Re: [PATCH 1/2] hw/arm/virt: Improve address assignment for highmem IO regions

2022-08-10 Thread Gavin Shan 

Hi Marc,

On 8/8/22 7:17 PM, Marc Zyngier wrote:

On Wed, 03 Aug 2022 14:02:04 +0100,
Gavin Shan  wrote:

On 8/3/22 5:01 PM, Marc Zyngier wrote:

On Wed, 03 Aug 2022 04:01:04 +0100,
Gavin Shan  wrote:

On 8/2/22 7:41 PM, Eric Auger wrote:

On 8/2/22 08:45, Gavin Shan wrote:

There are 3 highmem IO regions as below. They can be disabled in
two situations: (a) The specific region is disabled by user. (b)
The specific region doesn't fit in the PA space. However, the base
address and highest_gpa are still updated no matter if the region
is enabled or disabled. It's incorrectly incurring waste in the PA
space.

If I am not wrong highmem_redists and highmem_mmio are not user selectable

Only highmem ecam depends on machine type & ACPI setup. But I would say
that in server use case it is always set. So is that optimization really
needed?


There are two other cases you missed.

- highmem_ecam is enabled after virt-2.12, meaning it stays disabled
before that.


I don't get this. The current behaviour is to disable highmem_ecam if
it doesn't fit in the PA space. I can't see anything that enables it
if it was disabled the first place.



There are several places or conditions where vms->highmem_ecam can be
disabled:

- virt_instance_init() where vms->highmem_ecam is inherited from
   !vmc->no_highmem_ecam. The option is set to true after virt-2.12
   in virt_machine_2_12_options().

- machvirt_init() where vms->highmem_ecam can be disable if we have
   32-bits vCPUs and failure on loading firmware.


Right. But at no point do we *enable* something that was disabled
beforehand, which is how I understood your previous comment.



Sorry for the delay. I think the original changelog is confusing
enough and sorry about it. I will improve it if v2 is needed :)

Yes, we shouldn't assign address to VIRT_HIGH_PCIE_ECAM region
and enable it when vms->highmem_ecam is false in virt_set_memmap().

In the original implementation of virt_set_memmap(), the memory
regioin is disabled when when vms->highmem_ecam is false. However,
the address is still assigned to the memory region, even when
vms->highmem_ecam is false. This leads to waste in the PA space.

In hw/arm/virt.c::virt_set_memmap(), @base is always added with
the memory region size, even the memory region has been disabled.

for (i = VIRT_LOWMEMMAP_LAST; i < ARRAY_SIZE(extended_memmap); i++) {
hwaddr size = extended_memmap[i].size;
bool fits;

base = ROUND_UP(base, size);   /* The roundup isn't 
necessary for disabled region */
vms->memmap[i].base = base;
vms->memmap[i].size = size;

 :
 :

base += size;  /* The increment isn't 
necessary for disabled region */
}



- Another place is where we're talking about. It's address assignment
   to fit the PA space.


Alignment? No, the alignment is cast into stone: it is set to the
smallest power-of-two containing the region (natural alignment).



Nope, I was talking about address assignment, instead of address
alignment. Lets have an example here to explain. For example,
we have following capability and user's command lines. In this
specific example, the memory layout is something like below:

PA space limit:40 bits (1TB)
user's command line:   -m 1GB,maxmem=1019G,slots=4

VIRT_MEM region start: 1GB
VIRT_MEM region end:   2GB
device_memory_base:2GB   // in 
virt_set_memmap()
device_memory_size: 1022GB(end at 1024GB)// in 
virt_set_memmap()

All the high memory regions won't be enabled because we don't

have more free areas in the PA space. In virt_set_memmap(),
@base is still increased by the region's size, as said above.






- The high memory region can be disabled if user is asking large
(normal) memory space through 'maxmem=' option. When the requested
memory by 'maxmem=' is large enough, the high memory regions are
disabled. It means the normal memory has higher priority than those
high memory regions. This is the case I provided in (b) of the
commit log.


Why is that a problem? It matches the expected behaviour, as the
highmem IO region is floating and is pushed up by the memory region.



Eric thought that VIRT_HIGH_GIC_REDIST2 and VIRT_HIGH_PCIE_MMIO regions
aren't user selectable. I tended to explain why it's not true. 'maxmem='
can affect the outcome. When 'maxmem=' value is big enough, there will be
no free area in the PA space to hold those two regions.


Right, that's an interesting point. This is a consequence of these
upper regions floating above RAM.



Yep, it's fine for those high memory region floating above RAM, and to
disable them if we run out of PA space. Something may be irrelevant
to this topic: VIRT_HIGH_PCIE_MMIO region has 512GB, which is huge one.
It may be nice to fall back smaller sizes when we're having tight PA
space. For example, we can fall back to

Re: [PATCH for-7.2 v2 16/20] device_tree.c: support string props in fdt_format_node()

2022-08-10 Thread David Gibson 
On Wed, Aug 10, 2022 at 04:40:18PM -0300, Daniel Henrique Barboza wrote:
> 
> 
> On 8/8/22 01:36, David Gibson wrote:
> > On Fri, Aug 05, 2022 at 06:39:44AM -0300, Daniel Henrique Barboza wrote:
> > > To support printing string properties in 'info fdt' we need to determine
> > > whether a void data might contain a string.
> > 
> > Oh... sorry, obviously I hadn't read these later patches when I
> > complained about the command not printing property values.
> > 
> > > 
> > > We do that by casting the void data to a string array and:
> > > 
> > > - check if the array finishes with a null character
> > > - check if all characters are printable
> > 
> > This won't handle the case of the "string list" several strings tacked
> > together, separated by their terminating \0 characters.
> 
> H how is this printed? Should we concatenate them? Replace the \0
> with a whitespace? Or ignore the zero and concatenate them?
> 
> E.g. this is a\0string\0list
> 
> Should we print it as:
> 
> this is astringlist
> 
> or
> 
> this is a string list ?

Well, if you're going for dts like output, which you seem to be, you
have two options:

1) Escape the medial nulls

"this\0is\0a\0string\0list"

2) Multiple strings:

"this", "is", "a", "string", "list"

Both forms are allowed in dts and will result in an identical
bytestring in the property.

> > > If both conditions are met, we'll consider it to be a string data type
> > > and print it accordingly. After this change, 'info fdt' is now able to
> > > print string properties. Here's an example with the ARM 'virt' machine:
> > > 
> > > (qemu) info fdt /chosen
> > > chosen {
> > >  stdout-path = '/pl011@900'
> > >  rng-seed;
> > >  kaslr-seed;
> > > }
> > > 
> > > Signed-off-by: Daniel Henrique Barboza 
> > > ---
> > >   softmmu/device_tree.c | 25 -
> > >   1 file changed, 24 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/softmmu/device_tree.c b/softmmu/device_tree.c
> > > index 3fb07b537f..8691c3ccc0 100644
> > > --- a/softmmu/device_tree.c
> > > +++ b/softmmu/device_tree.c
> > > @@ -663,6 +663,24 @@ void qemu_fdt_qmp_dumpdtb(const char *filename, 
> > > Error **errp)
> > >   error_setg(errp, "Error when saving machine FDT to file %s", 
> > > filename);
> > >   }
> > > +static bool fdt_prop_is_string(const void *data, int size)
> > > +{
> > > +const char *str = data;
> > > +int i;
> > > +
> > > +if (size <= 0 || str[size - 1] != '\0') {
> > > +return false;
> > > +}
> > > +
> > > +for (i = 0; i < size - 1; i++) {
> > > +if (!g_ascii_isprint(str[i])) {
> > > +return false;
> > > +}
> > > +}
> > > +
> > > +return true;
> > > +}
> > > +
> > >   static void fdt_format_node(GString *buf, int node, int depth)
> > >   {
> > >   const struct fdt_property *prop = NULL;
> > > @@ -681,7 +699,12 @@ static void fdt_format_node(GString *buf, int node, 
> > > int depth)
> > >   prop = fdt_get_property_by_offset(fdt, property, _size);
> > >   propname = fdt_string(fdt, fdt32_to_cpu(prop->nameoff));
> > > -g_string_append_printf(buf, "%*s%s;\n", padding, "", propname);
> > > +if (fdt_prop_is_string(prop->data, prop_size)) {
> > > +g_string_append_printf(buf, "%*s%s = '%s'\n",
> > > +   padding, "", propname, prop->data);
> > 
> > If you're going for dts like output, I'd suggest going all the way.
> > That means \" instead of \' and a ';' at the end of the line.
> > 
> > > +} else {
> > > +g_string_append_printf(buf, "%*s%s;\n", padding, "", 
> > > propname);
> > > +}
> > >   }
> > >   padding -= 4;
> > 
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH v3 2/4] target/s390x: Make translator stop before the end of a page

2022-08-10 Thread Richard Henderson 

On 8/8/22 10:10, Ilya Leoshkevich wrote:

Right now translator stops right *after* the end of a page, which
breaks reporting of fault locations when the last instruction of a
multi-insn translation block crosses a page boundary.

Signed-off-by: Ilya Leoshkevich 
---
  include/exec/translator.h| 10 ++
  target/s390x/tcg/translate.c | 15 +++
  2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/include/exec/translator.h b/include/exec/translator.h
index 7db6845535..d27f8c33b6 100644
--- a/include/exec/translator.h
+++ b/include/exec/translator.h
@@ -187,4 +187,14 @@ FOR_EACH_TRANSLATOR_LD(GEN_TRANSLATOR_LD)
  
  #undef GEN_TRANSLATOR_LD
  
+/*

+ * Return whether addr is on the same page as where disassembly started.
+ * Translators can use this to enforce the rule that only single-insn
+ * translation blocks are allowed to cross page boundaries.
+ */
+static inline bool is_same_page(DisasContextBase *db, target_ulong addr)
+{
+return ((addr ^ db->pc_first) & TARGET_PAGE_MASK) == 0;
+}


FYI, I've had occasion to pull this out to a separate patch locally.


r~

Re: [BUG] cxl can not create region

2022-08-10 Thread Bobo WL 
On Tue, Aug 9, 2022 at 11:17 PM Dan Williams  wrote:
>
> Bobo WL wrote:
> > Hi Dan,
> >
> > Thanks for your reply!
> >
> > On Mon, Aug 8, 2022 at 11:58 PM Dan Williams  
> > wrote:
> > >
> > > What is the output of:
> > >
> > > cxl list -MDTu -d decoder0.0
> > >
> > > ...? It might be the case that mem1 cannot be mapped by decoder0.0, or
> > > at least not in the specified order, or that validation check is broken.
> >
> > Command "cxl list -MDTu -d decoder0.0" output:
>
> Thanks for this, I think I know the problem, but will try some
> experiments with cxl_test first.
>
> Did the commit_store() crash stop reproducing with latest cxl/preview
> branch?

No, still hitting this bug if don't add extra HB device in qemu

[PATCH v1 5/6] hw/loongarch: Add hotplug handler for machine

2022-08-10 Thread Xiaojuan Yang 
Add hotplug handler for LoongArch virt machine and now only support
the dynamic sysbus device.

Signed-off-by: Xiaojuan Yang 
---
 hw/loongarch/virt.c | 32 
 1 file changed, 32 insertions(+)

diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index 3976e8a058..a3dd35d579 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -804,9 +804,35 @@ static void loongarch_machine_initfn(Object *obj)
 lams->oem_table_id = g_strndup(ACPI_BUILD_APPNAME8, 8);
 }
 
+static void loongarch_machine_device_plug_cb(HotplugHandler *hotplug_dev,
+DeviceState *dev, Error **errp)
+{
+LoongArchMachineState *lams = LOONGARCH_MACHINE(hotplug_dev);
+MachineClass *mc = MACHINE_GET_CLASS(lams);
+
+if (device_is_dynamic_sysbus(mc, dev)) {
+if (lams->platform_bus_dev) {
+
platform_bus_link_device(PLATFORM_BUS_DEVICE(lams->platform_bus_dev),
+ SYS_BUS_DEVICE(dev));
+}
+}
+}
+
+static HotplugHandler *virt_machine_get_hotplug_handler(MachineState *machine,
+DeviceState *dev)
+{
+MachineClass *mc = MACHINE_GET_CLASS(machine);
+
+if (device_is_dynamic_sysbus(mc, dev)) {
+return HOTPLUG_HANDLER(machine);
+}
+return NULL;
+}
+
 static void loongarch_class_init(ObjectClass *oc, void *data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
+HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(oc);
 
 mc->desc = "Loongson-3A5000 LS7A1000 machine";
 mc->init = loongarch_init;
@@ -819,6 +845,8 @@ static void loongarch_class_init(ObjectClass *oc, void 
*data)
 mc->block_default_type = IF_VIRTIO;
 mc->default_boot_order = "c";
 mc->no_cdrom = 1;
+mc->get_hotplug_handler = virt_machine_get_hotplug_handler;
+hc->plug = loongarch_machine_device_plug_cb;
 
 object_class_property_add(oc, "acpi", "OnOffAuto",
 loongarch_get_acpi, loongarch_set_acpi,
@@ -834,6 +862,10 @@ static const TypeInfo loongarch_machine_types[] = {
 .instance_size  = sizeof(LoongArchMachineState),
 .class_init = loongarch_class_init,
 .instance_init = loongarch_machine_initfn,
+.interfaces = (InterfaceInfo[]) {
+ { TYPE_HOTPLUG_HANDLER },
+ { }
+},
 }
 };
 
-- 
2.31.1

[PATCH v1 4/6] hw/loongarch: Add platform bus support

2022-08-10 Thread Xiaojuan Yang 
Add platform bus support and add the bus information such as address,
size, irq number to FDT table.

Signed-off-by: Xiaojuan Yang 
---
 hw/loongarch/Kconfig|  1 +
 hw/loongarch/virt.c | 33 +
 include/hw/loongarch/virt.h |  1 +
 include/hw/pci-host/ls7a.h  |  5 +
 4 files changed, 40 insertions(+)

diff --git a/hw/loongarch/Kconfig b/hw/loongarch/Kconfig
index 1deea83626..fef55c5638 100644
--- a/hw/loongarch/Kconfig
+++ b/hw/loongarch/Kconfig
@@ -8,6 +8,7 @@ config LOONGARCH_VIRT
 select SERIAL
 select SERIAL_ISA
 select VIRTIO_PCI
+select PLATFORM_BUS
 select LOONGARCH_IPI
 select LOONGARCH_PCH_PIC
 select LOONGARCH_PCH_MSI
diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index 561b05d404..3976e8a058 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -37,6 +37,8 @@
 #include "hw/mem/nvdimm.h"
 #include "sysemu/device_tree.h"
 #include 
+#include "hw/core/sysbus-fdt.h"
+#include "hw/platform-bus.h"
 
 static void create_fdt(LoongArchMachineState *lams)
 {
@@ -346,6 +348,31 @@ static DeviceState *create_acpi_ged(DeviceState *pch_pic, 
LoongArchMachineState
 return dev;
 }
 
+static DeviceState *create_platform_bus(DeviceState *pch_pic)
+{
+DeviceState *dev;
+SysBusDevice *sysbus;
+int i, irq;
+MemoryRegion *sysmem = get_system_memory();
+
+dev = qdev_new(TYPE_PLATFORM_BUS_DEVICE);
+dev->id = g_strdup(TYPE_PLATFORM_BUS_DEVICE);
+qdev_prop_set_uint32(dev, "num_irqs", VIRT_PLATFORM_BUS_NUM_IRQS);
+qdev_prop_set_uint32(dev, "mmio_size", VIRT_PLATFORM_BUS_SIZE);
+sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), _fatal);
+
+sysbus = SYS_BUS_DEVICE(dev);
+for (i = 0; i < VIRT_PLATFORM_BUS_NUM_IRQS; i++) {
+irq = VIRT_PLATFORM_BUS_IRQ - PCH_PIC_IRQ_OFFSET + i;
+sysbus_connect_irq(sysbus, i, qdev_get_gpio_in(pch_pic, irq));
+}
+
+memory_region_add_subregion(sysmem,
+VIRT_PLATFORM_BUS_BASEADDRESS,
+sysbus_mmio_get_region(sysbus, 0));
+return dev;
+}
+
 static void loongarch_devices_init(DeviceState *pch_pic, LoongArchMachineState 
*lams)
 {
 DeviceState *gpex_dev;
@@ -421,6 +448,8 @@ static void loongarch_devices_init(DeviceState *pch_pic, 
LoongArchMachineState *
 memory_region_add_subregion(get_system_memory(), PM_BASE, pm_mem);
 /* acpi ged */
 lams->acpi_ged = create_acpi_ged(pch_pic, lams);
+/* platform bus */
+lams->platform_bus_dev = create_platform_bus(pch_pic);
 }
 
 static void loongarch_irq_init(LoongArchMachineState *lams)
@@ -726,6 +755,10 @@ static void loongarch_init(MachineState *machine)
 /* Initialize the IO interrupt subsystem */
 loongarch_irq_init(lams);
 fdt_add_irqchip_node(lams);
+platform_bus_add_all_fdt_nodes(machine->fdt, "/intc",
+   VIRT_PLATFORM_BUS_BASEADDRESS,
+   VIRT_PLATFORM_BUS_SIZE,
+   VIRT_PLATFORM_BUS_IRQ);
 lams->machine_done.notify = virt_machine_done;
 qemu_add_machine_init_done_notifier(>machine_done);
 fdt_add_pcie_node(lams);
diff --git a/include/hw/loongarch/virt.h b/include/hw/loongarch/virt.h
index 92b84de1c5..64c90b80d2 100644
--- a/include/hw/loongarch/virt.h
+++ b/include/hw/loongarch/virt.h
@@ -49,6 +49,7 @@ struct LoongArchMachineState {
 char *oem_table_id;
 DeviceState  *acpi_ged;
 int  fdt_size;
+DeviceState *platform_bus_dev;
 };
 
 #define TYPE_LOONGARCH_MACHINE  MACHINE_TYPE_NAME("virt")
diff --git a/include/hw/pci-host/ls7a.h b/include/hw/pci-host/ls7a.h
index cdde0af1f8..9bd875ca8b 100644
--- a/include/hw/pci-host/ls7a.h
+++ b/include/hw/pci-host/ls7a.h
@@ -42,4 +42,9 @@
 #define VIRT_RTC_REG_BASE(VIRT_MISC_REG_BASE + 0x00050100)
 #define VIRT_RTC_LEN 0x100
 #define VIRT_SCI_IRQ (PCH_PIC_IRQ_OFFSET + 4)
+
+#define VIRT_PLATFORM_BUS_BASEADDRESS   0x1600
+#define VIRT_PLATFORM_BUS_SIZE  0x200
+#define VIRT_PLATFORM_BUS_NUM_IRQS  2
+#define VIRT_PLATFORM_BUS_IRQ   69
 #endif
-- 
2.31.1

[PATCH v1 1/6] hw/loongarch: Remove vga device when loongarch init

2022-08-10 Thread Xiaojuan Yang 
Remove the vga device when loongarch machine init and
we will support other display device in the future.

Signed-off-by: Xiaojuan Yang 
---
 hw/loongarch/Kconfig | 1 -
 hw/loongarch/virt.c  | 3 ---
 2 files changed, 4 deletions(-)

diff --git a/hw/loongarch/Kconfig b/hw/loongarch/Kconfig
index a99aa387c3..73c52b093e 100644
--- a/hw/loongarch/Kconfig
+++ b/hw/loongarch/Kconfig
@@ -2,7 +2,6 @@ config LOONGARCH_VIRT
 bool
 select PCI
 select PCI_EXPRESS_GENERIC_BRIDGE
-imply VGA_PCI
 imply VIRTIO_VGA
 imply PCI_DEVICES
 select ISA_BUS
diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index 5cc0b05538..b56820ecda 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -378,9 +378,6 @@ static void loongarch_devices_init(DeviceState *pch_pic, 
LoongArchMachineState *
 pci_nic_init_nofail(nd, pci_bus, nd->model, NULL);
 }
 
-/* VGA setup */
-pci_vga_init(pci_bus);
-
 /*
  * There are some invalid guest memory access.
  * Create some unimplemented devices to emulate this.
-- 
2.31.1

[PATCH v1 0/6] Add funtions for LoongArch virt machine

2022-08-10 Thread Xiaojuan Yang 
This series add some new functions such as fw_cfg dma, platform bus,
hotplug handler for LoongArch virt machine, And remove the default
vga display device, using ramfb to replace it.

Changes for v1:
1. Remove default vga device.
2. Support fw_cfg dma function.
3. Add interrupt information to FDT table.
4. Add platform bus support.
5. Add hotplug handler for machine.
6. Add RAMFB to dynamic_sysbus_devices list.

Please help review.
Thanks.

Xiaojuan Yang (6):
  hw/loongarch: Remove vga device when loongarch init
  hw/loongarch: Support fw_cfg dma function
  hw/loongarch: Add interrupt information to FDT table
  hw/loongarch: Add platform bus support
  hw/loongarch: Add hotplug handler for machine
  hw/loongarch: Add RAMFB to dynamic_sysbus_devices list

 hw/loongarch/Kconfig|   3 +-
 hw/loongarch/fw_cfg.c   |   3 +-
 hw/loongarch/virt.c | 101 ++--
 include/hw/loongarch/virt.h |   1 +
 include/hw/pci-host/ls7a.h  |   5 ++
 5 files changed, 107 insertions(+), 6 deletions(-)

-- 
2.31.1

[PATCH v1 3/6] hw/loongarch: Add interrupt information to FDT table

2022-08-10 Thread Xiaojuan Yang 
Add interrupt information to FDT table, such as interrupt
controller info, compatiable info, etc.

Signed-off-by: Xiaojuan Yang 
---
 hw/loongarch/virt.c | 29 +
 1 file changed, 29 insertions(+)

diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index 4f833a2044..561b05d404 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -158,6 +158,34 @@ static void fdt_add_pcie_node(const LoongArchMachineState 
*lams)
 qemu_fdt_dumpdtb(ms->fdt, lams->fdt_size);
 }
 
+static void fdt_add_irqchip_node(LoongArchMachineState *lams)
+{
+MachineState *ms = MACHINE(lams);
+char *nodename;
+uint32_t irqchip_phandle;
+
+irqchip_phandle = qemu_fdt_alloc_phandle(ms->fdt);
+qemu_fdt_setprop_cell(ms->fdt, "/", "interrupt-parent", irqchip_phandle);
+
+nodename = g_strdup_printf("/intc@%" PRIx64,
+  VIRT_IOAPIC_REG_BASE);
+qemu_fdt_add_subnode(ms->fdt, nodename);
+qemu_fdt_setprop_cell(ms->fdt, nodename, "#interrupt-cells", 3);
+qemu_fdt_setprop(ms->fdt, nodename, "interrupt-controller", NULL, 0);
+qemu_fdt_setprop_cell(ms->fdt, nodename, "#address-cells", 0x2);
+qemu_fdt_setprop_cell(ms->fdt, nodename, "#size-cells", 0x2);
+qemu_fdt_setprop(ms->fdt, nodename, "ranges", NULL, 0);
+
+qemu_fdt_setprop_string(ms->fdt, nodename, "compatible",
+"loongarch,ls7a");
+
+qemu_fdt_setprop_sized_cells(ms->fdt, nodename, "reg",
+ 2, VIRT_IOAPIC_REG_BASE,
+ 2, PCH_PIC_ROUTE_ENTRY_OFFSET);
+
+qemu_fdt_setprop_cell(ms->fdt, nodename, "phandle", irqchip_phandle);
+g_free(nodename);
+}
 
 #define PM_BASE 0x1008
 #define PM_SIZE 0x100
@@ -697,6 +725,7 @@ static void loongarch_init(MachineState *machine)
 }
 /* Initialize the IO interrupt subsystem */
 loongarch_irq_init(lams);
+fdt_add_irqchip_node(lams);
 lams->machine_done.notify = virt_machine_done;
 qemu_add_machine_init_done_notifier(>machine_done);
 fdt_add_pcie_node(lams);
-- 
2.31.1

[PATCH v1 6/6] hw/loongarch: Add RAMFB to dynamic_sysbus_devices list

2022-08-10 Thread Xiaojuan Yang 
Add RAMFB device to dynamic_sysbus_devices list so that it can be
hotpluged to the machine.

Signed-off-by: Xiaojuan Yang 
---
 hw/loongarch/virt.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index a3dd35d579..1e1dc699ef 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -39,6 +39,7 @@
 #include 
 #include "hw/core/sysbus-fdt.h"
 #include "hw/platform-bus.h"
+#include "hw/display/ramfb.h"
 
 static void create_fdt(LoongArchMachineState *lams)
 {
@@ -853,6 +854,7 @@ static void loongarch_class_init(ObjectClass *oc, void 
*data)
 NULL, NULL);
 object_class_property_set_description(oc, "acpi",
 "Enable ACPI");
+machine_class_allow_dynamic_sysbus_dev(mc, TYPE_RAMFB_DEVICE);
 }
 
 static const TypeInfo loongarch_machine_types[] = {
-- 
2.31.1

[PATCH v1 2/6] hw/loongarch: Support fw_cfg dma function

2022-08-10 Thread Xiaojuan Yang 
Support fw_cfg dma function for LoongArch virt machine.

Signed-off-by: Xiaojuan Yang 
---
 hw/loongarch/Kconfig  | 1 +
 hw/loongarch/fw_cfg.c | 3 ++-
 hw/loongarch/virt.c   | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/loongarch/Kconfig b/hw/loongarch/Kconfig
index 73c52b093e..1deea83626 100644
--- a/hw/loongarch/Kconfig
+++ b/hw/loongarch/Kconfig
@@ -16,3 +16,4 @@ config LOONGARCH_VIRT
 select SMBIOS
 select ACPI_PCI
 select ACPI_HW_REDUCED
+select FW_CFG_DMA
diff --git a/hw/loongarch/fw_cfg.c b/hw/loongarch/fw_cfg.c
index f6503d5607..f15a17416c 100644
--- a/hw/loongarch/fw_cfg.c
+++ b/hw/loongarch/fw_cfg.c
@@ -23,7 +23,8 @@ FWCfgState *loongarch_fw_cfg_init(ram_addr_t ram_size, 
MachineState *ms)
 int max_cpus = ms->smp.max_cpus;
 int smp_cpus = ms->smp.cpus;
 
-fw_cfg = fw_cfg_init_mem_wide(VIRT_FWCFG_BASE + 8, VIRT_FWCFG_BASE, 8, 0, 
NULL);
+fw_cfg = fw_cfg_init_mem_wide(VIRT_FWCFG_BASE + 8, VIRT_FWCFG_BASE, 8,
+  VIRT_FWCFG_BASE + 16, _space_memory);
 fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
 fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
 fw_cfg_add_i16(fw_cfg, FW_CFG_NB_CPUS, (uint16_t)smp_cpus);
diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index b56820ecda..4f833a2044 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -118,7 +118,7 @@ static void fdt_add_fw_cfg_node(const LoongArchMachineState 
*lams)
 qemu_fdt_setprop_string(ms->fdt, nodename,
 "compatible", "qemu,fw-cfg-mmio");
 qemu_fdt_setprop_sized_cells(ms->fdt, nodename, "reg",
- 2, base, 2, 0x8);
+ 2, base, 2, 0x18);
 qemu_fdt_setprop(ms->fdt, nodename, "dma-coherent", NULL, 0);
 g_free(nodename);
 }
-- 
2.31.1

Re: [PATCH 2/3] hw/ssi: fixup coverity issue

2022-08-10 Thread Bin Meng 
On Thu, Aug 11, 2022 at 8:58 AM Wilfred Mallawa
 wrote:
>
> From: Wilfred Mallawa 
>
> This patch addresses the coverity issues specified in [1],
> as suggested, `FIELD_DP32()`/`FIELD_EX32()` macros have been
> implemented to clean up the code.
>
> Additionally, the `EVENT_ENABLE` register is correctly updated
> to addr of `0x34`.
>
> [1] https://www.mail-archive.com/qemu-devel@nongnu.org/msg887713.html
>
> Fixes: Coverity CID 1488107
>
> Signed-off-by: Wilfred Mallawa 

nits: please add "ibex_spi" to the tag, like hw/ssi: ibex_spi:

> ---
>  hw/ssi/ibex_spi_host.c | 141 +++--
>  1 file changed, 78 insertions(+), 63 deletions(-)
>
> diff --git a/hw/ssi/ibex_spi_host.c b/hw/ssi/ibex_spi_host.c
> index 601041d719..8c35bfa95f 100644
> --- a/hw/ssi/ibex_spi_host.c
> +++ b/hw/ssi/ibex_spi_host.c
> @@ -93,7 +93,7 @@ REG32(ERROR_STATUS, 0x30)
>  FIELD(ERROR_STATUS, CMDINVAL, 3, 1)
>  FIELD(ERROR_STATUS, CSIDINVAL, 4, 1)
>  FIELD(ERROR_STATUS, ACCESSINVAL, 5, 1)
> -REG32(EVENT_ENABLE, 0x30)
> +REG32(EVENT_ENABLE, 0x34)
>  FIELD(EVENT_ENABLE, RXFULL, 0, 1)
>  FIELD(EVENT_ENABLE, TXEMPTY, 1, 1)
>  FIELD(EVENT_ENABLE, RXWM, 2, 1)
> @@ -108,18 +108,20 @@ static inline uint8_t div4_round_up(uint8_t dividend)
>
>  static void ibex_spi_rxfifo_reset(IbexSPIHostState *s)
>  {
> +uint32_t data = s->regs[IBEX_SPI_HOST_STATUS];
>  /* Empty the RX FIFO and assert RXEMPTY */
>  fifo8_reset(>rx_fifo);
> -s->regs[IBEX_SPI_HOST_STATUS] &= ~R_STATUS_RXFULL_MASK;
> -s->regs[IBEX_SPI_HOST_STATUS] |= R_STATUS_RXEMPTY_MASK;
> +data = FIELD_DP32(data, STATUS, RXEMPTY, 1);
> +s->regs[IBEX_SPI_HOST_STATUS] = data;
>  }
>
>  static void ibex_spi_txfifo_reset(IbexSPIHostState *s)
>  {
> +uint32_t data = s->regs[IBEX_SPI_HOST_STATUS];
>  /* Empty the TX FIFO and assert TXEMPTY */
>  fifo8_reset(>tx_fifo);
> -s->regs[IBEX_SPI_HOST_STATUS] &= ~R_STATUS_TXFULL_MASK;
> -s->regs[IBEX_SPI_HOST_STATUS] |= R_STATUS_TXEMPTY_MASK;
> +data = FIELD_DP32(data, STATUS, TXEMPTY, 1);
> +s->regs[IBEX_SPI_HOST_STATUS] = data;
>  }
>
>  static void ibex_spi_host_reset(DeviceState *dev)
> @@ -162,37 +164,41 @@ static void ibex_spi_host_reset(DeviceState *dev)
>   */
>  static void ibex_spi_host_irq(IbexSPIHostState *s)
>  {
> -bool error_en = s->regs[IBEX_SPI_HOST_INTR_ENABLE]
> -& R_INTR_ENABLE_ERROR_MASK;
> -bool event_en = s->regs[IBEX_SPI_HOST_INTR_ENABLE]
> -& R_INTR_ENABLE_SPI_EVENT_MASK;
> -bool err_pending = s->regs[IBEX_SPI_HOST_INTR_STATE]
> -& R_INTR_STATE_ERROR_MASK;
> -bool status_pending = s->regs[IBEX_SPI_HOST_INTR_STATE]
> -& R_INTR_STATE_SPI_EVENT_MASK;
> +bool error_en = FIELD_EX32(s->regs[IBEX_SPI_HOST_INTR_ENABLE],
> +   INTR_ENABLE, ERROR);
> +
> +bool event_en = FIELD_EX32(s->regs[IBEX_SPI_HOST_INTR_ENABLE],
> +   INTR_ENABLE, SPI_EVENT);
> +
> +bool err_pending = FIELD_EX32(s->regs[IBEX_SPI_HOST_INTR_STATE],
> +  INTR_STATE, ERROR);
> +
> +bool status_pending = FIELD_EX32(s->regs[IBEX_SPI_HOST_INTR_STATE],
> + INTR_STATE, SPI_EVENT);
> +
>  int err_irq = 0, event_irq = 0;
>
>  /* Error IRQ enabled and Error IRQ Cleared */
>  if (error_en && !err_pending) {
>  /* Event enabled, Interrupt Test Error */
> -if (s->regs[IBEX_SPI_HOST_INTR_TEST] & R_INTR_TEST_ERROR_MASK) {
> +if (FIELD_EX32(s->regs[IBEX_SPI_HOST_INTR_TEST], INTR_TEST,  ERROR)) 
> {
>  err_irq = 1;
> -} else if ((s->regs[IBEX_SPI_HOST_ERROR_ENABLE]
> -&  R_ERROR_ENABLE_CMDBUSY_MASK) &&
> -s->regs[IBEX_SPI_HOST_ERROR_STATUS]
> -& R_ERROR_STATUS_CMDBUSY_MASK) {
> +} else if (FIELD_EX32(s->regs[IBEX_SPI_HOST_ERROR_ENABLE],
> +  ERROR_ENABLE,  CMDBUSY) &&
> +FIELD_EX32(s->regs[IBEX_SPI_HOST_ERROR_STATUS],
> +   ERROR_STATUS,  CMDBUSY)) {
>  /* Wrote to COMMAND when not READY */
>  err_irq = 1;
> -} else if ((s->regs[IBEX_SPI_HOST_ERROR_ENABLE]
> -&  R_ERROR_ENABLE_CMDINVAL_MASK) &&
> -s->regs[IBEX_SPI_HOST_ERROR_STATUS]
> -& R_ERROR_STATUS_CMDINVAL_MASK) {
> +} else if (FIELD_EX32(s->regs[IBEX_SPI_HOST_ERROR_ENABLE],
> +  ERROR_ENABLE,  CMDINVAL)  &&
> +FIELD_EX32(s->regs[IBEX_SPI_HOST_ERROR_STATUS],
> +   ERROR_STATUS,  CMDINVAL)) {
>  /* Invalid command segment */
>  err_irq = 1;
> -} else if ((s->regs[IBEX_SPI_HOST_ERROR_ENABLE]
> -& R_ERROR_ENABLE_CSIDINVAL_MASK) &&
> -

[PATCH 3/3] hw/ssi: fixup/add rw1c functionality

2022-08-10 Thread Wilfred Mallawa 
From: Wilfred Mallawa 

This patch adds the `rw1c` functionality to the respective
registers. The status fields are cleared when the respective
field is set.

Signed-off-by: Wilfred Mallawa 
---
 hw/ssi/ibex_spi_host.c | 36 +++---
 include/hw/ssi/ibex_spi_host.h |  4 ++--
 2 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/hw/ssi/ibex_spi_host.c b/hw/ssi/ibex_spi_host.c
index 8c35bfa95f..935372506c 100644
--- a/hw/ssi/ibex_spi_host.c
+++ b/hw/ssi/ibex_spi_host.c
@@ -352,7 +352,7 @@ static void ibex_spi_host_write(void *opaque, hwaddr addr,
 {
 IbexSPIHostState *s = opaque;
 uint32_t val32 = val64;
-uint32_t shift_mask = 0xff, data;
+uint32_t shift_mask = 0xff, data = 0;
 uint8_t txqd_len;
 
 trace_ibex_spi_host_write(addr, size, val64);
@@ -362,7 +362,17 @@ static void ibex_spi_host_write(void *opaque, hwaddr addr,
 
 switch (addr) {
 /* Skipping any R/O registers */
-case IBEX_SPI_HOST_INTR_STATE...IBEX_SPI_HOST_INTR_ENABLE:
+case IBEX_SPI_HOST_INTR_STATE:
+/* rw1c status register */
+if (FIELD_EX32(val32, INTR_STATE, ERROR)) {
+data = FIELD_DP32(data, INTR_STATE, ERROR, 0);
+}
+if (FIELD_EX32(val32, INTR_STATE, SPI_EVENT)) {
+data = FIELD_DP32(data, INTR_STATE, SPI_EVENT, 0);
+}
+s->regs[addr] = data;
+break;
+case IBEX_SPI_HOST_INTR_ENABLE:
 s->regs[addr] = val32;
 break;
 case IBEX_SPI_HOST_INTR_TEST:
@@ -506,7 +516,27 @@ static void ibex_spi_host_write(void *opaque, hwaddr addr,
  *  When an error occurs, the corresponding bit must be cleared
  *  here before issuing any further commands
  */
-s->regs[addr] = val32;
+data = s->regs[addr];
+/* rw1c status register */
+if (FIELD_EX32(val32, ERROR_STATUS, CMDBUSY)) {
+data = FIELD_DP32(data, ERROR_STATUS, CMDBUSY, 0);
+}
+if (FIELD_EX32(val32, ERROR_STATUS, OVERFLOW)) {
+data = FIELD_DP32(data, ERROR_STATUS, OVERFLOW, 0);
+}
+if (FIELD_EX32(val32, ERROR_STATUS, UNDERFLOW)) {
+data = FIELD_DP32(data, ERROR_STATUS, UNDERFLOW, 0);
+}
+if (FIELD_EX32(val32, ERROR_STATUS, CMDINVAL)) {
+data = FIELD_DP32(data, ERROR_STATUS, CMDINVAL, 0);
+}
+if (FIELD_EX32(val32, ERROR_STATUS, CSIDINVAL)) {
+data = FIELD_DP32(data, ERROR_STATUS, CSIDINVAL, 0);
+}
+if (FIELD_EX32(val32, ERROR_STATUS, ACCESSINVAL)) {
+data = FIELD_DP32(data, ERROR_STATUS, ACCESSINVAL, 0);
+}
+s->regs[addr] = data;
 break;
 case IBEX_SPI_HOST_EVENT_ENABLE:
 /* Controls which classes of SPI events raise an interrupt. */
diff --git a/include/hw/ssi/ibex_spi_host.h b/include/hw/ssi/ibex_spi_host.h
index 3fedcb6805..1f6d077766 100644
--- a/include/hw/ssi/ibex_spi_host.h
+++ b/include/hw/ssi/ibex_spi_host.h
@@ -40,7 +40,7 @@
 OBJECT_CHECK(IbexSPIHostState, (obj), TYPE_IBEX_SPI_HOST)
 
 /* SPI Registers */
-#define IBEX_SPI_HOST_INTR_STATE (0x00 / 4)  /* rw */
+#define IBEX_SPI_HOST_INTR_STATE (0x00 / 4)  /* rw1c */
 #define IBEX_SPI_HOST_INTR_ENABLE(0x04 / 4)  /* rw */
 #define IBEX_SPI_HOST_INTR_TEST  (0x08 / 4)  /* wo */
 #define IBEX_SPI_HOST_ALERT_TEST (0x0c / 4)  /* wo */
@@ -54,7 +54,7 @@
 #define IBEX_SPI_HOST_TXDATA (0x28 / 4)
 
 #define IBEX_SPI_HOST_ERROR_ENABLE   (0x2c / 4)  /* rw */
-#define IBEX_SPI_HOST_ERROR_STATUS   (0x30 / 4)  /* rw */
+#define IBEX_SPI_HOST_ERROR_STATUS   (0x30 / 4)  /* rw1c */
 #define IBEX_SPI_HOST_EVENT_ENABLE   (0x34 / 4)  /* rw */
 
 /* FIFO Len in Bytes */
-- 
2.37.1

[PATCH 1/3] hw/ssi: fixup typos in ibex_spi_host

2022-08-10 Thread Wilfred Mallawa 
From: Wilfred Mallawa 

This patch fixes up minor typos in ibex_spi_host

Signed-off-by: Wilfred Mallawa 
---
 hw/ssi/ibex_spi_host.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/ssi/ibex_spi_host.c b/hw/ssi/ibex_spi_host.c
index d14580b409..601041d719 100644
--- a/hw/ssi/ibex_spi_host.c
+++ b/hw/ssi/ibex_spi_host.c
@@ -172,7 +172,7 @@ static void ibex_spi_host_irq(IbexSPIHostState *s)
 & R_INTR_STATE_SPI_EVENT_MASK;
 int err_irq = 0, event_irq = 0;
 
-/* Error IRQ enabled and Error IRQ Cleared*/
+/* Error IRQ enabled and Error IRQ Cleared */
 if (error_en && !err_pending) {
 /* Event enabled, Interrupt Test Error */
 if (s->regs[IBEX_SPI_HOST_INTR_TEST] & R_INTR_TEST_ERROR_MASK) {
@@ -434,7 +434,7 @@ static void ibex_spi_host_write(void *opaque, hwaddr addr,
 case IBEX_SPI_HOST_TXDATA:
 /*
  * This is a hardware `feature` where
- * the first word written TXDATA after init is omitted entirely
+ * the first word written to TXDATA after init is omitted entirely
  */
 if (s->init_status) {
 s->init_status = false;
@@ -487,7 +487,7 @@ static void ibex_spi_host_write(void *opaque, hwaddr addr,
 break;
 case IBEX_SPI_HOST_ERROR_STATUS:
 /*
- *  Indicates that any errors that have occurred.
+ *  Indicates any errors that have occurred.
  *  When an error occurs, the corresponding bit must be cleared
  *  here before issuing any further commands
  */
-- 
2.37.1

[PATCH 2/3] hw/ssi: fixup coverity issue

2022-08-10 Thread Wilfred Mallawa 
From: Wilfred Mallawa 

This patch addresses the coverity issues specified in [1],
as suggested, `FIELD_DP32()`/`FIELD_EX32()` macros have been
implemented to clean up the code.

Additionally, the `EVENT_ENABLE` register is correctly updated
to addr of `0x34`.

[1] https://www.mail-archive.com/qemu-devel@nongnu.org/msg887713.html

Fixes: Coverity CID 1488107

Signed-off-by: Wilfred Mallawa 
---
 hw/ssi/ibex_spi_host.c | 141 +++--
 1 file changed, 78 insertions(+), 63 deletions(-)

diff --git a/hw/ssi/ibex_spi_host.c b/hw/ssi/ibex_spi_host.c
index 601041d719..8c35bfa95f 100644
--- a/hw/ssi/ibex_spi_host.c
+++ b/hw/ssi/ibex_spi_host.c
@@ -93,7 +93,7 @@ REG32(ERROR_STATUS, 0x30)
 FIELD(ERROR_STATUS, CMDINVAL, 3, 1)
 FIELD(ERROR_STATUS, CSIDINVAL, 4, 1)
 FIELD(ERROR_STATUS, ACCESSINVAL, 5, 1)
-REG32(EVENT_ENABLE, 0x30)
+REG32(EVENT_ENABLE, 0x34)
 FIELD(EVENT_ENABLE, RXFULL, 0, 1)
 FIELD(EVENT_ENABLE, TXEMPTY, 1, 1)
 FIELD(EVENT_ENABLE, RXWM, 2, 1)
@@ -108,18 +108,20 @@ static inline uint8_t div4_round_up(uint8_t dividend)
 
 static void ibex_spi_rxfifo_reset(IbexSPIHostState *s)
 {
+uint32_t data = s->regs[IBEX_SPI_HOST_STATUS];
 /* Empty the RX FIFO and assert RXEMPTY */
 fifo8_reset(>rx_fifo);
-s->regs[IBEX_SPI_HOST_STATUS] &= ~R_STATUS_RXFULL_MASK;
-s->regs[IBEX_SPI_HOST_STATUS] |= R_STATUS_RXEMPTY_MASK;
+data = FIELD_DP32(data, STATUS, RXEMPTY, 1);
+s->regs[IBEX_SPI_HOST_STATUS] = data;
 }
 
 static void ibex_spi_txfifo_reset(IbexSPIHostState *s)
 {
+uint32_t data = s->regs[IBEX_SPI_HOST_STATUS];
 /* Empty the TX FIFO and assert TXEMPTY */
 fifo8_reset(>tx_fifo);
-s->regs[IBEX_SPI_HOST_STATUS] &= ~R_STATUS_TXFULL_MASK;
-s->regs[IBEX_SPI_HOST_STATUS] |= R_STATUS_TXEMPTY_MASK;
+data = FIELD_DP32(data, STATUS, TXEMPTY, 1);
+s->regs[IBEX_SPI_HOST_STATUS] = data;
 }
 
 static void ibex_spi_host_reset(DeviceState *dev)
@@ -162,37 +164,41 @@ static void ibex_spi_host_reset(DeviceState *dev)
  */
 static void ibex_spi_host_irq(IbexSPIHostState *s)
 {
-bool error_en = s->regs[IBEX_SPI_HOST_INTR_ENABLE]
-& R_INTR_ENABLE_ERROR_MASK;
-bool event_en = s->regs[IBEX_SPI_HOST_INTR_ENABLE]
-& R_INTR_ENABLE_SPI_EVENT_MASK;
-bool err_pending = s->regs[IBEX_SPI_HOST_INTR_STATE]
-& R_INTR_STATE_ERROR_MASK;
-bool status_pending = s->regs[IBEX_SPI_HOST_INTR_STATE]
-& R_INTR_STATE_SPI_EVENT_MASK;
+bool error_en = FIELD_EX32(s->regs[IBEX_SPI_HOST_INTR_ENABLE],
+   INTR_ENABLE, ERROR);
+
+bool event_en = FIELD_EX32(s->regs[IBEX_SPI_HOST_INTR_ENABLE],
+   INTR_ENABLE, SPI_EVENT);
+
+bool err_pending = FIELD_EX32(s->regs[IBEX_SPI_HOST_INTR_STATE],
+  INTR_STATE, ERROR);
+
+bool status_pending = FIELD_EX32(s->regs[IBEX_SPI_HOST_INTR_STATE],
+ INTR_STATE, SPI_EVENT);
+
 int err_irq = 0, event_irq = 0;
 
 /* Error IRQ enabled and Error IRQ Cleared */
 if (error_en && !err_pending) {
 /* Event enabled, Interrupt Test Error */
-if (s->regs[IBEX_SPI_HOST_INTR_TEST] & R_INTR_TEST_ERROR_MASK) {
+if (FIELD_EX32(s->regs[IBEX_SPI_HOST_INTR_TEST], INTR_TEST,  ERROR)) {
 err_irq = 1;
-} else if ((s->regs[IBEX_SPI_HOST_ERROR_ENABLE]
-&  R_ERROR_ENABLE_CMDBUSY_MASK) &&
-s->regs[IBEX_SPI_HOST_ERROR_STATUS]
-& R_ERROR_STATUS_CMDBUSY_MASK) {
+} else if (FIELD_EX32(s->regs[IBEX_SPI_HOST_ERROR_ENABLE],
+  ERROR_ENABLE,  CMDBUSY) &&
+FIELD_EX32(s->regs[IBEX_SPI_HOST_ERROR_STATUS],
+   ERROR_STATUS,  CMDBUSY)) {
 /* Wrote to COMMAND when not READY */
 err_irq = 1;
-} else if ((s->regs[IBEX_SPI_HOST_ERROR_ENABLE]
-&  R_ERROR_ENABLE_CMDINVAL_MASK) &&
-s->regs[IBEX_SPI_HOST_ERROR_STATUS]
-& R_ERROR_STATUS_CMDINVAL_MASK) {
+} else if (FIELD_EX32(s->regs[IBEX_SPI_HOST_ERROR_ENABLE],
+  ERROR_ENABLE,  CMDINVAL)  &&
+FIELD_EX32(s->regs[IBEX_SPI_HOST_ERROR_STATUS],
+   ERROR_STATUS,  CMDINVAL)) {
 /* Invalid command segment */
 err_irq = 1;
-} else if ((s->regs[IBEX_SPI_HOST_ERROR_ENABLE]
-& R_ERROR_ENABLE_CSIDINVAL_MASK) &&
-s->regs[IBEX_SPI_HOST_ERROR_STATUS]
-& R_ERROR_STATUS_CSIDINVAL_MASK) {
+} else if (FIELD_EX32(s->regs[IBEX_SPI_HOST_ERROR_ENABLE],
+  ERROR_ENABLE,  CSIDINVAL) &&
+FIELD_EX32(s->regs[IBEX_SPI_HOST_ERROR_STATUS],
+   ERROR_STATUS,  CSIDINVAL)) {

Re: [PATCH v9 3/3] target/riscv: Add vstimecmp support

2022-08-10 Thread Weiwei Li 



在 2022/8/11 上午2:45, Atish Patra 写道:

vstimecmp CSR allows the guest OS or to program the next guest timer
interrupt directly. Thus, hypervisor no longer need to inject the
timer interrupt to the guest if vstimecmp is used. This was ratified
as a part of the Sstc extension.

Reviewed-by: Alistair Francis 
Signed-off-by: Atish Patra 
---
  target/riscv/cpu.h |  4 ++
  target/riscv/cpu_bits.h|  4 ++
  target/riscv/cpu_helper.c  | 11 +++--
  target/riscv/csr.c | 88 --
  target/riscv/machine.c |  1 +
  target/riscv/time_helper.c | 16 +++
  6 files changed, 118 insertions(+), 6 deletions(-)


LGTM.

Reviewed-by: Weiwei Li 

Regards,
Weiwei Li

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 4cda2905661e..1fd382b2717f 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -312,6 +312,8 @@ struct CPUArchState {
  /* Sstc CSRs */
  uint64_t stimecmp;
  
+uint64_t vstimecmp;

+
  /* physical memory protection */
  pmp_table_t pmp_state;
  target_ulong mseccfg;
@@ -366,6 +368,8 @@ struct CPUArchState {
  
  /* Fields from here on are preserved across CPU reset. */

  QEMUTimer *stimer; /* Internal timer for S-mode interrupt */
+QEMUTimer *vstimer; /* Internal timer for VS-mode interrupt */
+bool vstime_irq;
  
  hwaddr kernel_addr;

  hwaddr fdt_addr;
diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index ac17cf1515c0..095dab19f512 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -257,6 +257,10 @@
  #define CSR_VSIP0x244
  #define CSR_VSATP   0x280
  
+/* Sstc virtual CSRs */

+#define CSR_VSTIMECMP   0x24D
+#define CSR_VSTIMECMPH  0x25D
+
  #define CSR_MTINST  0x34a
  #define CSR_MTVAL2  0x34b
  
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c

index 650574accf0a..1e4faa84e839 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -345,8 +345,9 @@ uint64_t riscv_cpu_all_pending(CPURISCVState *env)
  {
  uint32_t gein = get_field(env->hstatus, HSTATUS_VGEIN);
  uint64_t vsgein = (env->hgeip & (1ULL << gein)) ? MIP_VSEIP : 0;
+uint64_t vstip = (env->vstime_irq) ? MIP_VSTIP : 0;
  
-return (env->mip | vsgein) & env->mie;

+return (env->mip | vsgein | vstip) & env->mie;
  }
  
  int riscv_cpu_mirq_pending(CPURISCVState *env)

@@ -605,7 +606,7 @@ uint64_t riscv_cpu_update_mip(RISCVCPU *cpu, uint64_t mask, 
uint64_t value)
  {
  CPURISCVState *env = >env;
  CPUState *cs = CPU(cpu);
-uint64_t gein, vsgein = 0, old = env->mip;
+uint64_t gein, vsgein = 0, vstip = 0, old = env->mip;
  bool locked = false;
  
  if (riscv_cpu_virt_enabled(env)) {

@@ -613,6 +614,10 @@ uint64_t riscv_cpu_update_mip(RISCVCPU *cpu, uint64_t 
mask, uint64_t value)
  vsgein = (env->hgeip & (1ULL << gein)) ? MIP_VSEIP : 0;
  }
  
+/* No need to update mip for VSTIP */

+mask = ((mask == MIP_VSTIP) && env->vstime_irq) ? 0 : mask;
+vstip = env->vstime_irq ? MIP_VSTIP : 0;
+
  if (!qemu_mutex_iothread_locked()) {
  locked = true;
  qemu_mutex_lock_iothread();
@@ -620,7 +625,7 @@ uint64_t riscv_cpu_update_mip(RISCVCPU *cpu, uint64_t mask, 
uint64_t value)
  
  env->mip = (env->mip & ~mask) | (value & mask);
  
-if (env->mip | vsgein) {

+if (env->mip | vsgein | vstip) {
  cpu_interrupt(cs, CPU_INTERRUPT_HARD);
  } else {
  cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 9079d988ba08..38bb46db8f99 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -808,6 +808,7 @@ static RISCVException sstc(CPURISCVState *env, int csrno)
  {
  CPUState *cs = env_cpu(env);
  RISCVCPU *cpu = RISCV_CPU(cs);
+bool hmode_check = false;
  
  if (!cpu->cfg.ext_sstc || !env->rdtime_fn) {

  return RISCV_EXCP_ILLEGAL_INST;
@@ -826,7 +827,18 @@ static RISCVException sstc(CPURISCVState *env, int csrno)
  return RISCV_EXCP_ILLEGAL_INST;
  }
  
-return smode(env, csrno);

+if (riscv_cpu_virt_enabled(env)) {
+if (!(get_field(env->hcounteren, COUNTEREN_TM) &
+  get_field(env->henvcfg, HENVCFG_STCE))) {
+return RISCV_EXCP_VIRT_INSTRUCTION_FAULT;
+}
+}
+
+if ((csrno == CSR_VSTIMECMP) || (csrno == CSR_VSTIMECMPH)) {
+hmode_check = true;
+}
+
+return hmode_check ? hmode(env, csrno) : smode(env, csrno);
  }
  
  static RISCVException sstc_32(CPURISCVState *env, int csrno)

@@ -838,17 +850,72 @@ static RISCVException sstc_32(CPURISCVState *env, int 
csrno)
  return sstc(env, csrno);
  }
  
+static RISCVException read_vstimecmp(CPURISCVState *env, int csrno,

+target_ulong *val)
+{
+*val = env->vstimecmp;
+
+return RISCV_EXCP_NONE;
+}
+
+static RISCVException read_vstimecmph(CPURISCVState *env, int csrno,
+

Missing dll

2022-08-10 Thread Peter Butler 
In x64 win10 I today I d/l QEMU into new directory. Then navigated to that dir 
and…

qemu-system-aarch64 -boot d -cdrom f:\Downloads\debian-11.4.0-arm64-netinst.iso 
-m 2048
Error message:…libncursesw6.dll not found…
Please help
Thank you

Re: [PATCH v4 5/6] hw/mips: use qemu_fdt_setprop_strings()

2022-08-10 Thread Alistair Francis 
On Wed, Aug 10, 2022 at 4:58 AM Ben Dooks  wrote:
>
> Change to using qemu_fdt_setprop_strings() helper in hw/mips.
>
> Signed-off-by: Ben Dooks 
> Reviewed-by: Peter Maydell 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/mips/boston.c | 8 ++--
>  1 file changed, 2 insertions(+), 6 deletions(-)
>
> diff --git a/hw/mips/boston.c b/hw/mips/boston.c
> index d2ab9da1a0..759f6daafe 100644
> --- a/hw/mips/boston.c
> +++ b/hw/mips/boston.c
> @@ -515,9 +515,6 @@ static const void *create_fdt(BostonState *s,
>  MachineState *mc = s->mach;
>  uint32_t platreg_ph, gic_ph, clk_ph;
>  char *name, *gic_name, *platreg_name, *stdout_name;
> -static const char * const syscon_compat[2] = {
> -"img,boston-platform-regs", "syscon"
> -};
>
>  fdt = create_device_tree(dt_size);
>  if (!fdt) {
> @@ -608,9 +605,8 @@ static const void *create_fdt(BostonState *s,
>  platreg_name = g_strdup_printf("/soc/system-controller@%" HWADDR_PRIx,
> memmap[BOSTON_PLATREG].base);
>  qemu_fdt_add_subnode(fdt, platreg_name);
> -qemu_fdt_setprop_string_array(fdt, platreg_name, "compatible",
> - (char **)_compat,
> - ARRAY_SIZE(syscon_compat));
> +qemu_fdt_setprop_strings(fdt, platreg_name, "compatible",
> + "img,boston-platform-regs", "syscon");
>  qemu_fdt_setprop_cells(fdt, platreg_name, "reg",
> memmap[BOSTON_PLATREG].base,
> memmap[BOSTON_PLATREG].size);
> --
> 2.35.1
>
>

[ANNOUNCE] QEMU 7.1.0-rc2 is now available

2022-08-10 Thread Michael Roth 
Hello,

On behalf of the QEMU Team, I'd like to announce the availability of the
third release candidate for the QEMU 7.1 release. This release is meant
for testing purposes and should not be used in a production environment.

  http://download.qemu-project.org/qemu-7.1.0-rc2.tar.xz
  http://download.qemu-project.org/qemu-7.1.0-rc2.tar.xz.sig

You can help improve the quality of the QEMU 7.1 release by testing this
release and reporting bugs using our GitLab issue tracker:

  https://gitlab.com/qemu-project/qemu/-/issues

The release plan, as well a documented known issues for release
candidates, are available at:

  http://wiki.qemu.org/Planning/7.1

Please add entries to the ChangeLog for the 7.1 release below:

  http://wiki.qemu.org/ChangeLog/7.1

Thank you to everyone involved!

Changes since rc1:

61b6e67171: Update version for v7.1.0-rc2 release (Richard Henderson)
c7f26ded6d: icount: Take iothread lock when running QEMU timers (Peter Maydell)
7cf745dd9c: hw/net/rocker: Avoid undefined shifts with more than 31 ports 
(Peter Maydell)
10dcb08b03: target/loongarch: Remove cpu_fcsr0 (Richard Henderson)
09d12c81ec: hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses (Peter 
Maydell)
bd64c210ce: hw/mips/malta: turn off x86 specific features of PIIX4_PM (Igor 
Mammedov)
8809baf4e4: target/mips: Handle lock_user() failure in UHI_plog semihosting 
call (Peter Maydell)
f6a5f38062: tests/qtest: add scenario for -readconfig handling (Daniel P. 
Berrangé)
69c05a2378: vl: remove dead code in parse_memory_options() (Paolo Bonzini)
e12f0685e8: vl: fix [memory] section with -readconfig (Paolo Bonzini)
9390da5ef2: xlnx_dp: drop unsupported AUXCommand in xlnx_dp_aux_set_command 
(Qiang Liu)
a32086de49: contrib/vhost-user-blk: Clean up deallocation of VuVirtqElement 
(Markus Armbruster)
407634970d: tests/qemu-iotests/264: Allow up to 5s for the BLOCK_JOB_CANCEL 
event to arrive (Thomas Huth)
c05a88c6b2: tests/avocado: fix replay-linux test (Pavel Dovgalyuk)
c3dd58ba6e: pc-bios/s390-ccw: Update the s390-ccw.img with the block size fix 
(Thomas Huth)
393296de19: pc-bios/s390-ccw: Fix booting with logical block size < physical 
block size (Thomas Huth)
2f149c759f: target/loongarch: Update gdb_set_fpu() and gdb_get_fpu() (Song Gao)
d182c39000: target/loongarch: Update loongarch-fpu.xml (Song Gao)
96c3298c0a: target/loongarch: update loongarch-base64.xml (Song Gao)
cd8ef0ed3b: target/loongarch: add gdb_arch_name() (Song Gao)
1fe8ac3511: target/loongarch: Fix GDB get the wrong pc (Song Gao)
4cbadc40b9: hw/loongarch: remove acpi-build.c unused variable 'aml_len' (Song 
Gao)
00952d93e0: target/loongarch: Fix macros SET_FPU_* in cpu.h (Qi Hu)
e3fdb13e88: util/qemu-sockets: Replace the call to close a socket with 
closesocket() (Bin Meng)
977c33ba5d: target/arm: display deprecation status in '-cpu help' (Daniel P. 
Berrangé)
738cdc2f6e: target/s390x: display deprecation status in '-cpu help' (Daniel P. 
Berrangé)
5dfa9e8689: target/i386: display deprecation status in '-cpu help' (Daniel P. 
Berrangé)
5258a7e2c0: QIOChannelSocket: Add support for MSG_ZEROCOPY + IPV6 (Leonardo 
Bras)
fbf8c96be3: docs: build-platforms: Clarify stance on minor releases and 
backports (Andrea Bolognani)
7b0ca31364: virtiofsd: Fix format strings (Stefan Weil)
ed021daf2d: hw/ppc: sam460ex.c: store all GPIO lines in mal_irqs[] (Daniel 
Henrique Barboza)
21d4e557e2: include/qemu/host-utils.h: Simplify the compiler check in mulu128() 
(Thomas Huth)
1e2dd31149: ppc: Remove redundant macro MSR_BOOK3S_MASK. (Yonggang Luo)
9878fbf342: docs/about/removed-features: Move the -soundhw into the right 
section (Thomas Huth)
aed5da45da: vdpa: Fix file descriptor leak on get features error (Eugenio Pérez)
9567fc1665: README.rst: fix link formatting (Cornelia Huck)
5b63de6b54: linux-user: Use memfd for open syscall emulation (Rainer Müller)
55794c904d: scsi-disk: ensure block size is non-zero and changes limited to 
bits 8-15 (Mark Cave-Ayland)
54a53a006e: scsi-disk: fix overflow when block size is not a multiple of 
BDRV_SECTOR_SIZE (Mark Cave-Ayland)
f71fa4e3bb: linux-user: Do not treat madvise()'s advice as a bitmask (Ilya 
Leoshkevich)
734a659ad2: linux-user/flatload.c: Fix setting of image_info::end_code (Peter 
Maydell)

Re: [PATCH v4 3/6] hw/riscv: use qemu_fdt_setprop_strings() for string arrays

2022-08-10 Thread Alistair Francis 
On Wed, Aug 10, 2022 at 4:58 AM Ben Dooks  wrote:
>
> Use the qemu_fdt_setprop_strings() in sifve_u.c to simplify the code.
>
> Signed-off-by: Ben Dooks 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/riscv/sifive_u.c | 18 +-
>  hw/riscv/spike.c|  7 ++-
>  hw/riscv/virt.c | 32 
>  3 files changed, 15 insertions(+), 42 deletions(-)
>
> diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
> index e4c814a3ea..dc112a253a 100644
> --- a/hw/riscv/sifive_u.c
> +++ b/hw/riscv/sifive_u.c
> @@ -103,13 +103,6 @@ static void create_fdt(SiFiveUState *s, const 
> MemMapEntry *memmap,
>  char *nodename;
>  uint32_t plic_phandle, prci_phandle, gpio_phandle, phandle = 1;
>  uint32_t hfclk_phandle, rtcclk_phandle, phy_phandle;
> -static const char * const ethclk_names[2] = { "pclk", "hclk" };
> -static const char * const clint_compat[2] = {
> -"sifive,clint0", "riscv,clint0"
> -};
> -static const char * const plic_compat[2] = {
> -"sifive,plic-1.0.0", "riscv,plic0"
> -};
>
>  if (ms->dtb) {
>  fdt = s->fdt = load_device_tree(ms->dtb, >fdt_size);
> @@ -221,11 +214,11 @@ static void create_fdt(SiFiveUState *s, const 
> MemMapEntry *memmap,
>  nodename = g_strdup_printf("/soc/clint@%lx",
>  (long)memmap[SIFIVE_U_DEV_CLINT].base);
>  qemu_fdt_add_subnode(fdt, nodename);
> -qemu_fdt_setprop_string_array(fdt, nodename, "compatible",
> -(char **)_compat, ARRAY_SIZE(clint_compat));
>  qemu_fdt_setprop_cells(fdt, nodename, "reg",
>  0x0, memmap[SIFIVE_U_DEV_CLINT].base,
>  0x0, memmap[SIFIVE_U_DEV_CLINT].size);
> +qemu_fdt_setprop_strings(fdt, nodename, "compatible",
> + "sifive,clint0", "riscv,clint0");
>  qemu_fdt_setprop(fdt, nodename, "interrupts-extended",
>  cells, ms->smp.cpus * sizeof(uint32_t) * 4);
>  g_free(cells);
> @@ -279,8 +272,8 @@ static void create_fdt(SiFiveUState *s, const MemMapEntry 
> *memmap,
>  (long)memmap[SIFIVE_U_DEV_PLIC].base);
>  qemu_fdt_add_subnode(fdt, nodename);
>  qemu_fdt_setprop_cell(fdt, nodename, "#interrupt-cells", 1);
> -qemu_fdt_setprop_string_array(fdt, nodename, "compatible",
> -(char **)_compat, ARRAY_SIZE(plic_compat));
> +qemu_fdt_setprop_strings(fdt, nodename, "compatbile",
> + "sifive,plic-1.0.0", "riscv,plic0");
>  qemu_fdt_setprop(fdt, nodename, "interrupt-controller", NULL, 0);
>  qemu_fdt_setprop(fdt, nodename, "interrupts-extended",
>  cells, (ms->smp.cpus * 4 - 2) * sizeof(uint32_t));
> @@ -426,8 +419,7 @@ static void create_fdt(SiFiveUState *s, const MemMapEntry 
> *memmap,
>  qemu_fdt_setprop_cell(fdt, nodename, "interrupts", SIFIVE_U_GEM_IRQ);
>  qemu_fdt_setprop_cells(fdt, nodename, "clocks",
>  prci_phandle, PRCI_CLK_GEMGXLPLL, prci_phandle, PRCI_CLK_GEMGXLPLL);
> -qemu_fdt_setprop_string_array(fdt, nodename, "clock-names",
> -(char **)_names, ARRAY_SIZE(ethclk_names));
> +qemu_fdt_setprop_strings(fdt, nodename, "clock-names", "pclk", "hclk");
>  qemu_fdt_setprop(fdt, nodename, "local-mac-address",
>  s->soc.gem.conf.macaddr.a, ETH_ALEN);
>  qemu_fdt_setprop_cell(fdt, nodename, "#address-cells", 1);
> diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
> index e41b6aa9f0..aa895779cd 100644
> --- a/hw/riscv/spike.c
> +++ b/hw/riscv/spike.c
> @@ -59,9 +59,6 @@ static void create_fdt(SpikeState *s, const MemMapEntry 
> *memmap,
>  uint32_t cpu_phandle, intc_phandle, phandle = 1;
>  char *name, *mem_name, *clint_name, *clust_name;
>  char *core_name, *cpu_name, *intc_name;
> -static const char * const clint_compat[2] = {
> -"sifive,clint0", "riscv,clint0"
> -};
>
>  fdt = s->fdt = create_device_tree(>fdt_size);
>  if (!fdt) {
> @@ -159,8 +156,8 @@ static void create_fdt(SpikeState *s, const MemMapEntry 
> *memmap,
>  (memmap[SPIKE_CLINT].size * socket);
>  clint_name = g_strdup_printf("/soc/clint@%lx", clint_addr);
>  qemu_fdt_add_subnode(fdt, clint_name);
> -qemu_fdt_setprop_string_array(fdt, clint_name, "compatible",
> -(char **)_compat, ARRAY_SIZE(clint_compat));
> +qemu_fdt_setprop_strings(fdt, clint_name, "compatible",
> + "sifive,clint0", "riscv,clint0");
>  qemu_fdt_setprop_cells(fdt, clint_name, "reg",
>  0x0, clint_addr, 0x0, memmap[SPIKE_CLINT].size);
>  qemu_fdt_setprop(fdt, clint_name, "interrupts-extended",
> diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
> index bc424dd2f5..c6aaa611a6 100644
> --- a/hw/riscv/virt.c
> +++ b/hw/riscv/virt.c
> @@ -261,11 +261,8 @@ static void create_fdt_socket_cpus(RISCVVirtState *s, 
> int socket,
>  intc_phandles[cpu]);
>  if (riscv_feature(>soc[socket].harts[cpu].env,
>RISCV_FEATURE_AIA)) {
>

Re: [PATCH v4 4/6] hw/core: use qemu_fdt_setprop_strings()

2022-08-10 Thread Alistair Francis 
On Wed, Aug 10, 2022 at 5:13 AM Ben Dooks  wrote:
>
> Change to using the qemu_fdt_setprop_strings() helper in
> hw/core code.
>
> Signed-off-by: Ben Dooks 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/core/guest-loader.c | 13 +
>  1 file changed, 5 insertions(+), 8 deletions(-)
>
> diff --git a/hw/core/guest-loader.c b/hw/core/guest-loader.c
> index c61ebc4144..7b8e32e06f 100644
> --- a/hw/core/guest-loader.c
> +++ b/hw/core/guest-loader.c
> @@ -56,18 +56,15 @@ static void loader_insert_platform_data(GuestLoaderState 
> *s, int size,
>  qemu_fdt_setprop(fdt, node, "reg", _attr, sizeof(reg_attr));
>
>  if (s->kernel) {
> -const char *compat[2] = { "multiboot,module", "multiboot,kernel" };
> -qemu_fdt_setprop_string_array(fdt, node, "compatible",
> -  (char **) ,
> -  ARRAY_SIZE(compat));
> +qemu_fdt_setprop_strings(fdt, node, "compatible",
> + "multiboot,module", "multiboot,kernel");
> +
>  if (s->args) {
>  qemu_fdt_setprop_string(fdt, node, "bootargs", s->args);
>  }
>  } else if (s->initrd) {
> -const char *compat[2] = { "multiboot,module", "multiboot,ramdisk" };
> -qemu_fdt_setprop_string_array(fdt, node, "compatible",
> -  (char **) ,
> -  ARRAY_SIZE(compat));
> +qemu_fdt_setprop_strings(fdt, node, "compatible",
> + "multiboot,module", "multiboot,ramdisk");
>  }
>  }
>
> --
> 2.35.1
>
>

Re: [PATCH v4 2/6] hw/core: don't check return on qemu_fdt_setprop_string_array()

2022-08-10 Thread Alistair Francis 
On Wed, Aug 10, 2022 at 5:08 AM Ben Dooks  wrote:
>
> The qemu_fdt_setprop_string_array() does not return error codes and
> will call exit() if any of the fdt calls fails (and should print an
> error with the node being altered). This is done to prepare for the
> change for qemu_fdt_setprop_strings() helper which does not return
> any error codes (hw/core/guest-loader.c is the only place where an
> return is checked).
>
> Signed-off-by: Ben Dooks 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/core/guest-loader.c | 22 +++---
>  1 file changed, 7 insertions(+), 15 deletions(-)
>
> diff --git a/hw/core/guest-loader.c b/hw/core/guest-loader.c
> index 391c875a29..c61ebc4144 100644
> --- a/hw/core/guest-loader.c
> +++ b/hw/core/guest-loader.c
> @@ -57,25 +57,17 @@ static void loader_insert_platform_data(GuestLoaderState 
> *s, int size,
>
>  if (s->kernel) {
>  const char *compat[2] = { "multiboot,module", "multiboot,kernel" };
> -if (qemu_fdt_setprop_string_array(fdt, node, "compatible",
> -  (char **) ,
> -  ARRAY_SIZE(compat)) < 0) {
> -error_setg(errp, "couldn't set %s/compatible", node);
> -return;
> -}
> +qemu_fdt_setprop_string_array(fdt, node, "compatible",
> +  (char **) ,
> +  ARRAY_SIZE(compat));
>  if (s->args) {
> -if (qemu_fdt_setprop_string(fdt, node, "bootargs", s->args) < 0) 
> {
> -error_setg(errp, "couldn't set %s/bootargs", node);
> -}
> +qemu_fdt_setprop_string(fdt, node, "bootargs", s->args);
>  }
>  } else if (s->initrd) {
>  const char *compat[2] = { "multiboot,module", "multiboot,ramdisk" };
> -if (qemu_fdt_setprop_string_array(fdt, node, "compatible",
> -  (char **) ,
> -  ARRAY_SIZE(compat)) < 0) {
> -error_setg(errp, "couldn't set %s/compatible", node);
> -return;
> -}
> +qemu_fdt_setprop_string_array(fdt, node, "compatible",
> +  (char **) ,
> +  ARRAY_SIZE(compat));
>  }
>  }
>
> --
> 2.35.1
>
>

Re: [PATCH v4 18/24] ppc/ppc405: QOM'ify MAL

2022-08-10 Thread BALATON Zoltan 

On Tue, 9 Aug 2022, Cédric Le Goater wrote:

The Memory Access Layer (MAL) controller is currently modeled as a DCR
device with 4 IRQs. Also drop the ppc4xx_mal_init() helper and adapt
the sam460ex machine.

Reviewed-by: Daniel Henrique Barboza 
Signed-off-by: Cédric Le Goater 
---
hw/ppc/ppc405.h |   1 +
include/hw/ppc/ppc4xx.h |  32 +-
hw/ppc/ppc405_uc.c  |  18 --
hw/ppc/ppc4xx_devs.c| 135 ++--
hw/ppc/sam460ex.c   |  16 +++--
5 files changed, 116 insertions(+), 86 deletions(-)

diff --git a/hw/ppc/ppc405.h b/hw/ppc/ppc405.h
index cb34792daf6b..31c94e474209 100644
--- a/hw/ppc/ppc405.h
+++ b/hw/ppc/ppc405.h
@@ -244,6 +244,7 @@ struct Ppc405SoCState {
Ppc405OpbaState opba;
Ppc405PobState pob;
Ppc405PlbState plb;
+Ppc4xxMalState mal;
};

/* PowerPC 405 core */
diff --git a/include/hw/ppc/ppc4xx.h b/include/hw/ppc/ppc4xx.h
index 82e60b0e0742..acd096cb2394 100644
--- a/include/hw/ppc/ppc4xx.h
+++ b/include/hw/ppc/ppc4xx.h
@@ -26,6 +26,7 @@
#define PPC4XX_H

#include "hw/ppc/ppc.h"
+#include "hw/sysbus.h"


Is this needed?


#include "exec/memory.h"
#include "hw/sysbus.h"

@@ -40,9 +41,6 @@ void ppc4xx_sdram_init (CPUPPCState *env, qemu_irq irq, int 
nbanks,
hwaddr *ram_sizes,
int do_init);

-void ppc4xx_mal_init(CPUPPCState *env, uint8_t txcnum, uint8_t rxcnum,
- qemu_irq irqs[4]);
-
#define TYPE_PPC4xx_PCI_HOST_BRIDGE "ppc4xx-pcihost"

/*
@@ -61,4 +59,32 @@ void ppc4xx_dcr_register(Ppc4xxDcrDeviceState *dev, int dcrn,
bool ppc4xx_dcr_realize(Ppc4xxDcrDeviceState *dev, PowerPCCPU *cpu,
Error **errp);

+/* Memory Access Layer (MAL) */
+#define TYPE_PPC4xx_MAL "ppc4xx-mal"
+OBJECT_DECLARE_SIMPLE_TYPE(Ppc4xxMalState, PPC4xx_MAL);
+struct Ppc4xxMalState {
+Ppc4xxDcrDeviceState parent_obj;
+
+qemu_irq irqs[4];
+uint32_t cfg;
+uint32_t esr;
+uint32_t ier;
+uint32_t txcasr;
+uint32_t txcarr;
+uint32_t txeobisr;
+uint32_t txdeir;
+uint32_t rxcasr;
+uint32_t rxcarr;
+uint32_t rxeobisr;
+uint32_t rxdeir;
+uint32_t *txctpr;
+uint32_t *rxctpr;
+uint32_t *rcbs;
+uint8_t  txcnum;
+uint8_t  rxcnum;
+};
+
+void ppc4xx_mal_init(CPUPPCState *env, uint8_t txcnum, uint8_t rxcnum,
+ qemu_irq irqs[4]);


The ppc4xx_mal_init func is gone so this declaration should also be 
dropped.


Regards,
BALATON Zoltan


+
#endif /* PPC4XX_H */
diff --git a/hw/ppc/ppc405_uc.c b/hw/ppc/ppc405_uc.c
index 7f4c616da67c..290cfa352bed 100644
--- a/hw/ppc/ppc405_uc.c
+++ b/hw/ppc/ppc405_uc.c
@@ -1368,6 +1368,8 @@ static void ppc405_soc_instance_init(Object *obj)
object_initialize_child(obj, "pob", >pob, TYPE_PPC405_POB);

object_initialize_child(obj, "plb", >plb, TYPE_PPC405_PLB);
+
+object_initialize_child(obj, "mal", >mal, TYPE_PPC4xx_MAL);
}

static void ppc405_reset(void *opaque)
@@ -1378,7 +1380,6 @@ static void ppc405_reset(void *opaque)
static void ppc405_soc_realize(DeviceState *dev, Error **errp)
{
Ppc405SoCState *s = PPC405_SOC(dev);
-qemu_irq mal_irqs[4];
CPUPPCState *env;
int i;

@@ -1495,11 +1496,16 @@ static void ppc405_soc_realize(DeviceState *dev, Error 
**errp)
}

/* MAL */
-mal_irqs[0] = qdev_get_gpio_in(s->uic, 11);
-mal_irqs[1] = qdev_get_gpio_in(s->uic, 12);
-mal_irqs[2] = qdev_get_gpio_in(s->uic, 13);
-mal_irqs[3] = qdev_get_gpio_in(s->uic, 14);
-ppc4xx_mal_init(env, 4, 2, mal_irqs);
+object_property_set_int(OBJECT(>mal), "txc-num", 4, _abort);
+object_property_set_int(OBJECT(>mal), "rxc-num", 2, _abort);
+if (!ppc4xx_dcr_realize(PPC4xx_DCR_DEVICE(>mal), >cpu, errp)) {
+return;
+}
+
+for (i = 0; i < ARRAY_SIZE(s->mal.irqs); i++) {
+sysbus_connect_irq(SYS_BUS_DEVICE(>mal), i,
+   qdev_get_gpio_in(s->uic, 11 + i));
+}

/* Ethernet */
/* Uses UIC IRQs 9, 15, 17 */
diff --git a/hw/ppc/ppc4xx_devs.c b/hw/ppc/ppc4xx_devs.c
index bce7ef461346..8a8a87b03b28 100644
--- a/hw/ppc/ppc4xx_devs.c
+++ b/hw/ppc/ppc4xx_devs.c
@@ -459,32 +459,10 @@ enum {
MAL0_RCBS1= 0x1E1,
};

-typedef struct ppc4xx_mal_t ppc4xx_mal_t;
-struct ppc4xx_mal_t {
-qemu_irq irqs[4];
-uint32_t cfg;
-uint32_t esr;
-uint32_t ier;
-uint32_t txcasr;
-uint32_t txcarr;
-uint32_t txeobisr;
-uint32_t txdeir;
-uint32_t rxcasr;
-uint32_t rxcarr;
-uint32_t rxeobisr;
-uint32_t rxdeir;
-uint32_t *txctpr;
-uint32_t *rxctpr;
-uint32_t *rcbs;
-uint8_t  txcnum;
-uint8_t  rxcnum;
-};
-
-static void ppc4xx_mal_reset(void *opaque)
+static void ppc4xx_mal_reset(DeviceState *dev)
{
-ppc4xx_mal_t *mal;
+Ppc4xxMalState *mal = PPC4xx_MAL(dev);

-mal = opaque;
mal->cfg = 0x0007C000;
mal->esr = 0x;
mal->ier = 0x;
@@ -498,10 +476,9 @@ static void ppc4xx_mal_reset(void *opaque)

static

Re: [PATCH v3] pc: hide linuxboot RNG seed behind a machine property

2022-08-10 Thread Michael S. Tsirkin 
On Wed, Aug 10, 2022 at 09:25:05PM +0200, Paolo Bonzini wrote:
> 
> 
> Il mer 10 ago 2022, 19:06 Michael S. Tsirkin  ha scritto:
> 
> > @@ -1387,6 +1405,7 @@ static void x86_machine_initfn(Object *obj)
> >      x86ms->acpi = ON_OFF_AUTO_AUTO;
> >      x86ms->pit = ON_OFF_AUTO_AUTO;
> >      x86ms->pic = ON_OFF_AUTO_AUTO;
> > +    x86ms->linuxboot_randomness = ON_OFF_AUTO_OFF;
> >      x86ms->pci_irq_mask = ACPI_BUILD_PCI_IRQS;
> >      x86ms->oem_id = g_strndup(ACPI_BUILD_APPNAME6, 6);
> >      x86ms->oem_table_id = g_strndup(ACPI_BUILD_APPNAME8, 8);
> 
> 
> This is a weird thing to do in that there's no way to make it auto now.
> 
> 
> Sure, -M x-linuxboot-randomness=auto works. And making it already on/off/auto
> will limit future patches to the injection logic rather than the QOM
> boilerplate.
> 
> Paolo

Hmm. It's unusual that auto is not the same as "no value at all".
But I guess there's no rule saying that can't be the case.
OK then.

Reviewed-by: Michael S. Tsirkin 




> 
> And in that case, let's just make it a simple boolean property for now?
> 
> > @@ -1426,6 +1445,12 @@ static void x86_machine_class_init(ObjectClass
> *oc, void *data)
> >      object_class_property_set_description(oc, X86_MACHINE_PIT,
> >          "Enable i8254 PIT");
> > 
> > +    object_class_property_add(oc, X86_MACHINE_LINUXBOOT_RANDOMNESS,
> "OnOffAuto",
> > +        x86_machine_get_linuxboot_randomness,
> x86_machine_set_linuxboot_randomness,
> > +        NULL, NULL);
> > +    object_class_property_set_description(oc,
> X86_MACHINE_LINUXBOOT_RANDOMNESS,
> > +        "Pass random number seed to -kernel Linux image");
> > +
> >      object_class_property_add(oc, X86_MACHINE_PIC, "OnOffAuto",
> >                                x86_machine_get_pic,
> >                                x86_machine_set_pic,
> > diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
> > index 8435733bd6..9cc3f5d338 100644
> > --- a/include/hw/i386/pc.h
> > +++ b/include/hw/i386/pc.h
> > @@ -128,9 +128,6 @@ struct PCMachineClass {
> > 
> >      /* create kvmclock device even when KVM PV features are not exposed
> */
> >      bool kvmclock_create_always;
> > -
> > -    /* skip passing an rng seed for legacy machines */
> > -    bool legacy_no_rng_seed;
> >  };
> > 
> >  #define TYPE_PC_MACHINE "generic-pc-machine"
> > diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h
> > index 62fa5774f8..d7a2eb6f1c 100644
> > --- a/include/hw/i386/x86.h
> > +++ b/include/hw/i386/x86.h
> > @@ -70,6 +70,7 @@ struct X86MachineState {
> >      OnOffAuto acpi;
> >      OnOffAuto pit;
> >      OnOffAuto pic;
> > +    OnOffAuto linuxboot_randomness;
> > 
> >      char *oem_id;
> >      char *oem_table_id;
> > @@ -94,6 +95,7 @@ struct X86MachineState {
> >  #define X86_MACHINE_OEM_ID           "x-oem-id"
> >  #define X86_MACHINE_OEM_TABLE_ID     "x-oem-table-id"
> >  #define X86_MACHINE_BUS_LOCK_RATELIMIT  "bus-lock-ratelimit"
> > +#define X86_MACHINE_LINUXBOOT_RANDOMNESS "x-linuxboot-randomness"
> > 
> >  #define TYPE_X86_MACHINE   MACHINE_TYPE_NAME("x86")
> >  OBJECT_DECLARE_TYPE(X86MachineState, X86MachineClass, X86_MACHINE)
> > @@ -126,8 +128,7 @@ void x86_bios_rom_init(MachineState *ms, const char
> *default_firmware,
> >  void x86_load_linux(X86MachineState *x86ms,
> >                      FWCfgState *fw_cfg,
> >                      int acpi_data_size,
> > -                    bool pvh_enabled,
> > -                    bool legacy_no_rng_seed);
> > +                    bool pvh_enabled);
> > 
> >  bool x86_machine_is_smm_enabled(const X86MachineState *x86ms);
> >  bool x86_machine_is_acpi_enabled(const X86MachineState *x86ms);
> > --
> > 2.37.1
> 
>

Re: [PATCH] [PATCH] linux-user/aarch64: Reset target data on MADV_DONTNEED

2022-08-10 Thread Richard Henderson 

On 8/10/22 13:32, Vitaly Buka wrote:

Sorry, I only noticed today that it's not submitted.
Version is not critical for us, as we build from masters anyway.
Richard, do you know a reason to consider this critical?

On Wed, 10 Aug 2022 at 13:04, Peter Maydell > wrote:


On Wed, 10 Aug 2022 at 21:00, Vitaly Buka mailto:vitalyb...@google.com>> wrote:
 >
 > How can we land this one?

Pinging it a week ago rather than now would have been a good start :-(
I think it got missed because you didn't cc the linux-user maintainer.

Is this a critical fix for 7.1 or can we let it slip to 7.2 ?


It's unfortunate that it got missed.  It's not critical, but it would be nice, because 
support for MADV_DONTNEED is new in 7.1 (previously, we ignored all madvise).


I'll note there are missing braces for coding style on an IF.

Laurent, do you have an objection to merging this for rc3?


r~

Re: [PATCH v3 3/4] target/i386: Make translator stop before the end of a page

2022-08-10 Thread Richard Henderson 

On 8/8/22 10:10, Ilya Leoshkevich wrote:

Right now translator stops right *after* the end of a page, which
breaks reporting of fault locations when the last instruction of a
multi-insn translation block crosses a page boundary.

An implementation, like the one arm and s390x have, would require an
i386 length disassembler, which is burdensome to maintain. Another
alternative would be to single-step at the end of a guest page, but
this may come with a performance impact.

Fix by snapshotting disassembly state and restoring it after we figure
out we crossed a page boundary. This includes rolling back cc_op
updates and emitted ops. Even though i386 is the only architecture that
does rollback, split it into common and architecture-dependent parts to
improve readability.

Signed-off-by: Ilya Leoshkevich 
---
  accel/tcg/translator.c  |  8 
  include/exec/translator.h   |  3 +++
  target/i386/tcg/translate.c | 21 -
  3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
index fe7af9b943..2c4dd09df8 100644
--- a/accel/tcg/translator.c
+++ b/accel/tcg/translator.c
@@ -56,6 +56,7 @@ void translator_loop(const TranslatorOps *ops, 
DisasContextBase *db,
  {
  uint32_t cflags = tb_cflags(tb);
  bool plugin_enabled;
+TCGOp *last_op;
  
  /* Initialize DisasContext */

  db->tb = tb;
@@ -82,6 +83,7 @@ void translator_loop(const TranslatorOps *ops, 
DisasContextBase *db,
  
  while (true) {

  db->num_insns++;
+last_op = tcg_last_op();
  ops->insn_start(db, cpu);
  tcg_debug_assert(db->is_jmp == DISAS_NEXT);  /* no early exit */
  
@@ -103,6 +105,12 @@ void translator_loop(const TranslatorOps *ops, DisasContextBase *db,

  ops->translate_insn(db, cpu);
  }
  
+if (db->is_jmp == DISAS_TOO_MANY_UNDO) {

+db->num_insns--;
+tcg_remove_ops_after(last_op);
+db->is_jmp = DISAS_TOO_MANY;
+}
+
  /* Stop translation if translate_insn so indicated.  */
  if (db->is_jmp != DISAS_NEXT) {
  break;
diff --git a/include/exec/translator.h b/include/exec/translator.h
index d27f8c33b6..e1533aee87 100644
--- a/include/exec/translator.h
+++ b/include/exec/translator.h
@@ -31,6 +31,8 @@
   * DisasJumpType:
   * @DISAS_NEXT: Next instruction in program order.
   * @DISAS_TOO_MANY: Too many instructions translated.
+ * @DISAS_TOO_MANY_UNDO: Too many instructions translated. Everything that was
+ *   done for the current instruction must be undone.
   * @DISAS_NORETURN: Following code is dead.
   * @DISAS_TARGET_*: Start of target-specific conditions.
   *
@@ -39,6 +41,7 @@
  typedef enum DisasJumpType {
  DISAS_NEXT,
  DISAS_TOO_MANY,
+DISAS_TOO_MANY_UNDO,


Hmm, maybe.  I'm not overly keen on the generic change, because I think it would be easy 
to use incorrectly.



+case 2:
+/* Restore state that may affect the next instruction. */
+s->cc_op_dirty = orig_cc_op_dirty;
+s->cc_op = orig_cc_op;
+s->base.is_jmp = DISAS_TOO_MANY_UNDO;


I think you can simply set s->prev_insn_end in i386_tr_insn_start, for 
discarding opcodes.


r~

Re: [PATCH] [PATCH] linux-user/aarch64: Reset target data on MADV_DONTNEED

2022-08-10 Thread Vitaly Buka 
Sorry, I only noticed today that it's not submitted.
Version is not critical for us, as we build from masters anyway.
Richard, do you know a reason to consider this critical?

On Wed, 10 Aug 2022 at 13:04, Peter Maydell 
wrote:

> On Wed, 10 Aug 2022 at 21:00, Vitaly Buka  wrote:
> >
> > How can we land this one?
>
> Pinging it a week ago rather than now would have been a good start :-(
> I think it got missed because you didn't cc the linux-user maintainer.
>
> Is this a critical fix for 7.1 or can we let it slip to 7.2 ?
>
> thanks
> -- PMM
>

Re: [PATCH v3 1/1] os-posix: asynchronous teardown for shutdown on Linux

2022-08-10 Thread Murilo Opsfelder Araújo 

Hi, Claudio.

On 8/9/22 03:40, Claudio Imbrenda wrote:

This patch adds support for asynchronously tearing down a VM on Linux.

When qemu terminates, either naturally or because of a fatal signal,
the VM is torn down. If the VM is huge, it can take a considerable
amount of time for it to be cleaned up. In case of a protected VM, it
might take even longer than a non-protected VM (this is the case on
s390x, for example).

Some users might want to shut down a VM and restart it immediately,
without having to wait. This is especially true if management
infrastructure like libvirt is used.

This patch implements a simple trick on Linux to allow qemu to return
immediately, with the teardown of the VM being performed
asynchronously.

If the new commandline option -async-teardown is used, a new process is
spawned from qemu at startup, using the clone syscall, in such way that
it will share its address space with qemu.

The new process will have the name "cleanup/". It will wait
until qemu terminates, and then it will exit itself.

This allows qemu to terminate quickly, without having to wait for the
whole address space to be torn down. The teardown process will exit
after qemu, so it will be the last user of the address space, and
therefore it will take care of the actual teardown.

The teardown process will share the same cgroups as qemu, so both
memory usage and cpu time will be accounted properly.

This feature can already be used with libvirt by adding the following
to the XML domain definition to pass the parameter to qemu directly:

   http://libvirt.org/schemas/domain/qemu/1.0;>
   
   

More advanced interfaces like pidfd or close_range have intentionally
been avoided in order to be more compatible with older kernels.

Signed-off-by: Claudio Imbrenda 


I've smoke-tested this on ppc and everything looks fine.
For what's worth:

Reviewed-by: Murilo Opsfelder Araujo 
Tested-by: Murilo Opsfelder Araujo 


Have you measured the benefits of using -async-teardown vs. not using it?
If so, can you please share the details so I can give it a try on ppc, too?

The wall-clock perception is that nothing has changed, for better or worse.
My tests used mid-sized VMs, like 128 vCPUs, 64GB RAM.

Cheers!


---
  include/qemu/async-teardown.h |  22 ++
  os-posix.c|   6 ++
  qemu-options.hx   |  17 +
  util/async-teardown.c | 123 ++
  util/meson.build  |   1 +
  5 files changed, 169 insertions(+)
  create mode 100644 include/qemu/async-teardown.h
  create mode 100644 util/async-teardown.c

diff --git a/include/qemu/async-teardown.h b/include/qemu/async-teardown.h
new file mode 100644
index 00..092e7a37e7
--- /dev/null
+++ b/include/qemu/async-teardown.h
@@ -0,0 +1,22 @@
+/*
+ * Asynchronous teardown
+ *
+ * Copyright IBM, Corp. 2022
+ *
+ * Authors:
+ *  Claudio Imbrenda 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at your
+ * option) any later version.  See the COPYING file in the top-level directory.
+ *
+ */
+#ifndef QEMU_ASYNC_TEARDOWN_H
+#define QEMU_ASYNC_TEARDOWN_H
+
+#include "config-host.h"
+
+#ifdef CONFIG_LINUX
+void init_async_teardown(void);
+#endif
+
+#endif
diff --git a/os-posix.c b/os-posix.c
index 321fc4bd13..4858650c3e 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -39,6 +39,7 @@
  
  #ifdef CONFIG_LINUX

  #include 
+#include "qemu/async-teardown.h"
  #endif
  
  /*

@@ -150,6 +151,11 @@ int os_parse_cmd_args(int index, const char *optarg)
  case QEMU_OPTION_daemonize:
  daemonize = 1;
  break;
+#if defined(CONFIG_LINUX)
+case QEMU_OPTION_asyncteardown:
+init_async_teardown();
+break;
+#endif
  default:
  return -1;
  }
diff --git a/qemu-options.hx b/qemu-options.hx
index 3f23a42fa8..d434353159 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -4743,6 +4743,23 @@ HXCOMM Internal use
  DEF("qtest", HAS_ARG, QEMU_OPTION_qtest, "", QEMU_ARCH_ALL)
  DEF("qtest-log", HAS_ARG, QEMU_OPTION_qtest_log, "", QEMU_ARCH_ALL)
  
+#ifdef __linux__

+DEF("async-teardown", 0, QEMU_OPTION_asyncteardown,
+"-async-teardown enable asynchronous teardown\n",
+QEMU_ARCH_ALL)
+#endif
+SRST
+``-async-teardown``
+Enable asynchronous teardown. A new teardown process will be
+created at startup, using clone. The teardown process will share
+the address space of the main qemu process, and wait for the main
+process to terminate. At that point, the teardown process will
+also exit. This allows qemu to terminate quickly if the guest was
+huge, leaving the teardown of the address space to the teardown
+process. Since the teardown process shares the same cgroups as the
+main qemu process, accounting is performed correctly.
+ERST
+
  DEF("msg", HAS_ARG, QEMU_OPTION_msg,
  "-msg [timestamp[=on|off]][,guest-name=[on|off]]\n"
  "control error message format\n"
diff --git a/util/async-teardown.c

Re: [PATCH v3 1/4] accel/tcg: Invalidate translations when clearing PAGE_EXEC

2022-08-10 Thread Richard Henderson 

On 8/8/22 10:10, Ilya Leoshkevich wrote:

After mprotect(addr, PROT_NONE), addr can still be executed if there
are cached translations. Drop them.

Signed-off-by: Ilya Leoshkevich 
---
  accel/tcg/translate-all.c | 17 -
  1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index ef62a199c7..32ea5f0adf 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -2295,12 +2295,19 @@ void page_set_flags(target_ulong start, target_ulong 
end, int flags)
   len != 0;
   len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
  PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
+bool write_set, exec_cleared;
  
-/* If the write protection bit is set, then we invalidate

-   the code inside.  */
-if (!(p->flags & PAGE_WRITE) &&
-(flags & PAGE_WRITE) &&
-p->first_tb) {
+/*
+ * If the write protection bit is set, then we invalidate the code
+ * inside.
+ */
+write_set = !(p->flags & PAGE_WRITE) && (flags & PAGE_WRITE);
+/*
+ * If PAGE_EXEC is cleared, we also need to invalidate the code in
+ * order to force a fault when trying to run it.
+ */
+exec_cleared = (p->flags & PAGE_EXEC) && !(flags & PAGE_EXEC);
+if ((write_set || exec_cleared) && p->first_tb) {


I believe the bug you're trying to fix is in get_page_addr_code, which for USER_ONLY is 
currently a no-op.  It ought to be checking the page permissions there, as we do for softmmu.


I have a patch for get_page_addr_code in the works, because I was working on pther stuff 
in the area.



r~

Re: [PATCH v3 2/4] target/s390x: Make translator stop before the end of a page

2022-08-10 Thread Richard Henderson 

On 8/8/22 10:10, Ilya Leoshkevich wrote:

Right now translator stops right*after*  the end of a page, which
breaks reporting of fault locations when the last instruction of a
multi-insn translation block crosses a page boundary.

Signed-off-by: Ilya Leoshkevich
---
  include/exec/translator.h| 10 ++
  target/s390x/tcg/translate.c | 15 +++
  2 files changed, 21 insertions(+), 4 deletions(-)


Reviewed-by: Richard Henderson 


r~

Re: [PATCH] [PATCH] linux-user/aarch64: Reset target data on MADV_DONTNEED

2022-08-10 Thread Peter Maydell 
On Wed, 10 Aug 2022 at 21:00, Vitaly Buka  wrote:
>
> How can we land this one?

Pinging it a week ago rather than now would have been a good start :-(
I think it got missed because you didn't cc the linux-user maintainer.

Is this a critical fix for 7.1 or can we let it slip to 7.2 ?

thanks
-- PMM

Re: [PATCH] [PATCH] linux-user/aarch64: Reset target data on MADV_DONTNEED

2022-08-10 Thread Vitaly Buka 
How can we land this one?

Re: [PATCH for-7.2 v2 16/20] device_tree.c: support string props in fdt_format_node()

2022-08-10 Thread Daniel Henrique Barboza 




On 8/8/22 01:36, David Gibson wrote:

On Fri, Aug 05, 2022 at 06:39:44AM -0300, Daniel Henrique Barboza wrote:

To support printing string properties in 'info fdt' we need to determine
whether a void data might contain a string.


Oh... sorry, obviously I hadn't read these later patches when I
complained about the command not printing property values.



We do that by casting the void data to a string array and:

- check if the array finishes with a null character
- check if all characters are printable


This won't handle the case of the "string list" several strings tacked
together, separated by their terminating \0 characters.


H how is this printed? Should we concatenate them? Replace the \0
with a whitespace? Or ignore the zero and concatenate them?

E.g. this is a\0string\0list

Should we print it as:

this is astringlist

or

this is a string list ?


Thanks,


Daniel






If both conditions are met, we'll consider it to be a string data type
and print it accordingly. After this change, 'info fdt' is now able to
print string properties. Here's an example with the ARM 'virt' machine:

(qemu) info fdt /chosen
chosen {
 stdout-path = '/pl011@900'
 rng-seed;
 kaslr-seed;
}

Signed-off-by: Daniel Henrique Barboza 
---
  softmmu/device_tree.c | 25 -
  1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/softmmu/device_tree.c b/softmmu/device_tree.c
index 3fb07b537f..8691c3ccc0 100644
--- a/softmmu/device_tree.c
+++ b/softmmu/device_tree.c
@@ -663,6 +663,24 @@ void qemu_fdt_qmp_dumpdtb(const char *filename, Error 
**errp)
  error_setg(errp, "Error when saving machine FDT to file %s", filename);
  }
  
+static bool fdt_prop_is_string(const void *data, int size)

+{
+const char *str = data;
+int i;
+
+if (size <= 0 || str[size - 1] != '\0') {
+return false;
+}
+
+for (i = 0; i < size - 1; i++) {
+if (!g_ascii_isprint(str[i])) {
+return false;
+}
+}
+
+return true;
+}
+
  static void fdt_format_node(GString *buf, int node, int depth)
  {
  const struct fdt_property *prop = NULL;
@@ -681,7 +699,12 @@ static void fdt_format_node(GString *buf, int node, int 
depth)
  prop = fdt_get_property_by_offset(fdt, property, _size);
  propname = fdt_string(fdt, fdt32_to_cpu(prop->nameoff));
  
-g_string_append_printf(buf, "%*s%s;\n", padding, "", propname);

+if (fdt_prop_is_string(prop->data, prop_size)) {
+g_string_append_printf(buf, "%*s%s = '%s'\n",
+   padding, "", propname, prop->data);


If you're going for dts like output, I'd suggest going all the way.
That means \" instead of \' and a ';' at the end of the line.


+} else {
+g_string_append_printf(buf, "%*s%s;\n", padding, "", propname);
+}
  }
  
  padding -= 4;

Re: [PATCH for-7.2 v2 09/20] hw/ppc: set machine->fdt in pnv_reset()

2022-08-10 Thread Daniel Henrique Barboza 




On 8/8/22 04:13, Cédric Le Goater wrote:

On 8/8/22 08:47, Cédric Le Goater wrote:

On 8/5/22 11:39, Daniel Henrique Barboza wrote:

This will enable support for 'dumpdtb' and 'info fdt' HMP commands for
all powernv machines.


I might have missed some emails but dumpdtb is already suppported :
commit 8d4092614161 ("ppc/pnv: activate the "dumpdtb" option on the
powernv machine")


ok. found the patchset "QMP/HMP: add 'dumpdtb' and 'info fdt' commands"

'info fdt' would have been of great help when we were developing the
PowerNV machine. Initially, I was even using pmemsave to extract the
FDT blob ... So this is a great idea ! (which needs a g_free() )

Do we have something similar to dump ACPI tables, btw ?


In QEMU? No idea. I didn't find users of libfdt in x86 files so I didn't
bothered checking.

I am aware of something you can do in userland to dump the ACPI tables. I
did it once for research when I was working in the NUMA FORM2 extension
for pseries. This is the procedure do dump the ACPI SLIT table:


danielhb@ubuntu-vm:~$ sudo acpidump > acpidata.dat
[sudo] password for danielhb:
danielhb@ubuntu-vm:~$
danielhb@ubuntu-vm:~$ sudo acpixtract -sSLIT acpidata.dat

Intel ACPI Component Architecture
ACPI Binary Table Extraction Utility version 20200925
Copyright (c) 2000 - 2020 Intel Corporation

  SLIT -  60 bytes written (0x003C) - slit.dat
danielhb@ubuntu-vm:~$
danielhb@ubuntu-vm:~$ iasl -d slit.dat

Intel ACPI Component Architecture
ASL+ Optimizing Compiler/Disassembler version 20200925
Copyright (c) 2000 - 2020 Intel Corporation

File appears to be binary: found 24 non-ASCII characters, disassembling
Binary file appears to be a valid ACPI table, disassembling
Input file slit.dat, Length 0x3C (60) bytes
ACPI: SLIT 0x 3C (v01 BOCHS  BXPCSLIT 0001 BXPC 
0001)
Acpi Data Table [SLIT] decoded
Formatted output:  slit.dsl - 1489 bytes
danielhb@ubuntu-vm:~$
danielhb@ubuntu-vm:~$ cat slit.dsl
/*
 * Intel ACPI Component Architecture
 * AML/ASL+ Disassembler version 20200925 (64-bit version)
 * Copyright (c) 2000 - 2020 Intel Corporation
 *
 * Disassembly of slit.dat, Wed Jun  2 19:00:54 2021
 *
 * ACPI Data Table [SLIT]
 *
 * Format: [HexOffset DecimalOffset ByteLength]  FieldName : FieldValue
 */

[000h    4]Signature : "SLIT"[System Locality 
Information Table]
[004h 0004   4] Table Length : 003C
[008h 0008   1] Revision : 01
[009h 0009   1] Checksum : A0
[00Ah 0010   6]   Oem ID : "BOCHS "
[010h 0016   8] Oem Table ID : "BXPCSLIT"
[018h 0024   4] Oem Revision : 0001
[01Ch 0028   4]  Asl Compiler ID : "BXPC"
[020h 0032   4]Asl Compiler Revision : 0001

[024h 0036   8]   Localities : 0004
[02Ch 0044   4] Locality   0 : 0A 16 16 16
[030h 0048   4] Locality   1 : 2C 0A 2C 2C
[034h 0052   4] Locality   2 : 42 42 0A 42
[038h 0056   4] Locality   3 : 58 58 58 0A

Raw Table Data: Length 60 (0x3C)

: 53 4C 49 54 3C 00 00 00 01 A0 42 4F 43 48 53 20  // SLIT<.BOCHS
0010: 42 58 50 43 53 4C 49 54 01 00 00 00 42 58 50 43  // BXPCSLITBXPC
0020: 01 00 00 00 04 00 00 00 00 00 00 00 0A 16 16 16  // 
0030: 2C 0A 2C 2C 42 42 0A 42 58 58 58 0A  // ,.,,BB.BXXX.
danielhb@ubuntu-vm:~$


So basically a combination of acpidump and acpixtract commands in the guest.


Daniel




Thanks,

C.




Cc: Cédric Le Goater 
Cc: Frederic Barrat 
Signed-off-by: Daniel Henrique Barboza 
---
  hw/ppc/pnv.c | 6 +-
  1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index d3f77c8367..f5162f8b7b 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -608,7 +608,11 @@ static void pnv_reset(MachineState *machine)
  qemu_fdt_dumpdtb(fdt, fdt_totalsize(fdt));
  cpu_physical_memory_write(PNV_FDT_ADDR, fdt, fdt_totalsize(fdt));
-    g_free(fdt);
+    /*
+ * Update the machine->fdt pointer to enable support for
+ * 'dumpdtb' and 'info fdt' commands.
+ */
+    machine->fdt = fdt;
  }
  static ISABus *pnv_chip_power8_isa_create(PnvChip *chip, Error **errp)

Re: [PATCH v3] pc: hide linuxboot RNG seed behind a machine property

2022-08-10 Thread Paolo Bonzini 
Il mer 10 ago 2022, 19:06 Michael S. Tsirkin  ha scritto:

> > @@ -1387,6 +1405,7 @@ static void x86_machine_initfn(Object *obj)
> >  x86ms->acpi = ON_OFF_AUTO_AUTO;
> >  x86ms->pit = ON_OFF_AUTO_AUTO;
> >  x86ms->pic = ON_OFF_AUTO_AUTO;
> > +x86ms->linuxboot_randomness = ON_OFF_AUTO_OFF;
> >  x86ms->pci_irq_mask = ACPI_BUILD_PCI_IRQS;
> >  x86ms->oem_id = g_strndup(ACPI_BUILD_APPNAME6, 6);
> >  x86ms->oem_table_id = g_strndup(ACPI_BUILD_APPNAME8, 8);
>
>
> This is a weird thing to do in that there's no way to make it auto now.
>

Sure, -M x-linuxboot-randomness=auto works. And making it already
on/off/auto will limit future patches to the injection logic rather than
the QOM boilerplate.

Paolo

And in that case, let's just make it a simple boolean property for now?
>
> > @@ -1426,6 +1445,12 @@ static void x86_machine_class_init(ObjectClass
> *oc, void *data)
> >  object_class_property_set_description(oc, X86_MACHINE_PIT,
> >  "Enable i8254 PIT");
> >
> > +object_class_property_add(oc, X86_MACHINE_LINUXBOOT_RANDOMNESS,
> "OnOffAuto",
> > +x86_machine_get_linuxboot_randomness,
> x86_machine_set_linuxboot_randomness,
> > +NULL, NULL);
> > +object_class_property_set_description(oc,
> X86_MACHINE_LINUXBOOT_RANDOMNESS,
> > +"Pass random number seed to -kernel Linux image");
> > +
> >  object_class_property_add(oc, X86_MACHINE_PIC, "OnOffAuto",
> >x86_machine_get_pic,
> >x86_machine_set_pic,
> > diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
> > index 8435733bd6..9cc3f5d338 100644
> > --- a/include/hw/i386/pc.h
> > +++ b/include/hw/i386/pc.h
> > @@ -128,9 +128,6 @@ struct PCMachineClass {
> >
> >  /* create kvmclock device even when KVM PV features are not exposed
> */
> >  bool kvmclock_create_always;
> > -
> > -/* skip passing an rng seed for legacy machines */
> > -bool legacy_no_rng_seed;
> >  };
> >
> >  #define TYPE_PC_MACHINE "generic-pc-machine"
> > diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h
> > index 62fa5774f8..d7a2eb6f1c 100644
> > --- a/include/hw/i386/x86.h
> > +++ b/include/hw/i386/x86.h
> > @@ -70,6 +70,7 @@ struct X86MachineState {
> >  OnOffAuto acpi;
> >  OnOffAuto pit;
> >  OnOffAuto pic;
> > +OnOffAuto linuxboot_randomness;
> >
> >  char *oem_id;
> >  char *oem_table_id;
> > @@ -94,6 +95,7 @@ struct X86MachineState {
> >  #define X86_MACHINE_OEM_ID   "x-oem-id"
> >  #define X86_MACHINE_OEM_TABLE_ID "x-oem-table-id"
> >  #define X86_MACHINE_BUS_LOCK_RATELIMIT  "bus-lock-ratelimit"
> > +#define X86_MACHINE_LINUXBOOT_RANDOMNESS "x-linuxboot-randomness"
> >
> >  #define TYPE_X86_MACHINE   MACHINE_TYPE_NAME("x86")
> >  OBJECT_DECLARE_TYPE(X86MachineState, X86MachineClass, X86_MACHINE)
> > @@ -126,8 +128,7 @@ void x86_bios_rom_init(MachineState *ms, const char
> *default_firmware,
> >  void x86_load_linux(X86MachineState *x86ms,
> >  FWCfgState *fw_cfg,
> >  int acpi_data_size,
> > -bool pvh_enabled,
> > -bool legacy_no_rng_seed);
> > +bool pvh_enabled);
> >
> >  bool x86_machine_is_smm_enabled(const X86MachineState *x86ms);
> >  bool x86_machine_is_acpi_enabled(const X86MachineState *x86ms);
> > --
> > 2.37.1
>
>

Re: [PULL 0/1] Linux user for 7.1 patches

2022-08-10 Thread Richard Henderson 

On 8/10/22 09:50, Laurent Vivier wrote:

The following changes since commit 61b6e67171c602cf6451e4928c9cdcc24c57a485:

   Update version for v7.1.0-rc2 release (2022-08-09 19:25:15 -0700)

are available in the Git repository at:

   https://gitlab.com/laurent_vivier/qemu.git 
tags/linux-user-for-7.1-pull-request

for you to fetch changes up to 3cd3df2a9584e6f753bb62a0028bd67124ab5532:

   linux-user: fix compat with glibc >= 2.36 sys/mount.h (2022-08-10 18:37:46 
+0200)


Pull request linux-user 20220810

fix compat with glibc >= 2.36 sys/mount.h


Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/7.1 as 
appropriate.


r~






Daniel P. Berrangé (1):
   linux-user: fix compat with glibc >= 2.36 sys/mount.h

  linux-user/syscall.c | 18 ++
  meson.build  |  2 ++
  2 files changed, 20 insertions(+)

RE: AST2600 support in QEMU

2022-08-10 Thread Shivi Fotedar 
Cedric, Joel

Thanks so much for the pointers. This definitely helps. We will get back to you 
with any further questions once we have looked them over. 

-Original Message-
From: Cédric Le Goater  
Sent: Tuesday, August 9, 2022 10:50 PM
To: Joel Stanley ; Shivi Fotedar ; Peter 
Delevoryas ; Jeremy Kerr ; Klaus Jensen 
; Jonathan Cameron 
Cc: qemu-devel@nongnu.org; Andrew Jeffery ; Amit Kumar 
(Engrg-SW) ; Prasanna Karmalkar ; 
Tim Chen (SW-GPU) ; Newton Liu ; Deepak 
Kodihalli ; qemu-arm 
Subject: Re: AST2600 support in QEMU

External email: Use caution opening links or attachments


Hello,

On 8/10/22 04:37, Joel Stanley wrote:
> Hello Shivi,
>
> I've added others to cc who may have some input.
>
> On Tue, 9 Aug 2022 at 21:38, Shivi Fotedar  wrote:
>>
>> Hello, we are looking for support for few features for AST2600 in 
>> QEMU, specifically
>>
>> PCIe RC support so BMC can talk to downstream devices for management 
>> functions.
>
> I haven't seen any PCIe work done yet.

I haven't either. There is clearly a need now that we are moving away from LPC.

>> MCTP controller to run MCTP protocol on top of PCIe or I2C.
>
> What work would be required to do this on top of i2c?

I think Jonathan and Klaus worked on this. See :

   
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore.kernel.org%2Fqemu-devel%2F20220525121422.3a84%40Huawei.com%2Fdata=05%7C01%7Csfotedar%40nvidia.com%7C09cd2aefa2a24815b86e08da7a94370d%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C637957074871711009%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=Z0jZN8QEjZIk1zxgfr37NOt%2BNp4q6bDRkxO8KI4Clrw%3Dreserved=0

>> I2C slave so BMC can talk to host CPU QEMU for IPMI
>
> Some support for slave mode was merged in v7.1.

yes.

Peter D. experimented with IPMI. See :

   
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore.kernel.org%2Fqemu-devel%2F20220630045133.32251-14-me%40pjd.dev%2Fdata=05%7C01%7Csfotedar%40nvidia.com%7C09cd2aefa2a24815b86e08da7a94370d%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C637957074871711009%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=a4bP1xJGC25Dp9UkYKU5i%2BODLQrpfgLN%2BaQPkK9LRZc%3Dreserved=0

We also merged a new machine including a BMC ast2600 running OpenBMC and an 
ast1030 SoC running OpenBIC. Work to interconnect them on the same I2C bus is 
in progress.

Thanks,

C.

[PATCH v3 1/4] hw/riscv: virt: fix uart node name

2022-08-10 Thread Conor Dooley 
From: Conor Dooley 

"uart" is not a node name that complies with the dt-schema.
Change the node name to "serial" to ix warnings seen during
dt-validate on a dtbdump of the virt machine such as:
/stuff/qemu/qemu.dtb: uart@1000: $nodename:0: 'uart@1000' does not 
match '^serial(@.*)?$'
From schema: 
/stuff/linux/Documentation/devicetree/bindings/serial/8250.yaml

Reported-by: Rob Herring 
Link: 
https://lore.kernel.org/linux-riscv/20220803170552.ga2250266-r...@kernel.org/
Fixes: 04331d0b56 ("RISC-V VirtIO Machine")
Reviewed-by: Alistair Francis 
Signed-off-by: Conor Dooley 
---
 hw/riscv/virt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index bc424dd2f5..6c61a406c4 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -917,7 +917,7 @@ static void create_fdt_uart(RISCVVirtState *s, const 
MemMapEntry *memmap,
 char *name;
 MachineState *mc = MACHINE(s);
 
-name = g_strdup_printf("/soc/uart@%lx", (long)memmap[VIRT_UART0].base);
+name = g_strdup_printf("/soc/serial@%lx", (long)memmap[VIRT_UART0].base);
 qemu_fdt_add_subnode(mc->fdt, name);
 qemu_fdt_setprop_string(mc->fdt, name, "compatible", "ns16550a");
 qemu_fdt_setprop_cells(mc->fdt, name, "reg",
-- 
2.37.1

Re: [PATCH 22/62] target/arm: Add secure parameter to get_phys_addr_pmsav8

2022-08-10 Thread Alex Bennée 


Richard Henderson  writes:

> On 8/10/22 06:16, Alex Bennée wrote:
>> Richard Henderson  writes:
>> 
>>> Remove the use of regime_is_secure from get_phys_addr_pmsav8.
>>> Since we already had a local variable named secure, use that.
>>>
>>> Signed-off-by: Richard Henderson 
>>> ---
>>>   target/arm/ptw.c | 5 ++---
>>>   1 file changed, 2 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/target/arm/ptw.c b/target/arm/ptw.c
>>> index d424dec729..f7892a0c48 100644
>>> --- a/target/arm/ptw.c
>>> +++ b/target/arm/ptw.c
>>> @@ -1960,10 +1960,9 @@ void v8m_security_lookup(CPUARMState *env, uint32_t 
>>> address,
>>> static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t
>>> address,
>>>MMUAccessType access_type, ARMMMUIdx 
>>> mmu_idx,
>>> - GetPhysAddrResult *result,
>>> + bool secure, GetPhysAddrResult
>>>   *result,
>> NIT: why not use is_secure like all the other functions (and
>> reformat
>> the commit subject to match too).
>
> It's right there in the commit message -- there was an existing local
> variable.

doh - sorry so focused on the mechanics I missed the explanation!
>
>
> r~
>
>> Otherwise:
>> Reviewed-by: Alex Bennée 
>> 


-- 
Alex Bennée

[PATCH v3 0/4] QEMU: Fix RISC-V virt & spike machines' dtbs

2022-08-10 Thread Conor Dooley 
From: Conor Dooley 

The device trees produced automatically for the virt and spike machines
fail dt-validate on several grounds. Some of these need to be fixed in
the linux kernel's dt-bindings, but others are caused by bugs in QEMU.

I mostly opted for what appeared to be the smallest change that would
fix the warnings, partly due to my inexperience with the QEMU codebase.
A "sister" patchset for the kernel will clear the remaining warnings.
Thanks to Rob Herring for reporting these issues [1],
Conor.

Changes since v2:
- move the syscon subnodes back to the top level instead of into the
  syscon node
Changes since v1:
- drop patch 1

To reproduce the errors:
./build/qemu-system-riscv64 -nographic -machine virt,dumpdtb=qemu.dtb
dt-validate -p 
/path/to/linux/kernel/Documentation/devicetree/bindings/processed-schema.json 
qemu.dtb
(The processed schema needs to be generated first)

0 - 
https://lore.kernel.org/linux-riscv/20220805162844.1554247-1-m...@conchuod.ie/
1 - 
https://lore.kernel.org/linux-riscv/20220803170552.ga2250266-r...@kernel.org/

Conor Dooley (4):
  hw/riscv: virt: fix uart node name
  hw/riscv: virt: fix the plic's address cells
  hw/riscv: virt: fix syscon subnode paths
  hw/core: fix platform bus node name

 hw/core/sysbus-fdt.c| 2 +-
 hw/riscv/virt.c | 8 +---
 include/hw/riscv/virt.h | 1 +
 3 files changed, 7 insertions(+), 4 deletions(-)


base-commit: 2480f3bbd03814b0651a1f74959f5c6631ee5819
-- 
2.37.1

[PATCH v3 3/4] hw/riscv: virt: fix syscon subnode paths

2022-08-10 Thread Conor Dooley 
From: Conor Dooley 

The reset and poweroff features of the syscon were originally added to
top level, which is a valid path for a syscon subnode. Subsequently a
reorganisation was carried out while implementing NUMA in which the
subnodes were moved into the /soc node. As /soc is a "simple-bus", this
path is invalid, and so dt-validate produces the following warnings:

/stuff/qemu/qemu.dtb: soc: poweroff: {'value': [[21845]], 'offset': [[0]], 
'regmap': [[4]], 'compatible': ['syscon-poweroff']} should not be valid under 
{'type': 'object'}
From schema: 
/home/conor/.local/lib/python3.9/site-packages/dtschema/schemas/simple-bus.yaml
/stuff/qemu/qemu.dtb: soc: reboot: {'value': [[30583]], 'offset': [[0]], 
'regmap': [[4]], 'compatible': ['syscon-reboot']} should not be valid under 
{'type': 'object'}
From schema: 
/home/conor/.local/lib/python3.9/site-packages/dtschema/schemas/simple-bus.yaml

Move the syscon subnodes back to the top level and silence the warnings.

Reported-by: Rob Herring 
Link: 
https://lore.kernel.org/linux-riscv/20220803170552.ga2250266-r...@kernel.org/
Fixes: 18df0b4695 ("hw/riscv: virt: Allow creating multiple NUMA sockets")
Signed-off-by: Conor Dooley 
---
I dropped your R-b Alistair intentionally.
Tested both Linux and FreeBSD:
[0.073406] device: 'poweroff': device_add
[0.073441] bus: 'platform': add device poweroff
[0.502347] bus: 'platform': add driver syscon-poweroff
[0.502379] bus: 'platform': __driver_probe_device: matched device poweroff 
with driver syscon-poweroff
[0.502397] bus: 'platform': really_probe: probing driver syscon-poweroff 
with device poweroff
[0.502423] syscon-poweroff poweroff: no pinctrl handle
[0.502681] syscon-poweroff poweroff: pm_power_off already claimed for 
sbi_srst_power_off
[0.50] syscon-poweroff: probe of poweroff failed with error -16
[0.073629] device: 'reboot': device_add
[0.073664] bus: 'platform': add device reboot
[0.500640] bus: 'platform': add driver syscon-reboot
[0.500673] bus: 'platform': __driver_probe_device: matched device reboot 
with driver syscon-reboot
[0.500694] bus: 'platform': really_probe: probing driver syscon-reboot with 
device reboot
[0.500725] syscon-reboot reboot: no pinctrl handle
[0.502168] driver: 'syscon-reboot': driver_bound: bound to device 'reboot'
[0.502242] bus: 'platform': really_probe: bound device reboot to driver 
syscon-reboot

syscon_power0:  on ofwbus0
syscon_power1:  on ofwbus0
---
 hw/riscv/virt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 8b2978076e..6f0fd1541b 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -896,7 +896,7 @@ static void create_fdt_reset(RISCVVirtState *s, const 
MemMapEntry *memmap,
 test_phandle = qemu_fdt_get_phandle(mc->fdt, name);
 g_free(name);
 
-name = g_strdup_printf("/soc/reboot");
+name = g_strdup_printf("/reboot");
 qemu_fdt_add_subnode(mc->fdt, name);
 qemu_fdt_setprop_string(mc->fdt, name, "compatible", "syscon-reboot");
 qemu_fdt_setprop_cell(mc->fdt, name, "regmap", test_phandle);
@@ -904,7 +904,7 @@ static void create_fdt_reset(RISCVVirtState *s, const 
MemMapEntry *memmap,
 qemu_fdt_setprop_cell(mc->fdt, name, "value", FINISHER_RESET);
 g_free(name);
 
-name = g_strdup_printf("/soc/poweroff");
+name = g_strdup_printf("/poweroff");
 qemu_fdt_add_subnode(mc->fdt, name);
 qemu_fdt_setprop_string(mc->fdt, name, "compatible", "syscon-poweroff");
 qemu_fdt_setprop_cell(mc->fdt, name, "regmap", test_phandle);
-- 
2.37.1

[PATCH v3 2/4] hw/riscv: virt: fix the plic's address cells

2022-08-10 Thread Conor Dooley 
From: Conor Dooley 

When optional AIA PLIC support was added the to the virt machine, the
address cells property was removed leading the issues with dt-validate
on a dump from the virt machine:
/stuff/qemu/qemu.dtb: plic@c00: '#address-cells' is a required property
From schema: 
/stuff/linux/Documentation/devicetree/bindings/interrupt-controller/sifive,plic-1.0.0.yaml
Add back the property to suppress the warning.

Reported-by: Rob Herring 
Link: 
https://lore.kernel.org/linux-riscv/20220803170552.ga2250266-r...@kernel.org/
Fixes: e6faee6585 ("hw/riscv: virt: Add optional AIA APLIC support to virt 
machine")
Reviewed-by: Alistair Francis 
Signed-off-by: Conor Dooley 
---
 hw/riscv/virt.c | 2 ++
 include/hw/riscv/virt.h | 1 +
 2 files changed, 3 insertions(+)

diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 6c61a406c4..8b2978076e 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -465,6 +465,8 @@ static void create_fdt_socket_plic(RISCVVirtState *s,
 qemu_fdt_add_subnode(mc->fdt, plic_name);
 qemu_fdt_setprop_cell(mc->fdt, plic_name,
 "#interrupt-cells", FDT_PLIC_INT_CELLS);
+qemu_fdt_setprop_cell(mc->fdt, plic_name,
+"#address-cells", FDT_PLIC_ADDR_CELLS);
 qemu_fdt_setprop_string_array(mc->fdt, plic_name, "compatible",
   (char **)_compat,
   ARRAY_SIZE(plic_compat));
diff --git a/include/hw/riscv/virt.h b/include/hw/riscv/virt.h
index 984e55c77f..be4ab8fe7f 100644
--- a/include/hw/riscv/virt.h
+++ b/include/hw/riscv/virt.h
@@ -111,6 +111,7 @@ enum {
 
 #define FDT_PCI_ADDR_CELLS3
 #define FDT_PCI_INT_CELLS 1
+#define FDT_PLIC_ADDR_CELLS   0
 #define FDT_PLIC_INT_CELLS1
 #define FDT_APLIC_INT_CELLS   2
 #define FDT_IMSIC_INT_CELLS   0
-- 
2.37.1

[PATCH v9 0/3] Implement Sstc extension

2022-08-10 Thread Atish Patra 
This series implements Sstc extension[1] which was ratified recently.

The first patch is a prepartory patches while PATCH 2 adds stimecmp
support while PATCH 3 adds vstimecmp support. This series is based on
on top of upstream commit (faee5441a038).

The series can also be found at
https://github.com/atishp04/qemu/tree/sstc_v9

It is tested on RV32 & RV64 with latest OpenSBI & Linux kernel[2]
patches.

Changes from v8->v9:
1. Updated alignment of few lines.
2. Improved predicate functions for sstc.

Changes from v7->v8:
1. Removed redundant blank lines.
2. Invoke smode & hmode predicate function from sstc related predicate
   functions.

Changes from v6->v7:
1. Replaced g_malloc0 with g_new0.
2. Removed the over allocation for the timers.

Changes from v5->v6:
1. Rebased on top of the latest HEAD commit.

Changes from v4->v5:
1. Removed any ordering related flags and emulate the hardware more
   closely. 

Changes from v3->v4:
1. Added [v]stimecmp_wr_done to the corresponding vmstate strucuture.

Changes from v2->v3:
1. Dropped generic migration code improvement patches.
2. Removed the order constraints while updating stimecmp/vstimecmp.

Changes from v1->v2:
1. Rebased on the latest upstream commit.
2. Replaced PATCH 1 with another patch where mtimer/timecmp is
   moved from CPU to ACLINT.
3. Added ACLINT migration support.

[1] https://drive.google.com/file/d/1m84Re2yK8m_vbW7TspvevCDR82MOBaSX/view
[2] https://github.com/atishp04/linux/tree/sstc_v8

Atish Patra (3):
hw/intc: Move mtimer/mtimecmp to aclint
target/riscv: Add stimecmp support
target/riscv: Add vstimecmp support

hw/intc/riscv_aclint.c |  41 +---
hw/timer/ibex_timer.c  |  18 ++--
include/hw/intc/riscv_aclint.h |   2 +
include/hw/timer/ibex_timer.h  |   2 +
target/riscv/cpu.c |   9 ++
target/riscv/cpu.h |  11 ++-
target/riscv/cpu_bits.h|   8 ++
target/riscv/cpu_helper.c  |  11 ++-
target/riscv/csr.c | 168 +
target/riscv/machine.c |   7 +-
target/riscv/meson.build   |   3 +-
target/riscv/time_helper.c | 114 ++
target/riscv/time_helper.h |  30 ++
13 files changed, 392 insertions(+), 32 deletions(-)
create mode 100644 target/riscv/time_helper.c
create mode 100644 target/riscv/time_helper.h

--
2.25.1

[PATCH v3 4/4] hw/core: fix platform bus node name

2022-08-10 Thread Conor Dooley 
From: Conor Dooley 

"platform" is not a valid name for a bus node in dt-schema, so warnings
can be see in dt-validate on a dump of the riscv virt dtb:

/stuff/qemu/qemu.dtb: platform@400: $nodename:0: 'platform@400' does 
not match '^([a-z][a-z0-9\\-]+-bus|bus|soc|axi|ahb|apb)(@[0-9a-f]+)?$'
From schema: 
/home/conor/.local/lib/python3.9/site-packages/dtschema/schemas/simple-bus.yaml
"platform-bus" is a valid name, so use that instead.

CC: Rob Herring 
Fixes: 11d306b9df ("hw/arm/sysbus-fdt: helpers for platform bus nodes addition")
Reviewed-by: Alistair Francis 
Signed-off-by: Conor Dooley 
---
 hw/core/sysbus-fdt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/core/sysbus-fdt.c b/hw/core/sysbus-fdt.c
index 19d22cbe73..edb0c49b19 100644
--- a/hw/core/sysbus-fdt.c
+++ b/hw/core/sysbus-fdt.c
@@ -539,7 +539,7 @@ void platform_bus_add_all_fdt_nodes(void *fdt, const char 
*intc, hwaddr addr,
 
 assert(fdt);
 
-node = g_strdup_printf("/platform@%"PRIx64, addr);
+node = g_strdup_printf("/platform-bus@%"PRIx64, addr);
 
 /* Create a /platform node that we can put all devices into */
 qemu_fdt_add_subnode(fdt, node);
-- 
2.37.1

[PATCH v9 2/3] target/riscv: Add stimecmp support

2022-08-10 Thread Atish Patra 
stimecmp allows the supervisor mode to update stimecmp CSR directly
to program the next timer interrupt. This CSR is part of the Sstc
extension which was ratified recently.

Reviewed-by: Alistair Francis 
Signed-off-by: Atish Patra 
---
 target/riscv/cpu.c |  9 
 target/riscv/cpu.h |  5 ++
 target/riscv/cpu_bits.h|  4 ++
 target/riscv/csr.c | 86 +
 target/riscv/machine.c |  1 +
 target/riscv/meson.build   |  3 +-
 target/riscv/time_helper.c | 98 ++
 target/riscv/time_helper.h | 30 
 8 files changed, 235 insertions(+), 1 deletion(-)
 create mode 100644 target/riscv/time_helper.c
 create mode 100644 target/riscv/time_helper.h

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index d4635c7df46b..2498b93105fd 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -23,6 +23,7 @@
 #include "qemu/log.h"
 #include "cpu.h"
 #include "internals.h"
+#include "time_helper.h"
 #include "exec/exec-all.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
@@ -99,6 +100,7 @@ static const struct isa_ext_data isa_edata_arr[] = {
 ISA_EXT_DATA_ENTRY(zve64f, true, PRIV_VERSION_1_12_0, ext_zve64f),
 ISA_EXT_DATA_ENTRY(zhinx, true, PRIV_VERSION_1_12_0, ext_zhinx),
 ISA_EXT_DATA_ENTRY(zhinxmin, true, PRIV_VERSION_1_12_0, ext_zhinxmin),
+ISA_EXT_DATA_ENTRY(sstc, true, PRIV_VERSION_1_12_0, ext_sstc),
 ISA_EXT_DATA_ENTRY(svinval, true, PRIV_VERSION_1_12_0, ext_svinval),
 ISA_EXT_DATA_ENTRY(svnapot, true, PRIV_VERSION_1_12_0, ext_svnapot),
 ISA_EXT_DATA_ENTRY(svpbmt, true, PRIV_VERSION_1_12_0, ext_svpbmt),
@@ -675,6 +677,12 @@ static void riscv_cpu_realize(DeviceState *dev, Error 
**errp)
 
 set_resetvec(env, cpu->cfg.resetvec);
 
+#ifndef CONFIG_USER_ONLY
+if (cpu->cfg.ext_sstc) {
+riscv_timer_init(cpu);
+}
+#endif /* CONFIG_USER_ONLY */
+
 /* Validate that MISA_MXL is set properly. */
 switch (env->misa_mxl_max) {
 #ifdef TARGET_RISCV64
@@ -995,6 +1003,7 @@ static Property riscv_cpu_extensions[] = {
 DEFINE_PROP_BOOL("Zve64f", RISCVCPU, cfg.ext_zve64f, false),
 DEFINE_PROP_BOOL("mmu", RISCVCPU, cfg.mmu, true),
 DEFINE_PROP_BOOL("pmp", RISCVCPU, cfg.pmp, true),
+DEFINE_PROP_BOOL("sstc", RISCVCPU, cfg.ext_sstc, true),
 
 DEFINE_PROP_STRING("priv_spec", RISCVCPU, cfg.priv_spec),
 DEFINE_PROP_STRING("vext_spec", RISCVCPU, cfg.vext_spec),
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 0fae1569945c..4cda2905661e 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -309,6 +309,9 @@ struct CPUArchState {
 uint64_t mfromhost;
 uint64_t mtohost;
 
+/* Sstc CSRs */
+uint64_t stimecmp;
+
 /* physical memory protection */
 pmp_table_t pmp_state;
 target_ulong mseccfg;
@@ -362,6 +365,7 @@ struct CPUArchState {
 float_status fp_status;
 
 /* Fields from here on are preserved across CPU reset. */
+QEMUTimer *stimer; /* Internal timer for S-mode interrupt */
 
 hwaddr kernel_addr;
 hwaddr fdt_addr;
@@ -425,6 +429,7 @@ struct RISCVCPUConfig {
 bool ext_ifencei;
 bool ext_icsr;
 bool ext_zihintpause;
+bool ext_sstc;
 bool ext_svinval;
 bool ext_svnapot;
 bool ext_svpbmt;
diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 6be5a9e9f046..ac17cf1515c0 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -206,6 +206,10 @@
 #define CSR_STVAL   0x143
 #define CSR_SIP 0x144
 
+/* Sstc supervisor CSRs */
+#define CSR_STIMECMP0x14D
+#define CSR_STIMECMPH   0x15D
+
 /* Supervisor Protection and Translation */
 #define CSR_SPTBR   0x180
 #define CSR_SATP0x180
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 0fb042b2fd0f..9079d988ba08 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -22,6 +22,7 @@
 #include "qemu/timer.h"
 #include "cpu.h"
 #include "pmu.h"
+#include "time_helper.h"
 #include "qemu/main-loop.h"
 #include "exec/exec-all.h"
 #include "sysemu/cpu-timers.h"
@@ -803,6 +804,81 @@ static RISCVException read_timeh(CPURISCVState *env, int 
csrno,
 return RISCV_EXCP_NONE;
 }
 
+static RISCVException sstc(CPURISCVState *env, int csrno)
+{
+CPUState *cs = env_cpu(env);
+RISCVCPU *cpu = RISCV_CPU(cs);
+
+if (!cpu->cfg.ext_sstc || !env->rdtime_fn) {
+return RISCV_EXCP_ILLEGAL_INST;
+}
+
+if (env->priv == PRV_M) {
+return RISCV_EXCP_NONE;
+}
+
+/*
+ * No need of separate function for rv32 as menvcfg stores both menvcfg
+ * menvcfgh for RV32.
+ */
+if (!(get_field(env->mcounteren, COUNTEREN_TM) &&
+  get_field(env->menvcfg, MENVCFG_STCE))) {
+return RISCV_EXCP_ILLEGAL_INST;
+}
+
+return smode(env, csrno);
+}
+
+static RISCVException sstc_32(CPURISCVState *env, int csrno)
+{
+if (riscv_cpu_mxl(env) != MXL_RV32) {
+return RISCV_EXCP_ILLEGAL_INST;
+}
+
+

[RFC 8/8] vdpa: Conditionally expose _F_LOG in vhost_net devices

2022-08-10 Thread Eugenio Pérez 
Vhost-vdpa networking devices need to met a few conditions to be
migratable. If SVQ is not enabled from the beginnig, to suspend the
device to retrieve the vq state is the first requirement.

However, qemu also needs to be able to intercept SVQ from the beginning.
To be able to do so, the vdpa device needs to expose certains features.

Expose _F_LOG only if all of these are met.

Signed-off-by: Eugenio Pérez 
---
 net/vhost-vdpa.c | 16 +---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index 4c6947feb8..73c27cd315 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -49,6 +49,9 @@ typedef struct VhostVDPAState {
 /* Device log enabled */
 bool log_enabled;
 
+/* Device can suspend */
+bool feature_suspend;
+
 bool started;
 } VhostVDPAState;
 
@@ -431,6 +434,7 @@ static int vhost_vdpa_net_cvq_start(NetClientState *nc)
 /* Default values */
 v->listener_shadow_vq = s->always_svq || s->log_enabled;
 v->shadow_vqs_enabled = s->always_svq || s->log_enabled;
+v->feature_log = s->always_svq || s->log_enabled;
 s->vhost_vdpa.address_space_id = VHOST_VDPA_NET_CVQ_PASSTHROUGH;
 
 if (s->address_space_num < 2) {
@@ -455,6 +459,7 @@ static int vhost_vdpa_net_cvq_start(NetClientState *nc)
 if (unlikely(vq_group.num == cvq_group.num)) {
 warn_report("CVQ %u group is the same as VQ %u one (%u)",
  cvq_group.index, vq_group.index, cvq_group.num);
+v->feature_log = false;
 return 0;
 }
 }
@@ -464,6 +469,7 @@ static int vhost_vdpa_net_cvq_start(NetClientState *nc)
 if (r == 0) {
 v->shadow_vqs_enabled = true;
 s->vhost_vdpa.address_space_id = VHOST_VDPA_NET_CVQ_ASID;
+v->feature_log = s->feature_suspend;
 }
 
 out:
@@ -728,6 +734,7 @@ static NetClientState *net_vhost_vdpa_init(NetClientState 
*peer,
unsigned nas,
bool is_datapath,
bool svq,
+   bool feature_suspend,
VhostIOVATree *iova_tree)
 {
 NetClientState *nc = NULL;
@@ -748,9 +755,11 @@ static NetClientState *net_vhost_vdpa_init(NetClientState 
*peer,
 s->vhost_vdpa.device_fd = vdpa_device_fd;
 s->vhost_vdpa.index = queue_pair_index;
 s->always_svq = svq;
+s->feature_suspend = feature_suspend;
 s->vhost_vdpa.shadow_vqs_enabled = svq;
 s->vhost_vdpa.listener_shadow_vq = svq;
 s->vhost_vdpa.iova_tree = iova_tree;
+s->vhost_vdpa.feature_log = feature_suspend;
 if (queue_pair_index == 0) {
 s->memory_listener = (MemoryListener) {
 .log_global_start = vhost_vdpa_net_log_global_start,
@@ -839,7 +848,7 @@ int net_init_vhost_vdpa(const Netdev *netdev, const char 
*name,
 NetClientState *nc;
 int queue_pairs, r, i = 0, has_cvq = 0;
 unsigned num_as = 1;
-bool svq_cvq;
+bool svq_cvq, feature_suspend;
 
 assert(netdev->type == NET_CLIENT_DRIVER_VHOST_VDPA);
 opts = >u.vhost_vdpa;
@@ -892,10 +901,11 @@ int net_init_vhost_vdpa(const Netdev *netdev, const char 
*name,
 
 ncs = g_malloc0(sizeof(*ncs) * queue_pairs);
 
+feature_suspend = backend_features & BIT_ULL(VHOST_BACKEND_F_SUSPEND);
 for (i = 0; i < queue_pairs; i++) {
 ncs[i] = net_vhost_vdpa_init(peer, TYPE_VHOST_VDPA, name,
  vdpa_device_fd, i, 2, num_as, true,
- opts->x_svq, iova_tree);
+ opts->x_svq, feature_suspend, iova_tree);
 if (!ncs[i])
 goto err;
 }
@@ -903,7 +913,7 @@ int net_init_vhost_vdpa(const Netdev *netdev, const char 
*name,
 if (has_cvq) {
 nc = net_vhost_vdpa_init(peer, TYPE_VHOST_VDPA, name,
  vdpa_device_fd, i, 1, num_as, false,
- opts->x_svq, iova_tree);
+ opts->x_svq, feature_suspend, iova_tree);
 if (!nc)
 goto err;
 }
-- 
2.31.1

[PATCH v9 1/3] hw/intc: Move mtimer/mtimecmp to aclint

2022-08-10 Thread Atish Patra 
Historically, The mtime/mtimecmp has been part of the CPU because
they are per hart entities. However, they actually belong to aclint
which is a MMIO device.

Move them to the ACLINT device. This also emulates the real hardware
more closely.

Reviewed-by: Anup Patel 
Reviewed-by: Alistair Francis 
Reviewed-by: Andrew Jones 
Signed-off-by: Atish Patra 
---
 hw/intc/riscv_aclint.c | 41 --
 hw/timer/ibex_timer.c  | 18 ++-
 include/hw/intc/riscv_aclint.h |  2 ++
 include/hw/timer/ibex_timer.h  |  2 ++
 target/riscv/cpu.h |  2 --
 target/riscv/machine.c |  5 ++---
 6 files changed, 42 insertions(+), 28 deletions(-)

diff --git a/hw/intc/riscv_aclint.c b/hw/intc/riscv_aclint.c
index e7942c4e5a32..a125c73d535c 100644
--- a/hw/intc/riscv_aclint.c
+++ b/hw/intc/riscv_aclint.c
@@ -32,6 +32,7 @@
 #include "hw/intc/riscv_aclint.h"
 #include "qemu/timer.h"
 #include "hw/irq.h"
+#include "migration/vmstate.h"
 
 typedef struct riscv_aclint_mtimer_callback {
 RISCVAclintMTimerState *s;
@@ -65,8 +66,8 @@ static void 
riscv_aclint_mtimer_write_timecmp(RISCVAclintMTimerState *mtimer,
 
 uint64_t rtc_r = cpu_riscv_read_rtc(mtimer);
 
-cpu->env.timecmp = value;
-if (cpu->env.timecmp <= rtc_r) {
+mtimer->timecmp[hartid] = value;
+if (mtimer->timecmp[hartid] <= rtc_r) {
 /*
  * If we're setting an MTIMECMP value in the "past",
  * immediately raise the timer interrupt
@@ -77,7 +78,7 @@ static void 
riscv_aclint_mtimer_write_timecmp(RISCVAclintMTimerState *mtimer,
 
 /* otherwise, set up the future timer interrupt */
 qemu_irq_lower(mtimer->timer_irqs[hartid - mtimer->hartid_base]);
-diff = cpu->env.timecmp - rtc_r;
+diff = mtimer->timecmp[hartid] - rtc_r;
 /* back to ns (note args switched in muldiv64) */
 uint64_t ns_diff = muldiv64(diff, NANOSECONDS_PER_SECOND, timebase_freq);
 
@@ -102,7 +103,7 @@ static void 
riscv_aclint_mtimer_write_timecmp(RISCVAclintMTimerState *mtimer,
 next = MIN(next, INT64_MAX);
 }
 
-timer_mod(cpu->env.timer, next);
+timer_mod(mtimer->timers[hartid], next);
 }
 
 /*
@@ -133,11 +134,11 @@ static uint64_t riscv_aclint_mtimer_read(void *opaque, 
hwaddr addr,
   "aclint-mtimer: invalid hartid: %zu", hartid);
 } else if ((addr & 0x7) == 0) {
 /* timecmp_lo for RV32/RV64 or timecmp for RV64 */
-uint64_t timecmp = env->timecmp;
+uint64_t timecmp = mtimer->timecmp[hartid];
 return (size == 4) ? (timecmp & 0x) : timecmp;
 } else if ((addr & 0x7) == 4) {
 /* timecmp_hi */
-uint64_t timecmp = env->timecmp;
+uint64_t timecmp = mtimer->timecmp[hartid];
 return (timecmp >> 32) & 0x;
 } else {
 qemu_log_mask(LOG_UNIMP,
@@ -177,7 +178,7 @@ static void riscv_aclint_mtimer_write(void *opaque, hwaddr 
addr,
 } else if ((addr & 0x7) == 0) {
 if (size == 4) {
 /* timecmp_lo for RV32/RV64 */
-uint64_t timecmp_hi = env->timecmp >> 32;
+uint64_t timecmp_hi = mtimer->timecmp[hartid] >> 32;
 riscv_aclint_mtimer_write_timecmp(mtimer, RISCV_CPU(cpu), 
hartid,
 timecmp_hi << 32 | (value & 0x));
 } else {
@@ -188,7 +189,7 @@ static void riscv_aclint_mtimer_write(void *opaque, hwaddr 
addr,
 } else if ((addr & 0x7) == 4) {
 if (size == 4) {
 /* timecmp_hi for RV32/RV64 */
-uint64_t timecmp_lo = env->timecmp;
+uint64_t timecmp_lo = mtimer->timecmp[hartid];
 riscv_aclint_mtimer_write_timecmp(mtimer, RISCV_CPU(cpu), 
hartid,
 value << 32 | (timecmp_lo & 0x));
 } else {
@@ -234,7 +235,7 @@ static void riscv_aclint_mtimer_write(void *opaque, hwaddr 
addr,
 }
 riscv_aclint_mtimer_write_timecmp(mtimer, RISCV_CPU(cpu),
   mtimer->hartid_base + i,
-  env->timecmp);
+  mtimer->timecmp[i]);
 }
 return;
 }
@@ -284,6 +285,8 @@ static void riscv_aclint_mtimer_realize(DeviceState *dev, 
Error **errp)
 s->timer_irqs = g_new(qemu_irq, s->num_harts);
 qdev_init_gpio_out(dev, s->timer_irqs, s->num_harts);
 
+s->timers = g_new0(QEMUTimer *, s->num_harts);
+s->timecmp = g_new0(uint64_t, s->num_harts);
 /* Claim timer interrupt bits */
 for (i = 0; i < s->num_harts; i++) {
 RISCVCPU *cpu = RISCV_CPU(qemu_get_cpu(s->hartid_base + i));
@@ -310,6 +313,18 @@ static void riscv_aclint_mtimer_reset_enter(Object *obj, 
ResetType type)
 riscv_aclint_mtimer_write(mtimer, mtimer->time_base, 0, 8);
 }
 
+static const VMStateDescription vmstate_riscv_mtimer = {
+.name =

[RFC 6/8] vdpa: Negotiate _F_SUSPEND feature

2022-08-10 Thread Eugenio Pérez 
This is needed for qemu to know it can suspend the device to retrieve
its status and enable SVQ with it, so all the process is transparent to
the guest.

Signed-off-by: Eugenio Pérez 
---
 hw/virtio/vhost-vdpa.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index 3607983422..d750d9cec1 100644
--- a/hw/virtio/vhost-vdpa.c
+++ b/hw/virtio/vhost-vdpa.c
@@ -679,7 +679,8 @@ static int vhost_vdpa_set_backend_cap(struct vhost_dev *dev)
 uint64_t features;
 uint64_t f = 0x1ULL << VHOST_BACKEND_F_IOTLB_MSG_V2 |
 0x1ULL << VHOST_BACKEND_F_IOTLB_BATCH |
-0x1ULL << VHOST_BACKEND_F_IOTLB_ASID;
+0x1ULL << VHOST_BACKEND_F_IOTLB_ASID |
+0x1ULL << VHOST_BACKEND_F_SUSPEND;
 int r;
 
 if (vhost_vdpa_call(dev, VHOST_GET_BACKEND_FEATURES, )) {
-- 
2.31.1

[PATCH v9 3/3] target/riscv: Add vstimecmp support

2022-08-10 Thread Atish Patra 
vstimecmp CSR allows the guest OS or to program the next guest timer
interrupt directly. Thus, hypervisor no longer need to inject the
timer interrupt to the guest if vstimecmp is used. This was ratified
as a part of the Sstc extension.

Reviewed-by: Alistair Francis 
Signed-off-by: Atish Patra 
---
 target/riscv/cpu.h |  4 ++
 target/riscv/cpu_bits.h|  4 ++
 target/riscv/cpu_helper.c  | 11 +++--
 target/riscv/csr.c | 88 --
 target/riscv/machine.c |  1 +
 target/riscv/time_helper.c | 16 +++
 6 files changed, 118 insertions(+), 6 deletions(-)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 4cda2905661e..1fd382b2717f 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -312,6 +312,8 @@ struct CPUArchState {
 /* Sstc CSRs */
 uint64_t stimecmp;
 
+uint64_t vstimecmp;
+
 /* physical memory protection */
 pmp_table_t pmp_state;
 target_ulong mseccfg;
@@ -366,6 +368,8 @@ struct CPUArchState {
 
 /* Fields from here on are preserved across CPU reset. */
 QEMUTimer *stimer; /* Internal timer for S-mode interrupt */
+QEMUTimer *vstimer; /* Internal timer for VS-mode interrupt */
+bool vstime_irq;
 
 hwaddr kernel_addr;
 hwaddr fdt_addr;
diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index ac17cf1515c0..095dab19f512 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -257,6 +257,10 @@
 #define CSR_VSIP0x244
 #define CSR_VSATP   0x280
 
+/* Sstc virtual CSRs */
+#define CSR_VSTIMECMP   0x24D
+#define CSR_VSTIMECMPH  0x25D
+
 #define CSR_MTINST  0x34a
 #define CSR_MTVAL2  0x34b
 
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 650574accf0a..1e4faa84e839 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -345,8 +345,9 @@ uint64_t riscv_cpu_all_pending(CPURISCVState *env)
 {
 uint32_t gein = get_field(env->hstatus, HSTATUS_VGEIN);
 uint64_t vsgein = (env->hgeip & (1ULL << gein)) ? MIP_VSEIP : 0;
+uint64_t vstip = (env->vstime_irq) ? MIP_VSTIP : 0;
 
-return (env->mip | vsgein) & env->mie;
+return (env->mip | vsgein | vstip) & env->mie;
 }
 
 int riscv_cpu_mirq_pending(CPURISCVState *env)
@@ -605,7 +606,7 @@ uint64_t riscv_cpu_update_mip(RISCVCPU *cpu, uint64_t mask, 
uint64_t value)
 {
 CPURISCVState *env = >env;
 CPUState *cs = CPU(cpu);
-uint64_t gein, vsgein = 0, old = env->mip;
+uint64_t gein, vsgein = 0, vstip = 0, old = env->mip;
 bool locked = false;
 
 if (riscv_cpu_virt_enabled(env)) {
@@ -613,6 +614,10 @@ uint64_t riscv_cpu_update_mip(RISCVCPU *cpu, uint64_t 
mask, uint64_t value)
 vsgein = (env->hgeip & (1ULL << gein)) ? MIP_VSEIP : 0;
 }
 
+/* No need to update mip for VSTIP */
+mask = ((mask == MIP_VSTIP) && env->vstime_irq) ? 0 : mask;
+vstip = env->vstime_irq ? MIP_VSTIP : 0;
+
 if (!qemu_mutex_iothread_locked()) {
 locked = true;
 qemu_mutex_lock_iothread();
@@ -620,7 +625,7 @@ uint64_t riscv_cpu_update_mip(RISCVCPU *cpu, uint64_t mask, 
uint64_t value)
 
 env->mip = (env->mip & ~mask) | (value & mask);
 
-if (env->mip | vsgein) {
+if (env->mip | vsgein | vstip) {
 cpu_interrupt(cs, CPU_INTERRUPT_HARD);
 } else {
 cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 9079d988ba08..38bb46db8f99 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -808,6 +808,7 @@ static RISCVException sstc(CPURISCVState *env, int csrno)
 {
 CPUState *cs = env_cpu(env);
 RISCVCPU *cpu = RISCV_CPU(cs);
+bool hmode_check = false;
 
 if (!cpu->cfg.ext_sstc || !env->rdtime_fn) {
 return RISCV_EXCP_ILLEGAL_INST;
@@ -826,7 +827,18 @@ static RISCVException sstc(CPURISCVState *env, int csrno)
 return RISCV_EXCP_ILLEGAL_INST;
 }
 
-return smode(env, csrno);
+if (riscv_cpu_virt_enabled(env)) {
+if (!(get_field(env->hcounteren, COUNTEREN_TM) &
+  get_field(env->henvcfg, HENVCFG_STCE))) {
+return RISCV_EXCP_VIRT_INSTRUCTION_FAULT;
+}
+}
+
+if ((csrno == CSR_VSTIMECMP) || (csrno == CSR_VSTIMECMPH)) {
+hmode_check = true;
+}
+
+return hmode_check ? hmode(env, csrno) : smode(env, csrno);
 }
 
 static RISCVException sstc_32(CPURISCVState *env, int csrno)
@@ -838,17 +850,72 @@ static RISCVException sstc_32(CPURISCVState *env, int 
csrno)
 return sstc(env, csrno);
 }
 
+static RISCVException read_vstimecmp(CPURISCVState *env, int csrno,
+target_ulong *val)
+{
+*val = env->vstimecmp;
+
+return RISCV_EXCP_NONE;
+}
+
+static RISCVException read_vstimecmph(CPURISCVState *env, int csrno,
+target_ulong *val)
+{
+*val = env->vstimecmp >> 32;
+
+return RISCV_EXCP_NONE;
+}
+
+static RISCVException write_vstimecmp(CPURISCVState

[RFC 1/8] [NOTMERGE] Update linux headers

2022-08-10 Thread Eugenio Pérez 
Add _F_SUSPEND and suspend ioctl.

TODO: This is still not merged in Linux upstream, so it may change.
---
 include/standard-headers/linux/vhost_types.h | 3 +++
 linux-headers/linux/vhost.h  | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/include/standard-headers/linux/vhost_types.h 
b/include/standard-headers/linux/vhost_types.h
index ce78551b0f..c93ed1b920 100644
--- a/include/standard-headers/linux/vhost_types.h
+++ b/include/standard-headers/linux/vhost_types.h
@@ -161,5 +161,8 @@ struct vhost_vdpa_iova_range {
  * message
  */
 #define VHOST_BACKEND_F_IOTLB_ASID  0x3
+/* Stop device from processing virtqueue buffers */
+#define VHOST_BACKEND_F_SUSPEND  0x4
+
 
 #endif
diff --git a/linux-headers/linux/vhost.h b/linux-headers/linux/vhost.h
index cab645d4a6..f3f5bea3cb 100644
--- a/linux-headers/linux/vhost.h
+++ b/linux-headers/linux/vhost.h
@@ -171,4 +171,7 @@
 #define VHOST_VDPA_SET_GROUP_ASID  _IOW(VHOST_VIRTIO, 0x7C, \
 struct vhost_vring_state)
 
+/* Stop or resume a device so it does not process virtqueue requests anymore */
+#define VHOST_VDPA_SUSPEND  _IO(VHOST_VIRTIO, 0x7D)
+
 #endif
-- 
2.31.1

[RFC 3/8] vhost: expose memory listener priority

2022-08-10 Thread Eugenio Pérez 
We need to perform changes to vhost_vdpa devices before the memory
listener inform them about the migration. Otherwise, it will reach them
with no SVQ enabled and it cannot be guaranteed that it will be enabled
afterwards.

Expose the vhost memory listener priority so we can assign a lower one
to net/vhost-vdpa one.

Signed-off-by: Eugenio Pérez 
---
 include/hw/virtio/vhost.h | 2 ++
 hw/virtio/vhost.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/hw/virtio/vhost.h b/include/hw/virtio/vhost.h
index a346f23d13..ccd6cc5549 100644
--- a/include/hw/virtio/vhost.h
+++ b/include/hw/virtio/vhost.h
@@ -104,6 +104,8 @@ struct vhost_dev {
 const VhostDevConfigOps *config_ops;
 };
 
+#define VHOST_DEV_MEMORY_LISTENER_PRIORITY 10
+
 extern const VhostOps kernel_ops;
 extern const VhostOps user_ops;
 extern const VhostOps vdpa_ops;
diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index 0827d631c0..a1e822b871 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -1411,7 +1411,7 @@ int vhost_dev_init(struct vhost_dev *hdev, void *opaque,
 .log_global_stop = vhost_log_global_stop,
 .eventfd_add = vhost_eventfd_add,
 .eventfd_del = vhost_eventfd_del,
-.priority = 10
+.priority = VHOST_DEV_MEMORY_LISTENER_PRIORITY
 };
 
 hdev->iommu_listener = (MemoryListener) {
-- 
2.31.1

[RFC 7/8] vdpa: Add feature_log member to vhost_vdpa

2022-08-10 Thread Eugenio Pérez 
This way device's vhost_vdpa can make the choice about exposing or not
the _F_LOG feature.

At the moment is always false.

Signed-off-by: Eugenio Pérez 
---
 include/hw/virtio/vhost-vdpa.h | 1 +
 hw/virtio/vhost-vdpa.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/hw/virtio/vhost-vdpa.h b/include/hw/virtio/vhost-vdpa.h
index 0c3ed2d69b..b09eae133a 100644
--- a/include/hw/virtio/vhost-vdpa.h
+++ b/include/hw/virtio/vhost-vdpa.h
@@ -33,6 +33,7 @@ typedef struct vhost_vdpa {
 MemoryListener listener;
 struct vhost_vdpa_iova_range iova_range;
 uint64_t acked_features;
+bool feature_log;
 bool shadow_vqs_enabled;
 /* The listener must send iova tree addresses, not GPA */
 bool listener_shadow_vq;
diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index d750d9cec1..17513ee820 100644
--- a/hw/virtio/vhost-vdpa.c
+++ b/hw/virtio/vhost-vdpa.c
@@ -1246,7 +1246,7 @@ static int vhost_vdpa_get_features(struct vhost_dev *dev,
 struct vhost_vdpa *v = dev->opaque;
 int ret = vhost_vdpa_get_dev_features(dev, features);
 
-if (ret == 0 && v->shadow_vqs_enabled) {
+if (ret == 0 && (v->shadow_vqs_enabled || v->feature_log)) {
 /* Add SVQ logging capabilities */
 *features |= BIT_ULL(VHOST_F_LOG_ALL);
 }
-- 
2.31.1

[RFC 2/8] vdpa: Extract get_backend_features from vhost_vdpa_get_as_num

2022-08-10 Thread Eugenio Pérez 
The series reuses it to check for SUSPEND feature bit.

Signed-off-by: Eugenio Pérez 
---
 net/vhost-vdpa.c | 15 ---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index 11241ebac4..85b10799bd 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -602,9 +602,17 @@ static const VhostShadowVirtqueueOps 
vhost_vdpa_net_svq_ops = {
 .avail_handler = vhost_vdpa_net_handle_ctrl_avail,
 };
 
-static uint32_t vhost_vdpa_get_as_num(int vdpa_device_fd)
+static uint64_t vhost_vdpa_get_backend_features(int fd)
 {
 uint64_t features;
+
+/* No need to treat the error, only to know there is one */
+int ret = ioctl(fd, VHOST_GET_BACKEND_FEATURES, );
+return ret < 0 ? 0 : features;
+}
+
+static uint32_t vhost_vdpa_get_as_num(int vdpa_device_fd, uint64_t features)
+{
 unsigned num_as;
 int r;
 
@@ -733,7 +741,7 @@ int net_init_vhost_vdpa(const Netdev *netdev, const char 
*name,
 NetClientState *peer, Error **errp)
 {
 const NetdevVhostVDPAOptions *opts;
-uint64_t features;
+uint64_t features, backend_features;
 int vdpa_device_fd;
 g_autofree NetClientState **ncs = NULL;
 g_autoptr(VhostIOVATree) iova_tree = NULL;
@@ -765,9 +773,10 @@ int net_init_vhost_vdpa(const Netdev *netdev, const char 
*name,
 goto err;
 }
 
+backend_features = vhost_vdpa_get_backend_features(vdpa_device_fd);
 svq_cvq = opts->x_svq;
 if (has_cvq && !opts->x_svq) {
-num_as = vhost_vdpa_get_as_num(vdpa_device_fd);
+num_as = vhost_vdpa_get_as_num(vdpa_device_fd, backend_features);
 svq_cvq = num_as > 1;
 }
 
-- 
2.31.1

[RFC 0/8] Dinamycally switch to vhost shadow virtqueues at vdpa net migration

2022-08-10 Thread Eugenio Pérez 
It's possible to migrate vdpa net devices if they are shadowed from the
start. But to always shadow the dataplane is effectively break its host
passthrough, so its not convenient in vDPA scenarios.

This series enables dynamically switching to shadow mode only at migration
time. This allow full data virtqueues passthrough all the time qemu is not
migrating.

To do so it uses the VHOST_VDPA_SUSPEND ioctl, not merged in Linux at this time
[1]. Because of that, first patch is not signed and present a header
[NOTMERGE]. This series is also based on ASID one [2], not merged in qemu at the
moment.

Comments are welcome.

[1] https://lkml.org/lkml/2022/8/10/732
[2] https://lists.nongnu.org/archive/html/qemu-devel/2022-08/msg01047.html

Eugenio Pérez (8):
  [NOTMERGE] Update linux headers
  vdpa: Extract get_backend_features from vhost_vdpa_get_as_num
  vhost: expose memory listener priority
  vdpa: Add log_enabled to VhostVDPAState
  vdpa: Add vdpa memory listener
  vdpa: Negotiate _F_SUSPEND feature
  vdpa: Add feature_log member to vhost_vdpa
  vdpa: Conditionally expose _F_LOG in vhost_net devices

 include/hw/virtio/vhost-vdpa.h   |   1 +
 include/hw/virtio/vhost.h|   2 +
 include/standard-headers/linux/vhost_types.h |   3 +
 linux-headers/linux/vhost.h  |   3 +
 hw/virtio/vhost-vdpa.c   |   5 +-
 hw/virtio/vhost.c|   2 +-
 net/vhost-vdpa.c | 128 +--
 7 files changed, 132 insertions(+), 12 deletions(-)

-- 
2.31.1

[RFC 4/8] vdpa: Add log_enabled to VhostVDPAState

2022-08-10 Thread Eugenio Pérez 
This enables VhostVDPAState to track the logging of the memory.

It cannot be merged with s->always_svq because always_svq is immutable
from the moment the device is parsed, and log_enabled must be enabled or
disabled depending on the log state.

Apart from that, they will affect the same to vhost vdpa device,
enabling the shadow virtqueue unconditionally.

Signed-off-by: Eugenio Pérez 
---
 net/vhost-vdpa.c | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index 85b10799bd..a035c89c34 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -42,6 +42,10 @@ typedef struct VhostVDPAState {
 
 /* The device always have SVQ enabled */
 bool always_svq;
+
+/* Device log enabled */
+bool log_enabled;
+
 bool started;
 } VhostVDPAState;
 
@@ -346,15 +350,15 @@ static int vhost_vdpa_net_cvq_start(NetClientState *nc)
 cvq_group.index = v->dev->vq_index_end - 1;
 
 /* Default values */
-v->listener_shadow_vq = s->always_svq;
-v->shadow_vqs_enabled = s->always_svq;
+v->listener_shadow_vq = s->always_svq || s->log_enabled;
+v->shadow_vqs_enabled = s->always_svq || s->log_enabled;
 s->vhost_vdpa.address_space_id = VHOST_VDPA_NET_CVQ_PASSTHROUGH;
 
 if (s->address_space_num < 2) {
 return 0;
 }
 
-if (s->always_svq) {
+if (s->always_svq || s->log_enabled) {
 goto out;
 }
 
-- 
2.31.1

[RFC 5/8] vdpa: Add vdpa memory listener

2022-08-10 Thread Eugenio Pérez 
This enable net/vdpa to restart the full device when a migration is
started or stopped.

Signed-off-by: Eugenio Pérez 
---
 net/vhost-vdpa.c | 87 
 1 file changed, 87 insertions(+)

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index a035c89c34..4c6947feb8 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -21,6 +21,7 @@
 #include "qemu/memalign.h"
 #include "qemu/option.h"
 #include "qapi/error.h"
+#include "exec/address-spaces.h"
 #include 
 #include 
 #include 
@@ -32,6 +33,8 @@
 typedef struct VhostVDPAState {
 NetClientState nc;
 struct vhost_vdpa vhost_vdpa;
+MemoryListener memory_listener;
+
 VHostNetState *vhost_net;
 
 /* Control commands shadow buffers */
@@ -110,6 +113,16 @@ static const uint64_t vdpa_svq_device_features =
 #define VHOST_VDPA_NET_CVQ_PASSTHROUGH 0
 #define VHOST_VDPA_NET_CVQ_ASID 1
 
+/*
+ * Vdpa memory listener must run before vhost one, so vhost_vdpa does not get
+ * _F_LOG_ALL without SVQ.
+ */
+#define VHOST_VDPA_NET_MEMORY_LISTENER_PRIORITY \
+   (VHOST_DEV_MEMORY_LISTENER_PRIORITY - 1)
+/* Check for underflow */
+QEMU_BUILD_BUG_ON(VHOST_DEV_MEMORY_LISTENER_PRIORITY <
+  VHOST_VDPA_NET_MEMORY_LISTENER_PRIORITY);
+
 VHostNetState *vhost_vdpa_get_vhost_net(NetClientState *nc)
 {
 VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
@@ -172,6 +185,9 @@ static void vhost_vdpa_cleanup(NetClientState *nc)
 
 qemu_vfree(s->cvq_cmd_out_buffer);
 qemu_vfree(s->cvq_cmd_in_buffer);
+if (dev->vq_index == 0) {
+memory_listener_unregister(>memory_listener);
+}
 if (dev->vq_index + dev->nvqs == dev->vq_index_end) {
 g_clear_pointer(>vhost_vdpa.iova_tree, vhost_iova_tree_delete);
 }
@@ -224,6 +240,69 @@ static ssize_t vhost_vdpa_receive(NetClientState *nc, 
const uint8_t *buf,
 return 0;
 }
 
+static void vhost_vdpa_net_log_global_enable(MemoryListener *listener,
+ bool enable)
+{
+VhostVDPAState *s = container_of(listener, VhostVDPAState,
+ memory_listener);
+struct vhost_vdpa *v = >vhost_vdpa;
+VirtIONet *n;
+VirtIODevice *vdev;
+int data_queue_pairs, cvq, r;
+NetClientState *peer;
+
+if (s->always_svq || s->log_enabled == enable) {
+return;
+}
+
+s->log_enabled = enable;
+vdev = v->dev->vdev;
+n = VIRTIO_NET(vdev);
+if (!n->vhost_started) {
+return;
+}
+
+if (enable) {
+ioctl(v->device_fd, VHOST_VDPA_SUSPEND);
+}
+data_queue_pairs = n->multiqueue ? n->max_queue_pairs : 1;
+cvq = virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_VQ) ?
+  n->max_ncs - n->max_queue_pairs : 0;
+vhost_net_stop(vdev, n->nic->ncs, data_queue_pairs, cvq);
+
+peer = s->nc.peer;
+for (int i = 0; i < data_queue_pairs + cvq; i++) {
+VhostVDPAState *vdpa_state;
+NetClientState *nc;
+
+if (i < data_queue_pairs) {
+nc = qemu_get_peer(peer, i);
+} else {
+nc = qemu_get_peer(peer, n->max_queue_pairs);
+}
+
+vdpa_state = DO_UPCAST(VhostVDPAState, nc, nc);
+vdpa_state->vhost_vdpa.listener_shadow_vq = enable;
+vdpa_state->vhost_vdpa.shadow_vqs_enabled = enable;
+vdpa_state->log_enabled = enable;
+}
+
+r = vhost_net_start(vdev, n->nic->ncs, data_queue_pairs, cvq);
+if (unlikely(r < 0)) {
+error_report("unable to start vhost net: %s(%d)", g_strerror(-r), -r);
+}
+}
+
+static void vhost_vdpa_net_log_global_start(MemoryListener *listener)
+{
+vhost_vdpa_net_log_global_enable(listener, true);
+}
+
+static void vhost_vdpa_net_log_global_stop(MemoryListener *listener)
+{
+vhost_vdpa_net_log_global_enable(listener, false);
+}
+
 static NetClientInfo net_vhost_vdpa_info = {
 .type = NET_CLIENT_DRIVER_VHOST_VDPA,
 .size = sizeof(VhostVDPAState),
@@ -413,6 +492,7 @@ static void vhost_vdpa_net_cvq_stop(NetClientState *nc)
 
 assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_VDPA);
 
+memory_listener_unregister(>memory_listener);
 if (s->vhost_vdpa.shadow_vqs_enabled) {
 vhost_vdpa_cvq_unmap_buf(>vhost_vdpa, s->cvq_cmd_out_buffer);
 vhost_vdpa_cvq_unmap_buf(>vhost_vdpa, s->cvq_cmd_in_buffer);
@@ -671,6 +751,13 @@ static NetClientState *net_vhost_vdpa_init(NetClientState 
*peer,
 s->vhost_vdpa.shadow_vqs_enabled = svq;
 s->vhost_vdpa.listener_shadow_vq = svq;
 s->vhost_vdpa.iova_tree = iova_tree;
+if (queue_pair_index == 0) {
+s->memory_listener = (MemoryListener) {
+.log_global_start = vhost_vdpa_net_log_global_start,
+.log_global_stop = vhost_vdpa_net_log_global_stop,
+};
+memory_listener_register(>memory_listener, _space_memory);
+}
 if (!is_datapath) {
 s->cvq_cmd_out_buffer =

Re: [PATCH v4 19/24] ppc/ppc405: QOM'ify FPGA

2022-08-10 Thread BALATON Zoltan 

On Wed, 10 Aug 2022, Daniel Henrique Barboza wrote:

On 8/9/22 14:37, BALATON Zoltan wrote:

On Tue, 9 Aug 2022, Cédric Le Goater wrote:

Reviewed-by: Daniel Henrique Barboza 
Signed-off-by: Cédric Le Goater 
---
hw/ppc/ppc405_boards.c | 55 +-
1 file changed, 38 insertions(+), 17 deletions(-)

diff --git a/hw/ppc/ppc405_boards.c b/hw/ppc/ppc405_boards.c
index 3677793adc75..4ff6715f3533 100644
--- a/hw/ppc/ppc405_boards.c
+++ b/hw/ppc/ppc405_boards.c
@@ -71,18 +71,23 @@ struct Ppc405MachineState {
 * - NVRAM (0xF000)
 * - FPGA  (0xF030)
 */
-typedef struct ref405ep_fpga_t ref405ep_fpga_t;
-struct ref405ep_fpga_t {
+
+#define TYPE_REF405EP_FPGA "ref405ep-fpga"
+OBJECT_DECLARE_SIMPLE_TYPE(Ref405epFpgaState, REF405EP_FPGA);
+struct Ref405epFpgaState {
+    SysBusDevice parent_obj;
+
+    MemoryRegion iomem;
+
    uint8_t reg0;
    uint8_t reg1;
};

static uint64_t ref405ep_fpga_readb(void *opaque, hwaddr addr, unsigned 
size)

{
-    ref405ep_fpga_t *fpga;
+    Ref405epFpgaState *fpga = REF405EP_FPGA(opaque);
    uint32_t ret;

-    fpga = opaque;
    switch (addr) {
    case 0x0:
    ret = fpga->reg0;
@@ -101,9 +106,8 @@ static uint64_t ref405ep_fpga_readb(void *opaque, 
hwaddr addr, unsigned size)
static void ref405ep_fpga_writeb(void *opaque, hwaddr addr, uint64_t 
value,

 unsigned size)
{
-    ref405ep_fpga_t *fpga;
+    Ref405epFpgaState *fpga = REF405EP_FPGA(opaque);

-    fpga = opaque;
    switch (addr) {
    case 0x0:
    /* Read only */
@@ -126,27 +130,39 @@ static const MemoryRegionOps ref405ep_fpga_ops = {
    .endianness = DEVICE_BIG_ENDIAN,
};

-static void ref405ep_fpga_reset (void *opaque)
+static void ref405ep_fpga_reset(DeviceState *dev)
{
-    ref405ep_fpga_t *fpga;
+    Ref405epFpgaState *fpga = REF405EP_FPGA(dev);

-    fpga = opaque;
    fpga->reg0 = 0x00;
    fpga->reg1 = 0x0F;
}

-static void ref405ep_fpga_init(MemoryRegion *sysmem, uint32_t base)
+static void ref405ep_fpga_realize(DeviceState *dev, Error **errp)
{
-    ref405ep_fpga_t *fpga;
-    MemoryRegion *fpga_memory = g_new(MemoryRegion, 1);
+    Ref405epFpgaState *s = REF405EP_FPGA(dev);

-    fpga = g_new0(ref405ep_fpga_t, 1);
-    memory_region_init_io(fpga_memory, NULL, _fpga_ops, fpga,
+    memory_region_init_io(>iomem, OBJECT(s), _fpga_ops, s,
  "fpga", 0x0100);
-    memory_region_add_subregion(sysmem, base, fpga_memory);
-    qemu_register_reset(_fpga_reset, fpga);
+    sysbus_init_mmio(SYS_BUS_DEVICE(s), >iomem);
+}
+
+static void ref405ep_fpga_class_init(ObjectClass *oc, void *data)
+{
+    DeviceClass *dc = DEVICE_CLASS(oc);
+
+    dc->realize = ref405ep_fpga_realize;
+    dc->user_creatable = false;


Comment missing (and I'd drop unnecessary QOM casts) but otherwise:


Which QOM casts are you referring to?


Those that I've discussed in other patches, it's all QOMify patches not 
only this one. Cédric knows what I mean. But there are other small chnages 
elsewhere that probably need another version anyway so I think you don't 
need to do anything with this patch.


Regards,
BALATON Zoltan



Daniel



Reviewed-by: BALATON Zoltan 

Regards,
BALATON Zoltan


+    dc->reset = ref405ep_fpga_reset;
}

+static const TypeInfo ref405ep_fpga_type = {
+    .name = TYPE_REF405EP_FPGA,
+    .parent = TYPE_SYS_BUS_DEVICE,
+    .instance_size = sizeof(Ref405epFpgaState),
+    .class_init = ref405ep_fpga_class_init,
+};
+
/*
 * CPU reset handler when booting directly from a loaded kernel
 */
@@ -331,7 +347,11 @@ static void ref405ep_init(MachineState *machine)
    memory_region_add_subregion(get_system_memory(), PPC405EP_SRAM_BASE, 
sram);


    /* Register FPGA */
-    ref405ep_fpga_init(get_system_memory(), PPC405EP_FPGA_BASE);
+    dev = qdev_new(TYPE_REF405EP_FPGA);
+    object_property_add_child(OBJECT(machine), "fpga", OBJECT(dev));
+    sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), _fatal);
+    sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, PPC405EP_FPGA_BASE);
+
    /* Register NVRAM */
    dev = qdev_new("sysbus-m48t08");
    qdev_prop_set_int32(dev, "base-year", 1968);
@@ -376,6 +396,7 @@ static void ppc405_machine_init(void)
{
    type_register_static(_machine_type);
    type_register_static(_type);
+    type_register_static(_fpga_type);
}

type_init(ppc405_machine_init)

Re: [PATCH v4 19/24] ppc/ppc405: QOM'ify FPGA

2022-08-10 Thread Daniel Henrique Barboza 




On 8/9/22 14:37, BALATON Zoltan wrote:

On Tue, 9 Aug 2022, Cédric Le Goater wrote:

Reviewed-by: Daniel Henrique Barboza 
Signed-off-by: Cédric Le Goater 
---
hw/ppc/ppc405_boards.c | 55 +-
1 file changed, 38 insertions(+), 17 deletions(-)

diff --git a/hw/ppc/ppc405_boards.c b/hw/ppc/ppc405_boards.c
index 3677793adc75..4ff6715f3533 100644
--- a/hw/ppc/ppc405_boards.c
+++ b/hw/ppc/ppc405_boards.c
@@ -71,18 +71,23 @@ struct Ppc405MachineState {
 * - NVRAM (0xF000)
 * - FPGA  (0xF030)
 */
-typedef struct ref405ep_fpga_t ref405ep_fpga_t;
-struct ref405ep_fpga_t {
+
+#define TYPE_REF405EP_FPGA "ref405ep-fpga"
+OBJECT_DECLARE_SIMPLE_TYPE(Ref405epFpgaState, REF405EP_FPGA);
+struct Ref405epFpgaState {
+    SysBusDevice parent_obj;
+
+    MemoryRegion iomem;
+
    uint8_t reg0;
    uint8_t reg1;
};

static uint64_t ref405ep_fpga_readb(void *opaque, hwaddr addr, unsigned size)
{
-    ref405ep_fpga_t *fpga;
+    Ref405epFpgaState *fpga = REF405EP_FPGA(opaque);
    uint32_t ret;

-    fpga = opaque;
    switch (addr) {
    case 0x0:
    ret = fpga->reg0;
@@ -101,9 +106,8 @@ static uint64_t ref405ep_fpga_readb(void *opaque, hwaddr 
addr, unsigned size)
static void ref405ep_fpga_writeb(void *opaque, hwaddr addr, uint64_t value,
 unsigned size)
{
-    ref405ep_fpga_t *fpga;
+    Ref405epFpgaState *fpga = REF405EP_FPGA(opaque);

-    fpga = opaque;
    switch (addr) {
    case 0x0:
    /* Read only */
@@ -126,27 +130,39 @@ static const MemoryRegionOps ref405ep_fpga_ops = {
    .endianness = DEVICE_BIG_ENDIAN,
};

-static void ref405ep_fpga_reset (void *opaque)
+static void ref405ep_fpga_reset(DeviceState *dev)
{
-    ref405ep_fpga_t *fpga;
+    Ref405epFpgaState *fpga = REF405EP_FPGA(dev);

-    fpga = opaque;
    fpga->reg0 = 0x00;
    fpga->reg1 = 0x0F;
}

-static void ref405ep_fpga_init(MemoryRegion *sysmem, uint32_t base)
+static void ref405ep_fpga_realize(DeviceState *dev, Error **errp)
{
-    ref405ep_fpga_t *fpga;
-    MemoryRegion *fpga_memory = g_new(MemoryRegion, 1);
+    Ref405epFpgaState *s = REF405EP_FPGA(dev);

-    fpga = g_new0(ref405ep_fpga_t, 1);
-    memory_region_init_io(fpga_memory, NULL, _fpga_ops, fpga,
+    memory_region_init_io(>iomem, OBJECT(s), _fpga_ops, s,
  "fpga", 0x0100);
-    memory_region_add_subregion(sysmem, base, fpga_memory);
-    qemu_register_reset(_fpga_reset, fpga);
+    sysbus_init_mmio(SYS_BUS_DEVICE(s), >iomem);
+}
+
+static void ref405ep_fpga_class_init(ObjectClass *oc, void *data)
+{
+    DeviceClass *dc = DEVICE_CLASS(oc);
+
+    dc->realize = ref405ep_fpga_realize;
+    dc->user_creatable = false;


Comment missing (and I'd drop unnecessary QOM casts) but otherwise:


Which QOM casts are you referring to?


Daniel



Reviewed-by: BALATON Zoltan 

Regards,
BALATON Zoltan


+    dc->reset = ref405ep_fpga_reset;
}

+static const TypeInfo ref405ep_fpga_type = {
+    .name = TYPE_REF405EP_FPGA,
+    .parent = TYPE_SYS_BUS_DEVICE,
+    .instance_size = sizeof(Ref405epFpgaState),
+    .class_init = ref405ep_fpga_class_init,
+};
+
/*
 * CPU reset handler when booting directly from a loaded kernel
 */
@@ -331,7 +347,11 @@ static void ref405ep_init(MachineState *machine)
    memory_region_add_subregion(get_system_memory(), PPC405EP_SRAM_BASE, sram);

    /* Register FPGA */
-    ref405ep_fpga_init(get_system_memory(), PPC405EP_FPGA_BASE);
+    dev = qdev_new(TYPE_REF405EP_FPGA);
+    object_property_add_child(OBJECT(machine), "fpga", OBJECT(dev));
+    sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), _fatal);
+    sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, PPC405EP_FPGA_BASE);
+
    /* Register NVRAM */
    dev = qdev_new("sysbus-m48t08");
    qdev_prop_set_int32(dev, "base-year", 1968);
@@ -376,6 +396,7 @@ static void ppc405_machine_init(void)
{
    type_register_static(_machine_type);
    type_register_static(_type);
+    type_register_static(_fpga_type);
}

type_init(ppc405_machine_init)

[PATCH v3] pc: hide linuxboot RNG seed behind a machine property

2022-08-10 Thread Paolo Bonzini 
OVMF does not support Linux setup_data and it is not clear how to
fix this, so disable the support for the random number seed for the
7.1 release.  Using a property allows shipping the code even if it is
disabled by default.  The property name has "x-" prepended because the
implementation might change in the future; migration from future versions
to QEMU 7.1 is only guaranteed to work if the property is left to its
default of "off".  At the time the property is enabled by default, the
"x-" can be removed.

Using a property has other advantages in general: it makes it possible
to use the normal compat property mechanism instead of ad hoc code, and
it avoids parameter proliferation in x86_load_linux.

Cc: Michael S. Tsirkin 
Co-developed-by: Jason A. Donenfeld 
Signed-off-by: Paolo Bonzini 
---
 hw/i386/microvm.c |  2 +-
 hw/i386/pc.c  |  4 ++--
 hw/i386/pc_piix.c |  2 +-
 hw/i386/pc_q35.c  |  2 +-
 hw/i386/x86.c | 33 +
 include/hw/i386/pc.h  |  3 ---
 include/hw/i386/x86.h |  5 +++--
 7 files changed, 37 insertions(+), 14 deletions(-)

diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c
index 7fe8cce03e..dc929727dc 100644
--- a/hw/i386/microvm.c
+++ b/hw/i386/microvm.c
@@ -332,7 +332,7 @@ static void microvm_memory_init(MicrovmMachineState *mms)
 rom_set_fw(fw_cfg);
 
 if (machine->kernel_filename != NULL) {
-x86_load_linux(x86ms, fw_cfg, 0, true, false);
+x86_load_linux(x86ms, fw_cfg, 0, true);
 }
 
 if (mms->option_roms) {
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 7280c02ce3..4518f3c546 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -796,7 +796,7 @@ void xen_load_linux(PCMachineState *pcms)
 rom_set_fw(fw_cfg);
 
 x86_load_linux(x86ms, fw_cfg, pcmc->acpi_data_size,
-   pcmc->pvh_enabled, pcmc->legacy_no_rng_seed);
+   pcmc->pvh_enabled);
 for (i = 0; i < nb_option_roms; i++) {
 assert(!strcmp(option_rom[i].name, "linuxboot.bin") ||
!strcmp(option_rom[i].name, "linuxboot_dma.bin") ||
@@ -1118,7 +1118,7 @@ void pc_memory_init(PCMachineState *pcms,
 
 if (linux_boot) {
 x86_load_linux(x86ms, fw_cfg, pcmc->acpi_data_size,
-   pcmc->pvh_enabled, pcmc->legacy_no_rng_seed);
+   pcmc->pvh_enabled);
 }
 
 for (i = 0; i < nb_option_roms; i++) {
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index a5c65c1c35..1526b7e3fd 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -447,10 +447,10 @@ DEFINE_I440FX_MACHINE(v7_1, "pc-i440fx-7.1", NULL,
 static void pc_i440fx_7_0_machine_options(MachineClass *m)
 {
 PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
+
 pc_i440fx_7_1_machine_options(m);
 m->alias = NULL;
 m->is_default = false;
-pcmc->legacy_no_rng_seed = true;
 pcmc->enforce_amd_1tb_hole = false;
 compat_props_add(m->compat_props, hw_compat_7_0, hw_compat_7_0_len);
 compat_props_add(m->compat_props, pc_compat_7_0, pc_compat_7_0_len);
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 3a35193ff7..c5b38edc65 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -384,9 +384,9 @@ DEFINE_Q35_MACHINE(v7_1, "pc-q35-7.1", NULL,
 static void pc_q35_7_0_machine_options(MachineClass *m)
 {
 PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
+
 pc_q35_7_1_machine_options(m);
 m->alias = NULL;
-pcmc->legacy_no_rng_seed = true;
 pcmc->enforce_amd_1tb_hole = false;
 compat_props_add(m->compat_props, hw_compat_7_0, hw_compat_7_0_len);
 compat_props_add(m->compat_props, pc_compat_7_0, pc_compat_7_0_len);
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index 050eedc0c8..01bad1972b 100644
--- a/hw/i386/x86.c
+++ b/hw/i386/x86.c
@@ -60,6 +60,8 @@
 #include CONFIG_DEVICES
 #include "kvm/kvm_i386.h"
 
+#define RNG_SEED_LENGTH 32
+
 /* Physical Address of PVH entry point read from kernel ELF NOTE */
 static size_t pvh_start_addr;
 
@@ -767,8 +769,7 @@ static bool load_elfboot(const char *kernel_filename,
 void x86_load_linux(X86MachineState *x86ms,
 FWCfgState *fw_cfg,
 int acpi_data_size,
-bool pvh_enabled,
-bool legacy_no_rng_seed)
+bool pvh_enabled)
 {
 bool linuxboot_dma_enabled = 
X86_MACHINE_GET_CLASS(x86ms)->fwcfg_dma_enabled;
 uint16_t protocol;
@@ -786,7 +787,6 @@ void x86_load_linux(X86MachineState *x86ms,
 const char *dtb_filename = machine->dtb;
 const char *kernel_cmdline = machine->kernel_cmdline;
 SevKernelLoaderContext sev_load_ctx = {};
-enum { RNG_SEED_LENGTH = 32 };
 
 /* Align to 16 bytes as a paranoia measure */
 cmdline_size = (strlen(kernel_cmdline) + 16) & ~15;
@@ -1076,7 +1076,8 @@ void x86_load_linux(X86MachineState *x86ms,
 load_image_size(dtb_filename, setup_data->data, dtb_size);
 }
 
-if (!legacy_no_rng_seed) {
+if (x86ms->linuxboot_randomness != ON_OFF_AUTO_OFF &&
+

Re: [PATCH v3] pc: hide linuxboot RNG seed behind a machine property

2022-08-10 Thread Michael S. Tsirkin 
On Wed, Aug 10, 2022 at 06:59:42PM +0200, Paolo Bonzini wrote:
> OVMF does not support Linux setup_data and it is not clear how to
> fix this, so disable the support for the random number seed for the
> 7.1 release.  Using a property allows shipping the code even if it is
> disabled by default.  The property name has "x-" prepended because the
> implementation might change in the future; migration from future versions
> to QEMU 7.1 is only guaranteed to work if the property is left to its
> default of "off".  At the time the property is enabled by default, the
> "x-" can be removed.
> 
> Using a property has other advantages in general: it makes it possible
> to use the normal compat property mechanism instead of ad hoc code, and
> it avoids parameter proliferation in x86_load_linux.
> 
> Cc: Michael S. Tsirkin 
> Co-developed-by: Jason A. Donenfeld 
> Signed-off-by: Paolo Bonzini 
> ---
>  hw/i386/microvm.c |  2 +-
>  hw/i386/pc.c  |  4 ++--
>  hw/i386/pc_piix.c |  2 +-
>  hw/i386/pc_q35.c  |  2 +-
>  hw/i386/x86.c | 33 +
>  include/hw/i386/pc.h  |  3 ---
>  include/hw/i386/x86.h |  5 +++--
>  7 files changed, 37 insertions(+), 14 deletions(-)
> 
> diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c
> index 7fe8cce03e..dc929727dc 100644
> --- a/hw/i386/microvm.c
> +++ b/hw/i386/microvm.c
> @@ -332,7 +332,7 @@ static void microvm_memory_init(MicrovmMachineState *mms)
>  rom_set_fw(fw_cfg);
>  
>  if (machine->kernel_filename != NULL) {
> -x86_load_linux(x86ms, fw_cfg, 0, true, false);
> +x86_load_linux(x86ms, fw_cfg, 0, true);
>  }
>  
>  if (mms->option_roms) {
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index 7280c02ce3..4518f3c546 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -796,7 +796,7 @@ void xen_load_linux(PCMachineState *pcms)
>  rom_set_fw(fw_cfg);
>  
>  x86_load_linux(x86ms, fw_cfg, pcmc->acpi_data_size,
> -   pcmc->pvh_enabled, pcmc->legacy_no_rng_seed);
> +   pcmc->pvh_enabled);
>  for (i = 0; i < nb_option_roms; i++) {
>  assert(!strcmp(option_rom[i].name, "linuxboot.bin") ||
> !strcmp(option_rom[i].name, "linuxboot_dma.bin") ||
> @@ -1118,7 +1118,7 @@ void pc_memory_init(PCMachineState *pcms,
>  
>  if (linux_boot) {
>  x86_load_linux(x86ms, fw_cfg, pcmc->acpi_data_size,
> -   pcmc->pvh_enabled, pcmc->legacy_no_rng_seed);
> +   pcmc->pvh_enabled);
>  }
>  
>  for (i = 0; i < nb_option_roms; i++) {
> diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
> index a5c65c1c35..1526b7e3fd 100644
> --- a/hw/i386/pc_piix.c
> +++ b/hw/i386/pc_piix.c
> @@ -447,10 +447,10 @@ DEFINE_I440FX_MACHINE(v7_1, "pc-i440fx-7.1", NULL,
>  static void pc_i440fx_7_0_machine_options(MachineClass *m)
>  {
>  PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
> +
>  pc_i440fx_7_1_machine_options(m);
>  m->alias = NULL;
>  m->is_default = false;
> -pcmc->legacy_no_rng_seed = true;
>  pcmc->enforce_amd_1tb_hole = false;
>  compat_props_add(m->compat_props, hw_compat_7_0, hw_compat_7_0_len);
>  compat_props_add(m->compat_props, pc_compat_7_0, pc_compat_7_0_len);
> diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
> index 3a35193ff7..c5b38edc65 100644
> --- a/hw/i386/pc_q35.c
> +++ b/hw/i386/pc_q35.c
> @@ -384,9 +384,9 @@ DEFINE_Q35_MACHINE(v7_1, "pc-q35-7.1", NULL,
>  static void pc_q35_7_0_machine_options(MachineClass *m)
>  {
>  PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
> +
>  pc_q35_7_1_machine_options(m);
>  m->alias = NULL;
> -pcmc->legacy_no_rng_seed = true;
>  pcmc->enforce_amd_1tb_hole = false;
>  compat_props_add(m->compat_props, hw_compat_7_0, hw_compat_7_0_len);
>  compat_props_add(m->compat_props, pc_compat_7_0, pc_compat_7_0_len);
> diff --git a/hw/i386/x86.c b/hw/i386/x86.c
> index 050eedc0c8..01bad1972b 100644
> --- a/hw/i386/x86.c
> +++ b/hw/i386/x86.c
> @@ -60,6 +60,8 @@
>  #include CONFIG_DEVICES
>  #include "kvm/kvm_i386.h"
>  
> +#define RNG_SEED_LENGTH 32
> +
>  /* Physical Address of PVH entry point read from kernel ELF NOTE */
>  static size_t pvh_start_addr;
>  
> @@ -767,8 +769,7 @@ static bool load_elfboot(const char *kernel_filename,
>  void x86_load_linux(X86MachineState *x86ms,
>  FWCfgState *fw_cfg,
>  int acpi_data_size,
> -bool pvh_enabled,
> -bool legacy_no_rng_seed)
> +bool pvh_enabled)
>  {
>  bool linuxboot_dma_enabled = 
> X86_MACHINE_GET_CLASS(x86ms)->fwcfg_dma_enabled;
>  uint16_t protocol;
> @@ -786,7 +787,6 @@ void x86_load_linux(X86MachineState *x86ms,
>  const char *dtb_filename = machine->dtb;
>  const char *kernel_cmdline = machine->kernel_cmdline;
>  SevKernelLoaderContext sev_load_ctx = {};
> -enum { RNG_SEED_LENGTH = 32 };
>  
>  /* Align to 16 bytes as a paranoia measure

[PULL 1/1] linux-user: fix compat with glibc >= 2.36 sys/mount.h

2022-08-10 Thread Laurent Vivier 
From: Daniel P. Berrangé 

The latest glibc 2.36 has extended sys/mount.h so that it
defines the FSCONFIG_* enum constants. These are historically
defined in linux/mount.h, and thus if you include both headers
the compiler complains:

In file included from /usr/include/linux/fs.h:19,
 from ../linux-user/syscall.c:98:
/usr/include/linux/mount.h:95:6: error: redeclaration of 'enum fsconfig_command'
   95 | enum fsconfig_command {
  |  ^~~~
In file included from ../linux-user/syscall.c:31:
/usr/include/sys/mount.h:189:6: note: originally defined here
  189 | enum fsconfig_command
  |  ^~~~
/usr/include/linux/mount.h:96:9: error: redeclaration of enumerator 
'FSCONFIG_SET_FLAG'
   96 | FSCONFIG_SET_FLAG   = 0,/* Set parameter, supplying no 
value */
  | ^
/usr/include/sys/mount.h:191:3: note: previous definition of 
'FSCONFIG_SET_FLAG' with type 'enum fsconfig_command'
  191 |   FSCONFIG_SET_FLAG   = 0,/* Set parameter, supplying no value 
*/
  |   ^
...snip...

QEMU doesn't include linux/mount.h, but it does use
linux/fs.h and thus gets linux/mount.h indirectly.

glibc acknowledges this problem but does not appear to
be intending to fix it in the forseeable future, simply
documenting it as a known incompatibility with no
workaround:

  
https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
  https://sourceware.org/glibc/wiki/Synchronizing_Headers

To address this requires either removing use of sys/mount.h
or linux/fs.h, despite QEMU needing declarations from
both.

This patch removes linux/fs.h, meaning we have to define
various FS_IOC constants that are now unavailable.

Signed-off-by: Daniel P. Berrangé 
Tested-by: Richard W.M. Jones 
Message-Id: <20220802164134.1851910-1-berra...@redhat.com>
Signed-off-by: Laurent Vivier 
---
 linux-user/syscall.c | 18 ++
 meson.build  |  2 ++
 2 files changed, 20 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index ef53feb5ab45..f4091212027c 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -95,7 +95,25 @@
 #include 
 #include 
 #include 
+
+#ifdef HAVE_SYS_MOUNT_FSCONFIG
+/*
+ * glibc >= 2.36 linux/mount.h conflicts with sys/mount.h,
+ * which in turn prevents use of linux/fs.h. So we have to
+ * define the constants ourselves for now.
+ */
+#define FS_IOC_GETFLAGS_IOR('f', 1, long)
+#define FS_IOC_SETFLAGS_IOW('f', 2, long)
+#define FS_IOC_GETVERSION  _IOR('v', 1, long)
+#define FS_IOC_SETVERSION  _IOW('v', 2, long)
+#define FS_IOC_FIEMAP  _IOWR('f', 11, struct fiemap)
+#define FS_IOC32_GETFLAGS  _IOR('f', 1, int)
+#define FS_IOC32_SETFLAGS  _IOW('f', 2, int)
+#define FS_IOC32_GETVERSION_IOR('v', 1, int)
+#define FS_IOC32_SETVERSION_IOW('v', 2, int)
+#else
 #include 
+#endif
 #include 
 #if defined(CONFIG_FIEMAP)
 #include 
diff --git a/meson.build b/meson.build
index 294e9a8f329e..30a380752c0d 100644
--- a/meson.build
+++ b/meson.build
@@ -1963,6 +1963,8 @@ config_host_data.set('HAVE_OPTRESET',
  cc.has_header_symbol('getopt.h', 'optreset'))
 config_host_data.set('HAVE_IPPROTO_MPTCP',
  cc.has_header_symbol('netinet/in.h', 'IPPROTO_MPTCP'))
+config_host_data.set('HAVE_SYS_MOUNT_FSCONFIG',
+ cc.has_header_symbol('sys/mount.h', 'FSCONFIG_SET_FLAG'))
 
 # has_member
 config_host_data.set('HAVE_SIGEV_NOTIFY_THREAD_ID',
-- 
2.37.1

[PULL 0/1] Linux user for 7.1 patches

2022-08-10 Thread Laurent Vivier 
The following changes since commit 61b6e67171c602cf6451e4928c9cdcc24c57a485:

  Update version for v7.1.0-rc2 release (2022-08-09 19:25:15 -0700)

are available in the Git repository at:

  https://gitlab.com/laurent_vivier/qemu.git 
tags/linux-user-for-7.1-pull-request

for you to fetch changes up to 3cd3df2a9584e6f753bb62a0028bd67124ab5532:

  linux-user: fix compat with glibc >= 2.36 sys/mount.h (2022-08-10 18:37:46 
+0200)


Pull request linux-user 20220810

fix compat with glibc >= 2.36 sys/mount.h



Daniel P. Berrangé (1):
  linux-user: fix compat with glibc >= 2.36 sys/mount.h

 linux-user/syscall.c | 18 ++
 meson.build  |  2 ++
 2 files changed, 20 insertions(+)

-- 
2.37.1

Re: [PATCH v6 24/24] target/arm: Define neoverse-n1

2022-08-10 Thread Peter Maydell 
On Wed, 10 Aug 2022 at 14:14, Zenghui Yu  wrote:
> The r4p1 TRM says that the Neoverse N1 core supports SPE (the value
> of ID_AA64DFR0.PMSVer is 0b0001) but do we really support SPE
> emulation in QEMU?
>
> The guest immediately received an unexpected exception (with EC==0,
> at EFI stage) when I tried to boot it using something like:
>
> /path/to/qemu-system-aarch64 \
> -M virt,gic-version=3,virtualization=on \
> -cpu neoverse-n1 -accel tcg \
> -bios QEMU_EFI.fd [...]
>
> and QEMU shouted that "read access to unsupported AArch64 system
> register op0:3 op1:0 crn:9 crm:10 op2:7", which told us that the
> guest attempted to read the PMBIDR_EL1 register.

No, we don't emulate SPE. We should probably not advertise it
(we might do a no-op implementation eventually).

What guest is this ?

thanks
-- PMM

Re: [PATCH for 7.1] linux-user: fix compat with glibc >= 2.36 sys/mount.h

2022-08-10 Thread Laurent Vivier 

Le 02/08/2022 à 18:41, Daniel P. Berrangé a écrit :

The latest glibc 2.36 has extended sys/mount.h so that it
defines the FSCONFIG_* enum constants. These are historically
defined in linux/mount.h, and thus if you include both headers
the compiler complains:

In file included from /usr/include/linux/fs.h:19,
  from ../linux-user/syscall.c:98:
/usr/include/linux/mount.h:95:6: error: redeclaration of 'enum fsconfig_command'
95 | enum fsconfig_command {
   |  ^~~~
In file included from ../linux-user/syscall.c:31:
/usr/include/sys/mount.h:189:6: note: originally defined here
   189 | enum fsconfig_command
   |  ^~~~
/usr/include/linux/mount.h:96:9: error: redeclaration of enumerator 
'FSCONFIG_SET_FLAG'
96 | FSCONFIG_SET_FLAG   = 0,/* Set parameter, supplying no 
value */
   | ^
/usr/include/sys/mount.h:191:3: note: previous definition of 
'FSCONFIG_SET_FLAG' with type 'enum fsconfig_command'
   191 |   FSCONFIG_SET_FLAG   = 0,/* Set parameter, supplying no value 
*/
   |   ^
...snip...

QEMU doesn't include linux/mount.h, but it does use
linux/fs.h and thus gets linux/mount.h indirectly.

glibc acknowledges this problem but does not appear to
be intending to fix it in the forseeable future, simply
documenting it as a known incompatibility with no
workaround:

   
https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
   https://sourceware.org/glibc/wiki/Synchronizing_Headers

To address this requires either removing use of sys/mount.h
or linux/fs.h, despite QEMU needing declarations from
both.

This patch removes linux/fs.h, meaning we have to define
various FS_IOC constants that are now unavailable.

Signed-off-by: Daniel P. Berrangé 
---
  linux-user/syscall.c | 18 ++
  meson.build  |  2 ++
  2 files changed, 20 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index b27a6552aa..52d178afe7 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -95,7 +95,25 @@
  #include 
  #include 
  #include 
+
+#ifdef HAVE_SYS_MOUNT_FSCONFIG
+/*
+ * glibc >= 2.36 linux/mount.h conflicts with sys/mount.h,
+ * which in turn prevents use of linux/fs.h. So we have to
+ * define the constants ourselves for now.
+ */
+#define FS_IOC_GETFLAGS_IOR('f', 1, long)
+#define FS_IOC_SETFLAGS_IOW('f', 2, long)
+#define FS_IOC_GETVERSION  _IOR('v', 1, long)
+#define FS_IOC_SETVERSION  _IOW('v', 2, long)
+#define FS_IOC_FIEMAP  _IOWR('f', 11, struct fiemap)
+#define FS_IOC32_GETFLAGS  _IOR('f', 1, int)
+#define FS_IOC32_SETFLAGS  _IOW('f', 2, int)
+#define FS_IOC32_GETVERSION_IOR('v', 1, int)
+#define FS_IOC32_SETVERSION_IOW('v', 2, int)
+#else
  #include 
+#endif
  #include 
  #if defined(CONFIG_FIEMAP)
  #include 
diff --git a/meson.build b/meson.build
index 294e9a8f32..30a380752c 100644
--- a/meson.build
+++ b/meson.build
@@ -1963,6 +1963,8 @@ config_host_data.set('HAVE_OPTRESET',
   cc.has_header_symbol('getopt.h', 'optreset'))
  config_host_data.set('HAVE_IPPROTO_MPTCP',
   cc.has_header_symbol('netinet/in.h', 'IPPROTO_MPTCP'))
+config_host_data.set('HAVE_SYS_MOUNT_FSCONFIG',
+ cc.has_header_symbol('sys/mount.h', 'FSCONFIG_SET_FLAG'))
  
  # has_member

  config_host_data.set('HAVE_SIGEV_NOTIFY_THREAD_ID',


Applied to my linux-user-for-7.1 branch.

Thanks,
Laurent

Re: [PATCH v2 1/2] util/main-loop: Fix maximum number of wait objects for win32

2022-08-10 Thread Marc-André Lureau 
On Wed, Aug 10, 2022 at 7:20 PM Bin Meng  wrote:

> On Wed, Aug 10, 2022 at 1:06 AM Marc-André Lureau
>  wrote:
> >
> > Hi
> >
> > On Tue, Aug 9, 2022 at 8:43 PM Bin Meng  wrote:
> >>
> >> From: Bin Meng 
> >>
> >> The maximum number of wait objects for win32 should be
> >> MAXIMUM_WAIT_OBJECTS, not MAXIMUM_WAIT_OBJECTS + 1.
> >>
> >> Fix the logic in qemu_add_wait_object() to avoid adding
> >> the same HANDLE twice.
> >>
> >
> > Please make that a separate patch.
> >
> >>
> >> Signed-off-by: Bin Meng 
> >> ---
> >>
> >> Changes in v2:
> >> - fix the logic in qemu_add_wait_object() to avoid adding
> >>   the same HANDLE twice
> >>
> >
> > Still NACK, did you understand my argument about array bounds?
> >
> > "if (found)" will access the arrays at position i+1 ==
> MAXIMUM_WAIT_OBJECTS. We need the +1 for that logic to work without OOB
> access.
> >
>
> The delete logic was updated in v2. If position is at
> MAXIMUM_WAIT_OBJECTS - 1, the loop will break.
>

Ah I missed that. That new condition looks wrong to me. Not only it is
redundant with the loop condition check if w->num == MAXIMUM_WAIT_OBJECTS

But you still access the array at MAXIMUM_WAIT_OBJECTS index, which
requires arrays of MAXIMUM_WAIT_OBJECTS+1 size, since it's 0-indexed..

Unless I say crap, which happens sometime :)

-- 
Marc-André Lureau

Re: [PATCH 0/8] migration: introduce dirtylimit capability

2022-08-10 Thread Hyman 

Ping.
   How about this series? hoping to get comments if anyone has played 
with it.


Thanks !

Hyman

在 2022/7/23 15:49, huang...@chinatelecom.cn 写道:

From: Hyman Huang(黄勇) 

Abstract


This series added a new migration capability called "dirtylimit".  It can
be enabled when dirty ring is enabled, and it'll improve the vCPU performance
during the process of migration. It is based on the previous patchset:
https://lore.kernel.org/qemu-devel/cover.1656177590.git.huang...@chinatelecom.cn/

As mentioned in patchset "support dirty restraint on vCPU", dirtylimit way of
migration can make the read-process not be penalized. This series wires up the
vcpu dirty limit and wrappers as dirtylimit capability of migration. I introduce
two parameters vcpu-dirtylimit-period and vcpu-dirtylimit to implement the setup
of dirtylimit during live migration.

To validate the implementation, i tested a 32 vCPU vm live migration with such
model:
Only dirty vcpu0, vcpu1 with heavy memory workoad and leave the rest vcpus
untouched, running unixbench on the vpcu8-vcpu15 by setup the cpu affinity as
the following command:
taskset -c 8-15 ./Run -i 2 -c 8 {unixbench test item}

The following are results:

host cpu: Intel(R) Xeon(R) Platinum 8378A
host interface speed: 1000Mb/s
   |-+++---|
   | UnixBench test item | Normal | Dirtylimit | Auto-converge |
   |-+++---|
   | dhry2reg| 32800  | 32786  | 25292 |
   | whetstone-double| 10326  | 10315  | 9847  |
   | pipe| 15442  | 15271  | 14506 |
   | context1| 7260   | 6235   | 4514  |
   | spawn   | 3663   | 3317   | 3249  |
   | syscall | 4669   | 4667   | 3841  |
   |-+++---|
 From the data above we can draw a conclusion that vcpus that do not dirty 
memory
in vm are almost unaffected during the dirtylimit migration, but the auto 
converge
way does.

I also tested the total time of dirtylimit migration with variable dirty memory
size in vm.

senario 1:
host cpu: Intel(R) Xeon(R) Platinum 8378A
host interface speed: 1000Mb/s
   |---++---|
   | dirty memory size(MB) | Dirtylimit(ms) | Auto-converge(ms) |
   |---++---|
   | 60| 2014   | 2131  |
   | 70| 5381   | 12590 |
   | 90| 6037   | 33545 |
   | 110   | 7660   | [*]   |
   |---++---|
   [*]: This case means migration is not convergent.

senario 2:
host cpu: Intel(R) Xeon(R) CPU E5-2650
host interface speed: 1Mb/s
   |---++---|
   | dirty memory size(MB) | Dirtylimit(ms) | Auto-converge(ms) |
   |---++---|
   | 1600  | 15842  | 27548 |
   | 2000  | 19026  | 38447 |
   | 2400  | 19897  | 46381 |
   | 2800  | 22338  | 57149 |
   |---++---|
Above data shows that dirtylimit way of migration can also reduce the total
time of migration and it achieves convergence more easily in some case.

In addition to implement dirtylimit capability itself, this series
add 3 tests for migration, aiming at playing around for developer simply:
  1. qtest for dirty limit migration
  2. support dirty ring way of migration for guestperf tool
  3. support dirty limit migration for guestperf tool

Please review, thanks !

Hyman Huang (8):
   qapi/migration: Introduce x-vcpu-dirty-limit-period parameter
   qapi/migration: Introduce vcpu-dirty-limit parameters
   migration: Introduce dirty-limit capability
   migration: Implement dirty-limit convergence algo
   migration: Export dirty-limit time info
   tests: Add migration dirty-limit capability test
   tests/migration: Introduce dirty-ring-size option into guestperf
   tests/migration: Introduce dirty-limit into guestperf

  include/sysemu/dirtylimit.h |  2 +
  migration/migration.c   | 50 ++
  migration/migration.h   |  1 +
  migration/ram.c | 53 ++-
  migration/trace-events  |  1 +
  monitor/hmp-cmds.c  | 26 ++
  qapi/migration.json | 57 
  softmmu/dirtylimit.c| 33 +++-
  tests/migration/guestperf/comparison.py | 14 +
  tests/migration/guestperf/engine.py | 33 +++-

Re: [PATCH 22/62] target/arm: Add secure parameter to get_phys_addr_pmsav8

2022-08-10 Thread Richard Henderson 

On 8/10/22 06:16, Alex Bennée wrote:


Richard Henderson  writes:


Remove the use of regime_is_secure from get_phys_addr_pmsav8.
Since we already had a local variable named secure, use that.

Signed-off-by: Richard Henderson 
---
  target/arm/ptw.c | 5 ++---
  1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index d424dec729..f7892a0c48 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1960,10 +1960,9 @@ void v8m_security_lookup(CPUARMState *env, uint32_t 
address,
  
  static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,

   MMUAccessType access_type, ARMMMUIdx mmu_idx,
- GetPhysAddrResult *result,
+ bool secure, GetPhysAddrResult
  *result,


NIT: why not use is_secure like all the other functions (and reformat
the commit subject to match too).


It's right there in the commit message -- there was an existing local variable.


r~



Otherwise:

Reviewed-by: Alex Bennée

Re: [PATCH v2 1/2] util/main-loop: Fix maximum number of wait objects for win32

2022-08-10 Thread Bin Meng 
On Wed, Aug 10, 2022 at 1:06 AM Marc-André Lureau
 wrote:
>
> Hi
>
> On Tue, Aug 9, 2022 at 8:43 PM Bin Meng  wrote:
>>
>> From: Bin Meng 
>>
>> The maximum number of wait objects for win32 should be
>> MAXIMUM_WAIT_OBJECTS, not MAXIMUM_WAIT_OBJECTS + 1.
>>
>> Fix the logic in qemu_add_wait_object() to avoid adding
>> the same HANDLE twice.
>>
>
> Please make that a separate patch.
>
>>
>> Signed-off-by: Bin Meng 
>> ---
>>
>> Changes in v2:
>> - fix the logic in qemu_add_wait_object() to avoid adding
>>   the same HANDLE twice
>>
>
> Still NACK, did you understand my argument about array bounds?
>
> "if (found)" will access the arrays at position i+1 == MAXIMUM_WAIT_OBJECTS. 
> We need the +1 for that logic to work without OOB access.
>

The delete logic was updated in v2. If position is at
MAXIMUM_WAIT_OBJECTS - 1, the loop will break.

Regards,
Bin

Re: Shared memory between host and guest

2022-08-10 Thread Alex Bennée 


"Lu, Jingdong"  writes:

> Hi experts,
>
>  
>
> I have some basic questions regarding shared memory between host and guest 
> based on QEMU/KVM:
>
>  
>
> 1, Can host and guest share the same block of physical memory? Ivshmem? Is it 
> continuous physical memory?
>
>  
>
> 2, More specifically, is there any way to support the following operations?
>
> 1 Guest starts.
>
> 2 Host side allocates one block of physical memory like 2MB.
>
> 3 Host side adds this memory to running guest  memory mapping.

With support for pci hotplug you can add/remove virtio-pmem blocks to
the guest.

>
> 4 Both of host and guest can access this shared memory.

Yes - you can back the memory with a file. See:

  https://qemu.readthedocs.io/en/latest/system/devices/virtio-pmem.html


>
>  
>
> Best Regards,
>
> Jingdong


-- 
Alex Bennée

Re: [PATCH RFC v1 2/2] i386: reorder kvm_put_sregs2() and kvm_put_nested_state() when vCPU is reset

2022-08-10 Thread Vitaly Kuznetsov 
Maxim Levitsky  writes:

> On Wed, 2022-08-10 at 16:00 +0200, Vitaly Kuznetsov wrote:
>> Setting nested state upon migration needs to happen after kvm_put_sregs2()
>> to e.g. have EFER.SVME set. This, however, doesn't work for vCPU reset:
>> when vCPU is in VMX root operation, certain CR bits are locked and
>> kvm_put_sregs2() may fail. As nested state is fully cleaned up upon
>> vCPU reset (kvm_arch_reset_vcpu() -> kvm_init_nested_state()), calling
>> kvm_put_nested_state() before kvm_put_sregs2() is OK, this will ensure
>> that vCPU is *not* in VMX root opertaion.
>> 
>> Signed-off-by: Vitaly Kuznetsov 
>> ---
>>  target/i386/kvm/kvm.c | 20 ++--
>>  1 file changed, 18 insertions(+), 2 deletions(-)
>> 
>> diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
>> index 4f8dacc1d4b5..73e3880fa57b 100644
>> --- a/target/i386/kvm/kvm.c
>> +++ b/target/i386/kvm/kvm.c
>> @@ -4529,18 +4529,34 @@ int kvm_arch_put_registers(CPUState *cpu, int level)
>>  
>>  assert(cpu_is_stopped(cpu) || qemu_cpu_is_self(cpu));
>>  
>> -    /* must be before kvm_put_nested_state so that EFER.SVME is set */
>> +    /*
>> + * When resetting a vCPU, make sure to reset nested state first to
>> + * e.g clear VMXON state and unlock certain CR4 bits.
>> + */
>> +    if (level == KVM_PUT_RESET_STATE) {
>> +    ret = kvm_put_nested_state(x86_cpu);
>> +    if (ret < 0) {
>> +    return ret;
>> +    }
>
> I should have mentioned this, I actually already debugged the same issue while
> trying to reproduce the smm int window bug.
> 100% my fault.
>
> I also share the same feeling that this might be yet another 'whack a mole' 
> and
> break somewhere else, but overall it does make sense.

This certainly *is* a 'whack a mole' and I'm sure there are other cases
when one of calls in kvm_arch_put_registers() fails. We need to work on
what's missing so we can expose kvm_vcpu_reset() to VMMs.

>
>
> Reviewed-by: Maxim Levitsky 
>

Thanks!

-- 
Vitaly

Re: [PATCH RFC v1 1/2] i386: reset KVM nested state upon CPU reset

2022-08-10 Thread Maxim Levitsky 
On Wed, 2022-08-10 at 16:00 +0200, Vitaly Kuznetsov wrote:
> Make sure env->nested_state is cleaned up when a vCPU is reset, it may
> be stale after an incoming migration, kvm_arch_put_registers() may
> end up failing or putting vCPU in a weird state.
> 
> Signed-off-by: Vitaly Kuznetsov 
> ---
>  target/i386/kvm/kvm.c | 37 +++--
>  1 file changed, 27 insertions(+), 10 deletions(-)
> 
> diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
> index f148a6d52fa4..4f8dacc1d4b5 100644
> --- a/target/i386/kvm/kvm.c
> +++ b/target/i386/kvm/kvm.c
> @@ -1695,6 +1695,30 @@ static void kvm_init_xsave(CPUX86State *env)
>     env->xsave_buf_len);
>  }
>  
> +static void kvm_init_nested_state(CPUX86State *env)
> +{
> +    struct kvm_vmx_nested_state_hdr *vmx_hdr;
> +    uint32_t size;
> +
> +    if (!env->nested_state) {
> +    return;
> +    }
> +
> +    size = env->nested_state->size;
> +
> +    memset(env->nested_state, 0, size);
> +    env->nested_state->size = size;
> +
> +    if (cpu_has_vmx(env)) {
> +    env->nested_state->format = KVM_STATE_NESTED_FORMAT_VMX;
> +    vmx_hdr = >nested_state->hdr.vmx;
> +    vmx_hdr->vmxon_pa = -1ull;
> +    vmx_hdr->vmcs12_pa = -1ull;
> +    } else if (cpu_has_svm(env)) {
> +    env->nested_state->format = KVM_STATE_NESTED_FORMAT_SVM;
> +    }
> +}
> +
>  int kvm_arch_init_vcpu(CPUState *cs)
>  {
>  struct {
> @@ -2122,19 +2146,10 @@ int kvm_arch_init_vcpu(CPUState *cs)
>  assert(max_nested_state_len >= offsetof(struct kvm_nested_state, 
> data));
>  
>  if (cpu_has_vmx(env) || cpu_has_svm(env)) {
> -    struct kvm_vmx_nested_state_hdr *vmx_hdr;
> -
>  env->nested_state = g_malloc0(max_nested_state_len);
>  env->nested_state->size = max_nested_state_len;
>  
> -    if (cpu_has_vmx(env)) {
> -    env->nested_state->format = KVM_STATE_NESTED_FORMAT_VMX;
> -    vmx_hdr = >nested_state->hdr.vmx;
> -    vmx_hdr->vmxon_pa = -1ull;
> -    vmx_hdr->vmcs12_pa = -1ull;
> -    } else {
> -    env->nested_state->format = KVM_STATE_NESTED_FORMAT_SVM;
> -    }
> +    kvm_init_nested_state(env);
>  }
>  }
>  
> @@ -2199,6 +2214,8 @@ void kvm_arch_reset_vcpu(X86CPU *cpu)
>  /* enabled by default */
>  env->poll_control_msr = 1;
>  
> +    kvm_init_nested_state(env);
> +
>  sev_es_set_reset_vector(CPU(cpu));
>  }
>  
Makes sense.

Reviewed-by: Maxim Levitsky 

Best regards,
Maxim Levitsky

Re: [PATCH v4 08/24] ppc/ppc4xx: Introduce a DCR device model

2022-08-10 Thread BALATON Zoltan 

On Wed, 10 Aug 2022, Cédric Le Goater wrote:

On 8/10/22 15:28, BALATON Zoltan wrote:

On Wed, 10 Aug 2022, Cédric Le Goater wrote:

On 8/9/22 19:21, BALATON Zoltan wrote:

On Tue, 9 Aug 2022, Cédric Le Goater wrote:

The Device Control Registers (DCR) of on-SoC devices are accessed by
software through the use of the mtdcr and mfdcr instructions. These
are converted in transactions on a side band bus, the DCR bus, which
connects the on-SoC devices to the CPU.

Ideally, we should model these accesses with a DCR namespace and DCR
memory regions but today the DCR handlers are installed in a DCR table
under the CPU. Instead introduce a little device model wrapper to hold
a CPU link and handle registration of DCR handlers.

The DCR device inherits from SysBus because most of these devices also
have MMIO regions and/or IRQs. Being a SysBusDevice makes things easier
to install the device model in the overall SoC.

The "cpu" link should be considered as modeling the piece of HW logic
connecting the device to the DCR bus.

Signed-off-by: Cédric Le Goater 
---
include/hw/ppc/ppc4xx.h | 17 
hw/ppc/ppc4xx_devs.c    | 44 +
2 files changed, 61 insertions(+)

diff --git a/include/hw/ppc/ppc4xx.h b/include/hw/ppc/ppc4xx.h
index 591e2421a343..82e60b0e0742 100644
--- a/include/hw/ppc/ppc4xx.h
+++ b/include/hw/ppc/ppc4xx.h
@@ -27,6 +27,7 @@

#include "hw/ppc/ppc.h"
#include "exec/memory.h"
+#include "hw/sysbus.h"

void ppc4xx_sdram_banks(MemoryRegion *ram, int nr_banks,
    MemoryRegion ram_memories[],
@@ -44,4 +45,20 @@ void ppc4xx_mal_init(CPUPPCState *env, uint8_t 
txcnum, uint8_t rxcnum,


#define TYPE_PPC4xx_PCI_HOST_BRIDGE "ppc4xx-pcihost"

+/*
+ * Generic DCR device
+ */
+#define TYPE_PPC4xx_DCR_DEVICE "ppc4xx-dcr-device"
+OBJECT_DECLARE_SIMPLE_TYPE(Ppc4xxDcrDeviceState, PPC4xx_DCR_DEVICE);
+struct Ppc4xxDcrDeviceState {
+    SysBusDevice parent_obj;
+
+    PowerPCCPU *cpu;
+};
+
+void ppc4xx_dcr_register(Ppc4xxDcrDeviceState *dev, int dcrn,
+ dcr_read_cb dcr_read, dcr_write_cb dcr_write);
+bool ppc4xx_dcr_realize(Ppc4xxDcrDeviceState *dev, PowerPCCPU *cpu,
+    Error **errp);
+
#endif /* PPC4XX_H */
diff --git a/hw/ppc/ppc4xx_devs.c b/hw/ppc/ppc4xx_devs.c
index 069b51195160..bce7ef461346 100644
--- a/hw/ppc/ppc4xx_devs.c
+++ b/hw/ppc/ppc4xx_devs.c
@@ -664,3 +664,47 @@ void ppc4xx_mal_init(CPUPPCState *env, uint8_t 
txcnum, uint8_t rxcnum,

 mal, _read_mal, _write_mal);
    }
}
+
+void ppc4xx_dcr_register(Ppc4xxDcrDeviceState *dev, int dcrn,
+ dcr_read_cb dcr_read, dcr_write_cb dcr_write)


I still think this should have a separate void *opaque parameter for the 
callbacks and not pass dev for that as the callbacks could use anything 
they wish for that parameter. (Additionally this allows dropping a lot of 
QOM casts. If you want to see how often these are accessed, you can try 
-trace enable="ppc_dcr*"; on the machines and OS I've tested some are 
read/written frequently so I'd not add unnecessary overhead without a 
good reason.)


This machine has been abandoned for 15 years and broken for maybe 10.
I think it is fine for now. We will see if further needs arise.


It will arise as I'd like to keep at least the devices used by sam460ex 
somewhat sane 


What do you mean by somewhat sane ? If it is the QOM casts, I don't
understand why you worry so much about it because QOM cast debugging
is not enabled by default. So it really should not impact performance
as you think it would.


I think it is enabled by default unless you explicitly disable it which is 
not done by most distros so it's generally may impact performance (or if 
it's already slow for other reasons then it just increase inefficiency 
needlessly). If it's simple to avoid like here why not avoid it? Also 
conceptually the opaque parameter is a closure for the callback functions 
while dev is a self pointer for the method and you're now mixing these 
two. I think it's cleaner to keep them separate and not impose a 
restiction on the callbacks.


Sorry but I have strong feeling on this one. I think the simplest way to 
rebase and revert this is to do an interactive rebase editing each patch 
and do interactive revert of just the lines changing ppc4xx_dcr_register 
followed by a search replace of "ppc_dcr_register(" with 
"ppc4xx_dcr_register(dcr, ". That should not be too difficult to do now. 
(It could be done afterwatds too but I'd appreciate and would be less 
chutn if you did that now.)


Regards,
BALATON Zoltan



C.

so if you don't change this now I'd likely want to change it back. I 
undetstand it's a hassle to do in a rebase now but keeping the opaque 
parameter means just a search replace from the old ppc_dcr_register to 
ppc4xx_dcr_register so maybe not that hard to do at this point. Once you 
apply this patch it will be more difficult to revert it.


Regards,
BALATON Zoltan

Re: [PATCH RFC v1 2/2] i386: reorder kvm_put_sregs2() and kvm_put_nested_state() when vCPU is reset

2022-08-10 Thread Maxim Levitsky 
On Wed, 2022-08-10 at 16:00 +0200, Vitaly Kuznetsov wrote:
> Setting nested state upon migration needs to happen after kvm_put_sregs2()
> to e.g. have EFER.SVME set. This, however, doesn't work for vCPU reset:
> when vCPU is in VMX root operation, certain CR bits are locked and
> kvm_put_sregs2() may fail. As nested state is fully cleaned up upon
> vCPU reset (kvm_arch_reset_vcpu() -> kvm_init_nested_state()), calling
> kvm_put_nested_state() before kvm_put_sregs2() is OK, this will ensure
> that vCPU is *not* in VMX root opertaion.
> 
> Signed-off-by: Vitaly Kuznetsov 
> ---
>  target/i386/kvm/kvm.c | 20 ++--
>  1 file changed, 18 insertions(+), 2 deletions(-)
> 
> diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
> index 4f8dacc1d4b5..73e3880fa57b 100644
> --- a/target/i386/kvm/kvm.c
> +++ b/target/i386/kvm/kvm.c
> @@ -4529,18 +4529,34 @@ int kvm_arch_put_registers(CPUState *cpu, int level)
>  
>  assert(cpu_is_stopped(cpu) || qemu_cpu_is_self(cpu));
>  
> -    /* must be before kvm_put_nested_state so that EFER.SVME is set */
> +    /*
> + * When resetting a vCPU, make sure to reset nested state first to
> + * e.g clear VMXON state and unlock certain CR4 bits.
> + */
> +    if (level == KVM_PUT_RESET_STATE) {
> +    ret = kvm_put_nested_state(x86_cpu);
> +    if (ret < 0) {
> +    return ret;
> +    }

I should have mentioned this, I actually already debugged the same issue while
trying to reproduce the smm int window bug.
100% my fault.

I also share the same feeling that this might be yet another 'whack a mole' and
break somewhere else, but overall it does make sense.


Reviewed-by: Maxim Levitsky 


Best regards,
Maxim Levitsky

> +    }
> +
>  ret = has_sregs2 ? kvm_put_sregs2(x86_cpu) : kvm_put_sregs(x86_cpu);
>  if (ret < 0) {
>  return ret;
>  }
>  
> -    if (level >= KVM_PUT_RESET_STATE) {
> +    /*
> + * When putting full CPU state, kvm_put_nested_state() must happen after
> + * kvm_put_sregs{,2} so that e.g. EFER.SVME is already set.
> + */
> +    if (level == KVM_PUT_FULL_STATE) {
>  ret = kvm_put_nested_state(x86_cpu);
>  if (ret < 0) {
>  return ret;
>  }
> +    }
>  
> +    if (level >= KVM_PUT_RESET_STATE) {
>  ret = kvm_put_msr_feature_control(x86_cpu);
>  if (ret < 0) {
>  return ret;

Re: [RFC 1/1] hw: tpmtisspi: add SPI support to QEMU TPM implementation

2022-08-10 Thread Stefan Berger 




On 8/3/22 04:52, Cédric Le Goater wrote:

On 8/3/22 04:32, Iris Chen wrote:

From: Iris Chen 





+++ b/hw/tpm/tpm_tis_spi.c
@@ -0,0 +1,311 @@
+#include "qemu/osdep.h"
+#include "hw/qdev-properties.h"
+#include "migration/vmstate.h"
+#include "hw/acpi/tpm.h"
+#include "tpm_prop.h"
+#include "tpm_tis.h"
+#include "qom/object.h"
+#include "hw/ssi/ssi.h"
+#include "hw/ssi/spi_gpio.h"
+
+#define TPM_TIS_SPI_ADDR_BYTES 3
+#define SPI_WRITE 0
+
+typedef enum {
+    TIS_SPI_PKT_STATE_DEACTIVATED = 0,
+    TIS_SPI_PKT_STATE_START,
+    TIS_SPI_PKT_STATE_ADDRESS,
+    TIS_SPI_PKT_STATE_DATA_WR,
+    TIS_SPI_PKT_STATE_DATA_RD,
+    TIS_SPI_PKT_STATE_DONE,
+} TpmTisSpiPktState;
+
+union TpmTisRWSizeByte {
+    uint8_t byte;
+    struct {
+    uint8_t data_expected_size:6;
+    uint8_t resv:1;
+    uint8_t rwflag:1;
+    };


I think it would be better to define a mask for the number of bytes and 
a flag for read/write rather than using bitfields. It should better for 
portability.


   Stefan

Re: [PATCH v7 03/14] mm: Introduce memfile_notifier

2022-08-10 Thread Sean Christopherson 
+Will

On Wed, Aug 10, 2022, David Hildenbrand wrote:
> On 10.08.22 11:22, Chao Peng wrote:
> > On Fri, Aug 05, 2022 at 03:22:58PM +0200, David Hildenbrand wrote:
> >> On 06.07.22 10:20, Chao Peng wrote:
> >>> This patch introduces memfile_notifier facility so existing memory file
> >>> subsystems (e.g. tmpfs/hugetlbfs) can provide memory pages to allow a
> >>> third kernel component to make use of memory bookmarked in the memory
> >>> file and gets notified when the pages in the memory file become
> >>> invalidated.
> >>
> >> Stupid question, but why is this called "memfile_notifier" and not
> >> "memfd_notifier". We're only dealing with memfd's after all ... which
> >> are anonymous files essentially. Or what am I missing? Are there any
> >> other plans for fs than plain memfd support that I am not aware of?
> > 
> > There were some discussions on this in v3.
> >   https://lkml.org/lkml/2021/12/28/484
> > Sean commented it's OK to abstract it from memfd but he also wants the
> > kAPI (name) should not bind to memfd to make room for future non-memfd
> > usages.
> 
> Sorry, but how is "memfile" any better? memfd abstracted to memfile?! :)

FWIW, I don't really like the memfile name either.

> I understand Sean's suggestion about abstracting, but if the new name
> makes it harder to grasp and there isn't really an alternative to memfd
> in sight, I'm not so sure I enjoy the tried abstraction here.

ARM's pKVM implementation is potentially (hopefully) going to switch to this API
(as a consumer) sooner than later.  If they anticipate being able to use memfd,
then there's unlikely to be a second backing type any time soon.

Quentin, Will?
 
> Otherwise we'd have to get creative now and discuss something like
> "file_population_notifer" or "mapping_population_notifer" and I am not
> sure that our time is well spent doing so right now.
> 
> ... as this is kernel-internal, we can always adjust the name as we
> please later, once we *actually* now what the abstraction should be.
> Until then I'd suggest to KIS and soft-glue this to memfd.
> 
> Or am I missing something important?

I don't think you're missing anything.  I'd still prefer a name that doesn't 
couple
KVM to memfd, but it's not a sticking point, and I've never been able to come up
with a better name...

With a little bit of cleverness I think we can keep the coupling in KVM to a
minimum, which is what I really care about.

[PATCH RFC v1 1/2] i386: reset KVM nested state upon CPU reset

2022-08-10 Thread Vitaly Kuznetsov 
Make sure env->nested_state is cleaned up when a vCPU is reset, it may
be stale after an incoming migration, kvm_arch_put_registers() may
end up failing or putting vCPU in a weird state.

Signed-off-by: Vitaly Kuznetsov 
---
 target/i386/kvm/kvm.c | 37 +++--
 1 file changed, 27 insertions(+), 10 deletions(-)

diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index f148a6d52fa4..4f8dacc1d4b5 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -1695,6 +1695,30 @@ static void kvm_init_xsave(CPUX86State *env)
env->xsave_buf_len);
 }
 
+static void kvm_init_nested_state(CPUX86State *env)
+{
+struct kvm_vmx_nested_state_hdr *vmx_hdr;
+uint32_t size;
+
+if (!env->nested_state) {
+return;
+}
+
+size = env->nested_state->size;
+
+memset(env->nested_state, 0, size);
+env->nested_state->size = size;
+
+if (cpu_has_vmx(env)) {
+env->nested_state->format = KVM_STATE_NESTED_FORMAT_VMX;
+vmx_hdr = >nested_state->hdr.vmx;
+vmx_hdr->vmxon_pa = -1ull;
+vmx_hdr->vmcs12_pa = -1ull;
+} else if (cpu_has_svm(env)) {
+env->nested_state->format = KVM_STATE_NESTED_FORMAT_SVM;
+}
+}
+
 int kvm_arch_init_vcpu(CPUState *cs)
 {
 struct {
@@ -2122,19 +2146,10 @@ int kvm_arch_init_vcpu(CPUState *cs)
 assert(max_nested_state_len >= offsetof(struct kvm_nested_state, 
data));
 
 if (cpu_has_vmx(env) || cpu_has_svm(env)) {
-struct kvm_vmx_nested_state_hdr *vmx_hdr;
-
 env->nested_state = g_malloc0(max_nested_state_len);
 env->nested_state->size = max_nested_state_len;
 
-if (cpu_has_vmx(env)) {
-env->nested_state->format = KVM_STATE_NESTED_FORMAT_VMX;
-vmx_hdr = >nested_state->hdr.vmx;
-vmx_hdr->vmxon_pa = -1ull;
-vmx_hdr->vmcs12_pa = -1ull;
-} else {
-env->nested_state->format = KVM_STATE_NESTED_FORMAT_SVM;
-}
+kvm_init_nested_state(env);
 }
 }
 
@@ -2199,6 +2214,8 @@ void kvm_arch_reset_vcpu(X86CPU *cpu)
 /* enabled by default */
 env->poll_control_msr = 1;
 
+kvm_init_nested_state(env);
+
 sev_es_set_reset_vector(CPU(cpu));
 }
 
-- 
2.37.1

Re: [PATCH v4 08/24] ppc/ppc4xx: Introduce a DCR device model

2022-08-10 Thread Cédric Le Goater 

On 8/10/22 15:28, BALATON Zoltan wrote:

On Wed, 10 Aug 2022, Cédric Le Goater wrote:

On 8/9/22 19:21, BALATON Zoltan wrote:

On Tue, 9 Aug 2022, Cédric Le Goater wrote:

The Device Control Registers (DCR) of on-SoC devices are accessed by
software through the use of the mtdcr and mfdcr instructions. These
are converted in transactions on a side band bus, the DCR bus, which
connects the on-SoC devices to the CPU.

Ideally, we should model these accesses with a DCR namespace and DCR
memory regions but today the DCR handlers are installed in a DCR table
under the CPU. Instead introduce a little device model wrapper to hold
a CPU link and handle registration of DCR handlers.

The DCR device inherits from SysBus because most of these devices also
have MMIO regions and/or IRQs. Being a SysBusDevice makes things easier
to install the device model in the overall SoC.

The "cpu" link should be considered as modeling the piece of HW logic
connecting the device to the DCR bus.

Signed-off-by: Cédric Le Goater 
---
include/hw/ppc/ppc4xx.h | 17 
hw/ppc/ppc4xx_devs.c    | 44 +
2 files changed, 61 insertions(+)

diff --git a/include/hw/ppc/ppc4xx.h b/include/hw/ppc/ppc4xx.h
index 591e2421a343..82e60b0e0742 100644
--- a/include/hw/ppc/ppc4xx.h
+++ b/include/hw/ppc/ppc4xx.h
@@ -27,6 +27,7 @@

#include "hw/ppc/ppc.h"
#include "exec/memory.h"
+#include "hw/sysbus.h"

void ppc4xx_sdram_banks(MemoryRegion *ram, int nr_banks,
    MemoryRegion ram_memories[],
@@ -44,4 +45,20 @@ void ppc4xx_mal_init(CPUPPCState *env, uint8_t txcnum, 
uint8_t rxcnum,

#define TYPE_PPC4xx_PCI_HOST_BRIDGE "ppc4xx-pcihost"

+/*
+ * Generic DCR device
+ */
+#define TYPE_PPC4xx_DCR_DEVICE "ppc4xx-dcr-device"
+OBJECT_DECLARE_SIMPLE_TYPE(Ppc4xxDcrDeviceState, PPC4xx_DCR_DEVICE);
+struct Ppc4xxDcrDeviceState {
+    SysBusDevice parent_obj;
+
+    PowerPCCPU *cpu;
+};
+
+void ppc4xx_dcr_register(Ppc4xxDcrDeviceState *dev, int dcrn,
+ dcr_read_cb dcr_read, dcr_write_cb dcr_write);
+bool ppc4xx_dcr_realize(Ppc4xxDcrDeviceState *dev, PowerPCCPU *cpu,
+    Error **errp);
+
#endif /* PPC4XX_H */
diff --git a/hw/ppc/ppc4xx_devs.c b/hw/ppc/ppc4xx_devs.c
index 069b51195160..bce7ef461346 100644
--- a/hw/ppc/ppc4xx_devs.c
+++ b/hw/ppc/ppc4xx_devs.c
@@ -664,3 +664,47 @@ void ppc4xx_mal_init(CPUPPCState *env, uint8_t txcnum, 
uint8_t rxcnum,
 mal, _read_mal, _write_mal);
    }
}
+
+void ppc4xx_dcr_register(Ppc4xxDcrDeviceState *dev, int dcrn,
+ dcr_read_cb dcr_read, dcr_write_cb dcr_write)


I still think this should have a separate void *opaque parameter for the callbacks and 
not pass dev for that as the callbacks could use anything they wish for that parameter. 
(Additionally this allows dropping a lot of QOM casts. If you want to see how often these 
are accessed, you can try -trace enable="ppc_dcr*"; on the machines and OS I've 
tested some are read/written frequently so I'd not add unnecessary overhead without a 
good reason.)


This machine has been abandoned for 15 years and broken for maybe 10.
I think it is fine for now. We will see if further needs arise.


It will arise as I'd like to keep at least the devices used by sam460ex somewhat sane 


What do you mean by somewhat sane ? If it is the QOM casts, I don't
understand why you worry so much about it because QOM cast debugging
is not enabled by default. So it really should not impact performance
as you think it would.

C.


so if you don't change this now I'd likely want to change it back. I undetstand 
it's a hassle to do in a rebase now but keeping the opaque parameter means just 
a search replace from the old ppc_dcr_register to ppc4xx_dcr_register so maybe 
not that hard to do at this point. Once you apply this patch it will be more 
difficult to revert it.

Regards,
BALATON Zoltan


Thanks,

C.



Otherwise:

Reviewed-by: BALATON Zoltan 

Regards,
BALATOn Zoltan


+{
+    CPUPPCState *env;
+
+    assert(dev->cpu);
+
+    env = >cpu->env;
+
+    ppc_dcr_register(env, dcrn, dev, dcr_read, dcr_write);
+}
+
+bool ppc4xx_dcr_realize(Ppc4xxDcrDeviceState *dev, PowerPCCPU *cpu,
+    Error **errp)
+{
+    object_property_set_link(OBJECT(dev), "cpu", OBJECT(cpu), _abort);
+    return sysbus_realize(SYS_BUS_DEVICE(dev), errp);
+}
+
+static Property ppc4xx_dcr_properties[] = {
+    DEFINE_PROP_LINK("cpu", Ppc4xxDcrDeviceState, cpu, TYPE_POWERPC_CPU,
+ PowerPCCPU *),
+    DEFINE_PROP_END_OF_LIST(),
+};
+
+static void ppc4xx_dcr_class_init(ObjectClass *oc, void *data)
+{
+    DeviceClass *dc = DEVICE_CLASS(oc);
+
+    device_class_set_props(dc, ppc4xx_dcr_properties);
+}
+
+static const TypeInfo ppc4xx_types[] = {
+    {
+    .name   = TYPE_PPC4xx_DCR_DEVICE,
+    .parent = TYPE_SYS_BUS_DEVICE,
+    .instance_size  = sizeof(Ppc4xxDcrDeviceState),
+    .class_init =

Re: [RFC 1/1] hw: tpmtisspi: add SPI support to QEMU TPM implementation

2022-08-10 Thread Stefan Berger 

On 8/3/22 04:52, Cédric Le Goater wrote:

On 8/3/22 04:32, Iris Chen wrote:

From: Iris Chen 


A commit log telling us about this new device would be good to have.



Signed-off-by: Iris Chen 
---
  configs/devices/arm-softmmu/default.mak |   1 +
  hw/arm/Kconfig  |   5 +
  hw/tpm/Kconfig  |   5 +
  hw/tpm/meson.build  |   1 +
  hw/tpm/tpm_tis_spi.c    | 311 
  include/sysemu/tpm.h    |   3 +
  6 files changed, 326 insertions(+)
  create mode 100644 hw/tpm/tpm_tis_spi.c

diff --git a/configs/devices/arm-softmmu/default.mak 
b/configs/devices/arm-softmmu/default.mak

index 6985a25377..80d2841568 100644
--- a/configs/devices/arm-softmmu/default.mak
+++ b/configs/devices/arm-softmmu/default.mak
@@ -42,3 +42,4 @@ CONFIG_FSL_IMX6UL=y
  CONFIG_SEMIHOSTING=y
  CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
  CONFIG_ALLWINNER_H3=y
+CONFIG_FBOBMC_AST=y


I don't think this extra config is useful for now


diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index 15fa79afd3..193decaec1 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -458,6 +458,11 @@ config ASPEED_SOC
  select PMBUS
  select MAX31785
+config FBOBMC_AST
+    bool
+    select ASPEED_SOC
+    select TPM_TIS_SPI
+
  config MPS2
  bool
  imply I2C_DEVICES
diff --git a/hw/tpm/Kconfig b/hw/tpm/Kconfig
index 29e82f3c92..370a43f045 100644
--- a/hw/tpm/Kconfig
+++ b/hw/tpm/Kconfig
@@ -8,6 +8,11 @@ config TPM_TIS_SYSBUS
  depends on TPM
  select TPM_TIS
+config TPM_TIS_SPI
+    bool
+    depends on TPM
+    select TPM_TIS
+
  config TPM_TIS
  bool
  depends on TPM
diff --git a/hw/tpm/meson.build b/hw/tpm/meson.build
index 1c68d81d6a..1a057f4e36 100644
--- a/hw/tpm/meson.build
+++ b/hw/tpm/meson.build
@@ -2,6 +2,7 @@ softmmu_ss.add(when: 'CONFIG_TPM_TIS', if_true: 
files('tpm_tis_common.c'))
  softmmu_ss.add(when: 'CONFIG_TPM_TIS_ISA', if_true: 
files('tpm_tis_isa.c'))
  softmmu_ss.add(when: 'CONFIG_TPM_TIS_SYSBUS', if_true: 
files('tpm_tis_sysbus.c'))

  softmmu_ss.add(when: 'CONFIG_TPM_CRB', if_true: files('tpm_crb.c'))
+softmmu_ss.add(when: 'CONFIG_TPM_TIS_SPI', if_true: 
files('tpm_tis_spi.c'))
  specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TPM_TIS'], if_true: 
files('tpm_ppi.c'))
  specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TPM_CRB'], if_true: 
files('tpm_ppi.c'))

diff --git a/hw/tpm/tpm_tis_spi.c b/hw/tpm/tpm_tis_spi.c
new file mode 100644
index 00..c98ddcfddb
--- /dev/null
+++ b/hw/tpm/tpm_tis_spi.c
@@ -0,0 +1,311 @@
+#include "qemu/osdep.h"
+#include "hw/qdev-properties.h"
+#include "migration/vmstate.h"
+#include "hw/acpi/tpm.h"
+#include "tpm_prop.h"
+#include "tpm_tis.h"
+#include "qom/object.h"
+#include "hw/ssi/ssi.h"
+#include "hw/ssi/spi_gpio.h"
+
+#define TPM_TIS_SPI_ADDR_BYTES 3
+#define SPI_WRITE 0
+
+typedef enum {
+    TIS_SPI_PKT_STATE_DEACTIVATED = 0,
+    TIS_SPI_PKT_STATE_START,
+    TIS_SPI_PKT_STATE_ADDRESS,
+    TIS_SPI_PKT_STATE_DATA_WR,
+    TIS_SPI_PKT_STATE_DATA_RD,
+    TIS_SPI_PKT_STATE_DONE,
+} TpmTisSpiPktState;
+
+union TpmTisRWSizeByte {
+    uint8_t byte;
+    struct {
+    uint8_t data_expected_size:6;
+    uint8_t resv:1;
+    uint8_t rwflag:1;
+    };
+};
+
+union TpmTisSpiHwAddr {
+    hwaddr addr;
+    uint8_t bytes[sizeof(hwaddr)];
+};
+
+union TpmTisSpiData {
+    uint32_t data;
+    uint8_t bytes[64];
+};
+
+struct TpmTisSpiState {
+    /*< private >*/
+    SSIPeripheral parent_obj;
+
+    /*< public >*/
+    TPMState tpm_state; /* not a QOM object */
+    TpmTisSpiPktState tpm_tis_spi_state;
+
+    union TpmTisRWSizeByte first_byte;
+    union TpmTisSpiHwAddr addr;
+    union TpmTisSpiData data;


Are these device registers ? I am not sure the unions are very useful.






+    uint32_t data_size;
+    uint8_t data_idx;
+    uint8_t addr_idx; >> +};


I suppose that these registers will also have to be stored as part of 
the device state (for suspend/resume).



+/*
+ * Pre-reading logic for transfer:
+ * This is to fix the transaction between reading and writing.
+ * The first byte is arbitrarily inserted so we need to
+ * shift the all the output bytes (timeline) one byte right.


-> shift all the output bytes (timeline) one byte to the right


+
+static void tpm_tis_spi_realizefn(SSIPeripheral *ss, Error **errp)
+{
+    TpmTisSpiState *sbdev = TPM_TIS_SPI(ss);
+
+    if (!tpm_find()) {
+    error_setg(errp, "at most one TPM device is permitted");
+    return;
+    }
+
+    if (!sbdev->tpm_state.be_driver) {
+    error_setg(errp, "'tpmdev' property is required");
+    return;
+    }
+
+    DeviceState *spi_gpio = qdev_find_recursive(sysbus_get_default(),
+    TYPE_SPI_GPIO);
+    qdev_connect_gpio_out_named(spi_gpio,
+    "SPI_CS_out", 0,
+    qdev_get_gpio_in_named(DEVICE(ss),
+    SSI_GPIO_CS,

Re: [PATCH for-7.2 v3 09/11] ppc/pnv: change pnv_phb4_get_pec() to also retrieve chip10->pecs

2022-08-10 Thread Cédric Le Goater 

On 8/10/22 12:05, Daniel Henrique Barboza wrote:

The function assumes that we're always dealing with a PNV9_CHIP()
object. This is not the case when the pnv-phb device belongs to a
powernv10 machine.

Change pnv_phb4_get_pec() to be able to work with PNV10_CHIP() if
necessary.

Signed-off-by: Daniel Henrique Barboza 
---
  hw/pci-host/pnv_phb.c | 17 +++--
  1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/hw/pci-host/pnv_phb.c b/hw/pci-host/pnv_phb.c
index a142b8ff8d..feaef8137f 100644
--- a/hw/pci-host/pnv_phb.c
+++ b/hw/pci-host/pnv_phb.c
@@ -53,17 +53,30 @@ static void pnv_parent_bus_fixup(DeviceState *parent, 
DeviceState *child)
  static PnvPhb4PecState *pnv_phb4_get_pec(PnvChip *chip, PnvPHB4 *phb,
   Error **errp)
  {
-Pnv9Chip *chip9 = PNV9_CHIP(chip);
+PnvPHB *phb_base = phb->phb_base;
+PnvPhb4PecState *pecs = NULL;
  int chip_id = phb->chip_id;
  int index = phb->phb_id;
  int i, j;
  
+if (phb_base->version == 4) {

+Pnv9Chip *chip9 = PNV9_CHIP(chip);
+
+pecs = chip9->pecs;
+} else if (phb_base->version == 5) {
+Pnv10Chip *chip10 = PNV10_CHIP(chip);
+
+pecs = chip10->pecs;
+} else {


May be :

 g_assert_not_reached();


+return NULL;
+}
+
  for (i = 0; i < chip->num_pecs; i++) {
  /*
   * For each PEC, check the amount of phbs it supports
   * and see if the given phb4 index matches an index.
   */
-PnvPhb4PecState *pec = >pecs[i];
+PnvPhb4PecState *pec = [i];
  
  for (j = 0; j < pec->num_phbs; j++) {

  if (index == pnv_phb4_pec_get_phb_id(pec, j)) {

Re: [PATCH] tests/unit: fix a -Wformat-trunction warning

2022-08-10 Thread Philippe Mathieu-Daudé via 

On 10/8/22 14:24, Markus Armbruster wrote:

Typo in subject, it's -Wformat-truncation

marcandre.lur...@redhat.com writes:


From: Marc-André Lureau 

../tests/test-qobject-input-visitor.c: In function ‘test_visitor_in_list’:
../tests/test-qobject-input-visitor.c:454:49: warning: ‘%d’ directive output 
may be truncated writing between 1 and 10 bytes into a region of size 6 
[-Wformat-truncation=]
   454 | snprintf(string, sizeof(string), "string%d", i);
   | ^~
../tests/test-qobject-input-visitor.c:454:42: note: directive argument in the 
range [0, 2147483606]
   454 | snprintf(string, sizeof(string), "string%d", i);
   |  ^~
../tests/test-qobject-input-visitor.c:454:9: note: ‘snprintf’ output between 8 
and 17 bytes into a destination of size 12
   454 | snprintf(string, sizeof(string), "string%d", i);
   | ^~~

Not trying to be clever, this is called 3 times during tests,
let simply use g_strdup_printf().

Signed-off-by: Marc-André Lureau 
---
  tests/unit/test-qobject-input-visitor.c | 3 +--
  1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tests/unit/test-qobject-input-visitor.c 
b/tests/unit/test-qobject-input-visitor.c
index 14329dabcf..5f614afdbf 100644
--- a/tests/unit/test-qobject-input-visitor.c
+++ b/tests/unit/test-qobject-input-visitor.c
@@ -447,9 +447,8 @@ static void test_visitor_in_list(TestInputVisitorData *data,
  g_assert(head != NULL);
  
  for (i = 0, item = head; item; item = item->next, i++) {

-char string[12];
+g_autofree char *string = g_strdup_printf("string%d", i);
  
-snprintf(string, sizeof(string), "string%d", i);

  g_assert_cmpstr(item->value->string, ==, string);
  g_assert_cmpint(item->value->integer, ==, 42 + i);
  }


Even less clever would be char string[32].


Or assert(i < 10) before calling snprintf (the test data only contains 3 
strings).




Anyway, with the typo corrected:
Reviewed-by: Markus Armbruster

Re: [PATCH for-7.2 v3 08/11] ppc/pnv: enable user created pnv-phb powernv9

2022-08-10 Thread Cédric Le Goater 

On 8/10/22 12:05, Daniel Henrique Barboza wrote:

Enable pnv-phb user created devices for powernv9 now that we have
everything in place.

Signed-off-by: Daniel Henrique Barboza 


Reviewed-by: Cédric Le Goater 

Thanks,

C.



---
  hw/pci-host/pnv_phb.c  | 2 +-
  hw/pci-host/pnv_phb4_pec.c | 6 --
  hw/ppc/pnv.c   | 2 ++
  3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/hw/pci-host/pnv_phb.c b/hw/pci-host/pnv_phb.c
index f9516fdc4a..a142b8ff8d 100644
--- a/hw/pci-host/pnv_phb.c
+++ b/hw/pci-host/pnv_phb.c
@@ -211,7 +211,7 @@ static void pnv_phb_realize(DeviceState *dev, Error **errp)
  pnv_phb4_bus_init(dev, PNV_PHB4(phb->backend));
  }
  
-if (phb->version == 3 && !defaults_enabled()) {

+if (!defaults_enabled()) {
  return;
  }
  
diff --git a/hw/pci-host/pnv_phb4_pec.c b/hw/pci-host/pnv_phb4_pec.c

index 8dc363d69c..9871f462cd 100644
--- a/hw/pci-host/pnv_phb4_pec.c
+++ b/hw/pci-host/pnv_phb4_pec.c
@@ -146,8 +146,10 @@ static void pnv_pec_realize(DeviceState *dev, Error **errp)
  pec->num_phbs = pecc->num_phbs[pec->index];
  
  /* Create PHBs if running with defaults */

-for (i = 0; i < pec->num_phbs; i++) {
-pnv_pec_default_phb_realize(pec, i, errp);
+if (defaults_enabled()) {
+for (i = 0; i < pec->num_phbs; i++) {
+pnv_pec_default_phb_realize(pec, i, errp);
+}
  }
  
  /* Initialize the XSCOM regions for the PEC registers */

diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 0d3a88578b..b6314dc961 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -2134,6 +2134,8 @@ static void pnv_machine_power9_class_init(ObjectClass 
*oc, void *data)
  pmc->compat = compat;
  pmc->compat_size = sizeof(compat);
  pmc->dt_power_mgt = pnv_dt_power_mgt;
+
+machine_class_allow_dynamic_sysbus_dev(mc, TYPE_PNV_PHB);
  }
  
  static void pnv_machine_power10_class_init(ObjectClass *oc, void *data)

Re: [PATCH v8 3/3] target/riscv: Add vstimecmp support

2022-08-10 Thread Weiwei Li 


在 2022/8/10 下午1:45, Atish Kumar Patra 写道:



On Tue, Aug 9, 2022 at 6:33 PM Weiwei Li > wrote:



在 2022/8/10 上午3:34, Atish Kumar Patra 写道:




On Tue, Aug 9, 2022 at 12:01 AM Weiwei Li mailto:liwei...@iscas.ac.cn>> wrote:


在 2022/8/9 上午1:20, Atish Kumar Patra 写道:



On Sun, Aug 7, 2022 at 6:50 PM Weiwei Li
mailto:liwei...@iscas.ac.cn>> wrote:


在 2022/8/4 上午9:42, Atish Patra 写道:
> vstimecmp CSR allows the guest OS or to program the
next guest timer
> interrupt directly. Thus, hypervisor no longer need to
inject the
> timer interrupt to the guest if vstimecmp is used.
This was ratified
> as a part of the Sstc extension.
>
> Signed-off-by: Atish Patra mailto:ati...@rivosinc.com>>
> ---
>   target/riscv/cpu.h         |  4 ++
>   target/riscv/cpu_bits.h    |  4 ++
>   target/riscv/cpu_helper.c  | 11 ++--
>   target/riscv/csr.c         | 102
-
>   target/riscv/machine.c     |  1 +
>   target/riscv/time_helper.c | 16 ++
>   6 files changed, 133 insertions(+), 5 deletions(-)
>
> diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
> index 4cda2905661e..1fd382b2717f 100644
> --- a/target/riscv/cpu.h
> +++ b/target/riscv/cpu.h
> @@ -312,6 +312,8 @@ struct CPUArchState {
>       /* Sstc CSRs */
>       uint64_t stimecmp;
>
> +    uint64_t vstimecmp;
> +
>       /* physical memory protection */
>       pmp_table_t pmp_state;
>       target_ulong mseccfg;
> @@ -366,6 +368,8 @@ struct CPUArchState {
>
>       /* Fields from here on are preserved across CPU
reset. */
>       QEMUTimer *stimer; /* Internal timer for S-mode
interrupt */
> +    QEMUTimer *vstimer; /* Internal timer for VS-mode
interrupt */
> +    bool vstime_irq;
>
>       hwaddr kernel_addr;
>       hwaddr fdt_addr;
> diff --git a/target/riscv/cpu_bits.h
b/target/riscv/cpu_bits.h
> index ac17cf1515c0..095dab19f512 100644
> --- a/target/riscv/cpu_bits.h
> +++ b/target/riscv/cpu_bits.h
> @@ -257,6 +257,10 @@
>   #define CSR_VSIP 0x244
>   #define CSR_VSATP  0x280
>
> +/* Sstc virtual CSRs */
> +#define CSR_VSTIMECMP  0x24D
> +#define CSR_VSTIMECMPH 0x25D
> +
>   #define CSR_MTINST 0x34a
>   #define CSR_MTVAL2 0x34b
>
> diff --git a/target/riscv/cpu_helper.c
b/target/riscv/cpu_helper.c
> index 650574accf0a..1e4faa84e839 100644
> --- a/target/riscv/cpu_helper.c
> +++ b/target/riscv/cpu_helper.c
> @@ -345,8 +345,9 @@ uint64_t
riscv_cpu_all_pending(CPURISCVState *env)
>   {
>       uint32_t gein = get_field(env->hstatus,
HSTATUS_VGEIN);
>       uint64_t vsgein = (env->hgeip & (1ULL << gein))
? MIP_VSEIP : 0;
> +    uint64_t vstip = (env->vstime_irq) ? MIP_VSTIP : 0;
>
> -    return (env->mip | vsgein) & env->mie;
> +    return (env->mip | vsgein | vstip) & env->mie;
>   }
>
>   int riscv_cpu_mirq_pending(CPURISCVState *env)
> @@ -605,7 +606,7 @@ uint64_t
riscv_cpu_update_mip(RISCVCPU *cpu, uint64_t mask,
uint64_t value)
>   {
>       CPURISCVState *env = >env;
>       CPUState *cs = CPU(cpu);
> -    uint64_t gein, vsgein = 0, old = env->mip;
> +    uint64_t gein, vsgein = 0, vstip = 0, old = env->mip;
>       bool locked = false;
>
>       if (riscv_cpu_virt_enabled(env)) {
> @@ -613,6 +614,10 @@ uint64_t
riscv_cpu_update_mip(RISCVCPU *cpu, uint64_t mask,
uint64_t value)
>           vsgein = (env->hgeip & (1ULL << gein)) ?
MIP_VSEIP : 0;
>       }
>
> +    /* No need to update mip for VSTIP */
> +    mask = ((mask == MIP_VSTIP) && env->vstime_irq) ?
0 : mask;
> +    vstip = env->vstime_irq ? MIP_VSTIP : 0;
> +
>       if (!qemu_mutex_iothread_locked()) {
>           locked = true;
>  qemu_mutex_lock_iothread();
> @@ -620,7 +625,7 @@ uint64_t
riscv_cpu_update_mip(RISCVCPU *cpu, uint64_t

Re: [PATCH for-7.2 v3 07/11] ppc/pnv: add PHB4 helpers for user created pnv-phb

2022-08-10 Thread Cédric Le Goater 

On 8/10/22 12:05, Daniel Henrique Barboza wrote:

The PHB4 backend relies on a link with the corresponding PEC element.
This is trivial to do during machine_init() time for default devices,
but not so much for user created ones.

pnv_phb4_get_pec() is a small variation of the function that was
reverted by commit 9c10d86fee "ppc/pnv: Remove user-created PHB{3,4,5}
devices". We'll use it to determine the appropriate PEC for a given user
created pnv-phb that uses a PHB4 backend.

This is done during realize() time, in pnv_phb_user_device_init().

Signed-off-by: Daniel Henrique Barboza 
---
  hw/pci-host/pnv_phb.c | 40 ++--
  1 file changed, 38 insertions(+), 2 deletions(-)

diff --git a/hw/pci-host/pnv_phb.c b/hw/pci-host/pnv_phb.c
index 887b25d49e..f9516fdc4a 100644
--- a/hw/pci-host/pnv_phb.c
+++ b/hw/pci-host/pnv_phb.c
@@ -50,6 +50,34 @@ static void pnv_parent_bus_fixup(DeviceState *parent, 
DeviceState *child)
  }
  }
  
+static PnvPhb4PecState *pnv_phb4_get_pec(PnvChip *chip, PnvPHB4 *phb,

+ Error **errp)
+{
+Pnv9Chip *chip9 = PNV9_CHIP(chip);
+int chip_id = phb->chip_id;
+int index = phb->phb_id;
+int i, j;
+
+for (i = 0; i < chip->num_pecs; i++) {
+/*
+ * For each PEC, check the amount of phbs it supports
+ * and see if the given phb4 index matches an index.
+ */
+PnvPhb4PecState *pec = >pecs[i];
+
+for (j = 0; j < pec->num_phbs; j++) {
+if (index == pnv_phb4_pec_get_phb_id(pec, j)) {
+return pec;
+}
+}
+}
+error_setg(errp,
+   "pnv-phb4 chip-id %d index %d didn't match any existing PEC",
+   chip_id, index);
+
+return NULL;
+}
+
  /*
   * Attach a root port device.
   *
@@ -100,8 +128,16 @@ static void pnv_phb_user_device_init(PnvPHB *phb)
  
  parent = OBJECT(chip);

  } else {
-/* phb4 support will be added later */
-return;
+Error *local_err = NULL;
+
+phb->pec = pnv_phb4_get_pec(chip, PNV_PHB4(phb->backend), _err);
+
+if (local_err) {
+error_propagate(_fatal, local_err);


That's weird. pnv_phb_user_device_init() should have an errp parameter I think.

C.


+return;
+}
+
+parent = OBJECT(phb->pec);
  }
  
  /*

Re: [PATCH for-7.1] cutils: Add missing dyld(3) include on macOS

2022-08-10 Thread Philippe Mathieu-Daudé via 

+Thomas

On 10/8/22 00:20, Philippe Mathieu-Daudé wrote:

Commit 06680b15b4 moved qemu_*_exec_dir() to cutils but forgot
to move the macOS dyld(3) include, resulting in the following
error (when building with Homebrew GCC on macOS Monterey 12.4):

   [313/1197] Compiling C object libqemuutil.a.p/util_cutils.c.o
   FAILED: libqemuutil.a.p/util_cutils.c.o
   ../../util/cutils.c:1039:13: error: implicit declaration of function 
'_NSGetExecutablePath' [-Werror=implicit-function-declaration]
1039 | if (_NSGetExecutablePath(fpath, ) == 0) {
 | ^~~~
   ../../util/cutils.c:1039:13: error: nested extern declaration of 
'_NSGetExecutablePath' [-Werror=nested-externs]

Fix by moving the include line to cutils.

Fixes: 06680b15b4 ("include: move qemu_*_exec_dir() to cutils")
Signed-off-by: Philippe Mathieu-Daudé 
---
Cc: Marc-André Lureau 
Cc: Markus Armbruster 
---
  util/cutils.c  | 4 
  util/oslib-posix.c | 4 
  2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/util/cutils.c b/util/cutils.c
index cb43dda213..def9c746ce 100644
--- a/util/cutils.c
+++ b/util/cutils.c
@@ -39,6 +39,10 @@
  #include 
  #endif
  
+#ifdef __APPLE__

+#include 
+#endif
+
  #ifdef G_OS_WIN32
  #include 
  #include 
diff --git a/util/oslib-posix.c b/util/oslib-posix.c
index bffec18869..d55af69c11 100644
--- a/util/oslib-posix.c
+++ b/util/oslib-posix.c
@@ -58,10 +58,6 @@
  #include 
  #endif
  
-#ifdef __APPLE__

-#include 
-#endif
-
  #include "qemu/mmap-alloc.h"
  
  #ifdef CONFIG_DEBUG_STACK_USAGE

Re: [PATCH for-7.2 v3 10/11] ppc/pnv: user creatable pnv-phb for powernv10

2022-08-10 Thread Cédric Le Goater 

On 8/10/22 12:05, Daniel Henrique Barboza wrote:

Given that powernv9 and powernv10 uses the same pnv-phb backend, the
logic to allow user created pnv-phbs for powernv10 is already in place.
Let's flip the switch.

Signed-off-by: Daniel Henrique Barboza 


Reviewed-by: Cédric Le Goater 

Thanks,

C.


---
  hw/ppc/pnv.c | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index b6314dc961..02f287feab 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -2159,6 +2159,8 @@ static void pnv_machine_power10_class_init(ObjectClass 
*oc, void *data)
  pmc->dt_power_mgt = pnv_dt_power_mgt;
  
  xfc->match_nvt = pnv10_xive_match_nvt;

+
+machine_class_allow_dynamic_sysbus_dev(mc, TYPE_PNV_PHB);
  }
  
  static bool pnv_machine_get_hb(Object *obj, Error **errp)

[PATCH RFC v1 2/2] i386: reorder kvm_put_sregs2() and kvm_put_nested_state() when vCPU is reset

2022-08-10 Thread Vitaly Kuznetsov 
Setting nested state upon migration needs to happen after kvm_put_sregs2()
to e.g. have EFER.SVME set. This, however, doesn't work for vCPU reset:
when vCPU is in VMX root operation, certain CR bits are locked and
kvm_put_sregs2() may fail. As nested state is fully cleaned up upon
vCPU reset (kvm_arch_reset_vcpu() -> kvm_init_nested_state()), calling
kvm_put_nested_state() before kvm_put_sregs2() is OK, this will ensure
that vCPU is *not* in VMX root opertaion.

Signed-off-by: Vitaly Kuznetsov 
---
 target/i386/kvm/kvm.c | 20 ++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 4f8dacc1d4b5..73e3880fa57b 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -4529,18 +4529,34 @@ int kvm_arch_put_registers(CPUState *cpu, int level)
 
 assert(cpu_is_stopped(cpu) || qemu_cpu_is_self(cpu));
 
-/* must be before kvm_put_nested_state so that EFER.SVME is set */
+/*
+ * When resetting a vCPU, make sure to reset nested state first to
+ * e.g clear VMXON state and unlock certain CR4 bits.
+ */
+if (level == KVM_PUT_RESET_STATE) {
+ret = kvm_put_nested_state(x86_cpu);
+if (ret < 0) {
+return ret;
+}
+}
+
 ret = has_sregs2 ? kvm_put_sregs2(x86_cpu) : kvm_put_sregs(x86_cpu);
 if (ret < 0) {
 return ret;
 }
 
-if (level >= KVM_PUT_RESET_STATE) {
+/*
+ * When putting full CPU state, kvm_put_nested_state() must happen after
+ * kvm_put_sregs{,2} so that e.g. EFER.SVME is already set.
+ */
+if (level == KVM_PUT_FULL_STATE) {
 ret = kvm_put_nested_state(x86_cpu);
 if (ret < 0) {
 return ret;
 }
+}
 
+if (level >= KVM_PUT_RESET_STATE) {
 ret = kvm_put_msr_feature_control(x86_cpu);
 if (ret < 0) {
 return ret;
-- 
2.37.1

Re: Using QEMU for VRChat

2022-08-10 Thread Daniel P . Berrangé 
On Wed, Aug 10, 2022 at 01:06:59PM +0200, danko babro wrote:
> Dear QEMU dev team,
> Recently a game called VRChat got a security update, implementing Easy Anti
> Cheat into their game (pretty much spyware that logs everything happening
> on the users PC) which made me want to install their game on a virtual
> machine.
> 
> The problem now is, that the anti cheat detects if the user is playing on a
> virtual machine, but in the official documentation by their dev team there
> is a workaround for that, specifically for QEMU, that can be found here:
> 
> https://docs.vrchat.com/docs/using-vrchat-in-a-virtual-machine
> 
> I simply cant understand what that code (on the given website) does. Does
> it open up a backdoor for the anti cheat to access my real pc?
> 
> Is QEMU in general a good solution for when it comes to protecting my
> actual PC from threats like these, or any other sorts of viruses for
> example, since it uses a kernel based VM.

The targetted recommendation of

  

 -cpu ,hv-vendor-id=0123756792CD

is essentially harmless. It merely changes one CPUID register so that
the anti cheat code no longer believe it is running in a HyperV VM.

It wouldn't fool a really determined anti cheat code chcker, because
there are a great many ways to detect you're inside a VM. Evidentially
this particular code though only cares about a CPUID value.

I the vendor ID value could be essentially anything you want it to
be, not just this one specific value - just has to be different from
the default.

This is not opening a backdoor to your host OS.

The more general recommendation

   

simply enables all hyperv enlightenments. This appears to be sufficient
to again fool the anti cheat code, while having the added benefit of
likely improving performance.

Again, this is not opening a backdoor to your host OS.

With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH for-7.2 v3 06/11] ppc/pnv: enable user created pnv-phb for powernv8

2022-08-10 Thread Cédric Le Goater 

On 8/10/22 12:05, Daniel Henrique Barboza wrote:

The bulk of the work was already done by previous patches.

Use defaults_enabled() to determine whether we need to create the
default devices or not.

Signed-off-by: Daniel Henrique Barboza 
---
  hw/pci-host/pnv_phb.c | 9 +++--
  hw/ppc/pnv.c  | 6 ++
  2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/hw/pci-host/pnv_phb.c b/hw/pci-host/pnv_phb.c
index 40a960c54c..887b25d49e 100644
--- a/hw/pci-host/pnv_phb.c
+++ b/hw/pci-host/pnv_phb.c
@@ -17,6 +17,7 @@
  #include "hw/ppc/pnv.h"
  #include "hw/qdev-properties.h"
  #include "qom/object.h"
+#include "sysemu/sysemu.h"
  
  
  /*

@@ -174,6 +175,10 @@ static void pnv_phb_realize(DeviceState *dev, Error **errp)
  pnv_phb4_bus_init(dev, PNV_PHB4(phb->backend));
  }
  
+if (phb->version == 3 && !defaults_enabled()) {

+return;
+}
+
  pnv_phb_attach_root_port(pci);
  }
  
@@ -209,7 +214,7 @@ static void pnv_phb_class_init(ObjectClass *klass, void *data)

  dc->realize = pnv_phb_realize;
  device_class_set_props(dc, pnv_phb_properties);
  set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
-dc->user_creatable = false;
+dc->user_creatable = true;
  }
  
  static void pnv_phb_root_port_reset(DeviceState *dev)

@@ -300,7 +305,7 @@ static void pnv_phb_root_port_class_init(ObjectClass 
*klass, void *data)
  device_class_set_parent_reset(dc, pnv_phb_root_port_reset,
>parent_reset);
  dc->reset = _phb_root_port_reset;
-dc->user_creatable = false;
+dc->user_creatable = true;
  
  k->vendor_id = PCI_VENDOR_ID_IBM;

  /* device_id will be written during realize() */
diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 44066ffb8c..0d3a88578b 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -1151,6 +1151,10 @@ static void pnv_chip_power8_instance_init(Object *obj)
  
  object_initialize_child(obj, "homer", >homer, TYPE_PNV8_HOMER);
  
+if (!defaults_enabled()) {

+return;
+}
+


May be including the default devices under the 'if' statement would be
better for maintainability :


if (defaults_enabled()) {
/* Add defaults */
}

this is minor.

Thanks,

C.


  chip8->num_phbs = pcc->num_phbs;
  
  for (i = 0; i < chip8->num_phbs; i++) {

@@ -2103,6 +2107,8 @@ static void pnv_machine_power8_class_init(ObjectClass 
*oc, void *data)
  
  pmc->compat = compat;

  pmc->compat_size = sizeof(compat);
+
+machine_class_allow_dynamic_sysbus_dev(mc, TYPE_PNV_PHB);
  }
  
  static void pnv_machine_power9_class_init(ObjectClass *oc, void *data)

Re: [PATCH v2 2/3] softmmu/physmem: Remove the ifdef __linux__ around the pagesize functions

2022-08-10 Thread Claudio Imbrenda 
On Wed, 10 Aug 2022 14:57:19 +0200
Thomas Huth  wrote:

> Now that host_memory_backend_pagesize() is not depending on the hugetlb
> memory path handling anymore, we can also remove the #ifdef and the
> TOCTTOU comment from the calling functions - the code should now work
> equally well on all host architectures.
> 
> Signed-off-by: Thomas Huth 

Reviewed-by: Claudio Imbrenda 

> ---
>  softmmu/physmem.c | 17 -
>  1 file changed, 17 deletions(-)
> 
> diff --git a/softmmu/physmem.c b/softmmu/physmem.c
> index dc3c3e5f2e..50231bab30 100644
> --- a/softmmu/physmem.c
> +++ b/softmmu/physmem.c
> @@ -1331,13 +1331,6 @@ GString *ram_block_format(void)
>  return buf;
>  }
>  
> -#ifdef __linux__
> -/*
> - * FIXME TOCTTOU: this iterates over memory backends' mem-path, which
> - * may or may not name the same files / on the same filesystem now as
> - * when we actually open and map them.  Iterate over the file
> - * descriptors instead, and use qemu_fd_getpagesize().
> - */
>  static int find_min_backend_pagesize(Object *obj, void *opaque)
>  {
>  long *hpsize_min = opaque;
> @@ -1391,16 +1384,6 @@ long qemu_maxrampagesize(void)
>  object_child_foreach(memdev_root, find_max_backend_pagesize, );
>  return pagesize;
>  }
> -#else
> -long qemu_minrampagesize(void)
> -{
> -return qemu_real_host_page_size();
> -}
> -long qemu_maxrampagesize(void)
> -{
> -return qemu_real_host_page_size();
> -}
> -#endif
>  
>  #ifdef CONFIG_POSIX
>  static int64_t get_file_size(int fd)

[PATCH RFC v1 0/2] i386: KVM: Fix 'system_reset' failures when vCPU is in VMX root operation

2022-08-10 Thread Vitaly Kuznetsov 
It was discovered that Windows 11 with WSL2 (Hyper-V) enabled guests fail
to reboot when QEMU's 'system_reset' command is issued. The problem appears
to be that KVM_SET_SREGS2 fails because zeroed CR4 register value doesn't
pass vmx_is_valid_cr4() check in KVM as certain bits can't be zero while in
VMX root operation (post-VMXON). kvm_arch_put_registers() does call 
kvm_put_nested_state() which is supposed to kick vCPU out of VMX root
operation, however, it only does so after kvm_put_sregs2() and there's
a good reason for that: 'real' nested state requires e.g. EFER.SVME to
be set. While swapping kvm_put_sregs2()/kvm_put_nested_state() order
in kvm_arch_put_registers() can't be done in KVM_PUT_FULL_STATE case,
doing it in KVM_PUT_RESET_STATE seems like a reasonable band aid.

The root cause of the issue seems to be that QEMU is doing quite a lot
to forcefully reset a vCPU as KVM doesn't export kvm_vcpu_reset() (or,
rather, it's super-set) yet. While all the numerous existing APIs for
setting a vCPU state work fine for a newly created vCPU, using them for
vCPU reset is a mess caused by various dependencies between different
components of the state (VMX, SMM, MSRs, XCRs, CPUIDs, ...). It would've
been possible to allow to set 'inconsistent' state and only validate it
upon VCPU_RUN from the very beginning but that ship has long sailed for
KVM. A new, dedicated API for vCPU reset is likely the way to go.

RFC part: the immediate issue could've probably been solved in KVM too
by avoiding vmx_is_valid_cr4() check from __set_sregs2() and hoping that
someone will check for the resulting inconsistency later. I don't quite
like this option so I didn't explore it in depth.

Vitaly Kuznetsov (2):
  i386: reset KVM nested state upon CPU reset
  i386: reorder kvm_put_sregs2() and kvm_put_nested_state() when vCPU is
reset

 target/i386/kvm/kvm.c | 57 ++-
 1 file changed, 45 insertions(+), 12 deletions(-)

-- 
2.37.1

Re: [PATCH v4 08/24] ppc/ppc4xx: Introduce a DCR device model

2022-08-10 Thread BALATON Zoltan 

On Wed, 10 Aug 2022, Cédric Le Goater wrote:

On 8/9/22 19:21, BALATON Zoltan wrote:

On Tue, 9 Aug 2022, Cédric Le Goater wrote:

The Device Control Registers (DCR) of on-SoC devices are accessed by
software through the use of the mtdcr and mfdcr instructions. These
are converted in transactions on a side band bus, the DCR bus, which
connects the on-SoC devices to the CPU.

Ideally, we should model these accesses with a DCR namespace and DCR
memory regions but today the DCR handlers are installed in a DCR table
under the CPU. Instead introduce a little device model wrapper to hold
a CPU link and handle registration of DCR handlers.

The DCR device inherits from SysBus because most of these devices also
have MMIO regions and/or IRQs. Being a SysBusDevice makes things easier
to install the device model in the overall SoC.

The "cpu" link should be considered as modeling the piece of HW logic
connecting the device to the DCR bus.

Signed-off-by: Cédric Le Goater 
---
include/hw/ppc/ppc4xx.h | 17 
hw/ppc/ppc4xx_devs.c    | 44 +
2 files changed, 61 insertions(+)

diff --git a/include/hw/ppc/ppc4xx.h b/include/hw/ppc/ppc4xx.h
index 591e2421a343..82e60b0e0742 100644
--- a/include/hw/ppc/ppc4xx.h
+++ b/include/hw/ppc/ppc4xx.h
@@ -27,6 +27,7 @@

#include "hw/ppc/ppc.h"
#include "exec/memory.h"
+#include "hw/sysbus.h"

void ppc4xx_sdram_banks(MemoryRegion *ram, int nr_banks,
    MemoryRegion ram_memories[],
@@ -44,4 +45,20 @@ void ppc4xx_mal_init(CPUPPCState *env, uint8_t txcnum, 
uint8_t rxcnum,


#define TYPE_PPC4xx_PCI_HOST_BRIDGE "ppc4xx-pcihost"

+/*
+ * Generic DCR device
+ */
+#define TYPE_PPC4xx_DCR_DEVICE "ppc4xx-dcr-device"
+OBJECT_DECLARE_SIMPLE_TYPE(Ppc4xxDcrDeviceState, PPC4xx_DCR_DEVICE);
+struct Ppc4xxDcrDeviceState {
+    SysBusDevice parent_obj;
+
+    PowerPCCPU *cpu;
+};
+
+void ppc4xx_dcr_register(Ppc4xxDcrDeviceState *dev, int dcrn,
+ dcr_read_cb dcr_read, dcr_write_cb dcr_write);
+bool ppc4xx_dcr_realize(Ppc4xxDcrDeviceState *dev, PowerPCCPU *cpu,
+    Error **errp);
+
#endif /* PPC4XX_H */
diff --git a/hw/ppc/ppc4xx_devs.c b/hw/ppc/ppc4xx_devs.c
index 069b51195160..bce7ef461346 100644
--- a/hw/ppc/ppc4xx_devs.c
+++ b/hw/ppc/ppc4xx_devs.c
@@ -664,3 +664,47 @@ void ppc4xx_mal_init(CPUPPCState *env, uint8_t 
txcnum, uint8_t rxcnum,

 mal, _read_mal, _write_mal);
    }
}
+
+void ppc4xx_dcr_register(Ppc4xxDcrDeviceState *dev, int dcrn,
+ dcr_read_cb dcr_read, dcr_write_cb dcr_write)


I still think this should have a separate void *opaque parameter for the 
callbacks and not pass dev for that as the callbacks could use anything 
they wish for that parameter. (Additionally this allows dropping a lot of 
QOM casts. If you want to see how often these are accessed, you can try 
-trace enable="ppc_dcr*"; on the machines and OS I've tested some are 
read/written frequently so I'd not add unnecessary overhead without a good 
reason.)


This machine has been abandoned for 15 years and broken for maybe 10.
I think it is fine for now. We will see if further needs arise.


It will arise as I'd like to keep at least the devices used by sam460ex 
somewhat sane so if you don't change this now I'd likely want to change it 
back. I undetstand it's a hassle to do in a rebase now but keeping the 
opaque parameter means just a search replace from the old ppc_dcr_register 
to ppc4xx_dcr_register so maybe not that hard to do at this point. Once 
you apply this patch it will be more difficult to revert it.


Regards,
BALATON Zoltan


Thanks,

C.



Otherwise:

Reviewed-by: BALATON Zoltan 

Regards,
BALATOn Zoltan


+{
+    CPUPPCState *env;
+
+    assert(dev->cpu);
+
+    env = >cpu->env;
+
+    ppc_dcr_register(env, dcrn, dev, dcr_read, dcr_write);
+}
+
+bool ppc4xx_dcr_realize(Ppc4xxDcrDeviceState *dev, PowerPCCPU *cpu,
+    Error **errp)
+{
+    object_property_set_link(OBJECT(dev), "cpu", OBJECT(cpu), 
_abort);

+    return sysbus_realize(SYS_BUS_DEVICE(dev), errp);
+}
+
+static Property ppc4xx_dcr_properties[] = {
+    DEFINE_PROP_LINK("cpu", Ppc4xxDcrDeviceState, cpu, TYPE_POWERPC_CPU,
+ PowerPCCPU *),
+    DEFINE_PROP_END_OF_LIST(),
+};
+
+static void ppc4xx_dcr_class_init(ObjectClass *oc, void *data)
+{
+    DeviceClass *dc = DEVICE_CLASS(oc);
+
+    device_class_set_props(dc, ppc4xx_dcr_properties);
+}
+
+static const TypeInfo ppc4xx_types[] = {
+    {
+    .name   = TYPE_PPC4xx_DCR_DEVICE,
+    .parent = TYPE_SYS_BUS_DEVICE,
+    .instance_size  = sizeof(Ppc4xxDcrDeviceState),
+    .class_init = ppc4xx_dcr_class_init,
+    .abstract   = true,
+    }
+};
+
+DEFINE_TYPES(ppc4xx_types)

Re: [PATCH for-7.2 v3 06/11] ppc/pnv: enable user created pnv-phb for powernv8

2022-08-10 Thread Cédric Le Goater 

On 8/10/22 12:05, Daniel Henrique Barboza wrote:

The bulk of the work was already done by previous patches.

Use defaults_enabled() to determine whether we need to create the
default devices or not.

Signed-off-by: Daniel Henrique Barboza 


Reviewed-by: Cédric Le Goater 

Thanks,

C.


---
  hw/pci-host/pnv_phb.c | 9 +++--
  hw/ppc/pnv.c  | 6 ++
  2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/hw/pci-host/pnv_phb.c b/hw/pci-host/pnv_phb.c
index 40a960c54c..887b25d49e 100644
--- a/hw/pci-host/pnv_phb.c
+++ b/hw/pci-host/pnv_phb.c
@@ -17,6 +17,7 @@
  #include "hw/ppc/pnv.h"
  #include "hw/qdev-properties.h"
  #include "qom/object.h"
+#include "sysemu/sysemu.h"
  
  
  /*

@@ -174,6 +175,10 @@ static void pnv_phb_realize(DeviceState *dev, Error **errp)
  pnv_phb4_bus_init(dev, PNV_PHB4(phb->backend));
  }
  
+if (phb->version == 3 && !defaults_enabled()) {

+return;
+}
+
  pnv_phb_attach_root_port(pci);
  }
  
@@ -209,7 +214,7 @@ static void pnv_phb_class_init(ObjectClass *klass, void *data)

  dc->realize = pnv_phb_realize;
  device_class_set_props(dc, pnv_phb_properties);
  set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
-dc->user_creatable = false;
+dc->user_creatable = true;
  }
  
  static void pnv_phb_root_port_reset(DeviceState *dev)

@@ -300,7 +305,7 @@ static void pnv_phb_root_port_class_init(ObjectClass 
*klass, void *data)
  device_class_set_parent_reset(dc, pnv_phb_root_port_reset,
>parent_reset);
  dc->reset = _phb_root_port_reset;
-dc->user_creatable = false;
+dc->user_creatable = true;
  
  k->vendor_id = PCI_VENDOR_ID_IBM;

  /* device_id will be written during realize() */
diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 44066ffb8c..0d3a88578b 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -1151,6 +1151,10 @@ static void pnv_chip_power8_instance_init(Object *obj)
  
  object_initialize_child(obj, "homer", >homer, TYPE_PNV8_HOMER);
  
+if (!defaults_enabled()) {

+return;
+}
+
  chip8->num_phbs = pcc->num_phbs;
  
  for (i = 0; i < chip8->num_phbs; i++) {

@@ -2103,6 +2107,8 @@ static void pnv_machine_power8_class_init(ObjectClass 
*oc, void *data)
  
  pmc->compat = compat;

  pmc->compat_size = sizeof(compat);
+
+machine_class_allow_dynamic_sysbus_dev(mc, TYPE_PNV_PHB);
  }
  
  static void pnv_machine_power9_class_init(ObjectClass *oc, void *data)

Re: [PATCH v2 1/3] backends/hostmem: Fix support of memory-backend-memfd in qemu_maxrampagesize()

2022-08-10 Thread Claudio Imbrenda 
On Wed, 10 Aug 2022 14:57:18 +0200
Thomas Huth  wrote:

> It is currently not possible yet to use "memory-backend-memfd" on s390x
> with hugepages enabled. This problem is caused by qemu_maxrampagesize()
> not taking memory-backend-memfd objects into account yet, so the code
> in s390_memory_init() fails to enable the huge page support there via
> s390_set_max_pagesize(). Fix it by generalizing the code, so that it
> looks at qemu_ram_pagesize(memdev->mr.ram_block) instead of re-trying
> to get the information from the filesystem.
> 
> Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2116496
> Suggested-by: David Hildenbrand 
> Signed-off-by: Thomas Huth 

more removed lines than added, I like it

Reviewed-by: Claudio Imbrenda 

> ---
>  backends/hostmem.c | 14 ++
>  1 file changed, 2 insertions(+), 12 deletions(-)
> 
> diff --git a/backends/hostmem.c b/backends/hostmem.c
> index 624bb7ecd3..4428e06738 100644
> --- a/backends/hostmem.c
> +++ b/backends/hostmem.c
> @@ -306,22 +306,12 @@ bool host_memory_backend_is_mapped(HostMemoryBackend 
> *backend)
>  return backend->is_mapped;
>  }
>  
> -#ifdef __linux__
>  size_t host_memory_backend_pagesize(HostMemoryBackend *memdev)
>  {
> -Object *obj = OBJECT(memdev);
> -char *path = object_property_get_str(obj, "mem-path", NULL);
> -size_t pagesize = qemu_mempath_getpagesize(path);
> -
> -g_free(path);
> +size_t pagesize = qemu_ram_pagesize(memdev->mr.ram_block);
> +g_assert(pagesize >= qemu_real_host_page_size());
>  return pagesize;
>  }
> -#else
> -size_t host_memory_backend_pagesize(HostMemoryBackend *memdev)
> -{
> -return qemu_real_host_page_size();
> -}
> -#endif
>  
>  static void
>  host_memory_backend_memory_complete(UserCreatable *uc, Error **errp)

Re: [PATCH for-7.2 v3 05/11] ppc/pnv: turn chip8->phbs[] into a PnvPHB* array

2022-08-10 Thread Cédric Le Goater 

On 8/10/22 12:05, Daniel Henrique Barboza wrote:

When enabling user created PHBs (a change reverted by commit 9c10d86fee)
we were handling PHBs created by default versus by the user in different
manners. The only difference between these PHBs is that one will have a
valid phb3->chip that is assigned during pnv_chip_power8_realize(),
while the user created needs to search which chip it belongs to.

Aside from that there shouldn't be any difference. Making the default
PHBs behave in line with the user created ones will make it easier to
re-introduce them later on. It will also make the code easier to follow
since we are dealing with them in equal manner.

The first step is to turn chip8->phbs[] into a PnvPHB3 pointer array.
This will allow us to assign user created PHBs into it later on. The way
we initilize the default case is now more in line with that would happen
with the user created case: the object is created, parented by the chip
because pnv_xscom_dt() relies on it, and then assigned to the array.

Signed-off-by: Daniel Henrique Barboza 
---
  hw/pci-host/pnv_phb.c |  7 +++
  hw/ppc/pnv.c  | 20 +++-
  include/hw/ppc/pnv.h  |  6 +-
  3 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/hw/pci-host/pnv_phb.c b/hw/pci-host/pnv_phb.c
index 18a050a6d3..40a960c54c 100644
--- a/hw/pci-host/pnv_phb.c
+++ b/hw/pci-host/pnv_phb.c
@@ -90,6 +90,13 @@ static void pnv_phb_user_device_init(PnvPHB *phb)
  }
  
  if (phb->version == 3) {

+Pnv8Chip *chip8 = PNV8_CHIP(chip);
+
+phb->chip = chip;
+
+chip8->phbs[chip8->num_phbs] = phb;
+chip8->num_phbs++;
+


I think we need an helper to register a phb in the chip, or a chip class
handler, to isolate the code modifying the chip from a sub chip model.
It would be cleaner.



  parent = OBJECT(chip);
  } else {
  /* phb4 support will be added later */


Specially when you look at the PHB4 version which is very different.
It could return the parent also.


diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index f9e5a3d248..44066ffb8c 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -661,7 +661,7 @@ static void pnv_chip_power8_pic_print_info(PnvChip *chip, 
Monitor *mon)
  ics_pic_print_info(>psi.ics, mon);
  
  for (i = 0; i < chip8->num_phbs; i++) {

-PnvPHB *phb = >phbs[i];
+PnvPHB *phb = chip8->phbs[i];
  PnvPHB3 *phb3 = PNV_PHB3(phb->backend);
  
  pnv_phb3_msi_pic_print_info(>msis, mon);

@@ -1154,7 +1154,17 @@ static void pnv_chip_power8_instance_init(Object *obj)
  chip8->num_phbs = pcc->num_phbs;
  
  for (i = 0; i < chip8->num_phbs; i++) {

-object_initialize_child(obj, "phb[*]", >phbs[i], TYPE_PNV_PHB);
+PnvPHB *phb = PNV_PHB(object_new(TYPE_PNV_PHB));



may be use :

  Object *phb = object_new(TYPE_PNV_PHB);


+
+/*
+ * We need the chip to parent the PHB to allow the DT
+ * to build correctly (via pnv_xscom_dt()).
+ *
+ * TODO: the PHB should be parented by a PEC device that, at
+ * this moment, is not modelled powernv8/phb3.
+ */
+object_property_add_child(obj, "phb[*]", OBJECT(phb));
+chip8->phbs[i] = phb;


and :
   object_property_add_child(obj, "phb[*]", phb);
   chip8->phbs[i] = PNV_PHB(phb);

This is minor.

C.


  }
  
  }

@@ -1270,7 +1280,7 @@ static void pnv_chip_power8_realize(DeviceState *dev, 
Error **errp)
  
  /* PHB controllers */

  for (i = 0; i < chip8->num_phbs; i++) {
-PnvPHB *phb = >phbs[i];
+PnvPHB *phb = chip8->phbs[i];
  
  object_property_set_int(OBJECT(phb), "index", i, _fatal);

  object_property_set_int(OBJECT(phb), "chip-id", chip->chip_id,
@@ -1938,7 +1948,7 @@ static ICSState *pnv_ics_get(XICSFabric *xi, int irq)
  }
  
  for (j = 0; j < chip8->num_phbs; j++) {

-PnvPHB *phb = >phbs[j];
+PnvPHB *phb = chip8->phbs[j];
  PnvPHB3 *phb3 = PNV_PHB3(phb->backend);
  
  if (ics_valid_irq(>lsis, irq)) {

@@ -1977,7 +1987,7 @@ static void pnv_ics_resend(XICSFabric *xi)
  ics_resend(>psi.ics);
  
  for (j = 0; j < chip8->num_phbs; j++) {

-PnvPHB *phb = >phbs[j];
+PnvPHB *phb = chip8->phbs[j];
  PnvPHB3 *phb3 = PNV_PHB3(phb->backend);
  
  ics_resend(>lsis);

diff --git a/include/hw/ppc/pnv.h b/include/hw/ppc/pnv.h
index 033d907287..aea6128e7f 100644
--- a/include/hw/ppc/pnv.h
+++ b/include/hw/ppc/pnv.h
@@ -81,7 +81,11 @@ struct Pnv8Chip {
  PnvHomer homer;
  
  #define PNV8_CHIP_PHB3_MAX 4

-PnvPHB   phbs[PNV8_CHIP_PHB3_MAX];
+/*
+ * The array is used to allow quick access to the phbs by
+ * pnv_ics_get_child() and pnv_ics_resend_child().
+ */
+PnvPHB   *phbs[PNV8_CHIP_PHB3_MAX];
  uint32_t num_phbs;
  
  XICSFabric*xics;

Re: [PATCH 29/62] target/arm: Add is_secure parameter to v7m_read_half_insn

2022-08-10 Thread Alex Bennée 


Richard Henderson  writes:

> Remove the use of regime_is_secure from v7m_read_half_insn.
> As it happens, both callers pass true, but that is a detail
> of v7m_handle_execute_nsc we need not expose to the callee.
>
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

-- 
Alex Bennée

Re: [PATCH 27/62] target/arm: Add is_secure parameter to get_phys_addr_pmsav5

2022-08-10 Thread Alex Bennée 


Richard Henderson  writes:

> Remove the use of regime_is_secure from get_phys_addr_pmsav5.
>
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

-- 
Alex Bennée

Re: [PATCH v2 0/3] Fix hugepages with memfd on s390x and clean up related code

2022-08-10 Thread Claudio Imbrenda 
On Wed, 10 Aug 2022 14:57:17 +0200
Thomas Huth  wrote:

> The first patch fixes the problem that hugepages cannot be used via
> the "memory-backend-memfd" object on s390x. The second and third patch
> are some clean-ups that can be done after generalizing the code in the
> first patch.

thanks for fixing this

> 
> v2:
>  - Use qemu_ram_pagesize(memdev->mr.ram_block) instead of adding
>additional code for the memfd object
>  - Added the two clean-up patches on top to simplify the code
> 
> Thomas Huth (3):
>   backends/hostmem: Fix support of memory-backend-memfd in
> qemu_maxrampagesize()
>   softmmu/physmem: Remove the ifdef __linux__  around the pagesize
> functions
>   util/mmap-alloc: Remove qemu_mempath_getpagesize()
> 
>  include/qemu/mmap-alloc.h |  2 --
>  backends/hostmem.c| 14 ++
>  softmmu/physmem.c | 17 -
>  util/mmap-alloc.c | 31 ---
>  4 files changed, 2 insertions(+), 62 deletions(-)
>

Re: [PATCH v2 3/3] util/mmap-alloc: Remove qemu_mempath_getpagesize()

2022-08-10 Thread Claudio Imbrenda 
On Wed, 10 Aug 2022 14:57:20 +0200
Thomas Huth  wrote:

> The last user of this function has just been removed, so we can
> drop this function now, too.
> 
> Signed-off-by: Thomas Huth 

Reviewed-by: Claudio Imbrenda 

> ---
>  include/qemu/mmap-alloc.h |  2 --
>  util/mmap-alloc.c | 31 ---
>  2 files changed, 33 deletions(-)
> 
> diff --git a/include/qemu/mmap-alloc.h b/include/qemu/mmap-alloc.h
> index 5076695cc8..2825e231a7 100644
> --- a/include/qemu/mmap-alloc.h
> +++ b/include/qemu/mmap-alloc.h
> @@ -4,8 +4,6 @@
>  
>  size_t qemu_fd_getpagesize(int fd);
>  
> -size_t qemu_mempath_getpagesize(const char *mem_path);
> -
>  /**
>   * qemu_ram_mmap: mmap anonymous memory, the specified file or device.
>   *
> diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c
> index 5b90cb68ea..5ed7d29183 100644
> --- a/util/mmap-alloc.c
> +++ b/util/mmap-alloc.c
> @@ -53,37 +53,6 @@ size_t qemu_fd_getpagesize(int fd)
>  return qemu_real_host_page_size();
>  }
>  
> -size_t qemu_mempath_getpagesize(const char *mem_path)
> -{
> -#ifdef CONFIG_LINUX
> -struct statfs fs;
> -int ret;
> -
> -if (mem_path) {
> -do {
> -ret = statfs(mem_path, );
> -} while (ret != 0 && errno == EINTR);
> -
> -if (ret != 0) {
> -fprintf(stderr, "Couldn't statfs() memory path: %s\n",
> -strerror(errno));
> -exit(1);
> -}
> -
> -if (fs.f_type == HUGETLBFS_MAGIC) {
> -/* It's hugepage, return the huge page size */
> -return fs.f_bsize;
> -}
> -}
> -#ifdef __sparc__
> -/* SPARC Linux needs greater alignment than the pagesize */
> -return QEMU_VMALLOC_ALIGN;
> -#endif
> -#endif
> -
> -return qemu_real_host_page_size();
> -}
> -
>  #define OVERCOMMIT_MEMORY_PATH "/proc/sys/vm/overcommit_memory"
>  static bool map_noreserve_effective(int fd, uint32_t qemu_map_flags)
>  {

Re: [PATCH 25/62] target/arm: Add is_secure parameter to get_phys_addr_pmsav7

2022-08-10 Thread Alex Bennée 


Richard Henderson  writes:

> Remove the use of regime_is_secure from get_phys_addr_pmsav7
>
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

-- 
Alex Bennée

Re: [PATCH 19/62] target/arm: Add is_secure parameter to pmsav8_mpu_lookup

2022-08-10 Thread Alex Bennée 


Richard Henderson  writes:

> Remove the use of regime_is_secure from pmsav8_mpu_lookup.
>
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

-- 
Alex Bennée

  1   2   >