cpu_irqs[0][2];
> +serial_irq = get_cpu_irq(cpus, 0, 2);
>  }
>  
>  serial_mm_init(get_system_memory(), 0x9000, 0, serial_irq,
> -- 
> 2.20.1

This looks good to me.

Reviewed-by: Stafford Horne 

Again, if there is no problem please feel free to merge.

Re: [PATCH 1/3] hw/openrisc/openrisc_sim: Use IRQ splitter when connecting IRQ to multiple CPUs

[Stafford Horne]

On Fri, Nov 27, 2020 at 10:51:25PM +, Peter Maydell wrote:
> openrisc_sim_net_init() attempts to connect the IRQ line from the
> ethernet device to both CPUs in an SMP configuration by simply caling
> sysbus_connect_irq() for it twice.  This doesn't work, because the
> second connection simply overrides the first.
> 
> Fix this by creating a TYPE_SPLIT_IRQ to split the IRQ in the SMP
> case.
> 
> Signed-off-by: Peter Maydell 
> ---
>  hw/openrisc/openrisc_sim.c | 13 +++--
>  hw/openrisc/Kconfig|  1 +
>  2 files changed, 12 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/openrisc/openrisc_sim.c b/hw/openrisc/openrisc_sim.c
> index d752282e675..a8adf6b70d7 100644
> --- a/hw/openrisc/openrisc_sim.c
> +++ b/hw/openrisc/openrisc_sim.c
> @@ -34,6 +34,7 @@
>  #include "hw/sysbus.h"
>  #include "sysemu/qtest.h"
>  #include "sysemu/reset.h"
> +#include "hw/core/split-irq.h"
>  
>  #define KERNEL_LOAD_ADDR 0x100
>  
> @@ -64,8 +65,16 @@ static void openrisc_sim_net_init(hwaddr base, hwaddr 
> descriptors,
>  
>  s = SYS_BUS_DEVICE(dev);
>  sysbus_realize_and_unref(s, _fatal);
> -for (i = 0; i < num_cpus; i++) {
> -sysbus_connect_irq(s, 0, cpu_irqs[i][irq_pin]);
> +if (num_cpus > 1) {
> +DeviceState *splitter = qdev_new(TYPE_SPLIT_IRQ);
> +qdev_prop_set_uint32(splitter, "num-lines", num_cpus);
> +qdev_realize_and_unref(splitter, NULL, _fatal);
> +for (i = 0; i < num_cpus; i++) {
> +qdev_connect_gpio_out(splitter, i, cpu_irqs[i][irq_pin]);
> +}
> +sysbus_connect_irq(s, 0, qdev_get_gpio_in(splitter, 0));
> +} else {
> +sysbus_connect_irq(s, 0, cpu_irqs[0][irq_pin]);
>  }
>  sysbus_mmio_map(s, 0, base);
>  sysbus_mmio_map(s, 1, descriptors);
> diff --git a/hw/openrisc/Kconfig b/hw/openrisc/Kconfig
> index 6c1e86884e2..8f284f3ba04 100644
> --- a/hw/openrisc/Kconfig
> +++ b/hw/openrisc/Kconfig
> @@ -3,3 +3,4 @@ config OR1K_SIM
>  select SERIAL
>  select OPENCORES_ETH
>  select OMPIC
> +select SPLIT_IRQ
> -- 
> 2.20.1


This looks good to me, I don't think I ever tested networking with SMP.  Thanks
for the fix!

Reviewed-by: Stafford Horne 

Can you help merge the patch? I am not working a queue right now.

Re: [RFC v6 07/11] i386: move TCG cpu class initialization out of helper.c

[Claudio Fontana]

On 11/27/20 9:43 PM, Eduardo Habkost wrote:
> On Fri, Nov 27, 2020 at 08:47:00PM +0100, Claudio Fontana wrote:
>> On 11/27/20 8:04 PM, Eduardo Habkost wrote:
> [...]
>>> Maybe we should rename CPUClass.synchronize_from_tb to
>>> CPUClass.tcg_synchronize_from_tb?  Maybe we should have a
>>
>> possibly, yes.
>>
>>> separate TCGCpuOperations struct to carry TCG-specific methods?
>>
>>
>> interesting, will think about it.
> 
> I'm working on it at:
> https://gitlab.com/ehabkost/qemu/-/commits/work/tcg-cpu-ops
> 
> Feel free to reuse it, if you want to do it before your series.
> Otherwise, I can rebase it after your series is merged.
> 
> I didn't touch do_interrupt(), because of the aarch64 weirdness.
> 

Hi,

yes it makes sense to separate more clearly I think what is tcg only among 
those operations,

it is a bit tangent to my series in the sense that those methods need to be set 
one way or another,
either in cc-> or in cc->tcg_ops,

but yes, we could put those changes before or after the series, and I think 
they make sense.

Ciao,

Claudio