[PULL 49/61] target/riscv: Create current pm fields in env

[Alistair Francis]

From: LIU Zhiwei 

Signed-off-by: LIU Zhiwei 
Reviewed-by: Alistair Francis 
Reviewed-by: Richard Henderson 
Message-id: 20220120122050.41546-12-zhiwei_...@c-sky.com
Signed-off-by: Alistair Francis 
---
 target/riscv/cpu.h|  4 
 target/riscv/cpu.c|  1 +
 target/riscv/cpu_helper.c | 43 +++
 target/riscv/csr.c| 19 +
 target/riscv/machine.c|  1 +
 5 files changed, 68 insertions(+)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 7657e22a56..6fe842edfd 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -266,6 +266,8 @@ struct CPURISCVState {
 target_ulong upmmask;
 target_ulong upmbase;
 #endif
+target_ulong cur_pmmask;
+target_ulong cur_pmbase;
 
 float_status fp_status;
 
@@ -515,6 +517,8 @@ static inline uint32_t vext_get_vlmax(RISCVCPU *cpu, 
target_ulong vtype)
 void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong *pc,
   target_ulong *cs_base, uint32_t *pflags);
 
+void riscv_cpu_update_mask(CPURISCVState *env);
+
 RISCVException riscv_csrrw(CPURISCVState *env, int csrno,
target_ulong *ret_value,
target_ulong new_value, target_ulong write_mask);
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 690c879901..a120d474df 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -430,6 +430,7 @@ static void riscv_cpu_reset(DeviceState *dev)
 env->mmte |= (PM_EXT_INITIAL | MMTE_M_PM_CURRENT);
 #endif
 env->xl = riscv_cpu_mxl(env);
+riscv_cpu_update_mask(env);
 cs->exception_index = RISCV_EXCP_NONE;
 env->load_res = -1;
 set_default_nan_mode(1, >fp_status);
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index d73925a823..b239d721f4 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -122,6 +122,48 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong 
*pc,
 *pflags = flags;
 }
 
+void riscv_cpu_update_mask(CPURISCVState *env)
+{
+target_ulong mask = -1, base = 0;
+/*
+ * TODO: Current RVJ spec does not specify
+ * how the extension interacts with XLEN.
+ */
+#ifndef CONFIG_USER_ONLY
+if (riscv_has_ext(env, RVJ)) {
+switch (env->priv) {
+case PRV_M:
+if (env->mmte & M_PM_ENABLE) {
+mask = env->mpmmask;
+base = env->mpmbase;
+}
+break;
+case PRV_S:
+if (env->mmte & S_PM_ENABLE) {
+mask = env->spmmask;
+base = env->spmbase;
+}
+break;
+case PRV_U:
+if (env->mmte & U_PM_ENABLE) {
+mask = env->upmmask;
+base = env->upmbase;
+}
+break;
+default:
+g_assert_not_reached();
+}
+}
+#endif
+if (env->xl == MXL_RV32) {
+env->cur_pmmask = mask & UINT32_MAX;
+env->cur_pmbase = base & UINT32_MAX;
+} else {
+env->cur_pmmask = mask;
+env->cur_pmbase = base;
+}
+}
+
 #ifndef CONFIG_USER_ONLY
 static int riscv_cpu_local_irq_pending(CPURISCVState *env)
 {
@@ -334,6 +376,7 @@ void riscv_cpu_set_mode(CPURISCVState *env, target_ulong 
newpriv)
 /* tlb_flush is unnecessary as mode is contained in mmu_idx */
 env->priv = newpriv;
 env->xl = cpu_recompute_xl(env);
+riscv_cpu_update_mask(env);
 
 /*
  * Clear the load reservation - otherwise a reservation placed in one
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index c00a82022e..292f7e1624 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -1607,6 +1607,7 @@ static RISCVException write_mmte(CPURISCVState *env, int 
csrno,
 /* hardwiring pm.instruction bit to 0, since it's not supported yet */
 wpri_val &= ~(MMTE_M_PM_INSN | MMTE_S_PM_INSN | MMTE_U_PM_INSN);
 env->mmte = wpri_val | PM_EXT_DIRTY;
+riscv_cpu_update_mask(env);
 
 /* Set XS and SD bits, since PM CSRs are dirty */
 mstatus = env->mstatus | MSTATUS_XS;
@@ -1682,6 +1683,9 @@ static RISCVException write_mpmmask(CPURISCVState *env, 
int csrno,
 uint64_t mstatus;
 
 env->mpmmask = val;
+if ((env->priv == PRV_M) && (env->mmte & M_PM_ENABLE)) {
+env->cur_pmmask = val;
+}
 env->mmte |= PM_EXT_DIRTY;
 
 /* Set XS and SD bits, since PM CSRs are dirty */
@@ -1707,6 +1711,9 @@ static RISCVException write_spmmask(CPURISCVState *env, 
int csrno,
 return RISCV_EXCP_NONE;
 }
 env->spmmask = val;
+if ((env->priv == PRV_S) && (env->mmte & S_PM_ENABLE)) {
+env->cur_pmmask = val;
+}
 env->mmte |= PM_EXT_DIRTY;
 
 /* Set XS and SD bits, since PM CSRs are dirty */
@@ -1732,6 +1739,9 @@ static RISCVException write_upmmask(CPURISCVState *env, 
int csrno,
 return RISCV_EXCP_NONE;
 }
 env->upmmask = val;
+if ((env->priv == PRV_U) && (env->mmte & U_PM_ENABLE)) {
+

[PULL 59/61] target/riscv: Set default XLEN for hypervisor

[Alistair Francis]

From: LIU Zhiwei 

When swap regs for hypervisor, the value of vsstatus or mstatus_hs
should have the right XLEN. Otherwise, it will propagate to mstatus.

Signed-off-by: LIU Zhiwei 
Reviewed-by: Alistair Francis 
Message-id: 20220120122050.41546-22-zhiwei_...@c-sky.com
Signed-off-by: Alistair Francis 
---
 target/riscv/cpu.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index a120d474df..1cb0436187 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -422,6 +422,16 @@ static void riscv_cpu_reset(DeviceState *dev)
  */
 env->mstatus = set_field(env->mstatus, MSTATUS64_SXL, env->misa_mxl);
 env->mstatus = set_field(env->mstatus, MSTATUS64_UXL, env->misa_mxl);
+if (riscv_has_ext(env, RVH)) {
+env->vsstatus = set_field(env->vsstatus,
+  MSTATUS64_SXL, env->misa_mxl);
+env->vsstatus = set_field(env->vsstatus,
+  MSTATUS64_UXL, env->misa_mxl);
+env->mstatus_hs = set_field(env->mstatus_hs,
+MSTATUS64_SXL, env->misa_mxl);
+env->mstatus_hs = set_field(env->mstatus_hs,
+MSTATUS64_UXL, env->misa_mxl);
+}
 }
 env->mcause = 0;
 env->pc = env->resetvec;
-- 
2.31.1

[PULL 38/61] roms/opensbi: Remove ELF images

[Alistair Francis]

From: Anup Patel 

Now that all RISC-V machines can use OpenSBI BIN images, we remove
OpenSBI ELF images and also exclude these images from BIOS build.

Signed-off-by: Anup Patel 
Reviewed-by: Alistair Francis 
Reviewed-by: Bin Meng 
Signed-off-by: Alistair Francis 
---
 .gitlab-ci.d/opensbi.yml   |   2 --
 pc-bios/meson.build|   2 --
 pc-bios/opensbi-riscv32-generic-fw_dynamic.elf | Bin 838904 -> 0 bytes
 pc-bios/opensbi-riscv64-generic-fw_dynamic.elf | Bin 934696 -> 0 bytes
 roms/Makefile  |   2 --
 5 files changed, 6 deletions(-)
 delete mode 100644 pc-bios/opensbi-riscv32-generic-fw_dynamic.elf
 delete mode 100644 pc-bios/opensbi-riscv64-generic-fw_dynamic.elf

diff --git a/.gitlab-ci.d/opensbi.yml b/.gitlab-ci.d/opensbi.yml
index 5e0a2477c5..29a22930d1 100644
--- a/.gitlab-ci.d/opensbi.yml
+++ b/.gitlab-ci.d/opensbi.yml
@@ -43,9 +43,7 @@ build-opensbi:
  artifacts:
paths: # 'artifacts.zip' will contains the following files:
- pc-bios/opensbi-riscv32-generic-fw_dynamic.bin
-   - pc-bios/opensbi-riscv32-generic-fw_dynamic.elf
- pc-bios/opensbi-riscv64-generic-fw_dynamic.bin
-   - pc-bios/opensbi-riscv64-generic-fw_dynamic.elf
- opensbi32-generic-stdout.log
- opensbi32-generic-stderr.log
- opensbi64-generic-stdout.log
diff --git a/pc-bios/meson.build b/pc-bios/meson.build
index 1812a4084f..4ac7a5509b 100644
--- a/pc-bios/meson.build
+++ b/pc-bios/meson.build
@@ -80,8 +80,6 @@ blobs = files(
   'hppa-firmware.img',
   'opensbi-riscv32-generic-fw_dynamic.bin',
   'opensbi-riscv64-generic-fw_dynamic.bin',
-  'opensbi-riscv32-generic-fw_dynamic.elf',
-  'opensbi-riscv64-generic-fw_dynamic.elf',
   'npcm7xx_bootrom.bin',
 )
 
diff --git a/pc-bios/opensbi-riscv32-generic-fw_dynamic.elf 
b/pc-bios/opensbi-riscv32-generic-fw_dynamic.elf
deleted file mode 100644
index a19363e27c..00
Binary files a/pc-bios/opensbi-riscv32-generic-fw_dynamic.elf and /dev/null 
differ
diff --git a/pc-bios/opensbi-riscv64-generic-fw_dynamic.elf 
b/pc-bios/opensbi-riscv64-generic-fw_dynamic.elf
deleted file mode 100644
index c59573d026..00
Binary files a/pc-bios/opensbi-riscv64-generic-fw_dynamic.elf and /dev/null 
differ
diff --git a/roms/Makefile b/roms/Makefile
index b967b53bb7..5e44d97890 100644
--- a/roms/Makefile
+++ b/roms/Makefile
@@ -178,14 +178,12 @@ opensbi32-generic:
CROSS_COMPILE=$(riscv32_cross_prefix) \
PLATFORM="generic"
cp opensbi/build/platform/generic/firmware/fw_dynamic.bin 
../pc-bios/opensbi-riscv32-generic-fw_dynamic.bin
-   cp opensbi/build/platform/generic/firmware/fw_dynamic.elf 
../pc-bios/opensbi-riscv32-generic-fw_dynamic.elf
 
 opensbi64-generic:
$(MAKE) -C opensbi \
CROSS_COMPILE=$(riscv64_cross_prefix) \
PLATFORM="generic"
cp opensbi/build/platform/generic/firmware/fw_dynamic.bin 
../pc-bios/opensbi-riscv64-generic-fw_dynamic.bin
-   cp opensbi/build/platform/generic/firmware/fw_dynamic.elf 
../pc-bios/opensbi-riscv64-generic-fw_dynamic.elf
 
 MESON = meson
 NINJA = ninja
-- 
2.31.1

[PULL 31/61] target/riscv: rvv-1.0: Add Zve32f support for scalar fp insns

[Alistair Francis]

From: Frank Chang 

Zve32f extension requires the scalar processor to implement the F
extension and implement all vector floating-point instructions for
floating-point operands with EEW=32 (i.e., no widening floating-point
operations).

Signed-off-by: Frank Chang 
Reviewed-by: Alistair Francis 
Message-id: 20220118014522.13613-14-frank.ch...@sifive.com
Signed-off-by: Alistair Francis 
---
 target/riscv/insn_trans/trans_rvv.c.inc | 21 +
 1 file changed, 21 insertions(+)

diff --git a/target/riscv/insn_trans/trans_rvv.c.inc 
b/target/riscv/insn_trans/trans_rvv.c.inc
index fd6e74c232..fe4ad5d008 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -66,6 +66,17 @@ static bool require_scale_rvf(DisasContext *s)
 }
 }
 
+static bool require_zve32f(DisasContext *s)
+{
+/* RVV + Zve32f = RVV. */
+if (has_ext(s, RVV)) {
+return true;
+}
+
+/* Zve32f doesn't support FP64. (Section 18.2) */
+return s->ext_zve32f ? s->sew <= MO_32 : true;
+}
+
 static bool require_zve64f(DisasContext *s)
 {
 /* RVV + Zve64f = RVV. */
@@ -2229,6 +2240,7 @@ static bool opfvv_check(DisasContext *s, arg_rmrr *a)
require_rvf(s) &&
vext_check_isa_ill(s) &&
vext_check_sss(s, a->rd, a->rs1, a->rs2, a->vm) &&
+   require_zve32f(s) &&
require_zve64f(s);
 }
 
@@ -2310,6 +2322,7 @@ static bool opfvf_check(DisasContext *s, arg_rmrr *a)
require_rvf(s) &&
vext_check_isa_ill(s) &&
vext_check_ss(s, a->rd, a->rs2, a->vm) &&
+   require_zve32f(s) &&
require_zve64f(s);
 }
 
@@ -2532,6 +2545,7 @@ static bool opfv_check(DisasContext *s, arg_rmr *a)
vext_check_isa_ill(s) &&
/* OPFV instructions ignore vs1 check */
vext_check_ss(s, a->rd, a->rs2, a->vm) &&
+   require_zve32f(s) &&
require_zve64f(s);
 }
 
@@ -2598,6 +2612,7 @@ static bool opfvv_cmp_check(DisasContext *s, arg_rmrr *a)
require_rvf(s) &&
vext_check_isa_ill(s) &&
vext_check_mss(s, a->rd, a->rs1, a->rs2) &&
+   require_zve32f(s) &&
require_zve64f(s);
 }
 
@@ -2612,6 +2627,7 @@ static bool opfvf_cmp_check(DisasContext *s, arg_rmrr *a)
require_rvf(s) &&
vext_check_isa_ill(s) &&
vext_check_ms(s, a->rd, a->rs2) &&
+   require_zve32f(s) &&
require_zve64f(s);
 }
 
@@ -2634,6 +2650,7 @@ static bool trans_vfmv_v_f(DisasContext *s, arg_vfmv_v_f 
*a)
 require_rvf(s) &&
 vext_check_isa_ill(s) &&
 require_align(a->rd, s->lmul) &&
+require_zve32f(s) &&
 require_zve64f(s)) {
 gen_set_rm(s, RISCV_FRM_DYN);
 
@@ -3368,6 +3385,7 @@ static bool trans_vfmv_f_s(DisasContext *s, arg_vfmv_f_s 
*a)
 if (require_rvv(s) &&
 require_rvf(s) &&
 vext_check_isa_ill(s) &&
+require_zve32f(s) &&
 require_zve64f(s)) {
 gen_set_rm(s, RISCV_FRM_DYN);
 
@@ -3395,6 +3413,7 @@ static bool trans_vfmv_s_f(DisasContext *s, arg_vfmv_s_f 
*a)
 if (require_rvv(s) &&
 require_rvf(s) &&
 vext_check_isa_ill(s) &&
+require_zve32f(s) &&
 require_zve64f(s)) {
 gen_set_rm(s, RISCV_FRM_DYN);
 
@@ -3447,6 +3466,7 @@ static bool fslideup_check(DisasContext *s, arg_rmrr *a)
 {
 return slideup_check(s, a) &&
require_rvf(s) &&
+   require_zve32f(s) &&
require_zve64f(s);
 }
 
@@ -3454,6 +3474,7 @@ static bool fslidedown_check(DisasContext *s, arg_rmrr *a)
 {
 return slidedown_check(s, a) &&
require_rvf(s) &&
+   require_zve32f(s) &&
require_zve64f(s);
 }
 
-- 
2.31.1

[PULL 30/61] target/riscv: rvv-1.0: Add Zve32f support for configuration insns

[Alistair Francis]

From: Frank Chang 

All Zve* extensions support the vector configuration instructions.

Signed-off-by: Frank Chang 
Reviewed-by: Alistair Francis 
Message-id: 20220118014522.13613-13-frank.ch...@sifive.com
Signed-off-by: Alistair Francis 
---
 target/riscv/insn_trans/trans_rvv.c.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvv.c.inc 
b/target/riscv/insn_trans/trans_rvv.c.inc
index 9fa3862620..fd6e74c232 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -152,7 +152,7 @@ static bool do_vsetvl(DisasContext *s, int rd, int rs1, 
TCGv s2)
 TCGv s1, dst;
 
 if (!require_rvv(s) ||
-!(has_ext(s, RVV) || s->ext_zve64f)) {
+!(has_ext(s, RVV) || s->ext_zve32f || s->ext_zve64f)) {
 return false;
 }
 
@@ -188,7 +188,7 @@ static bool do_vsetivli(DisasContext *s, int rd, TCGv s1, 
TCGv s2)
 TCGv dst;
 
 if (!require_rvv(s) ||
-!(has_ext(s, RVV) || s->ext_zve64f)) {
+!(has_ext(s, RVV) || s->ext_zve32f || s->ext_zve64f)) {
 return false;
 }
 
-- 
2.31.1

[PULL 52/61] target/riscv: Split pm_enabled into mask and base

[Alistair Francis]

From: LIU Zhiwei 

Use cached cur_pmmask and cur_pmbase to infer the
current PM mode.

This may decrease the TCG IR by one when pm_enabled
is true and pm_base_enabled is false.

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
Message-id: 20220120122050.41546-15-zhiwei_...@c-sky.com
Signed-off-by: Alistair Francis 
---
 target/riscv/cpu.h|  3 ++-
 target/riscv/cpu_helper.c | 24 ++--
 target/riscv/translate.c  | 12 
 3 files changed, 16 insertions(+), 23 deletions(-)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 6fe842edfd..89621e1996 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -448,7 +448,8 @@ FIELD(TB_FLAGS, MSTATUS_HS_VS, 18, 2)
 /* The combination of MXL/SXL/UXL that applies to the current cpu mode. */
 FIELD(TB_FLAGS, XL, 20, 2)
 /* If PointerMasking should be applied */
-FIELD(TB_FLAGS, PM_ENABLED, 22, 1)
+FIELD(TB_FLAGS, PM_MASK_ENABLED, 22, 1)
+FIELD(TB_FLAGS, PM_BASE_ENABLED, 23, 1)
 
 #ifdef TARGET_RISCV32
 #define riscv_cpu_mxl(env)  ((void)(env), MXL_RV32)
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index b239d721f4..502aee84ab 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -97,27 +97,15 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong 
*pc,
 flags = FIELD_DP32(flags, TB_FLAGS, MSTATUS_HS_VS,
get_field(env->mstatus_hs, MSTATUS_VS));
 }
-if (riscv_has_ext(env, RVJ)) {
-int priv = flags & TB_FLAGS_PRIV_MMU_MASK;
-bool pm_enabled = false;
-switch (priv) {
-case PRV_U:
-pm_enabled = env->mmte & U_PM_ENABLE;
-break;
-case PRV_S:
-pm_enabled = env->mmte & S_PM_ENABLE;
-break;
-case PRV_M:
-pm_enabled = env->mmte & M_PM_ENABLE;
-break;
-default:
-g_assert_not_reached();
-}
-flags = FIELD_DP32(flags, TB_FLAGS, PM_ENABLED, pm_enabled);
-}
 #endif
 
 flags = FIELD_DP32(flags, TB_FLAGS, XL, env->xl);
+if (env->cur_pmmask < (env->xl == MXL_RV32 ? UINT32_MAX : UINT64_MAX)) {
+flags = FIELD_DP32(flags, TB_FLAGS, PM_MASK_ENABLED, 1);
+}
+if (env->cur_pmbase != 0) {
+flags = FIELD_DP32(flags, TB_FLAGS, PM_BASE_ENABLED, 1);
+}
 
 *pflags = flags;
 }
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 33564d059d..f0bbe80875 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -108,7 +108,8 @@ typedef struct DisasContext {
 /* Space for 3 operands plus 1 extra for address computation. */
 TCGv temp[4];
 /* PointerMasking extension */
-bool pm_enabled;
+bool pm_mask_enabled;
+bool pm_base_enabled;
 } DisasContext;
 
 static inline bool has_ext(DisasContext *ctx, uint32_t ext)
@@ -397,12 +398,14 @@ static TCGv get_address(DisasContext *ctx, int rs1, int 
imm)
 TCGv src1 = get_gpr(ctx, rs1, EXT_NONE);
 
 tcg_gen_addi_tl(addr, src1, imm);
-if (ctx->pm_enabled) {
+if (ctx->pm_mask_enabled) {
 tcg_gen_and_tl(addr, addr, pm_mask);
-tcg_gen_or_tl(addr, addr, pm_base);
 } else if (get_xl(ctx) == MXL_RV32) {
 tcg_gen_ext32u_tl(addr, addr);
 }
+if (ctx->pm_base_enabled) {
+tcg_gen_or_tl(addr, addr, pm_base);
+}
 return addr;
 }
 
@@ -925,7 +928,8 @@ static void riscv_tr_init_disas_context(DisasContextBase 
*dcbase, CPUState *cs)
 ctx->cs = cs;
 ctx->ntemp = 0;
 memset(ctx->temp, 0, sizeof(ctx->temp));
-ctx->pm_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_ENABLED);
+ctx->pm_mask_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_MASK_ENABLED);
+ctx->pm_base_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_BASE_ENABLED);
 ctx->zero = tcg_constant_tl(0);
 }
 
-- 
2.31.1

[PULL 58/61] target/riscv: Adjust scalar reg in vector with XLEN

[Alistair Francis]

From: LIU Zhiwei 

When sew <= 32bits, not need to extend scalar reg.
When sew > 32bits, if xlen is less that sew, we should sign extend
the scalar register, except explicitly specified by the spec.

Signed-off-by: LIU Zhiwei 
Reviewed-by: Alistair Francis 
Message-id: 20220120122050.41546-21-zhiwei_...@c-sky.com
Signed-off-by: Alistair Francis 
---
 target/riscv/insn_trans/trans_rvv.c.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/riscv/insn_trans/trans_rvv.c.inc 
b/target/riscv/insn_trans/trans_rvv.c.inc
index e03959c46f..f85a9e83b4 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -1258,7 +1258,7 @@ static bool opivx_trans(uint32_t vd, uint32_t rs1, 
uint32_t vs2, uint32_t vm,
 dest = tcg_temp_new_ptr();
 mask = tcg_temp_new_ptr();
 src2 = tcg_temp_new_ptr();
-src1 = get_gpr(s, rs1, EXT_NONE);
+src1 = get_gpr(s, rs1, EXT_SIGN);
 
 data = FIELD_DP32(data, VDATA, VM, vm);
 data = FIELD_DP32(data, VDATA, LMUL, s->lmul);
-- 
2.31.1

[PULL 27/61] target/riscv: rvv-1.0: Add Zve64f support for narrowing type-convert insns

[Alistair Francis]

From: Frank Chang 

Vector narrowing conversion instructions are provided to and from all
supported integer EEWs for Zve64f extension.

Signed-off-by: Frank Chang 
Reviewed-by: Alistair Francis 
Message-id: 20220118014522.13613-10-frank.ch...@sifive.com
Signed-off-by: Alistair Francis 
---
 target/riscv/insn_trans/trans_rvv.c.inc | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvv.c.inc 
b/target/riscv/insn_trans/trans_rvv.c.inc
index 58f12366dd..9fa3862620 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -2826,14 +2826,16 @@ static bool opfxv_narrow_check(DisasContext *s, arg_rmr 
*a)
 {
 return opfv_narrow_check(s, a) &&
require_rvf(s) &&
-   (s->sew != MO_64);
+   (s->sew != MO_64) &&
+   require_zve64f(s);
 }
 
 static bool opffv_narrow_check(DisasContext *s, arg_rmr *a)
 {
 return opfv_narrow_check(s, a) &&
require_scale_rvf(s) &&
-   (s->sew != MO_8);
+   (s->sew != MO_8) &&
+   require_scale_zve64f(s);
 }
 
 #define GEN_OPFV_NARROW_TRANS(NAME, CHECK, HELPER, FRM)\
@@ -2882,7 +2884,8 @@ static bool opxfv_narrow_check(DisasContext *s, arg_rmr 
*a)
require_scale_rvf(s) &&
vext_check_isa_ill(s) &&
/* OPFV narrowing instructions ignore vs1 check */
-   vext_check_sd(s, a->rd, a->rs2, a->vm);
+   vext_check_sd(s, a->rd, a->rs2, a->vm) &&
+   require_scale_zve64f(s);
 }
 
 #define GEN_OPXFV_NARROW_TRANS(NAME, HELPER, FRM)  \
-- 
2.31.1

[PULL 26/61] target/riscv: rvv-1.0: Add Zve64f support for widening type-convert insns

[Alistair Francis]

From: Frank Chang 

Vector widening conversion instructions are provided to and from all
supported integer EEWs for Zve64f extension.

Signed-off-by: Frank Chang 
Reviewed-by: Alistair Francis 
Message-id: 20220118014522.13613-9-frank.ch...@sifive.com
Signed-off-by: Alistair Francis 
---
 target/riscv/insn_trans/trans_rvv.c.inc | 32 +++--
 1 file changed, 25 insertions(+), 7 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvv.c.inc 
b/target/riscv/insn_trans/trans_rvv.c.inc
index 08f25e3ce4..58f12366dd 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -77,6 +77,17 @@ static bool require_zve64f(DisasContext *s)
 return s->ext_zve64f ? s->sew <= MO_32 : true;
 }
 
+static bool require_scale_zve64f(DisasContext *s)
+{
+/* RVV + Zve64f = RVV. */
+if (has_ext(s, RVV)) {
+return true;
+}
+
+/* Zve64f doesn't support FP64. (Section 18.2) */
+return s->ext_zve64f ? s->sew <= MO_16 : true;
+}
+
 /* Destination vector register group cannot overlap source mask register. */
 static bool require_vm(int vm, int vd)
 {
@@ -2333,7 +2344,8 @@ static bool opfvv_widen_check(DisasContext *s, arg_rmrr 
*a)
require_scale_rvf(s) &&
(s->sew != MO_8) &&
vext_check_isa_ill(s) &&
-   vext_check_dss(s, a->rd, a->rs1, a->rs2, a->vm);
+   vext_check_dss(s, a->rd, a->rs1, a->rs2, a->vm) &&
+   require_scale_zve64f(s);
 }
 
 /* OPFVV with WIDEN */
@@ -2372,7 +2384,8 @@ static bool opfvf_widen_check(DisasContext *s, arg_rmrr 
*a)
require_scale_rvf(s) &&
(s->sew != MO_8) &&
vext_check_isa_ill(s) &&
-   vext_check_ds(s, a->rd, a->rs2, a->vm);
+   vext_check_ds(s, a->rd, a->rs2, a->vm) &&
+   require_scale_zve64f(s);
 }
 
 /* OPFVF with WIDEN */
@@ -2402,7 +2415,8 @@ static bool opfwv_widen_check(DisasContext *s, arg_rmrr 
*a)
require_scale_rvf(s) &&
(s->sew != MO_8) &&
vext_check_isa_ill(s) &&
-   vext_check_dds(s, a->rd, a->rs1, a->rs2, a->vm);
+   vext_check_dds(s, a->rd, a->rs1, a->rs2, a->vm) &&
+   require_scale_zve64f(s);
 }
 
 /* WIDEN OPFVV with WIDEN */
@@ -2441,7 +2455,8 @@ static bool opfwf_widen_check(DisasContext *s, arg_rmrr 
*a)
require_scale_rvf(s) &&
(s->sew != MO_8) &&
vext_check_isa_ill(s) &&
-   vext_check_dd(s, a->rd, a->rs2, a->vm);
+   vext_check_dd(s, a->rd, a->rs2, a->vm) &&
+   require_scale_zve64f(s);
 }
 
 /* WIDEN OPFVF with WIDEN */
@@ -2700,14 +2715,16 @@ static bool opfv_widen_check(DisasContext *s, arg_rmr 
*a)
 static bool opxfv_widen_check(DisasContext *s, arg_rmr *a)
 {
 return opfv_widen_check(s, a) &&
-   require_rvf(s);
+   require_rvf(s) &&
+   require_zve64f(s);
 }
 
 static bool opffv_widen_check(DisasContext *s, arg_rmr *a)
 {
 return opfv_widen_check(s, a) &&
require_scale_rvf(s) &&
-   (s->sew != MO_8);
+   (s->sew != MO_8) &&
+   require_scale_zve64f(s);
 }
 
 #define GEN_OPFV_WIDEN_TRANS(NAME, CHECK, HELPER, FRM) \
@@ -2758,7 +2775,8 @@ static bool opfxv_widen_check(DisasContext *s, arg_rmr *a)
require_scale_rvf(s) &&
vext_check_isa_ill(s) &&
/* OPFV widening instructions ignore vs1 check */
-   vext_check_ds(s, a->rd, a->rs2, a->vm);
+   vext_check_ds(s, a->rd, a->rs2, a->vm) &&
+   require_scale_zve64f(s);
 }
 
 #define GEN_OPFXV_WIDEN_TRANS(NAME)\
-- 
2.31.1

[PULL 25/61] target/riscv: rvv-1.0: Add Zve64f support for single-width fp reduction insns

[Alistair Francis]

From: Frank Chang 

Vector single-width floating-point reduction operations for EEW=32 are
supported for Zve64f extension.

Signed-off-by: Frank Chang 
Reviewed-by: Alistair Francis 
Message-id: 20220118014522.13613-8-frank.ch...@sifive.com
Signed-off-by: Alistair Francis 
---
 target/riscv/insn_trans/trans_rvv.c.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/riscv/insn_trans/trans_rvv.c.inc 
b/target/riscv/insn_trans/trans_rvv.c.inc
index 56246a5d88..08f25e3ce4 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -2937,7 +2937,8 @@ GEN_OPIVV_WIDEN_TRANS(vwredsumu_vs, reduction_widen_check)
 static bool freduction_check(DisasContext *s, arg_rmrr *a)
 {
 return reduction_check(s, a) &&
-   require_rvf(s);
+   require_rvf(s) &&
+   require_zve64f(s);
 }
 
 GEN_OPFVV_TRANS(vfredsum_vs, freduction_check)
-- 
2.31.1

[PULL 47/61] target/riscv: Relax debug check for pm write

[Alistair Francis]

From: LIU Zhiwei 

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
Message-id: 20220120122050.41546-10-zhiwei_...@c-sky.com
Signed-off-by: Alistair Francis 
---
 target/riscv/csr.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 9be2820d2b..c00a82022e 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -1556,6 +1556,9 @@ static bool check_pm_current_disabled(CPURISCVState *env, 
int csrno)
 int csr_priv = get_field(csrno, 0x300);
 int pm_current;
 
+if (env->debugger) {
+return false;
+}
 /*
  * If priv lvls differ that means we're accessing csr from higher priv lvl,
  * so allow the access
-- 
2.31.1

[PULL 23/61] target/riscv: rvv-1.0: Add Zve64f support for vsmul.vv and vsmul.vx insns

[Alistair Francis]

From: Frank Chang 

All Zve* extensions support all vector fixed-point arithmetic
instructions, except that vsmul.vv and vsmul.vx are not supported
for EEW=64 in Zve64*.

Signed-off-by: Frank Chang 
Reviewed-by: Alistair Francis 
Message-id: 20220118014522.13613-6-frank.ch...@sifive.com
Signed-off-by: Alistair Francis 
---
 target/riscv/insn_trans/trans_rvv.c.inc | 27 +++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvv.c.inc 
b/target/riscv/insn_trans/trans_rvv.c.inc
index e64a28..8e493b7933 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -2123,8 +2123,31 @@ GEN_OPIVX_TRANS(vasub_vx,  opivx_check)
 GEN_OPIVX_TRANS(vasubu_vx,  opivx_check)
 
 /* Vector Single-Width Fractional Multiply with Rounding and Saturation */
-GEN_OPIVV_TRANS(vsmul_vv, opivv_check)
-GEN_OPIVX_TRANS(vsmul_vx,  opivx_check)
+
+static bool vsmul_vv_check(DisasContext *s, arg_rmrr *a)
+{
+/*
+ * All Zve* extensions support all vector fixed-point arithmetic
+ * instructions, except that vsmul.vv and vsmul.vx are not supported
+ * for EEW=64 in Zve64*. (Section 18.2)
+ */
+return opivv_check(s, a) &&
+   (!has_ext(s, RVV) && s->ext_zve64f ? s->sew != MO_64 : true);
+}
+
+static bool vsmul_vx_check(DisasContext *s, arg_rmrr *a)
+{
+/*
+ * All Zve* extensions support all vector fixed-point arithmetic
+ * instructions, except that vsmul.vv and vsmul.vx are not supported
+ * for EEW=64 in Zve64*. (Section 18.2)
+ */
+return opivx_check(s, a) &&
+   (!has_ext(s, RVV) && s->ext_zve64f ? s->sew != MO_64 : true);
+}
+
+GEN_OPIVV_TRANS(vsmul_vv, vsmul_vv_check)
+GEN_OPIVX_TRANS(vsmul_vx,  vsmul_vx_check)
 
 /* Vector Single-Width Scaling Shift Instructions */
 GEN_OPIVV_TRANS(vssrl_vv, opivv_check)
-- 
2.31.1

[PULL 29/61] target/riscv: rvv-1.0: Add Zve32f extension into RISC-V

[Alistair Francis]

From: Frank Chang 

Signed-off-by: Frank Chang 
Reviewed-by: Alistair Francis 
Message-id: 20220118014522.13613-12-frank.ch...@sifive.com
Signed-off-by: Alistair Francis 
---
 target/riscv/cpu.h| 1 +
 target/riscv/cpu.c| 4 ++--
 target/riscv/cpu_helper.c | 2 +-
 target/riscv/csr.c| 2 +-
 target/riscv/translate.c  | 2 ++
 5 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 424bdcc7fa..03552f4aaa 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -340,6 +340,7 @@ struct RISCVCPU {
 bool ext_icsr;
 bool ext_zfh;
 bool ext_zfhmin;
+bool ext_zve32f;
 bool ext_zve64f;
 
 char *priv_spec;
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 4f3d733db4..ef269378de 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -609,8 +609,8 @@ static void riscv_cpu_realize(DeviceState *dev, Error 
**errp)
 }
 set_vext_version(env, vext_version);
 }
-if (cpu->cfg.ext_zve64f && !cpu->cfg.ext_f) {
-error_setg(errp, "Zve64f extension depends upon RVF.");
+if ((cpu->cfg.ext_zve32f || cpu->cfg.ext_zve64f) && !cpu->cfg.ext_f) {
+error_setg(errp, "Zve32f/Zve64f extension depends upon RVF.");
 return;
 }
 if (cpu->cfg.ext_j) {
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 43d498aae1..afee770951 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -77,7 +77,7 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong 
*pc,
 *pc = env->pc;
 *cs_base = 0;
 
-if (riscv_has_ext(env, RVV) || cpu->cfg.ext_zve64f) {
+if (riscv_has_ext(env, RVV) || cpu->cfg.ext_zve32f || cpu->cfg.ext_zve64f) 
{
 /*
  * If env->vl equals to VLMAX, we can use generic vector operation
  * expanders (GVEC) to accerlate the vector operations.
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index e9311cfd9d..a9e7ac903b 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -51,7 +51,7 @@ static RISCVException vs(CPURISCVState *env, int csrno)
 RISCVCPU *cpu = RISCV_CPU(cs);
 
 if (env->misa_ext & RVV ||
-cpu->cfg.ext_zve64f) {
+cpu->cfg.ext_zve32f || cpu->cfg.ext_zve64f) {
 #if !defined(CONFIG_USER_ONLY)
 if (!env->debugger && !riscv_cpu_vector_enabled(env)) {
 return RISCV_EXCP_ILLEGAL_INST;
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index d3c0d44e2e..330904265e 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -79,6 +79,7 @@ typedef struct DisasContext {
 bool ext_ifencei;
 bool ext_zfh;
 bool ext_zfhmin;
+bool ext_zve32f;
 bool ext_zve64f;
 bool hlsx;
 /* vector extension */
@@ -895,6 +896,7 @@ static void riscv_tr_init_disas_context(DisasContextBase 
*dcbase, CPUState *cs)
 ctx->ext_ifencei = cpu->cfg.ext_ifencei;
 ctx->ext_zfh = cpu->cfg.ext_zfh;
 ctx->ext_zfhmin = cpu->cfg.ext_zfhmin;
+ctx->ext_zve32f = cpu->cfg.ext_zve32f;
 ctx->ext_zve64f = cpu->cfg.ext_zve64f;
 ctx->vlen = cpu->cfg.vlen;
 ctx->elen = cpu->cfg.elen;
-- 
2.31.1

[PULL 22/61] target/riscv: rvv-1.0: Add Zve64f support for vmulh variant insns

[Alistair Francis]

From: Frank Chang 

All Zve* extensions support all vector integer instructions,
except that the vmulh integer multiply variants that return the
high word of the product (vmulh.vv, vmulh.vx, vmulhu.vv, vmulhu.vx,
vmulhsu.vv, vmulhsu.vx) are not included for EEW=64 in Zve64*.

Signed-off-by: Frank Chang 
Reviewed-by: Alistair Francis 
Message-id: 20220118014522.13613-5-frank.ch...@sifive.com
Signed-off-by: Alistair Francis 
---
 target/riscv/insn_trans/trans_rvv.c.inc | 39 +
 1 file changed, 33 insertions(+), 6 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvv.c.inc 
b/target/riscv/insn_trans/trans_rvv.c.inc
index 0bf41aaa1e..e64a28 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -1908,14 +1908,41 @@ GEN_OPIVX_TRANS(vmaxu_vx, opivx_check)
 GEN_OPIVX_TRANS(vmax_vx,  opivx_check)
 
 /* Vector Single-Width Integer Multiply Instructions */
+
+static bool vmulh_vv_check(DisasContext *s, arg_rmrr *a)
+{
+/*
+ * All Zve* extensions support all vector integer instructions,
+ * except that the vmulh integer multiply variants
+ * that return the high word of the product
+ * (vmulh.vv, vmulh.vx, vmulhu.vv, vmulhu.vx, vmulhsu.vv, vmulhsu.vx)
+ * are not included for EEW=64 in Zve64*. (Section 18.2)
+ */
+return opivv_check(s, a) &&
+   (!has_ext(s, RVV) && s->ext_zve64f ? s->sew != MO_64 : true);
+}
+
+static bool vmulh_vx_check(DisasContext *s, arg_rmrr *a)
+{
+/*
+ * All Zve* extensions support all vector integer instructions,
+ * except that the vmulh integer multiply variants
+ * that return the high word of the product
+ * (vmulh.vv, vmulh.vx, vmulhu.vv, vmulhu.vx, vmulhsu.vv, vmulhsu.vx)
+ * are not included for EEW=64 in Zve64*. (Section 18.2)
+ */
+return opivx_check(s, a) &&
+   (!has_ext(s, RVV) && s->ext_zve64f ? s->sew != MO_64 : true);
+}
+
 GEN_OPIVV_GVEC_TRANS(vmul_vv,  mul)
-GEN_OPIVV_TRANS(vmulh_vv, opivv_check)
-GEN_OPIVV_TRANS(vmulhu_vv, opivv_check)
-GEN_OPIVV_TRANS(vmulhsu_vv, opivv_check)
+GEN_OPIVV_TRANS(vmulh_vv, vmulh_vv_check)
+GEN_OPIVV_TRANS(vmulhu_vv, vmulh_vv_check)
+GEN_OPIVV_TRANS(vmulhsu_vv, vmulh_vv_check)
 GEN_OPIVX_GVEC_TRANS(vmul_vx,  muls)
-GEN_OPIVX_TRANS(vmulh_vx, opivx_check)
-GEN_OPIVX_TRANS(vmulhu_vx, opivx_check)
-GEN_OPIVX_TRANS(vmulhsu_vx, opivx_check)
+GEN_OPIVX_TRANS(vmulh_vx, vmulh_vx_check)
+GEN_OPIVX_TRANS(vmulhu_vx, vmulh_vx_check)
+GEN_OPIVX_TRANS(vmulhsu_vx, vmulh_vx_check)
 
 /* Vector Integer Divide Instructions */
 GEN_OPIVV_TRANS(vdivu_vv, opivv_check)
-- 
2.31.1

[PULL 51/61] target/riscv: Calculate address according to XLEN

[Alistair Francis]

From: LIU Zhiwei 

Define one common function to compute a canonical address from a register
plus offset. Merge gen_pm_adjust_address into this function.

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
Message-id: 20220120122050.41546-14-zhiwei_...@c-sky.com
Signed-off-by: Alistair Francis 
---
 target/riscv/translate.c| 25 -
 target/riscv/insn_trans/trans_rva.c.inc |  9 +++--
 target/riscv/insn_trans/trans_rvd.c.inc | 19 ++-
 target/riscv/insn_trans/trans_rvf.c.inc | 19 ++-
 target/riscv/insn_trans/trans_rvi.c.inc | 18 ++
 5 files changed, 21 insertions(+), 69 deletions(-)

diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 43e2ec6dce..33564d059d 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -390,21 +390,20 @@ static void gen_jal(DisasContext *ctx, int rd, 
target_ulong imm)
 ctx->base.is_jmp = DISAS_NORETURN;
 }
 
-/*
- * Generates address adjustment for PointerMasking
- */
-static TCGv gen_pm_adjust_address(DisasContext *s, TCGv src)
+/* Compute a canonical address from a register plus offset. */
+static TCGv get_address(DisasContext *ctx, int rs1, int imm)
 {
-TCGv temp;
-if (!s->pm_enabled) {
-/* Load unmodified address */
-return src;
-} else {
-temp = temp_new(s);
-tcg_gen_andc_tl(temp, src, pm_mask);
-tcg_gen_or_tl(temp, temp, pm_base);
-return temp;
+TCGv addr = temp_new(ctx);
+TCGv src1 = get_gpr(ctx, rs1, EXT_NONE);
+
+tcg_gen_addi_tl(addr, src1, imm);
+if (ctx->pm_enabled) {
+tcg_gen_and_tl(addr, addr, pm_mask);
+tcg_gen_or_tl(addr, addr, pm_base);
+} else if (get_xl(ctx) == MXL_RV32) {
+tcg_gen_ext32u_tl(addr, addr);
 }
+return addr;
 }
 
 #ifndef CONFIG_USER_ONLY
diff --git a/target/riscv/insn_trans/trans_rva.c.inc 
b/target/riscv/insn_trans/trans_rva.c.inc
index 86032fa9a7..45db82c9be 100644
--- a/target/riscv/insn_trans/trans_rva.c.inc
+++ b/target/riscv/insn_trans/trans_rva.c.inc
@@ -20,12 +20,11 @@
 
 static bool gen_lr(DisasContext *ctx, arg_atomic *a, MemOp mop)
 {
-TCGv src1 = get_gpr(ctx, a->rs1, EXT_ZERO);
+TCGv src1 = get_address(ctx, a->rs1, 0);
 
 if (a->rl) {
 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
 }
-src1 = gen_pm_adjust_address(ctx, src1);
 tcg_gen_qemu_ld_tl(load_val, src1, ctx->mem_idx, mop);
 if (a->aq) {
 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
@@ -44,8 +43,7 @@ static bool gen_sc(DisasContext *ctx, arg_atomic *a, MemOp 
mop)
 TCGLabel *l1 = gen_new_label();
 TCGLabel *l2 = gen_new_label();
 
-src1 = get_gpr(ctx, a->rs1, EXT_ZERO);
-src1 = gen_pm_adjust_address(ctx, src1);
+src1 = get_address(ctx, a->rs1, 0);
 tcg_gen_brcond_tl(TCG_COND_NE, load_res, src1, l1);
 
 /*
@@ -83,10 +81,9 @@ static bool gen_amo(DisasContext *ctx, arg_atomic *a,
 MemOp mop)
 {
 TCGv dest = dest_gpr(ctx, a->rd);
-TCGv src1 = get_gpr(ctx, a->rs1, EXT_NONE);
+TCGv src1 = get_address(ctx, a->rs1, 0);
 TCGv src2 = get_gpr(ctx, a->rs2, EXT_NONE);
 
-src1 = gen_pm_adjust_address(ctx, src1);
 func(dest, src1, src2, ctx->mem_idx, mop);
 
 gen_set_gpr(ctx, a->rd, dest);
diff --git a/target/riscv/insn_trans/trans_rvd.c.inc 
b/target/riscv/insn_trans/trans_rvd.c.inc
index ed444b042a..091ed3a8ad 100644
--- a/target/riscv/insn_trans/trans_rvd.c.inc
+++ b/target/riscv/insn_trans/trans_rvd.c.inc
@@ -25,14 +25,7 @@ static bool trans_fld(DisasContext *ctx, arg_fld *a)
 REQUIRE_FPU;
 REQUIRE_EXT(ctx, RVD);
 
-addr = get_gpr(ctx, a->rs1, EXT_NONE);
-if (a->imm) {
-TCGv temp = temp_new(ctx);
-tcg_gen_addi_tl(temp, addr, a->imm);
-addr = temp;
-}
-addr = gen_pm_adjust_address(ctx, addr);
-
+addr = get_address(ctx, a->rs1, a->imm);
 tcg_gen_qemu_ld_i64(cpu_fpr[a->rd], addr, ctx->mem_idx, MO_TEUQ);
 
 mark_fs_dirty(ctx);
@@ -46,16 +39,8 @@ static bool trans_fsd(DisasContext *ctx, arg_fsd *a)
 REQUIRE_FPU;
 REQUIRE_EXT(ctx, RVD);
 
-addr = get_gpr(ctx, a->rs1, EXT_NONE);
-if (a->imm) {
-TCGv temp = temp_new(ctx);
-tcg_gen_addi_tl(temp, addr, a->imm);
-addr = temp;
-}
-addr = gen_pm_adjust_address(ctx, addr);
-
+addr = get_address(ctx, a->rs1, a->imm);
 tcg_gen_qemu_st_i64(cpu_fpr[a->rs2], addr, ctx->mem_idx, MO_TEUQ);
-
 return true;
 }
 
diff --git a/target/riscv/insn_trans/trans_rvf.c.inc 
b/target/riscv/insn_trans/trans_rvf.c.inc
index b5459249c4..0aac87f7db 100644
--- a/target/riscv/insn_trans/trans_rvf.c.inc
+++ b/target/riscv/insn_trans/trans_rvf.c.inc
@@ -31,14 +31,7 @@ static bool trans_flw(DisasContext *ctx, arg_flw *a)
 REQUIRE_FPU;
 REQUIRE_EXT(ctx, RVF);
 
-addr = get_gpr(ctx, a->rs1, EXT_NONE);
-if (a->imm) {
-TCGv temp = temp_new(ctx);
-

[PULL 24/61] target/riscv: rvv-1.0: Add Zve64f support for scalar fp insns

[Alistair Francis]

From: Frank Chang 

Zve64f extension requires the scalar processor to implement the F
extension and implement all vector floating-point instructions for
floating-point operands with EEW=32 (i.e., no widening floating-point
operations).

Signed-off-by: Frank Chang 
Reviewed-by: Alistair Francis 
Message-id: 20220118014522.13613-7-frank.ch...@sifive.com
Signed-off-by: Alistair Francis 
---
 target/riscv/insn_trans/trans_rvv.c.inc | 41 +++--
 1 file changed, 31 insertions(+), 10 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvv.c.inc 
b/target/riscv/insn_trans/trans_rvv.c.inc
index 8e493b7933..56246a5d88 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -66,6 +66,17 @@ static bool require_scale_rvf(DisasContext *s)
 }
 }
 
+static bool require_zve64f(DisasContext *s)
+{
+/* RVV + Zve64f = RVV. */
+if (has_ext(s, RVV)) {
+return true;
+}
+
+/* Zve64f doesn't support FP64. (Section 18.2) */
+return s->ext_zve64f ? s->sew <= MO_32 : true;
+}
+
 /* Destination vector register group cannot overlap source mask register. */
 static bool require_vm(int vm, int vd)
 {
@@ -2206,7 +2217,8 @@ static bool opfvv_check(DisasContext *s, arg_rmrr *a)
 return require_rvv(s) &&
require_rvf(s) &&
vext_check_isa_ill(s) &&
-   vext_check_sss(s, a->rd, a->rs1, a->rs2, a->vm);
+   vext_check_sss(s, a->rd, a->rs1, a->rs2, a->vm) &&
+   require_zve64f(s);
 }
 
 /* OPFVV without GVEC IR */
@@ -2286,7 +2298,8 @@ static bool opfvf_check(DisasContext *s, arg_rmrr *a)
 return require_rvv(s) &&
require_rvf(s) &&
vext_check_isa_ill(s) &&
-   vext_check_ss(s, a->rd, a->rs2, a->vm);
+   vext_check_ss(s, a->rd, a->rs2, a->vm) &&
+   require_zve64f(s);
 }
 
 /* OPFVF without GVEC IR */
@@ -2503,7 +2516,8 @@ static bool opfv_check(DisasContext *s, arg_rmr *a)
require_rvf(s) &&
vext_check_isa_ill(s) &&
/* OPFV instructions ignore vs1 check */
-   vext_check_ss(s, a->rd, a->rs2, a->vm);
+   vext_check_ss(s, a->rd, a->rs2, a->vm) &&
+   require_zve64f(s);
 }
 
 static bool do_opfv(DisasContext *s, arg_rmr *a,
@@ -2568,7 +2582,8 @@ static bool opfvv_cmp_check(DisasContext *s, arg_rmrr *a)
 return require_rvv(s) &&
require_rvf(s) &&
vext_check_isa_ill(s) &&
-   vext_check_mss(s, a->rd, a->rs1, a->rs2);
+   vext_check_mss(s, a->rd, a->rs1, a->rs2) &&
+   require_zve64f(s);
 }
 
 GEN_OPFVV_TRANS(vmfeq_vv, opfvv_cmp_check)
@@ -2581,7 +2596,8 @@ static bool opfvf_cmp_check(DisasContext *s, arg_rmrr *a)
 return require_rvv(s) &&
require_rvf(s) &&
vext_check_isa_ill(s) &&
-   vext_check_ms(s, a->rd, a->rs2);
+   vext_check_ms(s, a->rd, a->rs2) &&
+   require_zve64f(s);
 }
 
 GEN_OPFVF_TRANS(vmfeq_vf, opfvf_cmp_check)
@@ -2602,7 +2618,8 @@ static bool trans_vfmv_v_f(DisasContext *s, arg_vfmv_v_f 
*a)
 if (require_rvv(s) &&
 require_rvf(s) &&
 vext_check_isa_ill(s) &&
-require_align(a->rd, s->lmul)) {
+require_align(a->rd, s->lmul) &&
+require_zve64f(s)) {
 gen_set_rm(s, RISCV_FRM_DYN);
 
 TCGv_i64 t1;
@@ -3328,7 +3345,8 @@ static bool trans_vfmv_f_s(DisasContext *s, arg_vfmv_f_s 
*a)
 {
 if (require_rvv(s) &&
 require_rvf(s) &&
-vext_check_isa_ill(s)) {
+vext_check_isa_ill(s) &&
+require_zve64f(s)) {
 gen_set_rm(s, RISCV_FRM_DYN);
 
 unsigned int ofs = (8 << s->sew);
@@ -3354,7 +3372,8 @@ static bool trans_vfmv_s_f(DisasContext *s, arg_vfmv_s_f 
*a)
 {
 if (require_rvv(s) &&
 require_rvf(s) &&
-vext_check_isa_ill(s)) {
+vext_check_isa_ill(s) &&
+require_zve64f(s)) {
 gen_set_rm(s, RISCV_FRM_DYN);
 
 /* The instructions ignore LMUL and vector register group. */
@@ -3405,13 +3424,15 @@ GEN_OPIVI_TRANS(vslidedown_vi, IMM_ZX, vslidedown_vx, 
slidedown_check)
 static bool fslideup_check(DisasContext *s, arg_rmrr *a)
 {
 return slideup_check(s, a) &&
-   require_rvf(s);
+   require_rvf(s) &&
+   require_zve64f(s);
 }
 
 static bool fslidedown_check(DisasContext *s, arg_rmrr *a)
 {
 return slidedown_check(s, a) &&
-   require_rvf(s);
+   require_rvf(s) &&
+   require_zve64f(s);
 }
 
 GEN_OPFVF_TRANS(vfslide1up_vf, fslideup_check)
-- 
2.31.1

[PULL 32/61] target/riscv: rvv-1.0: Add Zve32f support for single-width fp reduction insns

[Alistair Francis]

From: Frank Chang 

Vector single-width floating-point reduction operations for EEW=32 are
supported for Zve32f extension.

Signed-off-by: Frank Chang 
Reviewed-by: Alistair Francis 
Message-id: 20220118014522.13613-15-frank.ch...@sifive.com
Signed-off-by: Alistair Francis 
---
 target/riscv/insn_trans/trans_rvv.c.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/riscv/insn_trans/trans_rvv.c.inc 
b/target/riscv/insn_trans/trans_rvv.c.inc
index fe4ad5d008..b02bb555a6 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -2976,6 +2976,7 @@ static bool freduction_check(DisasContext *s, arg_rmrr *a)
 {
 return reduction_check(s, a) &&
require_rvf(s) &&
+   require_zve32f(s) &&
require_zve64f(s);
 }
 
-- 
2.31.1

[PULL 19/61] target/riscv: rvv-1.0: Add Zve64f extension into RISC-V

[Alistair Francis]

From: Frank Chang 

Signed-off-by: Frank Chang 
Reviewed-by: Alistair Francis 
Message-id: 20220118014522.13613-2-frank.ch...@sifive.com
Signed-off-by: Alistair Francis 
---
 target/riscv/cpu.h| 1 +
 target/riscv/cpu.c| 4 
 target/riscv/cpu_helper.c | 5 -
 target/riscv/csr.c| 6 +-
 target/riscv/translate.c  | 2 ++
 5 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 22c94d3c57..424bdcc7fa 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -340,6 +340,7 @@ struct RISCVCPU {
 bool ext_icsr;
 bool ext_zfh;
 bool ext_zfhmin;
+bool ext_zve64f;
 
 char *priv_spec;
 char *user_spec;
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 32879f1403..cdb893d601 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -609,6 +609,10 @@ static void riscv_cpu_realize(DeviceState *dev, Error 
**errp)
 }
 set_vext_version(env, vext_version);
 }
+if (cpu->cfg.ext_zve64f && !cpu->cfg.ext_f) {
+error_setg(errp, "Zve64f extension depends upon RVF.");
+return;
+}
 if (cpu->cfg.ext_j) {
 ext |= RVJ;
 }
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 434a83e66a..43d498aae1 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -69,12 +69,15 @@ static RISCVMXL cpu_get_xl(CPURISCVState *env)
 void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong *pc,
   target_ulong *cs_base, uint32_t *pflags)
 {
+CPUState *cs = env_cpu(env);
+RISCVCPU *cpu = RISCV_CPU(cs);
+
 uint32_t flags = 0;
 
 *pc = env->pc;
 *cs_base = 0;
 
-if (riscv_has_ext(env, RVV)) {
+if (riscv_has_ext(env, RVV) || cpu->cfg.ext_zve64f) {
 /*
  * If env->vl equals to VLMAX, we can use generic vector operation
  * expanders (GVEC) to accerlate the vector operations.
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index adb3d4381d..e9311cfd9d 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -47,7 +47,11 @@ static RISCVException fs(CPURISCVState *env, int csrno)
 
 static RISCVException vs(CPURISCVState *env, int csrno)
 {
-if (env->misa_ext & RVV) {
+CPUState *cs = env_cpu(env);
+RISCVCPU *cpu = RISCV_CPU(cs);
+
+if (env->misa_ext & RVV ||
+cpu->cfg.ext_zve64f) {
 #if !defined(CONFIG_USER_ONLY)
 if (!env->debugger && !riscv_cpu_vector_enabled(env)) {
 return RISCV_EXCP_ILLEGAL_INST;
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 615048ec87..d3c0d44e2e 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -79,6 +79,7 @@ typedef struct DisasContext {
 bool ext_ifencei;
 bool ext_zfh;
 bool ext_zfhmin;
+bool ext_zve64f;
 bool hlsx;
 /* vector extension */
 bool vill;
@@ -894,6 +895,7 @@ static void riscv_tr_init_disas_context(DisasContextBase 
*dcbase, CPUState *cs)
 ctx->ext_ifencei = cpu->cfg.ext_ifencei;
 ctx->ext_zfh = cpu->cfg.ext_zfh;
 ctx->ext_zfhmin = cpu->cfg.ext_zfhmin;
+ctx->ext_zve64f = cpu->cfg.ext_zve64f;
 ctx->vlen = cpu->cfg.vlen;
 ctx->elen = cpu->cfg.elen;
 ctx->mstatus_hs_fs = FIELD_EX32(tb_flags, TB_FLAGS, MSTATUS_HS_FS);
-- 
2.31.1

[PULL 13/61] target/riscv: Add kvm_riscv_get/put_regs_timer

[Alistair Francis]

From: Yifei Jiang 

Add kvm_riscv_get/put_regs_timer to synchronize virtual time context
from KVM.

To set register of RISCV_TIMER_REG(state) will occur a error from KVM
on kvm_timer_state == 0. It's better to adapt in KVM, but it doesn't matter
that adaping in QEMU.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Anup Patel 
Acked-by: Alistair Francis 
Message-id: 20220112081329.1835-11-jiangyi...@huawei.com
Signed-off-by: Alistair Francis 
---
 target/riscv/cpu.h |  7 +
 target/riscv/kvm.c | 72 ++
 2 files changed, 79 insertions(+)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 73ced2116b..22c94d3c57 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -273,6 +273,13 @@ struct CPURISCVState {
 
 hwaddr kernel_addr;
 hwaddr fdt_addr;
+
+/* kvm timer */
+bool kvm_timer_dirty;
+uint64_t kvm_timer_time;
+uint64_t kvm_timer_compare;
+uint64_t kvm_timer_state;
+uint64_t kvm_timer_frequency;
 };
 
 OBJECT_DECLARE_TYPE(RISCVCPU, RISCVCPUClass,
diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
index e90e2a6709..a43d5a2988 100644
--- a/target/riscv/kvm.c
+++ b/target/riscv/kvm.c
@@ -40,6 +40,7 @@
 #include "kvm_riscv.h"
 #include "sbi_ecall_interface.h"
 #include "chardev/char-fe.h"
+#include "migration/migration.h"
 
 static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type,
  uint64_t idx)
@@ -65,6 +66,9 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t 
type,
 #define RISCV_CSR_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_CSR, \
  KVM_REG_RISCV_CSR_REG(name))
 
+#define RISCV_TIMER_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_TIMER, 
\
+ KVM_REG_RISCV_TIMER_REG(name))
+
 #define RISCV_FP_F_REG(env, idx)  kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_F, 
idx)
 
 #define RISCV_FP_D_REG(env, idx)  kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_D, 
idx)
@@ -85,6 +89,22 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, 
uint64_t type,
 } \
 } while (0)
 
+#define KVM_RISCV_GET_TIMER(cs, env, name, reg) \
+do { \
+int ret = kvm_get_one_reg(cs, RISCV_TIMER_REG(env, name), ); \
+if (ret) { \
+abort(); \
+} \
+} while (0)
+
+#define KVM_RISCV_SET_TIMER(cs, env, name, reg) \
+do { \
+int ret = kvm_set_one_reg(cs, RISCV_TIMER_REG(env, time), ); \
+if (ret) { \
+abort(); \
+} \
+} while (0)
+
 static int kvm_riscv_get_regs_core(CPUState *cs)
 {
 int ret = 0;
@@ -236,6 +256,58 @@ static int kvm_riscv_put_regs_fp(CPUState *cs)
 return ret;
 }
 
+static void kvm_riscv_get_regs_timer(CPUState *cs)
+{
+CPURISCVState *env = _CPU(cs)->env;
+
+if (env->kvm_timer_dirty) {
+return;
+}
+
+KVM_RISCV_GET_TIMER(cs, env, time, env->kvm_timer_time);
+KVM_RISCV_GET_TIMER(cs, env, compare, env->kvm_timer_compare);
+KVM_RISCV_GET_TIMER(cs, env, state, env->kvm_timer_state);
+KVM_RISCV_GET_TIMER(cs, env, frequency, env->kvm_timer_frequency);
+
+env->kvm_timer_dirty = true;
+}
+
+static void kvm_riscv_put_regs_timer(CPUState *cs)
+{
+uint64_t reg;
+CPURISCVState *env = _CPU(cs)->env;
+
+if (!env->kvm_timer_dirty) {
+return;
+}
+
+KVM_RISCV_SET_TIMER(cs, env, time, env->kvm_timer_time);
+KVM_RISCV_SET_TIMER(cs, env, compare, env->kvm_timer_compare);
+
+/*
+ * To set register of RISCV_TIMER_REG(state) will occur a error from KVM
+ * on env->kvm_timer_state == 0, It's better to adapt in KVM, but it
+ * doesn't matter that adaping in QEMU now.
+ * TODO If KVM changes, adapt here.
+ */
+if (env->kvm_timer_state) {
+KVM_RISCV_SET_TIMER(cs, env, state, env->kvm_timer_state);
+}
+
+/*
+ * For now, migration will not work between Hosts with different timer
+ * frequency. Therefore, we should check whether they are the same here
+ * during the migration.
+ */
+if (migration_is_running(migrate_get_current()->state)) {
+KVM_RISCV_GET_TIMER(cs, env, frequency, reg);
+if (reg != env->kvm_timer_frequency) {
+error_report("Dst Hosts timer frequency != Src Hosts");
+}
+}
+
+env->kvm_timer_dirty = false;
+}
 
 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 KVM_CAP_LAST_INFO
-- 
2.31.1

[PULL 21/61] target/riscv: rvv-1.0: Add Zve64f support for load and store insns

[Alistair Francis]

From: Frank Chang 

All Zve* extensions support all vector load and store instructions,
except Zve64* extensions do not support EEW=64 for index values when
XLEN=32.

Signed-off-by: Frank Chang 
Reviewed-by: Alistair Francis 
Message-id: 20220118014522.13613-4-frank.ch...@sifive.com
Signed-off-by: Alistair Francis 
---
 target/riscv/insn_trans/trans_rvv.c.inc | 19 +++
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvv.c.inc 
b/target/riscv/insn_trans/trans_rvv.c.inc
index 5b47729a21..0bf41aaa1e 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -263,10 +263,21 @@ static bool vext_check_st_index(DisasContext *s, int vd, 
int vs2, int nf,
 uint8_t eew)
 {
 int8_t emul = eew - s->sew + s->lmul;
-return (emul >= -3 && emul <= 3) &&
-require_align(vs2, emul) &&
-require_align(vd, s->lmul) &&
-require_nf(vd, nf, s->lmul);
+bool ret = (emul >= -3 && emul <= 3) &&
+   require_align(vs2, emul) &&
+   require_align(vd, s->lmul) &&
+   require_nf(vd, nf, s->lmul);
+
+/*
+ * All Zve* extensions support all vector load and store instructions,
+ * except Zve64* extensions do not support EEW=64 for index values
+ * when XLEN=32. (Section 18.2)
+ */
+if (get_xl(s) == MXL_RV32) {
+ret &= (!has_ext(s, RVV) && s->ext_zve64f ? eew != MO_64 : true);
+}
+
+return ret;
 }
 
 /*
-- 
2.31.1

[PULL 10/61] target/riscv: Support setting external interrupt by KVM

[Alistair Francis]

From: Yifei Jiang 

When KVM is enabled, set the S-mode external interrupt through
kvm_riscv_set_irq function.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Alistair Francis 
Reviewed-by: Anup Patel 
Message-id: 20220112081329.1835-8-jiangyi...@huawei.com
Signed-off-by: Alistair Francis 
---
 target/riscv/kvm_riscv.h |  1 +
 target/riscv/cpu.c   |  6 +-
 target/riscv/kvm-stub.c  |  5 +
 target/riscv/kvm.c   | 17 +
 4 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/target/riscv/kvm_riscv.h b/target/riscv/kvm_riscv.h
index f38c82bf59..ed281bdce0 100644
--- a/target/riscv/kvm_riscv.h
+++ b/target/riscv/kvm_riscv.h
@@ -20,5 +20,6 @@
 #define QEMU_KVM_RISCV_H
 
 void kvm_riscv_reset_vcpu(RISCVCPU *cpu);
+void kvm_riscv_set_irq(RISCVCPU *cpu, int irq, int level);
 
 #endif
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index a6922dde05..53b0524830 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -630,7 +630,11 @@ static void riscv_cpu_set_irq(void *opaque, int irq, int 
level)
 case IRQ_S_EXT:
 case IRQ_VS_EXT:
 case IRQ_M_EXT:
-riscv_cpu_update_mip(cpu, 1 << irq, BOOL_TO_MASK(level));
+if (kvm_enabled()) {
+kvm_riscv_set_irq(cpu, irq, level);
+} else {
+riscv_cpu_update_mip(cpu, 1 << irq, BOOL_TO_MASK(level));
+}
 break;
 default:
 g_assert_not_reached();
diff --git a/target/riscv/kvm-stub.c b/target/riscv/kvm-stub.c
index 39b96fe3f4..4e8fc31a21 100644
--- a/target/riscv/kvm-stub.c
+++ b/target/riscv/kvm-stub.c
@@ -23,3 +23,8 @@ void kvm_riscv_reset_vcpu(RISCVCPU *cpu)
 {
 abort();
 }
+
+void kvm_riscv_set_irq(RISCVCPU *cpu, int irq, int level)
+{
+abort();
+}
diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
index d5c6a9d41a..0ba64795d5 100644
--- a/target/riscv/kvm.c
+++ b/target/riscv/kvm.c
@@ -385,6 +385,23 @@ void kvm_riscv_reset_vcpu(RISCVCPU *cpu)
 env->satp = 0;
 }
 
+void kvm_riscv_set_irq(RISCVCPU *cpu, int irq, int level)
+{
+int ret;
+unsigned virq = level ? KVM_INTERRUPT_SET : KVM_INTERRUPT_UNSET;
+
+if (irq != IRQ_S_EXT) {
+perror("kvm riscv set irq != IRQ_S_EXT\n");
+abort();
+}
+
+ret = kvm_vcpu_ioctl(CPU(cpu), KVM_INTERRUPT, );
+if (ret < 0) {
+perror("Set irq failed");
+abort();
+}
+}
+
 bool kvm_arch_cpu_check_are_resettable(void)
 {
 return true;
-- 
2.31.1

[PULL 28/61] target/riscv: rvv-1.0: Allow Zve64f extension to be turned on

[Alistair Francis]

From: Frank Chang 

Signed-off-by: Frank Chang 
Reviewed-by: Alistair Francis 
Message-id: 20220118014522.13613-11-frank.ch...@sifive.com
Signed-off-by: Alistair Francis 
---
 target/riscv/cpu.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index cdb893d601..4f3d733db4 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -688,6 +688,7 @@ static Property riscv_cpu_properties[] = {
 DEFINE_PROP_BOOL("Zicsr", RISCVCPU, cfg.ext_icsr, true),
 DEFINE_PROP_BOOL("Zfh", RISCVCPU, cfg.ext_zfh, false),
 DEFINE_PROP_BOOL("Zfhmin", RISCVCPU, cfg.ext_zfhmin, false),
+DEFINE_PROP_BOOL("Zve64f", RISCVCPU, cfg.ext_zve64f, false),
 DEFINE_PROP_BOOL("mmu", RISCVCPU, cfg.mmu, true),
 DEFINE_PROP_BOOL("pmp", RISCVCPU, cfg.pmp, true),
 
-- 
2.31.1

[PULL 20/61] target/riscv: rvv-1.0: Add Zve64f support for configuration insns

[Alistair Francis]

From: Frank Chang 

All Zve* extensions support the vector configuration instructions.

Signed-off-by: Frank Chang 
Reviewed-by: Alistair Francis 
Message-id: 20220118014522.13613-3-frank.ch...@sifive.com
Signed-off-by: Alistair Francis 
---
 target/riscv/insn_trans/trans_rvv.c.inc | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvv.c.inc 
b/target/riscv/insn_trans/trans_rvv.c.inc
index 6c285c958b..5b47729a21 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -129,7 +129,8 @@ static bool do_vsetvl(DisasContext *s, int rd, int rs1, 
TCGv s2)
 {
 TCGv s1, dst;
 
-if (!require_rvv(s) || !has_ext(s, RVV)) {
+if (!require_rvv(s) ||
+!(has_ext(s, RVV) || s->ext_zve64f)) {
 return false;
 }
 
@@ -164,7 +165,8 @@ static bool do_vsetivli(DisasContext *s, int rd, TCGv s1, 
TCGv s2)
 {
 TCGv dst;
 
-if (!require_rvv(s) || !has_ext(s, RVV)) {
+if (!require_rvv(s) ||
+!(has_ext(s, RVV) || s->ext_zve64f)) {
 return false;
 }
 
-- 
2.31.1

[PULL 16/61] target/riscv: enable riscv kvm accel

[Alistair Francis]

From: Yifei Jiang 

Add riscv kvm support in meson.build file.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Alistair Francis 
Reviewed-by: Anup Patel 
Message-id: 20220112081329.1835-14-jiangyi...@huawei.com
Signed-off-by: Alistair Francis 
---
 meson.build | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meson.build b/meson.build
index 333c61deba..833fd6bc4c 100644
--- a/meson.build
+++ b/meson.build
@@ -90,6 +90,8 @@ elif cpu in ['ppc', 'ppc64']
   kvm_targets = ['ppc-softmmu', 'ppc64-softmmu']
 elif cpu in ['mips', 'mips64']
   kvm_targets = ['mips-softmmu', 'mipsel-softmmu', 'mips64-softmmu', 
'mips64el-softmmu']
+elif cpu in ['riscv']
+  kvm_targets = ['riscv32-softmmu', 'riscv64-softmmu']
 else
   kvm_targets = []
 endif
-- 
2.31.1

[PULL 11/61] target/riscv: Handle KVM_EXIT_RISCV_SBI exit

[Alistair Francis]

From: Yifei Jiang 

Use char-fe to handle console sbi call, which implement early
console io while apply 'earlycon=sbi' into kernel parameters.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Anup Patel 
Reviewed-by: Alistair Francis 
Message-id: 20220112081329.1835-9-jiangyi...@huawei.com
Signed-off-by: Alistair Francis 
---
 target/riscv/sbi_ecall_interface.h | 72 ++
 target/riscv/kvm.c | 42 -
 2 files changed, 113 insertions(+), 1 deletion(-)
 create mode 100644 target/riscv/sbi_ecall_interface.h

diff --git a/target/riscv/sbi_ecall_interface.h 
b/target/riscv/sbi_ecall_interface.h
new file mode 100644
index 00..fb1a3fa8f2
--- /dev/null
+++ b/target/riscv/sbi_ecall_interface.h
@@ -0,0 +1,72 @@
+/*
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2019 Western Digital Corporation or its affiliates.
+ *
+ * Authors:
+ *   Anup Patel 
+ */
+
+#ifndef __SBI_ECALL_INTERFACE_H__
+#define __SBI_ECALL_INTERFACE_H__
+
+/* clang-format off */
+
+/* SBI Extension IDs */
+#define SBI_EXT_0_1_SET_TIMER   0x0
+#define SBI_EXT_0_1_CONSOLE_PUTCHAR 0x1
+#define SBI_EXT_0_1_CONSOLE_GETCHAR 0x2
+#define SBI_EXT_0_1_CLEAR_IPI   0x3
+#define SBI_EXT_0_1_SEND_IPI0x4
+#define SBI_EXT_0_1_REMOTE_FENCE_I  0x5
+#define SBI_EXT_0_1_REMOTE_SFENCE_VMA   0x6
+#define SBI_EXT_0_1_REMOTE_SFENCE_VMA_ASID 0x7
+#define SBI_EXT_0_1_SHUTDOWN0x8
+#define SBI_EXT_BASE0x10
+#define SBI_EXT_TIME0x54494D45
+#define SBI_EXT_IPI 0x735049
+#define SBI_EXT_RFENCE  0x52464E43
+#define SBI_EXT_HSM 0x48534D
+
+/* SBI function IDs for BASE extension*/
+#define SBI_EXT_BASE_GET_SPEC_VERSION   0x0
+#define SBI_EXT_BASE_GET_IMP_ID 0x1
+#define SBI_EXT_BASE_GET_IMP_VERSION0x2
+#define SBI_EXT_BASE_PROBE_EXT  0x3
+#define SBI_EXT_BASE_GET_MVENDORID  0x4
+#define SBI_EXT_BASE_GET_MARCHID0x5
+#define SBI_EXT_BASE_GET_MIMPID 0x6
+
+/* SBI function IDs for TIME extension*/
+#define SBI_EXT_TIME_SET_TIMER  0x0
+
+/* SBI function IDs for IPI extension*/
+#define SBI_EXT_IPI_SEND_IPI0x0
+
+/* SBI function IDs for RFENCE extension*/
+#define SBI_EXT_RFENCE_REMOTE_FENCE_I   0x0
+#define SBI_EXT_RFENCE_REMOTE_SFENCE_VMA0x1
+#define SBI_EXT_RFENCE_REMOTE_SFENCE_VMA_ASID  0x2
+#define SBI_EXT_RFENCE_REMOTE_HFENCE_GVMA   0x3
+#define SBI_EXT_RFENCE_REMOTE_HFENCE_GVMA_VMID 0x4
+#define SBI_EXT_RFENCE_REMOTE_HFENCE_VVMA   0x5
+#define SBI_EXT_RFENCE_REMOTE_HFENCE_VVMA_ASID 0x6
+
+/* SBI function IDs for HSM extension */
+#define SBI_EXT_HSM_HART_START  0x0
+#define SBI_EXT_HSM_HART_STOP   0x1
+#define SBI_EXT_HSM_HART_GET_STATUS 0x2
+
+#define SBI_HSM_HART_STATUS_STARTED 0x0
+#define SBI_HSM_HART_STATUS_STOPPED 0x1
+#define SBI_HSM_HART_STATUS_START_PENDING   0x2
+#define SBI_HSM_HART_STATUS_STOP_PENDING0x3
+
+#define SBI_SPEC_VERSION_MAJOR_OFFSET   24
+#define SBI_SPEC_VERSION_MAJOR_MASK 0x7f
+#define SBI_SPEC_VERSION_MINOR_MASK 0xff
+#define SBI_EXT_VENDOR_START0x0900
+#define SBI_EXT_VENDOR_END  0x09FF
+/* clang-format on */
+
+#endif
diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
index 0ba64795d5..e90e2a6709 100644
--- a/target/riscv/kvm.c
+++ b/target/riscv/kvm.c
@@ -38,6 +38,8 @@
 #include "qemu/log.h"
 #include "hw/loader.h"
 #include "kvm_riscv.h"
+#include "sbi_ecall_interface.h"
+#include "chardev/char-fe.h"
 
 static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type,
  uint64_t idx)
@@ -367,9 +369,47 @@ bool kvm_arch_stop_on_emulation_error(CPUState *cs)
 return true;
 }
 
+static int kvm_riscv_handle_sbi(CPUState *cs, struct kvm_run *run)
+{
+int ret = 0;
+unsigned char ch;
+switch (run->riscv_sbi.extension_id) {
+case SBI_EXT_0_1_CONSOLE_PUTCHAR:
+ch = run->riscv_sbi.args[0];
+qemu_chr_fe_write(serial_hd(0)->be, , sizeof(ch));
+break;
+case SBI_EXT_0_1_CONSOLE_GETCHAR:
+ret = qemu_chr_fe_read_all(serial_hd(0)->be, , sizeof(ch));
+if (ret == sizeof(ch)) {
+run->riscv_sbi.args[0] = ch;
+} else {
+run->riscv_sbi.args[0] = -1;
+}
+break;
+default:
+qemu_log_mask(LOG_UNIMP,
+  "%s: un-handled SBI EXIT, specific reasons is %lu\n",
+  __func__, run->riscv_sbi.extension_id);
+ret = -1;
+break;
+}
+return ret;
+}
+
 int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
 {
-return 0;
+int ret = 0;
+switch (run->exit_reason) {
+case KVM_EXIT_RISCV_SBI:
+ret = kvm_riscv_handle_sbi(cs, run);
+break;
+default:
+qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n",
+  __func__, 

[PULL 08/61] target/riscv: Implement kvm_arch_put_registers

[Alistair Francis]

From: Yifei Jiang 

Put GPR CSR and FP registers to kvm by KVM_SET_ONE_REG ioctl

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Alistair Francis 
Reviewed-by: Anup Patel 
Message-id: 20220112081329.1835-6-jiangyi...@huawei.com
Signed-off-by: Alistair Francis 
---
 target/riscv/kvm.c | 104 -
 1 file changed, 103 insertions(+), 1 deletion(-)

diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
index 039af22125..dbaff53bf2 100644
--- a/target/riscv/kvm.c
+++ b/target/riscv/kvm.c
@@ -74,6 +74,14 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, 
uint64_t type,
 } \
 } while (0)
 
+#define KVM_RISCV_SET_CSR(cs, env, csr, reg) \
+do { \
+int ret = kvm_set_one_reg(cs, RISCV_CSR_REG(env, csr), ); \
+if (ret) { \
+return ret; \
+} \
+} while (0)
+
 static int kvm_riscv_get_regs_core(CPUState *cs)
 {
 int ret = 0;
@@ -99,6 +107,31 @@ static int kvm_riscv_get_regs_core(CPUState *cs)
 return ret;
 }
 
+static int kvm_riscv_put_regs_core(CPUState *cs)
+{
+int ret = 0;
+int i;
+target_ulong reg;
+CPURISCVState *env = _CPU(cs)->env;
+
+reg = env->pc;
+ret = kvm_set_one_reg(cs, RISCV_CORE_REG(env, regs.pc), );
+if (ret) {
+return ret;
+}
+
+for (i = 1; i < 32; i++) {
+uint64_t id = kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, i);
+reg = env->gpr[i];
+ret = kvm_set_one_reg(cs, id, );
+if (ret) {
+return ret;
+}
+}
+
+return ret;
+}
+
 static int kvm_riscv_get_regs_csr(CPUState *cs)
 {
 int ret = 0;
@@ -116,6 +149,24 @@ static int kvm_riscv_get_regs_csr(CPUState *cs)
 return ret;
 }
 
+static int kvm_riscv_put_regs_csr(CPUState *cs)
+{
+int ret = 0;
+CPURISCVState *env = _CPU(cs)->env;
+
+KVM_RISCV_SET_CSR(cs, env, sstatus, env->mstatus);
+KVM_RISCV_SET_CSR(cs, env, sie, env->mie);
+KVM_RISCV_SET_CSR(cs, env, stvec, env->stvec);
+KVM_RISCV_SET_CSR(cs, env, sscratch, env->sscratch);
+KVM_RISCV_SET_CSR(cs, env, sepc, env->sepc);
+KVM_RISCV_SET_CSR(cs, env, scause, env->scause);
+KVM_RISCV_SET_CSR(cs, env, stval, env->stval);
+KVM_RISCV_SET_CSR(cs, env, sip, env->mip);
+KVM_RISCV_SET_CSR(cs, env, satp, env->satp);
+
+return ret;
+}
+
 static int kvm_riscv_get_regs_fp(CPUState *cs)
 {
 int ret = 0;
@@ -149,6 +200,40 @@ static int kvm_riscv_get_regs_fp(CPUState *cs)
 return ret;
 }
 
+static int kvm_riscv_put_regs_fp(CPUState *cs)
+{
+int ret = 0;
+int i;
+CPURISCVState *env = _CPU(cs)->env;
+
+if (riscv_has_ext(env, RVD)) {
+uint64_t reg;
+for (i = 0; i < 32; i++) {
+reg = env->fpr[i];
+ret = kvm_set_one_reg(cs, RISCV_FP_D_REG(env, i), );
+if (ret) {
+return ret;
+}
+}
+return ret;
+}
+
+if (riscv_has_ext(env, RVF)) {
+uint32_t reg;
+for (i = 0; i < 32; i++) {
+reg = env->fpr[i];
+ret = kvm_set_one_reg(cs, RISCV_FP_F_REG(env, i), );
+if (ret) {
+return ret;
+}
+}
+return ret;
+}
+
+return ret;
+}
+
+
 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 KVM_CAP_LAST_INFO
 };
@@ -177,7 +262,24 @@ int kvm_arch_get_registers(CPUState *cs)
 
 int kvm_arch_put_registers(CPUState *cs, int level)
 {
-return 0;
+int ret = 0;
+
+ret = kvm_riscv_put_regs_core(cs);
+if (ret) {
+return ret;
+}
+
+ret = kvm_riscv_put_regs_csr(cs);
+if (ret) {
+return ret;
+}
+
+ret = kvm_riscv_put_regs_fp(cs);
+if (ret) {
+return ret;
+}
+
+return ret;
 }
 
 int kvm_arch_release_virq_post(int virq)
-- 
2.31.1

[PULL 15/61] target/riscv: Support virtual time context synchronization

[Alistair Francis]

From: Yifei Jiang 

Add virtual time context description to vmstate_kvmtimer. After cpu being
loaded, virtual time context is updated to KVM.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Anup Patel 
Reviewed-by: Alistair Francis 
Message-id: 20220112081329.1835-13-jiangyi...@huawei.com
Signed-off-by: Alistair Francis 
---
 target/riscv/machine.c | 30 ++
 1 file changed, 30 insertions(+)

diff --git a/target/riscv/machine.c b/target/riscv/machine.c
index 13b9ab375b..098670e680 100644
--- a/target/riscv/machine.c
+++ b/target/riscv/machine.c
@@ -185,6 +185,35 @@ static const VMStateDescription vmstate_rv128 = {
 }
 };
 
+static bool kvmtimer_needed(void *opaque)
+{
+return kvm_enabled();
+}
+
+static int cpu_post_load(void *opaque, int version_id)
+{
+RISCVCPU *cpu = opaque;
+CPURISCVState *env = >env;
+
+env->kvm_timer_dirty = true;
+return 0;
+}
+
+static const VMStateDescription vmstate_kvmtimer = {
+.name = "cpu/kvmtimer",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = kvmtimer_needed,
+.post_load = cpu_post_load,
+.fields = (VMStateField[]) {
+VMSTATE_UINT64(env.kvm_timer_time, RISCVCPU),
+VMSTATE_UINT64(env.kvm_timer_compare, RISCVCPU),
+VMSTATE_UINT64(env.kvm_timer_state, RISCVCPU),
+
+VMSTATE_END_OF_LIST()
+}
+};
+
 const VMStateDescription vmstate_riscv_cpu = {
 .name = "cpu",
 .version_id = 3,
@@ -240,6 +269,7 @@ const VMStateDescription vmstate_riscv_cpu = {
 _vector,
 _pointermasking,
 _rv128,
+_kvmtimer,
 NULL
 }
 };
-- 
2.31.1

[PULL 18/61] softmmu/device_tree: Remove redundant pointer assignment

[Alistair Francis]

From: Yanan Wang 

The pointer assignment "const char *p = path;" in function
qemu_fdt_add_path is unnecessary. Let's remove it and just
use the "path" passed in. No functional change.

Suggested-by: Richard Henderson 
Signed-off-by: Yanan Wang 
Reviewed-by: Andrew Jones 
Reviewed-by: Alistair Francis 
Reviewed-by: Thomas Huth 
Message-id: 20220111032758.27804-1-wangyana...@huawei.com
Signed-off-by: Alistair Francis 
---
 softmmu/device_tree.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/softmmu/device_tree.c b/softmmu/device_tree.c
index 0a433c98e2..6ca3fad285 100644
--- a/softmmu/device_tree.c
+++ b/softmmu/device_tree.c
@@ -558,7 +558,6 @@ int qemu_fdt_add_subnode(void *fdt, const char *name)
 int qemu_fdt_add_path(void *fdt, const char *path)
 {
 const char *name;
-const char *p = path;
 int namelen, retval;
 int parent = 0;
 
@@ -567,9 +566,9 @@ int qemu_fdt_add_path(void *fdt, const char *path)
 }
 
 do {
-name = p + 1;
-p = strchr(name, '/');
-namelen = p != NULL ? p - name : strlen(name);
+name = path + 1;
+path = strchr(name, '/');
+namelen = path != NULL ? path - name : strlen(name);
 
 retval = fdt_subnode_offset_namelen(fdt, parent, name, namelen);
 if (retval < 0 && retval != -FDT_ERR_NOTFOUND) {
@@ -586,7 +585,7 @@ int qemu_fdt_add_path(void *fdt, const char *path)
 }
 
 parent = retval;
-} while (p);
+} while (path);
 
 return retval;
 }
-- 
2.31.1

[PULL 04/61] update-linux-headers: Add asm-riscv/kvm.h

[Alistair Francis]

From: Yifei Jiang 

Add asm-riscv/kvm.h for RISC-V KVM.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Acked-by: Alistair Francis 
Reviewed-by: Anup Patel 
Message-id: 20220112081329.1835-2-jiangyi...@huawei.com
Signed-off-by: Alistair Francis 
---
 linux-headers/asm-riscv/kvm.h | 128 ++
 1 file changed, 128 insertions(+)
 create mode 100644 linux-headers/asm-riscv/kvm.h

diff --git a/linux-headers/asm-riscv/kvm.h b/linux-headers/asm-riscv/kvm.h
new file mode 100644
index 00..f808ad1ce5
--- /dev/null
+++ b/linux-headers/asm-riscv/kvm.h
@@ -0,0 +1,128 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+/*
+ * Copyright (C) 2019 Western Digital Corporation or its affiliates.
+ *
+ * Authors:
+ * Anup Patel 
+ */
+
+#ifndef __LINUX_KVM_RISCV_H
+#define __LINUX_KVM_RISCV_H
+
+#ifndef __ASSEMBLY__
+
+#include 
+#include 
+
+#define __KVM_HAVE_READONLY_MEM
+
+#define KVM_COALESCED_MMIO_PAGE_OFFSET 1
+
+#define KVM_INTERRUPT_SET  -1U
+#define KVM_INTERRUPT_UNSET-2U
+
+/* for KVM_GET_REGS and KVM_SET_REGS */
+struct kvm_regs {
+};
+
+/* for KVM_GET_FPU and KVM_SET_FPU */
+struct kvm_fpu {
+};
+
+/* KVM Debug exit structure */
+struct kvm_debug_exit_arch {
+};
+
+/* for KVM_SET_GUEST_DEBUG */
+struct kvm_guest_debug_arch {
+};
+
+/* definition of registers in kvm_run */
+struct kvm_sync_regs {
+};
+
+/* for KVM_GET_SREGS and KVM_SET_SREGS */
+struct kvm_sregs {
+};
+
+/* CONFIG registers for KVM_GET_ONE_REG and KVM_SET_ONE_REG */
+struct kvm_riscv_config {
+   unsigned long isa;
+};
+
+/* CORE registers for KVM_GET_ONE_REG and KVM_SET_ONE_REG */
+struct kvm_riscv_core {
+   struct user_regs_struct regs;
+   unsigned long mode;
+};
+
+/* Possible privilege modes for kvm_riscv_core */
+#define KVM_RISCV_MODE_S   1
+#define KVM_RISCV_MODE_U   0
+
+/* CSR registers for KVM_GET_ONE_REG and KVM_SET_ONE_REG */
+struct kvm_riscv_csr {
+   unsigned long sstatus;
+   unsigned long sie;
+   unsigned long stvec;
+   unsigned long sscratch;
+   unsigned long sepc;
+   unsigned long scause;
+   unsigned long stval;
+   unsigned long sip;
+   unsigned long satp;
+   unsigned long scounteren;
+};
+
+/* TIMER registers for KVM_GET_ONE_REG and KVM_SET_ONE_REG */
+struct kvm_riscv_timer {
+   __u64 frequency;
+   __u64 time;
+   __u64 compare;
+   __u64 state;
+};
+
+/* Possible states for kvm_riscv_timer */
+#define KVM_RISCV_TIMER_STATE_OFF  0
+#define KVM_RISCV_TIMER_STATE_ON   1
+
+#define KVM_REG_SIZE(id)   \
+   (1U << (((id) & KVM_REG_SIZE_MASK) >> KVM_REG_SIZE_SHIFT))
+
+/* If you need to interpret the index values, here is the key: */
+#define KVM_REG_RISCV_TYPE_MASK0xFF00
+#define KVM_REG_RISCV_TYPE_SHIFT   24
+
+/* Config registers are mapped as type 1 */
+#define KVM_REG_RISCV_CONFIG   (0x01 << KVM_REG_RISCV_TYPE_SHIFT)
+#define KVM_REG_RISCV_CONFIG_REG(name) \
+   (offsetof(struct kvm_riscv_config, name) / sizeof(unsigned long))
+
+/* Core registers are mapped as type 2 */
+#define KVM_REG_RISCV_CORE (0x02 << KVM_REG_RISCV_TYPE_SHIFT)
+#define KVM_REG_RISCV_CORE_REG(name)   \
+   (offsetof(struct kvm_riscv_core, name) / sizeof(unsigned long))
+
+/* Control and status registers are mapped as type 3 */
+#define KVM_REG_RISCV_CSR  (0x03 << KVM_REG_RISCV_TYPE_SHIFT)
+#define KVM_REG_RISCV_CSR_REG(name)\
+   (offsetof(struct kvm_riscv_csr, name) / sizeof(unsigned long))
+
+/* Timer registers are mapped as type 4 */
+#define KVM_REG_RISCV_TIMER(0x04 << KVM_REG_RISCV_TYPE_SHIFT)
+#define KVM_REG_RISCV_TIMER_REG(name)  \
+   (offsetof(struct kvm_riscv_timer, name) / sizeof(__u64))
+
+/* F extension registers are mapped as type 5 */
+#define KVM_REG_RISCV_FP_F (0x05 << KVM_REG_RISCV_TYPE_SHIFT)
+#define KVM_REG_RISCV_FP_F_REG(name)   \
+   (offsetof(struct __riscv_f_ext_state, name) / sizeof(__u32))
+
+/* D extension registers are mapped as type 6 */
+#define KVM_REG_RISCV_FP_D (0x06 << KVM_REG_RISCV_TYPE_SHIFT)
+#define KVM_REG_RISCV_FP_D_REG(name)   \
+   (offsetof(struct __riscv_d_ext_state, name) / sizeof(__u64))
+
+#endif
+
+#endif /* __LINUX_KVM_RISCV_H */
-- 
2.31.1

[PULL 12/61] target/riscv: Add host cpu type

[Alistair Francis]

From: Yifei Jiang 

'host' type cpu is set isa to RV32 or RV64 simply, more isa info
will obtain from KVM in kvm_arch_init_vcpu()

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Alistair Francis 
Reviewed-by: Anup Patel 
Message-id: 20220112081329.1835-10-jiangyi...@huawei.com
Signed-off-by: Alistair Francis 
---
 target/riscv/cpu.h |  1 +
 target/riscv/cpu.c | 15 +++
 2 files changed, 16 insertions(+)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 8fa6fdcd77..73ced2116b 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -47,6 +47,7 @@
 #define TYPE_RISCV_CPU_SIFIVE_E51   RISCV_CPU_TYPE_NAME("sifive-e51")
 #define TYPE_RISCV_CPU_SIFIVE_U34   RISCV_CPU_TYPE_NAME("sifive-u34")
 #define TYPE_RISCV_CPU_SIFIVE_U54   RISCV_CPU_TYPE_NAME("sifive-u54")
+#define TYPE_RISCV_CPU_HOST RISCV_CPU_TYPE_NAME("host")
 
 #if defined(TARGET_RISCV32)
 # define TYPE_RISCV_CPU_BASETYPE_RISCV_CPU_BASE32
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 53b0524830..32879f1403 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -235,6 +235,18 @@ static void rv32_imafcu_nommu_cpu_init(Object *obj)
 }
 #endif
 
+#if defined(CONFIG_KVM)
+static void riscv_host_cpu_init(Object *obj)
+{
+CPURISCVState *env = _CPU(obj)->env;
+#if defined(TARGET_RISCV32)
+set_misa(env, MXL_RV32, 0);
+#elif defined(TARGET_RISCV64)
+set_misa(env, MXL_RV64, 0);
+#endif
+}
+#endif
+
 static ObjectClass *riscv_cpu_class_by_name(const char *cpu_model)
 {
 ObjectClass *oc;
@@ -847,6 +859,9 @@ static const TypeInfo riscv_cpu_type_infos[] = {
 .class_init = riscv_cpu_class_init,
 },
 DEFINE_CPU(TYPE_RISCV_CPU_ANY,  riscv_any_cpu_init),
+#if defined(CONFIG_KVM)
+DEFINE_CPU(TYPE_RISCV_CPU_HOST, riscv_host_cpu_init),
+#endif
 #if defined(TARGET_RISCV32)
 DEFINE_CPU(TYPE_RISCV_CPU_BASE32,   rv32_base_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_IBEX, rv32_ibex_cpu_init),
-- 
2.31.1

[PULL 07/61] target/riscv: Implement kvm_arch_get_registers

[Alistair Francis]

From: Yifei Jiang 

Get GPR CSR and FP registers from kvm by KVM_GET_ONE_REG ioctl.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Alistair Francis 
Reviewed-by: Anup Patel 
Message-id: 20220112081329.1835-5-jiangyi...@huawei.com
Signed-off-by: Alistair Francis 
---
 target/riscv/kvm.c | 112 -
 1 file changed, 111 insertions(+), 1 deletion(-)

diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
index 9e66b4a97f..039af22125 100644
--- a/target/riscv/kvm.c
+++ b/target/riscv/kvm.c
@@ -56,13 +56,123 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, 
uint64_t type,
 return id;
 }
 
+#define RISCV_CORE_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, \
+ KVM_REG_RISCV_CORE_REG(name))
+
+#define RISCV_CSR_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_CSR, \
+ KVM_REG_RISCV_CSR_REG(name))
+
+#define RISCV_FP_F_REG(env, idx)  kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_F, 
idx)
+
+#define RISCV_FP_D_REG(env, idx)  kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_D, 
idx)
+
+#define KVM_RISCV_GET_CSR(cs, env, csr, reg) \
+do { \
+int ret = kvm_get_one_reg(cs, RISCV_CSR_REG(env, csr), ); \
+if (ret) { \
+return ret; \
+} \
+} while (0)
+
+static int kvm_riscv_get_regs_core(CPUState *cs)
+{
+int ret = 0;
+int i;
+target_ulong reg;
+CPURISCVState *env = _CPU(cs)->env;
+
+ret = kvm_get_one_reg(cs, RISCV_CORE_REG(env, regs.pc), );
+if (ret) {
+return ret;
+}
+env->pc = reg;
+
+for (i = 1; i < 32; i++) {
+uint64_t id = kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, i);
+ret = kvm_get_one_reg(cs, id, );
+if (ret) {
+return ret;
+}
+env->gpr[i] = reg;
+}
+
+return ret;
+}
+
+static int kvm_riscv_get_regs_csr(CPUState *cs)
+{
+int ret = 0;
+CPURISCVState *env = _CPU(cs)->env;
+
+KVM_RISCV_GET_CSR(cs, env, sstatus, env->mstatus);
+KVM_RISCV_GET_CSR(cs, env, sie, env->mie);
+KVM_RISCV_GET_CSR(cs, env, stvec, env->stvec);
+KVM_RISCV_GET_CSR(cs, env, sscratch, env->sscratch);
+KVM_RISCV_GET_CSR(cs, env, sepc, env->sepc);
+KVM_RISCV_GET_CSR(cs, env, scause, env->scause);
+KVM_RISCV_GET_CSR(cs, env, stval, env->stval);
+KVM_RISCV_GET_CSR(cs, env, sip, env->mip);
+KVM_RISCV_GET_CSR(cs, env, satp, env->satp);
+return ret;
+}
+
+static int kvm_riscv_get_regs_fp(CPUState *cs)
+{
+int ret = 0;
+int i;
+CPURISCVState *env = _CPU(cs)->env;
+
+if (riscv_has_ext(env, RVD)) {
+uint64_t reg;
+for (i = 0; i < 32; i++) {
+ret = kvm_get_one_reg(cs, RISCV_FP_D_REG(env, i), );
+if (ret) {
+return ret;
+}
+env->fpr[i] = reg;
+}
+return ret;
+}
+
+if (riscv_has_ext(env, RVF)) {
+uint32_t reg;
+for (i = 0; i < 32; i++) {
+ret = kvm_get_one_reg(cs, RISCV_FP_F_REG(env, i), );
+if (ret) {
+return ret;
+}
+env->fpr[i] = reg;
+}
+return ret;
+}
+
+return ret;
+}
+
 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 KVM_CAP_LAST_INFO
 };
 
 int kvm_arch_get_registers(CPUState *cs)
 {
-return 0;
+int ret = 0;
+
+ret = kvm_riscv_get_regs_core(cs);
+if (ret) {
+return ret;
+}
+
+ret = kvm_riscv_get_regs_csr(cs);
+if (ret) {
+return ret;
+}
+
+ret = kvm_riscv_get_regs_fp(cs);
+if (ret) {
+return ret;
+}
+
+return ret;
 }
 
 int kvm_arch_put_registers(CPUState *cs, int level)
-- 
2.31.1

[PULL 14/61] target/riscv: Implement virtual time adjusting with vm state changing

[Alistair Francis]

From: Yifei Jiang 

We hope that virtual time adjusts with vm state changing. When a vm
is stopped, guest virtual time should stop counting and kvm_timer
should be stopped. When the vm is resumed, guest virtual time should
continue to count and kvm_timer should be restored.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Anup Patel 
Reviewed-by: Alistair Francis 
Message-id: 20220112081329.1835-12-jiangyi...@huawei.com
Signed-off-by: Alistair Francis 
---
 target/riscv/kvm.c | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
index a43d5a2988..e6b7cb6d4d 100644
--- a/target/riscv/kvm.c
+++ b/target/riscv/kvm.c
@@ -41,6 +41,7 @@
 #include "sbi_ecall_interface.h"
 #include "chardev/char-fe.h"
 #include "migration/migration.h"
+#include "sysemu/runstate.h"
 
 static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type,
  uint64_t idx)
@@ -378,6 +379,18 @@ unsigned long kvm_arch_vcpu_id(CPUState *cpu)
 return cpu->cpu_index;
 }
 
+static void kvm_riscv_vm_state_change(void *opaque, bool running,
+  RunState state)
+{
+CPUState *cs = opaque;
+
+if (running) {
+kvm_riscv_put_regs_timer(cs);
+} else {
+kvm_riscv_get_regs_timer(cs);
+}
+}
+
 void kvm_arch_init_irq_routing(KVMState *s)
 {
 }
@@ -390,6 +403,8 @@ int kvm_arch_init_vcpu(CPUState *cs)
 CPURISCVState *env = >env;
 uint64_t id;
 
+qemu_add_vm_change_state_handler(kvm_riscv_vm_state_change, cs);
+
 id = kvm_riscv_reg_id(env, KVM_REG_RISCV_CONFIG,
   KVM_REG_RISCV_CONFIG_REG(isa));
 ret = kvm_get_one_reg(cs, id, );
-- 
2.31.1

[PULL 06/61] target/riscv: Implement function kvm_arch_init_vcpu

[Alistair Francis]

From: Yifei Jiang 

Get isa info from kvm while kvm init.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Alistair Francis 
Reviewed-by: Anup Patel 
Message-id: 20220112081329.1835-4-jiangyi...@huawei.com
Signed-off-by: Alistair Francis 
---
 target/riscv/kvm.c | 34 +-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
index 687dd4b621..9e66b4a97f 100644
--- a/target/riscv/kvm.c
+++ b/target/riscv/kvm.c
@@ -38,6 +38,24 @@
 #include "qemu/log.h"
 #include "hw/loader.h"
 
+static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type,
+ uint64_t idx)
+{
+uint64_t id = KVM_REG_RISCV | type | idx;
+
+switch (riscv_cpu_mxl(env)) {
+case MXL_RV32:
+id |= KVM_REG_SIZE_U32;
+break;
+case MXL_RV64:
+id |= KVM_REG_SIZE_U64;
+break;
+default:
+g_assert_not_reached();
+}
+return id;
+}
+
 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 KVM_CAP_LAST_INFO
 };
@@ -79,7 +97,21 @@ void kvm_arch_init_irq_routing(KVMState *s)
 
 int kvm_arch_init_vcpu(CPUState *cs)
 {
-return 0;
+int ret = 0;
+target_ulong isa;
+RISCVCPU *cpu = RISCV_CPU(cs);
+CPURISCVState *env = >env;
+uint64_t id;
+
+id = kvm_riscv_reg_id(env, KVM_REG_RISCV_CONFIG,
+  KVM_REG_RISCV_CONFIG_REG(isa));
+ret = kvm_get_one_reg(cs, id, );
+if (ret) {
+return ret;
+}
+env->misa_ext = isa;
+
+return ret;
 }
 
 int kvm_arch_msi_data_to_gsi(uint32_t data)
-- 
2.31.1

[PULL 02/61] riscv: opentitan: fixup plic stride len

[Alistair Francis]

From: Wilfred Mallawa 

The following change was made to rectify incorrectly set stride length
on the PLIC [1]. Where it should be 32bit and not 24bit (0x18). This was
discovered whilst attempting to fix a bug where a timer_interrupt was
not serviced on TockOS-OpenTitan.

[1] https://docs.opentitan.org/hw/top_earlgrey/ip_autogen/rv_plic/doc/

Signed-off-by: Wilfred Mallawa 
Reviewed-by: Alistair Francis 
Tested-by: Alistair Francis 
Reviewed-by: Bin Meng 
Message-id: 20220111071025.4169189-1-alistair.fran...@opensource.wdc.com
Signed-off-by: Alistair Francis 
---
 hw/riscv/opentitan.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c
index 0856c347e8..aec7cfa33f 100644
--- a/hw/riscv/opentitan.c
+++ b/hw/riscv/opentitan.c
@@ -160,7 +160,7 @@ static void lowrisc_ibex_soc_realize(DeviceState *dev_soc, 
Error **errp)
 qdev_prop_set_uint32(DEVICE(>plic), "priority-base", 0x00);
 qdev_prop_set_uint32(DEVICE(>plic), "pending-base", 0x1000);
 qdev_prop_set_uint32(DEVICE(>plic), "enable-base", 0x2000);
-qdev_prop_set_uint32(DEVICE(>plic), "enable-stride", 0x18);
+qdev_prop_set_uint32(DEVICE(>plic), "enable-stride", 32);
 qdev_prop_set_uint32(DEVICE(>plic), "context-base", 0x20);
 qdev_prop_set_uint32(DEVICE(>plic), "context-stride", 8);
 qdev_prop_set_uint32(DEVICE(>plic), "aperture-size", 
memmap[IBEX_DEV_PLIC].size);
-- 
2.31.1

[PULL 09/61] target/riscv: Support start kernel directly by KVM

[Alistair Francis]

From: Yifei Jiang 

Get kernel and fdt start address in virt.c, and pass them to KVM
when cpu reset. Add kvm_riscv.h to place riscv specific interface.

In addition, PLIC is created without M-mode PLIC contexts when KVM
is enabled.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Alistair Francis 
Reviewed-by: Anup Patel 
Message-id: 20220112081329.1835-7-jiangyi...@huawei.com
Signed-off-by: Alistair Francis 
---
 include/hw/riscv/boot.h  |  1 +
 target/riscv/cpu.h   |  3 ++
 target/riscv/kvm_riscv.h | 24 
 hw/intc/sifive_plic.c| 20 +++---
 hw/riscv/boot.c  | 16 +++-
 hw/riscv/virt.c  | 83 
 target/riscv/cpu.c   |  8 
 target/riscv/kvm-stub.c  | 25 
 target/riscv/kvm.c   | 14 +++
 target/riscv/meson.build |  2 +-
 10 files changed, 164 insertions(+), 32 deletions(-)
 create mode 100644 target/riscv/kvm_riscv.h
 create mode 100644 target/riscv/kvm-stub.c

diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
index baff11dd8a..5834c234aa 100644
--- a/include/hw/riscv/boot.h
+++ b/include/hw/riscv/boot.h
@@ -58,5 +58,6 @@ void riscv_rom_copy_firmware_info(MachineState *machine, 
hwaddr rom_base,
   hwaddr rom_size,
   uint32_t reset_vec_size,
   uint64_t kernel_entry);
+void riscv_setup_direct_kernel(hwaddr kernel_addr, hwaddr fdt_addr);
 
 #endif /* RISCV_BOOT_H */
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 4d63086765..8fa6fdcd77 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -269,6 +269,9 @@ struct CPURISCVState {
 
 /* Fields from here on are preserved across CPU reset. */
 QEMUTimer *timer; /* Internal timer */
+
+hwaddr kernel_addr;
+hwaddr fdt_addr;
 };
 
 OBJECT_DECLARE_TYPE(RISCVCPU, RISCVCPUClass,
diff --git a/target/riscv/kvm_riscv.h b/target/riscv/kvm_riscv.h
new file mode 100644
index 00..f38c82bf59
--- /dev/null
+++ b/target/riscv/kvm_riscv.h
@@ -0,0 +1,24 @@
+/*
+ * QEMU KVM support -- RISC-V specific functions.
+ *
+ * Copyright (c) 2020 Huawei Technologies Co., Ltd
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef QEMU_KVM_RISCV_H
+#define QEMU_KVM_RISCV_H
+
+void kvm_riscv_reset_vcpu(RISCVCPU *cpu);
+
+#endif
diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c
index 746c0f0343..eebbcf33d4 100644
--- a/hw/intc/sifive_plic.c
+++ b/hw/intc/sifive_plic.c
@@ -30,6 +30,7 @@
 #include "target/riscv/cpu.h"
 #include "migration/vmstate.h"
 #include "hw/irq.h"
+#include "sysemu/kvm.h"
 
 static bool addr_between(uint32_t addr, uint32_t base, uint32_t num)
 {
@@ -430,7 +431,8 @@ DeviceState *sifive_plic_create(hwaddr addr, char 
*hart_config,
 uint32_t context_stride, uint32_t aperture_size)
 {
 DeviceState *dev = qdev_new(TYPE_SIFIVE_PLIC);
-int i;
+int i, j = 0;
+SiFivePLICState *plic;
 
 assert(enable_stride == (enable_stride & -enable_stride));
 assert(context_stride == (context_stride & -context_stride));
@@ -448,13 +450,21 @@ DeviceState *sifive_plic_create(hwaddr addr, char 
*hart_config,
 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), _fatal);
 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, addr);
 
+plic = SIFIVE_PLIC(dev);
 for (i = 0; i < num_harts; i++) {
 CPUState *cpu = qemu_get_cpu(hartid_base + i);
 
-qdev_connect_gpio_out(dev, i,
-  qdev_get_gpio_in(DEVICE(cpu), IRQ_S_EXT));
-qdev_connect_gpio_out(dev, num_harts + i,
-  qdev_get_gpio_in(DEVICE(cpu), IRQ_M_EXT));
+if (plic->addr_config[j].mode == PLICMode_M) {
+j++;
+qdev_connect_gpio_out(dev, num_harts + i,
+  qdev_get_gpio_in(DEVICE(cpu), IRQ_M_EXT));
+}
+
+if (plic->addr_config[j].mode == PLICMode_S) {
+j++;
+qdev_connect_gpio_out(dev, i,
+  qdev_get_gpio_in(DEVICE(cpu), IRQ_S_EXT));
+}
 }
 
 return dev;
diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index f67264374e..cae74fcbcd 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -30,6 +30,7 @@
 #include "elf.h"
 #include "sysemu/device_tree.h"
 #include "sysemu/qtest.h"
+#include "sysemu/kvm.h"
 
 #include 
 
@@ -51,7 +52,9 @@ char 

[PULL 05/61] target/riscv: Add target/riscv/kvm.c to place the public kvm interface

[Alistair Francis]

From: Yifei Jiang 

Add target/riscv/kvm.c to place kvm_arch_* function needed by
kvm/kvm-all.c.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Alistair Francis 
Reviewed-by: Anup Patel 
Message-id: 20220112081329.1835-3-jiangyi...@huawei.com
Signed-off-by: Alistair Francis 
---
 target/riscv/kvm.c   | 133 +++
 target/riscv/meson.build |   1 +
 2 files changed, 134 insertions(+)
 create mode 100644 target/riscv/kvm.c

diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
new file mode 100644
index 00..687dd4b621
--- /dev/null
+++ b/target/riscv/kvm.c
@@ -0,0 +1,133 @@
+/*
+ * RISC-V implementation of KVM hooks
+ *
+ * Copyright (c) 2020 Huawei Technologies Co., Ltd
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include 
+
+#include 
+
+#include "qemu-common.h"
+#include "qemu/timer.h"
+#include "qemu/error-report.h"
+#include "qemu/main-loop.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/kvm.h"
+#include "sysemu/kvm_int.h"
+#include "cpu.h"
+#include "trace.h"
+#include "hw/pci/pci.h"
+#include "exec/memattrs.h"
+#include "exec/address-spaces.h"
+#include "hw/boards.h"
+#include "hw/irq.h"
+#include "qemu/log.h"
+#include "hw/loader.h"
+
+const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
+KVM_CAP_LAST_INFO
+};
+
+int kvm_arch_get_registers(CPUState *cs)
+{
+return 0;
+}
+
+int kvm_arch_put_registers(CPUState *cs, int level)
+{
+return 0;
+}
+
+int kvm_arch_release_virq_post(int virq)
+{
+return 0;
+}
+
+int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry *route,
+ uint64_t address, uint32_t data, PCIDevice *dev)
+{
+return 0;
+}
+
+int kvm_arch_destroy_vcpu(CPUState *cs)
+{
+return 0;
+}
+
+unsigned long kvm_arch_vcpu_id(CPUState *cpu)
+{
+return cpu->cpu_index;
+}
+
+void kvm_arch_init_irq_routing(KVMState *s)
+{
+}
+
+int kvm_arch_init_vcpu(CPUState *cs)
+{
+return 0;
+}
+
+int kvm_arch_msi_data_to_gsi(uint32_t data)
+{
+abort();
+}
+
+int kvm_arch_add_msi_route_post(struct kvm_irq_routing_entry *route,
+int vector, PCIDevice *dev)
+{
+return 0;
+}
+
+int kvm_arch_init(MachineState *ms, KVMState *s)
+{
+return 0;
+}
+
+int kvm_arch_irqchip_create(KVMState *s)
+{
+return 0;
+}
+
+int kvm_arch_process_async_events(CPUState *cs)
+{
+return 0;
+}
+
+void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
+{
+}
+
+MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
+{
+return MEMTXATTRS_UNSPECIFIED;
+}
+
+bool kvm_arch_stop_on_emulation_error(CPUState *cs)
+{
+return true;
+}
+
+int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
+{
+return 0;
+}
+
+bool kvm_arch_cpu_check_are_resettable(void)
+{
+return true;
+}
diff --git a/target/riscv/meson.build b/target/riscv/meson.build
index a32158da93..95340b44aa 100644
--- a/target/riscv/meson.build
+++ b/target/riscv/meson.build
@@ -20,6 +20,7 @@ riscv_ss.add(files(
   'translate.c',
   'm128_helper.c'
 ))
+riscv_ss.add(when: 'CONFIG_KVM', if_true: files('kvm.c'))
 
 riscv_softmmu_ss = ss.source_set()
 riscv_softmmu_ss.add(files(
-- 
2.31.1

[PULL 17/61] softmmu/device_tree: Silence compiler warning with --enable-sanitizers

[Alistair Francis]

From: Thomas Huth 

If I configure my build with --enable-sanitizers, my GCC (v8.5.0)
complains:

.../softmmu/device_tree.c: In function ‘qemu_fdt_add_path’:
.../softmmu/device_tree.c:560:18: error: ‘retval’ may be used uninitialized
 in this function [-Werror=maybe-uninitialized]
 int namelen, retval;
  ^~

It's a false warning since the while loop is always executed at least
once (p has to be non-NULL, otherwise the derefence in the if-statement
earlier will crash). Thus let's switch to a do-while loop here instead
to make the compiler happy in all cases.

Signed-off-by: Thomas Huth 
Reviewed-by: Andrew Jones 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
Reviewed-by: Yanan Wang 
Message-id: 20220107133844.145039-1-th...@redhat.com
Signed-off-by: Alistair Francis 
---
 softmmu/device_tree.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/softmmu/device_tree.c b/softmmu/device_tree.c
index 31d1066940..0a433c98e2 100644
--- a/softmmu/device_tree.c
+++ b/softmmu/device_tree.c
@@ -566,7 +566,7 @@ int qemu_fdt_add_path(void *fdt, const char *path)
 return -1;
 }
 
-while (p) {
+do {
 name = p + 1;
 p = strchr(name, '/');
 namelen = p != NULL ? p - name : strlen(name);
@@ -586,7 +586,7 @@ int qemu_fdt_add_path(void *fdt, const char *path)
 }
 
 parent = retval;
-}
+} while (p);
 
 return retval;
 }
-- 
2.31.1

[PULL 03/61] hw: timer: ibex_timer: update/add reg address

[Alistair Francis]

From: Wilfred Mallawa 

The following changes:
1. Fixes the incorrectly set CTRL register address. As
per [1] https://docs.opentitan.org/hw/ip/rv_timer/doc/#register-table

The CTRL register is @ 0x04.

This was found when attempting to fixup a bug where a timer_interrupt
was not serviced on TockOS-OpenTitan.

2. Adds ALERT_TEST register as documented on [1], adding repective
   switch cases to error handle and later implement functionality.

Signed-off-by: Wilfred Mallawa 
Reviewed-by: Alistair Francis 
Tested-by: Alistair Francis 
Reviewed-by: Bin Meng 
Message-id: 20220111071025.4169189-2-alistair.fran...@opensource.wdc.com
Signed-off-by: Alistair Francis 
---
 hw/timer/ibex_timer.c | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/hw/timer/ibex_timer.c b/hw/timer/ibex_timer.c
index 826c38b653..8c2ca364da 100644
--- a/hw/timer/ibex_timer.c
+++ b/hw/timer/ibex_timer.c
@@ -34,7 +34,9 @@
 #include "target/riscv/cpu.h"
 #include "migration/vmstate.h"
 
-REG32(CTRL, 0x00)
+REG32(ALERT_TEST, 0x00)
+FIELD(ALERT_TEST, FATAL_FAULT, 0, 1)
+REG32(CTRL, 0x04)
 FIELD(CTRL, ACTIVE, 0, 1)
 REG32(CFG0, 0x100)
 FIELD(CFG0, PRESCALE, 0, 12)
@@ -142,6 +144,10 @@ static uint64_t ibex_timer_read(void *opaque, hwaddr addr,
 uint64_t retvalue = 0;
 
 switch (addr >> 2) {
+case R_ALERT_TEST:
+qemu_log_mask(LOG_GUEST_ERROR,
+"Attempted to read ALERT_TEST, a write only register");
+break;
 case R_CTRL:
 retvalue = s->timer_ctrl;
 break;
@@ -186,6 +192,9 @@ static void ibex_timer_write(void *opaque, hwaddr addr,
 uint32_t val = val64;
 
 switch (addr >> 2) {
+case R_ALERT_TEST:
+qemu_log_mask(LOG_UNIMP, "Alert triggering not supported");
+break;
 case R_CTRL:
 s->timer_ctrl = val;
 break;
-- 
2.31.1

[PULL 01/61] hw: timer: ibex_timer: Fixup reading w/o register

[Alistair Francis]

From: Wilfred Mallawa 

This change fixes a bug where a write only register is read.
As per https://docs.opentitan.org/hw/ip/rv_timer/doc/#register-table
the 'INTR_TEST0' register is write only.

Signed-off-by: Wilfred Mallawa 
Reviewed-by: Bin Meng 
Reviewed-by: Alistair Francis 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20220110051606.4031241-1-alistair.fran...@opensource.wdc.com
Signed-off-by: Alistair Francis 
---
 include/hw/timer/ibex_timer.h |  1 -
 hw/timer/ibex_timer.c | 14 +-
 2 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/include/hw/timer/ibex_timer.h b/include/hw/timer/ibex_timer.h
index b6f69b38ee..1a0a28d5fa 100644
--- a/include/hw/timer/ibex_timer.h
+++ b/include/hw/timer/ibex_timer.h
@@ -43,7 +43,6 @@ struct IbexTimerState {
 uint32_t timer_compare_upper0;
 uint32_t timer_intr_enable;
 uint32_t timer_intr_state;
-uint32_t timer_intr_test;
 
 uint32_t timebase_freq;
 
diff --git a/hw/timer/ibex_timer.c b/hw/timer/ibex_timer.c
index 66e1f8e48c..826c38b653 100644
--- a/hw/timer/ibex_timer.c
+++ b/hw/timer/ibex_timer.c
@@ -130,7 +130,6 @@ static void ibex_timer_reset(DeviceState *dev)
 s->timer_compare_upper0 = 0x;
 s->timer_intr_enable = 0x;
 s->timer_intr_state = 0x;
-s->timer_intr_test = 0x;
 
 ibex_timer_update_irqs(s);
 }
@@ -168,7 +167,8 @@ static uint64_t ibex_timer_read(void *opaque, hwaddr addr,
 retvalue = s->timer_intr_state;
 break;
 case R_INTR_TEST:
-retvalue = s->timer_intr_test;
+qemu_log_mask(LOG_GUEST_ERROR,
+  "Attempted to read INTR_TEST, a write only register");
 break;
 default:
 qemu_log_mask(LOG_GUEST_ERROR,
@@ -215,10 +215,7 @@ static void ibex_timer_write(void *opaque, hwaddr addr,
 s->timer_intr_state &= ~val;
 break;
 case R_INTR_TEST:
-s->timer_intr_test = val;
-if (s->timer_intr_enable &
-s->timer_intr_test &
-R_INTR_ENABLE_IE_0_MASK) {
+if (s->timer_intr_enable & val & R_INTR_ENABLE_IE_0_MASK) {
 s->timer_intr_state |= R_INTR_STATE_IS_0_MASK;
 qemu_set_irq(s->irq, true);
 }
@@ -247,8 +244,8 @@ static int ibex_timer_post_load(void *opaque, int 
version_id)
 
 static const VMStateDescription vmstate_ibex_timer = {
 .name = TYPE_IBEX_TIMER,
-.version_id = 1,
-.minimum_version_id = 1,
+.version_id = 2,
+.minimum_version_id = 2,
 .post_load = ibex_timer_post_load,
 .fields = (VMStateField[]) {
 VMSTATE_UINT32(timer_ctrl, IbexTimerState),
@@ -257,7 +254,6 @@ static const VMStateDescription vmstate_ibex_timer = {
 VMSTATE_UINT32(timer_compare_upper0, IbexTimerState),
 VMSTATE_UINT32(timer_intr_enable, IbexTimerState),
 VMSTATE_UINT32(timer_intr_state, IbexTimerState),
-VMSTATE_UINT32(timer_intr_test, IbexTimerState),
 VMSTATE_END_OF_LIST()
 }
 };
-- 
2.31.1

[PULL 00/61] riscv-to-apply queue

[Alistair Francis]

From: Alistair Francis 

The following changes since commit 2c89b5af5e72ab8c9d544c6e30399528b2238827:

  Merge remote-tracking branch 
'remotes/pmaydell/tags/pull-target-arm-20220120-1' into staging (2022-01-20 
16:13:17 +)

are available in the Git repository at:

  g...@github.com:alistair23/qemu.git tags/pull-riscv-to-apply-20220121-1

for you to fetch changes up to f297245f6a780f496fb171af6fcd21ff3e6783c3:

  target/riscv: Relax UXL field for debugging (2022-01-21 15:52:57 +1000)


Third RISC-V PR for QEMU 7.0

 * Fixes for OpenTitan timer
 * Correction of OpenTitan PLIC stride length
 * RISC-V KVM support
 * Device tree code cleanup
 * Support for the Zve64f and Zve32f extensions
 * OpenSBI binary loading support for the Spike machine
 * Removal of OpenSBI ELFs
 * Support for the UXL field in xstatus


Anup Patel (3):
  hw/riscv: spike: Allow using binary firmware as bios
  hw/riscv: Remove macros for ELF BIOS image names
  roms/opensbi: Remove ELF images

Frank Chang (17):
  target/riscv: rvv-1.0: Add Zve64f extension into RISC-V
  target/riscv: rvv-1.0: Add Zve64f support for configuration insns
  target/riscv: rvv-1.0: Add Zve64f support for load and store insns
  target/riscv: rvv-1.0: Add Zve64f support for vmulh variant insns
  target/riscv: rvv-1.0: Add Zve64f support for vsmul.vv and vsmul.vx insns
  target/riscv: rvv-1.0: Add Zve64f support for scalar fp insns
  target/riscv: rvv-1.0: Add Zve64f support for single-width fp reduction 
insns
  target/riscv: rvv-1.0: Add Zve64f support for widening type-convert insns
  target/riscv: rvv-1.0: Add Zve64f support for narrowing type-convert insns
  target/riscv: rvv-1.0: Allow Zve64f extension to be turned on
  target/riscv: rvv-1.0: Add Zve32f extension into RISC-V
  target/riscv: rvv-1.0: Add Zve32f support for configuration insns
  target/riscv: rvv-1.0: Add Zve32f support for scalar fp insns
  target/riscv: rvv-1.0: Add Zve32f support for single-width fp reduction 
insns
  target/riscv: rvv-1.0: Add Zve32f support for widening type-convert insns
  target/riscv: rvv-1.0: Add Zve32f support for narrowing type-convert insns
  target/riscv: rvv-1.0: Allow Zve32f extension to be turned on

LIU Zhiwei (23):
  target/riscv: Adjust pmpcfg access with mxl
  target/riscv: Don't save pc when exception return
  target/riscv: Sign extend link reg for jal and jalr
  target/riscv: Sign extend pc for different XLEN
  target/riscv: Create xl field in env
  target/riscv: Ignore the pc bits above XLEN
  target/riscv: Extend pc for runtime pc write
  target/riscv: Use gdb xml according to max mxlen
  target/riscv: Relax debug check for pm write
  target/riscv: Adjust csr write mask with XLEN
  target/riscv: Create current pm fields in env
  target/riscv: Alloc tcg global for cur_pm[mask|base]
  target/riscv: Calculate address according to XLEN
  target/riscv: Split pm_enabled into mask and base
  target/riscv: Split out the vill from vtype
  target/riscv: Adjust vsetvl according to XLEN
  target/riscv: Remove VILL field in VTYPE
  target/riscv: Fix check range for first fault only
  target/riscv: Adjust vector address with mask
  target/riscv: Adjust scalar reg in vector with XLEN
  target/riscv: Set default XLEN for hypervisor
  target/riscv: Enable uxl field write
  target/riscv: Relax UXL field for debugging

Thomas Huth (1):
  softmmu/device_tree: Silence compiler warning with --enable-sanitizers

Wilfred Mallawa (3):
  hw: timer: ibex_timer: Fixup reading w/o register
  riscv: opentitan: fixup plic stride len
  hw: timer: ibex_timer: update/add reg address

Yanan Wang (1):
  softmmu/device_tree: Remove redundant pointer assignment

Yifei Jiang (13):
  update-linux-headers: Add asm-riscv/kvm.h
  target/riscv: Add target/riscv/kvm.c to place the public kvm interface
  target/riscv: Implement function kvm_arch_init_vcpu
  target/riscv: Implement kvm_arch_get_registers
  target/riscv: Implement kvm_arch_put_registers
  target/riscv: Support start kernel directly by KVM
  target/riscv: Support setting external interrupt by KVM
  target/riscv: Handle KVM_EXIT_RISCV_SBI exit
  target/riscv: Add host cpu type
  target/riscv: Add kvm_riscv_get/put_regs_timer
  target/riscv: Implement virtual time adjusting with vm state changing
  target/riscv: Support virtual time context synchronization
  target/riscv: enable riscv kvm accel

 meson.build|   2 +
 include/hw/char/riscv_htif.h   |   5 +-
 include/hw/riscv/boot.h|   3 +-
 include/hw/riscv/spike.h   |   1 +
 include/hw/timer/ibex_timer.h

[PATCH v1] include: hw: remove ibex_plic.h

[Alistair Francis]

From: Wilfred Mallawa 

This patch removes the left-over/unused `ibex_plic.h` file. Previously
used by opentitan, which now follows the RISC-V standard and uses the
SiFivePlicState.

Fixes: 434e7e021 ("hw/intc: Remove the Ibex PLIC")
Signed-off-by: Wilfred Mallawa 
---
 include/hw/intc/ibex_plic.h | 67 -
 1 file changed, 67 deletions(-)
 delete mode 100644 include/hw/intc/ibex_plic.h

diff --git a/include/hw/intc/ibex_plic.h b/include/hw/intc/ibex_plic.h
deleted file mode 100644
index d596436e06..00
--- a/include/hw/intc/ibex_plic.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * QEMU RISC-V lowRISC Ibex PLIC
- *
- * Copyright (c) 2020 Western Digital
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2 or later, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program.  If not, see .
- */
-
-#ifndef HW_IBEX_PLIC_H
-#define HW_IBEX_PLIC_H
-
-#include "hw/sysbus.h"
-#include "qom/object.h"
-
-#define TYPE_IBEX_PLIC "ibex-plic"
-OBJECT_DECLARE_SIMPLE_TYPE(IbexPlicState, IBEX_PLIC)
-
-struct IbexPlicState {
-/*< private >*/
-SysBusDevice parent_obj;
-
-/*< public >*/
-MemoryRegion mmio;
-
-uint32_t *pending;
-uint32_t *hidden_pending;
-uint32_t *claimed;
-uint32_t *source;
-uint32_t *priority;
-uint32_t *enable;
-uint32_t threshold;
-uint32_t claim;
-
-/* config */
-uint32_t num_cpus;
-uint32_t num_sources;
-
-uint32_t pending_base;
-uint32_t pending_num;
-
-uint32_t source_base;
-uint32_t source_num;
-
-uint32_t priority_base;
-uint32_t priority_num;
-
-uint32_t enable_base;
-uint32_t enable_num;
-
-uint32_t threshold_base;
-
-uint32_t claim_base;
-
-qemu_irq *external_irqs;
-};
-
-#endif /* HW_IBEX_PLIC_H */
-- 
2.34.1

Re: [PATCH] hw/armv7m: Fix broken VMStateDescription

[Ani Sinha]

On Thu, 20 Jan 2022, Peter Maydell wrote:

> In commit d5093d961585f02 we added a VMStateDescription to
> the TYPE_ARMV7M object, to handle migration of its Clocks.
> However a cut-and-paste error meant we used the wrong struct
> name in the VMSTATE_CLOCK() macro arguments. The result was
> that attempting a 'savevm' might result in an assertion
> failure.
>
> Cc: qemu-sta...@nongnu.org
> Buglink: https://gitlab.com/qemu-project/qemu/-/issues/803
> Fixes: d5093d961585f02
> Signed-off-by: Peter Maydell 

Reviewed-by: Ani Sinha 

> ---
> It's a shame there's no way to type-check that the struct
> name used in the VMSTATE macros is correct...
> ---
>  hw/arm/armv7m.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
> index 8d08db80be8..ceb76df3cd4 100644
> --- a/hw/arm/armv7m.c
> +++ b/hw/arm/armv7m.c
> @@ -520,8 +520,8 @@ static const VMStateDescription vmstate_armv7m = {
>  .version_id = 1,
>  .minimum_version_id = 1,
>  .fields = (VMStateField[]) {
> -VMSTATE_CLOCK(refclk, SysTickState),
> -VMSTATE_CLOCK(cpuclk, SysTickState),
> +VMSTATE_CLOCK(refclk, ARMv7MState),
> +VMSTATE_CLOCK(cpuclk, ARMv7MState),
>  VMSTATE_END_OF_LIST()
>  }
>  };
> --
> 2.25.1
>
>
>

Re: [PATCH v2 2/2] target/riscv: Add XVentanaCondOps custom extension

[Alistair Francis]

On Fri, Jan 21, 2022 at 1:38 AM Philipp Tomsich
 wrote:
>
> Thanks for taking the time to write this up!
>
> On Wed, 19 Jan 2022 at 02:30, Alistair Francis  wrote:
> >
> > On Wed, Jan 19, 2022 at 11:19 AM Alistair Francis  
> > wrote:
> > >
> > > On Wed, Jan 19, 2022 at 9:22 AM Philipp Tomsich
> > >  wrote:
> > > >
> > > > Alistair,
> > > >
> > > > Some of us (the merit almost exclusively goes to Kito) have been
> > > > working towards a similar policy for GCC/binutils and LLVM.
> > > > This currently lives in:
> > > >https://github.com/riscv-non-isa/riscv-toolchain-conventions/pull/17
> > >
> > > Ah cool! We can use that as a good starting point.
> > >
> > > >
> > > > A few comments & a question below.
> > > >
> > > > Thanks,
> > > > Philipp.
> > > >
> > > > On Tue, 18 Jan 2022 at 23:53, Alistair Francis  
> > > > wrote:
> > > > >
> > > > > On Fri, Jan 14, 2022 at 6:22 AM Philipp Tomsich
> > > > >  wrote:
> > > > > >
> > > > > > This adds the decoder and translation for the XVentanaCondOps custom
> > > > > > extension (vendor-defined by Ventana Micro Systems), which is
> > > > > > documented at 
> > > > > > https://github.com/ventanamicro/ventana-custom-extensions/releases/download/v1.0.0/ventana-custom-extensions-v1.0.0.pdf
> > > > > >
> > > > > > This commit then also adds a guard-function (has_XVentanaCondOps_p)
> > > > > > and the decoder function to the table of decoders, enabling the
> > > > > > support for the XVentanaCondOps extension.
> > > > > >
> > > > > > Signed-off-by: Philipp Tomsich 
> > > > >
> > > > > This looks reasonable to me.
> > > > >
> > > > > I'm going to leave this for a bit in case there are any more comments.
> > > > >
> > > > > I was a little worried that taking vendor extensions isn't the right
> > > > > move, as we might get stuck with a large number of them. But this is
> > > > > pretty self contained and I think with the growing RISC-V interest
> > > > > it's something we will eventually need to support.
> > > > >
> > > > > I'm going to update the QEMU RISC-V wiki page with this to make the
> > > > > position clear (comments very welcome)
> > > > >
> > > > > === RISC-V Extensions ===
> > > > > As RISC-V has a range of possible extensions, QEMU has guidelines for
> > > > > supporting them all.
> > > > >
> > > > > If an extension is frozen or ratified by the RISC-V foundation, it can
> > > > > be supported in QEMU.
> > > > >
> > > > > If an official RISC-V foundation extension is in a reasonable draft
> > > > > state, that is not too many changes are still expected, it can be
> > > > > supported experimentally by QEMU. Experimental support means it must
> > > > > be disabled by default and marked with a "x-" in the properties. QEMU
> > > > > will only support the latest version of patches submitted for a draft
> > > > > extension. A draft extension can also be removed at any time if it
> > > > > conflicts with other extensions.
> > > > >
> > > > > QEMU will also support vendor extensions. Vendor extensions must be
> > > > > disabled by default, but can be enabled for specific vendor CPUs and
> > > > > boards. Vendor extensions must be maintained and tested by the vendor.
> > > >
> > > > I guess I should create a v3 with appropriate paths in the MAINTAINERS 
> > > > file?
> > >
> > > Hmm... Good point. I don't think you have to if you don't want to.
> > >
> > > My point here was more to just make it clear that upstream QEMU is not
> > > a dumping ground for vendor extensions to get them maintained by
> > > someone else. Obviously we won't purposely break things just for fun.
> > > There is an expectation that the vendor tests their extensions and
> > > responds to bug reports and things like that.
> > >
> > > >
> > > > > Vendor extensions can not interfere with other extensions and can not
> > > > > be obtrusive to the RISC-V target code.
> > > >
> > > > I know that there is some interest to have the XtheadV (the
> > > > instructions previously known as vectors 0.7.1-draft) supported and we
> > > > have the reality of a deployed base that implements it in hardware.
> > > > This would conflict with the opcode space used by the standard RISC-V
> > > > vectors, so it makes for an interesting test case (even if just to
> > > > clarify our intent)...
> > > > Personally, I would like to avoid precluding inclusion of something
> > > > useful (of course, "Vendor extensions must be maintained and tested by
> > > > the vendor." has to apply!), if a vendor was going to step up and also
> > > > offers to maintain it.
> > >
> > > Yeah... this is unfortunate. I agree that having the 0.7.1-draft
> > > extensions supported would be great. There is hardware that supports
> > > it.
> > >
> > > I think this point still stands though. IF the XtheadV implementation
> > > is self contained and doesn't interfere with the vector extensions,
> > > then that's great and we can support it. If instead it adds a large
> > > amount of conditionals to the released vector extension code then I
> > > 

[PATCH 3/3] crypto: Introduce RSA algorithm

[zhenwei pi]

From: Lei He 

Implement RSA algorithm by nettle hogweed, and apply it for
virtio-crypto akcipher backend.

1, The self-test framework of crypto layer works fine in guest kernel
2, Test with Linux guest(with asym support), the following script
test(note that pkey_XXX is supported only in a newer version of keyutils):
  - both public key & private key
  - create/close session
  - encrypt/decrypt/sign/verify basic driver operation
  - also test with kernel crypto layer(pkey add/query)

All the cases work fine.

rm -rf *.der *.pem *.pfx
modprobe pkcs8_key_parser # if CONFIG_PKCS8_PRIVATE_KEY_PARSER=m
rm -rf /tmp/data
dd if=/dev/random of=/tmp/data count=1 bs=226

openssl req -nodes -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -subj 
"/C=CN/ST=BJ/L=HD/O=qemu/OU=dev/CN=qemu/emailAddress=q...@qemu.org"
openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER -out key.der
openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der

PRIV_KEY_ID=`cat key.der | keyctl padd asymmetric test_priv_key @s`
echo "priv key id = "$PRIV_KEY_ID
PUB_KEY_ID=`cat cert.der | keyctl padd asymmetric test_pub_key @s`
echo "pub key id = "$PUB_KEY_ID

keyctl pkey_query $PRIV_KEY_ID 0
keyctl pkey_query $PUB_KEY_ID 0

echo "Enc with priv key..."
keyctl pkey_encrypt $PRIV_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.priv
echo "Dec with pub key..."
keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.priv enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec

echo "Sign with priv key..."
keyctl pkey_sign $PRIV_KEY_ID 0 /tmp/data enc=pkcs1 hash=sha1 > /tmp/sig
echo "Verify with pub key..."
keyctl pkey_verify $PRIV_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1

echo "Enc with pub key..."
keyctl pkey_encrypt $PUB_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.pub
echo "Dec with priv key..."
keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec

echo "Verify with pub key..."
keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1

Signed-off-by: zhenwei pi 
Signed-off-by: lei he 
---
 crypto/akcipher-nettle.c | 486 +++
 crypto/akcipher.c|  13 ++
 crypto/asn1_decoder.c| 185 +++
 crypto/asn1_decoder.h|  42 
 crypto/meson.build   |   3 +
 meson.build  |  11 +
 6 files changed, 740 insertions(+)
 create mode 100644 crypto/akcipher-nettle.c
 create mode 100644 crypto/asn1_decoder.c
 create mode 100644 crypto/asn1_decoder.h

diff --git a/crypto/akcipher-nettle.c b/crypto/akcipher-nettle.c
new file mode 100644
index 00..6ac39e7abc
--- /dev/null
+++ b/crypto/akcipher-nettle.c
@@ -0,0 +1,486 @@
+/*
+ * QEMU Crypto akcipher algorithms
+ *
+ * Copyright (c) 2022 Bytedance
+ * Author: lei he 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ *
+ */
+
+#include 
+
+#include 
+
+#include "asn1_decoder.h"
+#include "crypto/akcipher.h"
+#include "crypto/random.h"
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "sysemu/cryptodev.h"
+#include "standard-headers/linux/virtio_crypto.h"
+
+typedef struct QCryptoNettleRsa {
+QCryptoAkcipher akcipher;
+struct rsa_public_key pub;
+struct rsa_private_key priv;
+int padding_algo;
+int hash_algo;
+} QCryptoNettleRsa;
+
+struct asn1_parse_ctx {
+const uint8_t *data;
+size_t dlen;
+};
+
+static int extract_value(void *p, const uint8_t *data, size_t dlen)
+{
+struct asn1_parse_ctx *ctx = (struct asn1_parse_ctx *)p;
+ctx->data = (uint8_t *)data;
+ctx->dlen = dlen;
+
+return 0;
+}
+
+static int extract_mpi(void *p, const uint8_t *data, size_t dlen)
+{
+mpz_t *target = (mpz_t *)p;
+nettle_mpz_set_str_256_u(*target, dlen, data);
+
+return 0;
+}
+
+static QCryptoNettleRsa *qcrypto_nettle_rsa_malloc(void);
+
+static void qcrypto_nettle_rsa_destroy(void *ptr)
+{
+QCryptoNettleRsa *rsa = (QCryptoNettleRsa *)ptr;
+if (!rsa) {
+return;
+}
+
+rsa_public_key_clear(>pub);
+rsa_private_key_clear(>priv);
+g_free(rsa);
+}
+
+static QCryptoAkcipher *qcrypto_nettle_new_rsa(bool private, const uint8_t 
*key,
+   size_t keylen, void *para,
+   int index,  Error **errp);
+
+QCryptoAkcipher *qcrypto_akcipher_nettle_new(uint32_t alg, bool private,
+ const uint8_t *key,
+  

[PATCH 2/3] virtio_crypto: Support virtio crypto asym operation

[zhenwei pi]

Several changes in this patch:
 - Add support for virtio crypto asymmetric handling, include:
 create/close session
 encrypt/decrypt/sign/verify guest data

 - Modify crypto backend to compat sym operation.

 - Introduce akcipher class without any implementation.

Then QEMU can provide asymmetric support for guest, but the asymmetric
request from guest shoule always fail until an available asymmetric
backend gets supported.

Co-developed-by: lei he 
Signed-off-by: lei he 
Signed-off-by: zhenwei pi 
---
 backends/cryptodev-builtin.c  | 201 ++
 backends/cryptodev-vhost-user.c   |  34 +++-
 backends/cryptodev.c  |  32 ++-
 crypto/akcipher.c |  78 +++
 crypto/meson.build|   1 +
 hw/virtio/virtio-crypto.c | 328 --
 include/crypto/akcipher.h |  77 +++
 include/hw/virtio/virtio-crypto.h |   5 +-
 include/sysemu/cryptodev.h|  88 ++--
 9 files changed, 697 insertions(+), 147 deletions(-)
 create mode 100644 crypto/akcipher.c
 create mode 100644 include/crypto/akcipher.h

diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c
index 0671bf9f3e..b3344d230c 100644
--- a/backends/cryptodev-builtin.c
+++ b/backends/cryptodev-builtin.c
@@ -26,9 +26,9 @@
 #include "qapi/error.h"
 #include "standard-headers/linux/virtio_crypto.h"
 #include "crypto/cipher.h"
+#include "crypto/akcipher.h"
 #include "qom/object.h"
 
-
 /**
  * @TYPE_CRYPTODEV_BACKEND_BUILTIN:
  * name of backend that uses QEMU cipher API
@@ -37,15 +37,15 @@
 
 OBJECT_DECLARE_SIMPLE_TYPE(CryptoDevBackendBuiltin, CRYPTODEV_BACKEND_BUILTIN)
 
-
 typedef struct CryptoDevBackendBuiltinSession {
 QCryptoCipher *cipher;
 uint8_t direction; /* encryption or decryption */
-uint8_t type; /* cipher? hash? aead? */
+uint8_t type; /* cipher? hash? aead? akcipher? */
+QCryptoAkcipher *akcipher;
 QTAILQ_ENTRY(CryptoDevBackendBuiltinSession) next;
 } CryptoDevBackendBuiltinSession;
 
-/* Max number of symmetric sessions */
+/* Max number of symmetric/asymmetric sessions */
 #define MAX_NUM_SESSIONS 256
 
 #define CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN512
@@ -80,15 +80,17 @@ static void cryptodev_builtin_init(
 backend->conf.crypto_services =
  1u << VIRTIO_CRYPTO_SERVICE_CIPHER |
  1u << VIRTIO_CRYPTO_SERVICE_HASH |
- 1u << VIRTIO_CRYPTO_SERVICE_MAC;
+ 1u << VIRTIO_CRYPTO_SERVICE_MAC |
+ 1u << VIRTIO_CRYPTO_SERVICE_AKCIPHER;
 backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC;
 backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1;
+backend->conf.akcipher_algo = 1u << VIRTIO_CRYPTO_AKCIPHER_RSA;
 /*
  * Set the Maximum length of crypto request.
  * Why this value? Just avoid to overflow when
  * memory allocation for each crypto request.
  */
-backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendSymOpInfo);
+backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendOpInfo);
 backend->conf.max_cipher_key_len = CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN;
 backend->conf.max_auth_key_len = CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN;
 
@@ -167,7 +169,7 @@ static int cryptodev_builtin_create_cipher_session(
 index = cryptodev_builtin_get_unused_session_index(builtin);
 if (index < 0) {
 error_setg(errp, "Total number of sessions created exceeds %u",
-  MAX_NUM_SESSIONS);
+   MAX_NUM_SESSIONS);
 return -1;
 }
 
@@ -240,26 +242,82 @@ static int cryptodev_builtin_create_cipher_session(
 return index;
 }
 
-static int64_t cryptodev_builtin_sym_create_session(
+static int cryptodev_builtin_create_akcipher_session(
+CryptoDevBackendBuiltin *builtin,
+CryptoDevBackendAsymSessionInfo *sess_info,
+Error **errp)
+{
+CryptoDevBackendBuiltinSession *sess;
+QCryptoAkcipher *akcipher;
+int index;
+bool private;
+
+switch (sess_info->algo) {
+case VIRTIO_CRYPTO_AKCIPHER_RSA:
+break;
+
+default:
+error_setg(errp, "Unsupported akcipher alg %u", sess_info->algo);
+return -1;
+}
+
+switch (sess_info->keytype) {
+case VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC:
+private = false;
+break;
+
+case VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE:
+private = true;
+break;
+
+default:
+error_setg(errp, "Unsupported akcipher keytype %u", 
sess_info->keytype);
+return -1;
+}
+
+index = cryptodev_builtin_get_unused_session_index(builtin);
+if (index < 0) {
+error_setg(errp, "Total number of sessions created exceeds %u",
+   MAX_NUM_SESSIONS);
+return -1;
+}
+
+akcipher = qcrypto_akcipher_new(sess_info->algo, private, sess_info->key,
+

[PATCH 0/3] Support akcipher for virtio-crypto

[zhenwei pi]

- Support akcipher for virtio-crypto.
- Introduce akcipher class.
- Introduce ASN1 decoder into QEMU.
- Implement RSA backend by nettle/hogweed.

Lei He (1):
  crypto: Introduce RSA algorithm

Zhenwei Pi (2):
  virtio-crypto: header update
  virtio_crypto: Support virtio crypto asym operation

 backends/cryptodev-builtin.c  | 201 ++--
 backends/cryptodev-vhost-user.c   |  34 +-
 backends/cryptodev.c  |  32 +-
 crypto/akcipher-nettle.c  | 486 ++
 crypto/akcipher.c |  91 
 crypto/asn1_decoder.c | 185 +++
 crypto/asn1_decoder.h |  42 ++
 crypto/meson.build|   4 +
 hw/virtio/virtio-crypto.c | 328 +---
 include/crypto/akcipher.h |  77 +++
 include/hw/virtio/virtio-crypto.h |   5 +-
 .../standard-headers/linux/virtio_crypto.h|  98 +++-
 include/sysemu/cryptodev.h|  88 +++-
 meson.build   |  11 +
 14 files changed, 1526 insertions(+), 156 deletions(-)
 create mode 100644 crypto/akcipher-nettle.c
 create mode 100644 crypto/akcipher.c
 create mode 100644 crypto/asn1_decoder.c
 create mode 100644 crypto/asn1_decoder.h
 create mode 100644 include/crypto/akcipher.h

-- 
2.25.1

[PATCH 1/3] virtio-crypto: header update

[zhenwei pi]

Update header from linux, support akcipher service.

Signed-off-by: lei he 
Signed-off-by: zhenwei pi 
---
 .../standard-headers/linux/virtio_crypto.h| 98 +--
 1 file changed, 89 insertions(+), 9 deletions(-)

diff --git a/include/standard-headers/linux/virtio_crypto.h 
b/include/standard-headers/linux/virtio_crypto.h
index 5ff0b4ee59..1dba57248d 100644
--- a/include/standard-headers/linux/virtio_crypto.h
+++ b/include/standard-headers/linux/virtio_crypto.h
@@ -33,10 +33,11 @@
 #include "standard-headers/linux/virtio_config.h"
 
 
-#define VIRTIO_CRYPTO_SERVICE_CIPHER 0
-#define VIRTIO_CRYPTO_SERVICE_HASH   1
-#define VIRTIO_CRYPTO_SERVICE_MAC2
-#define VIRTIO_CRYPTO_SERVICE_AEAD   3
+#define VIRTIO_CRYPTO_SERVICE_CIPHER   0
+#define VIRTIO_CRYPTO_SERVICE_HASH 1
+#define VIRTIO_CRYPTO_SERVICE_MAC  2
+#define VIRTIO_CRYPTO_SERVICE_AEAD 3
+#define VIRTIO_CRYPTO_SERVICE_AKCIPHER 4
 
 #define VIRTIO_CRYPTO_OPCODE(service, op)   (((service) << 8) | (op))
 
@@ -57,6 +58,10 @@ struct virtio_crypto_ctrl_header {
   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x02)
 #define VIRTIO_CRYPTO_AEAD_DESTROY_SESSION \
   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x03)
+#define VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION \
+  VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x04)
+#define VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION \
+  VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x05)
uint32_t opcode;
uint32_t algo;
uint32_t flag;
@@ -180,6 +185,57 @@ struct virtio_crypto_aead_create_session_req {
uint8_t padding[32];
 };
 
+struct virtio_crypto_rsa_session_para {
+#define VIRTIO_CRYPTO_RSA_RAW_PADDING   0
+#define VIRTIO_CRYPTO_RSA_PKCS1_PADDING 1
+   uint32_t padding_algo;
+
+#define VIRTIO_CRYPTO_RSA_NO_HASH   0
+#define VIRTIO_CRYPTO_RSA_MD2   1
+#define VIRTIO_CRYPTO_RSA_MD3   2
+#define VIRTIO_CRYPTO_RSA_MD4   3
+#define VIRTIO_CRYPTO_RSA_MD5   4
+#define VIRTIO_CRYPTO_RSA_SHA1  5
+#define VIRTIO_CRYPTO_RSA_SHA2566
+#define VIRTIO_CRYPTO_RSA_SHA3847
+#define VIRTIO_CRYPTO_RSA_SHA5128
+#define VIRTIO_CRYPTO_RSA_SHA2249
+   uint32_t hash_algo;
+};
+
+struct virtio_crypto_ecdsa_session_para {
+#define VIRTIO_CRYPTO_CURVE_UNKNOWN   0
+#define VIRTIO_CRYPTO_CURVE_NIST_P192 1
+#define VIRTIO_CRYPTO_CURVE_NIST_P224 2
+#define VIRTIO_CRYPTO_CURVE_NIST_P256 3
+#define VIRTIO_CRYPTO_CURVE_NIST_P384 4
+#define VIRTIO_CRYPTO_CURVE_NIST_P521 5
+   uint32_t curve_id;
+};
+
+struct virtio_crypto_akcipher_session_para {
+#define VIRTIO_CRYPTO_NO_AKCIPHER0
+#define VIRTIO_CRYPTO_AKCIPHER_RSA   1
+#define VIRTIO_CRYPTO_AKCIPHER_DSA   2
+#define VIRTIO_CRYPTO_AKCIPHER_ECDSA 3
+   uint32_t algo;
+
+#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC  1
+#define VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE 2
+   uint32_t keytype;
+   uint32_t keylen;
+
+   union {
+   struct virtio_crypto_rsa_session_para rsa;
+   struct virtio_crypto_ecdsa_session_para ecdsa;
+   } u;
+};
+
+struct virtio_crypto_akcipher_create_session_req {
+   struct virtio_crypto_akcipher_session_para para;
+   uint8_t padding[36];
+};
+
 struct virtio_crypto_alg_chain_session_para {
 #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_HASH_THEN_CIPHER  1
 #define VIRTIO_CRYPTO_SYM_ALG_CHAIN_ORDER_CIPHER_THEN_HASH  2
@@ -247,6 +303,8 @@ struct virtio_crypto_op_ctrl_req {
mac_create_session;
struct virtio_crypto_aead_create_session_req
aead_create_session;
+   struct virtio_crypto_akcipher_create_session_req
+   akcipher_create_session;
struct virtio_crypto_destroy_session_req
destroy_session;
uint8_t padding[56];
@@ -266,6 +324,14 @@ struct virtio_crypto_op_header {
VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x00)
 #define VIRTIO_CRYPTO_AEAD_DECRYPT \
VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AEAD, 0x01)
+#define VIRTIO_CRYPTO_AKCIPHER_ENCRYPT \
+   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x00)
+#define VIRTIO_CRYPTO_AKCIPHER_DECRYPT \
+   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x01)
+#define VIRTIO_CRYPTO_AKCIPHER_SIGN \
+   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x02)
+#define VIRTIO_CRYPTO_AKCIPHER_VERIFY \
+   VIRTIO_CRYPTO_OPCODE(VIRTIO_CRYPTO_SERVICE_AKCIPHER, 0x03)
uint32_t opcode;
/* algo should be service-specific algorithms */
uint32_t algo;
@@ -390,6 +456,16 @@ struct virtio_crypto_aead_data_req {
uint8_t padding[32];
 };
 
+struct virtio_crypto_akcipher_para {
+   uint32_t src_data_len;
+   uint32_t dst_data_len;
+};
+
+struct virtio_crypto_akcipher_data_req {
+   struct virtio_crypto_akcipher_para para;
+   uint8_t padding[40];
+};
+
 /* The request of the data virtqueue's packet */
 

Re: [PATCH v5 1/5] target/riscv: Ignore reserved bits in PTE for RV64

[LIU Zhiwei]

On 2022/1/21 上午9:50, Guo Ren wrote:

On Fri, Jan 21, 2022 at 6:48 AM LIU Zhiwei  wrote:


On 2022/1/20 下午9:47, Guo Ren wrote:

Hi Alistair and Anup,

On Tue, Jan 18, 2022 at 12:56 PM Alistair Francis  wrote:

On Tue, Jan 18, 2022 at 1:31 PM Anup Patel  wrote:

On Tue, Jan 18, 2022 at 6:47 AM Weiwei Li  wrote:

From: Guo Ren 

Highest bits of PTE has been used for svpbmt, ref: [1], [2], so we
need to ignore them. They cannot be a part of ppn.

1: The RISC-V Instruction Set Manual, Volume II: Privileged Architecture
 4.4 Sv39: Page-Based 39-bit Virtual-Memory System
 4.5 Sv48: Page-Based 48-bit Virtual-Memory System

2: https://github.com/riscv/virtual-memory/blob/main/specs/663-Svpbmt-diff.pdf

Signed-off-by: Guo Ren 
Tested-by: Bin Meng 
Reviewed-by: Liu Zhiwei 
Reviewed-by: Bin Meng 
Reviewed-by: Alistair Francis 
---
   target/riscv/cpu_bits.h   | 7 +++
   target/riscv/cpu_helper.c | 2 +-
   2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 5a6d49aa64..282cd8eecd 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -490,6 +490,13 @@ typedef enum {
   /* Page table PPN shift amount */
   #define PTE_PPN_SHIFT   10

+/* Page table PPN mask */
+#if defined(TARGET_RISCV32)
+#define PTE_PPN_MASK0xUL
+#elif defined(TARGET_RISCV64)
+#define PTE_PPN_MASK0x3fULL
+#endif
+

Going forward we should avoid using target specific "#if"
so that we can use the same qemu-system-riscv64 for both
RV32 and RV64.


   /* Leaf page shift amount */
   #define PGSHIFT 12

diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 434a83e66a..26608ddf1c 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -619,7 +619,7 @@ restart:
   return TRANSLATE_FAIL;
   }

-hwaddr ppn = pte >> PTE_PPN_SHIFT;
+hwaddr ppn = (pte & PTE_PPN_MASK) >> PTE_PPN_SHIFT;

Rather than using "#if", please use "xlen" comparison to extract
PPN correctly from PTE.

This will need to be dynamic based on get_xl()

It does look like we should check the existence of the extensions though:

"Bit 63 is reserved for use by the Svnapot extension in Chapter 5. If
Svnapot is not implemented, bit 63 remains reserved and must be zeroed
by software for forward compatibility, or else a page-fault exception
is raised. Bits 62–61 are reserved for use by the Svpbmt extension in
Chapter 6. If Svpbmt is not implemented, bits 62–61 remain reserved
and must be zeroed by software for forward compatibility, or else a
page-fault exception is raised."

How about:

+   RISCVCPU *cpu = env_archcpu(env);
+   hwaddr ppn;
+
+   if (get_field(env->mstatus, MSTATUS64_SXL) == MXL_RV32) {

Use riscv_cpu_mxl currently. Or define a new function riscv_cpu_sxl in cpu.h

I perfer riscv_cpu_sxl.

That's better. Thanks.



+   ppn = pte >> PTE_PPN_SHIFT;
+   } else if (cpu->cfg.ext_svpbmt || cpu->cfg.ext_svnapot) {
+   ppn = (pte & PTE_PPN_MASK) >> PTE_PPN_SHIFT;
+   } else {
+   ppn = pte >> PTE_PPN_SHIFT;
+   if ((pte & ~PTE_PPN_MASK) >> PTE_PPN_SHIFT)

Just if (pte & ~PTE_PPN_MASK)

Why? low bits in pte is correct. R W X A D


Oops, I forget about the lower bits.

Zhiwei


+   return TRANSLATE_FAIL;
+   }

Otherwise looks good to me.

Thanks,
Zhiwei


Alistair


Regards,
Anup


   if (!(pte & PTE_V)) {
   /* Invalid PTE */
--
2.17.1

Re: [PATCH v5 1/5] target/riscv: Ignore reserved bits in PTE for RV64

[Guo Ren]

On Fri, Jan 21, 2022 at 6:48 AM LIU Zhiwei  wrote:
>
>
> On 2022/1/20 下午9:47, Guo Ren wrote:
> > Hi Alistair and Anup,
> >
> > On Tue, Jan 18, 2022 at 12:56 PM Alistair Francis  
> > wrote:
> >> On Tue, Jan 18, 2022 at 1:31 PM Anup Patel  wrote:
> >>> On Tue, Jan 18, 2022 at 6:47 AM Weiwei Li  wrote:
>  From: Guo Ren 
> 
>  Highest bits of PTE has been used for svpbmt, ref: [1], [2], so we
>  need to ignore them. They cannot be a part of ppn.
> 
>  1: The RISC-V Instruction Set Manual, Volume II: Privileged Architecture
>  4.4 Sv39: Page-Based 39-bit Virtual-Memory System
>  4.5 Sv48: Page-Based 48-bit Virtual-Memory System
> 
>  2: 
>  https://github.com/riscv/virtual-memory/blob/main/specs/663-Svpbmt-diff.pdf
> 
>  Signed-off-by: Guo Ren 
>  Tested-by: Bin Meng 
>  Reviewed-by: Liu Zhiwei 
>  Reviewed-by: Bin Meng 
>  Reviewed-by: Alistair Francis 
>  ---
>    target/riscv/cpu_bits.h   | 7 +++
>    target/riscv/cpu_helper.c | 2 +-
>    2 files changed, 8 insertions(+), 1 deletion(-)
> 
>  diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
>  index 5a6d49aa64..282cd8eecd 100644
>  --- a/target/riscv/cpu_bits.h
>  +++ b/target/riscv/cpu_bits.h
>  @@ -490,6 +490,13 @@ typedef enum {
>    /* Page table PPN shift amount */
>    #define PTE_PPN_SHIFT   10
> 
>  +/* Page table PPN mask */
>  +#if defined(TARGET_RISCV32)
>  +#define PTE_PPN_MASK0xUL
>  +#elif defined(TARGET_RISCV64)
>  +#define PTE_PPN_MASK0x3fULL
>  +#endif
>  +
> >>> Going forward we should avoid using target specific "#if"
> >>> so that we can use the same qemu-system-riscv64 for both
> >>> RV32 and RV64.
> >>>
>    /* Leaf page shift amount */
>    #define PGSHIFT 12
> 
>  diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
>  index 434a83e66a..26608ddf1c 100644
>  --- a/target/riscv/cpu_helper.c
>  +++ b/target/riscv/cpu_helper.c
>  @@ -619,7 +619,7 @@ restart:
>    return TRANSLATE_FAIL;
>    }
> 
>  -hwaddr ppn = pte >> PTE_PPN_SHIFT;
>  +hwaddr ppn = (pte & PTE_PPN_MASK) >> PTE_PPN_SHIFT;
> >>> Rather than using "#if", please use "xlen" comparison to extract
> >>> PPN correctly from PTE.
> >> This will need to be dynamic based on get_xl()
> >>
> >> It does look like we should check the existence of the extensions though:
> >>
> >> "Bit 63 is reserved for use by the Svnapot extension in Chapter 5. If
> >> Svnapot is not implemented, bit 63 remains reserved and must be zeroed
> >> by software for forward compatibility, or else a page-fault exception
> >> is raised. Bits 62–61 are reserved for use by the Svpbmt extension in
> >> Chapter 6. If Svpbmt is not implemented, bits 62–61 remain reserved
> >> and must be zeroed by software for forward compatibility, or else a
> >> page-fault exception is raised."
> > How about:
> >
> > +   RISCVCPU *cpu = env_archcpu(env);
> > +   hwaddr ppn;
> > +
> > +   if (get_field(env->mstatus, MSTATUS64_SXL) == MXL_RV32) {
> Use riscv_cpu_mxl currently. Or define a new function riscv_cpu_sxl in cpu.h
I perfer riscv_cpu_sxl.

> > +   ppn = pte >> PTE_PPN_SHIFT;
> > +   } else if (cpu->cfg.ext_svpbmt || cpu->cfg.ext_svnapot) {
> > +   ppn = (pte & PTE_PPN_MASK) >> PTE_PPN_SHIFT;
> > +   } else {
> > +   ppn = pte >> PTE_PPN_SHIFT;
> > +   if ((pte & ~PTE_PPN_MASK) >> PTE_PPN_SHIFT)
> Just if (pte & ~PTE_PPN_MASK)
Why? low bits in pte is correct. R W X A D
> > +   return TRANSLATE_FAIL;
> > +   }
>
> Otherwise looks good to me.
>
> Thanks,
> Zhiwei
>
> >> Alistair
> >>
> >>> Regards,
> >>> Anup
> >>>
>    if (!(pte & PTE_V)) {
>    /* Invalid PTE */
>  --
>  2.17.1
> 
> >



-- 
Best Regards
 Guo Ren

ML: https://lore.kernel.org/linux-csky/

[PATCH] python: pin setuptools below v60.0.0

[John Snow]

setuptools is a package that replaces the python stdlib 'distutils'. It
is generally installed by all venv-creating tools "by default". It isn't
actually needed at runtime for the qemu package, so our own setup.cfg
does not mention it as a dependency.

However, tox will create virtual environments that include it, and will
upgrade it to the very latest version. the 'venv' tool will also include
whichever version your host system happens to have.

Unfortunately, setuptools version 60.0.0 and above include a hack to
forcibly overwrite python's built-in distutils. The pylint tool that we
use to run code analysis checks on this package relies on distutils and
suffers regressions when setuptools >= 60.0.0 is present at all, see
https://github.com/PyCQA/pylint/issues/5704

Instruct tox and the 'check-dev' targets to avoid setuptools packages
that are too new, for now. Pipenv is unaffected, because setuptools 60
does not offer Python 3.6 support, and our pipenv config is pinned
against Python 3.6.

Signed-off-by: John Snow 
---
 python/Makefile  | 2 ++
 python/setup.cfg | 1 +
 2 files changed, 3 insertions(+)

diff --git a/python/Makefile b/python/Makefile
index 3334311362..949c472624 100644
--- a/python/Makefile
+++ b/python/Makefile
@@ -68,6 +68,8 @@ $(QEMU_VENV_DIR) $(QEMU_VENV_DIR)/bin/activate: setup.cfg
echo "ACTIVATE $(QEMU_VENV_DIR)";   \
. $(QEMU_VENV_DIR)/bin/activate;\
echo "INSTALL qemu[devel] $(QEMU_VENV_DIR)";\
+   pip install --disable-pip-version-check \
+   "setuptools<60.0.0" 1>/dev/null;\
make develop 1>/dev/null;   \
)
@touch $(QEMU_VENV_DIR)
diff --git a/python/setup.cfg b/python/setup.cfg
index 417e937839..aa238d8bc9 100644
--- a/python/setup.cfg
+++ b/python/setup.cfg
@@ -163,6 +163,7 @@ deps =
 .[devel]
 .[fuse]  # Workaround to trigger tox venv rebuild
 .[tui]   # Workaround to trigger tox venv rebuild
+setuptools < 60  # Workaround, please see commit msg.
 commands =
 make check
 
-- 
2.31.1

Re: [RFC PATCH v5 14/14] target/riscv: rvk: expose zbk* and zk* properties

[Alistair Francis]

On Wed, Jan 19, 2022 at 11:09 PM Weiwei Li  wrote:
>
> Signed-off-by: Weiwei Li 
> Signed-off-by: Junqiang Wang 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/riscv/cpu.c | 13 +
>  1 file changed, 13 insertions(+)
>
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index b487a8282c..04e8e8d3c6 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -694,7 +694,20 @@ static Property riscv_cpu_properties[] = {
>  DEFINE_PROP_BOOL("zba", RISCVCPU, cfg.ext_zba, true),
>  DEFINE_PROP_BOOL("zbb", RISCVCPU, cfg.ext_zbb, true),
>  DEFINE_PROP_BOOL("zbc", RISCVCPU, cfg.ext_zbc, true),
> +DEFINE_PROP_BOOL("zbkb", RISCVCPU, cfg.ext_zbkb, false),
> +DEFINE_PROP_BOOL("zbkc", RISCVCPU, cfg.ext_zbkc, false),
> +DEFINE_PROP_BOOL("zbkx", RISCVCPU, cfg.ext_zbkx, false),
>  DEFINE_PROP_BOOL("zbs", RISCVCPU, cfg.ext_zbs, true),
> +DEFINE_PROP_BOOL("zk", RISCVCPU, cfg.ext_zk, false),
> +DEFINE_PROP_BOOL("zkn", RISCVCPU, cfg.ext_zkn, false),
> +DEFINE_PROP_BOOL("zknd", RISCVCPU, cfg.ext_zknd, false),
> +DEFINE_PROP_BOOL("zkne", RISCVCPU, cfg.ext_zkne, false),
> +DEFINE_PROP_BOOL("zknh", RISCVCPU, cfg.ext_zknh, false),
> +DEFINE_PROP_BOOL("zkr", RISCVCPU, cfg.ext_zkr, false),
> +DEFINE_PROP_BOOL("zks", RISCVCPU, cfg.ext_zks, false),
> +DEFINE_PROP_BOOL("zksed", RISCVCPU, cfg.ext_zksed, false),
> +DEFINE_PROP_BOOL("zksh", RISCVCPU, cfg.ext_zksh, false),
> +DEFINE_PROP_BOOL("zkt", RISCVCPU, cfg.ext_zkt, false),
>
>  /* These are experimental so mark with 'x-' */
>  DEFINE_PROP_BOOL("x-j", RISCVCPU, cfg.ext_j, false),
> --
> 2.17.1
>
>

Re: [RFC PATCH v5 02/14] target/riscv: rvk: add support for zbkb extension

[Alistair Francis]

On Wed, Jan 19, 2022 at 9:52 PM Weiwei Li  wrote:
>
>  - reuse partial instructions of zbb extension, update extension check for 
> them
>  - add brev8, pack, packh, packw, unzip, zip instructions
>
> Signed-off-by: Weiwei Li 
> Signed-off-by: Junqiang Wang 

Acked-by: Alistair Francis 

Alistair

> ---
>  target/riscv/bitmanip_helper.c  |  53 +++
>  target/riscv/helper.h   |   3 +
>  target/riscv/insn32.decode  |  45 ++
>  target/riscv/insn_trans/trans_rvb.c.inc | 115 +---
>  target/riscv/translate.c|   7 ++
>  5 files changed, 195 insertions(+), 28 deletions(-)
>
> diff --git a/target/riscv/bitmanip_helper.c b/target/riscv/bitmanip_helper.c
> index f1b5e5549f..e003e8b25b 100644
> --- a/target/riscv/bitmanip_helper.c
> +++ b/target/riscv/bitmanip_helper.c
> @@ -49,3 +49,56 @@ target_ulong HELPER(clmulr)(target_ulong rs1, target_ulong 
> rs2)
>
>  return result;
>  }
> +
> +static inline target_ulong do_swap(target_ulong x, uint64_t mask, int shift)
> +{
> +return ((x & mask) << shift) | ((x & ~mask) >> shift);
> +}
> +
> +target_ulong HELPER(brev8)(target_ulong rs1)
> +{
> +target_ulong x = rs1;
> +
> +x = do_swap(x, 0xull, 1);
> +x = do_swap(x, 0xull, 2);
> +x = do_swap(x, 0x0f0f0f0f0f0f0f0full, 4);
> +return x;
> +}
> +
> +static const uint64_t shuf_masks[] = {
> +dup_const(MO_8, 0x44),
> +dup_const(MO_8, 0x30),
> +dup_const(MO_16, 0x0f00),
> +dup_const(MO_32, 0xff)
> +};
> +
> +static inline target_ulong do_shuf_stage(target_ulong src, uint64_t maskL,
> + uint64_t maskR, int shift)
> +{
> +target_ulong x = src & ~(maskL | maskR);
> +
> +x |= ((src << shift) & maskL) | ((src >> shift) & maskR);
> +return x;
> +}
> +
> +target_ulong HELPER(unzip)(target_ulong rs1)
> +{
> +target_ulong x = rs1;
> +
> +x = do_shuf_stage(x, shuf_masks[0], shuf_masks[0] >> 1, 1);
> +x = do_shuf_stage(x, shuf_masks[1], shuf_masks[1] >> 2, 2);
> +x = do_shuf_stage(x, shuf_masks[2], shuf_masks[2] >> 4, 4);
> +x = do_shuf_stage(x, shuf_masks[3], shuf_masks[3] >> 8, 8);
> +return x;
> +}
> +
> +target_ulong HELPER(zip)(target_ulong rs1)
> +{
> +target_ulong x = rs1;
> +
> +x = do_shuf_stage(x, shuf_masks[3], shuf_masks[3] >> 8, 8);
> +x = do_shuf_stage(x, shuf_masks[2], shuf_masks[2] >> 4, 4);
> +x = do_shuf_stage(x, shuf_masks[1], shuf_masks[1] >> 2, 2);
> +x = do_shuf_stage(x, shuf_masks[0], shuf_masks[0] >> 1, 1);
> +return x;
> +}
> diff --git a/target/riscv/helper.h b/target/riscv/helper.h
> index 6cf6d6ce98..547dfa86bc 100644
> --- a/target/riscv/helper.h
> +++ b/target/riscv/helper.h
> @@ -66,6 +66,9 @@ DEF_HELPER_FLAGS_1(fclass_d, TCG_CALL_NO_RWG_SE, tl, i64)
>  /* Bitmanip */
>  DEF_HELPER_FLAGS_2(clmul, TCG_CALL_NO_RWG_SE, tl, tl, tl)
>  DEF_HELPER_FLAGS_2(clmulr, TCG_CALL_NO_RWG_SE, tl, tl, tl)
> +DEF_HELPER_FLAGS_1(brev8, TCG_CALL_NO_RWG_SE, tl, tl)
> +DEF_HELPER_FLAGS_1(unzip, TCG_CALL_NO_RWG_SE, tl, tl)
> +DEF_HELPER_FLAGS_1(zip, TCG_CALL_NO_RWG_SE, tl, tl)
>
>  /* Floating Point - Half Precision */
>  DEF_HELPER_FLAGS_3(fadd_h, TCG_CALL_NO_RWG, i64, env, i64, i64)
> diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
> index 5bbedc254c..bf080cb489 100644
> --- a/target/riscv/insn32.decode
> +++ b/target/riscv/insn32.decode
> @@ -717,8 +717,22 @@ sh2add_uw  001 .. 100 . 0111011 @r
>  sh3add_uw  001 .. 110 . 0111011 @r
>  slli_uw1  001 . 0011011 @sh
>
> -# *** RV32 Zbb Standard Extension ***
> +# *** RV32 Zbb/Zbkb Standard Extension ***
>  andn   010 .. 111 . 0110011 @r
> +rol011 .. 001 . 0110011 @r
> +ror011 .. 101 . 0110011 @r
> +rori   01100  101 . 0010011 @sh
> +# The encoding for rev8 differs between RV32 and RV64.
> +# rev8_32 denotes the RV32 variant.
> +rev8_32011010 011000 . 101 . 0010011 @r2
> +# The encoding for zext.h differs between RV32 and RV64.
> +# zext_h_32 denotes the RV32 variant.
> +{
> +  zext_h_32  100 0 . 100 . 0110011 @r2
> +  pack   100 . . 100 . 0110011 @r
> +}
> +xnor   010 .. 100 . 0110011 @r
> +# *** RV32 extra Zbb Standard Extension ***
>  clz011000 00 . 001 . 0010011 @r2
>  cpop   011000 10 . 001 . 0010011 @r2
>  ctz011000 01 . 001 . 0010011 @r2
> @@ -728,23 +742,15 @@ min101 .. 100 . 0110011 @r
>  minu   101 .. 101 . 0110011 @r
>  orc_b  001010 000111 . 101 . 0010011 @r2
>  orn010 .. 110 . 0110011 @r
> -# The encoding for rev8 differs between RV32 and RV64.
> -# rev8_32 denotes the RV32 variant.
> -rev8_32011010 011000 . 101 . 0010011 @r2
> -rol   

Re: [RFC PATCH v5 03/14] target/riscv: rvk: add support for zbkc extension

[Alistair Francis]

On Wed, Jan 19, 2022 at 9:39 PM Weiwei Li  wrote:
>
>  - reuse partial instructions of zbc extension, update extension check for 
> them
>
> Signed-off-by: Weiwei Li 
> Signed-off-by: Junqiang Wang 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/riscv/insn32.decode  | 3 ++-
>  target/riscv/insn_trans/trans_rvb.c.inc | 4 ++--
>  2 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
> index bf080cb489..9fd900f4bd 100644
> --- a/target/riscv/insn32.decode
> +++ b/target/riscv/insn32.decode
> @@ -770,9 +770,10 @@ clzw   011 0 . 001 . 0011011 @r2
>  ctzw   011 1 . 001 . 0011011 @r2
>  cpopw  011 00010 . 001 . 0011011 @r2
>
> -# *** RV32 Zbc Standard Extension ***
> +# *** RV32 Zbc/Zbkc Standard Extension ***
>  clmul  101 .. 001 . 0110011 @r
>  clmulh 101 .. 011 . 0110011 @r
> +# *** RV32 extra Zbc Standard Extension ***
>  clmulr 101 .. 010 . 0110011 @r
>
>  # *** RV32 Zbs Standard Extension ***
> diff --git a/target/riscv/insn_trans/trans_rvb.c.inc 
> b/target/riscv/insn_trans/trans_rvb.c.inc
> index 7590c0538e..2a565b98c0 100644
> --- a/target/riscv/insn_trans/trans_rvb.c.inc
> +++ b/target/riscv/insn_trans/trans_rvb.c.inc
> @@ -489,7 +489,7 @@ static bool trans_slli_uw(DisasContext *ctx, arg_slli_uw 
> *a)
>
>  static bool trans_clmul(DisasContext *ctx, arg_clmul *a)
>  {
> -REQUIRE_ZBC(ctx);
> +REQUIRE_EITHER_EXT(ctx, zbc, zbkc);
>  return gen_arith(ctx, a, EXT_NONE, gen_helper_clmul, NULL);
>  }
>
> @@ -501,7 +501,7 @@ static void gen_clmulh(TCGv dst, TCGv src1, TCGv src2)
>
>  static bool trans_clmulh(DisasContext *ctx, arg_clmulr *a)
>  {
> -REQUIRE_ZBC(ctx);
> +REQUIRE_EITHER_EXT(ctx, zbc, zbkc);
>  return gen_arith(ctx, a, EXT_NONE, gen_clmulh, NULL);
>  }
>
> --
> 2.17.1
>
>

Re: [PATCH v8 00/23] Support UXL filed in xstatus

[Alistair Francis]

On Fri, Jan 21, 2022 at 1:51 AM LIU Zhiwei  wrote:
>
> In this patch set, we process the pc reigsters writes,
> gdb reads and writes, and address calculation under
> different UXLEN settings.
>
> The patch set v8 has been tested by running rv64 Linux with
> rv32 rootfs in compat mode. You can almost follow the test [1]
> given by GuoRen, except using the branch riscv-upstream-uxl-v8
> on my QEMU repo [2].
>
> [1] 
> https://lore.kernel.org/linux-arm-kernel/20211228143958.3409187-17-guo...@kernel.org/t/
> [2] https://github.com/romanheros/qemu.git
>
> Except patch 22 is new, the other patches have been reviewed or acked.
>
> v8:
>   Set default XLEN for hypervisor vsstatus and mstatus_hs
>
> v7:
>   Rebase to Alistair riscv_to_apply.next branch
>   Add commit message for create xl field in CPURISCVState
>
> v6:
>   Pass boot 32bit rootfs on compat Linux
>   Pass test cases on compat OpenTee
>   Fix csr write mask
>   Fix WARL for uxl
>   Fix sstatus read for uxl
>   Relax UXL field for debugging
>   Don't bump machine state version for xl
>   Rename cpu_get_xl to cpu_recompute_xl
>   Rebase to vector v1.0
>   Rebase to 128 bit cpu
>
> v5:
>   Add xl field in env to clear up redundant riscv_cpu_xl
>   Adjust pmpcfg access with mxl
>   Select gdb core xml according to mxl
>
> v4:
>   Support SSTATUS64_UXL write
>   Bump vmstate version for vill split
>
> v3:
>   Merge gen_pm_adjust_address into a canonical address function
>   Adjust address for RVA with XLEN
>   Split pm_enabled into pm_mask_enabled and pm_base_enabled
>   Replace array of pm tcg globals with one scalar tcg global
>   Split and change patch sequence
>
> v2:
>   Split out vill from vtype
>   Remove context switch when xlen changes at exception
>   Use XL instead of OL in many places
>   Use pointer masking and XLEN for vector address
>   Define an common fuction to calculate address for ld
>
> LIU Zhiwei (23):
>   target/riscv: Adjust pmpcfg access with mxl
>   target/riscv: Don't save pc when exception return
>   target/riscv: Sign extend link reg for jal and jalr
>   target/riscv: Sign extend pc for different XLEN
>   target/riscv: Create xl field in env
>   target/riscv: Ignore the pc bits above XLEN
>   target/riscv: Extend pc for runtime pc write
>   target/riscv: Use gdb xml according to max mxlen
>   target/riscv: Relax debug check for pm write
>   target/riscv: Adjust csr write mask with XLEN
>   target/riscv: Create current pm fields in env
>   target/riscv: Alloc tcg global for cur_pm[mask|base]
>   target/riscv: Calculate address according to XLEN
>   target/riscv: Split pm_enabled into mask and base
>   target/riscv: Split out the vill from vtype
>   target/riscv: Adjust vsetvl according to XLEN
>   target/riscv: Remove VILL field in VTYPE
>   target/riscv: Fix check range for first fault only
>   target/riscv: Adjust vector address with mask
>   target/riscv: Adjust scalar reg in vector with XLEN
>   target/riscv: Set default XLEN for hypervisor
>   target/riscv: Enable uxl field write
>   target/riscv: Relax UXL field for debugging

Thanks!

Applied to riscv-to-apply.next

Alistair

>
>  target/riscv/cpu.c| 42 +++--
>  target/riscv/cpu.h| 45 -
>  target/riscv/cpu_bits.h   |  3 +
>  target/riscv/cpu_helper.c | 94 +--
>  target/riscv/csr.c| 84 +++--
>  target/riscv/gdbstub.c| 71 ++
>  target/riscv/helper.h |  4 +-
>  .../riscv/insn_trans/trans_privileged.c.inc   |  9 +-
>  target/riscv/insn_trans/trans_rva.c.inc   |  9 +-
>  target/riscv/insn_trans/trans_rvd.c.inc   | 19 +---
>  target/riscv/insn_trans/trans_rvf.c.inc   | 19 +---
>  target/riscv/insn_trans/trans_rvi.c.inc   | 39 +++-
>  target/riscv/insn_trans/trans_rvv.c.inc   |  6 +-
>  target/riscv/machine.c| 16 +++-
>  target/riscv/op_helper.c  |  7 +-
>  target/riscv/pmp.c| 12 +--
>  target/riscv/translate.c  | 90 +-
>  target/riscv/vector_helper.c  | 39 +---
>  18 files changed, 377 insertions(+), 231 deletions(-)
>
> --
> 2.25.1
>
>

Re: [PATCH 1/1] Allow setting up to 8 bytes with the generic loader

[Alistair Francis]

On Thu, Jan 20, 2022 at 7:57 PM Petr Tesarik  wrote:
>
> The documentation for the generic loader says that "the maximum size of
> the data is 8 bytes". However, attempts to set data-len=8 trigger the
> following assertion failure:
>
> ../hw/core/generic-loader.c:59: generic_loader_reset: Assertion `s->data_len 
> < sizeof(s->data)' failed.
>
> The type of s->data is uint64_t (i.e. 8 bytes long), so I believe this
> assert should use <= instead of <.
>
> Fixes: e481a1f63c93 ("generic-loader: Add a generic loader")
> Signed-off-by: Petr Tesarik 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/core/generic-loader.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/core/generic-loader.c b/hw/core/generic-loader.c
> index 9a24ffb880..504ed7ca72 100644
> --- a/hw/core/generic-loader.c
> +++ b/hw/core/generic-loader.c
> @@ -56,7 +56,7 @@ static void generic_loader_reset(void *opaque)
>  }
>
>  if (s->data_len) {
> -assert(s->data_len < sizeof(s->data));
> +assert(s->data_len <= sizeof(s->data));
>  dma_memory_write(s->cpu->as, s->addr, >data, s->data_len,
>   MEMTXATTRS_UNSPECIFIED);
>  }
> --
> 2.31.1
>
>

Re: [PATCH] target/ppc: 603: fix restore of GPRs 0-3 on rfi

[Cédric Le Goater]

On 1/20/22 11:39, Christophe Leroy wrote:

After a TLB miss exception, GPRs 0-3 must be restored on rfi.

This is managed by hreg_store_msr() which is called by do_rfi()

However, hreg_store_msr() does it if MSR[TGPR] is unset in the
passed MSR value.

The problem is that do_rfi() is given the content of SRR1 as
the value to be set in MSR, but TGPR bit is not part of SRR1
and that bit is used for something else and is sometimes set
to 1, leading to hreg_store_msr() not restoring GPRs.

So, do the same way as for POW bit, force clearing it.


From the specs :

  "The TGPR bit is cleared by an rfi instruction."

Reviewed-by: Cédric Le Goater 

Thanks,

C.



Signed-off-by: Christophe Leroy 
Cc: Cedric Le Goater 
Cc: Fabiano Rosas 
---
  target/ppc/excp_helper.c | 4 
  1 file changed, 4 insertions(+)

diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index bc646c67a0..980f62fd79 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -1164,6 +1164,10 @@ static void do_rfi(CPUPPCState *env, target_ulong nip, 
target_ulong msr)
  /* MSR:POW cannot be set by any form of rfi */
  msr &= ~(1ULL << MSR_POW);
  
+/* MSR:TGPR cannot be set by any form of rfi */

+if (env->flags & POWERPC_FLAG_TGPR)
+msr &= ~(1ULL << MSR_TGPR);
+
  #if defined(TARGET_PPC64)
  /* Switching to 32-bit ? Crop the nip */
  if (!msr_is_64bit(env, msr)) {

Re: [PATCH v2 2/5] python: use avocado's "new" runner

[John Snow]

On Thu, Jan 20, 2022 at 8:08 AM Beraldo Leal  wrote:
>
> On Wed, Jan 19, 2022 at 02:39:13PM -0500, John Snow wrote:
> > The old legacy runner no longer seems to work with output logging, so we
> > can't see failure logs when a test case fails. The new runner doesn't
> > (seem to) support Coverage.py yet, but seeing error output is a more
> > important feature.
> >
> > Signed-off-by: John Snow 
> > ---
> >  python/avocado.cfg | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/python/avocado.cfg b/python/avocado.cfg
> > index c7722e7ecd..a460420059 100644
> > --- a/python/avocado.cfg
> > +++ b/python/avocado.cfg
> > @@ -1,5 +1,5 @@
> >  [run]
> > -test_runner = runner
> > +test_runner = nrunner
> >
> >  [simpletests]
> >  # Don't show stdout/stderr in the test *summary*
>
> Since Avocado 82, the new one is the default. So, you could remove the
> the "[run]" section.
>

I think it was actually since 91.0, but I figured it was more obvious
to reviewers to see the explicit change. Less to explain, and it will
explode a little more if you use an avocado old enough that doesn't
have the nrunner.

> In any case:
>
> Reviewed-by: Beraldo Leal 
>

Thanks,
--js

Re: [PATCH 1/2] python: introduce qmp-shell-wrap convenience tool

[John Snow]

On Thu, Jan 20, 2022 at 8:40 AM Daniel P. Berrangé  wrote:
>
> On Thu, Jan 20, 2022 at 02:33:46PM +0100, Philippe Mathieu-Daudé wrote:
> > On 18/1/22 19:04, John Snow wrote:
> > > On Tue, Jan 18, 2022 at 5:06 AM Daniel P. Berrangé  
> > > wrote:
> >
> > > > It would be nice to just have this integrated into 'make check' so we
> > > > don't need to remember to run a special command.
> > >
> > > The CI will run it, but 'make check' doesn't. To add it to make check,
> > > I need to figure out how to insert a venv-building step into 'make
> > > check' such that the venv gets deposited into the build dir instead of
> > > the source dir.
> > > I think I may also need yet another set of package dependencies that
> > > pin on precise dependencies for testing purposes to prevent random
> > > regressions during 'make check' when nobody has touched the Python
> > > code.
> > >
> > > Overall, I felt like maybe it was more hassle than it was worth if I
> > > can just nudge people touching the python to run a 'make check-dev'
> > > every so often.
> > >
> > > Patches welcome, etc. My overall strategy with the python tests so far 
> > > has been:
> > >
> > > (1) Keep python tests fully separate from the QEMU build system to
> > > allow them to be split out into new repositories easily.
> > > (2) Use the pipenv test to lock the very oldest dependencies the code
> > > and tests support, using the very oldest python we support (3.6) This
> > > test is used as the gating test in GitLab CI, as it is very repeatable
> > > and the GitLab CI setup ensures I can always have the exact Python
> > > packages it requires available.
> > > (3) Use the tox test to test against a wide variety of Python
> > > interpreters (3.6 through 3.10 inclusive) using the very latest python
> > > packages to detect regressions on cutting-edge environments
> > > (4) Use the widest possible range of versions for dependent packages
> > > in setup.cfg such that QEMU packages are unlikely to cause versioning
> > > conflicts in environments that decide to integrate our code.
> > >
> > > Overall, I test on 3.6 through 3.10, and against the "oldest" and
> > > "newest" dependencies. It's a good, wide matrix.
> > >
> > > However, It's #4 there that runs me into trouble with tests that are
> > > guaranteed to pass -- the linters update all the time and cause new
> > > problems. I use pipenv to lock to specific versions, but that tool
> > > wants to run against Python 3.6 *explicitly*, so it isn't suitable for
> > > a generic purpose 'make check' because not everyone will have a Python
> > > 3.6 interpreter available. I need something kind of halfway between,
> > > where I can lock against specific versions but not against the Python
> > > interpreter version, and that's what could be used for a decent 'make
> > > check' test.
> > >
> > > Of course, I don't want to maintain like 10 versions of a dependent
> > > packages list, either.
> > >
> > > (I really, really wish pip had an --use-oldest flag for dependency
> > > resolution, but it doesn't.)
> >
> > Could we simply use a virtualenv for all QEMU testing tasks (packages
> > consumed by QEMU tests), and only deal with installed Python packages
> > for regular non-testing QEMU uses (things exposed via pyqemu that we
> > want stable)?

There's no python packages we need except those that are for testing.
Everything we need for the build is self-contained. "Python packages
regular non-testing QEMU uses" is an empty set. We do ship *one*
self-contained Python script, qemu-trace-stap. That lives in
scripts/qemu-trace-stap and we don't need to mess with it right now.

Now, in the process of setting up the python/ directory, Cleber and I
had discussed how to handle virtual environments for that directory --
as it has its own requirements, its own goals, etc. We decided at the
time it would be best not to mix the dependencies of the test system
with the dependencies of the burgeoning QEMU library. Let me elaborate
on why we believe that to be the right decision:

In summary, the Python in use in the QEMU tree can be found in these categories:

- Used during the build itself, Not shipped with QEMU. Zero external
dependencies.
- Used for testing, Not shipped with QEMU. Avocado tests use a scant
few external dependencies.
- Not used for building nor testing, Shipped with QEMU. (This is to my
knowledge a single script with no dependencies.)

Now, there are two kinds of tests that involves python code:

- Tests that are used for testing QEMU that incidentally use or are
written in Python
- Tests that are used for testing the Python code itself

The first category of test there makes sense to be tied to a QEMU
build. That's what Avocado tests are, and they use their own virtual
environment for the purpose.
The second category of test does not make sense to be tied to a QEMU
build, because it does not test QEMU. This is what the python/ CI
tests behave like.

The different in purpose and motivation between those two 

Re: [PATCH v2 12/14] target/ppc: 405: Instruction storage interrupt cleanup

[Cédric Le Goater]

On 1/18/22 19:44, Fabiano Rosas wrote:

The 405 ISI does not set SRR1 with any exception syndrome bits, only a
clean copy of the MSR.

Signed-off-by: Fabiano Rosas 
---
  target/ppc/excp_helper.c | 1 -
  1 file changed, 1 deletion(-)

diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index e4e513322c..13674a102f 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -715,7 +715,6 @@ static inline void powerpc_excp_legacy(PowerPCCPU *cpu, int 
excp)


This change is done in the wrong routine.

Thanks,

C.


  break;
  case POWERPC_EXCP_ISI:   /* Instruction storage exception
*/
  trace_ppc_excp_isi(msr, env->nip);
-msr |= env->error_code;
  break;
  case POWERPC_EXCP_EXTERNAL:  /* External input   
*/
  {

Re: [PATCH v3 0/3] Improve RISC-V spike machine bios support

[Alistair Francis]

On Fri, Jan 21, 2022 at 1:49 AM Anup Patel  wrote:
>
> This series aims at improving RISC-V spike machine BIOS support by allowing
> use of binary firmware as bios. Further, this also allows us to totally
> remove the ELF bios images shipped with QEMU RISC-V.
>
> These patches can also be found in riscv_spike_imp_v3 branch at:
> https://github.com/avpatel/qemu.git
>
> Changes since v2:
>  - Remove ELF file names from .gitlab-ci.d/opensbi.yml in PATCH3
>
> Changes since v1:
>  - Use htif_uses_elf_symbols() in htif_mm_init() for PATCH1
>  - Added PATCH2 and PATCH3 to remove ELF bios images
>
> Anup Patel (3):
>   hw/riscv: spike: Allow using binary firmware as bios
>   hw/riscv: Remove macros for ELF BIOS image names
>   roms/opensbi: Remove ELF images

Thanks!

Applied to riscv-to-apply.next

Alistair

>
>  .gitlab-ci.d/opensbi.yml  |   2 -
>  hw/char/riscv_htif.c  |  33 -
>  hw/riscv/spike.c  |  45 +++---
>  include/hw/char/riscv_htif.h  |   5 +-
>  include/hw/riscv/boot.h   |   2 -
>  include/hw/riscv/spike.h  |   1 +
>  pc-bios/meson.build   |   2 -
>  .../opensbi-riscv32-generic-fw_dynamic.elf| Bin 838904 -> 0 bytes
>  .../opensbi-riscv64-generic-fw_dynamic.elf| Bin 934696 -> 0 bytes
>  roms/Makefile |   2 -
>  10 files changed, 54 insertions(+), 38 deletions(-)
>  delete mode 100644 pc-bios/opensbi-riscv32-generic-fw_dynamic.elf
>  delete mode 100644 pc-bios/opensbi-riscv64-generic-fw_dynamic.elf
>
> --
> 2.25.1
>
>

Re: [PATCH v3 00/31] Python: delete synchronous qemu.qmp package

[John Snow]

On Mon, Jan 10, 2022 at 6:29 PM John Snow  wrote:
>
> Based-on: <20220110232521.1922962-1-js...@redhat.com>
>   (jsnow/python staging branch)
> GitLab: https://gitlab.com/jsnow/qemu/-/commits/python-qmp-legacy-switch
> CI: https://gitlab.com/jsnow/qemu/-/pipelines/445163212
>
> Hi, this series is part of an effort to publish the qemu.qmp package on
> PyPI. It is the first of three series to complete this work:
>
> --> (1) Switch the new Async QMP library in to python/qemu/qmp
> (2) Fork python/qemu/qmp out into its own repository,
> with updated GitLab CI/CD targets to build packages.
> (3) Update qemu.git to install qemu.qmp from PyPI,
> and then delete python/qemu/qmp.
>
> This series swaps out qemu.qmp for qemu.aqmp permanently, instead of
> hiding it behind an environment variable toggle. This leaves us with
> just one QMP library to worry about. It also implements the rename of
> "qemu.aqmp" to "qemu.qmp".
>
> I suspect the most potential disruption to iotest and avocado
> maintainers, as those two subsystems rely on the QMP features the
> most. Would appreciate at least an ACK from each of those camps if
> you're willing to give benefit-of-the-doubt on the actual Python code.
>

Patches 1-4 were already merged.
I'm staging patches 5-16, and 18-20.

I'm leaving behind patches 17 and 21-23 for further review;
patches 24-31 can be staged separately after 17, 21-23 go ahead.

--js

> V3:
>  - Rebased on top of jsnow/python (For GitLab CI fixes)
>  - Added a new patch 001 to fix a typo Vladimir found.
>  - Tiny change in 006 due to the new patch 001
>  - Reworded subject of patch 007
>  - Changed import statement in patch 013 (Vladimir)
>  - Rebase-related changes in patch 021
>  - Removed 'aqmp' from internal variable names in 026
>  - Added new patch to rename aqmp-tui to qmp-tui in 027
>
> V2:
>  - Integrate the renaming of qemu.aqmp to qemu.qmp in this series
>  - Minor bits and pieces.
>
> John Snow (30):
>   python/aqmp: use absolute import statement
>   Python/aqmp: fix type definitions for mypy 0.920
>   python: update type hints for mypy 0.930
>   python/aqmp: fix docstring typo
>   python/aqmp: add __del__ method to legacy interface
>   python/aqmp: handle asyncio.TimeoutError on execute()
>   python/aqmp: copy type definitions from qmp
>   python/aqmp: add SocketAddrT to package root
>   python/aqmp: rename AQMPError to QMPError
>   python/qemu-ga-client: don't use deprecated CLI syntax in usage
> comment
>   python/qmp: switch qemu-ga-client to AQMP
>   python/qmp: switch qom tools to AQMP
>   python/qmp: switch qmp-shell to AQMP
>   python: move qmp utilities to python/qemu/utils
>   python: move qmp-shell under the AQMP package
>   python/machine: permanently switch to AQMP
>   scripts/cpu-x86-uarch-abi: fix CLI parsing
>   scripts/cpu-x86-uarch-abi: switch to AQMP
>   scripts/render-block-graph: switch to AQMP
>   scripts/bench-block-job: switch to AQMP
>   iotests/mirror-top-perms: switch to AQMP
>   iotests: switch to AQMP
>   python: temporarily silence pylint duplicate-code warnings
>   python/aqmp: take QMPBadPortError and parse_address from qemu.qmp
>   python/aqmp: fully separate from qmp.QEMUMonitorProtocol
>   python/aqmp: copy qmp docstrings to qemu.aqmp.legacy
>   python: remove the old QMP package
>   python: re-enable pylint duplicate-code warnings
>   python: rename qemu.aqmp to qemu.qmp
>   python: rename 'aqmp-tui' to 'qmp-tui'
>
> Stefan Weil (1):
>   simplebench: Fix Python syntax error (reported by LGTM)
>
>  python/qemu/qmp/README.rst|   9 -
>  python/qemu/aqmp/__init__.py  |  51 --
>  python/qemu/aqmp/legacy.py| 138 --
>  python/qemu/aqmp/py.typed |   0
>  python/qemu/machine/machine.py|  18 +-
>  python/qemu/machine/qtest.py  |   2 +-
>  python/qemu/qmp/__init__.py   | 441 ++
>  python/qemu/{aqmp => qmp}/error.py|  12 +-
>  python/qemu/{aqmp => qmp}/events.py   |   6 +-
>  python/qemu/qmp/legacy.py | 319 +
>  python/qemu/{aqmp => qmp}/message.py  |   0
>  python/qemu/{aqmp => qmp}/models.py   |   0
>  python/qemu/{aqmp => qmp}/protocol.py |  33 +-
>  python/qemu/{aqmp => qmp}/qmp_client.py   |  32 +-
>  python/qemu/qmp/qmp_shell.py  |  31 +-
>  .../qemu/{aqmp/aqmp_tui.py => qmp/qmp_tui.py} |  14 +-
>  python/qemu/{aqmp => qmp}/util.py |   0
>  python/qemu/{qmp => utils}/qemu_ga_client.py  |  24 +-
>  python/qemu/{qmp => utils}/qom.py |   5 +-
>  python/qemu/{qmp => utils}/qom_common.py  |   9 +-
>  python/qemu/{qmp => utils}/qom_fuse.py|  11 +-
>  python/setup.cfg  |  23 +-
>  python/tests/protocol.py  |  14 +-
>  scripts/cpu-x86-uarch-abi.py  |   7 +-
>  scripts/device-crash-test

Re: [PATCH] hw/nvme: fix CVE-2021-3929

[Klaus Jensen]

On Jan 20 07:10, Keith Busch wrote:
> On Thu, Jan 20, 2022 at 09:01:55AM +0100, Klaus Jensen wrote:
> > +static inline bool nvme_addr_is_iomem(NvmeCtrl *n, hwaddr addr)
> > +{
> > +hwaddr hi, lo;
> > +
> > +lo = n->bar0.addr;
> > +hi = lo + int128_get64(n->bar0.size);
> > +
> > +return addr >= lo && addr < hi;
> 
> Looks fine considering this implementation always puts CMB in an
> exclusive BAR. From a spec consideration though, you can put a CMB at a
> BAR0 offset. I don't think that's going to happen anytime soon here, but
> may be worth a comment to notify this function needs to be updated if
> that assumption ever changes.
> 
> Reviewed-by: Keith Busch 

Nice catch Keith. A comment would be wise!


signature.asc
Description: PGP signature

Re: [PATCH v8 13/23] target/riscv: Implement AIA mtopi, stopi, and vstopi CSRs

[Alistair Francis]

On Thu, Jan 20, 2022 at 1:41 AM Anup Patel  wrote:
>
> From: Anup Patel 
>
> The AIA specification introduces new [m|s|vs]topi CSRs for
> reporting pending local IRQ number and associated IRQ priority.
>
> Signed-off-by: Anup Patel 
> Signed-off-by: Anup Patel 
> Reviewed-by: Frank Chang 

Acked-by: Alistair Francis 

Alistair

> ---
>  target/riscv/csr.c | 156 +
>  1 file changed, 156 insertions(+)
>
> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> index 37a66942cb..f7904c003f 100644
> --- a/target/riscv/csr.c
> +++ b/target/riscv/csr.c
> @@ -194,6 +194,15 @@ static int smode32(CPURISCVState *env, int csrno)
>  return smode(env, csrno);
>  }
>
> +static int aia_smode(CPURISCVState *env, int csrno)
> +{
> +if (!riscv_feature(env, RISCV_FEATURE_AIA)) {
> +return RISCV_EXCP_ILLEGAL_INST;
> +}
> +
> +return smode(env, csrno);
> +}
> +
>  static int aia_smode32(CPURISCVState *env, int csrno)
>  {
>  if (!riscv_feature(env, RISCV_FEATURE_AIA)) {
> @@ -506,6 +515,8 @@ static RISCVException read_timeh(CPURISCVState *env, int 
> csrno,
>  #define VS_MODE_INTERRUPTS ((uint64_t)(MIP_VSSIP | MIP_VSTIP | MIP_VSEIP))
>  #define HS_MODE_INTERRUPTS ((uint64_t)(MIP_SGEIP | VS_MODE_INTERRUPTS))
>
> +#define VSTOPI_NUM_SRCS 5
> +
>  static const uint64_t delegable_ints = S_MODE_INTERRUPTS |
> VS_MODE_INTERRUPTS;
>  static const uint64_t vs_delegable_ints = VS_MODE_INTERRUPTS;
> @@ -883,6 +894,28 @@ static RISCVException rmw_mieh(CPURISCVState *env, int 
> csrno,
>  return ret;
>  }
>
> +static int read_mtopi(CPURISCVState *env, int csrno, target_ulong *val)
> +{
> +int irq;
> +uint8_t iprio;
> +
> +irq = riscv_cpu_mirq_pending(env);
> +if (irq <= 0 || irq > 63) {
> +   *val = 0;
> +} else {
> +   iprio = env->miprio[irq];
> +   if (!iprio) {
> +   if (riscv_cpu_default_priority(irq) > IPRIO_DEFAULT_M) {
> +   iprio = IPRIO_MMAXIPRIO;
> +   }
> +   }
> +   *val = (irq & TOPI_IID_MASK) << TOPI_IID_SHIFT;
> +   *val |= iprio;
> +}
> +
> +return RISCV_EXCP_NONE;
> +}
> +
>  static RISCVException read_mtvec(CPURISCVState *env, int csrno,
>   target_ulong *val)
>  {
> @@ -1452,6 +1485,120 @@ static RISCVException write_satp(CPURISCVState *env, 
> int csrno,
>  return RISCV_EXCP_NONE;
>  }
>
> +static int read_vstopi(CPURISCVState *env, int csrno, target_ulong *val)
> +{
> +int irq, ret;
> +target_ulong topei;
> +uint64_t vseip, vsgein;
> +uint32_t iid, iprio, hviid, hviprio, gein;
> +uint32_t s, scount = 0, siid[VSTOPI_NUM_SRCS], siprio[VSTOPI_NUM_SRCS];
> +
> +gein = get_field(env->hstatus, HSTATUS_VGEIN);
> +hviid = get_field(env->hvictl, HVICTL_IID);
> +hviprio = get_field(env->hvictl, HVICTL_IPRIO);
> +
> +if (gein) {
> +vsgein = (env->hgeip & (1ULL << gein)) ? MIP_VSEIP : 0;
> +vseip = env->mie & (env->mip | vsgein) & MIP_VSEIP;
> +if (gein <= env->geilen && vseip) {
> +siid[scount] = IRQ_S_EXT;
> +siprio[scount] = IPRIO_MMAXIPRIO + 1;
> +if (env->aia_ireg_rmw_fn[PRV_S]) {
> +/*
> + * Call machine specific IMSIC register emulation for
> + * reading TOPEI.
> + */
> +ret = env->aia_ireg_rmw_fn[PRV_S](
> +env->aia_ireg_rmw_fn_arg[PRV_S],
> +AIA_MAKE_IREG(ISELECT_IMSIC_TOPEI, PRV_S, true, gein,
> +  riscv_cpu_mxl_bits(env)),
> +, 0, 0);
> +if (!ret && topei) {
> +siprio[scount] = topei & IMSIC_TOPEI_IPRIO_MASK;
> +}
> +}
> +scount++;
> +}
> +} else {
> +if (hviid == IRQ_S_EXT && hviprio) {
> +siid[scount] = IRQ_S_EXT;
> +siprio[scount] = hviprio;
> +scount++;
> +}
> +}
> +
> +if (env->hvictl & HVICTL_VTI) {
> +if (hviid != IRQ_S_EXT) {
> +siid[scount] = hviid;
> +siprio[scount] = hviprio;
> +scount++;
> +}
> +} else {
> +irq = riscv_cpu_vsirq_pending(env);
> +if (irq != IRQ_S_EXT && 0 < irq && irq <= 63) {
> +   siid[scount] = irq;
> +   siprio[scount] = env->hviprio[irq];
> +   scount++;
> +}
> +}
> +
> +iid = 0;
> +iprio = UINT_MAX;
> +for (s = 0; s < scount; s++) {
> +if (siprio[s] < iprio) {
> +iid = siid[s];
> +iprio = siprio[s];
> +}
> +}
> +
> +if (iid) {
> +if (env->hvictl & HVICTL_IPRIOM) {
> +if (iprio > IPRIO_MMAXIPRIO) {
> +iprio = IPRIO_MMAXIPRIO;
> +}
> +if (!iprio) {
> +if (riscv_cpu_default_priority(iid) > 

[RFC 1/5] target/riscv: Add the privileged spec version 1.12.0

[Atish Patra]

Add the definition for ratified privileged specification version v1.12

Signed-off-by: Atish Patra 
---
 target/riscv/cpu.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 4d630867650a..671f65100b1a 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -82,6 +82,7 @@ enum {
 
 #define PRIV_VERSION_1_10_0 0x00011000
 #define PRIV_VERSION_1_11_0 0x00011100
+#define PRIV_VERSION_1_12_0 0x00011200
 
 #define VEXT_VERSION_1_00_0 0x0001
 
-- 
2.30.2

[RFC 0/5] Privilege version update

[Atish Patra]

RISC-V International (RVI) has ratified many RISC-V ISA extensions recently[1].
The privileged specification version is also upgraded to v1.12. It means
certain CSRs introduced in v1.12 should only be accessible only if the
priv specification version supported is equal or greater than v1.12.
Doing this check in predicate function is not scalable as there will be
new CSRs introduced in the future versions of the privileged specification.

This series tries to address this problem by adding a field in the csr_ops
which can be checked in csrrw function before invoking the predicate function.
To keep the code churn to minimum, it is assumed that the minimum version of
the privilege version supported for any CSR is v1.10 unless specified
explicitly in the csr_ops table. Any new CSRs introduced in v1.12 have been
updated accordingly.

This will work fine for any ratified extensions. However, it is bit unclear
what should be done for the stable draft extensions. My suggestion is not
to update the priv field in the CSR ops table until the extension is
marked experimental (i.e. not frozen/ratified). Once the extension is
ratified and graduated from experimental to available stage, the privileged
spec version should be updated in the csr table if required. I am open to
other suggestions as well.

[1] https://wiki.riscv.org/display/TECH/Recently+Ratified+Extensions

Atish Patra (5):
target/riscv: Add the privileged spec version 1.12.0
target/riscv: Introduce privilege version field in the CSR ops.
target/riscv: Add support for mconfigptr
target/riscv: Add *envcfg* CSRs support
target/riscv: Enable privileged spec version 1.12

target/riscv/cpu.c  |   8 +-
target/riscv/cpu.h  |  10 ++
target/riscv/cpu_bits.h |  32 +++
target/riscv/csr.c  | 199 +---
target/riscv/machine.c  |  26 ++
5 files changed, 237 insertions(+), 38 deletions(-)

--
2.30.2

Re: [PATCH v8 14/23] target/riscv: Implement AIA xiselect and xireg CSRs

[Alistair Francis]

On Thu, Jan 20, 2022 at 2:32 AM Anup Patel  wrote:
>
> From: Anup Patel 
>
> The AIA specification defines [m|s|vs]iselect and [m|s|vs]ireg CSRs
> which allow indirect access to interrupt priority arrays and per-HART
> IMSIC registers. This patch implements AIA xiselect and xireg CSRs.
>
> Signed-off-by: Anup Patel 
> Signed-off-by: Anup Patel 
> Reviewed-by: Frank Chang 

Acked-by: Alistair Francis 

Alistair

> ---
>  target/riscv/cpu.h |   7 ++
>  target/riscv/csr.c | 175 +
>  target/riscv/machine.c |   3 +
>  3 files changed, 185 insertions(+)
>
> diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
> index 65ffd31801..058ea9ce99 100644
> --- a/target/riscv/cpu.h
> +++ b/target/riscv/cpu.h
> @@ -195,6 +195,10 @@ struct CPURISCVState {
>  uint8_t miprio[64];
>  uint8_t siprio[64];
>
> +/* AIA CSRs */
> +target_ulong miselect;
> +target_ulong siselect;
> +
>  /* Hypervisor CSRs */
>  target_ulong hstatus;
>  target_ulong hedeleg;
> @@ -228,6 +232,9 @@ struct CPURISCVState {
>  target_ulong vstval;
>  target_ulong vsatp;
>
> +/* AIA VS-mode CSRs */
> +target_ulong vsiselect;
> +
>  target_ulong mtval2;
>  target_ulong mtinst;
>
> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> index f7904c003f..e40620f455 100644
> --- a/target/riscv/csr.c
> +++ b/target/riscv/csr.c
> @@ -916,6 +916,169 @@ static int read_mtopi(CPURISCVState *env, int csrno, 
> target_ulong *val)
>  return RISCV_EXCP_NONE;
>  }
>
> +static int aia_xlate_vs_csrno(CPURISCVState *env, int csrno)
> +{
> +if (!riscv_cpu_virt_enabled(env)) {
> +return csrno;
> +}
> +
> +switch (csrno) {
> +case CSR_SISELECT:
> +return CSR_VSISELECT;
> +case CSR_SIREG:
> +return CSR_VSIREG;
> +default:
> +return csrno;
> +};
> +}
> +
> +static int rmw_xiselect(CPURISCVState *env, int csrno, target_ulong *val,
> +target_ulong new_val, target_ulong wr_mask)
> +{
> +target_ulong *iselect;
> +
> +/* Translate CSR number for VS-mode */
> +csrno = aia_xlate_vs_csrno(env, csrno);
> +
> +/* Find the iselect CSR based on CSR number */
> +switch (csrno) {
> +case CSR_MISELECT:
> +iselect = >miselect;
> +break;
> +case CSR_SISELECT:
> +iselect = >siselect;
> +break;
> +case CSR_VSISELECT:
> +iselect = >vsiselect;
> +break;
> +default:
> + return RISCV_EXCP_ILLEGAL_INST;
> +};
> +
> +if (val) {
> +*val = *iselect;
> +}
> +
> +wr_mask &= ISELECT_MASK;
> +if (wr_mask) {
> +*iselect = (*iselect & ~wr_mask) | (new_val & wr_mask);
> +}
> +
> +return RISCV_EXCP_NONE;
> +}
> +
> +static int rmw_iprio(target_ulong xlen,
> + target_ulong iselect, uint8_t *iprio,
> + target_ulong *val, target_ulong new_val,
> + target_ulong wr_mask, int ext_irq_no)
> +{
> +int i, firq, nirqs;
> +target_ulong old_val;
> +
> +if (iselect < ISELECT_IPRIO0 || ISELECT_IPRIO15 < iselect) {
> +return -EINVAL;
> +}
> +if (xlen != 32 && iselect & 0x1) {
> +return -EINVAL;
> +}
> +
> +nirqs = 4 * (xlen / 32);
> +firq = ((iselect - ISELECT_IPRIO0) / (xlen / 32)) * (nirqs);
> +
> +old_val = 0;
> +for (i = 0; i < nirqs; i++) {
> +old_val |= ((target_ulong)iprio[firq + i]) << (IPRIO_IRQ_BITS * i);
> +}
> +
> +if (val) {
> +*val = old_val;
> +}
> +
> +if (wr_mask) {
> +new_val = (old_val & ~wr_mask) | (new_val & wr_mask);
> +for (i = 0; i < nirqs; i++) {
> +/*
> + * M-level and S-level external IRQ priority always read-only
> + * zero. This means default priority order is always preferred
> + * for M-level and S-level external IRQs.
> + */
> +if ((firq + i) == ext_irq_no) {
> +continue;
> +}
> +iprio[firq + i] = (new_val >> (IPRIO_IRQ_BITS * i)) & 0xff;
> +}
> +}
> +
> +return 0;
> +}
> +
> +static int rmw_xireg(CPURISCVState *env, int csrno, target_ulong *val,
> + target_ulong new_val, target_ulong wr_mask)
> +{
> +bool virt;
> +uint8_t *iprio;
> +int ret = -EINVAL;
> +target_ulong priv, isel, vgein;
> +
> +/* Translate CSR number for VS-mode */
> +csrno = aia_xlate_vs_csrno(env, csrno);
> +
> +/* Decode register details from CSR number */
> +virt = false;
> +switch (csrno) {
> +case CSR_MIREG:
> +iprio = env->miprio;
> +isel = env->miselect;
> +priv = PRV_M;
> +break;
> +case CSR_SIREG:
> +iprio = env->siprio;
> +isel = env->siselect;
> +priv = PRV_S;
> +break;
> +case CSR_VSIREG:
> +iprio = env->hviprio;
> +isel = env->vsiselect;
> +priv = 

Re: [PATCH v5 1/5] target/riscv: Ignore reserved bits in PTE for RV64

[LIU Zhiwei]

On 2022/1/20 下午9:47, Guo Ren wrote:

Hi Alistair and Anup,

On Tue, Jan 18, 2022 at 12:56 PM Alistair Francis  wrote:

On Tue, Jan 18, 2022 at 1:31 PM Anup Patel  wrote:

On Tue, Jan 18, 2022 at 6:47 AM Weiwei Li  wrote:

From: Guo Ren 

Highest bits of PTE has been used for svpbmt, ref: [1], [2], so we
need to ignore them. They cannot be a part of ppn.

1: The RISC-V Instruction Set Manual, Volume II: Privileged Architecture
4.4 Sv39: Page-Based 39-bit Virtual-Memory System
4.5 Sv48: Page-Based 48-bit Virtual-Memory System

2: https://github.com/riscv/virtual-memory/blob/main/specs/663-Svpbmt-diff.pdf

Signed-off-by: Guo Ren 
Tested-by: Bin Meng 
Reviewed-by: Liu Zhiwei 
Reviewed-by: Bin Meng 
Reviewed-by: Alistair Francis 
---
  target/riscv/cpu_bits.h   | 7 +++
  target/riscv/cpu_helper.c | 2 +-
  2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 5a6d49aa64..282cd8eecd 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -490,6 +490,13 @@ typedef enum {
  /* Page table PPN shift amount */
  #define PTE_PPN_SHIFT   10

+/* Page table PPN mask */
+#if defined(TARGET_RISCV32)
+#define PTE_PPN_MASK0xUL
+#elif defined(TARGET_RISCV64)
+#define PTE_PPN_MASK0x3fULL
+#endif
+

Going forward we should avoid using target specific "#if"
so that we can use the same qemu-system-riscv64 for both
RV32 and RV64.


  /* Leaf page shift amount */
  #define PGSHIFT 12

diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 434a83e66a..26608ddf1c 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -619,7 +619,7 @@ restart:
  return TRANSLATE_FAIL;
  }

-hwaddr ppn = pte >> PTE_PPN_SHIFT;
+hwaddr ppn = (pte & PTE_PPN_MASK) >> PTE_PPN_SHIFT;

Rather than using "#if", please use "xlen" comparison to extract
PPN correctly from PTE.

This will need to be dynamic based on get_xl()

It does look like we should check the existence of the extensions though:

"Bit 63 is reserved for use by the Svnapot extension in Chapter 5. If
Svnapot is not implemented, bit 63 remains reserved and must be zeroed
by software for forward compatibility, or else a page-fault exception
is raised. Bits 62–61 are reserved for use by the Svpbmt extension in
Chapter 6. If Svpbmt is not implemented, bits 62–61 remain reserved
and must be zeroed by software for forward compatibility, or else a
page-fault exception is raised."

How about:

+   RISCVCPU *cpu = env_archcpu(env);
+   hwaddr ppn;
+
+   if (get_field(env->mstatus, MSTATUS64_SXL) == MXL_RV32) {

Use riscv_cpu_mxl currently. Or define a new function riscv_cpu_sxl in cpu.h

+   ppn = pte >> PTE_PPN_SHIFT;
+   } else if (cpu->cfg.ext_svpbmt || cpu->cfg.ext_svnapot) {
+   ppn = (pte & PTE_PPN_MASK) >> PTE_PPN_SHIFT;
+   } else {
+   ppn = pte >> PTE_PPN_SHIFT;
+   if ((pte & ~PTE_PPN_MASK) >> PTE_PPN_SHIFT)

Just if (pte & ~PTE_PPN_MASK)

+   return TRANSLATE_FAIL;
+   }


Otherwise looks good to me.

Thanks,
Zhiwei


Alistair


Regards,
Anup


  if (!(pte & PTE_V)) {
  /* Invalid PTE */
--
2.17.1

[RFC 5/5] target/riscv: Enable privileged spec version 1.12

[Atish Patra]

Virt machine uses privileged specification version 1.12 now.
All other machine continue to use the default one defined for that
machine unless changed to 1.12 by the user explicitly.

Signed-off-by: Atish Patra 
---
 target/riscv/cpu.c |  8 +---
 target/riscv/csr.c | 10 ++
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 9bc25d3055d4..cec5791151e7 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -153,7 +153,7 @@ static void riscv_any_cpu_init(Object *obj)
 #elif defined(TARGET_RISCV64)
 set_misa(env, MXL_RV64, RVI | RVM | RVA | RVF | RVD | RVC | RVU);
 #endif
-set_priv_version(env, PRIV_VERSION_1_11_0);
+set_priv_version(env, PRIV_VERSION_1_12_0);
 }
 
 #if defined(TARGET_RISCV64)
@@ -439,7 +439,9 @@ static void riscv_cpu_realize(DeviceState *dev, Error 
**errp)
 }
 
 if (cpu->cfg.priv_spec) {
-if (!g_strcmp0(cpu->cfg.priv_spec, "v1.11.0")) {
+if (!g_strcmp0(cpu->cfg.priv_spec, "v1.12.0")) {
+priv_version = PRIV_VERSION_1_12_0;
+} else if (!g_strcmp0(cpu->cfg.priv_spec, "v1.11.0")) {
 priv_version = PRIV_VERSION_1_11_0;
 } else if (!g_strcmp0(cpu->cfg.priv_spec, "v1.10.0")) {
 priv_version = PRIV_VERSION_1_10_0;
@@ -454,7 +456,7 @@ static void riscv_cpu_realize(DeviceState *dev, Error 
**errp)
 if (priv_version) {
 set_priv_version(env, priv_version);
 } else if (!env->priv_ver) {
-set_priv_version(env, PRIV_VERSION_1_11_0);
+set_priv_version(env, PRIV_VERSION_1_12_0);
 }
 
 if (cpu->cfg.mmu) {
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index a4bbae7a1bbd..62d429cc3f17 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -1874,6 +1874,12 @@ static inline RISCVException 
riscv_csrrw_check(CPURISCVState *env,
 int read_only = get_field(csrno, 0xC00) == 3;
 #if !defined(CONFIG_USER_ONLY)
 int effective_priv = env->priv;
+int csr_min_priv = csr_ops[csrno].min_priv_ver;
+
+/* The default privilege specification version supported is 1.10 */
+if (!csr_min_priv) {
+csr_min_priv = PRIV_VERSION_1_10_0;
+}
 
 if (riscv_has_ext(env, RVH) &&
 env->priv == PRV_S &&
@@ -1904,6 +1910,10 @@ static inline RISCVException 
riscv_csrrw_check(CPURISCVState *env,
 return RISCV_EXCP_ILLEGAL_INST;
 }
 
+if (env->priv_ver < csr_min_priv) {
+return RISCV_EXCP_ILLEGAL_INST;
+}
+
 return csr_ops[csrno].predicate(env, csrno);
 }
 
-- 
2.30.2

[RFC 3/5] target/riscv: Add support for mconfigptr

[Atish Patra]

RISC-V privileged specification v1.12 introduced a mconfigptr
which will hold the physical address of a configuration data
structure. As Qemu doesn't have a configuration data structure,
is read as zero which is valid as per the priv spec.

Signed-off-by: Atish Patra 
---
 target/riscv/cpu_bits.h | 1 +
 target/riscv/csr.c  | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 5a6d49aa64cc..f6f90b5cbd52 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -148,6 +148,7 @@
 #define CSR_MARCHID 0xf12
 #define CSR_MIMPID  0xf13
 #define CSR_MHARTID 0xf14
+#define CSR_MCONFIGPTR  0xf15
 
 /* Machine Trap Setup */
 #define CSR_MSTATUS 0x300
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 762d3269b4a4..e66bf2201857 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -2030,6 +2030,8 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = {
 [CSR_MARCHID]   = { "marchid",   any,   read_zero},
 [CSR_MIMPID]= { "mimpid",any,   read_zero},
 [CSR_MHARTID]   = { "mhartid",   any,   read_mhartid },
+[CSR_MCONFIGPTR]   = { "mconfigptr", any, read_zero, NULL, NULL, NULL, 
NULL,
+ PRIV_VERSION_1_12_0},
 
 /* Machine Trap Setup */
 [CSR_MSTATUS] = { "mstatus",any,   read_mstatus, 
write_mstatus, NULL,
-- 
2.30.2

Re: [PATCH v8 21/23] target/riscv: Set default XLEN for hypervisor

[Alistair Francis]

On Fri, Jan 21, 2022 at 3:16 AM LIU Zhiwei  wrote:
>
> When swap regs for hypervisor, the value of vsstatus or mstatus_hs
> should have the right XLEN. Otherwise, it will propagate to mstatus.
>
> Signed-off-by: LIU Zhiwei 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/riscv/cpu.c | 10 ++
>  1 file changed, 10 insertions(+)
>
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index a120d474df..1cb0436187 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -422,6 +422,16 @@ static void riscv_cpu_reset(DeviceState *dev)
>   */
>  env->mstatus = set_field(env->mstatus, MSTATUS64_SXL, env->misa_mxl);
>  env->mstatus = set_field(env->mstatus, MSTATUS64_UXL, env->misa_mxl);
> +if (riscv_has_ext(env, RVH)) {
> +env->vsstatus = set_field(env->vsstatus,
> +  MSTATUS64_SXL, env->misa_mxl);
> +env->vsstatus = set_field(env->vsstatus,
> +  MSTATUS64_UXL, env->misa_mxl);
> +env->mstatus_hs = set_field(env->mstatus_hs,
> +MSTATUS64_SXL, env->misa_mxl);
> +env->mstatus_hs = set_field(env->mstatus_hs,
> +MSTATUS64_UXL, env->misa_mxl);
> +}
>  }
>  env->mcause = 0;
>  env->pc = env->resetvec;
> --
> 2.25.1
>
>

Re: [PATCH v2 1/2] target/riscv: iterate over a table of decoders

[Philipp Tomsich]

On Wed, 19 Jan 2022 at 12:30, Philippe Mathieu-Daudé  wrote:
>
> On 13/1/22 21:20, Philipp Tomsich wrote:
> > To split up the decoder into multiple functions (both to support
> > vendor-specific opcodes in separate files and to simplify maintenance
> > of orthogonal extensions), this changes decode_op to iterate over a
> > table of decoders predicated on guard functions.
> >
> > This commit only adds the new structure and the table, allowing for
> > the easy addition of additional decoders in the future.
> >
> > Signed-off-by: Philipp Tomsich 
> > ---
> >
> > Changes in v2:
> > - (new patch) iterate over a table of guarded decoder functions
> >
> >   target/riscv/translate.c | 38 --
> >   1 file changed, 32 insertions(+), 6 deletions(-)
> >
> > diff --git a/target/riscv/translate.c b/target/riscv/translate.c
> > index 615048ec87..2cbf9cbb6f 100644
> > --- a/target/riscv/translate.c
> > +++ b/target/riscv/translate.c
> > @@ -116,6 +116,12 @@ static inline bool has_ext(DisasContext *ctx, uint32_t 
> > ext)
> >   return ctx->misa_ext & ext;
> >   }
> >
> > +static inline bool always_true_p(CPURISCVState *env  
> > __attribute__((__unused__)),
> > + DisasContext *ctx  
> > __attribute__((__unused__)))
> > +{
> > +return true;
> > +}
> > +
> >   #ifdef TARGET_RISCV32
> >   #define get_xl(ctx)MXL_RV32
> >   #elif defined(CONFIG_USER_ONLY)
> > @@ -844,16 +850,28 @@ static uint32_t opcode_at(DisasContextBase *dcbase, 
> > target_ulong pc)
> >
> >   static void decode_opc(CPURISCVState *env, DisasContext *ctx, uint16_t 
> > opcode)
> >   {
> > -/* check for compressed insn */
> > +/* If not handled, we'll raise an illegal instruction exception */
> > +bool handled = false;
> > +
> > +/*
> > + * A table with predicate (i.e., guard) functions and decoder functions
> > + * that are tested in-order until a decoder matches onto the opcode.
> > + */
> > +const struct {
> > +bool (*guard_func)(CPURISCVState *, DisasContext *);
> > +bool (*decode_func)(DisasContext *, uint32_t);
> > +} decoders[] = {
> > +{ always_true_p,  decode_insn32 },
> > +};
> > +
> > +/* Check for compressed insn */
> >   if (extract16(opcode, 0, 2) != 3) {
> >   if (!has_ext(ctx, RVC)) {
> >   gen_exception_illegal(ctx);
> >   } else {
> >   ctx->opcode = opcode;
> >   ctx->pc_succ_insn = ctx->base.pc_next + 2;
> > -if (!decode_insn16(ctx, opcode)) {
> > -gen_exception_illegal(ctx);
> > -}
> > +handled = decode_insn16(ctx, opcode);
> >   }
> >   } else {
> >   uint32_t opcode32 = opcode;
> > @@ -862,10 +880,18 @@ static void decode_opc(CPURISCVState *env, 
> > DisasContext *ctx, uint16_t opcode)
> >ctx->base.pc_next + 2));
> >   ctx->opcode = opcode32;
> >   ctx->pc_succ_insn = ctx->base.pc_next + 4;
> > -if (!decode_insn32(ctx, opcode32)) {
> > -gen_exception_illegal(ctx);
> > +
> > +for (size_t i = 0; i < ARRAY_SIZE(decoders); ++i) {
> > +if (!decoders[i].guard_func(env, ctx))
> > +continue;
> > +
> > +if ((handled = decoders[i].decode_func(ctx, opcode32)))
> > +break;
>
> Again, while we might check whether "Vendor Extensions" are enabled or
> not at runtime, they are specific to a (vendor) core model, so we know
> their availability  at instantiation time.
>
> I don't understand the need to iterate. You can check for vendor
> extensions in riscv_tr_init_disas_context() and set a vendor_decoder()
> handler in DisasContext, which ends calling the generic decode_opc()
> one.

While the design you propose is a valid variation that will achieve
most of the functionality, I don't believe that this is the best way
forward.
A key issue is that it will interfere with using the command-line to
enable/disable such vendor-defined extensions easily (i.e., "-cpu
any,XVentanaCondOps=true" will not work).

It also looks like there is a misunderstanding of how vendor-defined
extensions work: these will not be the same for every vendor core and
may be implemented by multiple vendors (after all: these are
vendor-defined, not vendor-specific). Trying to force the RISC-V
vendors down the route of handling this via a specialized decoder
function set up in riscv_tr_init_disas_context(), will eventually
force them to have multiple decode functions for
chip-families/generations — this is not conducive to easy
maintainability of the codebase.

Regards,
Philipp.

>
> >   }
> >   }
> > +
> > +if (!handled)
> > +gen_exception_illegal(ctx);
> >   }
> >
> >   static void riscv_tr_init_disas_context(DisasContextBase *dcbase, 
> > CPUState *cs)
>

Re: [PULL v2 00/38] target-arm queue

[Peter Maydell]

On Thu, 20 Jan 2022 at 21:18, Peter Maydell  wrote:
>
> On Thu, 20 Jan 2022 at 16:12, Peter Maydell  wrote:
> >
> > v1->v2: fix up format string issues in aspeed_i3c.c
> >
> > -- PMM
> >
> > The following changes since commit b10d00d8811fa4eed4862963273d7353ce310c82:
> >
> >   Merge remote-tracking branch 
> > 'remotes/kraxel/tags/seabios-20220118-pull-request' into staging 
> > (2022-01-19 18:46:28 +)
> >
> > are available in the Git repository at:
> >
> >   https://git.linaro.org/people/pmaydell/qemu-arm.git 
> > tags/pull-target-arm-20220120-1
> >
> > for you to fetch changes up to b9d383ab797f54ae5fa8746117770709921dc529:
> >
> >   hw/intc/arm_gicv3: Check for !MEMTX_OK instead of MEMTX_ERROR (2022-01-20 
> > 16:04:58 +)
> >
> > 
> > target-arm:
> >  * hw/intc/arm_gicv3_its: Fix various minor bugs
> >  * hw/arm/aspeed: Add the i3c device to the AST2600 SoC
> >  * hw/arm: kudo: add lm75s behind bus 1 switch at 75
> >  * hw/arm/virt: Fix support for running guests on hosts
> >with restricted IPA ranges
> >  * hw/intc/arm_gic: Allow reset of the running priority
> >  * hw/intc/arm_gic: Implement read of GICC_IIDR
> >  * hw/arm/virt: Support for virtio-mem-pci
> >  * hw/arm/virt: Support CPU cluster on ARM virt machine
> >  * docs/can: convert to restructuredText
> >  * hw/net: Move MV88W8618 network device out of hw/arm/ directory
> >  * hw/arm/virt: KVM: Enable PAuth when supported by the host
> >
>
>
>
> Applied to target-arm.next, thanks.

Wrong canned reply :-)

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/7.0
for any user-visible changes.

-- PMM

Re: [PULL v2 00/38] target-arm queue

[Peter Maydell]

On Thu, 20 Jan 2022 at 16:12, Peter Maydell  wrote:
>
> v1->v2: fix up format string issues in aspeed_i3c.c
>
> -- PMM
>
> The following changes since commit b10d00d8811fa4eed4862963273d7353ce310c82:
>
>   Merge remote-tracking branch 
> 'remotes/kraxel/tags/seabios-20220118-pull-request' into staging (2022-01-19 
> 18:46:28 +)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git 
> tags/pull-target-arm-20220120-1
>
> for you to fetch changes up to b9d383ab797f54ae5fa8746117770709921dc529:
>
>   hw/intc/arm_gicv3: Check for !MEMTX_OK instead of MEMTX_ERROR (2022-01-20 
> 16:04:58 +)
>
> 
> target-arm:
>  * hw/intc/arm_gicv3_its: Fix various minor bugs
>  * hw/arm/aspeed: Add the i3c device to the AST2600 SoC
>  * hw/arm: kudo: add lm75s behind bus 1 switch at 75
>  * hw/arm/virt: Fix support for running guests on hosts
>with restricted IPA ranges
>  * hw/intc/arm_gic: Allow reset of the running priority
>  * hw/intc/arm_gic: Implement read of GICC_IIDR
>  * hw/arm/virt: Support for virtio-mem-pci
>  * hw/arm/virt: Support CPU cluster on ARM virt machine
>  * docs/can: convert to restructuredText
>  * hw/net: Move MV88W8618 network device out of hw/arm/ directory
>  * hw/arm/virt: KVM: Enable PAuth when supported by the host
>



Applied to target-arm.next, thanks.

-- PMM

Re: [PATCH] Update copyright dates to 2022

[Philippe Mathieu-Daudé via]

On 1/20/22 13:47, Peter Maydell wrote:
> It's a new year; update the copyright strings for our
> help/version/about information and for our documentation.
> 
> Signed-off-by: Peter Maydell 
> ---
> For once I remembered to do this in January :-)
> 
> I suppose at some point we should try to arrange that Sphinx
> can pick up the copyright year from a common location so
> we don't need to change two places.
> 
>  docs/conf.py  | 2 +-
>  include/qemu-common.h | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé 

[PATCH] configure: fix parameter expansion of --cross-cc-cflags options

[matheus . ferst]

From: Matheus Ferst 

Without this fix, any use of --cross-cc-cflags-* causes a message like:
$ ../configure --cross-cc-ppc64le=clang --cross-cc-cflags-ppc64le="-target 
powerpc64le-unknown-linux-gnu -sysroot ..."
../configure: 1: eval: cross_cc_cflags_--cross-cc-cflags-ppc64le=-target: not 
found
../configure: 3816: export: cross_cc_cflags_--cross-cc-cflags-ppc64le: bad 
variable name

Signed-off-by: Matheus Ferst 
---
 configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure b/configure
index e1a31fb332..4735c1bffc 100755
--- a/configure
+++ b/configure
@@ -402,7 +402,7 @@ for opt do
   ;;
   --cross-cc-*[!a-zA-Z0-9_-]*=*) error_exit "Passed bad --cross-cc-FOO option"
   ;;
-  --cross-cc-cflags-*) cc_arch=${opt#--cross-cc-flags-}; cc_arch=${cc_arch%%=*}
+  --cross-cc-cflags-*) cc_arch=${opt#--cross-cc-cflags-}; 
cc_arch=${cc_arch%%=*}
   eval "cross_cc_cflags_${cc_arch}=\$optarg"
   cross_cc_vars="$cross_cc_vars cross_cc_cflags_${cc_arch}"
   ;;
-- 
2.25.1

[RFC 4/5] target/riscv: Add *envcfg* CSRs support

[Atish Patra]

The RISC-V privileged specification v1.12 defines few execution
environment configuration CSRs that can be used enable/disable
extensions per privilege levels.

Add the basic support for these CSRs.

Signed-off-by: Atish Patra 
---
 target/riscv/cpu.h  |  8 
 target/riscv/cpu_bits.h | 31 +++
 target/riscv/csr.c  | 84 +
 target/riscv/machine.c  | 26 +
 4 files changed, 149 insertions(+)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 7f87917204c5..b9462300a472 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -264,6 +264,14 @@ struct CPURISCVState {
 target_ulong spmbase;
 target_ulong upmmask;
 target_ulong upmbase;
+
+/* CSRs for execution enviornment configuration */
+
+target_ulong menvcfg;
+target_ulong menvcfgh;
+target_ulong senvcfg;
+target_ulong henvcfg;
+target_ulong henvcfgh;
 #endif
 
 float_status fp_status;
diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index f6f90b5cbd52..afb237c2313b 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -177,6 +177,9 @@
 #define CSR_STVEC   0x105
 #define CSR_SCOUNTEREN  0x106
 
+/* Supervisor Configuration CSRs */
+#define CSR_SENVCFG 0x10A
+
 /* Supervisor Trap Handling */
 #define CSR_SSCRATCH0x140
 #define CSR_SEPC0x141
@@ -204,6 +207,10 @@
 #define CSR_HTIMEDELTA  0x605
 #define CSR_HTIMEDELTAH 0x615
 
+/* Hypervisor Configuration CSRs */
+#define CSR_HENVCFG 0x60A
+#define CSR_HENVCFGH0x61A
+
 /* Virtual CSRs */
 #define CSR_VSSTATUS0x200
 #define CSR_VSIE0x204
@@ -218,6 +225,10 @@
 #define CSR_MTINST  0x34a
 #define CSR_MTVAL2  0x34b
 
+/* Machine Configuration CSRs */
+#define CSR_MENVCFG 0x30A
+#define CSR_MENVCFGH0x31A
+
 /* Enhanced Physical Memory Protection (ePMP) */
 #define CSR_MSECCFG 0x747
 #define CSR_MSECCFGH0x757
@@ -578,6 +589,26 @@ typedef enum RISCVException {
 #define PM_EXT_CLEAN0x0002ULL
 #define PM_EXT_DIRTY0x0003ULL
 
+/* Execution enviornment configuration bits */
+#define MENVCFG_FIOM   (1 << 0)
+#define MENVCFG_CBE0x3ULL
+#define MENVCFG_CBCFE  (1 << 6)
+#define MENVCFG_CBZE   (1 << 7)
+#define MENVCFG_PBMTE  (1 << 62)
+#define MENVCFG_STCE   (1 << 63)
+
+#define SENVCFG_FIOM   MENVCFG_FIOM
+#define SENVCFG_CBEMENVCFG_CBE
+#define SENVCFG_CBCFE  MENVCFG_CBCFE
+#define SENVCFG_CBZE   MENVCFG_CBZE
+
+#define HENVCFG_FIOM   MENVCFG_FIOM
+#define HENVCFG_CBEMENVCFG_CBE
+#define HENVCFG_CBCFE  MENVCFG_CBCFE
+#define HENVCFG_CBZE   MENVCFG_CBZE
+#define HENVCFG_PBMTE  MENVCFG_PBMTE
+#define HENVCFG_STCE   MENVCFG_STCE
+
 /* Offsets for every pair of control bits per each priv level */
 #define XS_OFFSET0ULL
 #define U_OFFSET 2ULL
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index e66bf2201857..a4bbae7a1bbd 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -853,6 +853,77 @@ static RISCVException write_mtval(CPURISCVState *env, int 
csrno,
 return RISCV_EXCP_NONE;
 }
 
+/* Execution environment configuration setup */
+static RISCVException read_menvcfg(CPURISCVState *env, int csrno,
+ target_ulong *val)
+{
+*val = env->menvcfg;
+return RISCV_EXCP_NONE;
+}
+
+static RISCVException write_menvcfg(CPURISCVState *env, int csrno,
+  target_ulong val)
+{
+env->menvcfg = val;
+return RISCV_EXCP_NONE;
+}
+
+static RISCVException read_menvcfgh(CPURISCVState *env, int csrno,
+ target_ulong *val)
+{
+*val = env->menvcfgh;
+return RISCV_EXCP_NONE;
+}
+
+static RISCVException write_menvcfgh(CPURISCVState *env, int csrno,
+  target_ulong val)
+{
+env->menvcfgh = val;
+return RISCV_EXCP_NONE;
+}
+
+static RISCVException read_senvcfg(CPURISCVState *env, int csrno,
+ target_ulong *val)
+{
+*val = env->senvcfg;
+return RISCV_EXCP_NONE;
+}
+
+static RISCVException write_senvcfg(CPURISCVState *env, int csrno,
+  target_ulong val)
+{
+env->senvcfg = val;
+return RISCV_EXCP_NONE;
+}
+
+static RISCVException read_henvcfg(CPURISCVState *env, int csrno,
+ target_ulong *val)
+{
+*val = env->henvcfg;
+return RISCV_EXCP_NONE;
+}
+
+static RISCVException write_henvcfg(CPURISCVState *env, int csrno,
+  target_ulong val)
+{
+env->henvcfg = val;
+return RISCV_EXCP_NONE;
+}
+
+static 

Re: [PATCH v3 2/2] This patch includes i3c instance in ast2600 soc.

[Peter Maydell]

On Tue, 11 Jan 2022 at 08:46, Troy Lee  wrote:
>
> v3:
> - Remove unrelated changes to SPI2 address
> - Remove controller irq line
>
> v2: Rebase to mainline QEMU
>
> Signed-off-by: Troy Lee 

This turns out not to build on macOS or on 32-bit hosts
because of format string issues -- you can't portably
use %lx to print uint64_t or hwaddr types. I have folded
in the following fix:

diff --git a/hw/misc/aspeed_i3c.c b/hw/misc/aspeed_i3c.c
index 43771d768ad..f54f5da522b 100644
--- a/hw/misc/aspeed_i3c.c
+++ b/hw/misc/aspeed_i3c.c
@@ -150,7 +150,8 @@ static void aspeed_i3c_device_write(void *opaque,
hwaddr offset,
 case R_I3C_VER_TYPE:
 case R_EXTENDED_CAPABILITY:
 qemu_log_mask(LOG_GUEST_ERROR,
-  "%s: write to readonly register[%02lx] = %08lx\n",
+  "%s: write to readonly register[0x%02" HWADDR_PRIx
+  "] = 0x%08" PRIx64 "\n",
   __func__, offset, value);
 break;
 case R_RX_TX_DATA_PORT:
@@ -231,13 +232,15 @@ static void aspeed_i3c_write(void *opaque,
 case R_I3C6_REG1:
 if (data & R_I3C1_REG1_I2C_MODE_MASK) {
 qemu_log_mask(LOG_UNIMP,
-  "%s: Not support I2C mode [%08lx]=%08lx",
+  "%s: Unsupported I2C mode [0x%08" HWADDR_PRIx
+  "]=%08" PRIx64 "\n",
   __func__, addr << 2, data);
 break;
 }
 if (data & R_I3C1_REG1_SA_EN_MASK) {
 qemu_log_mask(LOG_UNIMP,
-  "%s: Not support slave mode [%08lx]=%08lx",
+  "%s: Unsupported slave mode [%08" HWADDR_PRIx
+  "]=0x%08" PRIx64 "\n",
   __func__, addr << 2, data);
 break;
 }

which also includes a small grammar fix, adds the missing
trailing newlines, and includes the "0x" prefix to make it
clearer to the user that the values printed are hex.

thanks
-- PMM

Re: [PATCH] hw/char/exynos4210_uart: Fix crash on trying to load VM state

[Guenter Roeck]

On 1/20/22 7:16 AM, Peter Maydell wrote:

The exynos4210_uart_post_load() function assumes that it is passed
the Exynos4210UartState, but it has been attached to the
VMStateDescription for the Exynos4210UartFIFO type.  The result is a
SIGSEGV when attempting to load VM state for any machine type
including this device.

Fix the bug by attaching the post-load function to the VMSD for the
Exynos4210UartState.  This is the logical place for it, because the
actions it does relate to the entire UART state, not just the FIFO.

Thanks to the bug reporter @TrungNguyen1909 for the clear bug
description and the suggested fix.

Fixes: c9d3396d80fe7ece9b
("hw/char/exynos4210_uart: Implement post_load function")
Buglink: https://gitlab.com/qemu-project/qemu/-/issues/638
Signed-off-by: Peter Maydell 


Reviewed-by: Guenter Roeck 


---
  hw/char/exynos4210_uart.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/char/exynos4210_uart.c b/hw/char/exynos4210_uart.c
index 80d401a3795..addcd59b028 100644
--- a/hw/char/exynos4210_uart.c
+++ b/hw/char/exynos4210_uart.c
@@ -628,7 +628,6 @@ static const VMStateDescription 
vmstate_exynos4210_uart_fifo = {
  .name = "exynos4210.uart.fifo",
  .version_id = 1,
  .minimum_version_id = 1,
-.post_load = exynos4210_uart_post_load,
  .fields = (VMStateField[]) {
  VMSTATE_UINT32(sp, Exynos4210UartFIFO),
  VMSTATE_UINT32(rp, Exynos4210UartFIFO),
@@ -641,6 +640,7 @@ static const VMStateDescription vmstate_exynos4210_uart = {
  .name = "exynos4210.uart",
  .version_id = 1,
  .minimum_version_id = 1,
+.post_load = exynos4210_uart_post_load,
  .fields = (VMStateField[]) {
  VMSTATE_STRUCT(rx, Exynos4210UartState, 1,
 vmstate_exynos4210_uart_fifo, Exynos4210UartFIFO),

Re: [PATCH v2 5/5] python/aqmp: add socket bind step to legacy.py

[John Snow]

On Thu, Jan 20, 2022, 4:13 AM Daniel P. Berrangé 
wrote:

> On Wed, Jan 19, 2022 at 02:39:16PM -0500, John Snow wrote:
> > The old QMP library would actually bind to the server address during
> > __init__(). The new library delays this to the accept() call, because
> > binding occurs inside of the call to start_[unix_]server(), which is an
> > async method -- so it cannot happen during __init__ anymore.
> >
> > Python 3.7+ adds the ability to create the server (and thus the bind()
> > call) and begin the active listening in separate steps, but we don't
> > have that functionality in 3.6, our current minimum.
> >
> > Therefore ... Add a temporary workaround that allows the synchronous
> > version of the client to bind the socket in advance, guaranteeing that
> > there will be a UNIX socket in the filesystem ready for the QEMU client
> > to connect to without a race condition.
> >
> > (Yes, it's ugly; fixing it more nicely will unfortunately have to wait
> > until I can stipulate Python 3.7+ as our minimum version. Python 3.6 is
> > EOL as of the beginning of this year, but I haven't checked if all of
> > our supported build platforms have a properly modern Python available
> > yet.)
>
> RHEL-8 system python will remain 3.6 for the life of RHEL-8.
>
> While you can bring in newer python versions in parallel,
> IMHO it is highly desirable to remain compatible with the
> system python as that's the one you can guarantee users
> actually have available by default.
>

I agree, but over time my hand will be forced. Libraries are beginning to
drop support for Python 3.6 upstream, and it's only a matter of time before
it becomes implausible to support an EOL python version.

I actually go out of my way to ensure compatibility with the very oldest
versions I possibly can - *extremely* out of my way - but there's only so
much I can reasonably do. Supporting 3.6 and 3.11 simultaneously may prove
challenging.

Either way, I'm not bumping the version here in this series. I'm just
stating that this hack is kind of the best I can (quickly and easily) do
until 3.7.

(3.7 adds start_server=False to start_unix_server which allows the
separation of steps without needing to muck around with the socket object.)


>
>
> Regards,
> Daniel
> --
> |: https://berrange.com  -o-
> https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org -o-
> https://fstop138.berrange.com :|
> |: https://entangle-photo.org-o-
> https://www.instagram.com/dberrange :
>

Re: [PATCH v2 3/6] tests/qtest/libqos: Skip hotplug tests if pci root bus is not hotpluggable

[Alex Bennée]

Eric Auger  writes:

> ARM does not not support hotplug on pcie.0. Add a flag on the bus
> which tells if devices can be hotplugged and skip hotplug tests
> if the bus cannot be hotplugged. This is a temporary solution to
> enable the other pci tests on aarch64.
>
> Signed-off-by: Eric Auger 
> Acked-by: Thomas Huth 

Reviewed-by: Alex Bennée 

-- 
Alex Bennée

Re: [PATCH v2 4/6] drop libxml2 checks since libxml is not actually used (for parallels)

[Philippe Mathieu-Daudé via]

On 20/1/22 14:37, Thomas Huth wrote:

On 20/01/2022 12.05, Philippe Mathieu-Daudé wrote:

From: Michael Tokarev 

For a long time, we assumed that libxml2 is neecessary for parallels


Also "necessary",


block format support (block/parallels*). However, this format actually
does not use libxml [*]. Since this is the only user of libxml2 in
while qemu tree, we can drop all libxml2 checks and dependencies too.


and eventually "QEMU".


s/while/whole/


It is even more: --enable-parallels configure option was the only
option which was silently ignored when it's (fake) dependency
(libxml2) isn't installed.

Drop all mentions of libxml2.

[*] Actually the basis for libxml use were merged in commit 25bfd5a75
 but the implementation was never merged:
 
https://lore.kernel.org/qemu-devel/70227bbd-a517-70e9-714f-e6e0ec431...@openvz.org/ 



Commit ed279a06c53784 also add a hunk to scripts/checkpatch.pl ... you 
might want to remove that now, too.


Good catch!

[RFC 2/5] target/riscv: Introduce privilege version field in the CSR ops.

[Atish Patra]

To allow/disallow the CSR access based on the privilege spec, a new field
in the csr_ops is introduced. It also adds the privileged specification
version (v1.12) for the CSRs introduced in the v1.12. This includes the
new ratified extensions such as Vector, Hypervisor and secconfig CSR.

Signed-off-by: Atish Patra 
---
 target/riscv/cpu.h |   1 +
 target/riscv/csr.c | 103 ++---
 2 files changed, 69 insertions(+), 35 deletions(-)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 671f65100b1a..7f87917204c5 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -521,6 +521,7 @@ typedef struct {
 riscv_csr_op_fn op;
 riscv_csr_read128_fn read128;
 riscv_csr_write128_fn write128;
+uint32_t min_priv_ver;
 } riscv_csr_operations;
 
 /* CSR function table constants */
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index adb3d4381d1f..762d3269b4a4 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -1991,13 +1991,20 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = {
 [CSR_FRM]  = { "frm",  fs, read_frm, write_frm},
 [CSR_FCSR] = { "fcsr", fs, read_fcsr,write_fcsr   },
 /* Vector CSRs */
-[CSR_VSTART]   = { "vstart",   vs, read_vstart,  write_vstart },
-[CSR_VXSAT]= { "vxsat",vs, read_vxsat,   write_vxsat  },
-[CSR_VXRM] = { "vxrm", vs, read_vxrm,write_vxrm   },
-[CSR_VCSR] = { "vcsr", vs, read_vcsr,write_vcsr   },
-[CSR_VL]   = { "vl",   vs, read_vl},
-[CSR_VTYPE]= { "vtype",vs, read_vtype },
-[CSR_VLENB]= { "vlenb",vs, read_vlenb },
+[CSR_VSTART]   = { "vstart",   vs, read_vstart,  write_vstart, NULL,
+   NULL, NULL, PRIV_VERSION_1_12_0 },
+[CSR_VXSAT]= { "vxsat",vs, read_vxsat,   write_vxsat, NULL,
+   NULL, NULL, PRIV_VERSION_1_12_0 },
+[CSR_VXRM] = { "vxrm", vs, read_vxrm,write_vxrm, NULL,
+   NULL, NULL, PRIV_VERSION_1_12_0 },
+[CSR_VCSR] = { "vcsr", vs, read_vcsr,write_vcsr, NULL,
+   NULL, NULL, PRIV_VERSION_1_12_0 },
+[CSR_VL]   = { "vl",   vs, read_vl, NULL, NULL, NULL, NULL,
+   PRIV_VERSION_1_12_0 },
+[CSR_VTYPE]= { "vtype",vs, read_vtype, NULL, NULL, NULL, NULL,
+   PRIV_VERSION_1_12_0 },
+[CSR_VLENB]= { "vlenb",vs, read_vlenb, NULL, NULL, NULL, NULL,
+   PRIV_VERSION_1_12_0 },
 /* User Timers and Counters */
 [CSR_CYCLE]= { "cycle",ctr,read_instret  },
 [CSR_INSTRET]  = { "instret",  ctr,read_instret  },
@@ -2063,36 +2070,62 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = {
 /* Supervisor Protection and Translation */
 [CSR_SATP] = { "satp", smode, read_satp,write_satp  },
 
-[CSR_HSTATUS] = { "hstatus", hmode,   read_hstatus, 
write_hstatus },
-[CSR_HEDELEG] = { "hedeleg", hmode,   read_hedeleg, 
write_hedeleg },
-[CSR_HIDELEG] = { "hideleg", hmode,   read_hideleg, 
write_hideleg },
-[CSR_HVIP]= { "hvip",hmode,   NULL,   NULL, rmw_hvip   
   },
-[CSR_HIP] = { "hip", hmode,   NULL,   NULL, rmw_hip
   },
-[CSR_HIE] = { "hie", hmode,   read_hie, write_hie  
   },
-[CSR_HCOUNTEREN]  = { "hcounteren",  hmode,   read_hcounteren,  
write_hcounteren  },
-[CSR_HGEIE]   = { "hgeie",   hmode,   read_zero,
write_hgeie   },
-[CSR_HTVAL]   = { "htval",   hmode,   read_htval,   
write_htval   },
-[CSR_HTINST]  = { "htinst",  hmode,   read_htinst,  
write_htinst  },
-[CSR_HGEIP]   = { "hgeip",   hmode,   read_zero,
write_hgeip   },
-[CSR_HGATP]   = { "hgatp",   hmode,   read_hgatp,   
write_hgatp   },
-[CSR_HTIMEDELTA]  = { "htimedelta",  hmode,   read_htimedelta,  
write_htimedelta  },
-[CSR_HTIMEDELTAH] = { "htimedeltah", hmode32, read_htimedeltah, 
write_htimedeltah },
-
-[CSR_VSSTATUS]= { "vsstatus",hmode,   read_vsstatus,
write_vsstatus},
-[CSR_VSIP]= { "vsip",hmode,   NULL,NULL,rmw_vsip   
   },
-[CSR_VSIE]= { "vsie",hmode,   read_vsie,write_vsie 
   },
-[CSR_VSTVEC]  = { "vstvec",  hmode,   read_vstvec,  
write_vstvec  },
-[CSR_VSSCRATCH]   = { "vsscratch",   hmode,   read_vsscratch,   
write_vsscratch   },
-[CSR_VSEPC]   = { "vsepc",   hmode,   read_vsepc,   
write_vsepc   },
-

Re: [PATCH 1/3] qsd: Add pre-init argument parsing pass

[Hanna Reitz]

On 20.01.22 17:00, Markus Armbruster wrote:

Kevin Wolf  writes:


Am 19.01.2022 um 14:44 hat Hanna Reitz geschrieben:

On 19.01.22 13:58, Markus Armbruster wrote:

Hanna Reitz  writes:


We want to add a --daemonize argument to QSD's command line.

Why?

OK, s/we/I/.  I find it useful, because without such an option, I need to
have whoever invokes QSD loop until the PID file exists, before I can be
sure that all exports are set up.  I make use of it in the test cases added
in patch 3.

I suppose this could be worked around with a special character device, like
so:

```
ncat --listen -U /tmp/qsd-done.sock 
I know duplicating this into every program that could server as a daemon
is the Unix tradition.  Doesn't make it good.  Systemd[*] has tried to
make it superfluous.


Well.  I have absolutely nothing against systemd.  Still, I will not use 
it in an iotest, that’s for sure.



The other point is that the system emulator has it, qemu-nbd has it,
so certainly qsd should have it as well. Not the least because it should
be able to replace qemu-nbd (at least for the purpose of exporting NBD.
not necessarily for attaching it to the host).

Point taken, but I think it's a somewhat weak one.  qsd could certainly
replace qemu-nbd even without --daemonize; we could use other means to
run it in the background.


This will
require forking the process before we do any complex initialization
steps, like setting up the block layer or QMP.  Therefore, we must scan
the command line for it long before our current process_options() call.

Can you explain in a bit more detail why early forking is required?

I have a strong dislike for parsing more than once...

Because I don’t want to set up QMP and block devices, and then fork the
process into two.  That sounds like there’d be a lot of stuff to think
about, which just isn’t necessary, because we don’t need to set up any
of this in the parent.

We must fork() before we create threads.  Other resources are easy
enough to hand over to the child.  Still, having to think about less is
good, I readily grant you that.

The trouble is that forking early creates a new problem: any
configuration errors detected in the child must be propagated to the
parent somehow (output and exit status).  I peeked at your PATCH 2, and
I'm not convinced, but that's detail here.


Here we can compare again: Both the system emulator and qemu-nbd behave
the same, they fork before they do anything interesting.

The difference is that they still parse the command line only once
because they don't immediately create things, but just store the options
and later process them in their own magic order. I'd much rather parse
the command line twice than copy that behaviour.

The part I hate is "own magic order".  Without that, multiple passes are
just fine with me.

Parsing twice is a bit like having a two pass compiler run the first
pass left to right, and then both passes intertwined left to right.  The
pedestrian way to do it is running the first pass left to right, then
the second pass left to right.

We're clearly talking taste here.


Kevin


For example, if I set up a monitor on a Unix socket (server=true),
processing is delayed until the client connects.  Say I put --daemonize
afterwards.  I connect to the waiting server socket, the child is forked
off, and then... I’m not sure what happens, actually.  Do I have a
connection with both the parent and the child listening?  I know that in
practice, what happens is that once the parent exits, the connection is
closed, and I get a “qemu: qemu_thread_join: Invalid argument” warning/error
on the QSD side.

There’s a lot of stuff to think about if you allow forking after other
options, so it should be done first.  We could just require the user to put
--daemonize before all other options, and so have a single pass; but still,
before options are even parsed, we have already for example called
bdrv_init(), init_qmp_commands(), qemu_init_main_loop().  These are all
things that the parent of a daemonizing process doesn’t need to do, and
where I’d simply rather not think about what impact it has if we fork
afterwards.

Hanna

Care to put a brief version of the rationale for --daemonize and for
forking early in the commit message?


Well, my rationale for adding the feature doesn’t really extend beyond 
“I want it, I find it useful, and so I assume others will, too”.


I don’t really like putting “qemu-nbd has it” there, because... it was 
again me who implemented it for qemu-nbd.  Because I found it useful.  
But I can of course do that, if it counts as a reason.


I can certainly (and understand the need to, and will) elaborate on the 
“This will require forking the process before we do any complex 
initialization steps” part.


Hanna

Re: [PATCH v2] qapi: Cleanup SGX related comments and restore @section-size

[Philippe Mathieu-Daudé via]

On 20/1/22 10:10, Daniel P. Berrangé wrote:

On Wed, Jan 19, 2022 at 06:57:20PM -0500, Yang Zhong wrote:

The SGX NUMA patches were merged into Qemu 7.0 release, we need
clarify detailed version history information and also change
some related comments, which make SGX related comments clearer.

The QMP command schema promises backwards compatibility as standard.
We temporarily restore "@section-size", which can avoid incompatible
API breakage. The "@section-size" will be deprecated in 7.2 version.

Suggested-by: Daniel P. Berrangé 
Signed-off-by: Yang Zhong 
Reviewed-by: Daniel P. Berrangé 
---
  qapi/machine.json |  4 ++--
  qapi/misc-target.json | 17 -
  hw/i386/sgx.c | 11 +--
  3 files changed, 23 insertions(+), 9 deletions(-)



diff --git a/qapi/misc-target.json b/qapi/misc-target.json
index 1022aa0184..a87358ea44 100644
--- a/qapi/misc-target.json
+++ b/qapi/misc-target.json
@@ -344,9 +344,9 @@
  #
  # @node: the numa node
  #
-# @size: the size of epc section
+# @size: the size of EPC section
  #
-# Since: 6.2
+# Since: 7.0
  ##
  { 'struct': 'SGXEPCSection',
'data': { 'node': 'int',
@@ -365,7 +365,9 @@
  #
  # @flc: true if FLC is supported
  #
-# @sections: The EPC sections info for guest
+# @section-size: The EPC section size for guest (Will be deprecated in 7.2)


I expected deprecation would start now (7.0, and it would be removed
in 7.2.

Also needs to be documented in docs/about/deprecated.rst


Isn't docs/about/deprecated.rst for user-facing changes *only*?

Machine-facing changes are already described in the QAPI schema.

Please correct me.

Thanks,

Phil.

Re: [PATCH v7 2/4] qapi/monitor: refactor set/expire_password with enums

[Markus Armbruster]

Fabian Ebner  writes:

> Am 21.10.21 um 12:01 schrieb Stefan Reiter:
>> 'protocol' and 'connected' are better suited as enums than as strings,
>> make use of that. No functional change intended.
>> Suggested-by: Markus Armbruster 
>> Reviewed-by: Markus Armbruster 
>> Signed-off-by: Stefan Reiter 

[...]

>> diff --git a/qapi/ui.json b/qapi/ui.json
>> index d7567ac866..15cc19dcc5 100644
>> --- a/qapi/ui.json
>> +++ b/qapi/ui.json
>> @@ -9,6 +9,35 @@
>>   { 'include': 'common.json' }
>>   { 'include': 'sockets.json' }
>>   +##
>> +# @DisplayProtocol:
>> +#
>> +# Display protocols which support changing password options.
>> +#
>> +# Since: 6.2
>> +#
>> +##
>> +{ 'enum': 'DisplayProtocol',
>> +  'data': [ { 'name': 'vnc', 'if': 'CONFIG_VNC' },
>> +{ 'name': 'spice', 'if': 'CONFIG_SPICE' } ] }
>> +
>> +##
>> +# @SetPasswordAction:
>> +#
>> +# An action to take on changing a password on a connection with active 
>> clients.
>> +#
>> +# @fail: fail the command if clients are connected
>> +#
>> +# @disconnect: disconnect existing clients
>> +#
>> +# @keep: maintain existing clients
>> +#
>> +# Since: 6.2
>> +#
>> +##
>> +{ 'enum': 'SetPasswordAction',
>> +  'data': [ 'fail', 'disconnect', 'keep' ] }
>
> Since 'keep' should be the default, shouldn't it come first? I didn't
> find an explicit mention in the QAPI docs, but testing suggests that
> the first member will be picked. Is that correct?

Not quite.

An optional member @connected generates a pair of C struct members
@connected and @has_connected.

If @has_connected is true, the argument is present, and @connected is
its value.

If @has_connected is false, the argument is absent.  The input visitor
zeros @connected then.  Other code should as well, for robustness, but I
wouldn't bet my own money on it.

Putting the default value first in an enum makes it zero in C.  Instead
of

has_connected ? connected : SET_PASSWORD_ACTION_KEEP

you can then write just

   connected

when you know absent values are zero.  Easier on the eyes.

A possible improvement to the QAPI schema language: optional members may
have a default value.  When given, we don't generate has_FOO.

> qmp_set_password still relies on has_connected to guard its checks
> here, but the next patch removes that, which AFAICT makes the default
> be 'fail' instead of keeping 'keep'. While it's only temporary
> breakage for VNC as the final patch in the series allows only 'keep'
> (still, should be avoided if possible), it does matter for SPICE.

Even temporary breakage should be avoided whenever practical.

[...]

[PATCH 2/2] iotests: add qcow2-keep-dirty

[Vladimir Sementsov-Ogievskiy]

Test new qcow2 open option: keep-dirty.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 tests/qemu-iotests/tests/qcow2-keep-dirty | 104 ++
 tests/qemu-iotests/tests/qcow2-keep-dirty.out |  34 ++
 2 files changed, 138 insertions(+)
 create mode 100755 tests/qemu-iotests/tests/qcow2-keep-dirty
 create mode 100644 tests/qemu-iotests/tests/qcow2-keep-dirty.out

diff --git a/tests/qemu-iotests/tests/qcow2-keep-dirty 
b/tests/qemu-iotests/tests/qcow2-keep-dirty
new file mode 100755
index 00..101a82bd28
--- /dev/null
+++ b/tests/qemu-iotests/tests/qcow2-keep-dirty
@@ -0,0 +1,104 @@
+#!/usr/bin/env bash
+# group: rw quick
+#
+# Test qcow2 keep-dirty option
+#
+# Copyright (c) 2022 Virtuozzo International GmbH.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=vsement...@virtuozzo.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+status=1   # failure is the default!
+
+_cleanup()
+{
+_cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ../common.rc
+. ../common.filter
+. ../common.qemu
+
+_supported_fmt qcow2
+_supported_proto file
+_supported_os Linux
+# This test does not make much sense with external data files
+_unsupported_imgopts data_file
+
+check_dirty_bit() {
+$QEMU_IMG info --output=json "$TEST_IMG" | grep 'dirty-flag'
+}
+
+set_dirty_bit() {
+echo Set dirty bit
+$PYTHON ../qcow2.py "$TEST_IMG" set-feature-bit incompatible 0
+check_dirty_bit
+}
+
+QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT
+
+keep_dirty_opts="driver=qcow2,keep-dirty=true,file.filename=$TEST_IMG"
+
+size=10M
+
+_make_test_img $size
+
+echo Check that keep-dirty not allowed without lazy refcounts
+$QEMU_IO -c 'quit' --image-opts "$keep_dirty_opts"
+
+_make_test_img -o "lazy_refcounts=on" $size
+
+echo
+echo Check that keep-dirty not allowed without dirty bit
+$QEMU_IO -c 'quit' --image-opts "$keep_dirty_opts"
+
+echo
+echo Check that usual access clears dirty bit
+set_dirty_bit
+$QEMU_IO -c 'quit' "$TEST_IMG"
+check_dirty_bit
+
+echo
+echo Check keep-dirty
+set_dirty_bit
+$QEMU_IO -c 'quit' --image-opts "$keep_dirty_opts"
+check_dirty_bit
+
+echo
+echo Check that usual qemu-img check clears dirty bit
+set_dirty_bit
+$QEMU_IMG check -r all "$TEST_IMG"
+check_dirty_bit
+
+echo
+echo Test qemu-img check with keep-dirty
+set_dirty_bit
+# also set corrupt bit
+$PYTHON ../qcow2.py "$TEST_IMG" set-feature-bit incompatible 1
+$PYTHON ../qcow2.py "$TEST_IMG" dump-header | grep incompatible
+$QEMU_IMG check -r all --image-opts "$keep_dirty_opts"
+$PYTHON ../qcow2.py "$TEST_IMG" dump-header | grep incompatible
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/tests/qcow2-keep-dirty.out 
b/tests/qemu-iotests/tests/qcow2-keep-dirty.out
new file mode 100644
index 00..4d2bf40521
--- /dev/null
+++ b/tests/qemu-iotests/tests/qcow2-keep-dirty.out
@@ -0,0 +1,34 @@
+QA output created by qcow2-keep-dirty
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=10485760
+Check that keep-dirty not allowed without lazy refcounts
+qemu-io: can't open: keep-dirty requires lazy refcounts
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=10485760
+
+Check that keep-dirty not allowed without dirty bit
+qemu-io: can't open: keep-dirty behaviour is requested but image is not dirty
+
+Check that usual access clears dirty bit
+Set dirty bit
+"dirty-flag": true
+"dirty-flag": false
+
+Check keep-dirty
+Set dirty bit
+"dirty-flag": true
+"dirty-flag": true
+
+Check that usual qemu-img check clears dirty bit
+Set dirty bit
+"dirty-flag": true
+No errors were found on the image.
+Image end offset: 262144
+"dirty-flag": false
+
+Test qemu-img check with keep-dirty
+Set dirty bit
+"dirty-flag": true
+incompatible_features [0, 1]
+No errors were found on the image.
+Image end offset: 262144
+incompatible_features [0]
+*** done
-- 
2.31.1

[PATCH 0/2] qcow2: add keep-dirty open option

[Vladimir Sementsov-Ogievskiy]

Hi all! Here is suggestion of a new option which we need for our
developments in Virtuozzo.

For details look at patch 01.

Vladimir Sementsov-Ogievskiy (2):
  qcow2: add keep-dirty open option
  iotests: add qcow2-keep-dirty

 qapi/block-core.json  |   5 +
 block/qcow2.h |   2 +
 block/qcow2.c |  66 +--
 tests/qemu-iotests/tests/qcow2-keep-dirty | 104 ++
 tests/qemu-iotests/tests/qcow2-keep-dirty.out |  34 ++
 5 files changed, 199 insertions(+), 12 deletions(-)
 create mode 100755 tests/qemu-iotests/tests/qcow2-keep-dirty
 create mode 100644 tests/qemu-iotests/tests/qcow2-keep-dirty.out

-- 
2.31.1

Re: [PULL 0/3] M68k for 7.0 patches

[Peter Maydell]

On Thu, 20 Jan 2022 at 09:44, Laurent Vivier  wrote:
>
> The following changes since commit 5e0214cdeee17de949f2565f4429c15173179ae3:
>
>   Merge remote-tracking branch 
> 'remotes/thuth-gitlab/tags/pull-request-2022-01-19' into staging (2022-01-19 
> 16:37:46 +)
>
> are available in the Git repository at:
>
>   git://github.com/vivier/qemu-m68k.git tags/m68k-for-7.0-pull-request
>
> for you to fetch changes up to e48b140eef9775986cc18038c7bc68f8d2b7fe1d:
>
>   m68k: virt: correctly set the initial PC (2022-01-20 09:09:37 +0100)
>
> ----
> m68k pull request 20220120
>
> Fix virt-m68k reboot
>
> 


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/7.0
for any user-visible changes.

-- PMM

Re: [PATCH v2 13/14] target/ppc: 405: Program exception cleanup

[Cédric Le Goater]

On 1/19/22 13:54, Fabiano Rosas wrote:

David Gibson  writes:


On Tue, Jan 18, 2022 at 03:44:47PM -0300, Fabiano Rosas wrote:

The 405 Program Interrupt does not set SRR1 with any diagnostic bits,
just a clean copy of the MSR.

We're using the BookE Exception Syndrome Register which is different
from the 405.


Hrm.  We really do want to set the 40x ESR bits here, though.


Well I wrote the code and nothing changed so I dropped it. Not sure if
we are even raising these properly in the translation code. I'll take
another look.



For instance, this ESR bit allows Linux to handle traps correctly in
some cases, like when CONFIG_DEBUG_VM=y :

@@ -488,7 +488,9 @@ static void powerpc_excp_40x(PowerPCCPU
 trace_ppc_excp_inval(env->nip);
 break;
 case POWERPC_EXCP_PRIV:
+break;
 case POWERPC_EXCP_TRAP:
+env->spr[SPR_40x_ESR] = ESR_PTR;
 break;
 default:
 cpu_abort(cs, "Invalid program exception %d. Aborting\n",


These could be reported to Linux :

/* On 4xx, the reason for the machine check or program exception
   is in the ESR. */
#define get_reason(regs)((regs)->esr)
#define REASON_FP   ESR_FP
#define REASON_ILLEGAL  (ESR_PIL | ESR_PUO)
#define REASON_PRIVILEGED   ESR_PPR
#define REASON_TRAP ESR_PTR
#define REASON_PREFIXED 0
#define REASON_BOUNDARY 0


Thanks,

C.

Re: [PATCH] Update copyright dates to 2022

[Daniel P . Berrangé]

On Thu, Jan 20, 2022 at 12:47:13PM +, Peter Maydell wrote:
> It's a new year; update the copyright strings for our
> help/version/about information and for our documentation.
> 
> Signed-off-by: Peter Maydell 
> ---
> For once I remembered to do this in January :-)
> 
> I suppose at some point we should try to arrange that Sphinx
> can pick up the copyright year from a common location so
> we don't need to change two places.
> 
>  docs/conf.py  | 2 +-
>  include/qemu-common.h | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Reviewed-by: Daniel P. Berrangé 


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[PATCH 1/2] qcow2: add keep-dirty open option

[Vladimir Sementsov-Ogievskiy]

Consider the case:

Thirdparty component works with qcow2 image, and dirty bit is set.

Thirdparty component want to start qemu-img to do some manipulation.
Ofcourse, third party component flushes refcounts and other metadata
before starting QEMU.

But the component don't want to clear dirty bit, as this breaks
transactionability of the operation: we'll have to set it again but it
may fail. Clearing the dirty bit is unrecoverable action and can't be
transactional. That's a problem.

The solution is a new qcow2 open option: keep-dirty. When set:
1. On qcow2 open, ignore dirty bit and don't do check: caller is
   responsible for refcounts being valid.
2. Never clear dirty bit during QEMU execution, including close.

Details:

1. For simplicity let's just not allow keep-dirty without lazy
   refcounts.

2. Don't allow to open with keep-dirty when dirty bit is unset. This
   may mean some error in user logic.

3. For implementation do the following: dirty flag
   in s->incompatible_features behaves same way as without keep-dirty
   option: it actually designate status of refcounts dirtiness. But we
   never clear the flag in the image, and we remember that it is always
   set.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 qapi/block-core.json |  5 
 block/qcow2.h|  2 ++
 block/qcow2.c| 66 
 3 files changed, 61 insertions(+), 12 deletions(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index 9a5a3641d0..3e35357182 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3228,6 +3228,10 @@
 # @lazy-refcounts: whether to enable the lazy refcounts
 #  feature (default is taken from the image file)
 #
+# @keep-dirty: whether to not touch dirty bit. When set, QEMU doesn't
+#  check refcounts on qcow2 open (ignoring dirty bit) and doesn't
+#  clear dirty bit on qcow2 close. (since 7.0)
+#
 # @pass-discard-request: whether discard requests to the qcow2
 #device should be forwarded to the data source
 #
@@ -3276,6 +3280,7 @@
 { 'struct': 'BlockdevOptionsQcow2',
   'base': 'BlockdevOptionsGenericCOWFormat',
   'data': { '*lazy-refcounts': 'bool',
+'*keep-dirty': 'bool',
 '*pass-discard-request': 'bool',
 '*pass-discard-snapshot': 'bool',
 '*pass-discard-other': 'bool',
diff --git a/block/qcow2.h b/block/qcow2.h
index fd48a89d45..696e13377a 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -130,6 +130,7 @@
 
 #define QCOW2_OPT_DATA_FILE "data-file"
 #define QCOW2_OPT_LAZY_REFCOUNTS "lazy-refcounts"
+#define QCOW2_OPT_KEEP_DIRTY "keep-dirty"
 #define QCOW2_OPT_DISCARD_REQUEST "pass-discard-request"
 #define QCOW2_OPT_DISCARD_SNAPSHOT "pass-discard-snapshot"
 #define QCOW2_OPT_DISCARD_OTHER "pass-discard-other"
@@ -376,6 +377,7 @@ typedef struct BDRVQcow2State {
 int flags;
 int qcow_version;
 bool use_lazy_refcounts;
+bool keep_dirty;
 int refcount_order;
 int refcount_bits;
 uint64_t refcount_max;
diff --git a/block/qcow2.c b/block/qcow2.c
index d509016756..1c42103fb9 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -514,15 +514,17 @@ int qcow2_mark_dirty(BlockDriverState *bs)
 return 0; /* already dirty */
 }
 
-val = cpu_to_be64(s->incompatible_features | QCOW2_INCOMPAT_DIRTY);
-ret = bdrv_pwrite(bs->file, offsetof(QCowHeader, incompatible_features),
-  , sizeof(val));
-if (ret < 0) {
-return ret;
-}
-ret = bdrv_flush(bs->file->bs);
-if (ret < 0) {
-return ret;
+if (!s->keep_dirty) {
+val = cpu_to_be64(s->incompatible_features | QCOW2_INCOMPAT_DIRTY);
+ret = bdrv_pwrite(bs->file, offsetof(QCowHeader, 
incompatible_features),
+  , sizeof(val));
+if (ret < 0) {
+return ret;
+}
+ret = bdrv_flush(bs->file->bs);
+if (ret < 0) {
+return ret;
+}
 }
 
 /* Only treat image as dirty if the header was updated successfully */
@@ -549,7 +551,13 @@ static int qcow2_mark_clean(BlockDriverState *bs)
 return ret;
 }
 
-return qcow2_update_header(bs);
+if (!s->keep_dirty) {
+/*
+ * No reason to update the header if we don't want to clear dirty
+ * bit.
+ */
+return qcow2_update_header(bs);
+}
 }
 return 0;
 }
@@ -709,6 +717,11 @@ static QemuOptsList qcow2_runtime_opts = {
 .type = QEMU_OPT_BOOL,
 .help = "Postpone refcount updates",
 },
+{
+.name = QCOW2_OPT_KEEP_DIRTY,
+.type = QEMU_OPT_BOOL,
+.help = "Keep dirty bit untouched",
+},
 {
 .name = QCOW2_OPT_DISCARD_REQUEST,
 .type = QEMU_OPT_BOOL,
@@ -966,6 +979,7 @@ typedef struct Qcow2ReopenState {
 Qcow2Cache *refcount_block_cache;
 int 

Re: [PATCH v5 03/18] pci: isolated address space for PCI bus

[Jag Raman]

> On Jan 19, 2022, at 7:12 PM, Michael S. Tsirkin  wrote:
> 
> On Wed, Jan 19, 2022 at 04:41:52PM -0500, Jagannathan Raman wrote:
>> Allow PCI buses to be part of isolated CPU address spaces. This has a
>> niche usage.
>> 
>> TYPE_REMOTE_MACHINE allows multiple VMs to house their PCI devices in
>> the same machine/server. This would cause address space collision as
>> well as be a security vulnerability. Having separate address spaces for
>> each PCI bus would solve this problem.
> 
> Fascinating, but I am not sure I understand. any examples?

Hi Michael!

multiprocess QEMU and vfio-user implement a client-server model to allow
out-of-process emulation of devices. The client QEMU, which makes ioctls
to the kernel and runs VCPUs, could attach devices running in a server
QEMU. The server QEMU needs access to parts of the client’s RAM to
perform DMA.

In the case where multiple clients attach devices that are running on the
same server, we need to ensure that each devices has isolated memory
ranges. This ensures that the memory space of one device is not visible
to other devices in the same server.
 
> 
> I also wonder whether this special type could be modelled like a special
> kind of iommu internally.

Could you please provide some more details on the design?

> 
>> Signed-off-by: Elena Ufimtseva 
>> Signed-off-by: John G Johnson 
>> Signed-off-by: Jagannathan Raman 
>> ---
>> include/hw/pci/pci.h |  2 ++
>> include/hw/pci/pci_bus.h | 17 +
>> hw/pci/pci.c | 17 +
>> hw/pci/pci_bridge.c  |  5 +
>> 4 files changed, 41 insertions(+)
>> 
>> diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
>> index 023abc0f79..9bb4472abc 100644
>> --- a/include/hw/pci/pci.h
>> +++ b/include/hw/pci/pci.h
>> @@ -387,6 +387,8 @@ void pci_device_save(PCIDevice *s, QEMUFile *f);
>> int pci_device_load(PCIDevice *s, QEMUFile *f);
>> MemoryRegion *pci_address_space(PCIDevice *dev);
>> MemoryRegion *pci_address_space_io(PCIDevice *dev);
>> +AddressSpace *pci_isol_as_mem(PCIDevice *dev);
>> +AddressSpace *pci_isol_as_io(PCIDevice *dev);
>> 
>> /*
>>  * Should not normally be used by devices. For use by sPAPR target
>> diff --git a/include/hw/pci/pci_bus.h b/include/hw/pci/pci_bus.h
>> index 347440d42c..d78258e79e 100644
>> --- a/include/hw/pci/pci_bus.h
>> +++ b/include/hw/pci/pci_bus.h
>> @@ -39,9 +39,26 @@ struct PCIBus {
>> void *irq_opaque;
>> PCIDevice *devices[PCI_SLOT_MAX * PCI_FUNC_MAX];
>> PCIDevice *parent_dev;
>> +
>> MemoryRegion *address_space_mem;
>> MemoryRegion *address_space_io;
>> 
>> +/**
>> + * Isolated address spaces - these allow the PCI bus to be part
>> + * of an isolated address space as opposed to the global
>> + * address_space_memory & address_space_io.
> 
> Are you sure address_space_memory & address_space_io are
> always global? even in the case of an iommu?

On the CPU side of the Root Complex, I believe address_space_memory
& address_space_io are global.

In the vfio-user case, devices on the same machine (TYPE_REMOTE_MACHINE)
could be attached to different clients VMs. Each client would have their own 
address
space for their CPUs. With isolated address spaces, we ensure that the devices
see the address space of the CPUs they’re attached to.

Not sure if it’s OK to share weblinks in this mailing list, please let me know 
if that’s
not preferred. But I’m referring to the terminology used in the following block 
diagram:
https://en.wikipedia.org/wiki/Root_complex#/media/File:Example_PCI_Express_Topology.svg

> 
>> This allows the
>> + * bus to be attached to CPUs from different machines. The
>> + * following is not used used commonly.
>> + *
>> + * TYPE_REMOTE_MACHINE allows emulating devices from multiple
>> + * VM clients,
> 
> what are VM clients?

It’s the client in the client - server model explained above.

Thank you!
--
Jag

> 
>> as such it needs the PCI buses in the same machine
>> + * to be part of different CPU address spaces. The following is
>> + * useful in that scenario.
>> + *
>> + */
>> +AddressSpace *isol_as_mem;
>> +AddressSpace *isol_as_io;
>> +
>> QLIST_HEAD(, PCIBus) child; /* this will be replaced by qdev later */
>> QLIST_ENTRY(PCIBus) sibling;/* this will be replaced by qdev later */
>> 
>> diff --git a/hw/pci/pci.c b/hw/pci/pci.c
>> index 5d30f9ca60..d5f1c6c421 100644
>> --- a/hw/pci/pci.c
>> +++ b/hw/pci/pci.c
>> @@ -442,6 +442,8 @@ static void pci_root_bus_internal_init(PCIBus *bus, 
>> DeviceState *parent,
>> bus->slot_reserved_mask = 0x0;
>> bus->address_space_mem = address_space_mem;
>> bus->address_space_io = address_space_io;
>> +bus->isol_as_mem = NULL;
>> +bus->isol_as_io = NULL;
>> bus->flags |= PCI_BUS_IS_ROOT;
>> 
>> /* host bridge */
>> @@ -2676,6 +2678,16 @@ MemoryRegion *pci_address_space_io(PCIDevice *dev)
>> return pci_get_bus(dev)->address_space_io;
>> }
>> 
>> +AddressSpace 

[PATCH] hw/armv7m: Fix broken VMStateDescription

[Peter Maydell]

In commit d5093d961585f02 we added a VMStateDescription to
the TYPE_ARMV7M object, to handle migration of its Clocks.
However a cut-and-paste error meant we used the wrong struct
name in the VMSTATE_CLOCK() macro arguments. The result was
that attempting a 'savevm' might result in an assertion
failure.

Cc: qemu-sta...@nongnu.org
Buglink: https://gitlab.com/qemu-project/qemu/-/issues/803
Fixes: d5093d961585f02
Signed-off-by: Peter Maydell 
---
It's a shame there's no way to type-check that the struct
name used in the VMSTATE macros is correct...
---
 hw/arm/armv7m.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
index 8d08db80be8..ceb76df3cd4 100644
--- a/hw/arm/armv7m.c
+++ b/hw/arm/armv7m.c
@@ -520,8 +520,8 @@ static const VMStateDescription vmstate_armv7m = {
 .version_id = 1,
 .minimum_version_id = 1,
 .fields = (VMStateField[]) {
-VMSTATE_CLOCK(refclk, SysTickState),
-VMSTATE_CLOCK(cpuclk, SysTickState),
+VMSTATE_CLOCK(refclk, ARMv7MState),
+VMSTATE_CLOCK(cpuclk, ARMv7MState),
 VMSTATE_END_OF_LIST()
 }
 };
-- 
2.25.1

[PULL v2 00/38] target-arm queue

[Peter Maydell]

v1->v2: fix up format string issues in aspeed_i3c.c

-- PMM

The following changes since commit b10d00d8811fa4eed4862963273d7353ce310c82:

  Merge remote-tracking branch 
'remotes/kraxel/tags/seabios-20220118-pull-request' into staging (2022-01-19 
18:46:28 +)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git 
tags/pull-target-arm-20220120-1

for you to fetch changes up to b9d383ab797f54ae5fa8746117770709921dc529:

  hw/intc/arm_gicv3: Check for !MEMTX_OK instead of MEMTX_ERROR (2022-01-20 
16:04:58 +)


target-arm:
 * hw/intc/arm_gicv3_its: Fix various minor bugs
 * hw/arm/aspeed: Add the i3c device to the AST2600 SoC
 * hw/arm: kudo: add lm75s behind bus 1 switch at 75
 * hw/arm/virt: Fix support for running guests on hosts
   with restricted IPA ranges
 * hw/intc/arm_gic: Allow reset of the running priority
 * hw/intc/arm_gic: Implement read of GICC_IIDR
 * hw/arm/virt: Support for virtio-mem-pci
 * hw/arm/virt: Support CPU cluster on ARM virt machine
 * docs/can: convert to restructuredText
 * hw/net: Move MV88W8618 network device out of hw/arm/ directory
 * hw/arm/virt: KVM: Enable PAuth when supported by the host


Gavin Shan (2):
  virtio-mem: Correct default THP size for ARM64
  hw/arm/virt: Support for virtio-mem-pci

Lucas Ramage (1):
  docs/can: convert to restructuredText

Marc Zyngier (7):
  hw/arm/virt: KVM: Enable PAuth when supported by the host
  hw/arm/virt: Add a control for the the highmem PCIe MMIO
  hw/arm/virt: Add a control for the the highmem redistributors
  hw/arm/virt: Honor highmem setting when computing the memory map
  hw/arm/virt: Use the PA range to compute the memory map
  hw/arm/virt: Disable highmem devices that don't fit in the PA range
  hw/arm/virt: Drop superfluous checks against highmem

Patrick Venture (1):
  hw/arm: kudo add lm75s behind bus 1 switch at 75

Peter Maydell (13):
  hw/intc/arm_gicv3_its: Fix event ID bounds checks
  hw/intc/arm_gicv3_its: Convert int ID check to num_intids convention
  hw/intc/arm_gicv3_its: Fix handling of process_its_cmd() return value
  hw/intc/arm_gicv3_its: Don't use data if reading command failed
  hw/intc/arm_gicv3_its: Use enum for return value of process_* functions
  hw/intc/arm_gicv3_its: Fix return codes in process_its_cmd()
  hw/intc/arm_gicv3_its: Refactor process_its_cmd() to reduce nesting
  hw/intc/arm_gicv3_its: Fix return codes in process_mapti()
  hw/intc/arm_gicv3_its: Fix return codes in process_mapc()
  hw/intc/arm_gicv3_its: Fix return codes in process_mapd()
  hw/intc/arm_gicv3_its: Factor out "find address of table entry" code
  hw/intc/arm_gicv3_its: Check indexes before use, not after
  hw/intc/arm_gicv3_its: Range-check ICID before indexing into collection 
table

Petr Pavlu (2):
  hw/intc/arm_gic: Implement read of GICC_IIDR
  hw/intc/arm_gic: Allow reset of the running priority

Philippe Mathieu-Daudé (4):
  hw: Move MARVELL_88W8618 Kconfig from audio/ to arm/
  hw/arm/musicpal: Fix coding style of code related to MV88W8618 device
  hw/net: Move MV88W8618 network device out of hw/arm/ directory
  hw/intc/arm_gicv3: Check for !MEMTX_OK instead of MEMTX_ERROR

Troy Lee (2):
  hw/misc/aspeed_i3c.c: Introduce a dummy AST2600 I3C model.
  hw/arm/aspeed: Add the i3c device to the AST2600 SoC

Yanan Wang (6):
  hw/arm/virt: Support CPU cluster on ARM virt machine
  hw/arm/virt: Support cluster level in DT cpu-map
  hw/acpi/aml-build: Improve scalability of PPTT generation
  tests/acpi/bios-tables-test: Allow changes to virt/PPTT file
  hw/acpi/aml-build: Support cluster level in PPTT generation
  tests/acpi/bios-table-test: Update expected virt/PPTT file

 docs/system/arm/cpu-features.rst |   4 -
 docs/system/device-emulation.rst |   1 +
 docs/{can.txt => system/devices/can.rst} |  90 +++---
 include/hw/arm/aspeed_soc.h  |   3 +
 include/hw/arm/virt.h|   5 +-
 include/hw/misc/aspeed_i3c.h |  48 +++
 include/hw/net/mv88w8618_eth.h   |  12 +
 target/arm/cpu.h |   1 +
 hw/acpi/aml-build.c  |  68 +++--
 hw/arm/aspeed_ast2600.c  |  16 +
 hw/arm/musicpal.c| 381 +---
 hw/arm/npcm7xx_boards.c  |  10 +-
 hw/arm/virt-acpi-build.c |  10 +-
 hw/arm/virt.c| 184 ++--
 hw/intc/arm_gic.c|  11 +
 hw/intc/arm_gicv3_its.c  | 492 ++-
 hw/intc/arm_gicv3_redist.c   |   4 +-
 hw/misc/aspeed_i3c.c | 384 
 hw/net

Re: [PATCH 0/2] virtio: Add vhost-user-gpio device's support

[Alex Bennée]

"Michael S. Tsirkin"  writes:

> On Thu, Jan 20, 2022 at 09:32:34AM +0530, Viresh Kumar wrote:
>> On 17-01-22, 10:11, Alex Bennée wrote:
>> > 
>> > "Michael S. Tsirkin"  writes:
>> > 
>> > > On Wed, Jan 12, 2022 at 05:04:57PM +0530, Viresh Kumar wrote:
>> > >> Hello,
>> > >> 
>> > >> This patchset adds vhost-user-gpio device's support in Qemu. The 
>> > >> support for the
>> > >> same has already been added to virtio specification and Linux Kernel.
>> > >> 
>> > >> A Rust based backend is also in progress and is tested against this 
>> > >> patchset:
>> > >> 
>> > >> https://github.com/rust-vmm/vhost-device/pull/76
>> > >
>> > >
>> > > I'm reluctant to add this with no tests in tree.
>> > > Want to write a minimal libhost-user based backend?
>> 
>> I actually have one already, that I wrote before attempting the Rust
>> counterpart, but never upstreamed as I am not sure if anyone is ever
>> going to use it, as I am not. And I thought what's the point of
>> merging code which I will never end up using.
>> 
>> I am not sure what test I can add here to make sure this doesn't
>> breaks in future though.
>
> something that executes with make check.

With Eric's latest series
(20220118203833.316741-1-eric.au...@redhat.com) we are already
exercising most of the PCI code:

  ➜  gcov ./libqemu-aarch64-softmmu.fa.p/hw_virtio_vhost-user-gpio.c.gcda
  File '../../hw/virtio/vhost-user-gpio.c'
  Lines executed:10.43% of 163
  Creating 'vhost-user-gpio.c.gcov'

  File '/home/alex/lsrc/qemu.git/include/qemu/bitops.h'
  Lines executed:100.00% of 4
  Creating 'bitops.h.gcov'

  File '/home/alex/lsrc/qemu.git/include/hw/virtio/virtio.h'
  Lines executed:12.50% of 8
  Creating 'virtio.h.gcov'

  File '/home/alex/lsrc/qemu.git/include/hw/virtio/vhost-user-gpio.h'
  Lines executed:0.00% of 1
  Creating 'vhost-user-gpio.h.gcov'

  File '/home/alex/lsrc/qemu.git/include/hw/virtio/virtio-bus.h'
  Lines executed:0.00% of 1
  Creating 'virtio-bus.h.gcov'

  File '/home/alex/lsrc/qemu.git/include/hw/qdev-core.h'
  Lines executed:50.00% of 2
  Creating 'qdev-core.h.gcov'

  15:40:35 alex@zen:qemu.git/builds/gprof  on  review/virtio-gpio-boilerplate 
[$?] 
  ➜  gcov ./libqemu-aarch64-softmmu.fa.p/hw_virtio_vhost-user-gpio-pci.c.gcda
  File '../../hw/virtio/vhost-user-gpio-pci.c'
  Lines executed:76.92% of 26
  Creating 'vhost-user-gpio-pci.c.gcov'

  File '/home/alex/lsrc/qemu.git/include/qemu/bitops.h'
  Lines executed:100.00% of 4
  Creating 'bitops.h.gcov'

  File '../../hw/virtio/virtio-pci.h'
  Lines executed:100.00% of 1
  Creating 'virtio-pci.h.gcov'

  File '/home/alex/lsrc/qemu.git/include/hw/pci/pci.h'
  Lines executed:100.00% of 1
  Creating 'pci.h.gcov'

  File '/home/alex/lsrc/qemu.git/include/hw/qdev-core.h'
  Lines executed:50.00% of 2
  Creating 'qdev-core.h.gcov'

So I think if we add the runes to ensure we instantiate both types
explicitly I think we will have enough coverage.

-- 
Alex Bennée

Re: [PATCH v2 2/6] tests/qtest/libqos/pci: Introduce pio_limit

[Alex Bennée]

Eric Auger  writes:

> At the moment the IO space limit is hardcoded to
> QPCI_PIO_LIMIT = 0x1. When accesses are performed to a bar,
> the base address of this latter is compared against the limit
> to decide whether we perform an IO or a memory access.
>
> On ARM, we cannot keep this PIO limit as the arm-virt machine
> uses [0x3eff, 0x3f00 ] for the IO space map and we
> are mandated to allocate at 0x0.
>
> Add a new flag in QPCIBar indicating whether it is an IO bar
> or a memory bar. This flag is set on QPCIBar allocation and
> provisionned based on the BAR configuration. Then the new flag
> is used in access functions and in iomap() function.
>
> Signed-off-by: Eric Auger 
> Reviewed-by: Thomas Huth 

Reviewed-by: Alex Bennée 

-- 
Alex Bennée

RE: [PATCH 1/3] migration/migration.c: Add missed default error handler for migration state

[Zhang, Chen]

> -Original Message-
> From: Dr. David Alan Gilbert 
> Sent: Thursday, January 20, 2022 1:52 AM
> To: Zhang, Chen 
> Cc: Juan Quintela ; qemu-dev  de...@nongnu.org>
> Subject: Re: [PATCH 1/3] migration/migration.c: Add missed default error
> handler for migration state
> 
> * Zhang Chen (chen.zh...@intel.com) wrote:
> > In the migration_completion() no other status is expected, for example
> > MIGRATION_STATUS_CANCELLING, MIGRATION_STATUS_CANCELLED, etc.
> >
> > Signed-off-by: Zhang Chen 
> 
> I think you're right;
> 
> Reviewed-by: Dr. David Alan Gilbert 
> 
>  however, did you actually see this trigger in a different state?

No, I just read the code and found it.

Thanks
Chen

> 
> Dave
> > ---
> >  migration/migration.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/migration/migration.c b/migration/migration.c index
> > 0652165610..2afa77da03 100644
> > --- a/migration/migration.c
> > +++ b/migration/migration.c
> > @@ -3205,7 +3205,7 @@ static void migration_completion(MigrationState
> *s)
> >  qemu_mutex_unlock_iothread();
> >
> >  trace_migration_completion_postcopy_end_after_complete();
> > -} else if (s->state == MIGRATION_STATUS_CANCELLING) {
> > +} else {
> >  goto fail;
> >  }
> >
> > --
> > 2.25.1
> >
> --
> Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [PATCH v3 10/19] block: introduce fleecing block driver

[Hanna Reitz]

On 22.12.21 18:40, Vladimir Sementsov-Ogievskiy wrote:

Introduce a new driver, that works in pair with copy-before-write to
improve fleecing.

Without fleecing driver, old fleecing scheme looks as follows:

[guest]
   |
   |root
   v
[copy-before-write] -> [temp.qcow2] <--- [nbd export]
   | target  |
   |file |backing
   v |
[active disk] <-+

With fleecing driver, new scheme is:

[guest]
   |
   |root
   v
[copy-before-write] -> [fleecing] <--- [nbd export]
   | target  ||
   |file ||file
   v |v
[active disk]<--source--+  [temp.img]

Benefits of new scheme:

1. Access control: if remote client try to read data that not covered
by original dirty bitmap used on copy-before-write open, client gets
-EACCES.

2. Discard support: if remote client do DISCARD, this additionally to
discarding data in temp.img informs block-copy process to not copy
these clusters. Next read from discarded area will return -EACCES.
This is significant thing: when fleecing user reads data that was
not yet copied to temp.img, we can avoid copying it on further guest
write.

3. Synchronisation between client reads and block-copy write is more
efficient: it doesn't block intersecting block-copy write during
client read.

4. We don't rely on backing feature: active disk should not be backing
of temp image, so we avoid some permission-related difficulties and
temp image now is not required to support backing, it may be simple
raw image.

Note that now nobody calls fleecing_drv_activate(), so new driver is
actually unusable. It's a work for the following patch: support
fleecing block driver in copy-before-write filter driver.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
  qapi/block-core.json |  37 +-
  block/fleecing.h |  16 +++
  block/fleecing-drv.c | 261 +++
  MAINTAINERS  |   1 +
  block/meson.build|   1 +
  5 files changed, 315 insertions(+), 1 deletion(-)
  create mode 100644 block/fleecing-drv.c

diff --git a/qapi/block-core.json b/qapi/block-core.json
index 6904daeacf..b47351dbac 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -2917,13 +2917,14 @@
  # @blkreplay: Since 4.2
  # @compress: Since 5.0
  # @copy-before-write: Since 6.2
+# @fleecing: Since 7.0
  #
  # Since: 2.9
  ##
  { 'enum': 'BlockdevDriver',
'data': [ 'blkdebug', 'blklogwrites', 'blkreplay', 'blkverify', 'bochs',
  'cloop', 'compress', 'copy-before-write', 'copy-on-read', 'dmg',
-'file', 'ftp', 'ftps', 'gluster',
+'file', 'fleecing', 'ftp', 'ftps', 'gluster',
  {'name': 'host_cdrom', 'if': 'HAVE_HOST_BLOCK_DEVICE' },
  {'name': 'host_device', 'if': 'HAVE_HOST_BLOCK_DEVICE' },
  'http', 'https', 'iscsi',
@@ -4181,6 +4182,39 @@
'base': 'BlockdevOptionsGenericFormat',
'data': { 'target': 'BlockdevRef', '*bitmap': 'BlockDirtyBitmap' } }
  
+##

+# @BlockdevOptionsFleecing:
+#
+# Driver that works in pair with copy-before-write filter to make a fleecing
+# scheme like this:
+#
+#[guest]
+#  |
+#  |root
+#  v
+#[copy-before-write] -> [fleecing] <--- [nbd export]
+#  | target  ||
+#  |file ||file
+#  v |v
+#[active disk]<--source--+  [temp.img]


When generating docs, my sphinx doesn’t like this very much.  I don’t 
know exactly what of it, but it complains with:


docs/../qapi/block-core.json:4190:Line block ends without a blank line.

(Line 4190 is the “@BlockdevOptionsFleecing:” line, but there is no 
warning if I remove this ASCII art.)



+#
+# The scheme works like this: on write, fleecing driver saves data to its
+# ``file`` child and remember that this data is in ``file`` child. On read
+# fleecing reads from ``file`` child if data is already stored to it and
+# otherwise it reads from ``source`` child.


I.e. it’s basically a COW format with the allocation bitmap stored as a 
block dirty bitmap.



+# In the same time, before each guest write, ``copy-before-write`` copies
+# corresponding old data  from ``active disk`` to ``fleecing`` node.
+# This way, ``fleecing`` node looks like a kind of snapshot for extenal
+# reader like NBD export.


So this description sounds like the driver is just a COW driver with an 
in-memory allocation bitmap.  But it’s actually specifically tuned for 
fleecing, because it interacts with the CBW node to prevent conflicts, 
and discard requests result in the respective areas become unreadable.


I find that important to mention, because if we don’t, then I’m 
wondering why this isn’t a generic “in-memory-cow” driver, and what 
makes it so useful for fleecing over any other COW driver.


(In fact, I’m asking myself all the time whether we can’t pull this 

Re: [PATCH for-7.0 0/6] target/arm: Implement LVA, LPA, LPA2 features

[Peter Maydell]

On Wed, 8 Dec 2021 at 23:14, Richard Henderson
 wrote:
>
> These features are all related and relatively small.
>
> Testing so far has been limited to booting a kernel
> with 64k pages and VA and PA set to 52 bits, which
> excercises LVA and LPA.
>
> There is not yet upstream support for LPA2, probably
> because it's an ARMv8.7 addition.



>  target/arm/cpu-param.h |   4 +-
>  target/arm/cpu.h   |  17 
>  target/arm/internals.h |  22 +
>  target/arm/cpu64.c |   5 +-
>  target/arm/helper.c| 211 ++---
>  5 files changed, 204 insertions(+), 55 deletions(-)

I'd forgotten about this document too until a conversation today
brought it to mind, but when adding new feature support please
also update the list of supported emulated features in
docs/system/arm/emulation.rst

thanks
-- PMM

Re: [PATCH v5 01/18] configure, meson: override C compiler for cmake

[Jag Raman]

> On Jan 20, 2022, at 8:27 AM, Paolo Bonzini  wrote:
> 
> On 1/19/22 22:41, Jagannathan Raman wrote:
>> The compiler path that cmake gets from meson is corrupted. It results in
>> the following error:
>> | -- The C compiler identification is unknown
>> | CMake Error at CMakeLists.txt:35 (project):
>> | The CMAKE_C_COMPILER:
>> | /opt/rh/devtoolset-9/root/bin/cc;-m64;-mcx16
>> | is not a full path to an existing compiler tool.
>> Explicitly specify the C compiler for cmake to avoid this error
>> Signed-off-by: Jagannathan Raman 
>> Acked-by: Paolo Bonzini 
> 
> This should not be needed anymore, as the bug in Meson has been fixed.

OK, will drop this patch.

Thank you!

> 
> Paolo
> 
>>  configure | 2 ++
>>  1 file changed, 2 insertions(+)
>> diff --git a/configure b/configure
>> index e1a31fb332..6a865f8713 100755
>> --- a/configure
>> +++ b/configure
>> @@ -3747,6 +3747,8 @@ if test "$skip_meson" = no; then
>>echo "cpp_args = [$(meson_quote $CXXFLAGS $EXTRA_CXXFLAGS)]" >> $cross
>>echo "c_link_args = [$(meson_quote $CFLAGS $LDFLAGS $EXTRA_CFLAGS 
>> $EXTRA_LDFLAGS)]" >> $cross
>>echo "cpp_link_args = [$(meson_quote $CXXFLAGS $LDFLAGS $EXTRA_CXXFLAGS 
>> $EXTRA_LDFLAGS)]" >> $cross
>> +  echo "[cmake]" >> $cross
>> +  echo "CMAKE_C_COMPILER = [$(meson_quote $cc $CPU_CFLAGS)]" >> $cross
>>echo "[binaries]" >> $cross
>>echo "c = [$(meson_quote $cc $CPU_CFLAGS)]" >> $cross
>>test -n "$cxx" && echo "cpp = [$(meson_quote $cxx $CPU_CFLAGS)]" >> $cross
>