Re: [PATCH] hw/timer/etraxfs_timer: Add vmstate for ETRAX timers

[Richard Henderson]

On 12/17/21 3:37 PM, Philippe Mathieu-Daudé wrote:

ping?

On 11/6/21 11:56, Philippe Mathieu-Daudé wrote:

Add the vmstate for the ETRAX timers.
This is in theory a migration compatibility break
for the 'AXIS devboard 88' CRIS machine.

Signed-off-by: Philippe Mathieu-Daudé 
---
  hw/timer/etraxfs_timer.c | 34 +-
  1 file changed, 33 insertions(+), 1 deletion(-)



In that it matches another similar timer device:
Reviewed-by: Richard Henderson 



+static const VMStateDescription vmstate_etraxfs = {
+.name = "etraxfs",
+.version_id = 0,
+.minimum_version_id = 0,
+.fields = (VMStateField[]) {
+VMSTATE_PTIMER(ptimer_t0, ETRAXTimerState),
+VMSTATE_PTIMER(ptimer_t1, ETRAXTimerState),
+VMSTATE_PTIMER(ptimer_wd, ETRAXTimerState),
+
+VMSTATE_UINT32(wd_hits, ETRAXTimerState),
+
+VMSTATE_UINT32(rw_tmr0_div, ETRAXTimerState),
+VMSTATE_UINT32(r_tmr0_data, ETRAXTimerState),
+VMSTATE_UINT32(rw_tmr0_ctrl, ETRAXTimerState),
+
+VMSTATE_UINT32(rw_tmr1_div, ETRAXTimerState),
+VMSTATE_UINT32(r_tmr1_data, ETRAXTimerState),
+VMSTATE_UINT32(rw_tmr1_ctrl, ETRAXTimerState),
+
+VMSTATE_UINT32(rw_wd_ctrl, ETRAXTimerState),
+
+VMSTATE_UINT32(rw_intr_mask, ETRAXTimerState),
+VMSTATE_UINT32(rw_ack_intr, ETRAXTimerState),
+VMSTATE_UINT32(r_intr, ETRAXTimerState),
+VMSTATE_UINT32(r_masked_intr, ETRAXTimerState),
+
+VMSTATE_END_OF_LIST()
+}
+};


What I don't understand is how these controls get applied to qemu_irq after vmload, here 
or in any other device.  It seems like we should have some post_load hook that calls 
timer_update_irq, etc.



r~

Re: [PATCH] target/mips: Align vector registers to 16 bytes

[Richard Henderson]

On 12/17/21 3:34 PM, Philippe Mathieu-Daudé wrote:

Align fpr_t to 16 bytes to be able to use the TCG "Generic"
vector operation expansion API from "tcg/tcg-op-gvec.h",
otherwise we trigger assertions in check_size_align().

See commits ec8e23e37f8 (s390x) and 11e2bfef799 (i386)
for similar justifications.

Signed-off-by: Philippe Mathieu-Daudé
---
  target/mips/cpu.h | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)


Reviewed-by: Richard Henderson 

r~

Re: [RFC PATCH v3 3/3] softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_BUS_ERROR

[Richard Henderson]

On 12/17/21 3:18 PM, Philippe Mathieu-Daudé wrote:

  #define MEMTX_OK 0
  #define MEMTX_ERROR (1U << 0) /* device returned an error */
  #define MEMTX_DECODE_ERROR  (1U << 1) /* nothing at that address */
+#define MEMTX_BUS_ERROR (1U << 2) /* bus returned an error */


This is kind of odd naming, because MEMTX_DECODE_ERROR already means
"bus/interconnect returned an error" and it generally translates
into what at the OS level gets called a "bus error"...


MEMTX_DECODE_ERROR is "nothing at that address". We want a name
for "there is something, but you don't have access to it".
Maybe MEMTX_ILLEGAL_ERROR?


ILLEGAL doesn't convey much.  MEMTX_ACCESS_ERROR?

r~

Re: [PULL 0/9] Trivial branch for 7.0 patches

[Richard Henderson]

On 12/17/21 12:10 PM, Laurent Vivier wrote:

The following changes since commit 29eb5c2c86f935b0e9700fad2ecfe8a32b011d57:

   Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging 
(2021-12-16 08:39:20 -0800)

are available in the Git repository at:

   https://gitlab.com/laurent_vivier/qemu.git 
tags/trivial-branch-for-7.0-pull-request

for you to fetch changes up to ce2ff9cccf0c5f123f9d1e3d5e4fc07d1c2c159d:

   checkpatch: Do not allow deprecated g_memdup() (2021-12-17 11:57:35 +0100)


Trivial patches pull request 20211217



Leonardo Garcia (1):
   hw/virtio/vhost: Fix typo in comment.

Philippe Mathieu-Daudé (7):
   configure: Symlink binaries using .exe suffix with MinGW
   target/i386/kvm: Replace use of __u32 type
   qemu-keymap: Add license in generated files
   hw/avr: Realize AVRCPU qdev object using qdev_realize()
   glib-compat: Introduce g_memdup2() wrapper
   tests/qtest: Replace g_memdup() by g_memdup2()
   checkpatch: Do not allow deprecated g_memdup()

Zhang Chen (1):
   docs/block-replication.txt: Fix replication top-id command demo

  configure   |  2 +-
  docs/block-replication.txt  |  2 +-
  hw/avr/atmega.c |  2 +-
  hw/virtio/vhost.c   |  2 +-
  include/glib-compat.h   | 37 +
  qemu-keymap.c   |  1 +
  scripts/checkpatch.pl   |  5 +
  target/i386/kvm/kvm.c   |  2 +-
  tests/qtest/libqos/ahci.c   |  6 +++---
  tests/qtest/libqos/qgraph.c |  2 +-
  10 files changed, 52 insertions(+), 9 deletions(-)


Applied, thanks.


r~

Re: [RFC PATCH v3 20/27] hw/intc: Add LoongArch extioi interrupt controller(EIOINTC)

[Mark Cave-Ayland]

On 04/12/2021 12:07, Xiaojuan Yang wrote:


This patch realize the EIOINTC interrupt controller.

Signed-off-by: Xiaojuan Yang 
Signed-off-by: Song Gao 
---
  hw/intc/Kconfig|   3 +
  hw/intc/loongarch_extioi.c | 499 +
  hw/intc/meson.build|   1 +
  hw/intc/trace-events   |   9 +
  hw/loongarch/Kconfig   |   1 +
  include/hw/intc/loongarch_extioi.h |  69 
  6 files changed, 582 insertions(+)
  create mode 100644 hw/intc/loongarch_extioi.c
  create mode 100644 include/hw/intc/loongarch_extioi.h

diff --git a/hw/intc/Kconfig b/hw/intc/Kconfig
index dc5f41f5f5..2868b25005 100644
--- a/hw/intc/Kconfig
+++ b/hw/intc/Kconfig
@@ -85,3 +85,6 @@ config LOONGARCH_PCH_MSI
  select MSI_NONBROKEN
  bool
  select UNIMP
+
+config LOONGARCH_EXTIOI
+bool
diff --git a/hw/intc/loongarch_extioi.c b/hw/intc/loongarch_extioi.c
new file mode 100644
index 00..9838f05806
--- /dev/null
+++ b/hw/intc/loongarch_extioi.c
@@ -0,0 +1,499 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * Loongson 3A5000 ext interrupt controller emulation
+ *
+ * Copyright (C) 2021 Loongson Technology Corporation Limited
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/module.h"
+#include "qemu/log.h"
+#include "hw/irq.h"
+#include "hw/sysbus.h"
+#include "hw/loongarch/loongarch.h"
+#include "hw/qdev-properties.h"
+#include "exec/address-spaces.h"
+#include "hw/intc/loongarch_extioi.h"
+#include "migration/vmstate.h"
+#include "trace.h"
+
+static void extioi_update_irq(void *opaque, int irq_num, int level)
+{
+loongarch_extioi *s = LOONGARCH_EXTIOI(opaque);
+uint8_t  ipnum, cpu;
+unsigned long found1, found2;
+
+ipnum = s->sw_ipmap[irq_num];
+cpu   = s->sw_coremap[irq_num];
+if (level == 1) {
+if (test_bit(irq_num, (void *)s->enable) == false) {
+return;
+}
+bitmap_set((void *)s->coreisr[cpu], irq_num, 1);
+found1 = find_next_bit((void *)&(s->sw_ipisr[cpu][ipnum]),
+   EXTIOI_IRQS, 0);
+bitmap_set((void *)&(s->sw_ipisr[cpu][ipnum]), irq_num, 1);
+
+if (found1 >= EXTIOI_IRQS) {
+qemu_set_irq(s->parent_irq[cpu][ipnum], level);
+}
+} else {
+bitmap_clear((void *)s->coreisr[cpu], irq_num, 1);
+found1 = find_next_bit((void *)&(s->sw_ipisr[cpu][ipnum]),
+   EXTIOI_IRQS, 0);
+bitmap_clear((void *)&(s->sw_ipisr[cpu][ipnum]), irq_num, 1);
+found2 = find_next_bit((void *)&(s->sw_ipisr[cpu][ipnum]),
+   EXTIOI_IRQS, 0);
+
+if ((found1 < EXTIOI_IRQS) && (found2 >= EXTIOI_IRQS)) {
+qemu_set_irq(s->parent_irq[cpu][ipnum], level);
+}
+}
+}
+
+static void extioi_setirq(void *opaque, int irq, int level)
+{
+loongarch_extioi *s = LOONGARCH_EXTIOI(opaque);
+trace_extioi_setirq(irq, level);
+extioi_update_irq(s, irq, level);
+}
+
+static uint32_t extioi_readb(void *opaque, hwaddr addr)
+{
+loongarch_extioi *s = LOONGARCH_EXTIOI(opaque);
+unsigned long offset, reg_count;
+uint8_t ret;
+int cpu;
+
+offset = addr & 0x;
+
+if ((offset >= EXTIOI_ENABLE_START) && (offset < EXTIOI_ENABLE_END)) {
+ret = ldub_p((void *)s->enable + (offset - EXTIOI_ENABLE_START));
+} else if ((offset >= EXTIOI_BOUNCE_START) && (offset < 
EXTIOI_BOUNCE_END)) {
+ret = ldub_p((void *)s->bounce + (offset - EXTIOI_BOUNCE_START));
+} else if ((offset >= EXTIOI_COREISR_START) && (offset < 
EXTIOI_COREISR_END)) {
+reg_count = ((offset - EXTIOI_COREISR_START) & 0x1f);
+cpu = ((offset - EXTIOI_COREISR_START) >> 8) & 0x3;
+ret = ldub_p((void *)s->coreisr[cpu] + reg_count);
+} else if ((offset >= EXTIOI_IPMAP_START) && (offset < EXTIOI_IPMAP_END)) {
+ret = ldub_p((void *)>ipmap + (offset - EXTIOI_IPMAP_START));
+} else if ((offset >= EXTIOI_COREMAP_START) && (offset < 
EXTIOI_COREMAP_END)) {
+ret = ldub_p((void *)s->coremap + (offset - EXTIOI_COREMAP_START));
+} else if ((offset >= EXTIOI_NODETYPE_START) && (offset < 
EXTIOI_NODETYPE_END)) {
+ret = ldub_p((void *)s->nodetype + (offset - EXTIOI_NODETYPE_START));
+}
+
+trace_loongarch_extioi_readb((uint32_t)addr, ret);
+return ret;
+}
+
+static uint32_t extioi_readw(void *opaque, hwaddr addr)
+{
+loongarch_extioi *s = LOONGARCH_EXTIOI(opaque);
+unsigned long offset, reg_count;
+uint32_t ret;
+int cpu;
+
+offset = addr & 0x;
+
+if ((offset >= EXTIOI_ENABLE_START) && (offset < EXTIOI_ENABLE_END)) {
+ret = ldl_p((void *)s->enable + (offset - EXTIOI_ENABLE_START));
+} else if ((offset >= EXTIOI_BOUNCE_START) && (offset < 
EXTIOI_BOUNCE_END)) {
+ret = ldl_p((void *)s->bounce + (offset - EXTIOI_BOUNCE_START));
+} else if ((offset >= EXTIOI_COREISR_START) && (offset < 
EXTIOI_COREISR_END)) {
+

Re: [RFC PATCH v3 19/27] hw/intc: Add LoongArch ls7a msi interrupt controller support(PCH-MSI)

[Mark Cave-Ayland]

On 04/12/2021 12:07, Xiaojuan Yang wrote:


This patch realize PCH-MSI interrupt controller.

Signed-off-by: Xiaojuan Yang 
Signed-off-by: Song Gao 
---
  hw/intc/Kconfig |  5 +++
  hw/intc/loongarch_pch_msi.c | 67 +
  hw/intc/meson.build |  1 +
  hw/intc/trace-events|  3 ++
  hw/loongarch/Kconfig|  1 +
  include/hw/intc/loongarch_pch_msi.h | 21 +
  6 files changed, 98 insertions(+)
  create mode 100644 hw/intc/loongarch_pch_msi.c
  create mode 100644 include/hw/intc/loongarch_pch_msi.h

diff --git a/hw/intc/Kconfig b/hw/intc/Kconfig
index 96da13ad1d..dc5f41f5f5 100644
--- a/hw/intc/Kconfig
+++ b/hw/intc/Kconfig
@@ -80,3 +80,8 @@ config LOONGARCH_IPI
  config LOONGARCH_PCH_PIC
  bool
  select UNIMP
+
+config LOONGARCH_PCH_MSI
+select MSI_NONBROKEN
+bool
+select UNIMP
diff --git a/hw/intc/loongarch_pch_msi.c b/hw/intc/loongarch_pch_msi.c
new file mode 100644
index 00..cf763b
--- /dev/null
+++ b/hw/intc/loongarch_pch_msi.c
@@ -0,0 +1,67 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * QEMU Loongson 7A1000 msi interrupt controller.
+ *
+ * Copyright (C) 2021 Loongson Technology Corporation Limited
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/irq.h"
+#include "hw/intc/loongarch_pch_msi.h"
+#include "hw/intc/loongarch_pch_pic.h"
+#include "hw/pci/msi.h"
+#include "hw/misc/unimp.h"
+#include "migration/vmstate.h"
+#include "trace.h"
+
+static uint64_t loongarch_msi_mem_read(void *opaque, hwaddr addr, unsigned 
size)
+{
+return 0;
+}
+
+static void loongarch_msi_mem_write(void *opaque, hwaddr addr,
+uint64_t val, unsigned size)
+{
+loongarch_pch_msi *s = LOONGARCH_PCH_MSI(opaque);
+int irq_num = val & 0xff;
+
+trace_loongarch_msi_set_irq(irq_num);
+qemu_set_irq(s->pch_msi_irq[irq_num - PCH_PIC_IRQ_NUM], 1);
+}
+
+static const MemoryRegionOps loongarch_pch_msi_ops = {
+.read  = loongarch_msi_mem_read,
+.write = loongarch_msi_mem_write,
+.endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void loongarch_pch_msi_init(Object *obj)
+{
+loongarch_pch_msi *s = LOONGARCH_PCH_MSI(obj);
+SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+int i;
+
+memory_region_init_io(>msi_mmio, obj, _pch_msi_ops,
+  s, TYPE_LOONGARCH_PCH_MSI, 0x8);
+sysbus_init_mmio(sbd, >msi_mmio);
+msi_nonbroken = true;
+
+for (i = 0; i < PCH_MSI_IRQ_NUM; i++) {
+sysbus_init_irq(sbd, >pch_msi_irq[i]);
+}
+}
+
+static const TypeInfo loongarch_pch_msi_info = {
+.name  = TYPE_LOONGARCH_PCH_MSI,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(loongarch_pch_msi),
+.instance_init = loongarch_pch_msi_init,
+};
+
+static void loongarch_pch_msi_register_types(void)
+{
+type_register_static(_pch_msi_info);
+}
+
+type_init(loongarch_pch_msi_register_types)
diff --git a/hw/intc/meson.build b/hw/intc/meson.build
index 33ba63266e..acefe0c5aa 100644
--- a/hw/intc/meson.build
+++ b/hw/intc/meson.build
@@ -59,3 +59,4 @@ specific_ss.add(when: 'CONFIG_GOLDFISH_PIC', if_true: 
files('goldfish_pic.c'))
  specific_ss.add(when: 'CONFIG_M68K_IRQC', if_true: files('m68k_irqc.c'))
  specific_ss.add(when: 'CONFIG_LOONGARCH_IPI', if_true: 
files('loongarch_ipi.c'))
  specific_ss.add(when: 'CONFIG_LOONGARCH_PCH_PIC', if_true: 
files('loongarch_pch_pic.c'))
+specific_ss.add(when: 'CONFIG_LOONGARCH_PCH_MSI', if_true: 
files('loongarch_pch_msi.c'))
diff --git a/hw/intc/trace-events b/hw/intc/trace-events
index 52fedf82be..20da343cfe 100644
--- a/hw/intc/trace-events
+++ b/hw/intc/trace-events
@@ -255,3 +255,6 @@ loongarch_ipi_write(unsigned size, uint32_t addr, unsigned long 
val) "size: %u a
  pch_pic_irq_handler(uint32_t edge, int irq, int level) "edge 0x%02x irq %d level 
%d"
  loongarch_pch_pic_read(unsigned size, uint32_t addr, unsigned long val) "size: %u addr: 
0x%"PRIx32 "val: 0x%" PRIx64
  loongarch_pch_pic_write(unsigned size, uint32_t addr, unsigned long val) "size: %u addr: 
0x%"PRIx32 "val: 0x%" PRIx64
+
+# loongarch_pch_msi.c
+loongarch_msi_set_irq(int irq_num) "set msi irq %d"
diff --git a/hw/loongarch/Kconfig b/hw/loongarch/Kconfig
index c2b8046b94..cd38d03a19 100644
--- a/hw/loongarch/Kconfig
+++ b/hw/loongarch/Kconfig
@@ -3,3 +3,4 @@ config LOONGSON3_LS7A
  select PCI_EXPRESS_7A
  select LOONGARCH_IPI
  select LOONGARCH_PCH_PIC
+select LOONGARCH_PCH_MSI
diff --git a/include/hw/intc/loongarch_pch_msi.h 
b/include/hw/intc/loongarch_pch_msi.h
new file mode 100644
index 00..35297d51d8
--- /dev/null
+++ b/include/hw/intc/loongarch_pch_msi.h
@@ -0,0 +1,21 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * LoongArch 7A1000 I/O interrupt controller definitions
+ *
+ * Copyright (C) 2021 Loongson Technology Corporation Limited
+ */
+
+#define TYPE_LOONGARCH_PCH_MSI "loongarch_pch_msi"

Re: [PATCH] hw/scsi/megasas: Simplify using the ldst API

[Richard Henderson]

On 12/17/21 3:15 PM, Philippe Mathieu-Daudé wrote:

-cdb[3] = (len >> 8) & 0xff;
-cdb[4] = (len & 0xff);
+stw_be_p([2], len);


Wrong offset.  Otherwise,

Reviewed-by: Richard Henderson 

r~

Re: [RFC PATCH v3 18/27] hw/intc: Add LoongArch ls7a interrupt controller support(PCH-PIC)

[Mark Cave-Ayland]

On 04/12/2021 12:07, Xiaojuan Yang wrote:


This patch realize the PCH-PIC interrupt controller.

Signed-off-by: Xiaojuan Yang 
Signed-off-by: Song Gao 
---
  hw/intc/Kconfig |   4 +
  hw/intc/loongarch_pch_pic.c | 357 
  hw/intc/meson.build |   1 +
  hw/intc/trace-events|   5 +
  hw/loongarch/Kconfig|   1 +
  include/hw/intc/loongarch_pch_pic.h |  61 +
  6 files changed, 429 insertions(+)
  create mode 100644 hw/intc/loongarch_pch_pic.c
  create mode 100644 include/hw/intc/loongarch_pch_pic.h

diff --git a/hw/intc/Kconfig b/hw/intc/Kconfig
index 511dcac537..96da13ad1d 100644
--- a/hw/intc/Kconfig
+++ b/hw/intc/Kconfig
@@ -76,3 +76,7 @@ config M68K_IRQC
  
  config LOONGARCH_IPI

  bool
+
+config LOONGARCH_PCH_PIC
+bool
+select UNIMP
diff --git a/hw/intc/loongarch_pch_pic.c b/hw/intc/loongarch_pch_pic.c
new file mode 100644
index 00..2ede29ceb0
--- /dev/null
+++ b/hw/intc/loongarch_pch_pic.c
@@ -0,0 +1,357 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * QEMU Loongson 7A1000 I/O interrupt controller.
+ *
+ * Copyright (C) 2021 Loongson Technology Corporation Limited
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/loongarch/loongarch.h"
+#include "hw/irq.h"
+#include "hw/intc/loongarch_pch_pic.h"
+#include "migration/vmstate.h"
+#include "trace.h"
+
+#define for_each_set_bit(bit, addr, size) \
+ for ((bit) = find_first_bit((addr), (size));\
+  (bit) < (size);\
+  (bit) = find_next_bit((addr), (size), (bit) + 1))
+
+static void pch_pic_update_irq(loongarch_pch_pic *s, uint64_t mask, int level)
+{
+int i;
+uint64_t val;
+val = mask & s->intirr & (~s->int_mask);
+
+for_each_set_bit(i, , 64) {
+if (level == 1) {
+if ((s->intisr & (0x1ULL << i)) == 0) {
+s->intisr |= 1ULL << i;
+qemu_set_irq(s->parent_irq[s->htmsi_vector[i]], 1);
+}
+} else if (level == 0) {
+if (s->intisr & (0x1ULL << i)) {
+s->intisr &= ~(0x1ULL << i);
+qemu_set_irq(s->parent_irq[s->htmsi_vector[i]], 0);
+}
+}
+}
+}


The normal pattern would be to use something like:

for (i = 0; i < 64; i++) {
if (level) {
s->intisr |= 1ULL << i;
} else {
s->intisr &= ~(0x1ULL << i);
}

qemu_set_irq(s->parent_irq[s->htmsi_vector[i]], level);
}

Why is it necessary to check the previous value of (s->intisr & (0x1ULL << i)) 
here?


+static void pch_pic_irq_handler(void *opaque, int irq, int level)
+{
+loongarch_pch_pic *s = LOONGARCH_PCH_PIC(opaque);
+
+assert(irq < PCH_PIC_IRQ_NUM);
+uint64_t mask = 1ULL << irq;
+
+trace_pch_pic_irq_handler(s->intedge, irq, level);
+
+if (s->intedge & mask) {
+/* Edge triggered */
+if (level) {
+if ((s->last_intirr & mask) == 0) {
+s->intirr |= mask;
+}
+s->last_intirr |= mask;
+} else {
+s->last_intirr &= ~mask;
+}
+} else {
+/* Level triggered */
+if (level) {
+s->intirr |= mask;
+s->last_intirr |= mask;
+} else {
+s->intirr &= ~mask;
+s->last_intirr &= ~mask;
+}
+
+}
+pch_pic_update_irq(s, mask, level);
+}
+
+static uint64_t loongarch_pch_pic_reg_read(void *opaque, hwaddr addr,
+   unsigned size)
+{
+loongarch_pch_pic *s = LOONGARCH_PCH_PIC(opaque);
+uint64_t val = 0;
+uint32_t offset = addr & 0xfff;
+int64_t offset_tmp;
+
+if (size == 8) {
+switch (offset) {
+case PCH_PIC_INT_ID_OFFSET:
+val = (PCH_PIC_INT_ID_NUM << 32) | PCH_PIC_INT_ID_VAL;
+break;
+case PCH_PIC_INT_MASK_OFFSET:
+val =  s->int_mask;
+break;
+case PCH_PIC_INT_STATUS_OFFSET:
+val = s->intisr & (~s->int_mask);
+break;
+case PCH_PIC_INT_EDGE_OFFSET:
+val = s->intedge;
+break;
+case PCH_PIC_INT_POL_OFFSET:
+val = s->int_polarity;
+break;
+case PCH_PIC_HTMSI_EN_OFFSET...PCH_PIC_HTMSI_EN_END:
+val = s->htmsi_en;
+break;
+case PCH_PIC_AUTO_CTRL0_OFFSET...PCH_PIC_AUTO_CTRL0_END:
+case PCH_PIC_AUTO_CTRL1_OFFSET...PCH_PIC_AUTO_CTRL1_END:
+break;
+default:
+break;
+}
+} else if (size == 4) {
+switch (offset) {
+case PCH_PIC_INT_ID_OFFSET:
+val = PCH_PIC_INT_ID_VAL;
+break;
+case PCH_PIC_INT_ID_OFFSET + 4:
+val = PCH_PIC_INT_ID_NUM;
+break;
+case PCH_PIC_INT_MASK_OFFSET...PCH_PIC_INT_MASK_END:
+val = ldl_p((void *)>int_mask +
+ 

Re: [PATCH] cpu: remove unnecessary #ifdef CONFIG_TCG

[Richard Henderson]

On 12/17/21 2:49 AM, Paolo Bonzini wrote:

"if (tcg_enabled())" allows elision of the code inside it; we only need
the prototype to exist, so that the code compile even for the --disable-tcg
case.

Signed-off-by: Paolo Bonzini 


Reviewed-by: Richard Henderson 


r~

Re: [PATCH-for-7.0] hw/net/rocker: Remove unused definitions

[Richard Henderson]

On 11/16/21 11:39 AM, Philippe Mathieu-Daudé wrote:

Signed-off-by: Philippe Mathieu-Daudé 
---
  hw/net/rocker/rocker.h | 5 -
  1 file changed, 5 deletions(-)

diff --git a/hw/net/rocker/rocker.h b/hw/net/rocker/rocker.h
index 412fa44d017..d22bbd2bf80 100644
--- a/hw/net/rocker/rocker.h
+++ b/hw/net/rocker/rocker.h
@@ -36,13 +36,8 @@ static inline GCC_FMT_ATTR(1, 2) int DPRINTF(const char 
*fmt, ...)
  }
  #endif
  
-#define __le16 uint16_t

-#define __le32 uint32_t
-#define __le64 uint64_t
-
  #define __be16 uint16_t
  #define __be32 uint32_t
-#define __be64 uint64_t


Surely the __beN defines should go away as well.
If they're still used, that seems like a bug itself.


r~

Re: [RFC PATCH v3 17/27] hw/loongarch: Add LoongArch ipi interrupt support(IPI)

[Mark Cave-Ayland]

On 04/12/2021 12:07, Xiaojuan Yang wrote:


This patch realize the IPI interrupt controller.

Signed-off-by: Xiaojuan Yang 
Signed-off-by: Song Gao 
---
  hw/intc/Kconfig |   3 +
  hw/intc/loongarch_ipi.c | 162 
  hw/intc/meson.build |   1 +
  hw/intc/trace-events|   4 +
  hw/loongarch/Kconfig|   1 +
  include/hw/intc/loongarch_ipi.h |  45 +
  target/loongarch/cpu.h  |   1 +
  7 files changed, 217 insertions(+)
  create mode 100644 hw/intc/loongarch_ipi.c
  create mode 100644 include/hw/intc/loongarch_ipi.h

diff --git a/hw/intc/Kconfig b/hw/intc/Kconfig
index 78aed93c45..511dcac537 100644
--- a/hw/intc/Kconfig
+++ b/hw/intc/Kconfig
@@ -73,3 +73,6 @@ config GOLDFISH_PIC
  
  config M68K_IRQC

  bool
+
+config LOONGARCH_IPI
+bool
diff --git a/hw/intc/loongarch_ipi.c b/hw/intc/loongarch_ipi.c
new file mode 100644
index 00..72e434c983
--- /dev/null
+++ b/hw/intc/loongarch_ipi.c
@@ -0,0 +1,162 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * LoongArch ipi interrupt support
+ *
+ * Copyright (C) 2021 Loongson Technology Corporation Limited
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/intc/loongarch_ipi.h"
+#include "hw/irq.h"
+#include "qapi/error.h"
+#include "qemu/log.h"
+#include "exec/address-spaces.h"
+#include "hw/loongarch/loongarch.h"
+#include "migration/vmstate.h"
+#include "trace.h"
+
+static uint64_t loongarch_ipi_readl(void *opaque, hwaddr addr, unsigned size)
+{
+ipi_core *s = opaque;
+uint64_t ret = 0;
+
+addr &= 0xff;
+switch (addr) {
+case CORE_STATUS_OFF:
+ret = s->status;
+break;
+case CORE_EN_OFF:
+ret = s->en;
+break;
+case CORE_SET_OFF:
+ret = 0;
+break;
+case CORE_CLEAR_OFF:
+ret = 0;
+break;
+case CORE_BUF_20 ... CORE_BUF_38:
+if (size == 4) {
+ret = ldl_p((void *)s->buf + (addr - CORE_BUF_20));
+} else if (size == 8) {
+ret = ldq_p((void *)s->buf + (addr - CORE_BUF_20));
+}
+break;
+default:
+qemu_log_mask(LOG_UNIMP, "invalid read: %x", (uint32_t)addr);
+break;
+}
+
+trace_loongarch_ipi_read(size, (uint64_t)addr, ret);
+return ret;
+}
+
+static void loongarch_ipi_writel(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ipi_core *s = opaque;
+
+addr &= 0xff;
+trace_loongarch_ipi_write(size, (uint64_t)addr, val);
+switch (addr) {
+case CORE_STATUS_OFF:
+qemu_log_mask(LOG_GUEST_ERROR, "can not be written");
+break;
+case CORE_EN_OFF:
+s->en = val;
+break;
+case CORE_SET_OFF:
+s->status |= val;
+if (s->status != 0) {
+qemu_irq_raise(s->irq);
+}
+break;
+case CORE_CLEAR_OFF:
+s->status ^= val;
+if (s->status == 0) {
+qemu_irq_lower(s->irq);
+}
+break;
+case CORE_BUF_20 ... CORE_BUF_38:
+if (size == 4) {
+stl_p((void *)s->buf + (addr - CORE_BUF_20), val);
+} else if (size == 8) {
+stq_p((void *)s->buf + (addr - CORE_BUF_20), val);
+}
+break;
+default:
+qemu_log_mask(LOG_UNIMP, "invalid write: %x", (uint32_t)addr);
+break;
+}
+}
+
+static const MemoryRegionOps loongarch_ipi_ops = {
+.read = loongarch_ipi_readl,
+.write = loongarch_ipi_writel,
+.impl.min_access_size = 4,
+.impl.max_access_size = 8,


This ensures that 8 byte accesses are always split into 2 x 4 byte accesses so I 
don't think the size == 8 parts are being used?


The use of ldl_p() and stl_p() doesn't seem right here: if you're setting 
.impl.min_access_size to 4 then that would suggest that buf in struct ipi_core should 
be an array of uint32_t instead of uint64_t, so then you can just use s->buf[offset] 
directly.



+.valid.min_access_size = 4,
+.valid.max_access_size = 8,
+.endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void loongarch_ipi_init(Object *obj)
+{
+loongarch_ipi *s = LOONGARCH_IPI(obj);
+SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+int cpu;
+
+for (cpu = 0; cpu < MACHINE(qdev_get_machine())->smp.cpus; cpu++) {
+memory_region_init_io(>ipi_mmio[cpu], obj, _ipi_ops,
+  >core[cpu], "loongarch_ipi", 0x100);
+sysbus_init_mmio(sbd, >ipi_mmio[cpu]);
+qdev_init_gpio_out(DEVICE(obj), >core[cpu].irq, 1);
+   }
+}
+
+static const VMStateDescription vmstate_ipi_core = {
+.name = "ipi-single",
+.version_id = 0,
+.minimum_version_id = 0,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32(status, ipi_core),
+VMSTATE_UINT32(en, ipi_core),
+VMSTATE_UINT32(set, ipi_core),
+VMSTATE_UINT32(clear, ipi_core),
+VMSTATE_UINT64_ARRAY(buf, ipi_core, MAX_IPI_MBX_NUM),
+

Re: [RFC PATCH v3 16/27] hw/loongarch: Add LoongArch cpu interrupt support(CPUINTC)

[Mark Cave-Ayland]

On 04/12/2021 12:07, Xiaojuan Yang wrote:


Loongson-3A5000 support 14 interrupts from 64 - 77(Timer->75 IPI->76)
Loongson-3A5000 and ls7a form a legacy model and extended model irq
hierarchy.Tcg mode emulate a simplified extended model which
has no Legacy I/O Interrupt Controller(LIOINTC) and LPC.
e.g:

  |+-++-+ +---+ |
  || IPI |--> | CPUINTC | <-- | Timer | |
  |+-++-+ +---+ |
  |^|
  |||
  |   +-+
  |   | EIOINTC |
  |   +-+
  |^   ^|
  ||   ||
  | +-+ +-+ |
  | | PCH-PIC | | PCH-MSI | |
  | +-+ +-+ |
  |   ^ ^   ^   |
  |   | |   |   |
  |   +-+ +-+ +-+   |
  |   | UARTs | | Devices | | Devices | |
  |   +-+ +-+ +-+   |
  |^|

The following series patch will realize the interrupt
controller in this model.

More detailed info can be found at the kernel doc or manual
1.https://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/
linux-loongson.git/tree/Documentation/loongarch?h=loongarch-next
2.https://github.com/loongson/LoongArch-Documentation

Signed-off-by: Xiaojuan Yang 
Signed-off-by: Song Gao 
---
  target/loongarch/cpu.c | 28 
  1 file changed, 28 insertions(+)

diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
index 62c2a4d813..afa550c950 100644
--- a/target/loongarch/cpu.c
+++ b/target/loongarch/cpu.c
@@ -504,11 +504,39 @@ static void loongarch_cpu_realizefn(DeviceState *dev, 
Error **errp)
  lacc->parent_realize(dev, errp);
  }
  
+#ifndef CONFIG_USER_ONLY

+static void loongarch_cpu_set_irq(void *opaque, int irq, int level)
+{
+LoongArchCPU *cpu = opaque;
+CPULoongArchState *env = >env;
+CPUState *cs = CPU(cpu);
+
+if (irq < 0 || irq > N_IRQS) {
+return;
+}
+
+if (level) {
+env->CSR_ESTAT |= 1 << irq;
+} else {
+env->CSR_ESTAT &= ~(1 << irq);
+}
+
+if (FIELD_EX64(env->CSR_ESTAT, CSR_ESTAT, IS)) {
+cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+} else {
+cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
+}
+}
+#endif
+
  static void loongarch_cpu_initfn(Object *obj)
  {
  LoongArchCPU *cpu = LOONGARCH_CPU(obj);
  
  cpu_set_cpustate_pointers(cpu);

+#ifndef CONFIG_USER_ONLY
+qdev_init_gpio_in(DEVICE(cpu), loongarch_cpu_set_irq, N_IRQS);
+#endif
  }
  
  static ObjectClass *loongarch_cpu_class_by_name(const char *cpu_model)


Rather than use defines to split out user mode, I would suggest using a separate 
function in a similar way to sparc64_cpu_devinit() in hw/sparc64/sparc64.c to set up 
the parts of the CPU that are only required in system mode. This function can then be 
called as part of the board setup.



ATB,

Mark.

Re: [PATCH] tests/tcg/ppc64le: remove INT128 requirement to run non_signalling_xscv

[Richard Henderson]

On 12/16/21 6:09 AM, matheus.fe...@eldorado.org.br wrote:

+asm("mtvsrd 0, %3\n\t"  \
+"xxswapd 0, 0\n\t"  \
+"mtvsrd 0, %2\n\t"  \


This doesn't work.  The lower half of vs0 is undefined after mtvsrd.
You actually want mtvsrdd 0, %2, %3, with "b" as the constraint for bh.


+"mfvsrd %0, 0\n\t"  \
+"xxswapd 0, 0\n\t"  \
+"mfvsrd %1, 0\n\t"  \


Drop the xxswapd and use mfvsrld.

Otherwise it looks ok.


r~

Re: [PATCH 3/3] hw/input/pckbd: Rename i8042_setup_a20_line() and its a20 irq argument

[Philippe Mathieu-Daudé]

On 11/22/21 12:14, Peter Maydell wrote:
> On Fri, 5 Nov 2021 at 17:21, Philippe Mathieu-Daudé  wrote:
>>
>> 'a20_out' is an input IRQ, rename it as 'a20_input'.
>> i8042_setup_a20_line() doesn't take a Device parameter
>> but an ISADevice one. Rename it as i8042_isa_*() to
>> make it explicit.
>>
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>  include/hw/input/i8042.h | 2 +-
>>  hw/i386/pc.c | 2 +-
>>  hw/input/pckbd.c | 4 ++--
>>  3 files changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/include/hw/input/i8042.h b/include/hw/input/i8042.h
>> index 1d90432daef..3534fcc4b43 100644
>> --- a/include/hw/input/i8042.h
>> +++ b/include/hw/input/i8042.h
>> @@ -21,6 +21,6 @@ void i8042_mm_init(qemu_irq kbd_irq, qemu_irq mouse_irq,
>> MemoryRegion *region, ram_addr_t size,
>> hwaddr mask);
>>  void i8042_isa_mouse_fake_event(ISAKBDState *isa);
>> -void i8042_setup_a20_line(ISADevice *dev, qemu_irq a20_out);
>> +void i8042_isa_setup_a20_line(ISADevice *dev, qemu_irq a20_input);
>>
>>  #endif /* HW_INPUT_I8042_H */
>> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
>> index 2592a821486..06ef74ca22b 100644
>> --- a/hw/i386/pc.c
>> +++ b/hw/i386/pc.c
>> @@ -1043,7 +1043,7 @@ static void pc_superio_init(ISABus *isa_bus, bool 
>> create_fdctrl, bool no_vmport)
>>  port92 = isa_create_simple(isa_bus, TYPE_PORT92);
>>
>>  a20_line = qemu_allocate_irqs(handle_a20_line_change, first_cpu, 2);
>> -i8042_setup_a20_line(i8042, a20_line[0]);
>> +i8042_isa_setup_a20_line(i8042, a20_line[0]);
> 
> I think these days we can directly call
> qdev_connect_gpio_out_named(DEVICE(i8042), I8042_A20_LINE, 0, 
> a20_line[0]);
> and drop the i8042_setup_a20_line() wrapper entirely,
> since the named GPIO lines are a "public" interface to the device.
> We only have this i8042_setup_a20_line() because the original
> implementation (added in commit 956a3e6bb738) predates gpio lines
> and did an assignment into the KBDState struct which needed to
> be private to pckbd.c.
> 
>>  qdev_connect_gpio_out_named(DEVICE(port92),
>>  PORT92_A20_LINE, 0, a20_line[1]);
> 
> That would then make it consistent with how we're wiring up the
> other A20 input source here.

Very good point, thank you.

> (Some day we should perhaps make the A20 input to the CPU an actual
> GPIO input on the CPU device object, so we could wire the I8042_A20_LINE
> and PORT92_A20_LINE to it via an OR gate, and drop the intermidate
> qemu_irq array and handle_a20_line_change function. But needing
> the OR gate makes that a little clunky so I'm not sure it's
> really worth the effort.)

I once worked on an "info irqtree" HMP command; if I finish it
then would be nice to display.

Re: [RFC PATCH v3 15/27] hw/loongarch: Add support loongson3-ls7a machine type.

[Mark Cave-Ayland]

On 04/12/2021 12:07, Xiaojuan Yang wrote:


Emulate a 3A5000 board use the new loongarch instruction.
3A5000 belongs to the Loongson3 series processors.
The board consists of a 3A5000 cpu model and the 7A1000
bridge. The host 3A5000 board is really complicated and
contains many functions.Now for the tcg softmmu mode
only part functions are emulated.

More detailed info you can see
https://github.com/loongson/LoongArch-Documentation

Signed-off-by: Xiaojuan Yang 
Signed-off-by: Song Gao 
---
  .../devices/loongarch64-softmmu/default.mak   |   3 +
  configs/targets/loongarch64-softmmu.mak   |   3 +
  hw/Kconfig|   1 +
  hw/loongarch/Kconfig  |   3 +
  hw/loongarch/loongson3.c  | 160 ++
  hw/loongarch/meson.build  |   4 +
  hw/meson.build|   1 +
  include/exec/poison.h |   2 +
  include/hw/loongarch/loongarch.h  |  48 ++
  include/sysemu/arch_init.h|   1 +
  qapi/machine.json |   2 +-
  target/Kconfig|   1 +
  target/loongarch/Kconfig  |   2 +
  target/loongarch/cpu.c|   8 +
  target/loongarch/cpu.h|   4 +
  15 files changed, 242 insertions(+), 1 deletion(-)
  create mode 100644 configs/devices/loongarch64-softmmu/default.mak
  create mode 100644 hw/loongarch/Kconfig
  create mode 100644 hw/loongarch/loongson3.c
  create mode 100644 hw/loongarch/meson.build
  create mode 100644 include/hw/loongarch/loongarch.h
  create mode 100644 target/loongarch/Kconfig

diff --git a/configs/devices/loongarch64-softmmu/default.mak 
b/configs/devices/loongarch64-softmmu/default.mak
new file mode 100644
index 00..973ce4c30a
--- /dev/null
+++ b/configs/devices/loongarch64-softmmu/default.mak
@@ -0,0 +1,3 @@
+# Default configuration for loongarch64-softmmu
+
+CONFIG_LOONGSON3_LS7A=y
diff --git a/configs/targets/loongarch64-softmmu.mak 
b/configs/targets/loongarch64-softmmu.mak
index f33fa1590b..7bc06c850c 100644
--- a/configs/targets/loongarch64-softmmu.mak
+++ b/configs/targets/loongarch64-softmmu.mak
@@ -1 +1,4 @@
+TARGET_ARCH=loongarch64
+TARGET_BASE_ARCH=loongarch
+TARGET_SUPPORTS_MTTCG=y
  TARGET_XML_FILES= gdb-xml/loongarch-base64.xml gdb-xml/loongarch-fpu64.xml
diff --git a/hw/Kconfig b/hw/Kconfig
index ad20cce0a9..f71b2155ed 100644
--- a/hw/Kconfig
+++ b/hw/Kconfig
@@ -49,6 +49,7 @@ source avr/Kconfig
  source cris/Kconfig
  source hppa/Kconfig
  source i386/Kconfig
+source loongarch/Kconfig
  source m68k/Kconfig
  source microblaze/Kconfig
  source mips/Kconfig
diff --git a/hw/loongarch/Kconfig b/hw/loongarch/Kconfig
new file mode 100644
index 00..ae8498de6a
--- /dev/null
+++ b/hw/loongarch/Kconfig
@@ -0,0 +1,3 @@
+config LOONGSON3_LS7A
+bool
+select PCI_EXPRESS_7A
diff --git a/hw/loongarch/loongson3.c b/hw/loongarch/loongson3.c
new file mode 100644
index 00..28b623e927
--- /dev/null
+++ b/hw/loongarch/loongson3.c
@@ -0,0 +1,160 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * QEMU loongson 3a5000 develop board emulation
+ *
+ * Copyright (c) 2021 Loongson Technology Corporation Limited
+ */
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/units.h"
+#include "qemu/datadir.h"
+#include "qapi/error.h"
+#include "hw/boards.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/qtest.h"
+#include "sysemu/runstate.h"
+#include "sysemu/reset.h"
+#include "hw/loongarch/loongarch.h"
+#include "hw/pci-host/ls7a.h"
+
+
+static void loongarch_cpu_reset(void *opaque)
+{
+LoongArchCPU *cpu = opaque;
+
+cpu_reset(CPU(cpu));
+}
+
+#define LOONGARCH_SIMPLE_MMIO_OPS(ADDR, NAME, SIZE) \
+({\
+ MemoryRegion *iomem = g_new(MemoryRegion, 1);\
+ memory_region_init_io(iomem, NULL, _qemu_ops,\
+   (void *)ADDR, NAME, SIZE);\
+ memory_region_add_subregion(>system_iocsr, ADDR, iomem);\
+})


MemoryRegions should be allocated within a device rather than directly on the heap 
which allows the device to be set as its owner. It feels as if these MemoryRegions 
should be added to separate QEMU device within the system_iocsr memory space.



+static void loongarch_qemu_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+}
+
+static uint64_t loongarch_qemu_read(void *opaque, hwaddr addr, unsigned size)
+{
+uint64_t feature = 0UL;
+addr = ((hwaddr)(long)opaque) + addr;
+
+switch (addr) {
+case FEATURE_REG:
+feature |= 1UL << IOCSRF_MSI | 1UL << IOCSRF_EXTIOI |
+   1UL << IOCSRF_CSRIPI;
+return feature ;
+case VENDOR_REG:
+return *(uint64_t *)"Loongson-3A5000";
+case CPUNAME_REG:
+return *(uint64_t *)"3A5000";
+}
+return 0;
+}
+
+static const MemoryRegionOps loongarch_qemu_ops = {
+.read = 

Re: [PATCH v3 1/3] hw: Move MARVELL_88W8618 Kconfig from audio/ to arm/

[Richard Henderson]

On 12/17/21 3:30 PM, Philippe Mathieu-Daudé wrote:

The Marvell 88W8618 is a system-on-chip with an ARM core.
We implement its audio codecs and network interface.
Homogeneous SoC Kconfig are usually defined in the hw/$ARCH
directory. Move it there.

Suggested-by: Richard Henderson
Signed-off-by: Philippe Mathieu-Daudé
---
  hw/arm/Kconfig   | 3 +++
  hw/audio/Kconfig | 3 ---
  2 files changed, 3 insertions(+), 3 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [RFC PATCH v3 14/27] hw/pci-host: Add ls7a1000 PCIe Host bridge support for Loongson3 Platform

[Mark Cave-Ayland]

On 04/12/2021 12:07, Xiaojuan Yang wrote:


This is a model of the PCIe Host Bridge found on a Loongson-5000
processor. It includes a interrupt controller, some interface for
pci and nonpci devices. Mainly emulate part of it that is not
exactly the same as the host and only use part devices for
tcg mode. It support for MSI and MSIX interrupt sources.

For more detailed info about ls7a1000 you can see the doc at
https://github.com/loongson/LoongArch-Documentation/releases/latest/
download/Loongson-7A1000-usermanual-2.00-EN.pdf

Signed-off-by: Xiaojuan Yang 
Signed-off-by: Song Gao 
---
  hw/pci-host/Kconfig|   4 +
  hw/pci-host/ls7a.c | 174 +
  hw/pci-host/meson.build|   1 +
  include/hw/pci-host/ls7a.h |  51 +++
  4 files changed, 230 insertions(+)
  create mode 100644 hw/pci-host/ls7a.c
  create mode 100644 include/hw/pci-host/ls7a.h

diff --git a/hw/pci-host/Kconfig b/hw/pci-host/Kconfig
index 2b5f7d58cc..b02a9d1454 100644
--- a/hw/pci-host/Kconfig
+++ b/hw/pci-host/Kconfig
@@ -77,3 +77,7 @@ config MV64361
  bool
  select PCI
  select I8259
+
+config PCI_EXPRESS_7A
+bool
+select PCI_EXPRESS
diff --git a/hw/pci-host/ls7a.c b/hw/pci-host/ls7a.c
new file mode 100644
index 00..a783fb2eda
--- /dev/null
+++ b/hw/pci-host/ls7a.c
@@ -0,0 +1,174 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * QEMU Loongson 7A1000 North Bridge Emulation
+ *
+ * Copyright (C) 2021 Loongson Technology Corporation Limited
+ */
+
+#include "qemu/osdep.h"
+
+#include "hw/pci/pci.h"
+#include "hw/pci/pcie_host.h"
+#include "hw/qdev-properties.h"
+#include "qapi/error.h"
+#include "hw/irq.h"
+#include "hw/pci/pci_bridge.h"
+#include "hw/pci/pci_bus.h"
+#include "sysemu/reset.h"
+#include "hw/pci-host/ls7a.h"
+#include "migration/vmstate.h"
+
+static const VMStateDescription vmstate_ls7a_pcie = {
+.name = "LS7A_PCIE",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_PCI_DEVICE(parent_obj, LS7APCIState),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static void pci_ls7a_config_write(void *opaque, hwaddr addr,
+  uint64_t val, unsigned size)
+{
+pci_data_write(opaque, addr, val, size);
+}
+
+static uint64_t pci_ls7a_config_read(void *opaque,
+ hwaddr addr, unsigned size)
+{
+uint64_t val;
+
+val = pci_data_read(opaque, addr, size);
+
+return val;
+}
+
+static const MemoryRegionOps pci_ls7a_config_ops = {
+.read = pci_ls7a_config_read,
+.write = pci_ls7a_config_write,
+.valid = {
+.min_access_size = 1,
+.max_access_size = 4,
+},
+.impl = {
+.min_access_size = 1,
+.max_access_size = 4,
+},
+.endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void ls7a_pciehost_realize(DeviceState *dev, Error **errp)
+{
+PCIHostState *pci = PCI_HOST_BRIDGE(dev);
+LS7APCIEHost *s = LS7A_HOST_DEVICE(dev);
+PCIExpressHost *pex = PCIE_HOST_BRIDGE(dev);


SysbusDevice *sbd = SYS_BUS_DEVICE(dev) will be needed for later use.


+pci->bus = pci_register_root_bus(dev, "pcie.0", NULL, NULL, s,
+ get_system_memory(), get_system_io(),
+ PCI_DEVFN(1, 0), 128, TYPE_PCIE_BUS);


A device shouldn't map itself into an address space: that is the job of the board. To 
achieve this LS7APCIEHost should have separate mmio and io memory regions defined and 
pci_register_root_bus() configured to use these i.e.


pci->bus = pci_register_root_bus(dev, "pcie.0", NULL, NULL, s,
 >pci_mmio, >pci_io,
 PCI_DEVFN(1, 0), 128, TYPE_PCIE_BUS);


+memory_region_init_io(>pci_conf, OBJECT(dev),
+  _ls7a_config_ops, pci->bus,
+  "ls7a_pci_conf", HT1LO_PCICFG_SIZE);
+memory_region_add_subregion(get_system_memory(), HT1LO_PCICFG_BASE,
+>pci_conf);


Here add sysbus_init_mmio(sbd, >pci_conf) and remove 
memory_region_add_subregion().


+/* Add ls7a pci-io */
+memory_region_init_alias(>pci_io, OBJECT(dev), "ls7a-pci-io",
+ get_system_io(), 0, LS7A_PCI_IO_SIZE);
+memory_region_add_subregion(get_system_memory(), LS7A_PCI_IO_BASE,
+>pci_io);


Remove the alias onto the system io memory region and instead use 
sysbus_init_mmio(sbd, >pci_io).


You will also need to make the PCI mmio memory region availble to the board using 
sysbus_init_mmio(sbd, >pci_mmio).



+pcie_host_mmcfg_update(pex, true, LS_PCIECFG_BASE, LS_PCIECFG_SIZE);


It looks like the pcie_host_mmcfg_*() functions are hardcoded to map the device in 
system memory which is not recommended for new devices. The best example I can find 
is in hw/pci-host/xilinx-pcie.c whereby pcie_host_mmcfg_init() is used in 

Re: [PATCH] hw/timer/etraxfs_timer: Add vmstate for ETRAX timers

[Philippe Mathieu-Daudé]

ping?

On 11/6/21 11:56, Philippe Mathieu-Daudé wrote:
> Add the vmstate for the ETRAX timers.
> This is in theory a migration compatibility break
> for the 'AXIS devboard 88' CRIS machine.
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/timer/etraxfs_timer.c | 34 +-
>  1 file changed, 33 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/timer/etraxfs_timer.c b/hw/timer/etraxfs_timer.c
> index 4ba662190de..139e5b86a44 100644
> --- a/hw/timer/etraxfs_timer.c
> +++ b/hw/timer/etraxfs_timer.c
> @@ -26,6 +26,7 @@
>  #include "hw/sysbus.h"
>  #include "sysemu/reset.h"
>  #include "sysemu/runstate.h"
> +#include "migration/vmstate.h"
>  #include "qemu/module.h"
>  #include "qemu/timer.h"
>  #include "hw/irq.h"
> @@ -64,7 +65,7 @@ struct ETRAXTimerState {
>  ptimer_state *ptimer_t1;
>  ptimer_state *ptimer_wd;
>  
> -int wd_hits;
> +uint32_t wd_hits;
>  
>  /* Control registers.  */
>  uint32_t rw_tmr0_div;
> @@ -83,6 +84,36 @@ struct ETRAXTimerState {
>  uint32_t r_masked_intr;
>  };
>  
> +static const VMStateDescription vmstate_etraxfs = {
> +.name = "etraxfs",
> +.version_id = 0,
> +.minimum_version_id = 0,
> +.fields = (VMStateField[]) {
> +VMSTATE_PTIMER(ptimer_t0, ETRAXTimerState),
> +VMSTATE_PTIMER(ptimer_t1, ETRAXTimerState),
> +VMSTATE_PTIMER(ptimer_wd, ETRAXTimerState),
> +
> +VMSTATE_UINT32(wd_hits, ETRAXTimerState),
> +
> +VMSTATE_UINT32(rw_tmr0_div, ETRAXTimerState),
> +VMSTATE_UINT32(r_tmr0_data, ETRAXTimerState),
> +VMSTATE_UINT32(rw_tmr0_ctrl, ETRAXTimerState),
> +
> +VMSTATE_UINT32(rw_tmr1_div, ETRAXTimerState),
> +VMSTATE_UINT32(r_tmr1_data, ETRAXTimerState),
> +VMSTATE_UINT32(rw_tmr1_ctrl, ETRAXTimerState),
> +
> +VMSTATE_UINT32(rw_wd_ctrl, ETRAXTimerState),
> +
> +VMSTATE_UINT32(rw_intr_mask, ETRAXTimerState),
> +VMSTATE_UINT32(rw_ack_intr, ETRAXTimerState),
> +VMSTATE_UINT32(r_intr, ETRAXTimerState),
> +VMSTATE_UINT32(r_masked_intr, ETRAXTimerState),
> +
> +VMSTATE_END_OF_LIST()
> +}
> +};
> +
>  static uint64_t
>  timer_read(void *opaque, hwaddr addr, unsigned int size)
>  {
> @@ -357,6 +388,7 @@ static void etraxfs_timer_class_init(ObjectClass *klass, 
> void *data)
>  ResettableClass *rc = RESETTABLE_CLASS(klass);
>  
>  dc->realize = etraxfs_timer_realize;
> +dc->vmsd = _etraxfs;
>  rc->phases.enter = etraxfs_timer_reset_enter;
>  rc->phases.hold = etraxfs_timer_reset_hold;
>  }
> 

[PATCH] target/mips: Align vector registers to 16 bytes

[Philippe Mathieu-Daudé]

Align fpr_t to 16 bytes to be able to use the TCG "Generic"
vector operation expansion API from "tcg/tcg-op-gvec.h",
otherwise we trigger assertions in check_size_align().

See commits ec8e23e37f8 (s390x) and 11e2bfef799 (i386)
for similar justifications.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/mips/cpu.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index 56b1cbd091d..15b983f7104 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -30,7 +30,7 @@ union fpr_t {
 uint32_t w[2]; /* binary single fixed-point */
 /* FPU/MSA register mapping is not tested on big-endian hosts. */
 wr_t wr;   /* vector data */
-};
+} QEMU_ALIGNED(16);
 /*
  *define FP_ENDIAN_IDX to access the same location
  * in the fpr_t union regardless of the host endianness
-- 
2.33.1

[PATCH v3 1/3] hw: Move MARVELL_88W8618 Kconfig from audio/ to arm/

[Philippe Mathieu-Daudé]

The Marvell 88W8618 is a system-on-chip with an ARM core.
We implement its audio codecs and network interface.
Homogeneous SoC Kconfig are usually defined in the hw/$ARCH
directory. Move it there.

Suggested-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/Kconfig   | 3 +++
 hw/audio/Kconfig | 3 ---
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index e6525909438..c459c897cc7 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -94,6 +94,9 @@ config MUSCA
 select SPLIT_IRQ
 select UNIMP
 
+config MARVELL_88W8618
+bool
+
 config MUSICPAL
 bool
 select OR_IRQ
diff --git a/hw/audio/Kconfig b/hw/audio/Kconfig
index e9c6fed8261..e76c69ca7e7 100644
--- a/hw/audio/Kconfig
+++ b/hw/audio/Kconfig
@@ -47,6 +47,3 @@ config PL041
 
 config CS4231
 bool
-
-config MARVELL_88W8618
-bool
-- 
2.33.1

[PATCH v3 3/3] hw/net: Move MV88W8618 network device out of hw/arm/ directory

[Philippe Mathieu-Daudé]

The Marvell 88W8618 network device is hidden in the Musicpal
machine. Move it into a new unit file under the hw/net/ directory.

Acked-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/net/mv88w8618_eth.h |  12 +
 hw/arm/musicpal.c  | 380 +--
 hw/net/mv88w8618_eth.c | 402 +
 MAINTAINERS|   2 +
 hw/net/meson.build |   1 +
 5 files changed, 418 insertions(+), 379 deletions(-)
 create mode 100644 include/hw/net/mv88w8618_eth.h
 create mode 100644 hw/net/mv88w8618_eth.c

diff --git a/include/hw/net/mv88w8618_eth.h b/include/hw/net/mv88w8618_eth.h
new file mode 100644
index 000..8f4c746092f
--- /dev/null
+++ b/include/hw/net/mv88w8618_eth.h
@@ -0,0 +1,12 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * Marvell MV88W8618 / Freecom MusicPal emulation.
+ *
+ * Copyright (c) 2008-2021 QEMU contributors
+ */
+#ifndef HW_NET_MV88W8618_H
+#define HW_NET_MV88W8618_H
+
+#define TYPE_MV88W8618_ETH "mv88w8618_eth"
+
+#endif
diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c
index 6b5310117b8..7c840fb4283 100644
--- a/hw/arm/musicpal.c
+++ b/hw/arm/musicpal.c
@@ -34,12 +34,12 @@
 #include "ui/pixel_ops.h"
 #include "qemu/cutils.h"
 #include "qom/object.h"
+#include "hw/net/mv88w8618_eth.h"
 
 #define MP_MISC_BASE0x80002000
 #define MP_MISC_SIZE0x1000
 
 #define MP_ETH_BASE 0x80008000
-#define MP_ETH_SIZE 0x1000
 
 #define MP_WLAN_BASE0x8000C000
 #define MP_WLAN_SIZE0x0800
@@ -84,383 +84,6 @@
 /* Wolfson 8750 I2C address */
 #define MP_WM_ADDR  0x1A
 
-/* Ethernet register offsets */
-#define MP_ETH_SMIR 0x010
-#define MP_ETH_PCXR 0x408
-#define MP_ETH_SDCMR0x448
-#define MP_ETH_ICR  0x450
-#define MP_ETH_IMR  0x458
-#define MP_ETH_FRDP00x480
-#define MP_ETH_FRDP10x484
-#define MP_ETH_FRDP20x488
-#define MP_ETH_FRDP30x48C
-#define MP_ETH_CRDP00x4A0
-#define MP_ETH_CRDP10x4A4
-#define MP_ETH_CRDP20x4A8
-#define MP_ETH_CRDP30x4AC
-#define MP_ETH_CTDP00x4E0
-#define MP_ETH_CTDP10x4E4
-
-/* MII PHY access */
-#define MP_ETH_SMIR_DATA0x
-#define MP_ETH_SMIR_ADDR0x03FF
-#define MP_ETH_SMIR_OPCODE  (1 << 26) /* Read value */
-#define MP_ETH_SMIR_RDVALID (1 << 27)
-
-/* PHY registers */
-#define MP_ETH_PHY1_BMSR0x0021
-#define MP_ETH_PHY1_PHYSID1 0x0041
-#define MP_ETH_PHY1_PHYSID2 0x0061
-
-#define MP_PHY_BMSR_LINK0x0004
-#define MP_PHY_BMSR_AUTONEG 0x0008
-
-#define MP_PHY_88E3015  0x01410E20
-
-/* TX descriptor status */
-#define MP_ETH_TX_OWN   (1U << 31)
-
-/* RX descriptor status */
-#define MP_ETH_RX_OWN   (1U << 31)
-
-/* Interrupt cause/mask bits */
-#define MP_ETH_IRQ_RX_BIT   0
-#define MP_ETH_IRQ_RX   (1 << MP_ETH_IRQ_RX_BIT)
-#define MP_ETH_IRQ_TXHI_BIT 2
-#define MP_ETH_IRQ_TXLO_BIT 3
-
-/* Port config bits */
-#define MP_ETH_PCXR_2BSM_BIT28 /* 2-byte incoming suffix */
-
-/* SDMA command bits */
-#define MP_ETH_CMD_TXHI (1 << 23)
-#define MP_ETH_CMD_TXLO (1 << 22)
-
-typedef struct mv88w8618_tx_desc {
-uint32_t cmdstat;
-uint16_t res;
-uint16_t bytes;
-uint32_t buffer;
-uint32_t next;
-} mv88w8618_tx_desc;
-
-typedef struct mv88w8618_rx_desc {
-uint32_t cmdstat;
-uint16_t bytes;
-uint16_t buffer_size;
-uint32_t buffer;
-uint32_t next;
-} mv88w8618_rx_desc;
-
-#define TYPE_MV88W8618_ETH "mv88w8618_eth"
-OBJECT_DECLARE_SIMPLE_TYPE(mv88w8618_eth_state, MV88W8618_ETH)
-
-struct mv88w8618_eth_state {
-/*< private >*/
-SysBusDevice parent_obj;
-/*< public >*/
-
-MemoryRegion iomem;
-qemu_irq irq;
-MemoryRegion *dma_mr;
-AddressSpace dma_as;
-uint32_t smir;
-uint32_t icr;
-uint32_t imr;
-int mmio_index;
-uint32_t vlan_header;
-uint32_t tx_queue[2];
-uint32_t rx_queue[4];
-uint32_t frx_queue[4];
-uint32_t cur_rx[4];
-NICState *nic;
-NICConf conf;
-};
-
-static void eth_rx_desc_put(AddressSpace *dma_as, uint32_t addr,
-mv88w8618_rx_desc *desc)
-{
-cpu_to_le32s(>cmdstat);
-cpu_to_le16s(>bytes);
-cpu_to_le16s(>buffer_size);
-cpu_to_le32s(>buffer);
-cpu_to_le32s(>next);
-dma_memory_write(dma_as, addr, desc, sizeof(*desc));
-}
-
-static void eth_rx_desc_get(AddressSpace *dma_as, uint32_t addr,
-mv88w8618_rx_desc *desc)
-{
-dma_memory_read(dma_as, addr, desc, sizeof(*desc));
-le32_to_cpus(>cmdstat);
-le16_to_cpus(>bytes);
-le16_to_cpus(>buffer_size);
-le32_to_cpus(>buffer);
-le32_to_cpus(>next);
-}
-
-static ssize_t eth_receive(NetClientState *nc, const 

[PATCH v3 2/3] hw/arm/musicpal: Fix coding style of code related to MV88W8618 device

[Philippe Mathieu-Daudé]

We are going to move this code, so fix its style first to avoid:

  ERROR: spaces required around that '/' (ctx:VxV)

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/musicpal.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c
index 2d612cc0c9b..6b5310117b8 100644
--- a/hw/arm/musicpal.c
+++ b/hw/arm/musicpal.c
@@ -309,13 +309,13 @@ static uint64_t mv88w8618_eth_read(void *opaque, hwaddr 
offset,
 return s->imr;
 
 case MP_ETH_FRDP0 ... MP_ETH_FRDP3:
-return s->frx_queue[(offset - MP_ETH_FRDP0)/4];
+return s->frx_queue[(offset - MP_ETH_FRDP0) / 4];
 
 case MP_ETH_CRDP0 ... MP_ETH_CRDP3:
-return s->rx_queue[(offset - MP_ETH_CRDP0)/4];
+return s->rx_queue[(offset - MP_ETH_CRDP0) / 4];
 
 case MP_ETH_CTDP0 ... MP_ETH_CTDP1:
-return s->tx_queue[(offset - MP_ETH_CTDP0)/4];
+return s->tx_queue[(offset - MP_ETH_CTDP0) / 4];
 
 default:
 return 0;
@@ -360,16 +360,16 @@ static void mv88w8618_eth_write(void *opaque, hwaddr 
offset,
 break;
 
 case MP_ETH_FRDP0 ... MP_ETH_FRDP3:
-s->frx_queue[(offset - MP_ETH_FRDP0)/4] = value;
+s->frx_queue[(offset - MP_ETH_FRDP0) / 4] = value;
 break;
 
 case MP_ETH_CRDP0 ... MP_ETH_CRDP3:
-s->rx_queue[(offset - MP_ETH_CRDP0)/4] =
-s->cur_rx[(offset - MP_ETH_CRDP0)/4] = value;
+s->rx_queue[(offset - MP_ETH_CRDP0) / 4] =
+s->cur_rx[(offset - MP_ETH_CRDP0) / 4] = value;
 break;
 
 case MP_ETH_CTDP0 ... MP_ETH_CTDP1:
-s->tx_queue[(offset - MP_ETH_CTDP0)/4] = value;
+s->tx_queue[(offset - MP_ETH_CTDP0) / 4] = value;
 break;
 }
 }
-- 
2.33.1

[PATCH v3 0/3] hw/net: Move MV88W8618 network device out of hw/arm/ directory

[Philippe Mathieu-Daudé]

This series simply extract the MV88W8618 device from the ARM
machine in hw/arm/ and move it to hw/net/.

Since v2:
- declare MARVELL_88W8618 in hw/arm/Kconfig
- use MARVELL_88W8618 Kconfig (rth)

Since v1:
- update (c) notice

Philippe Mathieu-Daudé (3):
  hw: Move MARVELL_88W8618 Kconfig from audio/ to arm/
  hw/arm/musicpal: Fix coding style of code related to MV88W8618 device
  hw/net: Move MV88W8618 network device out of hw/arm/ directory

 include/hw/net/mv88w8618_eth.h |  12 +
 hw/arm/musicpal.c  | 380 +--
 hw/net/mv88w8618_eth.c | 402 +
 MAINTAINERS|   2 +
 hw/arm/Kconfig |   3 +
 hw/audio/Kconfig   |   3 -
 hw/net/meson.build |   1 +
 7 files changed, 421 insertions(+), 382 deletions(-)
 create mode 100644 include/hw/net/mv88w8618_eth.h
 create mode 100644 hw/net/mv88w8618_eth.c

-- 
2.33.1

Re: [PATCH v2 2/2] hw/net: Move MV88W8618 network device out of hw/arm/ directory

[Philippe Mathieu-Daudé]

On 12/17/21 23:25, Richard Henderson wrote:
> On 12/16/21 4:56 AM, Philippe Mathieu-Daudé wrote:
>> +softmmu_ss.add(when: 'CONFIG_MUSICPAL', if_true:
>> files('mv88w8618_eth.c'))
> 
> So... there's currently a MARVELL_88W8618 define for the audio component
> of the same chip.  Should we re-use that here?

I missed that, good point.

> 
> Otherwise,
> Acked-by: Richard Henderson 

Thank you.

Re: [RFC PATCH v3 3/3] softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_BUS_ERROR

[Philippe Mathieu-Daudé]

On 12/17/21 23:34, Peter Maydell wrote:
> On Wed, 15 Dec 2021 at 18:24, Philippe Mathieu-Daudé  
> wrote:
>>
>> Add the 'memory' bit to the memory attributes to restrict bus
>> controller accesses to memories.
>>
>> Introduce flatview_access_allowed() to check bus permission
>> before running any bus transaction.
>>
>> Have read/write accessors return MEMTX_BUS_ERROR if an access is
>> restricted.
>>
>> There is no change for the default case where 'memory' is not set.
>>
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>  include/exec/memattrs.h |  9 +
>>  softmmu/physmem.c   | 43 +++--
>>  2 files changed, 50 insertions(+), 2 deletions(-)
>>
>> diff --git a/include/exec/memattrs.h b/include/exec/memattrs.h
>> index 95f2d20d55b..f0063583ee2 100644
>> --- a/include/exec/memattrs.h
>> +++ b/include/exec/memattrs.h
>> @@ -35,6 +35,14 @@ typedef struct MemTxAttrs {
>>  unsigned int secure:1;
>>  /* Memory access is usermode (unprivileged) */
>>  unsigned int user:1;
>> +/*
>> + * Bus interconnect and peripherals can access anything (memories,
>> + * devices) by default. By setting the 'memory' bit, bus transaction
>> + * are restricted to "normal" memories (per the AMBA documentation)
>> + * versus devices. Access to devices will be logged and rejected
>> + * (see MEMTX_BUS_ERROR).
>> + */
>> +unsigned int memory:1;
>>  /* Requester ID (for MSI for example) */
>>  unsigned int requester_id:16;
>>  /* Invert endianness for this page */
>> @@ -66,6 +74,7 @@ typedef struct MemTxAttrs {
>>  #define MEMTX_OK 0
>>  #define MEMTX_ERROR (1U << 0) /* device returned an error */
>>  #define MEMTX_DECODE_ERROR  (1U << 1) /* nothing at that address */
>> +#define MEMTX_BUS_ERROR (1U << 2) /* bus returned an error */
> 
> This is kind of odd naming, because MEMTX_DECODE_ERROR already means
> "bus/interconnect returned an error" and it generally translates
> into what at the OS level gets called a "bus error"...

MEMTX_DECODE_ERROR is "nothing at that address". We want a name
for "there is something, but you don't have access to it".
Maybe MEMTX_ILLEGAL_ERROR?

[PATCH] hw/scsi/megasas: Simplify using the ldst API

[Philippe Mathieu-Daudé]

This code is easier to review using the load/store API.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/scsi/megasas.c | 17 +++--
 1 file changed, 3 insertions(+), 14 deletions(-)

diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 619b66ef0f3..066f30e3f22 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -375,8 +375,7 @@ static int megasas_setup_inquiry(uint8_t *cdb, int pg, int 
len)
 cdb[1] = 0x1;
 cdb[2] = pg;
 }
-cdb[3] = (len >> 8) & 0xff;
-cdb[4] = (len & 0xff);
+stw_be_p([2], len);
 return len;
 }
 
@@ -392,18 +391,8 @@ static void megasas_encode_lba(uint8_t *cdb, uint64_t lba,
 } else {
 cdb[0] = READ_16;
 }
-cdb[2] = (lba >> 56) & 0xff;
-cdb[3] = (lba >> 48) & 0xff;
-cdb[4] = (lba >> 40) & 0xff;
-cdb[5] = (lba >> 32) & 0xff;
-cdb[6] = (lba >> 24) & 0xff;
-cdb[7] = (lba >> 16) & 0xff;
-cdb[8] = (lba >> 8) & 0xff;
-cdb[9] = (lba) & 0xff;
-cdb[10] = (len >> 24) & 0xff;
-cdb[11] = (len >> 16) & 0xff;
-cdb[12] = (len >> 8) & 0xff;
-cdb[13] = (len) & 0xff;
+stq_be_p([2], lba);
+stl_be_p([2 + 8], len);
 }
 
 /*
-- 
2.33.1

Re: [RFC PATCH v3 3/3] softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_BUS_ERROR

[Peter Maydell]

On Wed, 15 Dec 2021 at 18:24, Philippe Mathieu-Daudé  wrote:
>
> Add the 'memory' bit to the memory attributes to restrict bus
> controller accesses to memories.
>
> Introduce flatview_access_allowed() to check bus permission
> before running any bus transaction.
>
> Have read/write accessors return MEMTX_BUS_ERROR if an access is
> restricted.
>
> There is no change for the default case where 'memory' is not set.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/exec/memattrs.h |  9 +
>  softmmu/physmem.c   | 43 +++--
>  2 files changed, 50 insertions(+), 2 deletions(-)
>
> diff --git a/include/exec/memattrs.h b/include/exec/memattrs.h
> index 95f2d20d55b..f0063583ee2 100644
> --- a/include/exec/memattrs.h
> +++ b/include/exec/memattrs.h
> @@ -35,6 +35,14 @@ typedef struct MemTxAttrs {
>  unsigned int secure:1;
>  /* Memory access is usermode (unprivileged) */
>  unsigned int user:1;
> +/*
> + * Bus interconnect and peripherals can access anything (memories,
> + * devices) by default. By setting the 'memory' bit, bus transaction
> + * are restricted to "normal" memories (per the AMBA documentation)
> + * versus devices. Access to devices will be logged and rejected
> + * (see MEMTX_BUS_ERROR).
> + */
> +unsigned int memory:1;
>  /* Requester ID (for MSI for example) */
>  unsigned int requester_id:16;
>  /* Invert endianness for this page */
> @@ -66,6 +74,7 @@ typedef struct MemTxAttrs {
>  #define MEMTX_OK 0
>  #define MEMTX_ERROR (1U << 0) /* device returned an error */
>  #define MEMTX_DECODE_ERROR  (1U << 1) /* nothing at that address */
> +#define MEMTX_BUS_ERROR (1U << 2) /* bus returned an error */

This is kind of odd naming, because MEMTX_DECODE_ERROR already means
"bus/interconnect returned an error" and it generally translates
into what at the OS level gets called a "bus error"...

-- PMM

Re: [PATCH v2 2/2] hw/net: Move MV88W8618 network device out of hw/arm/ directory

[Richard Henderson]

On 12/16/21 4:56 AM, Philippe Mathieu-Daudé wrote:

+softmmu_ss.add(when: 'CONFIG_MUSICPAL', if_true: files('mv88w8618_eth.c'))


So... there's currently a MARVELL_88W8618 define for the audio component of the same chip. 
 Should we re-use that here?


Otherwise,
Acked-by: Richard Henderson 

r~

Re: [PATCH v2 1/2] hw/arm/musicpal: Fix coding style of code related to MV88W8618 device

[Richard Henderson]

On 12/16/21 4:56 AM, Philippe Mathieu-Daudé wrote:

We are going to move this code, so fix its style first to avoid:

   ERROR: spaces required around that '/' (ctx:VxV)

Signed-off-by: Philippe Mathieu-Daudé
---
  hw/arm/musicpal.c | 14 +++---
  1 file changed, 7 insertions(+), 7 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 10/10] configure: remove unnecessary symlinks

[Richard Henderson]

On 12/16/21 12:51 AM, Paolo Bonzini wrote:

Make pc-bios/meson.build use the files in the source tree as inputs
to bzip2.

Signed-off-by: Paolo Bonzini
---
  configure   | 1 -
  pc-bios/meson.build | 2 +-
  2 files changed, 1 insertion(+), 2 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 09/10] configure, meson: move ARCH to meson.build

[Richard Henderson]

On 12/16/21 12:51 AM, Paolo Bonzini wrote:

-if config_host['ARCH'].startswith(k) or 
config_target['TARGET_BASE_ARCH'].startswith(k)
+if host_arch.startswith(k) or 
config_target['TARGET_BASE_ARCH'].startswith(k)


Not a problem with this patch, but a missed use of target_base_arch variable?

Anyway,
Reviewed-by: Richard Henderson 


r~

Re: [PATCH 08/10] meson: rename "arch" variable

[Richard Henderson]

On 12/16/21 12:51 AM, Paolo Bonzini wrote:

Avoid confusion between the ARCH variable of configure/config-host.mak
and the same-named variable of meson.build.

Signed-off-by: Paolo Bonzini
---
  meson.build | 12 ++--
  1 file changed, 6 insertions(+), 6 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 07/10] configure: unify x86_64 and x32

[Richard Henderson]

On 12/16/21 7:30 AM, Paolo Bonzini wrote:

On 12/16/21 10:10, Philippe Mathieu-Daudé wrote:

On 12/16/21 09:51, Paolo Bonzini wrote:

The only difference between the two, as far as either configure or
Meson are concerned, is in the multilib flags passed to the compiler.

For QEMU, this fixes the handling of TYPE_OLDDEVT in
include/exec/user/thunk.h and enables testing of dirty ring buffer,
because both are using HOST_X86_64.

For tests/tcg, this means that on a hypothetical x32 host the
cross compiler will not be used to build the tests.


Why not add the cross compiler definitions to tests/tcg?

+: ${cross_cc_x32="$cross_cc_x86_64"}
+: ${cross_cc_cflags_x32="-mx32"}


tests/tcg does not support building x32 tests right now, does it?


We don't have docker support for x32, if that's what you mean.  But if you have x32 
libraries installed on your host, I would think it would work.




What I meant is that, if you're on an x32 host, tests/tcg will now build i386 
and
x86-64 tests with the native compiler.

And of course, those multilibs must be installed as well.


r~

Re: [PATCH 07/10] configure: unify x86_64 and x32

[Richard Henderson]

On 12/16/21 12:51 AM, Paolo Bonzini wrote:

The only difference between the two, as far as either configure or
Meson are concerned, is in the multilib flags passed to the compiler.

For QEMU, this fixes the handling of TYPE_OLDDEVT in
include/exec/user/thunk.h and enables testing of dirty ring buffer,
because both are using HOST_X86_64.

For tests/tcg, this means that on a hypothetical x32 host the
cross compiler will not be used to build the tests.

Signed-off-by: Paolo Bonzini 
---
  configure   | 6 ++
  meson.build | 3 +--
  2 files changed, 3 insertions(+), 6 deletions(-)


Reviewed-by: Richard Henderson 


r~

Re: [PATCH 06/10] configure: unify ppc64 and ppc64le

[Richard Henderson]

On 12/16/21 12:51 AM, Paolo Bonzini wrote:

The only difference between the two, as far as either configure or
Meson are concerned, is the default endianness of the compiler.

For tests/tcg, specify the endianness explicitly on the command line;
for configure, do the same so that it is possible to have --cpu=ppc64le
on a bigendian system or vice versa.  Apart from this, cpu=ppc64le can
be normalized to ppc64 also in configure and not just in the meson
cross file.

Signed-off-by: Paolo Bonzini
---
  configure  | 10 --
  tests/tcg/configure.sh |  4 +++-
  2 files changed, 7 insertions(+), 7 deletions(-)


Reviewed-by: Richard Henderson 


r~

Re: [PATCH 05/10] configure: unify two case statements on $cpu

[Richard Henderson]

On 12/16/21 12:51 AM, Paolo Bonzini wrote:

+  s390)
+CPU_CFLAGS="-m31"
+ARCH=unknown ;;


Eh, ok.  I could also support removing the case entirely.
I don't see the point in having an entry for an unsupported host.

This will actively not compile as soon as my safe-signal reorg hits.

Otherwise,
Reviewed-by: Richard Henderson 


r~

[PATCH] docs/can: convert to restructuredText

[oxr463]

From: Lucas Ramage 

Bug: https://gitlab.com/qemu-project/qemu/-/issues/527
Signed-off-by: Lucas Ramage 
---
 docs/{can.txt => can.rst} | 14 ++
 docs/index.rst|  1 +
 2 files changed, 7 insertions(+), 8 deletions(-)
 rename docs/{can.txt => can.rst} (97%)

diff --git a/docs/can.txt b/docs/can.rst
similarity index 97%
rename from docs/can.txt
rename to docs/can.rst
index 0d310237df..995134d079 100644
--- a/docs/can.txt
+++ b/docs/can.rst
@@ -1,6 +1,5 @@
-QEMU CAN bus emulation support
-==
-
+CAN Bus Emulation Support
+=
 The CAN bus emulation provides mechanism to connect multiple
 emulated CAN controller chips together by one or multiple CAN busses
 (the controller device "canbus"  parameter). The individual busses
@@ -32,8 +31,7 @@ emulated environment for testing and RTEMS GSoC slot has been 
donated
 to work on CAN hardware emulation on QEMU.

 Examples how to use CAN emulation for SJA1000 based boards
-==
-
+--
 When QEMU with CAN PCI support is compiled then one of the next
 CAN boards can be selected

@@ -100,8 +98,7 @@ traffic with "candump" command which is included in 
"can-utils".
   candump can0

 CTU CAN FD support examples
-===
-
+---
 This open-source core provides CAN FD support. CAN FD drames are
 delivered even to the host systems when SocketCAN interface is found
 CAN FD capable.
@@ -170,7 +167,7 @@ The test can be run viceversa, generate messages in the 
guest system and capture
 in the host one and much more combinations.

 Links to other resources
-
+

  (1) CAN related projects at Czech Technical University, Faculty of Electrical 
Engineering
  http://canbus.pages.fel.cvut.cz/
@@ -196,3 +193,4 @@ Links to other resources
  
http://canbus.pages.fel.cvut.cz/ctucanfd_ip_core/driver_doc/ctucanfd-driver.html
  (11) Integration with PCIe interfacing for Intel/Altera Cyclone IV based board
  https://gitlab.fel.cvut.cz/canbus/pcie-ctu_can_fd
+
diff --git a/docs/index.rst b/docs/index.rst
index 0b9ee9901d..beb868ca7f 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -18,3 +18,4 @@ Welcome to QEMU's documentation!
interop/index
specs/index
devel/index
+   can
--
2.32.0

Re: [PULL 09/36] ui: do not delay further remote resize

[Richard Henderson]

On 12/17/21 6:37 AM, marcandre.lur...@redhat.com wrote:

From: Marc-André Lureau

A remote client, such as Spice, will already avoid flooding the stream
by delaying the resize requests.

Signed-off-by: Marc-André Lureau
Acked-by: Gerd Hoffmann
---
  include/ui/console.h | 2 +-
  ui/console.c | 5 +++--
  ui/gtk.c | 2 +-
  ui/sdl2.c| 2 +-
  ui/spice-display.c   | 2 +-
  ui/vnc.c | 2 +-
  6 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/include/ui/console.h b/include/ui/console.h
index 6d678924f6fd..65e6bbcab8ae 100644
--- a/include/ui/console.h
+++ b/include/ui/console.h
@@ -292,7 +292,7 @@ void unregister_displaychangelistener(DisplayChangeListener 
*dcl);
  
  bool dpy_ui_info_supported(QemuConsole *con);

  const QemuUIInfo *dpy_get_ui_info(const QemuConsole *con);
-int dpy_set_ui_info(QemuConsole *con, QemuUIInfo *info);
+int dpy_set_ui_info(QemuConsole *con, QemuUIInfo *info, bool delay);
  


You have failed to update cocoa.m, so the macos build fails.

../ui/cocoa.m:555:35: error: too few arguments to function call, expected 3, 
have 2
dpy_set_ui_info(dcl.con, );
~~~   ^
/private/var/folders/tn/f_9sf1xx5t14qm_6f83q3b84gn/T/cirrus-ci-build/include/ui/console.h:333:5: 
note: 'dpy_set_ui_info' declared here

int dpy_set_ui_info(QemuConsole *con, QemuUIInfo *info, bool delay);
^
../ui/cocoa.m:1836:21: error: no member named 'event' in 'struct 
QemuClipboardNotify'
switch (notify->event) {
~~  ^

https://gitlab.com/qemu-project/qemu/-/jobs/1898442461


r~

Re: [PATCH 1/5] migration: All this fields are unsigned

[Philippe Mathieu-Daudé]

On 12/17/21 21:25, Richard Henderson wrote:
> On 12/16/21 1:26 AM, Philippe Mathieu-Daudé wrote:
>> On 12/16/21 10:13, Juan Quintela wrote:
>>>   multifd_send_terminate_threads(bool error) "error %d"
>>
>> Nitpicking: bool is unsigned :)
> 
> Eh, while the value is not negative, bool will promote to int in stdarg.

Oh, TIL, thanks :)

Re: [PATCH 04/10] configure: do not set bsd_user/linux_user early

[Richard Henderson]

On 12/16/21 12:51 AM, Paolo Bonzini wrote:

@@ -541,7 +541,6 @@ gnu/kfreebsd)
  ;;
  freebsd)
bsd="yes"
-  bsd_user="yes"
make="${MAKE-gmake}"
# needed for kinfo_getvmmap(3) in libutil.h
  ;;
@@ -586,7 +585,6 @@ haiku)
  ;;
  linux)
linux="yes"
-  linux_user="yes"
vhost_user=${default_feature:-yes}
  ;;
  esac

...

+if [ "$linux_user" != no ]; then
+if [ "$targetos" = linux ] && [ -d $source_path/linux-user/host/$cpu ]; 
then
+linux_user=yes
+elif [ "$linux_user" = yes ]; then
+error_exit "linux-user not supported on this architecture"
+fi
+fi
+if [ "$bsd_user" != no ]; then
+if [ -d $source_path/bsd-user/$targetos ]; then
+bsd_user=yes
+elif [ "$bsd_user" = yes ]; then
+error_exit "bsd-user not supported on this host OS"
+fi
+fi


Missing the check for $targetos = freebsd.
This looks like it would enable bsd_user on linux, etc.


r~

Re: [PATCH 02/10] configure: make $targetos lowercase, use windows instead of MINGW32

[Richard Henderson]

On 12/16/21 12:51 AM, Paolo Bonzini wrote:

targetos is already mostly the same as Meson host_machine.system(),
just in CamelCase.  Adjust Windows, which is different, and switch to
lowercase to match Meson.

Signed-off-by: Paolo Bonzini
---
  configure | 58 ---
  1 file changed, 25 insertions(+), 33 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 01/10] configure: simplify creation of plugin symbol list

[Richard Henderson]

On 12/16/21 12:51 AM, Paolo Bonzini wrote:

--dynamic-list is present on all supported ELF (not Windows or Darwin)
platforms, since it dates back to 2006; -exported_symbols_list is
likewise present on all supported versions of macOS.  Do not bother
doing a functional test in configure.

Since stuff is being moved to meson, move the creation of the
Darwin-formatted symbols list there, reducing the transform to a single
sed command.  This also requires using -Xlinker instead of -Wl, in order
to support weird paths that include a comma.

Signed-off-by: Paolo Bonzini
---
  configure   | 16 
  plugins/meson.build | 13 +
  2 files changed, 9 insertions(+), 20 deletions(-)


Surely you'd want to be removing all of the ld_dynamic_list and ld_exported_symbols_list 
code as well?



r~

Re: [PATCH 1/5] migration: All this fields are unsigned

[Richard Henderson]

On 12/16/21 1:26 AM, Philippe Mathieu-Daudé wrote:

On 12/16/21 10:13, Juan Quintela wrote:

  multifd_send_terminate_threads(bool error) "error %d"


Nitpicking: bool is unsigned :)


Eh, while the value is not negative, bool will promote to int in stdarg.

r~

Re: [PULL v3 000/101] ppc queue

[Richard Henderson]

On 12/17/21 9:37 AM, Cédric Le Goater wrote:

The following changes since commit 76b56fdfc9fa43ec6e5986aee33f108c6c6a511e:

   Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into 
staging (2021-12-14 12:46:18 -0800)

are available in the Git repository at:

   https://github.com/legoater/qemu/ tags/pull-ppc-20211217

for you to fetch changes up to 0e6232bc3cb96bdf6fac1b5d7659aa9887afe657:

   ppc/pnv: Use QOM hierarchy to scan PEC PHB4 devices (2021-12-17 17:57:19 
+0100)

Changes in v3:

  - Fixed patch "docs: Introducing pseries documentation" with a newline
and checked documentation generation with :

   make docker-test-build@ubuntu1804 TARGET_LIST=i386-softmmu

Changes in v2:

  - Fixed patch "docs: rSTify ppc-spapr-hcalls.txt" with a newline
  - dropped patch "target/ppc: do not silence SNaN in xscvspdpn" which
still had some comments pending.


ppc 7.0 queue:

* General cleanup for Mac machines (Peter)
* Fixes for FPU exceptions (Lucas)
* Support for new ISA31 instructions (Matheus)
* Fixes for ivshmem (Daniel)
* Cleanups for PowerNV PHB (Christophe and Cedric)
* Updates of PowerNV and pSeries documentation (Leonardo and Daniel)
* Fixes for PowerNV (Daniel)
* Large cleanup of FPU implementation (Richard)
* Removal of SoftTLBs support for PPC74x CPUs (Fabiano)
* Fixes for exception models in MPCx and 60x CPUs (Fabiano)
* Removal of 401/403 CPUs (Cedric)
* Deprecation of taihu machine (Thomas)
* Large rework of PPC405 machine (Cedric)
* Fixes for VSX instructions (Victor and Matheus)
* Fix for e6500 CPU (Fabiano)
* Initial support for PMU (Daniel)


Alexey Kardashevskiy (1):
   pseries: Update SLOF firmware image

Christophe Lombard (1):
   pci-host: Allow extended config space access for PowerNV PHB4 model

Cédric Le Goater (28):
   Merge tag 'qemu-slof-2022' of github.com:aik/qemu into ppc-next
   target/ppc: remove 401/403 CPUs
   ppc/ppc405: Change kernel load address
   ppc: Add trace-events for DCR accesses
   ppc/ppc405: Convert printfs to trace-events
   ppc/ppc405: Drop flag parameter in ppc405_set_bootinfo()
   ppc/ppc405: Change ppc405ep_init() return value
   ppc/ppc405: Add some address space definitions
   ppc/ppc405: Remove flash support
   ppc/ppc405: Rework FW load
   ppc/ppc405: Introduce ppc405_set_default_bootinfo()
   ppc/ppc405: Fix boot from kernel
   ppc/ppc405: Change default PLL values at reset
   ppc/ppc405: Fix bi_pci_enetaddr2 field in U-Boot board information
   ppc/ppc405: Add update of bi_procfreq field
   ppc/pnv: Introduce a "chip" property under PHB3
   ppc/pnv: Use the chip class to check the index of PHB3 devices
   ppc/pnv: Drop the "num-phbs" property
   ppc/pnv: Move mapping of the PHB3 CQ regions under pnv_pbcq_realize()
   ppc/pnv: Use QOM hierarchy to scan PHB3 devices
   ppc/pnv: Introduce a num_pecs class attribute for PHB4 PEC devices
   ppc/pnv: Introduce version and device_id class atributes for PHB4 devices
   ppc/pnv: Introduce a "chip" property under the PHB4 model
   ppc/pnv: Introduce a num_stack class attribute
   ppc/pnv: Compute the PHB index from the PHB4 PEC model
   ppc/pnv: Remove "system-memory" property from PHB4 PEC
   ppc/pnv: Move realize of PEC stacks under the PEC model
   ppc/pnv: Use QOM hierarchy to scan PEC PHB4 devices

Daniel Henrique Barboza (13):
   ivshmem.c: change endianness to LITTLE_ENDIAN
   ivshmem-test.c: enable test_ivshmem_server for ppc64 arch
   ppc/pnv.c: add a friendly warning when accel=kvm is used
   docs/system/ppc/powernv.rst: document KVM support status
   ppc/pnv.c: fix "system-id" FDT when -uuid is set
   target/ppc: introduce PMUEventType and PMU overflow timers
   target/ppc: PMU basic cycle count for pseries TCG
   target/ppc: PMU: update counters on PMCs r/w
   target/ppc: PMU: update counters on MMCR1 write
   target/ppc: enable PMU counter overflow with cycle events
   target/ppc: enable PMU instruction count
   target/ppc/power8-pmu.c: add PM_RUN_INST_CMPL (0xFA) event
   PPC64/TCG: Implement 'rfebb' instruction

Fabiano Rosas (8):
   target/ppc: Disable software TLB for the 7450 family
   target/ppc: Disable unused facilities in the e600 CPU
   target/ppc: Remove the software TLB model of 7450 CPUs
   target/ppc: Fix MPCxxx FPU interrupt address
   target/ppc: Remove 603e exception model
   target/ppc: Set 601v exception model id
   target/ppc: Fix e6500 boot
   Revert "target/ppc: Move SPR_DSISR setting to powerpc_excp"

Leonardo Garcia (5):
   docs: Minor updates on the powernv documentation.
   docs: Introducing pseries documentation

[PULL 4/9] hw/avr: Realize AVRCPU qdev object using qdev_realize()

[Laurent Vivier]

From: Philippe Mathieu-Daudé 

TYPE_AVR_CPU inherits TYPE_CPU, which itself inherits TYPE_DEVICE.
TYPE_DEVICE instances are realized using qdev_realize(), we don't
need to access QOM internal values.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Michael Rolnik 
Message-Id: <20211205224109.322152-1-f4...@amsat.org>
Signed-off-by: Laurent Vivier 
---
 hw/avr/atmega.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/avr/atmega.c b/hw/avr/atmega.c
index 0608e2d475ee..a34803e64272 100644
--- a/hw/avr/atmega.c
+++ b/hw/avr/atmega.c
@@ -233,7 +233,7 @@ static void atmega_realize(DeviceState *dev, Error **errp)
 
 /* CPU */
 object_initialize_child(OBJECT(dev), "cpu", >cpu, mc->cpu_type);
-object_property_set_bool(OBJECT(>cpu), "realized", true, _abort);
+qdev_realize(DEVICE(>cpu), NULL, _abort);
 cpudev = DEVICE(>cpu);
 
 /* SRAM */
-- 
2.33.1

[PULL 8/9] tests/qtest: Replace g_memdup() by g_memdup2()

[Laurent Vivier]

From: Philippe Mathieu-Daudé 

Per 
https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdup2-now/5538

  The old API took the size of the memory to duplicate as a guint,
  whereas most memory functions take memory sizes as a gsize. This
  made it easy to accidentally pass a gsize to g_memdup(). For large
  values, that would lead to a silent truncation of the size from 64
  to 32 bits, and result in a heap area being returned which is
  significantly smaller than what the caller expects. This can likely
  be exploited in various modules to cause a heap buffer overflow.

Replace g_memdup() by the safer g_memdup2() wrapper.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
Message-Id: <20210903174510.751630-25-phi...@redhat.com>
Signed-off-by: Laurent Vivier 
---
 tests/qtest/libqos/ahci.c   | 6 +++---
 tests/qtest/libqos/qgraph.c | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/qtest/libqos/ahci.c b/tests/qtest/libqos/ahci.c
index fba3e7a954ed..eaa2096512e5 100644
--- a/tests/qtest/libqos/ahci.c
+++ b/tests/qtest/libqos/ahci.c
@@ -639,8 +639,8 @@ void ahci_exec(AHCIQState *ahci, uint8_t port,
 AHCIOpts *opts;
 uint64_t buffer_in;
 
-opts = g_memdup((opts_in == NULL ? _opts : opts_in),
-sizeof(AHCIOpts));
+opts = g_memdup2((opts_in == NULL ? _opts : opts_in),
+ sizeof(AHCIOpts));
 
 buffer_in = opts->buffer;
 
@@ -860,7 +860,7 @@ AHCICommand *ahci_command_create(uint8_t command_name)
 g_assert(!props->ncq || props->lba48);
 
 /* Defaults and book-keeping */
-cmd->props = g_memdup(props, sizeof(AHCICommandProp));
+cmd->props = g_memdup2(props, sizeof(AHCICommandProp));
 cmd->name = command_name;
 cmd->xbytes = props->size;
 cmd->prd_size = 4096;
diff --git a/tests/qtest/libqos/qgraph.c b/tests/qtest/libqos/qgraph.c
index d1dc49193055..109ff04e1e8f 100644
--- a/tests/qtest/libqos/qgraph.c
+++ b/tests/qtest/libqos/qgraph.c
@@ -93,7 +93,7 @@ static void add_edge(const char *source, const char *dest,
 edge->type = type;
 edge->dest = g_strdup(dest);
 edge->edge_name = g_strdup(opts->edge_name ?: dest);
-edge->arg = g_memdup(opts->arg, opts->size_arg);
+edge->arg = g_memdup2(opts->arg, opts->size_arg);
 
 edge->before_cmd_line =
 opts->before_cmd_line ? g_strconcat(" ", opts->before_cmd_line, NULL) 
: NULL;
-- 
2.33.1

[PULL 5/9] hw/virtio/vhost: Fix typo in comment.

[Laurent Vivier]

From: Leonardo Garcia 

Signed-off-by: Leonardo Garcia 
Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: 

Signed-off-by: Laurent Vivier 
---
 hw/virtio/vhost.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index 437347ad01c9..20913cf8fb4b 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -313,7 +313,7 @@ static int vhost_dev_has_iommu(struct vhost_dev *dev)
  * For vhost, VIRTIO_F_IOMMU_PLATFORM means the backend support
  * incremental memory mapping API via IOTLB API. For platform that
  * does not have IOMMU, there's no need to enable this feature
- * which may cause unnecessary IOTLB miss/update trnasactions.
+ * which may cause unnecessary IOTLB miss/update transactions.
  */
 return virtio_bus_device_iommu_enabled(vdev) &&
virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);
-- 
2.33.1

[PULL 9/9] checkpatch: Do not allow deprecated g_memdup()

[Laurent Vivier]

From: Philippe Mathieu-Daudé 

g_memdup() is insecure and as been deprecated in GLib 2.68.
QEMU provides the safely equivalent g_memdup2() wrapper.

Do not allow more g_memdup() calls in the repository, provide
a hint to use g_memdup2().

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Eric Blake 
Message-Id: <20210903174510.751630-29-phi...@redhat.com>
Signed-off-by: Laurent Vivier 
---
 scripts/checkpatch.pl | 5 +
 1 file changed, 5 insertions(+)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index cb8eff233e06..5caa739db486 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -2850,6 +2850,11 @@ sub process {
WARN("consider using g_path_get_$1() in preference to 
g_strdup($1())\n" . $herecurr);
}
 
+# enforce g_memdup2() over g_memdup()
+   if ($line =~ /\bg_memdup\s*\(/) {
+   ERROR("use g_memdup2() instead of unsafe g_memdup()\n" 
. $herecurr);
+   }
+
 # recommend qemu_strto* over strto* for numeric conversions
if ($line =~ /\b(strto[^kd].*?)\s*\(/) {
ERROR("consider using qemu_$1 in preference to $1\n" . 
$herecurr);
-- 
2.33.1

[PULL 7/9] glib-compat: Introduce g_memdup2() wrapper

[Laurent Vivier]

From: Philippe Mathieu-Daudé 

When experimenting raising GLIB_VERSION_MIN_REQUIRED to 2.68
(Fedora 34 provides GLib 2.68.1) we get:

  hw/virtio/virtio-crypto.c:245:24: error: 'g_memdup' is deprecated: Use 
'g_memdup2' instead [-Werror,-Wdeprecated-declarations]
  ...

g_memdup() has been updated by g_memdup2() to fix eventual security
issues (size argument is 32-bit and could be truncated / wrapping).
GLib recommends to copy their static inline version of g_memdup2():
https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdup2-now/5538

Our glib-compat.h provides a comment explaining how to deal with
these deprecated declarations (see commit e71e8cc0355
"glib: enforce the minimum required version and warn about old APIs").

Following this comment suggestion, implement the g_memdup2_qemu()
wrapper to g_memdup2(), and use the safer equivalent inlined when
we are using pre-2.68 GLib.

Reported-by: Eric Blake 
Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Eric Blake 
Message-Id: <20210903174510.751630-3-phi...@redhat.com>
Signed-off-by: Laurent Vivier 
---
 include/glib-compat.h | 37 +
 1 file changed, 37 insertions(+)

diff --git a/include/glib-compat.h b/include/glib-compat.h
index 9e95c888f54f..8d01a8c01fb8 100644
--- a/include/glib-compat.h
+++ b/include/glib-compat.h
@@ -68,6 +68,43 @@
  * without generating warnings.
  */
 
+/*
+ * g_memdup2_qemu:
+ * @mem: (nullable): the memory to copy.
+ * @byte_size: the number of bytes to copy.
+ *
+ * Allocates @byte_size bytes of memory, and copies @byte_size bytes into it
+ * from @mem. If @mem is %NULL it returns %NULL.
+ *
+ * This replaces g_memdup(), which was prone to integer overflows when
+ * converting the argument from a #gsize to a #guint.
+ *
+ * This static inline version is a backport of the new public API from
+ * GLib 2.68, kept internal to GLib for backport to older stable releases.
+ * See https://gitlab.gnome.org/GNOME/glib/-/issues/2319.
+ *
+ * Returns: (nullable): a pointer to the newly-allocated copy of the memory,
+ *  or %NULL if @mem is %NULL.
+ */
+static inline gpointer g_memdup2_qemu(gconstpointer mem, gsize byte_size)
+{
+#if GLIB_CHECK_VERSION(2, 68, 0)
+return g_memdup2(mem, byte_size);
+#else
+gpointer new_mem;
+
+if (mem && byte_size != 0) {
+new_mem = g_malloc(byte_size);
+memcpy(new_mem, mem, byte_size);
+} else {
+new_mem = NULL;
+}
+
+return new_mem;
+#endif
+}
+#define g_memdup2(m, s) g_memdup2_qemu(m, s)
+
 #if defined(G_OS_UNIX)
 /*
  * Note: The fallback implementation is not MT-safe, and it returns a copy of
-- 
2.33.1

[PULL 2/9] target/i386/kvm: Replace use of __u32 type

[Laurent Vivier]

From: Philippe Mathieu-Daudé 

QEMU coding style mandates to not use Linux kernel internal
types for scalars types. Replace __u32 by uint32_t.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <2026193955.2793171-1-phi...@redhat.com>
Signed-off-by: Laurent Vivier 
---
 target/i386/kvm/kvm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 5a698bde19ac..13f8e30c2a54 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -1406,7 +1406,7 @@ static int hyperv_fill_cpuids(CPUState *cs,
 c->edx = cpu->hyperv_limits[2];
 
 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_EVMCS)) {
-__u32 function;
+uint32_t function;
 
 /* Create zeroed 0x4006..0x4009 leaves */
 for (function = HV_CPUID_IMPLEMENT_LIMITS + 1;
-- 
2.33.1

[PULL 1/9] configure: Symlink binaries using .exe suffix with MinGW

[Laurent Vivier]

From: Philippe Mathieu-Daudé 

When using the MinGW toolchain, we use the .exe suffix for the
executable name. We also need to use it for the symlinks in the
build directory.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Stefan Weil 
Acked-by: Paolo Bonzini 
Message-Id: <20211109144504.1541206-1-phi...@redhat.com>
Signed-off-by: Laurent Vivier 
---
 configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure b/configure
index 5fae19858d58..28e1cf6291bb 100755
--- a/configure
+++ b/configure
@@ -3754,7 +3754,7 @@ fi
 
 for target in $target_list; do
 target_dir="$target"
-target_name=$(echo $target | cut -d '-' -f 1)
+target_name=$(echo $target | cut -d '-' -f 1)$EXESUF
 mkdir -p $target_dir
 case $target in
 *-user) symlink "../qemu-$target_name" "$target_dir/qemu-$target_name" 
;;
-- 
2.33.1

[PULL 3/9] qemu-keymap: Add license in generated files

[Laurent Vivier]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Warner Losh 
Message-Id: <2027174533.1900570-1-phi...@redhat.com>
Signed-off-by: Laurent Vivier 
---
 qemu-keymap.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/qemu-keymap.c b/qemu-keymap.c
index 536e8f2385d7..4095b654a607 100644
--- a/qemu-keymap.c
+++ b/qemu-keymap.c
@@ -187,6 +187,7 @@ int main(int argc, char *argv[])
 }
 
 fprintf(outfile,
+"# SPDX-License-Identifier: GPL-2.0-or-later\n"
 "#\n"
 "# generated by qemu-keymap\n"
 "#model   : %s\n"
-- 
2.33.1

[PULL 6/9] docs/block-replication.txt: Fix replication top-id command demo

[Laurent Vivier]

From: Zhang Chen 

This demo not correct, the original childs1 can't pass the
the bdrv_is_root_node check in replcation_start().
Keep consistent with docs/COLO-FT.txt

Signed-off-by: Zhang Chen 
Reviewed-by: Laurent Vivier 
Message-Id: <20211018085044.2788276-1-chen.zh...@intel.com>
Signed-off-by: Laurent Vivier 
---
 docs/block-replication.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/block-replication.txt b/docs/block-replication.txt
index b0f23761c6e7..e1b28a6cc117 100644
--- a/docs/block-replication.txt
+++ b/docs/block-replication.txt
@@ -179,7 +179,7 @@ Primary:
 
 Secondary:
   -drive if=none,driver=raw,file.filename=1.raw,id=colo1 \
-  -drive if=none,id=childs1,driver=replication,mode=secondary,top-id=childs1
+  -drive if=none,id=childs1,driver=replication,mode=secondary,top-id=top-disk1
  file.file.filename=active_disk.qcow2,\
  file.driver=qcow2,\
  file.backing.file.filename=hidden_disk.qcow2,\
-- 
2.33.1

[PULL 0/9] Trivial branch for 7.0 patches

[Laurent Vivier]

The following changes since commit 29eb5c2c86f935b0e9700fad2ecfe8a32b011d57:

  Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging 
(2021-12-16 08:39:20 -0800)

are available in the Git repository at:

  https://gitlab.com/laurent_vivier/qemu.git 
tags/trivial-branch-for-7.0-pull-request

for you to fetch changes up to ce2ff9cccf0c5f123f9d1e3d5e4fc07d1c2c159d:

  checkpatch: Do not allow deprecated g_memdup() (2021-12-17 11:57:35 +0100)


Trivial patches pull request 20211217



Leonardo Garcia (1):
  hw/virtio/vhost: Fix typo in comment.

Philippe Mathieu-Daudé (7):
  configure: Symlink binaries using .exe suffix with MinGW
  target/i386/kvm: Replace use of __u32 type
  qemu-keymap: Add license in generated files
  hw/avr: Realize AVRCPU qdev object using qdev_realize()
  glib-compat: Introduce g_memdup2() wrapper
  tests/qtest: Replace g_memdup() by g_memdup2()
  checkpatch: Do not allow deprecated g_memdup()

Zhang Chen (1):
  docs/block-replication.txt: Fix replication top-id command demo

 configure   |  2 +-
 docs/block-replication.txt  |  2 +-
 hw/avr/atmega.c |  2 +-
 hw/virtio/vhost.c   |  2 +-
 include/glib-compat.h   | 37 +
 qemu-keymap.c   |  1 +
 scripts/checkpatch.pl   |  5 +
 target/i386/kvm/kvm.c   |  2 +-
 tests/qtest/libqos/ahci.c   |  6 +++---
 tests/qtest/libqos/qgraph.c |  2 +-
 10 files changed, 52 insertions(+), 9 deletions(-)

-- 
2.33.1

Re: [PATCH v4 11/14] vfio-user: IOMMU support for remote device

[Jag Raman]

> On Dec 16, 2021, at 9:40 AM, Stefan Hajnoczi  wrote:
> 
> On Wed, Dec 15, 2021 at 10:35:35AM -0500, Jagannathan Raman wrote:
>> Assign separate address space for each device in the remote processes.
> 
> If I understand correctly this isn't really an IOMMU. It's abusing the
> IOMMU APIs to create isolated address spaces for each device. This way
> memory regions added by the vfio-user client do not conflict when there
> are multiple vfio-user servers.

Like you already figured out, having isolated DMA address space alone is not
sufficient for this application, we also needed to isolate the sysmem/RAM 
address
space. As such, the available IOMMU APIs alone were not sufficient, so we had
to improvise.

> 
> Calling pci_root_bus_new() and keeping one PCI bus per VfuObject might
> be a cleaner approach:
> - Lets you isolate both PCI Memory Space and IO Space.
> - Isolates the PCIDevices and their addresses on the bus.
> - Isolates irqs.
> - No more need to abuse the IOMMU API.

I believe we would still need to have an IOMMU. It’s because, devices use the
pci_dma_read()/_write() functions. These functions look up the address in DMA
address space (via pci_get_address_space() -> PCIDevice->bus_master_as ->
PCIDevice->bus_master_enable_region -> PCIDevice->bus_master_container_region).
 bus_master_enable_region and bus_master_container_region are effectively 
aliases
to the DMA address space - without an IOMMU, the dma_as would be the shared
global sysmem/RAM space (address_space_mem, please see pci_init_bus_master())

> 
> I might be missing something because I haven't investigated how to do
> this myself.
> 
>> Signed-off-by: Elena Ufimtseva 
>> Signed-off-by: John G Johnson 
>> Signed-off-by: Jagannathan Raman 
>> ---
>> include/hw/pci/pci.h  |   2 +
>> include/hw/remote/iommu.h |  24 
>> hw/pci/pci.c  |   2 +-
>> hw/remote/iommu.c | 117 ++
>> hw/remote/machine.c   |   5 ++
>> hw/remote/vfio-user-obj.c |  20 ++-
>> MAINTAINERS   |   2 +
>> hw/remote/meson.build |   1 +
>> 8 files changed, 169 insertions(+), 4 deletions(-)
>> create mode 100644 include/hw/remote/iommu.h
>> create mode 100644 hw/remote/iommu.c
>> 
>> diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
>> index 5c4016b995..f2fc2d5375 100644
>> --- a/include/hw/pci/pci.h
>> +++ b/include/hw/pci/pci.h
>> @@ -734,6 +734,8 @@ void lsi53c8xx_handle_legacy_cmdline(DeviceState 
>> *lsi_dev);
>> qemu_irq pci_allocate_irq(PCIDevice *pci_dev);
>> void pci_set_irq(PCIDevice *pci_dev, int level);
>> 
>> +void pci_init_bus_master(PCIDevice *pci_dev);
> 
> This function isn't used in this patch. Why make it public?

We were investigating updating the bus’s address space before the PCI device
initialized, but we dropped it as that would be an invasive change. This is 
cruft
from that effort, sorry - will remove.

> 
>> +
>> static inline void pci_irq_assert(PCIDevice *pci_dev)
>> {
>> pci_set_irq(pci_dev, 1);
>> diff --git a/include/hw/remote/iommu.h b/include/hw/remote/iommu.h
>> new file mode 100644
>> index 00..42ce0ca383
>> --- /dev/null
>> +++ b/include/hw/remote/iommu.h
>> @@ -0,0 +1,24 @@
>> +/*
>> + * IOMMU for remote device
>> + *
>> + * Copyright © 2021 Oracle and/or its affiliates.
>> + *
>> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
>> + * See the COPYING file in the top-level directory.
>> + *
>> + */
>> +
>> +#ifndef REMOTE_IOMMU_H
>> +#define REMOTE_IOMMU_H
>> +
>> +#include "hw/pci/pci_bus.h"
>> +
>> +void remote_iommu_free(PCIDevice *pci_dev);
>> +
>> +void remote_iommu_init(void);
>> +
>> +void remote_iommu_set(PCIBus *bus);
>> +
>> +MemoryRegion *remote_iommu_get_ram(PCIDevice *pci_dev);
>> +
>> +#endif
>> diff --git a/hw/pci/pci.c b/hw/pci/pci.c
>> index 4a84e478ce..57d561cc03 100644
>> --- a/hw/pci/pci.c
>> +++ b/hw/pci/pci.c
>> @@ -95,7 +95,7 @@ static const VMStateDescription vmstate_pcibus = {
>> }
>> };
>> 
>> -static void pci_init_bus_master(PCIDevice *pci_dev)
>> +void pci_init_bus_master(PCIDevice *pci_dev)
>> {
>> AddressSpace *dma_as = pci_device_iommu_address_space(pci_dev);
>> 
>> diff --git a/hw/remote/iommu.c b/hw/remote/iommu.c
>> new file mode 100644
>> index 00..30c866badb
>> --- /dev/null
>> +++ b/hw/remote/iommu.c
>> @@ -0,0 +1,117 @@
>> +/*
>> + * Remote IOMMU
>> + *
>> + * Copyright © 2021 Oracle and/or its affiliates.
>> + *
>> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
>> + * See the COPYING file in the top-level directory.
>> + *
>> + */
>> +
>> +#include "qemu/osdep.h"
>> +#include "qemu-common.h"
>> +
>> +#include "hw/remote/iommu.h"
>> +#include "hw/pci/pci_bus.h"
>> +#include "exec/memory.h"
>> +#include "exec/address-spaces.h"
>> +#include "trace.h"
>> +
>> +struct VFUIOMMU {
>> +AddressSpace  as;
>> +MemoryRegion  mr;
> 
> I guess this is the root MemoryRegion container? Calling it "root" or
> "root_mr" 

Re: [RFC PATCH v3 3/3] softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_BUS_ERROR

[Richard Henderson]

On 12/15/21 10:24 AM, Philippe Mathieu-Daudé wrote:

+static inline bool flatview_access_allowed(MemoryRegion *mr, MemTxAttrs attrs,
+   hwaddr addr, hwaddr len)


There's no need to mark this inline. Otherwise,

Reviewed-by: Richard Henderson 


r~

Re: [PATCH qemu] s390x/css: fix PMCW invalid mask

[Halil Pasic]

On Fri, 17 Dec 2021 18:13:47 +0100
Pierre Morel  wrote:

> >> Previously, we required bits 5, 6 and 7 to be zero (0x07 == 0b111). But,
> >> as per the principles of operation, bit 5 is ignored in MSCH and bits 0,
> >> 1, 6 and 7 need to be zero.  
> > 
> > On a second thought, don't we have to make sure then that bit 5 is
> > ignored?
> > 
> > static void copy_pmcw_from_guest(PMCW *dest, const PMCW *src)
> > {
> >  int i;
> > 
> >  dest->intparm = be32_to_cpu(src->intparm);
> >  dest->flags = be16_to_cpu(src->flags);
> >  dest->devno = be16_to_cpu(src->devno);
> > 
> > Here we seem to grab flags as a whole, but actually we would have to
> > mask of bit 5.  
> 
> Why?
> If this bit is ignored by the machine shouldn't we just ignore it?
> Forcing it to 0 or to 1 is purely arbitrary no?

We do the masking later on:
IOInstEnding css_do_msch(SubchDev *sch, const SCHIB *orig_schib)
{
[..]
/* Only update the program-modifiable fields. */
schib->pmcw.intparm = schib_copy.pmcw.intparm;
oldflags = schib->pmcw.flags;
schib->pmcw.flags &= ~(PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
  PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
  PMCW_FLAGS_MASK_MP);
schib->pmcw.flags |= schib_copy.pmcw.flags &
(PMCW_FLAGS_MASK_ISC | PMCW_FLAGS_MASK_ENA |
 PMCW_FLAGS_MASK_LM | PMCW_FLAGS_MASK_MME |
 PMCW_FLAGS_MASK_MP);
[..]

I just didn't read far enough. We do that for a while now.

The PoP says that the machine shall ignore other fields
of the PMCW when an MSCH is performed. I.e. we should not update
"our" pmcw.flags bit 5 from 0 to 1 even if 1 was supplied, and
thus STSCH should keep storing the bit 5 as 0 even if there was
a MSCH with bit 5 set.

Regards,
Halil

Re: [PATCH v4 10/14] vfio-user: handle PCI BAR accesses

[Jag Raman]

> On Dec 16, 2021, at 9:10 AM, Stefan Hajnoczi  wrote:
> 
> On Wed, Dec 15, 2021 at 10:35:34AM -0500, Jagannathan Raman wrote:
>> +static ssize_t vfu_object_bar_rw(PCIDevice *pci_dev, hwaddr addr, size_t 
>> count,
>> + char * const buf, const bool is_write,
>> + bool is_io)
>> +{
>> +AddressSpace *as = NULL;
>> +MemTxResult res;
>> +
>> +if (is_io) {
>> +as = _space_io;
>> +} else {
>> +as = pci_device_iommu_address_space(pci_dev);
> 
> This access is not initiated by the device, it's coming from the CPU. It
> shouldn't go through the IOMMU address space.

Got it, thank you!
--
Jag

Re: [PATCH v4 09/14] vfio-user: handle DMA mappings

[Jag Raman]

> On Dec 16, 2021, at 8:24 AM, Stefan Hajnoczi  wrote:
> 
> On Wed, Dec 15, 2021 at 10:35:33AM -0500, Jagannathan Raman wrote:
>> Define and register callbacks to manage the RAM regions used for
>> device DMA
>> 
>> Signed-off-by: Elena Ufimtseva 
>> Signed-off-by: John G Johnson 
>> Signed-off-by: Jagannathan Raman 
>> Reviewed-by: Stefan Hajnoczi 
>> ---
>> hw/remote/vfio-user-obj.c | 48 +++
>> hw/remote/trace-events|  2 ++
>> 2 files changed, 50 insertions(+)
>> 
>> diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
>> index c6d0c675b7..46f2251a68 100644
>> --- a/hw/remote/vfio-user-obj.c
>> +++ b/hw/remote/vfio-user-obj.c
>> @@ -208,6 +208,47 @@ static ssize_t vfu_object_cfg_access(vfu_ctx_t 
>> *vfu_ctx, char * const buf,
>> return count;
>> }
>> 
>> +static void dma_register(vfu_ctx_t *vfu_ctx, vfu_dma_info_t *info)
>> +{
>> +MemoryRegion *subregion = NULL;
>> +g_autofree char *name = NULL;
>> +static unsigned int suffix;
>> +struct iovec *iov = >iova;
>> +
>> +if (!info->vaddr) {
>> +return;
>> +}
>> +
>> +name = g_strdup_printf("remote-mem-%u", suffix++);
>> +
>> +subregion = g_new0(MemoryRegion, 1);
>> +
>> +memory_region_init_ram_ptr(subregion, NULL, name,
>> +   iov->iov_len, info->vaddr);
>> +
>> +memory_region_add_subregion(get_system_memory(), (hwaddr)iov->iov_base,
>> +subregion);
>> +
>> +trace_vfu_dma_register((uint64_t)iov->iov_base, iov->iov_len);
>> +}
>> +
>> +static void dma_unregister(vfu_ctx_t *vfu_ctx, vfu_dma_info_t *info)
>> +{
>> +MemoryRegion *mr = NULL;
>> +ram_addr_t offset;
>> +
>> +mr = memory_region_from_host(info->vaddr, );
>> +if (!mr) {
>> +return;
>> +}
>> +
>> +memory_region_del_subregion(get_system_memory(), mr);
>> +
>> +object_unparent((OBJECT(mr)));
>> +
>> +trace_vfu_dma_unregister((uint64_t)info->iova.iov_base);
>> +}
> 
> This does not support hot unplug (memory regions pointing to memory
> mapped by libvfio-user are left registered). The code should keep a list
> (e.g. https://docs.gtk.org/glib/struct.SList.html) of memory regions and
> automatically remove them before destroying the vfu context.
> 
> It also doesn't support multiple vfio-user server instances running in
> the same QEMU process. get_system_memory() is global but the memory
> regions provided by vfio-user are per-client (i.e. VM). If multiple VMs
> are connected to one vfio-user server process then they conflict.
> 
> I don't know the best way to support multiple vfio-user server
> instances, it would be straightforward if QEMU supported multiple
> MachineStates and didn't use global get_system_memory()/get_io_memory()
> APIs. It would be nice to solve that in the future.

We’ve addressed the multiple vfio-user-server instances in
"[PATCH v4 11/14] vfio-user: IOMMU support for remote device” patch
down the line. I see your comments there, will address them.

Thank you!
--
Jag

> 
> Maybe it's too hard to change that, I haven't looked. An alternative is
> to make the x-remote machine empty (it doesn't create any devices) and
> instead create a new PCI bus, interrupt controller, memory MemoryRegion,
> and io MemoryRegion in VfuObject. Stop using get_system_memory() and
> instead use the per-VfuObject memory MemoryRegion.
> 
> In either of those approaches it's probably necessary to specify the PCI
> bus ID in --device and device_add so it's clear which vfio-user server
> the PCI device is associated with.
> 
> The multiple vfio-user server instance limitation doesn't need to be
> solved now, but I wanted to share some ideas around it. Maybe someone
> has better ideas or is aware of limitations preventing what I described.
> 
> Stefan

Re: [RFC 1/2] migration: Introduce ram_transferred_add()

[Philippe Mathieu-Daudé]

On 12/16/21 13:34, David Edmondson wrote:
> ...and use it.
> 
> Signed-off-by: David Edmondson 
> ---
>  migration/ram.c | 23 ++-
>  migration/ram.h |  1 +
>  2 files changed, 15 insertions(+), 9 deletions(-)

> diff --git a/migration/ram.h b/migration/ram.h
> index c515396a9a..a5b2ffdc18 100644
> --- a/migration/ram.h
> +++ b/migration/ram.h
> @@ -51,6 +51,7 @@ int xbzrle_cache_resize(uint64_t new_size, Error **errp);
>  uint64_t ram_bytes_remaining(void);
>  uint64_t ram_bytes_total(void);
>  void mig_throttle_counter_reset(void);
> +void ram_transferred_add(uint64_t bytes);

Why make the method public? It seems an internal operation. Do you
plan to use it elsewhere?

Re: [RFC PATCH] docs/devel: more documentation on the use of suffixes

[Philippe Mathieu-Daudé]

On 12/17/21 18:19, Alex Bennée wrote:
> Using _qemu is a little confusing. Let's use _compat for these sorts
> of things. We should also mention _impl which is another common suffix
> in the code base.
> 
> Signed-off-by: Alex Bennée 
> ---
>  docs/devel/style.rst  | 7 +++
>  include/glib-compat.h | 6 +++---
>  2 files changed, 10 insertions(+), 3 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH] Target/arm: Implement Cortex-A5

[Alex Bennée]

Richard Henderson  writes:

> On 12/13/21 1:02 PM, Alex Bennée wrote:
>>> +cpu->midr = 0x410fc0f1;
>> hmm wikipedia lists the part number as 0xc05 (and the a15 as 0xc0f)
>> but
>> I can't find the actual value in the TRM.
>
> https://developer.arm.com/documentation/ddi0434/c
>
> has exactly this value at the top of table 4-9.

Ahh good find - 0x410FC051 it is.

>
>>> +cpu->reset_fpsid = 0x41023051;
>> I think for the a5 the FPU is optional so maybe we need a cpu option
>> here? Or maybe just assume it's enabled on QEMUs version?
>
> Yeah, there's no entry for fpsid in the above manual.
>
>>> +cpu->isar.id_mmfr0 = 0x00100103;
>> the TRM says [11:8] Outermost shareability 0x0 L1 cache coherency
>> not supported.
>
> Again, this does match table 4-9.

0x0013

>
>
> r~


-- 
Alex Bennée

Re: [PATCH v2] Revert "target/ppc: Move SPR_DSISR setting to powerpc_excp"

[Fabiano Rosas]

Richard Henderson  writes:

> On 12/9/21 9:33 AM, Fabiano Rosas wrote:
>> This reverts commit 336e91f85332dda0ede4c1d15b87a19a0fb898a2.
>> 
>> It breaks the --disable-tcg build:
>> 
>>   ../target/ppc/excp_helper.c:463:29: error: implicit declaration of
>>   function ‘cpu_ldl_code’ [-Werror=implicit-function-declaration]
>> 
>> We should not have TCG code in powerpc_excp because some kvm-only
>> routines use it indirectly to dispatch interrupts. See
>> kvm_handle_debug, spapr_mce_req_event and
>> spapr_do_system_reset_on_cpu.
>> 
>> We can re-introduce the change once we have split the interrupt
>> injection code between KVM and TCG.
>> 
>> Signed-off-by: Fabiano Rosas 
>> ---
>>   target/ppc/excp_helper.c | 21 -
>>   1 file changed, 12 insertions(+), 9 deletions(-)
>
> This is fine.  I had thought it would turn out to be helpful in conjunction 
> with my 
> user-only unaligned patch set, but in the end I went a different way and have 
> a separate 
> hook for user-only.
>
> It is correct to simply revert the patch first.
>
> I have ideas for further cleanup, if you have time:
>
> (1) The assignment to DSISR does not need to wait until powerpc_excp.  I 
> believe we can 
> assign to it directly in do_unaligned_access, and avoid using env->error_code 
> as an 
> intermediary.

Makes sense. I see that not all processors use DSISR during the
Alignment interrupt. I'll check the manuals and fix that as well.

I'm writing some tests to check each individual Alignment case and DAR
is not being set for ALIGN_LE. There might be others missing. I'll
probably end up moving the DAR code from ppc_cpu_do_unaligned_access
into powerpc_excp after all.

>
> (2) The note about opcode fields being set incorrectly could be fixed during 
> translation. 
>   You'd use TARGET_INSN_START_EXTRA_WORDS to record the necessary information 
> during 
> translation, is provided to restore_state_to_opc during unwinding, and then 
> moved into 
> DSISR in do_unaligned_access.  Similar to target/arm and how 
> env->exception.syndrome is 
> managed, especially disas_set_insn_syndrome.
>

Ok, I'll give it a shot. Thanks for the detailed pointers.

Re: [PATCH v4 07/14] vfio-user: run vfio-user context

[Jag Raman]

> On Dec 16, 2021, at 6:17 AM, Stefan Hajnoczi  wrote:
> 
> On Wed, Dec 15, 2021 at 10:35:31AM -0500, Jagannathan Raman wrote:
>> @@ -114,6 +118,62 @@ static void vfu_object_set_device(Object *obj, const 
>> char *str, Error **errp)
>> vfu_object_init_ctx(o, errp);
>> }
>> 
>> +static void vfu_object_ctx_run(void *opaque)
>> +{
>> +VfuObject *o = opaque;
>> +int ret = -1;
>> +
>> +while (ret != 0) {
>> +ret = vfu_run_ctx(o->vfu_ctx);
>> +if (ret < 0) {
>> +if (errno == EINTR) {
>> +continue;
>> +} else if (errno == ENOTCONN) {
>> +qemu_set_fd_handler(o->vfu_poll_fd, NULL, NULL, NULL);
>> +o->vfu_poll_fd = -1;
>> +object_unparent(OBJECT(o));
>> +break;
> 
> If nothing else logs a message then I think that should be done here so
> users know why their vfio-user server object disappeared.

Sure will do.

Do you prefer a trace, or a message to the console? Trace makes sense to me.
Presently, the client could unplug the vfio-user device which would trigger the
deletion of this object. This process could happen quietly.

> 
>> +} else {
>> +error_setg(_abort, "vfu: Failed to run device %s - 
>> %s",
>> +   o->device, strerror(errno));
> 
> error_abort is equivalent to assuming !o->daemon. In the case where the
> user doesn't want to automatically shut down the process we need to log
> a message without aborting.

OK, makes sense.

> 
>> + break;
> 
> Indentation is off.
> 
>> +}
>> +}
>> +}
>> +}
>> +
>> +static void vfu_object_attach_ctx(void *opaque)
>> +{
>> +VfuObject *o = opaque;
>> +GPollFD pfds[1];
>> +int ret;
>> +
>> +qemu_set_fd_handler(o->vfu_poll_fd, NULL, NULL, NULL);
>> +
>> +pfds[0].fd = o->vfu_poll_fd;
>> +pfds[0].events = G_IO_IN | G_IO_HUP | G_IO_ERR;
>> +
>> +retry_attach:
>> +ret = vfu_attach_ctx(o->vfu_ctx);
>> +if (ret < 0 && (errno == EAGAIN || errno == EWOULDBLOCK)) {
>> +qemu_poll_ns(pfds, 1, 500 * (int64_t)SCALE_MS);
>> +goto retry_attach;
> 
> This can block the thread indefinitely. Other events like monitor
> commands are not handled in this loop. Please make this asynchronous
> (set an fd handler and return from this function so we can try again
> later).
> 
> The vfu_attach_ctx() implementation synchronously negotiates the
> vfio-user connection :(. That's a shame because even if accept(2) is
> handled asynchronously, the negotiation can still block. It would be
> cleanest to have a fully async libvfio-user's vfu_attach_ctx() API to
> avoid blocking. Is that possible?

Thanos / John,

Any thoughts on this?

> 
> If libvfio-user can't make vfu_attach_ctx() fully async then it may be
> possible to spawn a thread just for the blocking vfu_attach_ctx() call
> and report the result back to the event loop (e.g. using EventNotifier).
> That adds a bunch of code to work around a blocking API though, so I
> guess we can leave the blocking part if necessary.
> 
> At the very minimum, please make EAGAIN/EWOULDBLOCK async as mentioned
> above and add a comment explaining the situation with the
> partially-async vfu_attach_ctx() API so it's clear that this can block
> (that way it's clear that you're aware of the issue and this isn't by
> accident).

Sure, we could make the attach async at QEMU depending on how the
library prefers to do this.

> 
>> +} else if (ret < 0) {
>> +error_setg(_abort,
>> +   "vfu: Failed to attach device %s to context - %s",
>> +   o->device, strerror(errno));
> 
> error_abort assumes !o->daemon. Please handle the o->daemon == true
> case by logging an error without aborting.
> 
>> +return;
>> +}
>> +
>> +o->vfu_poll_fd = vfu_get_poll_fd(o->vfu_ctx);
>> +if (o->vfu_poll_fd < 0) {
>> +error_setg(_abort, "vfu: Failed to get poll fd %s", 
>> o->device);
> 
> Same here.
> 
>> @@ -208,6 +284,8 @@ static void vfu_object_init(Object *obj)
>>TYPE_VFU_OBJECT, TYPE_REMOTE_MACHINE);
>> return;
>> }
>> +
>> +o->vfu_poll_fd = -1;
>> }
> 
> This must call qemu_set_fd_handler(o->vfu_poll_fd, NULL, NULL, NULL)
> when o->vfu_poll_fd != -1 to avoid leaving a dangling fd handler
> callback registered.

This is during the init phase, and the FD handlers are not set. Do you mean
to add this at finalize?

I agree it’s good to explicitly add this at finalize. But vfu_destroy_ctx() 
should
trigger a ENOTCONN, which would do it anyway.

Thank you!
--
Jag

Re: [PULL v2 0/7] s390x patches (and one gitlab-CI fix)

[Richard Henderson]

On 12/17/21 6:46 AM, Thomas Huth wrote:

  Hi!

The following changes since commit 29eb5c2c86f935b0e9700fad2ecfe8a32b011d57:

   Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging 
(2021-12-16 08:39:20 -0800)

are available in the Git repository at:

   https://gitlab.com/thuth/qemu.git tags/s390x-2021-12-17

for you to fetch changes up to 9f8e6cad65a66b27e797defe639a4a4fd4330f23:

   gitlab-ci: Speed up the msys2-64bit job by using --without-default-devices 
(2021-12-17 09:12:37 +0100)


* Small fixes for the s390x PCI code
* Fix reset handling of the diag318 data
* Ease timeout problem of the new msys2-64bit job



v2: Dropped the patch that introced the new machine types

Christian Borntraeger (1):
   MAINTAINERS: update email address of Christian Borntraeger

Collin L. Walling (1):
   s390: kvm: adjust diag318 resets to retain data

Matthew Rosato (4):
   s390x/pci: use a reserved ID for the default PCI group
   s390x/pci: don't use hard-coded dma range in reg_ioat
   s390x/pci: use the passthrough measurement update interval
   s390x/pci: add supported DT information to clp response

Thomas Huth (1):
   gitlab-ci: Speed up the msys2-64bit job by using 
--without-default-devices

  .gitlab-ci.d/windows.yml|  2 +-
  .mailmap|  1 +
  MAINTAINERS |  6 +++---
  hw/s390x/s390-pci-bus.c |  1 +
  hw/s390x/s390-pci-inst.c| 15 +--
  hw/s390x/s390-pci-vfio.c|  1 +
  include/hw/s390x/s390-pci-bus.h |  3 ++-
  include/hw/s390x/s390-pci-clp.h |  3 ++-
  target/s390x/cpu.h  |  4 ++--
  target/s390x/kvm/kvm.c  |  4 
  10 files changed, 26 insertions(+), 14 deletions(-)


Applied, thanks.

r~

[PULL v3 000/101] ppc queue

[Cédric Le Goater]

The following changes since commit 76b56fdfc9fa43ec6e5986aee33f108c6c6a511e:

  Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into 
staging (2021-12-14 12:46:18 -0800)

are available in the Git repository at:

  https://github.com/legoater/qemu/ tags/pull-ppc-20211217

for you to fetch changes up to 0e6232bc3cb96bdf6fac1b5d7659aa9887afe657:

  ppc/pnv: Use QOM hierarchy to scan PEC PHB4 devices (2021-12-17 17:57:19 
+0100)

Changes in v3:

 - Fixed patch "docs: Introducing pseries documentation" with a newline
   and checked documentation generation with :

  make docker-test-build@ubuntu1804 TARGET_LIST=i386-softmmu

Changes in v2:

 - Fixed patch "docs: rSTify ppc-spapr-hcalls.txt" with a newline
 - dropped patch "target/ppc: do not silence SNaN in xscvspdpn" which
   still had some comments pending.


ppc 7.0 queue:

* General cleanup for Mac machines (Peter)
* Fixes for FPU exceptions (Lucas)
* Support for new ISA31 instructions (Matheus)
* Fixes for ivshmem (Daniel)
* Cleanups for PowerNV PHB (Christophe and Cedric)
* Updates of PowerNV and pSeries documentation (Leonardo and Daniel)
* Fixes for PowerNV (Daniel)
* Large cleanup of FPU implementation (Richard)
* Removal of SoftTLBs support for PPC74x CPUs (Fabiano)
* Fixes for exception models in MPCx and 60x CPUs (Fabiano)
* Removal of 401/403 CPUs (Cedric)
* Deprecation of taihu machine (Thomas)
* Large rework of PPC405 machine (Cedric)
* Fixes for VSX instructions (Victor and Matheus)
* Fix for e6500 CPU (Fabiano)
* Initial support for PMU (Daniel)


Alexey Kardashevskiy (1):
  pseries: Update SLOF firmware image

Christophe Lombard (1):
  pci-host: Allow extended config space access for PowerNV PHB4 model

Cédric Le Goater (28):
  Merge tag 'qemu-slof-2022' of github.com:aik/qemu into ppc-next
  target/ppc: remove 401/403 CPUs
  ppc/ppc405: Change kernel load address
  ppc: Add trace-events for DCR accesses
  ppc/ppc405: Convert printfs to trace-events
  ppc/ppc405: Drop flag parameter in ppc405_set_bootinfo()
  ppc/ppc405: Change ppc405ep_init() return value
  ppc/ppc405: Add some address space definitions
  ppc/ppc405: Remove flash support
  ppc/ppc405: Rework FW load
  ppc/ppc405: Introduce ppc405_set_default_bootinfo()
  ppc/ppc405: Fix boot from kernel
  ppc/ppc405: Change default PLL values at reset
  ppc/ppc405: Fix bi_pci_enetaddr2 field in U-Boot board information
  ppc/ppc405: Add update of bi_procfreq field
  ppc/pnv: Introduce a "chip" property under PHB3
  ppc/pnv: Use the chip class to check the index of PHB3 devices
  ppc/pnv: Drop the "num-phbs" property
  ppc/pnv: Move mapping of the PHB3 CQ regions under pnv_pbcq_realize()
  ppc/pnv: Use QOM hierarchy to scan PHB3 devices
  ppc/pnv: Introduce a num_pecs class attribute for PHB4 PEC devices
  ppc/pnv: Introduce version and device_id class atributes for PHB4 devices
  ppc/pnv: Introduce a "chip" property under the PHB4 model
  ppc/pnv: Introduce a num_stack class attribute
  ppc/pnv: Compute the PHB index from the PHB4 PEC model
  ppc/pnv: Remove "system-memory" property from PHB4 PEC
  ppc/pnv: Move realize of PEC stacks under the PEC model
  ppc/pnv: Use QOM hierarchy to scan PEC PHB4 devices

Daniel Henrique Barboza (13):
  ivshmem.c: change endianness to LITTLE_ENDIAN
  ivshmem-test.c: enable test_ivshmem_server for ppc64 arch
  ppc/pnv.c: add a friendly warning when accel=kvm is used
  docs/system/ppc/powernv.rst: document KVM support status
  ppc/pnv.c: fix "system-id" FDT when -uuid is set
  target/ppc: introduce PMUEventType and PMU overflow timers
  target/ppc: PMU basic cycle count for pseries TCG
  target/ppc: PMU: update counters on PMCs r/w
  target/ppc: PMU: update counters on MMCR1 write
  target/ppc: enable PMU counter overflow with cycle events
  target/ppc: enable PMU instruction count
  target/ppc/power8-pmu.c: add PM_RUN_INST_CMPL (0xFA) event
  PPC64/TCG: Implement 'rfebb' instruction

Fabiano Rosas (8):
  target/ppc: Disable software TLB for the 7450 family
  target/ppc: Disable unused facilities in the e600 CPU
  target/ppc: Remove the software TLB model of 7450 CPUs
  target/ppc: Fix MPCxxx FPU interrupt address
  target/ppc: Remove 603e exception model
  target/ppc: Set 601v exception model id
  target/ppc: Fix e6500 boot
  Revert "target/ppc: Move SPR_DSISR setting to powerpc_excp"

Leonardo Garcia (5):
  docs: Minor updates on the powernv documentation.
  docs: Introducing pseries documentation.
  docs: rSTify ppc-spapr-hcalls.txt
  docs: Rename ppc-spapr-hcalls.txt to ppc-spapr-hcalls.rst.

Re: [PULL v2 000/101] ppc queue

[Richard Henderson]

On 12/17/21 9:31 AM, Cédric Le Goater wrote:
Maybe you can generate the email text with --inspect-emails, and then send only the 
cover letter manually with git send-email.


That's what I wanted to do: only send the cover letter. Is that ok ?


Yes, please.


r~

Re: [PULL v2 000/101] ppc queue

[Cédric Le Goater]

On 12/17/21 18:24, Richard Henderson wrote:

On 12/17/21 8:46 AM, Cédric Le Goater wrote:

On 12/17/21 17:33, Richard Henderson wrote:

Different docs failure:

Warning, treated as error:
/tmp/qemu-test/src/docs/system/ppc/pseries.rst:241:Unexpected indentation.

You can test this yourself with

make docker-test-build@ubuntu1804 TARGET_LIST=i386-softmmu


hmm, I will be more careful with documentation patches in the future.

How should I send a v3 without resending all patches ?


 From the question, I assume you're using git publish... I'm not sure how to do 
so directly with that tool.


no. I am using the make-pullreq script from Peter which does all the work
to generate the emails and also prepares the git branch for you to pull.

I think I found the last problem and the only change is :

$ git diff ppc-next ppc-7.0
diff --git a/docs/system/ppc/pseries.rst b/docs/system/ppc/pseries.rst
index 72e315eff628..56f5942e13f6 100644
--- a/docs/system/ppc/pseries.rst
+++ b/docs/system/ppc/pseries.rst
@@ -235,4 +235,4 @@ Maintainer contact information
 
 Cédric Le Goater 
 
-Daniel Henrique Barboza 

+Daniel Henrique Barboza 
\ No newline at end of file



Maybe you can generate the email text with --inspect-emails, and then send only 
the cover letter manually with git send-email.


That's what I wanted to do: only send the cover letter. Is that ok ?

Thanks,

C.




The by-hand process is

   git format-patch --subject-prefix=PULL --cover-letter master
   git request-pull master   >> -*
   
   git send-email --to=... --cc=... -*


r~

Re: [RFC PATCH] docs/devel: more documentation on the use of suffixes

[Daniel P . Berrangé]

On Fri, Dec 17, 2021 at 05:19:02PM +, Alex Bennée wrote:
> Using _qemu is a little confusing. Let's use _compat for these sorts
> of things. We should also mention _impl which is another common suffix
> in the code base.
> 
> Signed-off-by: Alex Bennée 
> ---
>  docs/devel/style.rst  | 7 +++
>  include/glib-compat.h | 6 +++---
>  2 files changed, 10 insertions(+), 3 deletions(-)

Reviewed-by: Daniel P. Berrangé 


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PULL v2 000/101] ppc queue

[Richard Henderson]

On 12/17/21 8:46 AM, Cédric Le Goater wrote:

On 12/17/21 17:33, Richard Henderson wrote:

Different docs failure:

Warning, treated as error:
/tmp/qemu-test/src/docs/system/ppc/pseries.rst:241:Unexpected indentation.

You can test this yourself with

make docker-test-build@ubuntu1804 TARGET_LIST=i386-softmmu


hmm, I will be more careful with documentation patches in the future.

How should I send a v3 without resending all patches ?


From the question, I assume you're using git publish... I'm not sure how to do so 
directly with that tool.


Maybe you can generate the email text with --inspect-emails, and then send only the cover 
letter manually with git send-email.


The by-hand process is

  git format-patch --subject-prefix=PULL --cover-letter master
  git request-pull master   >> -*
  
  git send-email --to=... --cc=... -*


r~

[RFC PATCH] docs/devel: more documentation on the use of suffixes

[Alex Bennée]

Using _qemu is a little confusing. Let's use _compat for these sorts
of things. We should also mention _impl which is another common suffix
in the code base.

Signed-off-by: Alex Bennée 
---
 docs/devel/style.rst  | 7 +++
 include/glib-compat.h | 6 +++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/docs/devel/style.rst b/docs/devel/style.rst
index 9c5c0fffd9..60dfdf9b7f 100644
--- a/docs/devel/style.rst
+++ b/docs/devel/style.rst
@@ -151,6 +151,13 @@ If there are two versions of a function to be called with 
or without a
 lock held, the function that expects the lock to be already held
 usually uses the suffix ``_locked``.
 
+If a function is a shim designed to deal with compatibility
+workarounds we use the suffix ``_compat``. These are generally not
+called directly and aliased to the plain function name via the
+pre-processor. Another common suffix that is used is ``__impl`` which
+is often used for the concrete implementation of something that has
+multiple potential approaches hidden behind a common function name or
+one that needs expansion via the pre-processor.
 
 Block structure
 ===
diff --git a/include/glib-compat.h b/include/glib-compat.h
index 9e95c888f5..9d3eb1b7a0 100644
--- a/include/glib-compat.h
+++ b/include/glib-compat.h
@@ -46,9 +46,9 @@
  *int g_foo(const char *wibble)
  *
  * We must define a static inline function with the same signature that does
- * what we need, but with a "_qemu" suffix e.g.
+ * what we need, but with a "_compat" suffix e.g.
  *
- * static inline void g_foo_qemu(const char *wibble)
+ * static inline void g_foo_compat(const char *wibble)
  * {
  * #if GLIB_CHECK_VERSION(X, Y, 0)
  *g_foo(wibble)
@@ -61,7 +61,7 @@
  * ensuring this wrapper function impl doesn't trigger the compiler warning
  * about using too new glib APIs. Finally we can do
  *
- *   #define g_foo(a) g_foo_qemu(a)
+ *   #define g_foo(a) g_foo_compat(a)
  *
  * So now the code elsewhere in QEMU, which *does* have the
  * -Wdeprecated-declarations warning active, can call g_foo(...) as normal,
-- 
2.30.2

Re: [PATCH 00/15] ppc/ppc405: decade cleanup

[Cédric Le Goater]

On 12/17/21 17:36, Christophe Leroy wrote:



Le 15/12/2021 à 17:49, Cédric Le Goater a écrit :

On 12/6/21 11:36, Cédric Le Goater wrote:

Hello,

The goal of these changes is to refresh the QEMU ref405ep machine and
enable boot from a Linux kernel without relying on a U-Boot firmware.
The reason for doing so is that we are unable to find a "ppc405_rom.bin"
firmware image or a flash image for the 405EP machines.

Thomas fought is way through on a v2015.10 U-Boot and taihu defconfig
and provided a compatible image available here :

   https://gitlab.com/huth/u-boot/-/tree/taihu/

With this image, QEMU reaches the U-Boot prompt (with a simple
workaround in the SDRAM).

On the Linux side, the only available 405EP CPU board is the one for
the ESTeem 195E (PPC405EP) SBC (hotfoot). It was added in 2009. The
board information structure in Linux, in U-Boot and in QEMU are not in
sync and the hotfoot board also adds its own flavor because the FW was
an ancient U-Boot without dual ethernet support [1].

For this kernel to be loaded by the U-Boot image provided by Thomas,
we either need to modify U-Boot or Linux. The same question arise for
QEMU, see the last patch of this series which is controversial. Please
advise !


Applied patch 1-14 to ppc-next.

I kept the hotfoot hack for later. We need to fix user space first.




Don't know if this is the reason of our problems but I think there is
something to investigate around timer interrupts:


/ # cat /proc/interrupts
 CPU0
   16: 68   UIC   1 Level serial
LOC:  0   Local timer interrupts for timer event device
LOC:  0   Local timer interrupts for others
SPU:  0   Spurious interrupts
PMI:  0   Performance monitoring interrupts
MCE:  0   Machine check exceptions

Any idea what the problem can be ? How does QEMU generates timer
interrupts ?


Indeed.

With some extra QEMU traces (-trace ppc4* -trace ppc_decr*), we can see :

ppc40x_timers_init frequency 
ppc405_gpio_init offet 0xef600700
ppc4xx_gpt_init offet 0xef60
ppc405ep_clocks_compute FBMUL 0xa 10
ppc405ep_clocks_compute FWDA 0x5 3
ppc405ep_clocks_compute CCDV 0x0 1
ppc405ep_clocks_compute CBDV 0x2 3
ppc405ep_clocks_compute OPDV 0x1 2
ppc405ep_clocks_compute EPDV 0x0 2
ppc405ep_clocks_compute MPDV 0x0 1
ppc405ep_clocks_compute PPDV 0x2 3
ppc405ep_clocks_compute U0DIV 0x46 70
ppc405ep_clocks_compute U1DIV 0x46 70
ppc405ep_clocks_setup Setup PPC405EP clocks - sysclk  VCO 0 PLL 
out 0 Hz
CPU 0 PLB 0 OPB  EBC  MAL 0 PCI 
37037036 UART0 4761904 UART1 4761904

ppc40x_set_tb_clk new frequency 0

  ...

  clocksource: timebase mult[780] shift[24] registered
ppc40x_store_pit val 0x7fff
ppc4xx_pit_stop
ppc40x_store_pit val 0x82355
ppc4xx_pit_stop
  pid_max: default: 32768 minimum: 301


decrementer timer seems stop and so no decrementer exception. I suppose
this routine is in cause :


static void start_stop_pit (CPUPPCState *env, ppc_tb_t *tb_env, int is_excp)
{
ppc40x_timer_t *ppc40x_timer;
uint64_t now, next;

ppc40x_timer = tb_env->opaque;
if (ppc40x_timer->pit_reload <= 1 ||
!((env->spr[SPR_40x_TCR] >> 26) & 0x1) ||
(is_excp && !((env->spr[SPR_40x_TCR] >> 22) & 0x1))) {
/* Stop PIT */
trace_ppc4xx_pit_stop();
timer_del(tb_env->decr_timer);
} else {
trace_ppc4xx_pit_start(ppc40x_timer->pit_reload);
now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
next = now + muldiv64(ppc40x_timer->pit_reload,
  NANOSECONDS_PER_SECOND, tb_env->decr_freq);
if (is_excp)
next += tb_env->decr_next - now;
if (next == now)
next++;
timer_mod(tb_env->decr_timer, next);
tb_env->decr_next = next;
}
}


C.

Re: [PATCH qemu] s390x/css: fix PMCW invalid mask

[Pierre Morel]

On 12/17/21 14:58, Halil Pasic wrote:

On Thu, 16 Dec 2021 14:16:57 +0100
Nico Boehr  wrote:


Previously, we required bits 5, 6 and 7 to be zero (0x07 == 0b111). But,
as per the principles of operation, bit 5 is ignored in MSCH and bits 0,
1, 6 and 7 need to be zero.


On a second thought, don't we have to make sure then that bit 5 is
ignored?

static void copy_pmcw_from_guest(PMCW *dest, const PMCW *src)
{
 int i;

 dest->intparm = be32_to_cpu(src->intparm);
 dest->flags = be16_to_cpu(src->flags);
 dest->devno = be16_to_cpu(src->devno);

Here we seem to grab flags as a whole, but actually we would have to
mask of bit 5.


Why?
If this bit is ignored by the machine shouldn't we just ignore it?
Forcing it to 0 or to 1 is purely arbitrary no?



I can spin a patch myself, provided we agree on that this needs to be
fixed, but, it would probably be better to have the two changes in one
patch.

Regards,
Halil




As both PMCW_FLAGS_MASK_INVALID and ioinst_schib_valid() are only used
by ioinst_handle_msch(), adjust the mask accordingly.

Fixes: db1c8f53bfb1 ("s390: Channel I/O basic definitions.")
Signed-off-by: Nico Boehr 
Reviewed-by: Pierre Morel 
Reviewed-by: Halil Pasic 
Reviewed-by: Janosch Frank 


--
Pierre Morel
IBM Lab Boeblingen

Re: [PATCH v2 4/4] intel_iommu: Fix irqchip / X2APIC configuration checks

[David Woodhouse]

On Thu, 2021-12-16 at 16:47 +0800, Peter Xu wrote:
> Hi, David,
> 
> On Thu, Dec 09, 2021 at 10:08:40PM +, David Woodhouse wrote:
> > We don't need to check kvm_enable_x2apic(). It's perfectly OK to support
> > interrupt remapping even if we can't address CPUs above 254. Kind of
> > pointless, but still functional.
> 
> We only checks kvm_enable_x2apic() if eim=on is set, right?  I mean, we can
> still enable IR without x2apic even with current code?
> 
> Could you elaborate what's the use scenario for this patch?  Thanks in 
> advance.

You can have IR, EIM *and* X2APIC if kvm_enable_x2apic() fails. You
just can't have any CPUs with an APIC ID > 254.

But qemu is going to bail out *anyway* if you attempt to have CPUs with
APIC IDs above 254 without the corresponding kernel-side support, so
there's no need to check it here.

> > The check on kvm_enable_x2apic() needs to happen *anyway* in order to
> > allow CPUs above 254 even without an IOMMU, so allow that to happen
> > elsewhere.
> > 
> > However, we do require the *split* irqchip in order to rewrite I/OAPIC
> > destinations. So fix that check while we're here.
> > 
> > Signed-off-by: David Woodhouse 
> > Reviewed-by: Peter Xu 
> > Acked-by: Jason Wang 
> 
> I think the r-b and a-b should be for patch 2 not this one? :)
> 

Yes, I think I must have swapped those round. Thanks.

> > ---
> >  hw/i386/intel_iommu.c | 7 +--
> >  1 file changed, 1 insertion(+), 6 deletions(-)
> > 
> > diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
> > index bd288d45bb..0d1c72f08e 100644
> > --- a/hw/i386/intel_iommu.c
> > +++ b/hw/i386/intel_iommu.c
> > @@ -3760,15 +3760,10 @@ static bool vtd_decide_config(IntelIOMMUState *s, 
> > Error **errp)
> >ON_OFF_AUTO_ON : 
> > ON_OFF_AUTO_OFF;
> >  }
> >  if (s->intr_eim == ON_OFF_AUTO_ON && !s->buggy_eim) {
> > -if (!kvm_irqchip_in_kernel()) {
> > +if (!kvm_irqchip_is_split()) {
> 
> I think this is okay, but note that we'll already fail if !split in
> x86_iommu_realize():
> 
> bool irq_all_kernel = kvm_irqchip_in_kernel() && !kvm_irqchip_is_split();
> 
> /* Both Intel and AMD IOMMU IR only support "kernel-irqchip={off|split}" 
> */
> if (x86_iommu_ir_supported(x86_iommu) && irq_all_kernel) {
> error_setg(errp, "Interrupt Remapping cannot work with "
>  "kernel-irqchip=on, please use 'split|off'.");
> return;
> }

OK, then perhaps the entire check is redundant?



smime.p7s
Description: S/MIME cryptographic signature

Re: [RFC PATCH] memory: Fix dma-reentrancy issues at the MMIO level

[Alexander Bulekov]

On 211217 1625, Philippe Mathieu-Daudé wrote:
> On 12/17/21 15:30, Alexander Bulekov wrote:
> > On 211217 1458, Philippe Mathieu-Daudé wrote:
> >> On 12/17/21 04:08, Alexander Bulekov wrote:
> >>> Here's my shot at fixing dma-reentracy issues. This patch adds a flag to
> >>> the DeviceState, which is set/checked when we call an accessor
> >>> associated with the device's IO MRs.
> >>
> >> Your approach is exactly what Gerd suggested:
> >> https://www.mail-archive.com/qemu-devel@nongnu.org/msg831437.html
> > 
> > Yes - my bad for not searching my mail more carefully.
> 
> Well it is not "exactly" the same, but almost.
> 
> >>
> >>> The problem, in short, as I understand it: For the vast majority of
> >>> cases, we want to prevent a device from accessing it's own PIO/MMIO
> >>> regions over DMA.
> >>>
> >>> This patch/solution is based on some assumptions:
> >>> 1. DMA accesses that hit mmio regions are only dangerous if they end up
> >>> interacting with memory-regions belonging to the device initiating the
> >>> DMA.
> >>> Not dangerous:  sdhci_pio->dma_write->e1000_mmio
> >>> Dangerous:  sdhci_pio->dma_write->sdhci_mmio
> >>
> >> It doesn't have to be dangerous, see Paolo's example which
> >> invalidated my previous attempt and forced me to write 24
> >> patches in multiples series to keep the "niche" cases working:
> >> https://www.mail-archive.com/qemu-block@nongnu.org/msg72939.html
> > 
> > I don't understand what IO accesses this decodes to. This is loading a
> > picture into VRAM?
> 
> I'd say "loading a picture into VRAM via the DMA" but am not sure :)
> 
> This link is helpful:
> http://petesqbsite.com/sections/tutorials/tutorials/peekpoke.txt
>

https://github.com/microsoft/GW-BASIC/blob/edf82c2ebf6bfe099c2054e0ae125c3efe5769c4/GIO86.ASM#L333

AFAICT this would just do repeated MMIO writes to VRAM - no DMA
involved?

Maybe there is some way to log when a device performs a DMA access to
it's own IO regions, so that we could identify these niche cases? We
would still need a way to actually trigger that behavior...

Re: [PATCH 00/15] ppc/ppc405: decade cleanup

[Christophe Leroy]

Le 15/12/2021 à 17:49, Cédric Le Goater a écrit :
> On 12/6/21 11:36, Cédric Le Goater wrote:
>> Hello,
>>
>> The goal of these changes is to refresh the QEMU ref405ep machine and
>> enable boot from a Linux kernel without relying on a U-Boot firmware.
>> The reason for doing so is that we are unable to find a "ppc405_rom.bin"
>> firmware image or a flash image for the 405EP machines.
>>
>> Thomas fought is way through on a v2015.10 U-Boot and taihu defconfig
>> and provided a compatible image available here :
>>
>>   https://gitlab.com/huth/u-boot/-/tree/taihu/
>>
>> With this image, QEMU reaches the U-Boot prompt (with a simple
>> workaround in the SDRAM).
>>
>> On the Linux side, the only available 405EP CPU board is the one for
>> the ESTeem 195E (PPC405EP) SBC (hotfoot). It was added in 2009. The
>> board information structure in Linux, in U-Boot and in QEMU are not in
>> sync and the hotfoot board also adds its own flavor because the FW was
>> an ancient U-Boot without dual ethernet support [1].
>>
>> For this kernel to be loaded by the U-Boot image provided by Thomas,
>> we either need to modify U-Boot or Linux. The same question arise for
>> QEMU, see the last patch of this series which is controversial. Please
>> advise !
> 
> Applied patch 1-14 to ppc-next.
> 
> I kept the hotfoot hack for later. We need to fix user space first.
> 


Don't know if this is the reason of our problems but I think there is 
something to investigate around timer interrupts:


/ # cat /proc/interrupts
CPU0
  16: 68   UIC   1 Level serial
LOC:  0   Local timer interrupts for timer event device
LOC:  0   Local timer interrupts for others
SPU:  0   Spurious interrupts
PMI:  0   Performance monitoring interrupts
MCE:  0   Machine check exceptions

Any idea what the problem can be ? How does QEMU generates timer 
interrupts ?

Christophe

[PATCH v2 1/2] iotests: Test qemu-img convert of zeroed data cluster

[Vladimir Sementsov-Ogievskiy]

From: Kevin Wolf 

This demonstrates what happens when the block status changes in
sub-min_sparse granularity, but all of the parts are zeroed out. The
alignment logic in is_allocated_sectors() prevents that the target image
remains fully sparse as expected, but turns it into a data cluster of
explicit zeros.

Signed-off-by: Kevin Wolf 
Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 tests/qemu-iotests/122 |  1 +
 tests/qemu-iotests/122.out | 10 --
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/tests/qemu-iotests/122 b/tests/qemu-iotests/122
index efb260d822..be0f6b79e5 100755
--- a/tests/qemu-iotests/122
+++ b/tests/qemu-iotests/122
@@ -251,6 +251,7 @@ $QEMU_IO -c "write -P 0 0 64k" "$TEST_IMG" 2>&1 | 
_filter_qemu_io | _filter_test
 $QEMU_IO -c "write 0 1k" "$TEST_IMG" 2>&1 | _filter_qemu_io | _filter_testdir
 $QEMU_IO -c "write 8k 1k" "$TEST_IMG" 2>&1 | _filter_qemu_io | _filter_testdir
 $QEMU_IO -c "write 17k 1k" "$TEST_IMG" 2>&1 | _filter_qemu_io | _filter_testdir
+$QEMU_IO -c "write -P 0 65k 1k" "$TEST_IMG" 2>&1 | _filter_qemu_io | 
_filter_testdir
 
 for min_sparse in 4k 8k; do
 echo
diff --git a/tests/qemu-iotests/122.out b/tests/qemu-iotests/122.out
index 8fbdac2b39..69b8e8b803 100644
--- a/tests/qemu-iotests/122.out
+++ b/tests/qemu-iotests/122.out
@@ -192,6 +192,8 @@ wrote 1024/1024 bytes at offset 8192
 1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 wrote 1024/1024 bytes at offset 17408
 1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 1024/1024 bytes at offset 66560
+1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 
 convert -S 4k
 [{ "start": 0, "length": 4096, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
@@ -199,7 +201,9 @@ convert -S 4k
 { "start": 8192, "length": 4096, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
 { "start": 12288, "length": 4096, "depth": 0, "present": false, "zero": true, 
"data": false},
 { "start": 16384, "length": 4096, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
-{ "start": 20480, "length": 67088384, "depth": 0, "present": false, "zero": 
true, "data": false}]
+{ "start": 20480, "length": 46080, "depth": 0, "present": false, "zero": true, 
"data": false},
+{ "start": 66560, "length": 1024, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
+{ "start": 67584, "length": 67041280, "depth": 0, "present": false, "zero": 
true, "data": false}]
 
 convert -c -S 4k
 [{ "start": 0, "length": 1024, "depth": 0, "present": true, "zero": false, 
"data": true},
@@ -211,7 +215,9 @@ convert -c -S 4k
 
 convert -S 8k
 [{ "start": 0, "length": 24576, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
-{ "start": 24576, "length": 67084288, "depth": 0, "present": false, "zero": 
true, "data": false}]
+{ "start": 24576, "length": 41984, "depth": 0, "present": false, "zero": true, 
"data": false},
+{ "start": 66560, "length": 1024, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
+{ "start": 67584, "length": 67041280, "depth": 0, "present": false, "zero": 
true, "data": false}]
 
 convert -c -S 8k
 [{ "start": 0, "length": 1024, "depth": 0, "present": true, "zero": false, 
"data": true},
-- 
2.31.1

[PATCH v2 0/2] qemu-img convert: Fix sparseness detection

[Vladimir Sementsov-Ogievskiy]

Hi all!

01: only update test output rebasing on master
02: replaced with my proposed solution.

Kevin Wolf (1):
  iotests: Test qemu-img convert of zeroed data cluster

Vladimir Sementsov-Ogievskiy (1):
  qemu-img: make is_allocated_sectors() more efficient

 qemu-img.c | 23 +++
 tests/qemu-iotests/122 |  1 +
 tests/qemu-iotests/122.out |  2 ++
 3 files changed, 22 insertions(+), 4 deletions(-)

-- 
2.31.1

Re: [PULL v2 000/101] ppc queue

[Cédric Le Goater]

On 12/17/21 17:33, Richard Henderson wrote:

On 12/16/21 12:24 PM, Cédric Le Goater wrote:

The following changes since commit 76b56fdfc9fa43ec6e5986aee33f108c6c6a511e:

   Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into 
staging (2021-12-14 12:46:18 -0800)

are available in the Git repository at:

   https://github.com/legoater/qemu/ tags/pull-ppc-20211216

for you to fetch changes up to 292c21ede9b6618ab0f51cbfa0efeb1464232506:

   ppc/pnv: Use QOM hierarchy to scan PEC PHB4 devices (2021-12-16 20:11:56 
+0100)

Changes in v2:

  - Fixed patch "docs: rSTify ppc-spapr-hcalls.txt" with a newline
  - dropped patch "target/ppc: do not silence SNaN in xscvspdpn" which
    still add some comments pending.


ppc 7.0 queue:

* General cleanup for Mac machines (Peter)
* Fixes for FPU exceptions (Lucas)
* Support for new ISA31 instructions (Matheus)
* Fixes for ivshmem (Daniel)
* Cleanups for PowerNV PHB (Christophe and Cedric)
* Updates of PowerNV and pSeries documentation (Leonardo and Daniel)
* Fixes for PowerNV (Daniel)
* Large cleanup of FPU implementation (Richard)
* Removal of SoftTLBs support for PPC74x CPUs (Fabiano)
* Fixes for exception models in MPCx and 60x CPUs (Fabiano)
* Removal of 401/403 CPUs (Cedric)
* Deprecation of taihu machine (Thomas)
* Large rework of PPC405 machine (Cedric)
* Fixes for VSX instructions (Victor and Matheus)
* Fix for e6500 CPU (Fabiano)
* Initial support for PMU (Daniel)


Alexey Kardashevskiy (1):
   pseries: Update SLOF firmware image

Christophe Lombard (1):
   pci-host: Allow extended config space access for PowerNV PHB4 model

Cédric Le Goater (28):
   Merge tag 'qemu-slof-2022' of github.com:aik/qemu into ppc-next
   target/ppc: remove 401/403 CPUs
   ppc/ppc405: Change kernel load address
   ppc: Add trace-events for DCR accesses
   ppc/ppc405: Convert printfs to trace-events
   ppc/ppc405: Drop flag parameter in ppc405_set_bootinfo()
   ppc/ppc405: Change ppc405ep_init() return value
   ppc/ppc405: Add some address space definitions
   ppc/ppc405: Remove flash support
   ppc/ppc405: Rework FW load
   ppc/ppc405: Introduce ppc405_set_default_bootinfo()
   ppc/ppc405: Fix boot from kernel
   ppc/ppc405: Change default PLL values at reset
   ppc/ppc405: Fix bi_pci_enetaddr2 field in U-Boot board information
   ppc/ppc405: Add update of bi_procfreq field
   ppc/pnv: Introduce a "chip" property under PHB3
   ppc/pnv: Use the chip class to check the index of PHB3 devices
   ppc/pnv: Drop the "num-phbs" property
   ppc/pnv: Move mapping of the PHB3 CQ regions under pnv_pbcq_realize()
   ppc/pnv: Use QOM hierarchy to scan PHB3 devices
   ppc/pnv: Introduce a num_pecs class attribute for PHB4 PEC devices
   ppc/pnv: Introduce version and device_id class atributes for PHB4 devices
   ppc/pnv: Introduce a "chip" property under the PHB4 model
   ppc/pnv: Introduce a num_stack class attribute
   ppc/pnv: Compute the PHB index from the PHB4 PEC model
   ppc/pnv: Remove "system-memory" property from PHB4 PEC
   ppc/pnv: Move realize of PEC stacks under the PEC model
   ppc/pnv: Use QOM hierarchy to scan PEC PHB4 devices

Daniel Henrique Barboza (13):
   ivshmem.c: change endianness to LITTLE_ENDIAN
   ivshmem-test.c: enable test_ivshmem_server for ppc64 arch
   ppc/pnv.c: add a friendly warning when accel=kvm is used
   docs/system/ppc/powernv.rst: document KVM support status
   ppc/pnv.c: fix "system-id" FDT when -uuid is set
   target/ppc: introduce PMUEventType and PMU overflow timers
   target/ppc: PMU basic cycle count for pseries TCG
   target/ppc: PMU: update counters on PMCs r/w
   target/ppc: PMU: update counters on MMCR1 write
   target/ppc: enable PMU counter overflow with cycle events
   target/ppc: enable PMU instruction count
   target/ppc/power8-pmu.c: add PM_RUN_INST_CMPL (0xFA) event
   PPC64/TCG: Implement 'rfebb' instruction

Fabiano Rosas (8):
   target/ppc: Disable software TLB for the 7450 family
   target/ppc: Disable unused facilities in the e600 CPU
   target/ppc: Remove the software TLB model of 7450 CPUs
   target/ppc: Fix MPCxxx FPU interrupt address
   target/ppc: Remove 603e exception model
   target/ppc: Set 601v exception model id
   target/ppc: Fix e6500 boot
   Revert "target/ppc: Move SPR_DSISR setting to powerpc_excp"

Leonardo Garcia (5):
   docs: Minor updates on the powernv documentation.
   docs: Introducing pseries documentation.
   docs: rSTify ppc-spapr-hcalls.txt
   docs: Rename ppc-spapr-hcalls.txt to ppc-spapr-hcalls.rst.
   Link new ppc-spapr-hcalls.rst file to pseries.rst.

Lucas Mateus Castro (alqotel) (3):
   target/ppc: Fixed call to deferred 

[PATCH v2 2/2] qemu-img: make is_allocated_sectors() more efficient

[Vladimir Sementsov-Ogievskiy]

Consider the case when the whole buffer is zero and end is unaligned.

If i <= tail, we return 1 and do one unaligned WRITE, RMW happens.

If i > tail, we do on aligned WRITE_ZERO (or skip if target is zeroed)
and again one unaligned WRITE, RMW happens.

Let's do better: don't fragment the whole-zero buffer and report it as
ZERO: in case of zeroed target we just do nothing and avoid RMW. If
target is not zeroes, one unaligned WRITE_ZERO should not be much worse
than one unaligned WRITE.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 qemu-img.c | 23 +++
 tests/qemu-iotests/122.out |  8 ++--
 2 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index f036a1d428..d7ddfcc528 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1171,19 +1171,34 @@ static int is_allocated_sectors(const uint8_t *buf, int 
n, int *pnum,
 }
 }
 
+if (i == n) {
+/*
+ * The whole buf is the same.
+ * No reason to split it into chunks, so return now.
+ */
+*pnum = i;
+return !is_zero;
+}
+
 tail = (sector_num + i) & (alignment - 1);
 if (tail) {
 if (is_zero && i <= tail) {
-/* treat unallocated areas which only consist
- * of a small tail as allocated. */
+/*
+ * For sure next sector after i is data, and it will rewrite this
+ * tail anyway due to RMW. So, let's just write data now.
+ */
 is_zero = false;
 }
 if (!is_zero) {
-/* align up end offset of allocated areas. */
+/* If possible, align up end offset of allocated areas. */
 i += alignment - tail;
 i = MIN(i, n);
 } else {
-/* align down end offset of zero areas. */
+/*
+ * For sure next sector after i is data, and it will rewrite this
+ * tail anyway due to RMW. Better is avoid RMW and write zeroes up
+ * to aligned bound.
+ */
 i -= tail;
 }
 }
diff --git a/tests/qemu-iotests/122.out b/tests/qemu-iotests/122.out
index 69b8e8b803..e18766e167 100644
--- a/tests/qemu-iotests/122.out
+++ b/tests/qemu-iotests/122.out
@@ -201,9 +201,7 @@ convert -S 4k
 { "start": 8192, "length": 4096, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
 { "start": 12288, "length": 4096, "depth": 0, "present": false, "zero": true, 
"data": false},
 { "start": 16384, "length": 4096, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
-{ "start": 20480, "length": 46080, "depth": 0, "present": false, "zero": true, 
"data": false},
-{ "start": 66560, "length": 1024, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
-{ "start": 67584, "length": 67041280, "depth": 0, "present": false, "zero": 
true, "data": false}]
+{ "start": 20480, "length": 67088384, "depth": 0, "present": false, "zero": 
true, "data": false}]
 
 convert -c -S 4k
 [{ "start": 0, "length": 1024, "depth": 0, "present": true, "zero": false, 
"data": true},
@@ -215,9 +213,7 @@ convert -c -S 4k
 
 convert -S 8k
 [{ "start": 0, "length": 24576, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
-{ "start": 24576, "length": 41984, "depth": 0, "present": false, "zero": true, 
"data": false},
-{ "start": 66560, "length": 1024, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
-{ "start": 67584, "length": 67041280, "depth": 0, "present": false, "zero": 
true, "data": false}]
+{ "start": 24576, "length": 67084288, "depth": 0, "present": false, "zero": 
true, "data": false}]
 
 convert -c -S 8k
 [{ "start": 0, "length": 1024, "depth": 0, "present": true, "zero": false, 
"data": true},
-- 
2.31.1

Re: [PATCH v5 28/31] block.c: assert BQL lock held in bdrv_co_invalidate_cache

[Emanuele Giuseppe Esposito]

On 17/12/2021 12:04, Hanna Reitz wrote:

On 24.11.21 07:44, Emanuele Giuseppe Esposito wrote:

bdrv_co_invalidate_cache is special: it is an I/O function,


I still don’t believe it is, but well.

(Yes, it is called by a test in an iothread, but I believe we’ve seen 
that the tests simply sometimes test things that shouldn’t be allowed.)



but uses the block layer permission API, which is GS.

Because of this, we can assert that either the function is
being called with BQL held, and thus can use the permission API,
or make sure that the permission API is not used, by ensuring that
bs (and parents) .open_flags does not contain BDRV_O_INACTIVE.

Signed-off-by: Emanuele Giuseppe Esposito 
---
  block.c | 26 ++
  1 file changed, 26 insertions(+)

diff --git a/block.c b/block.c
index a0309f827d..805974676b 100644
--- a/block.c
+++ b/block.c
@@ -6574,6 +6574,26 @@ void bdrv_init_with_whitelist(void)
  bdrv_init();
  }
+static bool bdrv_is_active(BlockDriverState *bs)
+{
+    BdrvChild *parent;
+
+    if (bs->open_flags & BDRV_O_INACTIVE) {
+    return false;
+    }
+
+    QLIST_FOREACH(parent, >parents, next_parent) {
+    if (parent->klass->parent_is_bds) {
+    BlockDriverState *parent_bs = parent->opaque;


This looks like a really bad hack to me.  We purposefully have made the 
parent link opaque so that a BDS cannot easily reach its parents.  All 
accesses should go through BdrvChildClass methods.


I also don’t understand why we need to query parents at all.  The only 
fact that determines whether the current BDS will have its permissions 
changed is whether the BDS itself is active or inactive.  Sure, we’ll 
invoke bdrv_co_invalidate_cache() on the parents, too, but then we could 
simply let the assertion fail there.



+    if (!bdrv_is_active(parent_bs)) {
+    return false;
+    }
+    }
+    }
+
+   return true;
+}
+
  int coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs, 
Error **errp)

  {
  BdrvChild *child, *parent;
@@ -6585,6 +6605,12 @@ int coroutine_fn 
bdrv_co_invalidate_cache(BlockDriverState *bs, Error **errp)

  return -ENOMEDIUM;
  }
+    /*
+ * No need to muck with permissions if bs is active.
+ * TODO: should activation be a separate function?
+ */
+    assert(qemu_in_main_thread() || bdrv_is_active(bs));
+


I don’t understand this, really.  It looks to me like “if you don’t call 
this in the main thread, this better be a no-op”, i.e., you must never 
call this function in an I/O thread if you really want to use it.  I.e. 
what I’d classify as a GS function.


It sounds like this is just a special case for said test, and 
special-casing code for tests sounds like a bad idea.


Ok, but trying to leave just the qemu_in_main_thread() assertion makes 
test 307 (./check 307) fail.
I am actually not sure on why it fails, but I am sure it is because of 
the assertion, since without it it passes.


I tried with gdb (./check -gdb 307 on one terminal and
gdb -iex "target remote localhost:12345"
in another) but it points me to this below, which I think is the ndb 
server getting the socket closed (because on the other side it crashed), 
and not the actual error.



Thread 1 "qemu-system-x86" received signal SIGPIPE, Broken pipe.
0x768af54d in sendmsg () from target:/lib64/libc.so.6
(gdb) bt
#0  0x768af54d in sendmsg () from target:/lib64/libc.so.6
#1  0x55c13cc9 in qio_channel_socket_writev (ioc=out>, iov=0x569a4870, niov=1, fds=0x0, nfds=, errp=0x0)

at ../io/channel-socket.c:561
#2  0x55c19b18 in qio_channel_writev_full_all 
(ioc=0x5763b800, iov=iov@entry=0x7fffe8dffd80, niov=niov@entry=1, 
fds=fds@entry=0x0,

nfds=nfds@entry=0, errp=errp@entry=0x0) at ../io/channel.c:240
#3  0x55c19bd2 in qio_channel_writev_all (errp=0x0, niov=1, 
iov=0x7fffe8dffd80, ioc=) at ../io/channel.c:220
#4  qio_channel_write_all (ioc=, 
buf=buf@entry=0x7fffe8dffdd0 "", buflen=buflen@entry=20, 
errp=errp@entry=0x0) at ../io/channel.c:330
#5  0x55c27e75 in nbd_write (errp=0x0, size=20, 
buffer=0x7fffe8dffdd0, ioc=) at ../nbd/nbd-internal.h:71
#6  nbd_negotiate_send_rep_len (client=client@entry=0x56f60930, 
type=type@entry=1, len=len@entry=0, errp=errp@entry=0x0) at 
../nbd/server.c:203
#7  0x55c29db1 in nbd_negotiate_send_rep (errp=0x0, type=1, 
client=0x56f60930) at ../nbd/server.c:211

--Type  for more, q to quit, c to continue without paging--
#8  nbd_negotiate_options (errp=0x7fffe8dffe88, client=) 
at ../nbd/server.c:1224
#9  nbd_negotiate (errp=0x7fffe8dffe88, client=) at 
../nbd/server.c:1340

#10 nbd_co_client_start (opaque=) at ../nbd/server.c:2715
#11 0x55d70423 in coroutine_trampoline (i0=, 
i1=) at ../util/coroutine-ucontext.c:173

#12 0x767f3820 in ?? () from target:/lib64/libc.so.6
#13 0x7fffca80 in ?? ()

Emanuele


Hanna


  QLIST_FOREACH(child, >children, next) {
  

Re: [PULL v2 000/101] ppc queue

[Richard Henderson]

On 12/16/21 12:24 PM, Cédric Le Goater wrote:

The following changes since commit 76b56fdfc9fa43ec6e5986aee33f108c6c6a511e:

   Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into 
staging (2021-12-14 12:46:18 -0800)

are available in the Git repository at:

   https://github.com/legoater/qemu/ tags/pull-ppc-20211216

for you to fetch changes up to 292c21ede9b6618ab0f51cbfa0efeb1464232506:

   ppc/pnv: Use QOM hierarchy to scan PEC PHB4 devices (2021-12-16 20:11:56 
+0100)

Changes in v2:

  - Fixed patch "docs: rSTify ppc-spapr-hcalls.txt" with a newline
  - dropped patch "target/ppc: do not silence SNaN in xscvspdpn" which
still add some comments pending.


ppc 7.0 queue:

* General cleanup for Mac machines (Peter)
* Fixes for FPU exceptions (Lucas)
* Support for new ISA31 instructions (Matheus)
* Fixes for ivshmem (Daniel)
* Cleanups for PowerNV PHB (Christophe and Cedric)
* Updates of PowerNV and pSeries documentation (Leonardo and Daniel)
* Fixes for PowerNV (Daniel)
* Large cleanup of FPU implementation (Richard)
* Removal of SoftTLBs support for PPC74x CPUs (Fabiano)
* Fixes for exception models in MPCx and 60x CPUs (Fabiano)
* Removal of 401/403 CPUs (Cedric)
* Deprecation of taihu machine (Thomas)
* Large rework of PPC405 machine (Cedric)
* Fixes for VSX instructions (Victor and Matheus)
* Fix for e6500 CPU (Fabiano)
* Initial support for PMU (Daniel)


Alexey Kardashevskiy (1):
   pseries: Update SLOF firmware image

Christophe Lombard (1):
   pci-host: Allow extended config space access for PowerNV PHB4 model

Cédric Le Goater (28):
   Merge tag 'qemu-slof-2022' of github.com:aik/qemu into ppc-next
   target/ppc: remove 401/403 CPUs
   ppc/ppc405: Change kernel load address
   ppc: Add trace-events for DCR accesses
   ppc/ppc405: Convert printfs to trace-events
   ppc/ppc405: Drop flag parameter in ppc405_set_bootinfo()
   ppc/ppc405: Change ppc405ep_init() return value
   ppc/ppc405: Add some address space definitions
   ppc/ppc405: Remove flash support
   ppc/ppc405: Rework FW load
   ppc/ppc405: Introduce ppc405_set_default_bootinfo()
   ppc/ppc405: Fix boot from kernel
   ppc/ppc405: Change default PLL values at reset
   ppc/ppc405: Fix bi_pci_enetaddr2 field in U-Boot board information
   ppc/ppc405: Add update of bi_procfreq field
   ppc/pnv: Introduce a "chip" property under PHB3
   ppc/pnv: Use the chip class to check the index of PHB3 devices
   ppc/pnv: Drop the "num-phbs" property
   ppc/pnv: Move mapping of the PHB3 CQ regions under pnv_pbcq_realize()
   ppc/pnv: Use QOM hierarchy to scan PHB3 devices
   ppc/pnv: Introduce a num_pecs class attribute for PHB4 PEC devices
   ppc/pnv: Introduce version and device_id class atributes for PHB4 devices
   ppc/pnv: Introduce a "chip" property under the PHB4 model
   ppc/pnv: Introduce a num_stack class attribute
   ppc/pnv: Compute the PHB index from the PHB4 PEC model
   ppc/pnv: Remove "system-memory" property from PHB4 PEC
   ppc/pnv: Move realize of PEC stacks under the PEC model
   ppc/pnv: Use QOM hierarchy to scan PEC PHB4 devices

Daniel Henrique Barboza (13):
   ivshmem.c: change endianness to LITTLE_ENDIAN
   ivshmem-test.c: enable test_ivshmem_server for ppc64 arch
   ppc/pnv.c: add a friendly warning when accel=kvm is used
   docs/system/ppc/powernv.rst: document KVM support status
   ppc/pnv.c: fix "system-id" FDT when -uuid is set
   target/ppc: introduce PMUEventType and PMU overflow timers
   target/ppc: PMU basic cycle count for pseries TCG
   target/ppc: PMU: update counters on PMCs r/w
   target/ppc: PMU: update counters on MMCR1 write
   target/ppc: enable PMU counter overflow with cycle events
   target/ppc: enable PMU instruction count
   target/ppc/power8-pmu.c: add PM_RUN_INST_CMPL (0xFA) event
   PPC64/TCG: Implement 'rfebb' instruction

Fabiano Rosas (8):
   target/ppc: Disable software TLB for the 7450 family
   target/ppc: Disable unused facilities in the e600 CPU
   target/ppc: Remove the software TLB model of 7450 CPUs
   target/ppc: Fix MPCxxx FPU interrupt address
   target/ppc: Remove 603e exception model
   target/ppc: Set 601v exception model id
   target/ppc: Fix e6500 boot
   Revert "target/ppc: Move SPR_DSISR setting to powerpc_excp"

Leonardo Garcia (5):
   docs: Minor updates on the powernv documentation.
   docs: Introducing pseries documentation.
   docs: rSTify ppc-spapr-hcalls.txt
   docs: Rename ppc-spapr-hcalls.txt to ppc-spapr-hcalls.rst.
   Link new ppc-spapr-hcalls.rst file to pseries.rst.

Lucas Mateus Castro (alqotel) (3):
   target/ppc: Fixed call to deferred exception
   test/tcg/ppc64le: test mtfsf
   

Re: [PATCH v2 25/25] python: rename qemu.aqmp to qemu.qmp

[John Snow]

On Fri, Dec 17, 2021, 2:40 AM Vladimir Sementsov-Ogievskiy <
vsement...@virtuozzo.com> wrote:

> 17.12.2021 00:10, John Snow wrote:
> >
> >
> > On Thu, Dec 16, 2021 at 6:41 AM Vladimir Sementsov-Ogievskiy <
> vsement...@virtuozzo.com > wrote:
> >
> > 15.12.2021 22:39, John Snow wrote:
> >  > Now that we are fully switched over to the new QMP library, move
> it back
> >  > over the old namespace. This is being done primarily so that we
> may
> >  > upload this package simply as "qemu.qmp" without introducing
> confusion
> >  > over whether or not "aqmp" is a new protocol or not.
> >  >
> >  > The trade-off is increased confusion inside the QEMU developer
> >  > tree. Sorry!
> >  >
> >  > Signed-off-by: John Snow js...@redhat.com>>
> >
> > Great job!
> >
> > I looked thorough the patch, changes looks correct. Simply rename
> every aqmp / AQMP occurrence.. But:
> >
> >
> > [root@kvm review]# git grep -i aqmp
> > python/qemu/qmp/aqmp_tui.py:AQMP TUI
> > python/qemu/qmp/aqmp_tui.py:AQMP TUI is an asynchronous interface
> built on top the of the AQMP library.
> > python/qemu/qmp/aqmp_tui.py:Example Usage: aqmp-tui  IP:PORT>
> > python/qemu/qmp/aqmp_tui.py:Full Usage: aqmp-tui --help
> > python/qemu/qmp/aqmp_tui.py:Implements the AQMP TUI.
> > python/qemu/qmp/aqmp_tui.py:parser =
> argparse.ArgumentParser(description='AQMP TUI')
> > python/qemu/qmp/legacy.py:self._aqmp = QMPClient(nickname)
> > python/qemu/qmp/legacy.py:if self._aqmp.greeting is not None:
> > python/qemu/qmp/legacy.py:return
> self._aqmp.greeting._asdict()
> > python/qemu/qmp/legacy.py:self._aqmp.await_greeting =
> negotiate
> > python/qemu/qmp/legacy.py:self._aqmp.negotiate = negotiate
> > python/qemu/qmp/legacy.py:
> self._aqmp.connect(self._address)
> > python/qemu/qmp/legacy.py:self._aqmp.await_greeting = True
> > python/qemu/qmp/legacy.py:self._aqmp.negotiate = True
> > python/qemu/qmp/legacy.py:
> self._aqmp.accept(self._address),
> > python/qemu/qmp/legacy.py:self._aqmp._raw(qmp_cmd,
> assign_id=False),
> > python/qemu/qmp/legacy.py:self._aqmp.execute(cmd, kwds),
> > python/qemu/qmp/legacy.py:if self._aqmp.events.empty():
> > python/qemu/qmp/legacy.py:self._aqmp.events.get(),
> > python/qemu/qmp/legacy.py:events = [dict(x) for x in
> self._aqmp.events.clear()]
> > python/qemu/qmp/legacy.py:self._aqmp.events.clear()
> > python/qemu/qmp/legacy.py:self._aqmp.disconnect()
> > python/qemu/qmp/legacy.py:self._aqmp.send_fd_scm(fd)
> > python/qemu/qmp/legacy.py:if self._aqmp.runstate ==
> Runstate.IDLE:
> > python/setup.cfg:# AQMP TUI dependencies
> > python/setup.cfg:aqmp-tui = qemu.qmp.aqmp_tui:main [tui]
> > python/setup.cfg:[mypy-qemu.qmp.aqmp_tui]
> >
> > [root@kvm review]# git ls-tree -r --name-only HEAD | grep -i aqmp
> > python/qemu/qmp/aqmp_tui.py
> >
> >
> > I think, this all should be renamed too
> >
> >
> > For aqmp_tui.py, sure. The new TUI isn't 100% ready to replace qmp-shell
> yet, so I wasn't entirely certain what to name it... qmp-tui?
> >
> > *shrugs*.
>
> I don't remember what tui is abbreviating) qmp-tui is OK, and it may be
> renamed to qmp-shell when it is ready to replace it..
>

"text user interface", by analogy with GUI (graphical UI).


> >
> > for legacy.py, it's just an internal variable name and I wasn't sure it
> was worth the churn just to change a private variable. I could still do it
> if you feel strongly about it.
> >
>
> I'd rename everything.
>

Alright, I'll do so in the respin.


>
> --
> Best regards,
> Vladimir
>

Thanks for the reviews!

>

Re: [PATCH v5 22/31] block_int-common.h: assertion in the callers of BlockDriver function pointers

[Hanna Reitz]

On 17.12.21 16:53, Emanuele Giuseppe Esposito wrote:



On 16/12/2021 19:43, Hanna Reitz wrote:

On 24.11.21 07:44, Emanuele Giuseppe Esposito wrote:

Signed-off-by: Emanuele Giuseppe Esposito 
Reviewed-by: Stefan Hajnoczi 
---
  block.c    | 18 ++
  block/create.c | 10 ++
  2 files changed, 28 insertions(+)


[...]


diff --git a/block/create.c b/block/create.c
index 89812669df..0167118579 100644
--- a/block/create.c
+++ b/block/create.c
@@ -42,6 +42,16 @@ static int coroutine_fn blockdev_create_run(Job 
*job, Error **errp)
  BlockdevCreateJob *s = container_of(job, BlockdevCreateJob, 
common);

  int ret;
+    /*
+ * Currently there is nothing preventing this
+ * function from being called in an iothread context.
+ * However, since it will crash anyways because of the
+ * aiocontext lock not taken, we might as well make it
+ * crash with a more meaningful error, by checking that
+ * we are in the main loop
+ */
+    assert(qemu_in_main_thread());


Mostly agreed.  This function is always run in the main loop right 
now, so this assertion will never fail.


But that’s the “mostly”: Adding this assertion won’t give a more 
meaningful error, because the problem still remains that block 
drivers do not error out when encountering (or correctly handle) BDSs 
in non-main contexts, and so it remains a “qemu_mutex_unlock_impl: 
Operation not permitted”.


Not trying to say that that’s your problem.  It’s pre-existing, and 
this assertion is good.  Just wanting to clarify something about the 
comment that seemed unclear to me (in that I found it implied that 
the qemu_mutex_unlock_impl error would be replaced by this assertion 
failing).




You are right. Trying your example given in v4:

$ touch /tmp/iothread-create-test.qcow2
$ ./qemu-system-x86_64 -object iothread,id=iothr0 -qmp stdio <{"execute":"blockdev-add","arguments":{"node-name":"proto","driver":"file","filename":"/tmp/iothread-create-test.qcow2"}} 

{"execute":"x-blockdev-set-iothread","arguments":{"node-name":"proto","iothread":"iothr0"}} 

{"execute":"blockdev-create","arguments":{"job-id":"create","options":{"driver":"qcow2","file":"proto","size":0}}} 


EOF

I still get "qemu_mutex_unlock_impl: Operation not permitted"

I will remove the comment above the assertion, makes no sense.

Or should I replace it with a TODO/FIXME explaining the above? 
Something like:


/*
 * TODO: it is currently possible to run a blockdev-create job in an
 * I/O thread, for example by doing:
 * [ command line above ]
 * This should not be allowed.
 */


Just removing it makes the most sense to me.  We already have a TODO 
comment to that effect (block/create.c:86).


(And to be precise, it is *not* possible to run a blockdev-create job in 
an I/O thread, it’s always run in the main thread.  It is possible to 
run a blockdev-create job involving nodes in I/O threads, and it’s fine 
that that’s possible, but in such cases the block drivers’ 
.bdrv_co_create() implementations should at least error out with a 
benign error, which they don’t.)


Hanna

Re: [PATCH v5 22/31] block_int-common.h: assertion in the callers of BlockDriver function pointers

[Emanuele Giuseppe Esposito]

On 16/12/2021 19:43, Hanna Reitz wrote:

On 24.11.21 07:44, Emanuele Giuseppe Esposito wrote:

Signed-off-by: Emanuele Giuseppe Esposito 
Reviewed-by: Stefan Hajnoczi 
---
  block.c    | 18 ++
  block/create.c | 10 ++
  2 files changed, 28 insertions(+)


[...]


diff --git a/block/create.c b/block/create.c
index 89812669df..0167118579 100644
--- a/block/create.c
+++ b/block/create.c
@@ -42,6 +42,16 @@ static int coroutine_fn blockdev_create_run(Job 
*job, Error **errp)
  BlockdevCreateJob *s = container_of(job, BlockdevCreateJob, 
common);

  int ret;
+    /*
+ * Currently there is nothing preventing this
+ * function from being called in an iothread context.
+ * However, since it will crash anyways because of the
+ * aiocontext lock not taken, we might as well make it
+ * crash with a more meaningful error, by checking that
+ * we are in the main loop
+ */
+    assert(qemu_in_main_thread());


Mostly agreed.  This function is always run in the main loop right now, 
so this assertion will never fail.


But that’s the “mostly”: Adding this assertion won’t give a more 
meaningful error, because the problem still remains that block drivers 
do not error out when encountering (or correctly handle) BDSs in 
non-main contexts, and so it remains a “qemu_mutex_unlock_impl: 
Operation not permitted”.


Not trying to say that that’s your problem.  It’s pre-existing, and this 
assertion is good.  Just wanting to clarify something about the comment 
that seemed unclear to me (in that I found it implied that the 
qemu_mutex_unlock_impl error would be replaced by this assertion failing).




You are right. Trying your example given in v4:

$ touch /tmp/iothread-create-test.qcow2
$ ./qemu-system-x86_64 -object iothread,id=iothr0 -qmp stdio common, 1);
  ret = s->drv->bdrv_co_create(s->opts, errp);
  job_progress_update(>common, 1);

Re: [RFC PATCH] memory: Fix dma-reentrancy issues at the MMIO level

[Philippe Mathieu-Daudé]

On 12/17/21 15:30, Alexander Bulekov wrote:
> On 211217 1458, Philippe Mathieu-Daudé wrote:
>> On 12/17/21 04:08, Alexander Bulekov wrote:
>>> Here's my shot at fixing dma-reentracy issues. This patch adds a flag to
>>> the DeviceState, which is set/checked when we call an accessor
>>> associated with the device's IO MRs.
>>
>> Your approach is exactly what Gerd suggested:
>> https://www.mail-archive.com/qemu-devel@nongnu.org/msg831437.html
> 
> Yes - my bad for not searching my mail more carefully.

Well it is not "exactly" the same, but almost.

>>
>>> The problem, in short, as I understand it: For the vast majority of
>>> cases, we want to prevent a device from accessing it's own PIO/MMIO
>>> regions over DMA.
>>>
>>> This patch/solution is based on some assumptions:
>>> 1. DMA accesses that hit mmio regions are only dangerous if they end up
>>> interacting with memory-regions belonging to the device initiating the
>>> DMA.
>>> Not dangerous:  sdhci_pio->dma_write->e1000_mmio
>>> Dangerous:  sdhci_pio->dma_write->sdhci_mmio
>>
>> It doesn't have to be dangerous, see Paolo's example which
>> invalidated my previous attempt and forced me to write 24
>> patches in multiples series to keep the "niche" cases working:
>> https://www.mail-archive.com/qemu-block@nongnu.org/msg72939.html
> 
> I don't understand what IO accesses this decodes to. This is loading a
> picture into VRAM?

I'd say "loading a picture into VRAM via the DMA" but am not sure :)

This link is helpful:
http://petesqbsite.com/sections/tutorials/tutorials/peekpoke.txt

Re: [PATCH v2] hw: Add compat machines for 7.0

[Daniel P . Berrangé]

On Fri, Dec 17, 2021 at 03:39:48PM +0100, Cornelia Huck wrote:
> Add 7.0 machine types for arm/i440fx/q35/s390x/spapr.
> 
> Acked-by: Cédric Le Goater 
> Reviewed-by: Juan Quintela 
> Signed-off-by: Cornelia Huck 
> ---
> 
> v1->v2: fix typo in i386 function chaining (thanks danpb!)
> 
> ---
>  hw/arm/virt.c  |  9 -
>  hw/core/machine.c  |  3 +++
>  hw/i386/pc.c   |  3 +++
>  hw/i386/pc_piix.c  | 14 +-
>  hw/i386/pc_q35.c   | 13 -
>  hw/ppc/spapr.c | 15 +--
>  hw/s390x/s390-virtio-ccw.c | 14 +-
>  include/hw/boards.h|  3 +++
>  include/hw/i386/pc.h   |  3 +++
>  9 files changed, 71 insertions(+), 6 deletions(-)

Reviewed-by: Daniel P. Berrangé 


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH v3 02/28] glib-compat: Introduce g_memdup2() wrapper

[Alex Bennée]

Daniel P. Berrangé  writes:

> On Thu, Dec 16, 2021 at 02:11:37PM +, Alex Bennée wrote:
>> 
>> Philippe Mathieu-Daudé  writes:
>> 
>> > When experimenting raising GLIB_VERSION_MIN_REQUIRED to 2.68
>> > (Fedora 34 provides GLib 2.68.1) we get:
>> >
>> >   hw/virtio/virtio-crypto.c:245:24: error: 'g_memdup' is deprecated: Use 
>> > 'g_memdup2' instead [-Werror,-Wdeprecated-declarations]
>> >   ...
>> >
>> > g_memdup() has been updated by g_memdup2() to fix eventual security
>> > issues (size argument is 32-bit and could be truncated / wrapping).
>> > GLib recommends to copy their static inline version of g_memdup2():
>> > https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdup2-now/5538
>> >
>> > Our glib-compat.h provides a comment explaining how to deal with
>> > these deprecated declarations (see commit e71e8cc0355
>> > "glib: enforce the minimum required version and warn about old APIs").
>> >
>> > Following this comment suggestion, implement the g_memdup2_qemu()
>> > wrapper to g_memdup2(), and use the safer equivalent inlined when
>> > we are using pre-2.68 GLib.
>> >
>> > Reported-by: Eric Blake 
>> > Signed-off-by: Philippe Mathieu-Daudé 
>> > ---
>> >  include/glib-compat.h | 37 +
>> >  1 file changed, 37 insertions(+)
>> >
>> > diff --git a/include/glib-compat.h b/include/glib-compat.h
>> > index 9e95c888f54..8d01a8c01fb 100644
>> > --- a/include/glib-compat.h
>> > +++ b/include/glib-compat.h
>> > @@ -68,6 +68,43 @@
>> >   * without generating warnings.
>> >   */
>> >  
>> > +/*
>> > + * g_memdup2_qemu:
>> > + * @mem: (nullable): the memory to copy.
>> > + * @byte_size: the number of bytes to copy.
>> > + *
>> > + * Allocates @byte_size bytes of memory, and copies @byte_size bytes into 
>> > it
>> > + * from @mem. If @mem is %NULL it returns %NULL.
>> > + *
>> > + * This replaces g_memdup(), which was prone to integer overflows when
>> > + * converting the argument from a #gsize to a #guint.
>> > + *
>> > + * This static inline version is a backport of the new public API from
>> > + * GLib 2.68, kept internal to GLib for backport to older stable releases.
>> > + * See https://gitlab.gnome.org/GNOME/glib/-/issues/2319.
>> > + *
>> > + * Returns: (nullable): a pointer to the newly-allocated copy of the 
>> > memory,
>> > + *  or %NULL if @mem is %NULL.
>> > + */
>> > +static inline gpointer g_memdup2_qemu(gconstpointer mem, gsize byte_size)
>> > +{
>> > +#if GLIB_CHECK_VERSION(2, 68, 0)
>> > +return g_memdup2(mem, byte_size);
>> > +#else
>> > +gpointer new_mem;
>> > +
>> > +if (mem && byte_size != 0) {
>> > +new_mem = g_malloc(byte_size);
>> > +memcpy(new_mem, mem, byte_size);
>> > +} else {
>> > +new_mem = NULL;
>> > +}
>> > +
>> > +return new_mem;
>> > +#endif
>> > +}
>> > +#define g_memdup2(m, s) g_memdup2_qemu(m, s)
>> > +
>> 
>> As per our style wouldn't it make sense to just call it qemu_memdup(m,
>> s)?
>
> Not in this case. We use suffix as we don't want people calling this
> directly with the suffix.
>
> In the glibcompat.h header we're attempting to transparently/secretly
> replace/wrap standard glib APIs.  All the callers should remain using
> the plain glib API name, never call the method with the suffix at
> all. This lets us delete the wrapper later and not have to update
> any callers. The suffix is basically just a hack of the impl we use
> for transparent replacement.

Right - at the risk of bike shedding names maybe we should choose a
suffix the better reflects the purpose like _alt or _internal rather
than overloading qemu?

We already document _locked for example.

> A method with a 'qemu_' prefix by constrast is something that callers
> are explicitly expected to call directly.
>
>
> Regards,
> Daniel


-- 
Alex Bennée

[PULL v2 0/7] s390x patches (and one gitlab-CI fix)

[Thomas Huth]

 Hi!

The following changes since commit 29eb5c2c86f935b0e9700fad2ecfe8a32b011d57:

  Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging 
(2021-12-16 08:39:20 -0800)

are available in the Git repository at:

  https://gitlab.com/thuth/qemu.git tags/s390x-2021-12-17

for you to fetch changes up to 9f8e6cad65a66b27e797defe639a4a4fd4330f23:

  gitlab-ci: Speed up the msys2-64bit job by using --without-default-devices 
(2021-12-17 09:12:37 +0100)


* Small fixes for the s390x PCI code
* Fix reset handling of the diag318 data
* Ease timeout problem of the new msys2-64bit job



v2: Dropped the patch that introced the new machine types

Christian Borntraeger (1):
  MAINTAINERS: update email address of Christian Borntraeger

Collin L. Walling (1):
  s390: kvm: adjust diag318 resets to retain data

Matthew Rosato (4):
  s390x/pci: use a reserved ID for the default PCI group
  s390x/pci: don't use hard-coded dma range in reg_ioat
  s390x/pci: use the passthrough measurement update interval
  s390x/pci: add supported DT information to clp response

Thomas Huth (1):
  gitlab-ci: Speed up the msys2-64bit job by using --without-default-devices

 .gitlab-ci.d/windows.yml|  2 +-
 .mailmap|  1 +
 MAINTAINERS |  6 +++---
 hw/s390x/s390-pci-bus.c |  1 +
 hw/s390x/s390-pci-inst.c| 15 +--
 hw/s390x/s390-pci-vfio.c|  1 +
 include/hw/s390x/s390-pci-bus.h |  3 ++-
 include/hw/s390x/s390-pci-clp.h |  3 ++-
 target/s390x/cpu.h  |  4 ++--
 target/s390x/kvm/kvm.c  |  4 
 10 files changed, 26 insertions(+), 14 deletions(-)

Re: [PATCH v1] virtio-mem: Don't skip alignment checks when warning about block size

[David Hildenbrand]

On 11.10.21 19:33, David Hildenbrand wrote:
> If we warn about the block size being smaller than the default, we skip
> some alignment checks.
> 
> This can currently only fail on x86-64, when specifying a block size of
> 1 MiB, however, we detect the THP size of 2 MiB.
> 
> Fixes: 228957fea3a9 ("virtio-mem: Probe THP size to determine default block 
> size")
> Cc: "Michael S. Tsirkin" 
> Signed-off-by: David Hildenbrand 
> ---
>  hw/virtio/virtio-mem.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/virtio/virtio-mem.c b/hw/virtio/virtio-mem.c
> index df91e454b2..7ce9901791 100644
> --- a/hw/virtio/virtio-mem.c
> +++ b/hw/virtio/virtio-mem.c
> @@ -701,7 +701,8 @@ static void virtio_mem_device_realize(DeviceState *dev, 
> Error **errp)
>  warn_report("'%s' property is smaller than the default block size (%"
>  PRIx64 " MiB)", VIRTIO_MEM_BLOCK_SIZE_PROP,
>  virtio_mem_default_block_size(rb) / MiB);
> -} else if (!QEMU_IS_ALIGNED(vmem->requested_size, vmem->block_size)) {
> +}
> +if (!QEMU_IS_ALIGNED(vmem->requested_size, vmem->block_size)) {
>  error_setg(errp, "'%s' property has to be multiples of '%s' (0x%" 
> PRIx64
> ")", VIRTIO_MEM_REQUESTED_SIZE_PROP,
> VIRTIO_MEM_BLOCK_SIZE_PROP, vmem->block_size);
> 

Ping, this already missed the v6.2 release ...

-- 
Thanks,

David / dhildenb

Re: [PATCH v3 02/28] glib-compat: Introduce g_memdup2() wrapper

[Daniel P . Berrangé]

On Fri, Dec 17, 2021 at 02:53:05PM +, Alex Bennée wrote:
> 
> Daniel P. Berrangé  writes:
> 
> > On Thu, Dec 16, 2021 at 02:11:37PM +, Alex Bennée wrote:
> >> 
> >> Philippe Mathieu-Daudé  writes:
> >> 
> >> > When experimenting raising GLIB_VERSION_MIN_REQUIRED to 2.68
> >> > (Fedora 34 provides GLib 2.68.1) we get:
> >> >
> >> >   hw/virtio/virtio-crypto.c:245:24: error: 'g_memdup' is deprecated: Use 
> >> > 'g_memdup2' instead [-Werror,-Wdeprecated-declarations]
> >> >   ...
> >> >
> >> > g_memdup() has been updated by g_memdup2() to fix eventual security
> >> > issues (size argument is 32-bit and could be truncated / wrapping).
> >> > GLib recommends to copy their static inline version of g_memdup2():
> >> > https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdup2-now/5538
> >> >
> >> > Our glib-compat.h provides a comment explaining how to deal with
> >> > these deprecated declarations (see commit e71e8cc0355
> >> > "glib: enforce the minimum required version and warn about old APIs").
> >> >
> >> > Following this comment suggestion, implement the g_memdup2_qemu()
> >> > wrapper to g_memdup2(), and use the safer equivalent inlined when
> >> > we are using pre-2.68 GLib.
> >> >
> >> > Reported-by: Eric Blake 
> >> > Signed-off-by: Philippe Mathieu-Daudé 
> >> > ---
> >> >  include/glib-compat.h | 37 +
> >> >  1 file changed, 37 insertions(+)
> >> >
> >> > diff --git a/include/glib-compat.h b/include/glib-compat.h
> >> > index 9e95c888f54..8d01a8c01fb 100644
> >> > --- a/include/glib-compat.h
> >> > +++ b/include/glib-compat.h
> >> > @@ -68,6 +68,43 @@
> >> >   * without generating warnings.
> >> >   */
> >> >  
> >> > +/*
> >> > + * g_memdup2_qemu:
> >> > + * @mem: (nullable): the memory to copy.
> >> > + * @byte_size: the number of bytes to copy.
> >> > + *
> >> > + * Allocates @byte_size bytes of memory, and copies @byte_size bytes 
> >> > into it
> >> > + * from @mem. If @mem is %NULL it returns %NULL.
> >> > + *
> >> > + * This replaces g_memdup(), which was prone to integer overflows when
> >> > + * converting the argument from a #gsize to a #guint.
> >> > + *
> >> > + * This static inline version is a backport of the new public API from
> >> > + * GLib 2.68, kept internal to GLib for backport to older stable 
> >> > releases.
> >> > + * See https://gitlab.gnome.org/GNOME/glib/-/issues/2319.
> >> > + *
> >> > + * Returns: (nullable): a pointer to the newly-allocated copy of the 
> >> > memory,
> >> > + *  or %NULL if @mem is %NULL.
> >> > + */
> >> > +static inline gpointer g_memdup2_qemu(gconstpointer mem, gsize 
> >> > byte_size)
> >> > +{
> >> > +#if GLIB_CHECK_VERSION(2, 68, 0)
> >> > +return g_memdup2(mem, byte_size);
> >> > +#else
> >> > +gpointer new_mem;
> >> > +
> >> > +if (mem && byte_size != 0) {
> >> > +new_mem = g_malloc(byte_size);
> >> > +memcpy(new_mem, mem, byte_size);
> >> > +} else {
> >> > +new_mem = NULL;
> >> > +}
> >> > +
> >> > +return new_mem;
> >> > +#endif
> >> > +}
> >> > +#define g_memdup2(m, s) g_memdup2_qemu(m, s)
> >> > +
> >> 
> >> As per our style wouldn't it make sense to just call it qemu_memdup(m,
> >> s)?
> >
> > Not in this case. We use suffix as we don't want people calling this
> > directly with the suffix.
> >
> > In the glibcompat.h header we're attempting to transparently/secretly
> > replace/wrap standard glib APIs.  All the callers should remain using
> > the plain glib API name, never call the method with the suffix at
> > all. This lets us delete the wrapper later and not have to update
> > any callers. The suffix is basically just a hack of the impl we use
> > for transparent replacement.
> 
> Right - at the risk of bike shedding names maybe we should choose a
> suffix the better reflects the purpose like _alt or _internal rather
> than overloading qemu?

Sure, I'm fine with that.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[PULL 35/36] ui/dbus: register D-Bus VC handler

[marcandre . lureau]

From: Marc-André Lureau 

Export the default consoles over the D-Bus chardev.

Signed-off-by: Marc-André Lureau 
Acked-by: Gerd Hoffmann 
---
 ui/dbus.c | 53 +
 1 file changed, 53 insertions(+)

diff --git a/ui/dbus.c b/ui/dbus.c
index 41f1716f255a..b2c1c9fb522c 100644
--- a/ui/dbus.c
+++ b/ui/dbus.c
@@ -357,6 +357,57 @@ dbus_display_class_init(ObjectClass *oc, void *data)
get_gl_mode, set_gl_mode);
 }
 
+#define TYPE_CHARDEV_VC "chardev-vc"
+
+typedef struct DBusVCClass {
+DBusChardevClass parent_class;
+
+void (*parent_parse)(QemuOpts *opts, ChardevBackend *b, Error **errp);
+} DBusVCClass;
+
+DECLARE_CLASS_CHECKERS(DBusVCClass, DBUS_VC,
+   TYPE_CHARDEV_VC)
+
+static void
+dbus_vc_parse(QemuOpts *opts, ChardevBackend *backend,
+  Error **errp)
+{
+DBusVCClass *klass = DBUS_VC_CLASS(object_class_by_name(TYPE_CHARDEV_VC));
+const char *name = qemu_opt_get(opts, "name");
+const char *id = qemu_opts_id(opts);
+
+if (name == NULL) {
+if (g_str_has_prefix(id, "compat_monitor")) {
+name = "org.qemu.monitor.hmp.0";
+} else if (g_str_has_prefix(id, "serial")) {
+name = "org.qemu.console.serial.0";
+} else {
+name = "";
+}
+if (!qemu_opt_set(opts, "name", name, errp)) {
+return;
+}
+}
+
+klass->parent_parse(opts, backend, errp);
+}
+
+static void
+dbus_vc_class_init(ObjectClass *oc, void *data)
+{
+DBusVCClass *klass = DBUS_VC_CLASS(oc);
+ChardevClass *cc = CHARDEV_CLASS(oc);
+
+klass->parent_parse = cc->parse;
+cc->parse = dbus_vc_parse;
+}
+
+static const TypeInfo dbus_vc_type_info = {
+.name = TYPE_CHARDEV_VC,
+.parent = TYPE_CHARDEV_DBUS,
+.class_init = dbus_vc_class_init,
+};
+
 static void
 early_dbus_init(DisplayOptions *opts)
 {
@@ -370,6 +421,8 @@ early_dbus_init(DisplayOptions *opts)
 
 display_opengl = 1;
 }
+
+type_register(_vc_type_info);
 }
 
 static void
-- 
2.34.1.8.g35151cf07204

[PULL 34/36] ui/dbus: add chardev backend & interface

[marcandre . lureau]

From: Marc-André Lureau 

Add a new chardev backend which allows D-Bus client to handle the
chardev stream & events.

Signed-off-by: Marc-André Lureau 
Acked-by: Gerd Hoffmann 
---
 qapi/char.json|  27 
 include/chardev/char-socket.h |   2 +
 include/qemu/dbus.h   |   5 +
 ui/dbus.h |  44 +
 ui/dbus-chardev.c | 296 ++
 ui/dbus.c |  26 +++
 ui/dbus-display1.xml  |  75 +
 ui/meson.build|   1 +
 8 files changed, 476 insertions(+)
 create mode 100644 ui/dbus-chardev.c

diff --git a/qapi/char.json b/qapi/char.json
index f5133a5eeb37..6ed424d07ced 100644
--- a/qapi/char.json
+++ b/qapi/char.json
@@ -358,6 +358,20 @@
   'base': 'ChardevCommon',
   'if': 'CONFIG_SPICE' }
 
+##
+# @ChardevDBus:
+#
+# Configuration info for DBus chardevs.
+#
+# @name: name of the channel (following docs/spice-port-fqdn.txt)
+#
+# Since: 6.2
+##
+{ 'struct': 'ChardevDBus',
+  'data': { 'name': 'str' },
+  'base': 'ChardevCommon',
+  'if': 'CONFIG_DBUS_DISPLAY' }
+
 ##
 # @ChardevVC:
 #
@@ -422,6 +436,7 @@
 # @spicevmc: Since 1.5
 # @spiceport: Since 1.5
 # @qemu-vdagent: Since 6.1
+# @dbus: Since 6.2
 # @vc: v1.5
 # @ringbuf: Since 1.6
 # @memory: Since 1.5
@@ -447,6 +462,7 @@
 { 'name': 'spicevmc', 'if': 'CONFIG_SPICE' },
 { 'name': 'spiceport', 'if': 'CONFIG_SPICE' },
 { 'name': 'qemu-vdagent', 'if': 'CONFIG_SPICE_PROTOCOL' },
+{ 'name': 'dbus', 'if': 'CONFIG_DBUS_DISPLAY' },
 'vc',
 'ringbuf',
 # next one is just for compatibility
@@ -535,6 +551,15 @@
   'data': { 'data': 'ChardevQemuVDAgent' },
   'if': 'CONFIG_SPICE_PROTOCOL' }
 
+##
+# @ChardevDBusWrapper:
+#
+# Since: 6.2
+##
+{ 'struct': 'ChardevDBusWrapper',
+  'data': { 'data': 'ChardevDBus' },
+  'if': 'CONFIG_DBUS_DISPLAY' }
+
 ##
 # @ChardevVCWrapper:
 #
@@ -582,6 +607,8 @@
'if': 'CONFIG_SPICE' },
 'qemu-vdagent': { 'type': 'ChardevQemuVDAgentWrapper',
   'if': 'CONFIG_SPICE_PROTOCOL' },
+'dbus': { 'type': 'ChardevDBusWrapper',
+  'if': 'CONFIG_DBUS_DISPLAY' },
 'vc': 'ChardevVCWrapper',
 'ringbuf': 'ChardevRingbufWrapper',
 # next one is just for compatibility
diff --git a/include/chardev/char-socket.h b/include/chardev/char-socket.h
index 1a9274f2e3ac..6b6e2ceba1d7 100644
--- a/include/chardev/char-socket.h
+++ b/include/chardev/char-socket.h
@@ -43,6 +43,8 @@ typedef enum {
 TCP_CHARDEV_STATE_CONNECTED,
 } TCPChardevState;
 
+typedef ChardevClass SocketChardevClass;
+
 struct SocketChardev {
 Chardev parent;
 QIOChannel *ioc; /* Client I/O channel */
diff --git a/include/qemu/dbus.h b/include/qemu/dbus.h
index c0cbb1ca44d3..08f00dfd5342 100644
--- a/include/qemu/dbus.h
+++ b/include/qemu/dbus.h
@@ -12,6 +12,11 @@
 
 #include 
 
+#include "qom/object.h"
+#include "chardev/char.h"
+#include "qemu/notify.h"
+#include "qemu/typedefs.h"
+
 /* glib/gio 2.68 */
 #define DBUS_METHOD_INVOCATION_HANDLED TRUE
 #define DBUS_METHOD_INVOCATION_UNHANDLED FALSE
diff --git a/ui/dbus.h b/ui/dbus.h
index 3e89eafcab6e..64c77cab4441 100644
--- a/ui/dbus.h
+++ b/ui/dbus.h
@@ -24,6 +24,7 @@
 #ifndef UI_DBUS_H_
 #define UI_DBUS_H_
 
+#include "chardev/char-socket.h"
 #include "qemu/dbus.h"
 #include "qom/object.h"
 #include "ui/console.h"
@@ -56,11 +57,15 @@ struct DBusDisplay {
 QemuDBusDisplay1Clipboard *clipboard;
 QemuDBusDisplay1Clipboard *clipboard_proxy;
 DBusClipboardRequest clipboard_request[QEMU_CLIPBOARD_SELECTION__COUNT];
+
+Notifier notifier;
 };
 
 #define TYPE_DBUS_DISPLAY "dbus-display"
 OBJECT_DECLARE_SIMPLE_TYPE(DBusDisplay, DBUS_DISPLAY)
 
+void dbus_display_notifier_add(Notifier *notifier);
+
 #define DBUS_DISPLAY_TYPE_CONSOLE dbus_display_console_get_type()
 G_DECLARE_FINAL_TYPE(DBusDisplayConsole,
  dbus_display_console,
@@ -95,6 +100,45 @@ dbus_display_listener_get_bus_name(DBusDisplayListener 
*ddl);
 extern const DisplayChangeListenerOps dbus_gl_dcl_ops;
 extern const DisplayChangeListenerOps dbus_dcl_ops;
 
+#define TYPE_CHARDEV_DBUS "chardev-dbus"
+
+typedef struct DBusChardevClass {
+SocketChardevClass parent_class;
+
+void (*parent_chr_be_event)(Chardev *s, QEMUChrEvent event);
+} DBusChardevClass;
+
+DECLARE_CLASS_CHECKERS(DBusChardevClass, DBUS_CHARDEV,
+   TYPE_CHARDEV_DBUS)
+
+typedef struct DBusChardev {
+SocketChardev parent;
+
+bool exported;
+QemuDBusDisplay1Chardev *iface;
+} DBusChardev;
+
+DECLARE_INSTANCE_CHECKER(DBusChardev, DBUS_CHARDEV, TYPE_CHARDEV_DBUS)
+
+#define CHARDEV_IS_DBUS(chr) \
+object_dynamic_cast(OBJECT(chr), TYPE_CHARDEV_DBUS)
+
+typedef enum {
+DBUS_DISPLAY_CHARDEV_OPEN,
+DBUS_DISPLAY_CHARDEV_CLOSE,
+} DBusDisplayEventType;
+
+typedef struct DBusDisplayEvent {
+

[PULL 33/36] option: add g_auto for QemuOpts

[marcandre . lureau]

From: Marc-André Lureau 

Used in the next commit.

Signed-off-by: Marc-André Lureau 
Acked-by: Gerd Hoffmann 
---
 include/qemu/option.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/qemu/option.h b/include/qemu/option.h
index 306bf0757509..bbd86e1c4eab 100644
--- a/include/qemu/option.h
+++ b/include/qemu/option.h
@@ -150,4 +150,6 @@ QDict *keyval_parse(const char *params, const char 
*implied_key,
 bool *help, Error **errp);
 void keyval_merge(QDict *old, const QDict *new, Error **errp);
 
+G_DEFINE_AUTOPTR_CLEANUP_FUNC(QemuOpts, qemu_opts_del)
+
 #endif
-- 
2.34.1.8.g35151cf07204

[PULL 36/36] MAINTAINERS: update D-Bus section

[marcandre . lureau]

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
Acked-by: Gerd Hoffmann 
---
 MAINTAINERS | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index fbd6d0b174af..7ef72fc7cc21 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2873,11 +2873,15 @@ D-Bus
 M: Marc-André Lureau 
 S: Maintained
 F: backends/dbus-vmstate.c
-F: tests/dbus-vmstate*
+F: ui/dbus*
+F: audio/dbus*
 F: util/dbus.c
+F: include/ui/dbus*
 F: include/qemu/dbus.h
-F: docs/interop/dbus.rst
-F: docs/interop/dbus-vmstate.rst
+F: docs/interop/dbus*
+F: docs/sphinx/dbus*
+F: docs/sphinx/fakedbusdoc.py
+F: tests/qtest/dbus*
 
 Seccomp
 M: Eduardo Otubo 
-- 
2.34.1.8.g35151cf07204

[PULL 31/36] chardev: teach socket to accept no addresses

[marcandre . lureau]

From: Marc-André Lureau 

The following patches are going to use CharSocket as a base class for
sockets that are created with a given fd (without a given address).

Signed-off-by: Marc-André Lureau 
Acked-by: Gerd Hoffmann 
---
 chardev/char-socket.c | 14 +-
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index 836cfa0bc21b..a2b02e021d6b 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -1248,6 +1248,10 @@ static int qmp_chardev_open_socket_server(Chardev *chr,
 qio_net_listener_set_name(s->listener, name);
 g_free(name);
 
+if (s->addr->type == SOCKET_ADDRESS_TYPE_FD && !*s->addr->u.fd.str) {
+goto skip_listen;
+}
+
 if (qio_net_listener_open_sync(s->listener, s->addr, 1, errp) < 0) {
 object_unref(OBJECT(s->listener));
 s->listener = NULL;
@@ -1256,6 +1260,8 @@ static int qmp_chardev_open_socket_server(Chardev *chr,
 
 qapi_free_SocketAddress(s->addr);
 s->addr = socket_local_address(s->listener->sioc[0]->fd, errp);
+
+skip_listen:
 update_disconnected_filename(s);
 
 if (is_waitconnect) {
@@ -1466,9 +1472,9 @@ static void qemu_chr_parse_socket(QemuOpts *opts, 
ChardevBackend *backend,
 SocketAddressLegacy *addr;
 ChardevSocket *sock;
 
-if ((!!path + !!fd + !!host) != 1) {
+if ((!!path + !!fd + !!host) > 1) {
 error_setg(errp,
-   "Exactly one of 'path', 'fd' or 'host' required");
+   "None or one of 'path', 'fd' or 'host' option required.");
 return;
 }
 
@@ -1542,12 +1548,10 @@ static void qemu_chr_parse_socket(QemuOpts *opts, 
ChardevBackend *backend,
 .has_ipv6 = qemu_opt_get(opts, "ipv6"),
 .ipv6 = qemu_opt_get_bool(opts, "ipv6", 0),
 };
-} else if (fd) {
+} else {
 addr->type = SOCKET_ADDRESS_TYPE_FD;
 addr->u.fd.data = g_new(String, 1);
 addr->u.fd.data->str = g_strdup(fd);
-} else {
-g_assert_not_reached();
 }
 sock->addr = addr;
 }
-- 
2.34.1.8.g35151cf07204

[PULL 32/36] chardev: make socket derivable

[marcandre . lureau]

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
Acked-by: Gerd Hoffmann 
Reviewed-by: Philippe Mathieu-Daudé 
---
 include/chardev/char-socket.h | 84 +++
 chardev/char-socket.c | 58 +---
 2 files changed, 85 insertions(+), 57 deletions(-)
 create mode 100644 include/chardev/char-socket.h

diff --git a/include/chardev/char-socket.h b/include/chardev/char-socket.h
new file mode 100644
index ..1a9274f2e3ac
--- /dev/null
+++ b/include/chardev/char-socket.h
@@ -0,0 +1,84 @@
+/*
+ * QEMU System Emulator
+ *
+ * Copyright (c) 2003-2008 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#ifndef CHAR_SOCKET_H_
+#define CHAR_SOCKET_H_
+
+#include "io/channel-socket.h"
+#include "io/channel-tls.h"
+#include "io/net-listener.h"
+#include "chardev/char.h"
+#include "qom/object.h"
+
+#define TCP_MAX_FDS 16
+
+typedef struct {
+char buf[21];
+size_t buflen;
+} TCPChardevTelnetInit;
+
+typedef enum {
+TCP_CHARDEV_STATE_DISCONNECTED,
+TCP_CHARDEV_STATE_CONNECTING,
+TCP_CHARDEV_STATE_CONNECTED,
+} TCPChardevState;
+
+struct SocketChardev {
+Chardev parent;
+QIOChannel *ioc; /* Client I/O channel */
+QIOChannelSocket *sioc; /* Client master channel */
+QIONetListener *listener;
+GSource *hup_source;
+QCryptoTLSCreds *tls_creds;
+char *tls_authz;
+TCPChardevState state;
+int max_size;
+int do_telnetopt;
+int do_nodelay;
+int *read_msgfds;
+size_t read_msgfds_num;
+int *write_msgfds;
+size_t write_msgfds_num;
+bool registered_yank;
+
+SocketAddress *addr;
+bool is_listen;
+bool is_telnet;
+bool is_tn3270;
+GSource *telnet_source;
+TCPChardevTelnetInit *telnet_init;
+
+bool is_websock;
+
+GSource *reconnect_timer;
+int64_t reconnect_time;
+bool connect_err_reported;
+
+QIOTask *connect_task;
+};
+typedef struct SocketChardev SocketChardev;
+
+DECLARE_INSTANCE_CHECKER(SocketChardev, SOCKET_CHARDEV,
+ TYPE_CHARDEV_SOCKET)
+
+#endif /* CHAR_SOCKET_H_ */
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index a2b02e021d6b..d619088232d3 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -25,9 +25,7 @@
 #include "qemu/osdep.h"
 #include "chardev/char.h"
 #include "io/channel-socket.h"
-#include "io/channel-tls.h"
 #include "io/channel-websock.h"
-#include "io/net-listener.h"
 #include "qemu/error-report.h"
 #include "qemu/module.h"
 #include "qemu/option.h"
@@ -37,61 +35,7 @@
 #include "qemu/yank.h"
 
 #include "chardev/char-io.h"
-#include "qom/object.h"
-
-/***/
-/* TCP Net console */
-
-#define TCP_MAX_FDS 16
-
-typedef struct {
-char buf[21];
-size_t buflen;
-} TCPChardevTelnetInit;
-
-typedef enum {
-TCP_CHARDEV_STATE_DISCONNECTED,
-TCP_CHARDEV_STATE_CONNECTING,
-TCP_CHARDEV_STATE_CONNECTED,
-} TCPChardevState;
-
-struct SocketChardev {
-Chardev parent;
-QIOChannel *ioc; /* Client I/O channel */
-QIOChannelSocket *sioc; /* Client master channel */
-QIONetListener *listener;
-GSource *hup_source;
-QCryptoTLSCreds *tls_creds;
-char *tls_authz;
-TCPChardevState state;
-int max_size;
-int do_telnetopt;
-int do_nodelay;
-int *read_msgfds;
-size_t read_msgfds_num;
-int *write_msgfds;
-size_t write_msgfds_num;
-bool registered_yank;
-
-SocketAddress *addr;
-bool is_listen;
-bool is_telnet;
-bool is_tn3270;
-GSource *telnet_source;
-TCPChardevTelnetInit *telnet_init;
-
-bool is_websock;
-
-GSource *reconnect_timer;
-int64_t reconnect_time;
-bool connect_err_reported;
-
-QIOTask *connect_task;
-};
-typedef struct SocketChardev SocketChardev;
-
-DECLARE_INSTANCE_CHECKER(SocketChardev, SOCKET_CHARDEV,
- TYPE_CHARDEV_SOCKET)
+#include 

[PULL 29/36] audio: add "dbus" audio backend

[marcandre . lureau]

From: Marc-André Lureau 

Add a new -audio backend that accepts D-Bus clients/listeners to handle
playback & recording, to be exported via the -display dbus.

Example usage:
-audiodev dbus,in.mixing-engine=off,out.mixing-engine=off,id=dbus
-display dbus,audiodev=dbus

Signed-off-by: Marc-André Lureau 
Acked-by: Gerd Hoffmann 
---
 qapi/audio.json|   3 +-
 qapi/ui.json   |   5 +-
 audio/audio_int.h  |   7 +
 audio/audio_template.h |   2 +
 ui/dbus.h  |   1 +
 audio/audio.c  |   1 +
 audio/dbusaudio.c  | 654 +
 ui/dbus.c  |  35 +++
 audio/meson.build  |   6 +
 audio/trace-events |   5 +
 qemu-options.hx|   3 +
 ui/dbus-display1.xml   | 211 +
 12 files changed, 931 insertions(+), 2 deletions(-)
 create mode 100644 audio/dbusaudio.c

diff --git a/qapi/audio.json b/qapi/audio.json
index 9cba0df8a4e9..693e327c6b6a 100644
--- a/qapi/audio.json
+++ b/qapi/audio.json
@@ -386,7 +386,7 @@
 # Since: 4.0
 ##
 { 'enum': 'AudiodevDriver',
-  'data': [ 'none', 'alsa', 'coreaudio', 'dsound', 'jack', 'oss', 'pa',
+  'data': [ 'none', 'alsa', 'coreaudio', 'dbus', 'dsound', 'jack', 'oss', 'pa',
 'sdl', 'spice', 'wav' ] }
 
 ##
@@ -412,6 +412,7 @@
 'none':  'AudiodevGenericOptions',
 'alsa':  'AudiodevAlsaOptions',
 'coreaudio': 'AudiodevCoreaudioOptions',
+'dbus':  'AudiodevGenericOptions',
 'dsound':'AudiodevDsoundOptions',
 'jack':  'AudiodevJackOptions',
 'oss':   'AudiodevOssOptions',
diff --git a/qapi/ui.json b/qapi/ui.json
index f23d012cb810..b9262ae1d9df 100644
--- a/qapi/ui.json
+++ b/qapi/ui.json
@@ -1134,13 +1134,16 @@
 # @p2p: Whether to use peer-to-peer connections (accepted through
 #   ``add_client``).
 #
+# @audiodev: Use the specified DBus audiodev to export audio.
+#
 # Since: 6.2
 #
 ##
 { 'struct'  : 'DisplayDBus',
   'data': { '*rendernode' : 'str',
 '*addr': 'str',
-'*p2p': 'bool' } }
+'*p2p': 'bool',
+'*audiodev': 'str' } }
 
  ##
  # @DisplayGLMode:
diff --git a/audio/audio_int.h b/audio/audio_int.h
index 6d685e24a388..428a091d05e5 100644
--- a/audio/audio_int.h
+++ b/audio/audio_int.h
@@ -31,6 +31,10 @@
 #endif
 #include "mixeng.h"
 
+#ifdef CONFIG_GIO
+#include 
+#endif
+
 struct audio_pcm_ops;
 
 struct audio_callback {
@@ -140,6 +144,9 @@ struct audio_driver {
 const char *descr;
 void *(*init) (Audiodev *);
 void (*fini) (void *);
+#ifdef CONFIG_GIO
+void (*set_dbus_server) (AudioState *s, GDBusObjectManagerServer *manager);
+#endif
 struct audio_pcm_ops *pcm_ops;
 int can_be_default;
 int max_voices_out;
diff --git a/audio/audio_template.h b/audio/audio_template.h
index c6714946aaed..d2d348638b8c 100644
--- a/audio/audio_template.h
+++ b/audio/audio_template.h
@@ -327,6 +327,8 @@ AudiodevPerDirectionOptions *glue(audio_get_pdo_, 
TYPE)(Audiodev *dev)
 case AUDIODEV_DRIVER_COREAUDIO:
 return qapi_AudiodevCoreaudioPerDirectionOptions_base(
 dev->u.coreaudio.TYPE);
+case AUDIODEV_DRIVER_DBUS:
+return dev->u.dbus.TYPE;
 case AUDIODEV_DRIVER_DSOUND:
 return dev->u.dsound.TYPE;
 case AUDIODEV_DRIVER_JACK:
diff --git a/ui/dbus.h b/ui/dbus.h
index 4698d324632e..ca1f0f4ab94f 100644
--- a/ui/dbus.h
+++ b/ui/dbus.h
@@ -36,6 +36,7 @@ struct DBusDisplay {
 DisplayGLMode gl_mode;
 bool p2p;
 char *dbus_addr;
+char *audiodev;
 DisplayGLCtx glctx;
 
 GDBusConnection *bus;
diff --git a/audio/audio.c b/audio/audio.c
index 54a153c0ef07..dc28685d226d 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -2000,6 +2000,7 @@ void audio_create_pdos(Audiodev *dev)
 CASE(NONE, none, );
 CASE(ALSA, alsa, Alsa);
 CASE(COREAUDIO, coreaudio, Coreaudio);
+CASE(DBUS, dbus, );
 CASE(DSOUND, dsound, );
 CASE(JACK, jack, Jack);
 CASE(OSS, oss, Oss);
diff --git a/audio/dbusaudio.c b/audio/dbusaudio.c
new file mode 100644
index ..f178b47deec1
--- /dev/null
+++ b/audio/dbusaudio.c
@@ -0,0 +1,654 @@
+/*
+ * QEMU DBus audio
+ *
+ * Copyright (c) 2021 Red Hat, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * 

Re: [PATCH qemu] s390x/css: fix PMCW invalid mask

[Halil Pasic]

On Fri, 17 Dec 2021 14:58:11 +0100
Halil Pasic  wrote:

> On Thu, 16 Dec 2021 14:16:57 +0100
> Nico Boehr  wrote:
> 
> > Previously, we required bits 5, 6 and 7 to be zero (0x07 == 0b111). But,
> > as per the principles of operation, bit 5 is ignored in MSCH and bits 0,
> > 1, 6 and 7 need to be zero.  
> 
> On a second thought, don't we have to make sure then that bit 5 is
> ignored?
> 
> static void copy_pmcw_from_guest(PMCW *dest, const PMCW *src)
> {
> int i;
> 
> dest->intparm = be32_to_cpu(src->intparm);
> dest->flags = be16_to_cpu(src->flags);
> dest->devno = be16_to_cpu(src->devno);
> 
> Here we seem to grab flags as a whole, but actually we would have to
> mask of bit 5.
> 
> I can spin a patch myself, provided we agree on that this needs to be
> fixed, but, it would probably be better to have the two changes in one
> patch.
> 

I didn't read far enough. We do mask bit 5 in in css_do_msch() and
copy_pmcw_from_guest() works on a schib_copy.

Everything is fine!

Regards,
Halil

[PULL 30/36] ui/dbus: add clipboard interface

[marcandre . lureau]

From: Marc-André Lureau 

Expose the clipboard API over D-Bus. See the interface documentation for
further details.

Signed-off-by: Marc-André Lureau 
Acked-by: Gerd Hoffmann 
---
 ui/dbus.h|  14 ++
 ui/dbus-clipboard.c  | 457 +++
 ui/dbus.c|   7 +
 ui/dbus-display1.xml |  97 +
 ui/meson.build   |   1 +
 ui/trace-events  |   3 +
 6 files changed, 579 insertions(+)
 create mode 100644 ui/dbus-clipboard.c

diff --git a/ui/dbus.h b/ui/dbus.h
index ca1f0f4ab94f..3e89eafcab6e 100644
--- a/ui/dbus.h
+++ b/ui/dbus.h
@@ -27,9 +27,16 @@
 #include "qemu/dbus.h"
 #include "qom/object.h"
 #include "ui/console.h"
+#include "ui/clipboard.h"
 
 #include "dbus-display1.h"
 
+typedef struct DBusClipboardRequest {
+GDBusMethodInvocation *invocation;
+QemuClipboardType type;
+guint timeout_id;
+} DBusClipboardRequest;
+
 struct DBusDisplay {
 Object parent;
 
@@ -44,6 +51,11 @@ struct DBusDisplay {
 QemuDBusDisplay1VM *iface;
 GPtrArray *consoles;
 GCancellable *add_client_cancellable;
+
+QemuClipboardPeer clipboard_peer;
+QemuDBusDisplay1Clipboard *clipboard;
+QemuDBusDisplay1Clipboard *clipboard_proxy;
+DBusClipboardRequest clipboard_request[QEMU_CLIPBOARD_SELECTION__COUNT];
 };
 
 #define TYPE_DBUS_DISPLAY "dbus-display"
@@ -83,4 +95,6 @@ dbus_display_listener_get_bus_name(DBusDisplayListener *ddl);
 extern const DisplayChangeListenerOps dbus_gl_dcl_ops;
 extern const DisplayChangeListenerOps dbus_dcl_ops;
 
+void dbus_clipboard_init(DBusDisplay *dpy);
+
 #endif /* UI_DBUS_H_ */
diff --git a/ui/dbus-clipboard.c b/ui/dbus-clipboard.c
new file mode 100644
index ..5843d26cd2cb
--- /dev/null
+++ b/ui/dbus-clipboard.c
@@ -0,0 +1,457 @@
+/*
+ * QEMU DBus display
+ *
+ * Copyright (c) 2021 Marc-André Lureau 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "qemu/dbus.h"
+#include "qemu/main-loop.h"
+#include "qom/object_interfaces.h"
+#include "sysemu/sysemu.h"
+#include "qapi/error.h"
+#include "trace.h"
+
+#include "dbus.h"
+
+#define MIME_TEXT_PLAIN_UTF8 "text/plain;charset=utf-8"
+
+static void
+dbus_clipboard_complete_request(
+DBusDisplay *dpy,
+GDBusMethodInvocation *invocation,
+QemuClipboardInfo *info,
+QemuClipboardType type)
+{
+GVariant *v_data = g_variant_new_from_data(
+G_VARIANT_TYPE("ay"),
+info->types[type].data,
+info->types[type].size,
+TRUE,
+(GDestroyNotify)qemu_clipboard_info_unref,
+qemu_clipboard_info_ref(info));
+
+qemu_dbus_display1_clipboard_complete_request(
+dpy->clipboard, invocation,
+MIME_TEXT_PLAIN_UTF8, v_data);
+}
+
+static void
+dbus_clipboard_update_info(DBusDisplay *dpy, QemuClipboardInfo *info)
+{
+bool self_update = info->owner == >clipboard_peer;
+const char *mime[QEMU_CLIPBOARD_TYPE__COUNT + 1] = { 0, };
+DBusClipboardRequest *req;
+int i = 0;
+
+if (info->owner == NULL) {
+if (dpy->clipboard_proxy) {
+qemu_dbus_display1_clipboard_call_release(
+dpy->clipboard_proxy,
+info->selection,
+G_DBUS_CALL_FLAGS_NONE, -1, NULL, NULL, NULL);
+}
+return;
+}
+
+if (self_update || !info->has_serial) {
+return;
+}
+
+req = >clipboard_request[info->selection];
+if (req->invocation && info->types[req->type].data) {
+dbus_clipboard_complete_request(dpy, req->invocation, info, req->type);
+g_clear_object(>invocation);
+g_source_remove(req->timeout_id);
+req->timeout_id = 0;
+return;
+}
+
+if (info->types[QEMU_CLIPBOARD_TYPE_TEXT].available) {
+mime[i++] = MIME_TEXT_PLAIN_UTF8;
+}
+
+if (i > 0) {
+if (dpy->clipboard_proxy) {
+qemu_dbus_display1_clipboard_call_grab(
+dpy->clipboard_proxy,
+