[PATCH v2] travis.yml: Use the libfdt from the distro instead of the submodule

[Thomas Huth]

No need to compile-test third party submodules over and over again if
we can simply use the pre-build library from the distribution instead.

By also adding --enable-fdt=system to the configure options, we can
also avoid to check out the "dtc" submodule here.

Signed-off-by: Thomas Huth 
---
 v2: Add --enable-fdt=system to the jobs

 .travis.yml | 22 +++---
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index fb3baabca9..788e14c08c 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -128,6 +128,7 @@ jobs:
   - libbrlapi-dev
   - libcacard-dev
   - libcap-ng-dev
+  - libfdt-dev
   - libgcrypt20-dev
   - libgnutls28-dev
   - libgtk-3-dev
@@ -149,7 +150,8 @@ jobs:
   - genisoimage
   env:
 - TEST_CMD="make check check-tcg V=1"
-- CONFIG="--disable-containers --target-list=${MAIN_SOFTMMU_TARGETS} 
--cxx=/bin/false"
+- CONFIG="--disable-containers --enable-fdt=system
+  --target-list=${MAIN_SOFTMMU_TARGETS} --cxx=/bin/false"
 - UNRELIABLE=true
 
 - name: "[ppc64] GCC check-tcg"
@@ -162,6 +164,7 @@ jobs:
   - libbrlapi-dev
   - libcacard-dev
   - libcap-ng-dev
+  - libfdt-dev
   - libgcrypt20-dev
   - libgnutls28-dev
   - libgtk-3-dev
@@ -183,7 +186,8 @@ jobs:
   - genisoimage
   env:
 - TEST_CMD="make check check-tcg V=1"
-- CONFIG="--disable-containers 
--target-list=ppc64-softmmu,ppc64le-linux-user"
+- CONFIG="--disable-containers --enable-fdt=system
+  --target-list=ppc64-softmmu,ppc64le-linux-user"
 
 - name: "[s390x] GCC check-tcg"
   arch: s390x
@@ -195,6 +199,7 @@ jobs:
   - libbrlapi-dev
   - libcacard-dev
   - libcap-ng-dev
+  - libfdt-dev
   - libgcrypt20-dev
   - libgnutls28-dev
   - libgtk-3-dev
@@ -216,7 +221,8 @@ jobs:
   - genisoimage
   env:
 - TEST_CMD="make check check-tcg V=1"
-- CONFIG="--disable-containers 
--target-list=${MAIN_SOFTMMU_TARGETS},s390x-linux-user"
+- CONFIG="--disable-containers --enable-fdt=system
+  --target-list=${MAIN_SOFTMMU_TARGETS},s390x-linux-user"
 - UNRELIABLE=true
   script:
 - BUILD_RC=0 && make -j${JOBS} || BUILD_RC=$?
@@ -237,6 +243,7 @@ jobs:
   - libattr1-dev
   - libcacard-dev
   - libcap-ng-dev
+  - libfdt-dev
   - libgnutls28-dev
   - libiscsi-dev
   - liblttng-ust-dev
@@ -255,8 +262,8 @@ jobs:
   # Tests dependencies
   - genisoimage
   env:
-- CONFIG="--disable-containers --audio-drv-list=sdl --disable-user
-  --target-list-exclude=${MAIN_SOFTMMU_TARGETS}"
+- CONFIG="--disable-containers --enable-fdt=system --audio-drv-list=sdl
+  --disable-user --target-list-exclude=${MAIN_SOFTMMU_TARGETS}"
 
 - name: "[s390x] GCC (user)"
   arch: s390x
@@ -281,6 +288,7 @@ jobs:
   - libbrlapi-dev
   - libcacard-dev
   - libcap-ng-dev
+  - libfdt-dev
   - libgcrypt20-dev
   - libgnutls28-dev
   - libgtk-3-dev
@@ -300,6 +308,6 @@ jobs:
   - ninja-build
   env:
 - TEST_CMD="make check-unit"
-- CONFIG="--disable-containers --disable-tcg --enable-kvm
-  --disable-tools --host-cc=clang --cxx=clang++"
+- CONFIG="--disable-containers --disable-tcg --enable-kvm 
--disable-tools
+  --enable-fdt=system --host-cc=clang --cxx=clang++"
 - UNRELIABLE=true
-- 
2.31.1

[PULL 34/37] tcg/riscv: Use tcg_pcrel_diff in tcg_out_ldst

[Alistair Francis]

From: Richard Henderson 

We failed to update this with the w^x split, so misses the fact
that true pc-relative offsets are usually small.

Signed-off-by: Richard Henderson 
Reviewed-by: Alistair Francis 
Message-Id: <20230117230415.354239-1-richard.hender...@linaro.org>
Signed-off-by: Alistair Francis 
---
 tcg/riscv/tcg-target.c.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
index fc0edd811f..01cb67ef7b 100644
--- a/tcg/riscv/tcg-target.c.inc
+++ b/tcg/riscv/tcg-target.c.inc
@@ -599,7 +599,7 @@ static void tcg_out_ldst(TCGContext *s, RISCVInsn opc, 
TCGReg data,
 intptr_t imm12 = sextreg(offset, 0, 12);
 
 if (offset != imm12) {
-intptr_t diff = offset - (uintptr_t)s->code_ptr;
+intptr_t diff = tcg_pcrel_diff(s, (void *)offset);
 
 if (addr == TCG_REG_ZERO && diff == (int32_t)diff) {
 imm12 = sextreg(diff, 0, 12);
-- 
2.39.0

[PULL 05/37] hw/char: riscv_htif: Move registers from CPUArchState to HTIFState

[Alistair Francis]

From: Bin Meng 

At present for some unknown reason the HTIF registers (fromhost &
tohost) are defined in the RISC-V CPUArchState. It should really
be put in the HTIFState struct as it is only meaningful to HTIF.

Signed-off-by: Bin Meng 
Reviewed-by: Daniel Henrique Barboza 
Reviewed-by: Alistair Francis 
Message-Id: <20221229091828.1945072-6-bm...@tinylab.org>
Signed-off-by: Alistair Francis 
---
 include/hw/char/riscv_htif.h |  8 
 target/riscv/cpu.h   |  4 
 hw/char/riscv_htif.c | 35 +--
 hw/riscv/spike.c |  3 +--
 target/riscv/machine.c   |  6 ++
 5 files changed, 24 insertions(+), 32 deletions(-)

diff --git a/include/hw/char/riscv_htif.h b/include/hw/char/riscv_htif.h
index 6d172ebd6d..55cc352331 100644
--- a/include/hw/char/riscv_htif.h
+++ b/include/hw/char/riscv_htif.h
@@ -23,7 +23,6 @@
 #include "chardev/char.h"
 #include "chardev/char-fe.h"
 #include "exec/memory.h"
-#include "target/riscv/cpu.h"
 
 #define TYPE_HTIF_UART "riscv.htif.uart"
 
@@ -31,11 +30,12 @@ typedef struct HTIFState {
 int allow_tohost;
 int fromhost_inprogress;
 
+uint64_t tohost;
+uint64_t fromhost;
 hwaddr tohost_offset;
 hwaddr fromhost_offset;
 MemoryRegion mmio;
 
-CPURISCVState *env;
 CharBackend chr;
 uint64_t pending_read;
 } HTIFState;
@@ -51,7 +51,7 @@ void htif_symbol_callback(const char *st_name, int st_info, 
uint64_t st_value,
 bool htif_uses_elf_symbols(void);
 
 /* legacy pre qom */
-HTIFState *htif_mm_init(MemoryRegion *address_space, CPURISCVState *env,
-Chardev *chr, uint64_t nonelf_base);
+HTIFState *htif_mm_init(MemoryRegion *address_space, Chardev *chr,
+uint64_t nonelf_base);
 
 #endif
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index f5609b62a2..61a9a40958 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -309,10 +309,6 @@ struct CPUArchState {
 target_ulong sscratch;
 target_ulong mscratch;
 
-/* temporary htif regs */
-uint64_t mfromhost;
-uint64_t mtohost;
-
 /* Sstc CSRs */
 uint64_t stimecmp;
 
diff --git a/hw/char/riscv_htif.c b/hw/char/riscv_htif.c
index f28976b110..3bb0a37a3e 100644
--- a/hw/char/riscv_htif.c
+++ b/hw/char/riscv_htif.c
@@ -100,7 +100,7 @@ static void htif_recv(void *opaque, const uint8_t *buf, int 
size)
 uint64_t val_written = s->pending_read;
 uint64_t resp = 0x100 | *buf;
 
-s->env->mfromhost = (val_written >> 48 << 48) | (resp << 16 >> 16);
+s->fromhost = (val_written >> 48 << 48) | (resp << 16 >> 16);
 }
 
 /*
@@ -175,7 +175,7 @@ static void htif_handle_tohost_write(HTIFState *s, uint64_t 
val_written)
 if (cmd == HTIF_CONSOLE_CMD_GETC) {
 /* this should be a queue, but not yet implemented as such */
 s->pending_read = val_written;
-s->env->mtohost = 0; /* clear to indicate we read */
+s->tohost = 0; /* clear to indicate we read */
 return;
 } else if (cmd == HTIF_CONSOLE_CMD_PUTC) {
 qemu_chr_fe_write(>chr, (uint8_t *), 1);
@@ -195,11 +195,11 @@ static void htif_handle_tohost_write(HTIFState *s, 
uint64_t val_written)
  * HTIF needs protocol documentation and a more complete state machine.
  *
  *  while (!s->fromhost_inprogress &&
- *  s->env->mfromhost != 0x0) {
+ *  s->fromhost != 0x0) {
  *  }
  */
-s->env->mfromhost = (val_written >> 48 << 48) | (resp << 16 >> 16);
-s->env->mtohost = 0; /* clear to indicate we read */
+s->fromhost = (val_written >> 48 << 48) | (resp << 16 >> 16);
+s->tohost = 0; /* clear to indicate we read */
 }
 
 #define TOHOST_OFFSET1  (s->tohost_offset)
@@ -212,13 +212,13 @@ static uint64_t htif_mm_read(void *opaque, hwaddr addr, 
unsigned size)
 {
 HTIFState *s = opaque;
 if (addr == TOHOST_OFFSET1) {
-return s->env->mtohost & 0x;
+return s->tohost & 0x;
 } else if (addr == TOHOST_OFFSET2) {
-return (s->env->mtohost >> 32) & 0x;
+return (s->tohost >> 32) & 0x;
 } else if (addr == FROMHOST_OFFSET1) {
-return s->env->mfromhost & 0x;
+return s->fromhost & 0x;
 } else if (addr == FROMHOST_OFFSET2) {
-return (s->env->mfromhost >> 32) & 0x;
+return (s->fromhost >> 32) & 0x;
 } else {
 qemu_log("Invalid htif read: address %016" PRIx64 "\n",
 (uint64_t)addr);
@@ -232,22 +232,22 @@ static void htif_mm_write(void *opaque, hwaddr addr,
 {
 HTIFState *s = opaque;
 if (addr == TOHOST_OFFSET1) {
-if (s->env->mtohost == 0x0) {
+if (s->tohost == 0x0) {
 s->allow_tohost = 1;
-s->env->mtohost = value & 0x;
+s->tohost = value & 0x;
 } else {
 s->allow_tohost = 0;
 }
 } else if (addr == TOHOST_OFFSET2) {
 if 

[PULL 23/37] target/riscv/cpu: set cpu->cfg in register_cpu_props()

[Alistair Francis]

From: Daniel Henrique Barboza 

There is an informal contract between the cpu_init() functions and
riscv_cpu_realize(): if cpu->env.misa_ext is zero, assume that the
default settings were loaded via register_cpu_props() and do validations
to set env.misa_ext. If it's not zero, skip this whole process and
assume that the board somehow did everything.

At this moment, all SiFive CPUs are setting a non-zero misa_ext during
their cpu_init() and skipping a good chunk of riscv_cpu_realize().  This
causes problems when the code being skipped in riscv_cpu_realize()
contains fixes or assumptions that affects all CPUs, meaning that SiFive
CPUs are missing out.

To allow this code to not be skipped anymore, all the cpu->cfg.ext_*
attributes needs to be set during cpu_init() time. At this moment this
is being done in register_cpu_props(). The SiFive boards are setting
their own extensions during cpu_init() though, meaning that they don't
want all the defaults from register_cpu_props().

Let's move the contract between *_cpu_init() and riscv_cpu_realize() to
register_cpu_props(). Inside this function we'll check if
cpu->env.misa_ext was set and, if that's the case, set all relevant
cpu->cfg.ext_* attributes, and only that. Leave the 'misa_ext' = 0 case
as is today, i.e. loading all the defaults from riscv_cpu_extensions[].

register_cpu_props() can then be called by all the cpu_init() functions,
including the SiFive ones. This will make all CPUs behave more in line
with what riscv_cpu_realize() expects.

This will also make the cpu_init() functions even more alike, but at this
moment we would need some design changes in how we're initializing
extensions/attributes (e.g. some CPUs are setting cfg options after
register_cpu_props(), so we can't simply add the function to a common
post_init() hook)  to make a common cpu_init() code across all CPUs.

Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Alistair Francis 
Message-Id: <20230113175230.473975-2-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 target/riscv/cpu.h |  4 
 target/riscv/cpu.c | 40 
 2 files changed, 44 insertions(+)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 61a9a40958..bcf0826753 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -63,6 +63,10 @@
 
 #define RV(x) ((target_ulong)1 << (x - 'A'))
 
+/*
+ * Consider updating register_cpu_props() when adding
+ * new MISA bits here.
+ */
 #define RVI RV('I')
 #define RVE RV('E') /* E and I are mutually exclusive */
 #define RVM RV('M')
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index a2e6238bd7..e682102c2a 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -256,6 +256,7 @@ static void rv64_sifive_u_cpu_init(Object *obj)
 {
 CPURISCVState *env = _CPU(obj)->env;
 set_misa(env, MXL_RV64, RVI | RVM | RVA | RVF | RVD | RVC | RVS | RVU);
+register_cpu_props(DEVICE(obj));
 set_priv_version(env, PRIV_VERSION_1_10_0);
 }
 
@@ -265,6 +266,7 @@ static void rv64_sifive_e_cpu_init(Object *obj)
 RISCVCPU *cpu = RISCV_CPU(obj);
 
 set_misa(env, MXL_RV64, RVI | RVM | RVA | RVC | RVU);
+register_cpu_props(DEVICE(obj));
 set_priv_version(env, PRIV_VERSION_1_10_0);
 cpu->cfg.mmu = false;
 }
@@ -299,6 +301,7 @@ static void rv32_sifive_u_cpu_init(Object *obj)
 {
 CPURISCVState *env = _CPU(obj)->env;
 set_misa(env, MXL_RV32, RVI | RVM | RVA | RVF | RVD | RVC | RVS | RVU);
+register_cpu_props(DEVICE(obj));
 set_priv_version(env, PRIV_VERSION_1_10_0);
 }
 
@@ -308,6 +311,7 @@ static void rv32_sifive_e_cpu_init(Object *obj)
 RISCVCPU *cpu = RISCV_CPU(obj);
 
 set_misa(env, MXL_RV32, RVI | RVM | RVA | RVC | RVU);
+register_cpu_props(DEVICE(obj));
 set_priv_version(env, PRIV_VERSION_1_10_0);
 cpu->cfg.mmu = false;
 }
@@ -318,6 +322,7 @@ static void rv32_ibex_cpu_init(Object *obj)
 RISCVCPU *cpu = RISCV_CPU(obj);
 
 set_misa(env, MXL_RV32, RVI | RVM | RVC | RVU);
+register_cpu_props(DEVICE(obj));
 set_priv_version(env, PRIV_VERSION_1_11_0);
 cpu->cfg.mmu = false;
 cpu->cfg.epmp = true;
@@ -329,6 +334,7 @@ static void rv32_imafcu_nommu_cpu_init(Object *obj)
 RISCVCPU *cpu = RISCV_CPU(obj);
 
 set_misa(env, MXL_RV32, RVI | RVM | RVA | RVF | RVC | RVU);
+register_cpu_props(DEVICE(obj));
 set_priv_version(env, PRIV_VERSION_1_10_0);
 cpu->cfg.mmu = false;
 }
@@ -1083,10 +1089,44 @@ static Property riscv_cpu_extensions[] = {
 DEFINE_PROP_END_OF_LIST(),
 };
 
+/*
+ * Register CPU props based on env.misa_ext. If a non-zero
+ * value was set, register only the required cpu->cfg.ext_*
+ * properties and leave. env.misa_ext = 0 means that we want
+ * all the default properties to be registered.
+ */
 static void register_cpu_props(DeviceState *dev)
 {
+RISCVCPU *cpu = RISCV_CPU(OBJECT(dev));
+uint32_t misa_ext = cpu->env.misa_ext;
 Property *prop;
 
+/*
+ * If misa_ext is not zero, set cfg properties 

[PULL 21/37] hw/riscv/boot.c: use MachineState in riscv_load_initrd()

[Alistair Francis]

From: Daniel Henrique Barboza 

'filename', 'mem_size' and 'fdt' from riscv_load_initrd() can all be
retrieved by the MachineState object for all callers.

Cc: Palmer Dabbelt 
Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Bin Meng 
Reviewed-by: Alistair Francis 
Message-Id: <20230102115241.25733-9-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 include/hw/riscv/boot.h| 3 +--
 hw/riscv/boot.c| 6 --
 hw/riscv/microchip_pfsoc.c | 3 +--
 hw/riscv/sifive_u.c| 3 +--
 hw/riscv/spike.c   | 3 +--
 hw/riscv/virt.c| 3 +--
 6 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
index e37e1d1238..cfd72ecabf 100644
--- a/include/hw/riscv/boot.h
+++ b/include/hw/riscv/boot.h
@@ -46,8 +46,7 @@ target_ulong riscv_load_firmware(const char 
*firmware_filename,
 target_ulong riscv_load_kernel(const char *kernel_filename,
target_ulong firmware_end_addr,
symbol_fn_t sym_cb);
-void riscv_load_initrd(const char *filename, uint64_t mem_size,
-   uint64_t kernel_entry, void *fdt);
+void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry);
 uint64_t riscv_load_fdt(hwaddr dram_start, uint64_t dram_size, void *fdt);
 void riscv_setup_rom_reset_vec(MachineState *machine, RISCVHartArrayState 
*harts,
hwaddr saddr,
diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index 6b948d1c9e..d3e780c3b6 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -208,9 +208,11 @@ target_ulong riscv_load_kernel(const char *kernel_filename,
 exit(1);
 }
 
-void riscv_load_initrd(const char *filename, uint64_t mem_size,
-   uint64_t kernel_entry, void *fdt)
+void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry)
 {
+const char *filename = machine->initrd_filename;
+uint64_t mem_size = machine->ram_size;
+void *fdt = machine->fdt;
 hwaddr start, end;
 ssize_t size;
 
diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c
index 593a799549..1e9b0a420e 100644
--- a/hw/riscv/microchip_pfsoc.c
+++ b/hw/riscv/microchip_pfsoc.c
@@ -633,8 +633,7 @@ static void microchip_icicle_kit_machine_init(MachineState 
*machine)
  kernel_start_addr, NULL);
 
 if (machine->initrd_filename) {
-riscv_load_initrd(machine->initrd_filename, machine->ram_size,
-  kernel_entry, machine->fdt);
+riscv_load_initrd(machine, kernel_entry);
 }
 
 if (machine->kernel_cmdline && *machine->kernel_cmdline) {
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 3e6df87b5b..c40885ed5c 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -602,8 +602,7 @@ static void sifive_u_machine_init(MachineState *machine)
  kernel_start_addr, NULL);
 
 if (machine->initrd_filename) {
-riscv_load_initrd(machine->initrd_filename, machine->ram_size,
-  kernel_entry, machine->fdt);
+riscv_load_initrd(machine, kernel_entry);
 }
 
 if (machine->kernel_cmdline && *machine->kernel_cmdline) {
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index 60e2912be5..99dec74fe8 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -312,8 +312,7 @@ static void spike_board_init(MachineState *machine)
  htif_symbol_callback);
 
 if (machine->initrd_filename) {
-riscv_load_initrd(machine->initrd_filename, machine->ram_size,
-  kernel_entry, machine->fdt);
+riscv_load_initrd(machine, kernel_entry);
 }
 
 if (machine->kernel_cmdline && *machine->kernel_cmdline) {
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 6c946b6def..02f1369843 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -1285,8 +1285,7 @@ static void virt_machine_done(Notifier *notifier, void 
*data)
  kernel_start_addr, NULL);
 
 if (machine->initrd_filename) {
-riscv_load_initrd(machine->initrd_filename, machine->ram_size,
-  kernel_entry, machine->fdt);
+riscv_load_initrd(machine, kernel_entry);
 }
 
 if (machine->kernel_cmdline && *machine->kernel_cmdline) {
-- 
2.39.0

[PULL 31/37] hw/riscv: use ms->fdt in riscv_socket_fdt_write_distance_matrix()

[Alistair Francis]

From: Daniel Henrique Barboza 

There's no need to use a MachineState pointer and a fdt pointer now that
all RISC-V machines are using the FDT from the MachineState.

Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Message-Id: <2023070948.316276-7-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 include/hw/riscv/numa.h | 4 ++--
 hw/riscv/numa.c | 8 
 hw/riscv/spike.c| 2 +-
 hw/riscv/virt.c | 2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/include/hw/riscv/numa.h b/include/hw/riscv/numa.h
index 634df6673f..8f5280211d 100644
--- a/include/hw/riscv/numa.h
+++ b/include/hw/riscv/numa.h
@@ -100,9 +100,9 @@ void riscv_socket_fdt_write_id(const MachineState *ms, 
const char *node_name,
  * @ms: pointer to machine state
  * @socket_id: socket index
  *
- * Write NUMA distance matrix in FDT for given machine
+ * Write NUMA distance matrix in MachineState->fdt
  */
-void riscv_socket_fdt_write_distance_matrix(const MachineState *ms, void *fdt);
+void riscv_socket_fdt_write_distance_matrix(const MachineState *ms);
 
 CpuInstanceProperties
 riscv_numa_cpu_index_to_props(MachineState *ms, unsigned cpu_index);
diff --git a/hw/riscv/numa.c b/hw/riscv/numa.c
index f4343f5cde..4720102561 100644
--- a/hw/riscv/numa.c
+++ b/hw/riscv/numa.c
@@ -164,7 +164,7 @@ void riscv_socket_fdt_write_id(const MachineState *ms, 
const char *node_name,
 }
 }
 
-void riscv_socket_fdt_write_distance_matrix(const MachineState *ms, void *fdt)
+void riscv_socket_fdt_write_distance_matrix(const MachineState *ms)
 {
 int i, j, idx;
 uint32_t *dist_matrix, dist_matrix_size;
@@ -184,10 +184,10 @@ void riscv_socket_fdt_write_distance_matrix(const 
MachineState *ms, void *fdt)
 }
 }
 
-qemu_fdt_add_subnode(fdt, "/distance-map");
-qemu_fdt_setprop_string(fdt, "/distance-map", "compatible",
+qemu_fdt_add_subnode(ms->fdt, "/distance-map");
+qemu_fdt_setprop_string(ms->fdt, "/distance-map", "compatible",
 "numa-distance-map-v1");
-qemu_fdt_setprop(fdt, "/distance-map", "distance-matrix",
+qemu_fdt_setprop(ms->fdt, "/distance-map", "distance-matrix",
  dist_matrix, dist_matrix_size);
 g_free(dist_matrix);
 }
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index 5f12d80317..badc11ec43 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -174,7 +174,7 @@ static void create_fdt(SpikeState *s, const MemMapEntry 
*memmap,
 g_free(clust_name);
 }
 
-riscv_socket_fdt_write_distance_matrix(mc, fdt);
+riscv_socket_fdt_write_distance_matrix(mc);
 
 qemu_fdt_add_subnode(fdt, "/chosen");
 qemu_fdt_setprop_string(fdt, "/chosen", "stdout-path", "/htif");
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 6a2422a8cf..e6d4f06e8d 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -805,7 +805,7 @@ static void create_fdt_sockets(RISCVVirtState *s, const 
MemMapEntry *memmap,
 }
 }
 
-riscv_socket_fdt_write_distance_matrix(mc, mc->fdt);
+riscv_socket_fdt_write_distance_matrix(mc);
 }
 
 static void create_fdt_virtio(RISCVVirtState *s, const MemMapEntry *memmap,
-- 
2.39.0

[PULL 32/37] target/riscv: Fix up masking of vsip/vsie accesses

[Alistair Francis]

From: Andrew Bresticker 

The current logic attempts to shift the VS-level bits into their correct
position in mip while leaving the remaining bits in-tact. This is both
pointless and likely incorrect since one would expect that any new, future
VS-level interrupts will get their own position in mip rather than sharing
with their (H)S-level equivalent. Fix this, and make the logic more
readable, by just making off the VS-level bits and shifting them into
position.

This also fixes reads of vsip, which would only ever report vsip.VSSIP
since the non-writable bits got masked off as well.

Fixes: d028ac7512f1 ("arget/riscv: Implement AIA CSRs for 64 local interrupts 
on RV32")
Signed-off-by: Andrew Bresticker 
Reviewed-by: Alistair Francis 
Message-Id: <20221215224541.1423431-1-abres...@rivosinc.com>
Signed-off-by: Alistair Francis 
---
 target/riscv/csr.c | 35 +++
 1 file changed, 11 insertions(+), 24 deletions(-)

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 0db2c233e5..270de7b1a8 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -2305,22 +2305,15 @@ static RISCVException rmw_vsie64(CPURISCVState *env, 
int csrno,
  uint64_t new_val, uint64_t wr_mask)
 {
 RISCVException ret;
-uint64_t rval, vsbits, mask = env->hideleg & VS_MODE_INTERRUPTS;
+uint64_t rval, mask = env->hideleg & VS_MODE_INTERRUPTS;
 
 /* Bring VS-level bits to correct position */
-vsbits = new_val & (VS_MODE_INTERRUPTS >> 1);
-new_val &= ~(VS_MODE_INTERRUPTS >> 1);
-new_val |= vsbits << 1;
-vsbits = wr_mask & (VS_MODE_INTERRUPTS >> 1);
-wr_mask &= ~(VS_MODE_INTERRUPTS >> 1);
-wr_mask |= vsbits << 1;
+new_val = (new_val & (VS_MODE_INTERRUPTS >> 1)) << 1;
+wr_mask = (wr_mask & (VS_MODE_INTERRUPTS >> 1)) << 1;
 
 ret = rmw_mie64(env, csrno, , new_val, wr_mask & mask);
 if (ret_val) {
-rval &= mask;
-vsbits = rval & VS_MODE_INTERRUPTS;
-rval &= ~VS_MODE_INTERRUPTS;
-*ret_val = rval | (vsbits >> 1);
+*ret_val = (rval & mask) >> 1;
 }
 
 return ret;
@@ -2521,22 +2514,16 @@ static RISCVException rmw_vsip64(CPURISCVState *env, 
int csrno,
  uint64_t new_val, uint64_t wr_mask)
 {
 RISCVException ret;
-uint64_t rval, vsbits, mask = env->hideleg & vsip_writable_mask;
+uint64_t rval, mask = env->hideleg & VS_MODE_INTERRUPTS;
 
 /* Bring VS-level bits to correct position */
-vsbits = new_val & (VS_MODE_INTERRUPTS >> 1);
-new_val &= ~(VS_MODE_INTERRUPTS >> 1);
-new_val |= vsbits << 1;
-vsbits = wr_mask & (VS_MODE_INTERRUPTS >> 1);
-wr_mask &= ~(VS_MODE_INTERRUPTS >> 1);
-wr_mask |= vsbits << 1;
-
-ret = rmw_mip64(env, csrno, , new_val, wr_mask & mask);
+new_val = (new_val & (VS_MODE_INTERRUPTS >> 1)) << 1;
+wr_mask = (wr_mask & (VS_MODE_INTERRUPTS >> 1)) << 1;
+
+ret = rmw_mip64(env, csrno, , new_val,
+wr_mask & mask & vsip_writable_mask);
 if (ret_val) {
-rval &= mask;
-vsbits = rval & VS_MODE_INTERRUPTS;
-rval &= ~VS_MODE_INTERRUPTS;
-*ret_val = rval | (vsbits >> 1);
+*ret_val = (rval & mask) >> 1;
 }
 
 return ret;
-- 
2.39.0

[PULL 22/37] hw/riscv/boot.c: use MachineState in riscv_load_kernel()

[Alistair Francis]

From: Daniel Henrique Barboza 

All callers are using kernel_filename as machine->kernel_filename.

This will also simplify the changes in riscv_load_kernel() that we're
going to do next.

Cc: Palmer Dabbelt 
Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Bin Meng 
Reviewed-by: Alistair Francis 
Message-Id: <20230102115241.25733-10-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 include/hw/riscv/boot.h| 2 +-
 hw/riscv/boot.c| 3 ++-
 hw/riscv/microchip_pfsoc.c | 3 +--
 hw/riscv/opentitan.c   | 3 +--
 hw/riscv/sifive_e.c| 3 +--
 hw/riscv/sifive_u.c| 3 +--
 hw/riscv/spike.c   | 3 +--
 hw/riscv/virt.c| 3 +--
 8 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
index cfd72ecabf..f94653a09b 100644
--- a/include/hw/riscv/boot.h
+++ b/include/hw/riscv/boot.h
@@ -43,7 +43,7 @@ char *riscv_find_firmware(const char *firmware_filename,
 target_ulong riscv_load_firmware(const char *firmware_filename,
  hwaddr firmware_load_addr,
  symbol_fn_t sym_cb);
-target_ulong riscv_load_kernel(const char *kernel_filename,
+target_ulong riscv_load_kernel(MachineState *machine,
target_ulong firmware_end_addr,
symbol_fn_t sym_cb);
 void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry);
diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index d3e780c3b6..2594276223 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -173,10 +173,11 @@ target_ulong riscv_load_firmware(const char 
*firmware_filename,
 exit(1);
 }
 
-target_ulong riscv_load_kernel(const char *kernel_filename,
+target_ulong riscv_load_kernel(MachineState *machine,
target_ulong kernel_start_addr,
symbol_fn_t sym_cb)
 {
+const char *kernel_filename = machine->kernel_filename;
 uint64_t kernel_load_base, kernel_entry;
 
 g_assert(kernel_filename != NULL);
diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c
index 1e9b0a420e..82ae5e7023 100644
--- a/hw/riscv/microchip_pfsoc.c
+++ b/hw/riscv/microchip_pfsoc.c
@@ -629,8 +629,7 @@ static void microchip_icicle_kit_machine_init(MachineState 
*machine)
 kernel_start_addr = riscv_calc_kernel_start_addr(>soc.u_cpus,
  firmware_end_addr);
 
-kernel_entry = riscv_load_kernel(machine->kernel_filename,
- kernel_start_addr, NULL);
+kernel_entry = riscv_load_kernel(machine, kernel_start_addr, NULL);
 
 if (machine->initrd_filename) {
 riscv_load_initrd(machine, kernel_entry);
diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c
index 85ffdac5be..64d5d435b9 100644
--- a/hw/riscv/opentitan.c
+++ b/hw/riscv/opentitan.c
@@ -101,8 +101,7 @@ static void opentitan_board_init(MachineState *machine)
 }
 
 if (machine->kernel_filename) {
-riscv_load_kernel(machine->kernel_filename,
-  memmap[IBEX_DEV_RAM].base, NULL);
+riscv_load_kernel(machine, memmap[IBEX_DEV_RAM].base, NULL);
 }
 }
 
diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index d65d2fd869..3e3f4b0088 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -114,8 +114,7 @@ static void sifive_e_machine_init(MachineState *machine)
   memmap[SIFIVE_E_DEV_MROM].base, 
_space_memory);
 
 if (machine->kernel_filename) {
-riscv_load_kernel(machine->kernel_filename,
-  memmap[SIFIVE_E_DEV_DTIM].base, NULL);
+riscv_load_kernel(machine, memmap[SIFIVE_E_DEV_DTIM].base, NULL);
 }
 }
 
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index c40885ed5c..bac394c959 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -598,8 +598,7 @@ static void sifive_u_machine_init(MachineState *machine)
 kernel_start_addr = riscv_calc_kernel_start_addr(>soc.u_cpus,
  firmware_end_addr);
 
-kernel_entry = riscv_load_kernel(machine->kernel_filename,
- kernel_start_addr, NULL);
+kernel_entry = riscv_load_kernel(machine, kernel_start_addr, NULL);
 
 if (machine->initrd_filename) {
 riscv_load_initrd(machine, kernel_entry);
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index 99dec74fe8..bff9475686 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -307,8 +307,7 @@ static void spike_board_init(MachineState *machine)
 kernel_start_addr = riscv_calc_kernel_start_addr(>soc[0],
  firmware_end_addr);
 
-kernel_entry = riscv_load_kernel(machine->kernel_filename,
- 

[PULL 25/37] target/riscv: Use TARGET_FMT_lx for env->mhartid

[Alistair Francis]

From: Bin Meng 

env->mhartid is currently casted to long before printed, which drops
the high 32-bit for rv64 on 32-bit host. Use TARGET_FMT_lx instead.

Signed-off-by: Bin Meng 
Reviewed-by: Alistair Francis 
Message-Id: <20230109152655.340114-1-bm...@tinylab.org>
Signed-off-by: Alistair Francis 
---
 target/riscv/cpu.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index c192d96a94..14a7027095 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -867,9 +867,9 @@ static void riscv_cpu_realize(DeviceState *dev, Error 
**errp)
 (env->priv_ver < isa_edata_arr[i].min_version)) {
 isa_ext_update_enabled(cpu, _edata_arr[i], false);
 #ifndef CONFIG_USER_ONLY
-warn_report("disabling %s extension for hart 0x%lx because "
-"privilege spec version does not match",
-isa_edata_arr[i].name, (unsigned long)env->mhartid);
+warn_report("disabling %s extension for hart 0x" TARGET_FMT_lx
+" because privilege spec version does not match",
+isa_edata_arr[i].name, env->mhartid);
 #else
 warn_report("disabling %s extension because "
 "privilege spec version does not match",
-- 
2.39.0

[PULL 36/37] target/riscv: Remove helper_set_rod_rounding_mode

[Alistair Francis]

From: Richard Henderson 

The only setting of RISCV_FRM_ROD is from the vector unit,
and now handled by helper_set_rounding_mode_chkfrm.
This helper is now unused.

Signed-off-by: Richard Henderson 
Reviewed-by: Daniel Henrique Barboza 
Reviewed-by: Alistair Francis 
Message-Id: <20230115160657.3169274-3-richard.hender...@linaro.org>
Signed-off-by: Alistair Francis 
---
 target/riscv/helper.h | 1 -
 target/riscv/fpu_helper.c | 5 -
 target/riscv/translate.c  | 4 
 3 files changed, 10 deletions(-)

diff --git a/target/riscv/helper.h b/target/riscv/helper.h
index 9792ab5086..58a30f03d6 100644
--- a/target/riscv/helper.h
+++ b/target/riscv/helper.h
@@ -4,7 +4,6 @@ DEF_HELPER_2(raise_exception, noreturn, env, i32)
 /* Floating Point - rounding mode */
 DEF_HELPER_FLAGS_2(set_rounding_mode, TCG_CALL_NO_WG, void, env, i32)
 DEF_HELPER_FLAGS_2(set_rounding_mode_chkfrm, TCG_CALL_NO_WG, void, env, i32)
-DEF_HELPER_FLAGS_1(set_rod_rounding_mode, TCG_CALL_NO_WG, void, env)
 
 /* Floating Point - fused */
 DEF_HELPER_FLAGS_4(fmadd_s, TCG_CALL_NO_RWG, i64, env, i64, i64, i64)
diff --git a/target/riscv/fpu_helper.c b/target/riscv/fpu_helper.c
index 96817df8ef..449d236df6 100644
--- a/target/riscv/fpu_helper.c
+++ b/target/riscv/fpu_helper.c
@@ -118,11 +118,6 @@ void helper_set_rounding_mode_chkfrm(CPURISCVState *env, 
uint32_t rm)
 set_float_rounding_mode(softrm, >fp_status);
 }
 
-void helper_set_rod_rounding_mode(CPURISCVState *env)
-{
-set_float_rounding_mode(float_round_to_odd, >fp_status);
-}
-
 static uint64_t do_fmadd_h(CPURISCVState *env, uint64_t rs1, uint64_t rs2,
uint64_t rs3, int flags)
 {
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 493c3815e1..01cc30a365 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -672,10 +672,6 @@ static void gen_set_rm(DisasContext *ctx, int rm)
 }
 ctx->frm = rm;
 
-if (rm == RISCV_FRM_ROD) {
-gen_helper_set_rod_rounding_mode(cpu_env);
-return;
-}
 if (rm == RISCV_FRM_DYN) {
 /* The helper will return only if frm valid. */
 ctx->frm_valid = true;
-- 
2.39.0

[PULL 33/37] target/riscv: Trap on writes to stimecmp from VS when hvictl.VTI=1

[Alistair Francis]

From: Andrew Bresticker 

Per the AIA specification, writes to stimecmp from VS level should
trap when hvictl.VTI is set since the write may cause vsip.STIP to
become unset.

Fixes: 3ec0fe18a31f ("target/riscv: Add vstimecmp support")
Signed-off-by: Andrew Bresticker 
Reviewed-by: Alistair Francis 
Message-Id: <20221215224541.1423431-2-abres...@rivosinc.com>
Signed-off-by: Alistair Francis 
---
 target/riscv/csr.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 270de7b1a8..62e6c4acbd 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -1037,6 +1037,9 @@ static RISCVException write_stimecmp(CPURISCVState *env, 
int csrno,
 RISCVCPU *cpu = env_archcpu(env);
 
 if (riscv_cpu_virt_enabled(env)) {
+if (env->hvictl & HVICTL_VTI) {
+return RISCV_EXCP_VIRT_INSTRUCTION_FAULT;
+}
 return write_vstimecmp(env, csrno, val);
 }
 
@@ -1057,6 +1060,9 @@ static RISCVException write_stimecmph(CPURISCVState *env, 
int csrno,
 RISCVCPU *cpu = env_archcpu(env);
 
 if (riscv_cpu_virt_enabled(env)) {
+if (env->hvictl & HVICTL_VTI) {
+return RISCV_EXCP_VIRT_INSTRUCTION_FAULT;
+}
 return write_vstimecmph(env, csrno, val);
 }
 
-- 
2.39.0

[PULL 17/37] hw/riscv/boot.c: exit early if filename is NULL in load functions

[Alistair Francis]

From: Daniel Henrique Barboza 

riscv_load_firmware(), riscv_load_initrd() and riscv_load_kernel() works
under the assumption that a 'filename' parameter is always not NULL.

This is currently the case since all callers of these functions are
checking for NULL before calling them. Add an g_assert() to make sure
that a NULL value in these cases are to be considered a bug.

Suggested-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Bin Meng 
Reviewed-by: Alistair Francis 
Message-Id: <20230102115241.25733-5-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 hw/riscv/boot.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index 98b80af51b..31aa3385a0 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -153,6 +153,8 @@ target_ulong riscv_load_firmware(const char 
*firmware_filename,
 uint64_t firmware_entry, firmware_end;
 ssize_t firmware_size;
 
+g_assert(firmware_filename != NULL);
+
 if (load_elf_ram_sym(firmware_filename, NULL, NULL, NULL,
  _entry, NULL, _end, NULL,
  0, EM_RISCV, 1, 0, NULL, true, sym_cb) > 0) {
@@ -177,6 +179,8 @@ target_ulong riscv_load_kernel(const char *kernel_filename,
 {
 uint64_t kernel_load_base, kernel_entry;
 
+g_assert(kernel_filename != NULL);
+
 /*
  * NB: Use low address not ELF entry point to ensure that the fw_dynamic
  * behaviour when loading an ELF matches the fw_payload, fw_jump and BBL
@@ -209,6 +213,8 @@ hwaddr riscv_load_initrd(const char *filename, uint64_t 
mem_size,
 {
 ssize_t size;
 
+g_assert(filename != NULL);
+
 /*
  * We want to put the initrd far enough into RAM that when the
  * kernel is uncompressed it will not clobber the initrd. However
-- 
2.39.0

[PULL 04/37] hw/char: riscv_htif: Use conventional 's' for HTIFState

[Alistair Francis]

From: Bin Meng 

QEMU source codes tend to use 's' to represent the hardware state.
Let's use it for HTIFState.

Signed-off-by: Bin Meng 
Reviewed-by: Daniel Henrique Barboza 
Reviewed-by: Alistair Francis 
Message-Id: <20221229091828.1945072-5-bm...@tinylab.org>
Signed-off-by: Alistair Francis 
---
 hw/char/riscv_htif.c | 64 ++--
 1 file changed, 32 insertions(+), 32 deletions(-)

diff --git a/hw/char/riscv_htif.c b/hw/char/riscv_htif.c
index e7e319ca1d..f28976b110 100644
--- a/hw/char/riscv_htif.c
+++ b/hw/char/riscv_htif.c
@@ -85,7 +85,7 @@ static int htif_can_recv(void *opaque)
  */
 static void htif_recv(void *opaque, const uint8_t *buf, int size)
 {
-HTIFState *htifstate = opaque;
+HTIFState *s = opaque;
 
 if (size != 1) {
 return;
@@ -97,10 +97,10 @@ static void htif_recv(void *opaque, const uint8_t *buf, int 
size)
  *will drop characters
  */
 
-uint64_t val_written = htifstate->pending_read;
+uint64_t val_written = s->pending_read;
 uint64_t resp = 0x100 | *buf;
 
-htifstate->env->mfromhost = (val_written >> 48 << 48) | (resp << 16 >> 16);
+s->env->mfromhost = (val_written >> 48 << 48) | (resp << 16 >> 16);
 }
 
 /*
@@ -142,7 +142,7 @@ static int htif_be_change(void *opaque)
  * For RV32, the tohost register is zero-extended, so only device=0 and
  * command=0 (i.e. HTIF syscalls/exit codes) are supported.
  */
-static void htif_handle_tohost_write(HTIFState *htifstate, uint64_t 
val_written)
+static void htif_handle_tohost_write(HTIFState *s, uint64_t val_written)
 {
 uint8_t device = val_written >> HTIF_DEV_SHIFT;
 uint8_t cmd = val_written >> HTIF_CMD_SHIFT;
@@ -174,11 +174,11 @@ static void htif_handle_tohost_write(HTIFState 
*htifstate, uint64_t val_written)
 /* HTIF Console */
 if (cmd == HTIF_CONSOLE_CMD_GETC) {
 /* this should be a queue, but not yet implemented as such */
-htifstate->pending_read = val_written;
-htifstate->env->mtohost = 0; /* clear to indicate we read */
+s->pending_read = val_written;
+s->env->mtohost = 0; /* clear to indicate we read */
 return;
 } else if (cmd == HTIF_CONSOLE_CMD_PUTC) {
-qemu_chr_fe_write(>chr, (uint8_t *), 1);
+qemu_chr_fe_write(>chr, (uint8_t *), 1);
 resp = 0x100 | (uint8_t)payload;
 } else {
 qemu_log("HTIF device %d: unknown command\n", device);
@@ -194,31 +194,31 @@ static void htif_handle_tohost_write(HTIFState 
*htifstate, uint64_t val_written)
  * With this code disabled, qemu works with bbl priv v1.9.1 and v1.10.
  * HTIF needs protocol documentation and a more complete state machine.
  *
- *  while (!htifstate->fromhost_inprogress &&
- *  htifstate->env->mfromhost != 0x0) {
+ *  while (!s->fromhost_inprogress &&
+ *  s->env->mfromhost != 0x0) {
  *  }
  */
-htifstate->env->mfromhost = (val_written >> 48 << 48) | (resp << 16 >> 16);
-htifstate->env->mtohost = 0; /* clear to indicate we read */
+s->env->mfromhost = (val_written >> 48 << 48) | (resp << 16 >> 16);
+s->env->mtohost = 0; /* clear to indicate we read */
 }
 
-#define TOHOST_OFFSET1 (htifstate->tohost_offset)
-#define TOHOST_OFFSET2 (htifstate->tohost_offset + 4)
-#define FROMHOST_OFFSET1 (htifstate->fromhost_offset)
-#define FROMHOST_OFFSET2 (htifstate->fromhost_offset + 4)
+#define TOHOST_OFFSET1  (s->tohost_offset)
+#define TOHOST_OFFSET2  (s->tohost_offset + 4)
+#define FROMHOST_OFFSET1(s->fromhost_offset)
+#define FROMHOST_OFFSET2(s->fromhost_offset + 4)
 
 /* CPU wants to read an HTIF register */
 static uint64_t htif_mm_read(void *opaque, hwaddr addr, unsigned size)
 {
-HTIFState *htifstate = opaque;
+HTIFState *s = opaque;
 if (addr == TOHOST_OFFSET1) {
-return htifstate->env->mtohost & 0x;
+return s->env->mtohost & 0x;
 } else if (addr == TOHOST_OFFSET2) {
-return (htifstate->env->mtohost >> 32) & 0x;
+return (s->env->mtohost >> 32) & 0x;
 } else if (addr == FROMHOST_OFFSET1) {
-return htifstate->env->mfromhost & 0x;
+return s->env->mfromhost & 0x;
 } else if (addr == FROMHOST_OFFSET2) {
-return (htifstate->env->mfromhost >> 32) & 0x;
+return (s->env->mfromhost >> 32) & 0x;
 } else {
 qemu_log("Invalid htif read: address %016" PRIx64 "\n",
 (uint64_t)addr);
@@ -230,25 +230,25 @@ static uint64_t htif_mm_read(void *opaque, hwaddr addr, 
unsigned size)
 static void htif_mm_write(void *opaque, hwaddr addr,
   uint64_t value, unsigned size)
 {
-HTIFState *htifstate = opaque;
+HTIFState *s = opaque;
 if (addr == TOHOST_OFFSET1) {
-if (htifstate->env->mtohost == 0x0) {
-htifstate->allow_tohost = 1;
-

[PULL 35/37] target/riscv: Introduce helper_set_rounding_mode_chkfrm

[Alistair Francis]

From: Richard Henderson 

The new helper always validates the contents of FRM, even
if the new rounding mode is not DYN.  This is required by
the vector unit.

Track whether we've validated FRM separately from whether
we've updated fp_status with a given rounding mode, so that
we can elide calls correctly.

This partially reverts d6c4d3f2a69 which attempted the to do
the same thing, but with two calls to gen_set_rm(), which is
both inefficient and tickles an assertion in decode_save_opc.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1441
Signed-off-by: Richard Henderson 
Reviewed-by: Daniel Henrique Barboza 
Acked-by: Alistair Francis 
Message-Id: <20230115160657.3169274-2-richard.hender...@linaro.org>
Signed-off-by: Alistair Francis 
---
 target/riscv/helper.h   |  1 +
 target/riscv/fpu_helper.c   | 37 +
 target/riscv/translate.c| 19 +
 target/riscv/insn_trans/trans_rvv.c.inc | 24 +++-
 4 files changed, 61 insertions(+), 20 deletions(-)

diff --git a/target/riscv/helper.h b/target/riscv/helper.h
index 227c7122ef..9792ab5086 100644
--- a/target/riscv/helper.h
+++ b/target/riscv/helper.h
@@ -3,6 +3,7 @@ DEF_HELPER_2(raise_exception, noreturn, env, i32)
 
 /* Floating Point - rounding mode */
 DEF_HELPER_FLAGS_2(set_rounding_mode, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(set_rounding_mode_chkfrm, TCG_CALL_NO_WG, void, env, i32)
 DEF_HELPER_FLAGS_1(set_rod_rounding_mode, TCG_CALL_NO_WG, void, env)
 
 /* Floating Point - fused */
diff --git a/target/riscv/fpu_helper.c b/target/riscv/fpu_helper.c
index 5699c9517f..96817df8ef 100644
--- a/target/riscv/fpu_helper.c
+++ b/target/riscv/fpu_helper.c
@@ -81,6 +81,43 @@ void helper_set_rounding_mode(CPURISCVState *env, uint32_t 
rm)
 set_float_rounding_mode(softrm, >fp_status);
 }
 
+void helper_set_rounding_mode_chkfrm(CPURISCVState *env, uint32_t rm)
+{
+int softrm;
+
+/* Always validate frm, even if rm != DYN. */
+if (unlikely(env->frm >= 5)) {
+riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC());
+}
+if (rm == RISCV_FRM_DYN) {
+rm = env->frm;
+}
+switch (rm) {
+case RISCV_FRM_RNE:
+softrm = float_round_nearest_even;
+break;
+case RISCV_FRM_RTZ:
+softrm = float_round_to_zero;
+break;
+case RISCV_FRM_RDN:
+softrm = float_round_down;
+break;
+case RISCV_FRM_RUP:
+softrm = float_round_up;
+break;
+case RISCV_FRM_RMM:
+softrm = float_round_ties_away;
+break;
+case RISCV_FRM_ROD:
+softrm = float_round_to_odd;
+break;
+default:
+g_assert_not_reached();
+}
+
+set_float_rounding_mode(softrm, >fp_status);
+}
+
 void helper_set_rod_rounding_mode(CPURISCVState *env)
 {
 set_float_rounding_mode(float_round_to_odd, >fp_status);
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index df38db7553..493c3815e1 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -114,6 +114,8 @@ typedef struct DisasContext {
 bool pm_base_enabled;
 /* Use icount trigger for native debug */
 bool itrigger;
+/* FRM is known to contain a valid value. */
+bool frm_valid;
 /* TCG of the current insn_start */
 TCGOp *insn_start;
 } DisasContext;
@@ -674,12 +676,29 @@ static void gen_set_rm(DisasContext *ctx, int rm)
 gen_helper_set_rod_rounding_mode(cpu_env);
 return;
 }
+if (rm == RISCV_FRM_DYN) {
+/* The helper will return only if frm valid. */
+ctx->frm_valid = true;
+}
 
 /* The helper may raise ILLEGAL_INSN -- record binv for unwind. */
 decode_save_opc(ctx);
 gen_helper_set_rounding_mode(cpu_env, tcg_constant_i32(rm));
 }
 
+static void gen_set_rm_chkfrm(DisasContext *ctx, int rm)
+{
+if (ctx->frm == rm && ctx->frm_valid) {
+return;
+}
+ctx->frm = rm;
+ctx->frm_valid = true;
+
+/* The helper may raise ILLEGAL_INSN -- record binv for unwind. */
+decode_save_opc(ctx);
+gen_helper_set_rounding_mode_chkfrm(cpu_env, tcg_constant_i32(rm));
+}
+
 static int ex_plus_1(DisasContext *ctx, int nf)
 {
 return nf + 1;
diff --git a/target/riscv/insn_trans/trans_rvv.c.inc 
b/target/riscv/insn_trans/trans_rvv.c.inc
index d455acedbf..bbb5c3a7b5 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -2679,13 +2679,9 @@ static bool do_opfv(DisasContext *s, arg_rmr *a,
 int rm)
 {
 if (checkfn(s, a)) {
-if (rm != RISCV_FRM_DYN) {
-gen_set_rm(s, RISCV_FRM_DYN);
-}
-
 uint32_t data = 0;
 TCGLabel *over = gen_new_label();
-gen_set_rm(s, rm);
+gen_set_rm_chkfrm(s, rm);
 tcg_gen_brcondi_tl(TCG_COND_EQ, cpu_vl, 0, over);
 tcg_gen_brcond_tl(TCG_COND_GEU, cpu_vstart, cpu_vl, over);
 
@@ -2882,17 +2878,13 @@ static 

[PULL 30/37] hw/riscv: use MachineState::fdt in riscv_socket_fdt_write_id()

[Alistair Francis]

From: Daniel Henrique Barboza 

There's no need to use a MachineState pointer and a fdt pointer now that
all RISC-V machines are using the FDT from the MachineState.

Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Message-Id: <2023070948.316276-6-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 include/hw/riscv/numa.h |  6 +++---
 hw/riscv/numa.c |  6 +++---
 hw/riscv/spike.c|  6 +++---
 hw/riscv/virt.c | 18 +-
 4 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/include/hw/riscv/numa.h b/include/hw/riscv/numa.h
index 1a9cce3344..634df6673f 100644
--- a/include/hw/riscv/numa.h
+++ b/include/hw/riscv/numa.h
@@ -90,10 +90,10 @@ bool riscv_socket_check_hartids(const MachineState *ms, int 
socket_id);
  * @ms: pointer to machine state
  * @socket_id: socket index
  *
- * Write NUMA node-id FDT property for given FDT node
+ * Write NUMA node-id FDT property in MachineState->fdt
  */
-void riscv_socket_fdt_write_id(const MachineState *ms, void *fdt,
-   const char *node_name, int socket_id);
+void riscv_socket_fdt_write_id(const MachineState *ms, const char *node_name,
+   int socket_id);
 
 /**
  * riscv_socket_fdt_write_distance_matrix:
diff --git a/hw/riscv/numa.c b/hw/riscv/numa.c
index 7fe92d402f..f4343f5cde 100644
--- a/hw/riscv/numa.c
+++ b/hw/riscv/numa.c
@@ -156,11 +156,11 @@ uint64_t riscv_socket_mem_size(const MachineState *ms, 
int socket_id)
 ms->numa_state->nodes[socket_id].node_mem : 0;
 }
 
-void riscv_socket_fdt_write_id(const MachineState *ms, void *fdt,
-   const char *node_name, int socket_id)
+void riscv_socket_fdt_write_id(const MachineState *ms, const char *node_name,
+   int socket_id)
 {
 if (numa_enabled(ms)) {
-qemu_fdt_setprop_cell(fdt, node_name, "numa-node-id", socket_id);
+qemu_fdt_setprop_cell(ms->fdt, node_name, "numa-node-id", socket_id);
 }
 }
 
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index c7550abfc7..5f12d80317 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -121,7 +121,7 @@ static void create_fdt(SpikeState *s, const MemMapEntry 
*memmap,
 qemu_fdt_setprop_cell(fdt, cpu_name, "reg",
 s->soc[socket].hartid_base + cpu);
 qemu_fdt_setprop_string(fdt, cpu_name, "device_type", "cpu");
-riscv_socket_fdt_write_id(mc, fdt, cpu_name, socket);
+riscv_socket_fdt_write_id(mc, cpu_name, socket);
 qemu_fdt_setprop_cell(fdt, cpu_name, "phandle", cpu_phandle);
 
 intc_name = g_strdup_printf("%s/interrupt-controller", cpu_name);
@@ -154,7 +154,7 @@ static void create_fdt(SpikeState *s, const MemMapEntry 
*memmap,
 qemu_fdt_setprop_cells(fdt, mem_name, "reg",
 addr >> 32, addr, size >> 32, size);
 qemu_fdt_setprop_string(fdt, mem_name, "device_type", "memory");
-riscv_socket_fdt_write_id(mc, fdt, mem_name, socket);
+riscv_socket_fdt_write_id(mc, mem_name, socket);
 g_free(mem_name);
 
 clint_addr = memmap[SPIKE_CLINT].base +
@@ -167,7 +167,7 @@ static void create_fdt(SpikeState *s, const MemMapEntry 
*memmap,
 0x0, clint_addr, 0x0, memmap[SPIKE_CLINT].size);
 qemu_fdt_setprop(fdt, clint_name, "interrupts-extended",
 clint_cells, s->soc[socket].num_harts * sizeof(uint32_t) * 4);
-riscv_socket_fdt_write_id(mc, fdt, clint_name, socket);
+riscv_socket_fdt_write_id(mc, clint_name, socket);
 
 g_free(clint_name);
 g_free(clint_cells);
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 99cb571024..6a2422a8cf 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -253,7 +253,7 @@ static void create_fdt_socket_cpus(RISCVVirtState *s, int 
socket,
 qemu_fdt_setprop_cell(mc->fdt, cpu_name, "reg",
 s->soc[socket].hartid_base + cpu);
 qemu_fdt_setprop_string(mc->fdt, cpu_name, "device_type", "cpu");
-riscv_socket_fdt_write_id(mc, mc->fdt, cpu_name, socket);
+riscv_socket_fdt_write_id(mc, cpu_name, socket);
 qemu_fdt_setprop_cell(mc->fdt, cpu_name, "phandle", cpu_phandle);
 
 intc_phandles[cpu] = (*phandle)++;
@@ -291,7 +291,7 @@ static void create_fdt_socket_memory(RISCVVirtState *s,
 qemu_fdt_setprop_cells(mc->fdt, mem_name, "reg",
 addr >> 32, addr, size >> 32, size);
 qemu_fdt_setprop_string(mc->fdt, mem_name, "device_type", "memory");
-riscv_socket_fdt_write_id(mc, mc->fdt, mem_name, socket);
+riscv_socket_fdt_write_id(mc, mem_name, socket);
 g_free(mem_name);
 }
 
@@ -327,7 +327,7 @@ static void create_fdt_socket_clint(RISCVVirtState *s,
 0x0, clint_addr, 0x0, memmap[VIRT_CLINT].size);
 qemu_fdt_setprop(mc->fdt, clint_name, "interrupts-extended",
 clint_cells, s->soc[socket].num_harts * 

[PULL 14/37] tests/avocado: add RISC-V OpenSBI boot test

[Alistair Francis]

From: Daniel Henrique Barboza 

This test is used to do a quick sanity check to ensure that we're able
to run the existing QEMU FW image.

'sifive_u', 'spike' and 'virt' riscv64 machines, and 'sifive_u' and
'virt' 32 bit machines are able to run the default RISCV64_BIOS_BIN |
RISCV32_BIOS_BIN firmware with minimal options.

The riscv32 'spike' machine isn't bootable at this moment, requiring an
OpenSBI fix [1] and QEMU side changes [2]. We could just leave at that
or add a 'skip' test to remind us about it. To work as a reminder that
we have a riscv32 'spike' test that should be enabled as soon as OpenSBI
QEMU rom receives the fix, we're adding a 'skip' test:

(06/18) tests/avocado/riscv_opensbi.py:RiscvOpenSBI.test_riscv32_spike:
SKIP: requires OpenSBI fix to work

[1] 
https://patchwork.ozlabs.org/project/opensbi/patch/20221226033603.1860569-1-bm...@tinylab.org/
[2] https://patchwork.ozlabs.org/project/qemu-devel/list/?series=334159

Cc: Cleber Rosa 
Cc: Philippe Mathieu-Daudé 
Reviewed-by: Bin Meng 
Tested-by: Bin Meng 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel Henrique Barboza 
Acked-by: Alistair Francis 
Message-Id: <20230102115241.25733-2-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 tests/avocado/riscv_opensbi.py | 65 ++
 1 file changed, 65 insertions(+)
 create mode 100644 tests/avocado/riscv_opensbi.py

diff --git a/tests/avocado/riscv_opensbi.py b/tests/avocado/riscv_opensbi.py
new file mode 100644
index 00..e02f0d404a
--- /dev/null
+++ b/tests/avocado/riscv_opensbi.py
@@ -0,0 +1,65 @@
+# OpenSBI boot test for RISC-V machines
+#
+# Copyright (c) 2022, Ventana Micro
+#
+# This work is licensed under the terms of the GNU GPL, version 2 or
+# later.  See the COPYING file in the top-level directory.
+
+from avocado_qemu import QemuSystemTest
+from avocado import skip
+from avocado_qemu import wait_for_console_pattern
+
+class RiscvOpenSBI(QemuSystemTest):
+"""
+:avocado: tags=accel:tcg
+"""
+timeout = 5
+
+def boot_opensbi(self):
+self.vm.set_console()
+self.vm.launch()
+wait_for_console_pattern(self, 'Platform Name')
+wait_for_console_pattern(self, 'Boot HART MEDELEG')
+
+@skip("requires OpenSBI fix to work")
+def test_riscv32_spike(self):
+"""
+:avocado: tags=arch:riscv32
+:avocado: tags=machine:spike
+"""
+self.boot_opensbi()
+
+def test_riscv64_spike(self):
+"""
+:avocado: tags=arch:riscv64
+:avocado: tags=machine:spike
+"""
+self.boot_opensbi()
+
+def test_riscv32_sifive_u(self):
+"""
+:avocado: tags=arch:riscv32
+:avocado: tags=machine:sifive_u
+"""
+self.boot_opensbi()
+
+def test_riscv64_sifive_u(self):
+"""
+:avocado: tags=arch:riscv64
+:avocado: tags=machine:sifive_u
+"""
+self.boot_opensbi()
+
+def test_riscv32_virt(self):
+"""
+:avocado: tags=arch:riscv32
+:avocado: tags=machine:virt
+"""
+self.boot_opensbi()
+
+def test_riscv64_virt(self):
+"""
+:avocado: tags=arch:riscv64
+:avocado: tags=machine:virt
+"""
+self.boot_opensbi()
-- 
2.39.0

[PULL 37/37] hw/riscv/virt.c: move create_fw_cfg() back to virt_machine_init()

[Alistair Francis]

From: Daniel Henrique Barboza 

Commit 1c20d3ff6004 ("hw/riscv: virt: Add a machine done notifier")
moved the initialization of fw_cfg to the virt_machine_done() callback.

Problem is that the validation of fw_cfg by devices such as ramfb is
done before the machine done notifier is called. Moving create_fw_cfg()
to machine_done() results in QEMU failing to boot when using a ramfb
device:

./qemu-system-riscv64 -machine virt -device ramfb -serial stdio
qemu-system-riscv64: -device ramfb: ramfb device requires fw_cfg with DMA

The fix is simple: move create_fw_cfg() config back to
virt_machine_init(). This happens to be the same way the ARM 'virt'
machine deals with fw_cfg (see machvirt_init() and virt_machine_done()
in hw/arm/virt.c), so we're keeping consistency with how other machines
handle this device.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1343
Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Alistair Francis 
Message-Id: <20230117132751.229738-2-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 hw/riscv/virt.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index e6d4f06e8d..4a11b4b010 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -1254,13 +1254,6 @@ static void virt_machine_done(Notifier *notifier, void 
*data)
 firmware_end_addr = riscv_find_and_load_firmware(machine, firmware_name,
  start_addr, NULL);
 
-/*
- * Init fw_cfg.  Must be done before riscv_load_fdt, otherwise the device
- * tree cannot be altered and we get FDT_ERR_NOSPACE.
- */
-s->fw_cfg = create_fw_cfg(machine);
-rom_set_fw(s->fw_cfg);
-
 if (drive_get(IF_PFLASH, 0, 1)) {
 /*
  * S-mode FW like EDK2 will be kept in second plash (unit 1).
@@ -1468,6 +1461,13 @@ static void virt_machine_init(MachineState *machine)
 memory_region_add_subregion(system_memory, memmap[VIRT_MROM].base,
 mask_rom);
 
+/*
+ * Init fw_cfg. Must be done before riscv_load_fdt, otherwise the
+ * device tree cannot be altered and we get FDT_ERR_NOSPACE.
+ */
+s->fw_cfg = create_fw_cfg(machine);
+rom_set_fw(s->fw_cfg);
+
 /* SiFive Test MMIO device */
 sifive_test_create(memmap[VIRT_TEST].base);
 
-- 
2.39.0

[PULL 19/37] hw/riscv: write initrd 'chosen' FDT inside riscv_load_initrd()

[Alistair Francis]

From: Daniel Henrique Barboza 

riscv_load_initrd() returns the initrd end addr while also writing a
'start' var to mark the addr start. These informations are being used
just to write the initrd FDT node. Every existing caller of
riscv_load_initrd() is writing the FDT in the same manner.

We can simplify things by writing the FDT inside riscv_load_initrd(),
sparing callers from having to manage start/end addrs to write the FDT
themselves.

An 'if (fdt)' check is already inserted at the end of the function
because we'll end up using it later on with other boards that doesn´t
have a FDT.

Cc: Palmer Dabbelt 
Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Bin Meng 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Message-Id: <20230102115241.25733-7-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 include/hw/riscv/boot.h|  4 ++--
 hw/riscv/boot.c| 18 --
 hw/riscv/microchip_pfsoc.c | 10 ++
 hw/riscv/sifive_u.c| 10 ++
 hw/riscv/spike.c   | 10 ++
 hw/riscv/virt.c| 10 ++
 6 files changed, 22 insertions(+), 40 deletions(-)

diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
index b273ab22f7..e37e1d1238 100644
--- a/include/hw/riscv/boot.h
+++ b/include/hw/riscv/boot.h
@@ -46,8 +46,8 @@ target_ulong riscv_load_firmware(const char 
*firmware_filename,
 target_ulong riscv_load_kernel(const char *kernel_filename,
target_ulong firmware_end_addr,
symbol_fn_t sym_cb);
-hwaddr riscv_load_initrd(const char *filename, uint64_t mem_size,
- uint64_t kernel_entry, hwaddr *start);
+void riscv_load_initrd(const char *filename, uint64_t mem_size,
+   uint64_t kernel_entry, void *fdt);
 uint64_t riscv_load_fdt(hwaddr dram_start, uint64_t dram_size, void *fdt);
 void riscv_setup_rom_reset_vec(MachineState *machine, RISCVHartArrayState 
*harts,
hwaddr saddr,
diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index 31aa3385a0..6b948d1c9e 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -208,9 +208,10 @@ target_ulong riscv_load_kernel(const char *kernel_filename,
 exit(1);
 }
 
-hwaddr riscv_load_initrd(const char *filename, uint64_t mem_size,
- uint64_t kernel_entry, hwaddr *start)
+void riscv_load_initrd(const char *filename, uint64_t mem_size,
+   uint64_t kernel_entry, void *fdt)
 {
+hwaddr start, end;
 ssize_t size;
 
 g_assert(filename != NULL);
@@ -226,18 +227,23 @@ hwaddr riscv_load_initrd(const char *filename, uint64_t 
mem_size,
  * halfway into RAM, and for boards with 256MB of RAM or more we put
  * the initrd at 128MB.
  */
-*start = kernel_entry + MIN(mem_size / 2, 128 * MiB);
+start = kernel_entry + MIN(mem_size / 2, 128 * MiB);
 
-size = load_ramdisk(filename, *start, mem_size - *start);
+size = load_ramdisk(filename, start, mem_size - start);
 if (size == -1) {
-size = load_image_targphys(filename, *start, mem_size - *start);
+size = load_image_targphys(filename, start, mem_size - start);
 if (size == -1) {
 error_report("could not load ramdisk '%s'", filename);
 exit(1);
 }
 }
 
-return *start + size;
+/* Some RISC-V machines (e.g. opentitan) don't have a fdt. */
+if (fdt) {
+end = start + size;
+qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-start", start);
+qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-end", end);
+}
 }
 
 uint64_t riscv_load_fdt(hwaddr dram_base, uint64_t mem_size, void *fdt)
diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c
index b10321b564..593a799549 100644
--- a/hw/riscv/microchip_pfsoc.c
+++ b/hw/riscv/microchip_pfsoc.c
@@ -633,14 +633,8 @@ static void microchip_icicle_kit_machine_init(MachineState 
*machine)
  kernel_start_addr, NULL);
 
 if (machine->initrd_filename) {
-hwaddr start;
-hwaddr end = riscv_load_initrd(machine->initrd_filename,
-   machine->ram_size, kernel_entry,
-   );
-qemu_fdt_setprop_cell(machine->fdt, "/chosen",
-  "linux,initrd-start", start);
-qemu_fdt_setprop_cell(machine->fdt, "/chosen",
-  "linux,initrd-end", end);
+riscv_load_initrd(machine->initrd_filename, machine->ram_size,
+  kernel_entry, machine->fdt);
 }
 
 if (machine->kernel_cmdline && *machine->kernel_cmdline) {
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index ddceb750ea..37f5087172 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -608,14 +608,8 @@ static void 

[PULL 03/37] hw/char: riscv_htif: Drop useless assignment of memory region

[Alistair Francis]

From: Bin Meng 

struct HTIFState has 3 members for address space and memory region,
and are initialized during htif_mm_init(). But they are actually
useless. Drop them.

Signed-off-by: Bin Meng 
Reviewed-by: Daniel Henrique Barboza 
Reviewed-by: Alistair Francis 
Message-Id: <20221229091828.1945072-4-bm...@tinylab.org>
Signed-off-by: Alistair Francis 
---
 include/hw/char/riscv_htif.h | 7 ++-
 hw/char/riscv_htif.c | 7 ++-
 hw/riscv/spike.c | 5 ++---
 3 files changed, 6 insertions(+), 13 deletions(-)

diff --git a/include/hw/char/riscv_htif.h b/include/hw/char/riscv_htif.h
index 3eccc1914f..6d172ebd6d 100644
--- a/include/hw/char/riscv_htif.h
+++ b/include/hw/char/riscv_htif.h
@@ -34,9 +34,6 @@ typedef struct HTIFState {
 hwaddr tohost_offset;
 hwaddr fromhost_offset;
 MemoryRegion mmio;
-MemoryRegion *address_space;
-MemoryRegion *main_mem;
-void *main_mem_ram_ptr;
 
 CPURISCVState *env;
 CharBackend chr;
@@ -54,7 +51,7 @@ void htif_symbol_callback(const char *st_name, int st_info, 
uint64_t st_value,
 bool htif_uses_elf_symbols(void);
 
 /* legacy pre qom */
-HTIFState *htif_mm_init(MemoryRegion *address_space, MemoryRegion *main_mem,
-CPURISCVState *env, Chardev *chr, uint64_t nonelf_base);
+HTIFState *htif_mm_init(MemoryRegion *address_space, CPURISCVState *env,
+Chardev *chr, uint64_t nonelf_base);
 
 #endif
diff --git a/hw/char/riscv_htif.c b/hw/char/riscv_htif.c
index 088556bb04..e7e319ca1d 100644
--- a/hw/char/riscv_htif.c
+++ b/hw/char/riscv_htif.c
@@ -265,8 +265,8 @@ bool htif_uses_elf_symbols(void)
 return (address_symbol_set == 3) ? true : false;
 }
 
-HTIFState *htif_mm_init(MemoryRegion *address_space, MemoryRegion *main_mem,
-CPURISCVState *env, Chardev *chr, uint64_t nonelf_base)
+HTIFState *htif_mm_init(MemoryRegion *address_space, CPURISCVState *env,
+Chardev *chr, uint64_t nonelf_base)
 {
 uint64_t base, size, tohost_offset, fromhost_offset;
 
@@ -281,9 +281,6 @@ HTIFState *htif_mm_init(MemoryRegion *address_space, 
MemoryRegion *main_mem,
 fromhost_offset = fromhost_addr - base;
 
 HTIFState *s = g_new0(HTIFState, 1);
-s->address_space = address_space;
-s->main_mem = main_mem;
-s->main_mem_ram_ptr = memory_region_get_ram_ptr(main_mem);
 s->env = env;
 s->tohost_offset = tohost_offset;
 s->fromhost_offset = fromhost_offset;
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index 13946acf0d..bc4953cf4a 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -316,9 +316,8 @@ static void spike_board_init(MachineState *machine)
   fdt_load_addr);
 
 /* initialize HTIF using symbols found in load_kernel */
-htif_mm_init(system_memory, mask_rom,
- >soc[0].harts[0].env, serial_hd(0),
- memmap[SPIKE_HTIF].base);
+htif_mm_init(system_memory, >soc[0].harts[0].env,
+ serial_hd(0), memmap[SPIKE_HTIF].base);
 }
 
 static void spike_machine_instance_init(Object *obj)
-- 
2.39.0

[PULL 27/37] hw/riscv/virt.c: simplify create_fdt()

[Alistair Francis]

From: Daniel Henrique Barboza 

'mem_size' and 'cmdline' aren't being used. Remove them.

Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Message-Id: <2023070948.316276-3-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 hw/riscv/virt.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index c8e35f861e..1921d3caa3 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -999,7 +999,7 @@ static void create_fdt_fw_cfg(RISCVVirtState *s, const 
MemMapEntry *memmap)
 }
 
 static void create_fdt(RISCVVirtState *s, const MemMapEntry *memmap,
-   uint64_t mem_size, const char *cmdline, bool is_32_bit)
+   bool is_32_bit)
 {
 MachineState *mc = MACHINE(s);
 uint32_t phandle = 1, irq_mmio_phandle = 1, msi_pcie_phandle = 1;
@@ -1507,8 +1507,7 @@ static void virt_machine_init(MachineState *machine)
 virt_flash_map(s, system_memory);
 
 /* create device tree */
-create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline,
-   riscv_is_32bit(>soc[0]));
+create_fdt(s, memmap, riscv_is_32bit(>soc[0]));
 
 s->machine_done.notify = virt_machine_done;
 qemu_add_machine_init_done_notifier(>machine_done);
-- 
2.39.0

[PULL 12/37] hw/riscv: spike: Decouple create_fdt() dependency to ELF loading

[Alistair Francis]

From: Bin Meng 

At present create_fdt() calls htif_uses_elf_symbols() to determine
whether to insert a  property for the HTIF. This unfortunately
creates a hidden dependency to riscv_load_{firmware,kernel} that
create_fdt() must be called after the ELF {firmware,kernel} image
has been loaded.

Decouple such dependency be adding a new parameter to create_fdt(),
whether custom HTIF base address is used. The flag will be set if
non ELF {firmware,kernel} image is given by user.

Signed-off-by: Bin Meng 
Reviewed-by: Daniel Henrique Barboza 
Message-Id: <20221229091828.1945072-13-bm...@tinylab.org>
Signed-off-by: Alistair Francis 
---
 include/hw/char/riscv_htif.h |  5 +--
 hw/char/riscv_htif.c | 17 +-
 hw/riscv/spike.c | 61 ++--
 3 files changed, 59 insertions(+), 24 deletions(-)

diff --git a/include/hw/char/riscv_htif.h b/include/hw/char/riscv_htif.h
index 9e8ebbe017..5958c5b986 100644
--- a/include/hw/char/riscv_htif.h
+++ b/include/hw/char/riscv_htif.h
@@ -44,11 +44,8 @@ typedef struct HTIFState {
 void htif_symbol_callback(const char *st_name, int st_info, uint64_t st_value,
 uint64_t st_size);
 
-/* Check if HTIF uses ELF symbols */
-bool htif_uses_elf_symbols(void);
-
 /* legacy pre qom */
 HTIFState *htif_mm_init(MemoryRegion *address_space, Chardev *chr,
-uint64_t nonelf_base);
+uint64_t nonelf_base, bool custom_base);
 
 #endif
diff --git a/hw/char/riscv_htif.c b/hw/char/riscv_htif.c
index 1477fc0090..098de50e35 100644
--- a/hw/char/riscv_htif.c
+++ b/hw/char/riscv_htif.c
@@ -52,20 +52,17 @@
 #define PK_SYS_WRITE64
 
 static uint64_t fromhost_addr, tohost_addr;
-static int address_symbol_set;
 
 void htif_symbol_callback(const char *st_name, int st_info, uint64_t st_value,
   uint64_t st_size)
 {
 if (strcmp("fromhost", st_name) == 0) {
-address_symbol_set |= 1;
 fromhost_addr = st_value;
 if (st_size != 8) {
 error_report("HTIF fromhost must be 8 bytes");
 exit(1);
 }
 } else if (strcmp("tohost", st_name) == 0) {
-address_symbol_set |= 2;
 tohost_addr = st_value;
 if (st_size != 8) {
 error_report("HTIF tohost must be 8 bytes");
@@ -275,19 +272,19 @@ static const MemoryRegionOps htif_mm_ops = {
 .write = htif_mm_write,
 };
 
-bool htif_uses_elf_symbols(void)
-{
-return (address_symbol_set == 3) ? true : false;
-}
-
 HTIFState *htif_mm_init(MemoryRegion *address_space, Chardev *chr,
-uint64_t nonelf_base)
+uint64_t nonelf_base, bool custom_base)
 {
 uint64_t base, size, tohost_offset, fromhost_offset;
 
-if (!htif_uses_elf_symbols()) {
+if (custom_base) {
 fromhost_addr = nonelf_base;
 tohost_addr = nonelf_base + 8;
+} else {
+if (!fromhost_addr || !tohost_addr) {
+error_report("Invalid HTIF fromhost or tohost address");
+exit(1);
+}
 }
 
 base = MIN(tohost_addr, fromhost_addr);
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index 3c8a8de673..1679c325d5 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -49,7 +49,8 @@ static const MemMapEntry spike_memmap[] = {
 };
 
 static void create_fdt(SpikeState *s, const MemMapEntry *memmap,
-   uint64_t mem_size, const char *cmdline, bool is_32_bit)
+   uint64_t mem_size, const char *cmdline,
+   bool is_32_bit, bool htif_custom_base)
 {
 void *fdt;
 uint64_t addr, size;
@@ -77,7 +78,7 @@ static void create_fdt(SpikeState *s, const MemMapEntry 
*memmap,
 
 qemu_fdt_add_subnode(fdt, "/htif");
 qemu_fdt_setprop_string(fdt, "/htif", "compatible", "ucb,htif0");
-if (!htif_uses_elf_symbols()) {
+if (htif_custom_base) {
 qemu_fdt_setprop_cells(fdt, "/htif", "reg",
 0x0, memmap[SPIKE_HTIF].base, 0x0, memmap[SPIKE_HTIF].size);
 }
@@ -183,18 +184,33 @@ static void create_fdt(SpikeState *s, const MemMapEntry 
*memmap,
 }
 }
 
+static bool spike_test_elf_image(char *filename)
+{
+Error *err = NULL;
+
+load_elf_hdr(filename, NULL, NULL, );
+if (err) {
+error_free(err);
+return false;
+} else {
+return true;
+}
+}
+
 static void spike_board_init(MachineState *machine)
 {
 const MemMapEntry *memmap = spike_memmap;
 SpikeState *s = SPIKE_MACHINE(machine);
 MemoryRegion *system_memory = get_system_memory();
 MemoryRegion *mask_rom = g_new(MemoryRegion, 1);
-target_ulong firmware_end_addr, kernel_start_addr;
-const char *firmware_name;
+target_ulong firmware_end_addr = memmap[SPIKE_DRAM].base;
+target_ulong kernel_start_addr;
+char *firmware_name;
 uint32_t fdt_load_addr;
 uint64_t kernel_entry;
 char *soc_name;
 int i, base_hartid, hart_count;
+bool htif_custom_base = false;
 
 

[PULL 28/37] hw/riscv/sifive_u.c: simplify create_fdt()

[Alistair Francis]

From: Daniel Henrique Barboza 

'cmdline' isn't being used. Remove it.

A MachineState pointer is being retrieved via a MACHINE() macro calling
qdev_get_machine(). Use MACHINE(s) instead to avoid calling qdev().

 'mem_size' is being set as machine->ram_size by the caller. Retrieve it
via ms->ram_size.

Cc: Palmer Dabbelt 
Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Message-Id: <2023070948.316276-4-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 hw/riscv/sifive_u.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index bac394c959..2fb6ee231f 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -94,9 +94,10 @@ static const MemMapEntry sifive_u_memmap[] = {
 #define GEM_REVISION0x10070109
 
 static void create_fdt(SiFiveUState *s, const MemMapEntry *memmap,
-   uint64_t mem_size, const char *cmdline, bool is_32_bit)
+   bool is_32_bit)
 {
-MachineState *ms = MACHINE(qdev_get_machine());
+MachineState *ms = MACHINE(s);
+uint64_t mem_size = ms->ram_size;
 void *fdt;
 int cpu, fdt_size;
 uint32_t *cells;
@@ -560,8 +561,7 @@ static void sifive_u_machine_init(MachineState *machine)
   qemu_allocate_irq(sifive_u_machine_reset, NULL, 0));
 
 /* create device tree */
-create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline,
-   riscv_is_32bit(>soc.u_cpus));
+create_fdt(s, memmap, riscv_is_32bit(>soc.u_cpus));
 
 if (s->start_in_flash) {
 /*
-- 
2.39.0

[PULL 01/37] hw/char: riscv_htif: Avoid using magic numbers

[Alistair Francis]

From: Bin Meng 

The Spike HTIF is poorly documented. The only relevant info we can
get from the internet is from Andrew Waterman at [1].

Add a comment block before htif_handle_tohost_write() to explain
the tohost register format, and use meaningful macros instead of
magic numbers in the codes.

While we are here, correct 2 multi-line comment blocks that have
wrong format.

Link: 
https://github.com/riscv-software-src/riscv-isa-sim/issues/364#issuecomment-607657754
 [1]
Signed-off-by: Bin Meng 
Reviewed-by: Daniel Henrique Barboza 
Reviewed-by: Alistair Francis 
Message-Id: <20221229091828.1945072-2-bm...@tinylab.org>
Signed-off-by: Alistair Francis 
---
 hw/char/riscv_htif.c | 72 
 1 file changed, 52 insertions(+), 20 deletions(-)

diff --git a/hw/char/riscv_htif.c b/hw/char/riscv_htif.c
index 6577f0e640..088556bb04 100644
--- a/hw/char/riscv_htif.c
+++ b/hw/char/riscv_htif.c
@@ -38,6 +38,16 @@
 }  
\
 } while (0)
 
+#define HTIF_DEV_SHIFT  56
+#define HTIF_CMD_SHIFT  48
+
+#define HTIF_DEV_SYSTEM 0
+#define HTIF_DEV_CONSOLE1
+
+#define HTIF_SYSTEM_CMD_SYSCALL 0
+#define HTIF_CONSOLE_CMD_GETC   0
+#define HTIF_CONSOLE_CMD_PUTC   1
+
 static uint64_t fromhost_addr, tohost_addr;
 static int address_symbol_set;
 
@@ -81,9 +91,11 @@ static void htif_recv(void *opaque, const uint8_t *buf, int 
size)
 return;
 }
 
-/* TODO - we need to check whether mfromhost is zero which indicates
-  the device is ready to receive. The current implementation
-  will drop characters */
+/*
+ * TODO - we need to check whether mfromhost is zero which indicates
+ *the device is ready to receive. The current implementation
+ *will drop characters
+ */
 
 uint64_t val_written = htifstate->pending_read;
 uint64_t resp = 0x100 | *buf;
@@ -110,10 +122,30 @@ static int htif_be_change(void *opaque)
 return 0;
 }
 
+/*
+ * See below the tohost register format.
+ *
+ * Bits 63:56 indicate the "device".
+ * Bits 55:48 indicate the "command".
+ *
+ * Device 0 is the syscall device, which is used to emulate Unixy syscalls.
+ * It only implements command 0, which has two subfunctions:
+ * - If bit 0 is clear, then bits 47:0 represent a pointer to a struct
+ *   describing the syscall.
+ * - If bit 1 is set, then bits 47:1 represent an exit code, with a zero
+ *   value indicating success and other values indicating failure.
+ *
+ * Device 1 is the blocking character device.
+ * - Command 0 reads a character
+ * - Command 1 writes a character from the 8 LSBs of tohost
+ *
+ * For RV32, the tohost register is zero-extended, so only device=0 and
+ * command=0 (i.e. HTIF syscalls/exit codes) are supported.
+ */
 static void htif_handle_tohost_write(HTIFState *htifstate, uint64_t 
val_written)
 {
-uint8_t device = val_written >> 56;
-uint8_t cmd = val_written >> 48;
+uint8_t device = val_written >> HTIF_DEV_SHIFT;
+uint8_t cmd = val_written >> HTIF_CMD_SHIFT;
 uint64_t payload = val_written & 0xULL;
 int resp = 0;
 
@@ -125,9 +157,9 @@ static void htif_handle_tohost_write(HTIFState *htifstate, 
uint64_t val_written)
  * 0: riscv-tests Pass/Fail Reporting Only (no syscall proxy)
  * 1: Console
  */
-if (unlikely(device == 0x0)) {
+if (unlikely(device == HTIF_DEV_SYSTEM)) {
 /* frontend syscall handler, shutdown and exit code support */
-if (cmd == 0x0) {
+if (cmd == HTIF_SYSTEM_CMD_SYSCALL) {
 if (payload & 0x1) {
 /* exit code */
 int exit_code = payload >> 1;
@@ -138,14 +170,14 @@ static void htif_handle_tohost_write(HTIFState 
*htifstate, uint64_t val_written)
 } else {
 qemu_log("HTIF device %d: unknown command\n", device);
 }
-} else if (likely(device == 0x1)) {
+} else if (likely(device == HTIF_DEV_CONSOLE)) {
 /* HTIF Console */
-if (cmd == 0x0) {
+if (cmd == HTIF_CONSOLE_CMD_GETC) {
 /* this should be a queue, but not yet implemented as such */
 htifstate->pending_read = val_written;
 htifstate->env->mtohost = 0; /* clear to indicate we read */
 return;
-} else if (cmd == 0x1) {
+} else if (cmd == HTIF_CONSOLE_CMD_PUTC) {
 qemu_chr_fe_write(>chr, (uint8_t *), 1);
 resp = 0x100 | (uint8_t)payload;
 } else {
@@ -157,15 +189,15 @@ static void htif_handle_tohost_write(HTIFState 
*htifstate, uint64_t val_written)
 " payload: %016" PRIx64, device, cmd, payload & 0xFF, payload);
 }
 /*
- * - latest bbl does not set fromhost to 0 if there is a value in tohost
- * - with this code enabled, qemu hangs waiting for fromhost to go to 0
- * - with this code disabled, qemu works with bbl priv v1.9.1 and 

[PULL 29/37] hw/riscv/virt.c: remove 'is_32_bit' param from create_fdt_socket_cpus()

[Alistair Francis]

From: Daniel Henrique Barboza 

create_fdt_socket_cpus() writes a different 'mmu-type' value if we're
running in 32 or 64 bits. However, the flag is being calculated during
virt_machine_init(), and is passed around in create_fdt(), then
create_fdt_socket(), and then finally create_fdt_socket_cpus(). None of
the intermediate functions are using the flag, which is a bit
misleading.

Remove 'is_32_bit' flag from create_fdt_socket_cpus() and calculate it
using the already available RISCVVirtState pointer. This will also
change the signature of create_fdt_socket() and create_fdt(), making it
clear that these functions don't do anything special when we're running
in 32 bit mode.

Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Message-Id: <2023070948.316276-5-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 hw/riscv/virt.c | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 1921d3caa3..99cb571024 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -223,12 +223,13 @@ static void create_pcie_irq_map(RISCVVirtState *s, void 
*fdt, char *nodename,
 
 static void create_fdt_socket_cpus(RISCVVirtState *s, int socket,
char *clust_name, uint32_t *phandle,
-   bool is_32_bit, uint32_t *intc_phandles)
+   uint32_t *intc_phandles)
 {
 int cpu;
 uint32_t cpu_phandle;
 MachineState *mc = MACHINE(s);
 char *name, *cpu_name, *core_name, *intc_name;
+bool is_32_bit = riscv_is_32bit(>soc[0]);
 
 for (cpu = s->soc[socket].num_harts - 1; cpu >= 0; cpu--) {
 cpu_phandle = (*phandle)++;
@@ -721,7 +722,7 @@ static void create_fdt_pmu(RISCVVirtState *s)
 }
 
 static void create_fdt_sockets(RISCVVirtState *s, const MemMapEntry *memmap,
-   bool is_32_bit, uint32_t *phandle,
+   uint32_t *phandle,
uint32_t *irq_mmio_phandle,
uint32_t *irq_pcie_phandle,
uint32_t *irq_virtio_phandle,
@@ -750,7 +751,7 @@ static void create_fdt_sockets(RISCVVirtState *s, const 
MemMapEntry *memmap,
 qemu_fdt_add_subnode(mc->fdt, clust_name);
 
 create_fdt_socket_cpus(s, socket, clust_name, phandle,
-is_32_bit, _phandles[phandle_pos]);
+   _phandles[phandle_pos]);
 
 create_fdt_socket_memory(s, memmap, socket);
 
@@ -998,8 +999,7 @@ static void create_fdt_fw_cfg(RISCVVirtState *s, const 
MemMapEntry *memmap)
 g_free(nodename);
 }
 
-static void create_fdt(RISCVVirtState *s, const MemMapEntry *memmap,
-   bool is_32_bit)
+static void create_fdt(RISCVVirtState *s, const MemMapEntry *memmap)
 {
 MachineState *mc = MACHINE(s);
 uint32_t phandle = 1, irq_mmio_phandle = 1, msi_pcie_phandle = 1;
@@ -1031,9 +1031,9 @@ static void create_fdt(RISCVVirtState *s, const 
MemMapEntry *memmap,
 qemu_fdt_setprop_cell(mc->fdt, "/soc", "#size-cells", 0x2);
 qemu_fdt_setprop_cell(mc->fdt, "/soc", "#address-cells", 0x2);
 
-create_fdt_sockets(s, memmap, is_32_bit, ,
-_mmio_phandle, _pcie_phandle, _virtio_phandle,
-_pcie_phandle);
+create_fdt_sockets(s, memmap, , _mmio_phandle,
+   _pcie_phandle, _virtio_phandle,
+   _pcie_phandle);
 
 create_fdt_virtio(s, memmap, irq_virtio_phandle);
 
@@ -1507,7 +1507,7 @@ static void virt_machine_init(MachineState *machine)
 virt_flash_map(s, system_memory);
 
 /* create device tree */
-create_fdt(s, memmap, riscv_is_32bit(>soc[0]));
+create_fdt(s, memmap);
 
 s->machine_done.notify = virt_machine_done;
 qemu_add_machine_init_done_notifier(>machine_done);
-- 
2.39.0

[PULL 18/37] hw/riscv/spike.c: load initrd right after riscv_load_kernel()

[Alistair Francis]

From: Daniel Henrique Barboza 

This will make the code more in line with what the other boards are
doing. We'll also avoid an extra check to machine->kernel_filename since
we already checked that before executing riscv_load_kernel().

Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Reviewed-by: Bin Meng 
Message-Id: <20230102115241.25733-6-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 hw/riscv/spike.c | 31 +++
 1 file changed, 15 insertions(+), 16 deletions(-)

diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index 25c5420ee6..004dfb2d5b 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -302,6 +302,10 @@ static void spike_board_init(MachineState *machine)
 g_free(firmware_name);
 }
 
+/* Create device tree */
+create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline,
+   riscv_is_32bit(>soc[0]), htif_custom_base);
+
 /* Load kernel */
 if (machine->kernel_filename) {
 kernel_start_addr = riscv_calc_kernel_start_addr(>soc[0],
@@ -310,6 +314,17 @@ static void spike_board_init(MachineState *machine)
 kernel_entry = riscv_load_kernel(machine->kernel_filename,
  kernel_start_addr,
  htif_symbol_callback);
+
+if (machine->initrd_filename) {
+hwaddr start;
+hwaddr end = riscv_load_initrd(machine->initrd_filename,
+   machine->ram_size, kernel_entry,
+   );
+qemu_fdt_setprop_cell(machine->fdt, "/chosen",
+  "linux,initrd-start", start);
+qemu_fdt_setprop_cell(machine->fdt, "/chosen", "linux,initrd-end",
+  end);
+}
 } else {
/*
 * If dynamic firmware is used, it doesn't know where is the next mode
@@ -318,22 +333,6 @@ static void spike_board_init(MachineState *machine)
 kernel_entry = 0;
 }
 
-/* Create device tree */
-create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline,
-   riscv_is_32bit(>soc[0]), htif_custom_base);
-
-/* Load initrd */
-if (machine->kernel_filename && machine->initrd_filename) {
-hwaddr start;
-hwaddr end = riscv_load_initrd(machine->initrd_filename,
-   machine->ram_size, kernel_entry,
-   );
-qemu_fdt_setprop_cell(machine->fdt, "/chosen",
-  "linux,initrd-start", start);
-qemu_fdt_setprop_cell(machine->fdt, "/chosen", "linux,initrd-end",
-  end);
-}
-
 /* Compute the fdt load address in dram */
 fdt_load_addr = riscv_load_fdt(memmap[SPIKE_DRAM].base,
machine->ram_size, machine->fdt);
-- 
2.39.0

[PULL 26/37] hw/riscv/spike.c: simplify create_fdt()

[Alistair Francis]

From: Daniel Henrique Barboza 

'mem_size' and 'cmdline' are unused.

Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Message-Id: <2023070948.316276-2-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 hw/riscv/spike.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index bff9475686..c7550abfc7 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -49,7 +49,6 @@ static const MemMapEntry spike_memmap[] = {
 };
 
 static void create_fdt(SpikeState *s, const MemMapEntry *memmap,
-   uint64_t mem_size, const char *cmdline,
bool is_32_bit, bool htif_custom_base)
 {
 void *fdt;
@@ -299,8 +298,7 @@ static void spike_board_init(MachineState *machine)
 }
 
 /* Create device tree */
-create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline,
-   riscv_is_32bit(>soc[0]), htif_custom_base);
+create_fdt(s, memmap, riscv_is_32bit(>soc[0]), htif_custom_base);
 
 /* Load kernel */
 if (machine->kernel_filename) {
-- 
2.39.0

[PULL 24/37] target/riscv/cpu.c: do not skip misa logic in riscv_cpu_realize()

[Alistair Francis]

From: Daniel Henrique Barboza 

All RISCV CPUs are setting cpu->cfg during their cpu_init() functions,
meaning that there's no reason to skip all the misa validation and setup
if misa_ext was set beforehand - especially since we're setting an
updated value in set_misa() in the end.

Put this code chunk into a new riscv_cpu_validate_set_extensions()
helper and always execute it regardless of what the board set in
env->misa_ext.

This will put more responsibility in how each board is going to init
their attributes and extensions if they're not using the defaults.
It'll also allow realize() to do its job looking only at the extensions
enabled per se, not corner cases that some CPUs might have, and we won't
have to change multiple code paths to fix or change how extensions work.

Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Alistair Francis 
Reviewed-by: Bin Meng 
Message-Id: <20230113175230.473975-3-dbarb...@ventanamicro.com>
[ Changes by AF:
 - Rebase
]
Signed-off-by: Alistair Francis 
---
 target/riscv/cpu.c | 399 +++--
 1 file changed, 205 insertions(+), 194 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index e682102c2a..c192d96a94 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -625,6 +625,207 @@ static void riscv_cpu_disas_set_info(CPUState *s, 
disassemble_info *info)
 }
 }
 
+/*
+ * Check consistency between chosen extensions while setting
+ * cpu->cfg accordingly, doing a set_misa() in the end.
+ */
+static void riscv_cpu_validate_set_extensions(RISCVCPU *cpu, Error **errp)
+{
+CPURISCVState *env = >env;
+uint32_t ext = 0;
+
+/* Do some ISA extension error checking */
+if (cpu->cfg.ext_g && !(cpu->cfg.ext_i && cpu->cfg.ext_m &&
+cpu->cfg.ext_a && cpu->cfg.ext_f &&
+cpu->cfg.ext_d &&
+cpu->cfg.ext_icsr && cpu->cfg.ext_ifencei)) {
+warn_report("Setting G will also set IMAFD_Zicsr_Zifencei");
+cpu->cfg.ext_i = true;
+cpu->cfg.ext_m = true;
+cpu->cfg.ext_a = true;
+cpu->cfg.ext_f = true;
+cpu->cfg.ext_d = true;
+cpu->cfg.ext_icsr = true;
+cpu->cfg.ext_ifencei = true;
+}
+
+if (cpu->cfg.ext_i && cpu->cfg.ext_e) {
+error_setg(errp,
+   "I and E extensions are incompatible");
+return;
+}
+
+if (!cpu->cfg.ext_i && !cpu->cfg.ext_e) {
+error_setg(errp,
+   "Either I or E extension must be set");
+return;
+}
+
+if (cpu->cfg.ext_s && !cpu->cfg.ext_u) {
+error_setg(errp,
+   "Setting S extension without U extension is illegal");
+return;
+}
+
+if (cpu->cfg.ext_h && !cpu->cfg.ext_i) {
+error_setg(errp,
+   "H depends on an I base integer ISA with 32 x registers");
+return;
+}
+
+if (cpu->cfg.ext_h && !cpu->cfg.ext_s) {
+error_setg(errp, "H extension implicitly requires S-mode");
+return;
+}
+
+if (cpu->cfg.ext_f && !cpu->cfg.ext_icsr) {
+error_setg(errp, "F extension requires Zicsr");
+return;
+}
+
+if ((cpu->cfg.ext_zawrs) && !cpu->cfg.ext_a) {
+error_setg(errp, "Zawrs extension requires A extension");
+return;
+}
+
+if ((cpu->cfg.ext_zfh || cpu->cfg.ext_zfhmin) && !cpu->cfg.ext_f) {
+error_setg(errp, "Zfh/Zfhmin extensions require F extension");
+return;
+}
+
+if (cpu->cfg.ext_d && !cpu->cfg.ext_f) {
+error_setg(errp, "D extension requires F extension");
+return;
+}
+
+if (cpu->cfg.ext_v && !cpu->cfg.ext_d) {
+error_setg(errp, "V extension requires D extension");
+return;
+}
+
+if ((cpu->cfg.ext_zve32f || cpu->cfg.ext_zve64f) && !cpu->cfg.ext_f) {
+error_setg(errp, "Zve32f/Zve64f extensions require F extension");
+return;
+}
+
+/* Set the ISA extensions, checks should have happened above */
+if (cpu->cfg.ext_zdinx || cpu->cfg.ext_zhinx ||
+cpu->cfg.ext_zhinxmin) {
+cpu->cfg.ext_zfinx = true;
+}
+
+if (cpu->cfg.ext_zfinx) {
+if (!cpu->cfg.ext_icsr) {
+error_setg(errp, "Zfinx extension requires Zicsr");
+return;
+}
+if (cpu->cfg.ext_f) {
+error_setg(errp,
+"Zfinx cannot be supported together with F extension");
+return;
+}
+}
+
+if (cpu->cfg.ext_zk) {
+cpu->cfg.ext_zkn = true;
+cpu->cfg.ext_zkr = true;
+cpu->cfg.ext_zkt = true;
+}
+
+if (cpu->cfg.ext_zkn) {
+cpu->cfg.ext_zbkb = true;
+cpu->cfg.ext_zbkc = true;
+cpu->cfg.ext_zbkx = true;
+cpu->cfg.ext_zkne = true;
+cpu->cfg.ext_zknd = true;
+cpu->cfg.ext_zknh = true;
+}
+
+if (cpu->cfg.ext_zks) {
+cpu->cfg.ext_zbkb = true;
+cpu->cfg.ext_zbkc = true;
+

[PULL 20/37] hw/riscv: write bootargs 'chosen' FDT after riscv_load_kernel()

[Alistair Francis]

From: Daniel Henrique Barboza 

The sifive_u, spike and virt machines are writing the 'bootargs' FDT
node during their respective create_fdt().

Given that bootargs is written only when '-append' is used, and this
option is only allowed with the '-kernel' option, which in turn is
already being check before executing riscv_load_kernel(), write
'bootargs' in the same code path as riscv_load_kernel().

Cc: Palmer Dabbelt 
Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Bin Meng 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Message-Id: <20230102115241.25733-8-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 hw/riscv/sifive_u.c | 11 +--
 hw/riscv/spike.c|  9 +
 hw/riscv/virt.c | 11 +--
 3 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 37f5087172..3e6df87b5b 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -117,7 +117,6 @@ static void create_fdt(SiFiveUState *s, const MemMapEntry 
*memmap,
 error_report("load_device_tree() failed");
 exit(1);
 }
-goto update_bootargs;
 } else {
 fdt = ms->fdt = create_device_tree(_size);
 if (!fdt) {
@@ -510,11 +509,6 @@ static void create_fdt(SiFiveUState *s, const MemMapEntry 
*memmap,
 qemu_fdt_setprop_string(fdt, "/aliases", "serial0", nodename);
 
 g_free(nodename);
-
-update_bootargs:
-if (cmdline && *cmdline) {
-qemu_fdt_setprop_string(fdt, "/chosen", "bootargs", cmdline);
-}
 }
 
 static void sifive_u_machine_reset(void *opaque, int n, int level)
@@ -611,6 +605,11 @@ static void sifive_u_machine_init(MachineState *machine)
 riscv_load_initrd(machine->initrd_filename, machine->ram_size,
   kernel_entry, machine->fdt);
 }
+
+if (machine->kernel_cmdline && *machine->kernel_cmdline) {
+qemu_fdt_setprop_string(machine->fdt, "/chosen", "bootargs",
+machine->kernel_cmdline);
+}
 } else {
/*
 * If dynamic firmware is used, it doesn't know where is the next mode
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index 5668fe0694..60e2912be5 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -179,10 +179,6 @@ static void create_fdt(SpikeState *s, const MemMapEntry 
*memmap,
 
 qemu_fdt_add_subnode(fdt, "/chosen");
 qemu_fdt_setprop_string(fdt, "/chosen", "stdout-path", "/htif");
-
-if (cmdline && *cmdline) {
-qemu_fdt_setprop_string(fdt, "/chosen", "bootargs", cmdline);
-}
 }
 
 static bool spike_test_elf_image(char *filename)
@@ -319,6 +315,11 @@ static void spike_board_init(MachineState *machine)
 riscv_load_initrd(machine->initrd_filename, machine->ram_size,
   kernel_entry, machine->fdt);
 }
+
+if (machine->kernel_cmdline && *machine->kernel_cmdline) {
+qemu_fdt_setprop_string(machine->fdt, "/chosen", "bootargs",
+machine->kernel_cmdline);
+}
 } else {
/*
 * If dynamic firmware is used, it doesn't know where is the next mode
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 5967b136b4..6c946b6def 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -1012,7 +1012,6 @@ static void create_fdt(RISCVVirtState *s, const 
MemMapEntry *memmap,
 error_report("load_device_tree() failed");
 exit(1);
 }
-goto update_bootargs;
 } else {
 mc->fdt = create_device_tree(>fdt_size);
 if (!mc->fdt) {
@@ -1050,11 +1049,6 @@ static void create_fdt(RISCVVirtState *s, const 
MemMapEntry *memmap,
 create_fdt_fw_cfg(s, memmap);
 create_fdt_pmu(s);
 
-update_bootargs:
-if (cmdline && *cmdline) {
-qemu_fdt_setprop_string(mc->fdt, "/chosen", "bootargs", cmdline);
-}
-
 /* Pass seed to RNG */
 qemu_guest_getrandom_nofail(rng_seed, sizeof(rng_seed));
 qemu_fdt_setprop(mc->fdt, "/chosen", "rng-seed", rng_seed, 
sizeof(rng_seed));
@@ -1294,6 +1288,11 @@ static void virt_machine_done(Notifier *notifier, void 
*data)
 riscv_load_initrd(machine->initrd_filename, machine->ram_size,
   kernel_entry, machine->fdt);
 }
+
+if (machine->kernel_cmdline && *machine->kernel_cmdline) {
+qemu_fdt_setprop_string(machine->fdt, "/chosen", "bootargs",
+machine->kernel_cmdline);
+}
 } else {
/*
 * If dynamic firmware is used, it doesn't know where is the next mode
-- 
2.39.0

[PULL 15/37] hw/riscv/spike: use 'fdt' from MachineState

[Alistair Francis]

From: Daniel Henrique Barboza 

The MachineState object provides a 'fdt' pointer that is already being
used by other RISC-V machines, and it's also used by the 'dumpdtb' QMP
command.

Remove the 'fdt' pointer from SpikeState and use MachineState::fdt
instead.

Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Reviewed-by: Bin Meng 
Message-Id: <20230102115241.25733-3-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 include/hw/riscv/spike.h |  2 --
 hw/riscv/spike.c | 12 +---
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/include/hw/riscv/spike.h b/include/hw/riscv/spike.h
index 73bf2a9aad..0c2a223763 100644
--- a/include/hw/riscv/spike.h
+++ b/include/hw/riscv/spike.h
@@ -37,8 +37,6 @@ struct SpikeState {
 
 /*< public >*/
 RISCVHartArrayState soc[SPIKE_SOCKETS_MAX];
-void *fdt;
-int fdt_size;
 };
 
 enum {
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index 1679c325d5..25c5420ee6 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -53,6 +53,7 @@ static void create_fdt(SpikeState *s, const MemMapEntry 
*memmap,
bool is_32_bit, bool htif_custom_base)
 {
 void *fdt;
+int fdt_size;
 uint64_t addr, size;
 unsigned long clint_addr;
 int cpu, socket;
@@ -65,7 +66,7 @@ static void create_fdt(SpikeState *s, const MemMapEntry 
*memmap,
 "sifive,clint0", "riscv,clint0"
 };
 
-fdt = s->fdt = create_device_tree(>fdt_size);
+fdt = mc->fdt = create_device_tree(_size);
 if (!fdt) {
 error_report("create_device_tree() failed");
 exit(1);
@@ -327,18 +328,15 @@ static void spike_board_init(MachineState *machine)
 hwaddr end = riscv_load_initrd(machine->initrd_filename,
machine->ram_size, kernel_entry,
);
-qemu_fdt_setprop_cell(s->fdt, "/chosen",
+qemu_fdt_setprop_cell(machine->fdt, "/chosen",
   "linux,initrd-start", start);
-qemu_fdt_setprop_cell(s->fdt, "/chosen", "linux,initrd-end",
+qemu_fdt_setprop_cell(machine->fdt, "/chosen", "linux,initrd-end",
   end);
 }
 
 /* Compute the fdt load address in dram */
 fdt_load_addr = riscv_load_fdt(memmap[SPIKE_DRAM].base,
-   machine->ram_size, s->fdt);
-
-/* Set machine->fdt for 'dumpdtb' QMP/HMP command */
-machine->fdt = s->fdt;
+   machine->ram_size, machine->fdt);
 
 /* load the reset vector */
 riscv_setup_rom_reset_vec(machine, >soc[0], memmap[SPIKE_DRAM].base,
-- 
2.39.0

[PULL 08/37] hw/riscv: spike: Remove the out-of-date comments

[Alistair Francis]

From: Bin Meng 

Spike machine now supports OpenSBI plain binary bios image, so the
comments are no longer valid.

Signed-off-by: Bin Meng 
Reviewed-by: Daniel Henrique Barboza 
Reviewed-by: Alistair Francis 
Message-Id: <20221229091828.1945072-9-bm...@tinylab.org>
Signed-off-by: Alistair Francis 
---
 hw/riscv/spike.c | 5 -
 1 file changed, 5 deletions(-)

diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index fb4152c2a2..df9f070707 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -255,11 +255,6 @@ static void spike_board_init(MachineState *machine)
 memory_region_add_subregion(system_memory, memmap[SPIKE_MROM].base,
 mask_rom);
 
-/*
- * Not like other RISC-V machines that use plain binary bios images,
- * keeping ELF files here was intentional because BIN files don't work
- * for the Spike machine as HTIF emulation depends on ELF parsing.
- */
 if (riscv_is_32bit(>soc[0])) {
 firmware_end_addr = riscv_find_and_load_firmware(machine,
 RISCV32_BIOS_BIN, memmap[SPIKE_DRAM].base,
-- 
2.39.0

[PULL 11/37] hw/riscv/boot.c: Introduce riscv_find_firmware()

[Alistair Francis]

From: Bin Meng 

Rename previous riscv_find_firmware() to riscv_find_bios(), and
introduce a new riscv_find_firmware() to implement the first half
part of the work done in riscv_find_and_load_firmware().

This new API is helpful for machine that wants to know the final
chosen firmware file name but does not want to load it.

Signed-off-by: Bin Meng 
Reviewed-by: Daniel Henrique Barboza 
Reviewed-by: Alistair Francis 
Message-Id: <20221229091828.1945072-12-bm...@tinylab.org>
Signed-off-by: Alistair Francis 
---
 include/hw/riscv/boot.h |  2 ++
 hw/riscv/boot.c | 39 +--
 2 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
index 60cf320c88..b273ab22f7 100644
--- a/include/hw/riscv/boot.h
+++ b/include/hw/riscv/boot.h
@@ -38,6 +38,8 @@ target_ulong riscv_find_and_load_firmware(MachineState 
*machine,
   hwaddr firmware_load_addr,
   symbol_fn_t sym_cb);
 const char *riscv_default_firmware_name(RISCVHartArrayState *harts);
+char *riscv_find_firmware(const char *firmware_filename,
+  const char *default_machine_firmware);
 target_ulong riscv_load_firmware(const char *firmware_filename,
  hwaddr firmware_load_addr,
  symbol_fn_t sym_cb);
diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index e1a544b1d9..98b80af51b 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -84,11 +84,11 @@ const char *riscv_default_firmware_name(RISCVHartArrayState 
*harts)
 return RISCV64_BIOS_BIN;
 }
 
-static char *riscv_find_firmware(const char *firmware_filename)
+static char *riscv_find_bios(const char *bios_filename)
 {
 char *filename;
 
-filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, firmware_filename);
+filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_filename);
 if (filename == NULL) {
 if (!qtest_enabled()) {
 /*
@@ -97,8 +97,8 @@ static char *riscv_find_firmware(const char 
*firmware_filename)
  * running QEMU test will complain hence let's suppress the error
  * report for QEMU testing.
  */
-error_report("Unable to load the RISC-V firmware \"%s\"",
- firmware_filename);
+error_report("Unable to find the RISC-V BIOS \"%s\"",
+ bios_filename);
 exit(1);
 }
 }
@@ -106,25 +106,36 @@ static char *riscv_find_firmware(const char 
*firmware_filename)
 return filename;
 }
 
-target_ulong riscv_find_and_load_firmware(MachineState *machine,
-  const char *default_machine_firmware,
-  hwaddr firmware_load_addr,
-  symbol_fn_t sym_cb)
+char *riscv_find_firmware(const char *firmware_filename,
+  const char *default_machine_firmware)
 {
-char *firmware_filename = NULL;
-target_ulong firmware_end_addr = firmware_load_addr;
+char *filename = NULL;
 
-if ((!machine->firmware) || (!strcmp(machine->firmware, "default"))) {
+if ((!firmware_filename) || (!strcmp(firmware_filename, "default"))) {
 /*
  * The user didn't specify -bios, or has specified "-bios default".
  * That means we are going to load the OpenSBI binary included in
  * the QEMU source.
  */
-firmware_filename = riscv_find_firmware(default_machine_firmware);
-} else if (strcmp(machine->firmware, "none")) {
-firmware_filename = riscv_find_firmware(machine->firmware);
+filename = riscv_find_bios(default_machine_firmware);
+} else if (strcmp(firmware_filename, "none")) {
+filename = riscv_find_bios(firmware_filename);
 }
 
+return filename;
+}
+
+target_ulong riscv_find_and_load_firmware(MachineState *machine,
+  const char *default_machine_firmware,
+  hwaddr firmware_load_addr,
+  symbol_fn_t sym_cb)
+{
+char *firmware_filename;
+target_ulong firmware_end_addr = firmware_load_addr;
+
+firmware_filename = riscv_find_firmware(machine->firmware,
+default_machine_firmware);
+
 if (firmware_filename) {
 /* If not "none" load the firmware */
 firmware_end_addr = riscv_load_firmware(firmware_filename,
-- 
2.39.0

[PULL 07/37] hw/char: riscv_htif: Support console output via proxy syscall

[Alistair Francis]

From: Bin Meng 

At present the HTIF proxy syscall is unsupported. On RV32, only
device 0 is supported so there is no console device for RV32.
The only way to implement console funtionality on RV32 is to
support the SYS_WRITE syscall.

With this commit, the Spike machine is able to boot the 32-bit
OpenSBI generic image.

Signed-off-by: Bin Meng 
Reviewed-by: Daniel Henrique Barboza 
Reviewed-by: Alistair Francis 
Message-Id: <20221229091828.1945072-8-bm...@tinylab.org>
Signed-off-by: Alistair Francis 
---
 hw/char/riscv_htif.c | 17 -
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/hw/char/riscv_htif.c b/hw/char/riscv_htif.c
index 3bb0a37a3e..1477fc0090 100644
--- a/hw/char/riscv_htif.c
+++ b/hw/char/riscv_htif.c
@@ -48,6 +48,9 @@
 #define HTIF_CONSOLE_CMD_GETC   0
 #define HTIF_CONSOLE_CMD_PUTC   1
 
+/* PK system call number */
+#define PK_SYS_WRITE64
+
 static uint64_t fromhost_addr, tohost_addr;
 static int address_symbol_set;
 
@@ -165,7 +168,19 @@ static void htif_handle_tohost_write(HTIFState *s, 
uint64_t val_written)
 int exit_code = payload >> 1;
 exit(exit_code);
 } else {
-qemu_log_mask(LOG_UNIMP, "pk syscall proxy not supported\n");
+uint64_t syscall[8];
+cpu_physical_memory_read(payload, syscall, sizeof(syscall));
+if (syscall[0] == PK_SYS_WRITE &&
+syscall[1] == HTIF_DEV_CONSOLE &&
+syscall[3] == HTIF_CONSOLE_CMD_PUTC) {
+uint8_t ch;
+cpu_physical_memory_read(syscall[2], , 1);
+qemu_chr_fe_write(>chr, , 1);
+resp = 0x100 | (uint8_t)payload;
+} else {
+qemu_log_mask(LOG_UNIMP,
+  "pk syscall proxy not supported\n");
+}
 }
 } else {
 qemu_log("HTIF device %d: unknown command\n", device);
-- 
2.39.0

[PULL 16/37] hw/riscv/sifive_u: use 'fdt' from MachineState

[Alistair Francis]

From: Daniel Henrique Barboza 

The MachineState object provides a 'fdt' pointer that is already being
used by other RISC-V machines, and it's also used by the 'dumpdtb' QMP
command.

Remove the 'fdt' pointer from SiFiveUState and use MachineState::fdt
instead.

Cc: Palmer Dabbelt 
Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Reviewed-by: Bin Meng 
Message-Id: <20230102115241.25733-4-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
---
 include/hw/riscv/sifive_u.h |  3 ---
 hw/riscv/sifive_u.c | 15 ++-
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/include/hw/riscv/sifive_u.h b/include/hw/riscv/sifive_u.h
index a67328f7ad..65af306963 100644
--- a/include/hw/riscv/sifive_u.h
+++ b/include/hw/riscv/sifive_u.h
@@ -69,9 +69,6 @@ typedef struct SiFiveUState {
 /*< public >*/
 SiFiveUSoCState soc;
 
-void *fdt;
-int fdt_size;
-
 bool start_in_flash;
 uint32_t msel;
 uint32_t serial;
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index a58ddb36ac..ddceb750ea 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -98,7 +98,7 @@ static void create_fdt(SiFiveUState *s, const MemMapEntry 
*memmap,
 {
 MachineState *ms = MACHINE(qdev_get_machine());
 void *fdt;
-int cpu;
+int cpu, fdt_size;
 uint32_t *cells;
 char *nodename;
 uint32_t plic_phandle, prci_phandle, gpio_phandle, phandle = 1;
@@ -112,14 +112,14 @@ static void create_fdt(SiFiveUState *s, const MemMapEntry 
*memmap,
 };
 
 if (ms->dtb) {
-fdt = s->fdt = load_device_tree(ms->dtb, >fdt_size);
+fdt = ms->fdt = load_device_tree(ms->dtb, _size);
 if (!fdt) {
 error_report("load_device_tree() failed");
 exit(1);
 }
 goto update_bootargs;
 } else {
-fdt = s->fdt = create_device_tree(>fdt_size);
+fdt = ms->fdt = create_device_tree(_size);
 if (!fdt) {
 error_report("create_device_tree() failed");
 exit(1);
@@ -612,9 +612,9 @@ static void sifive_u_machine_init(MachineState *machine)
 hwaddr end = riscv_load_initrd(machine->initrd_filename,
machine->ram_size, kernel_entry,
);
-qemu_fdt_setprop_cell(s->fdt, "/chosen",
+qemu_fdt_setprop_cell(machine->fdt, "/chosen",
   "linux,initrd-start", start);
-qemu_fdt_setprop_cell(s->fdt, "/chosen", "linux,initrd-end",
+qemu_fdt_setprop_cell(machine->fdt, "/chosen", "linux,initrd-end",
   end);
 }
 } else {
@@ -627,14 +627,11 @@ static void sifive_u_machine_init(MachineState *machine)
 
 /* Compute the fdt load address in dram */
 fdt_load_addr = riscv_load_fdt(memmap[SIFIVE_U_DEV_DRAM].base,
-   machine->ram_size, s->fdt);
+   machine->ram_size, machine->fdt);
 if (!riscv_is_32bit(>soc.u_cpus)) {
 start_addr_hi32 = (uint64_t)start_addr >> 32;
 }
 
-/* Set machine->fdt for 'dumpdtb' QMP/HMP command */
-machine->fdt = s->fdt;
-
 /* reset vector */
 uint32_t reset_vec[12] = {
 s->msel,   /* MSEL pin state */
-- 
2.39.0

[PULL 06/37] hw/char: riscv_htif: Remove forward declarations for non-existent variables

[Alistair Francis]

From: Bin Meng 

There are forward declarations for 'vmstate_htif' and 'htif_io_ops'
in riscv_htif.h however there are no definitions in the C codes.

Signed-off-by: Bin Meng 
Reviewed-by: Daniel Henrique Barboza 
Reviewed-by: Alistair Francis 
Message-Id: <20221229091828.1945072-7-bm...@tinylab.org>
Signed-off-by: Alistair Francis 
---
 include/hw/char/riscv_htif.h | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/include/hw/char/riscv_htif.h b/include/hw/char/riscv_htif.h
index 55cc352331..9e8ebbe017 100644
--- a/include/hw/char/riscv_htif.h
+++ b/include/hw/char/riscv_htif.h
@@ -40,9 +40,6 @@ typedef struct HTIFState {
 uint64_t pending_read;
 } HTIFState;
 
-extern const VMStateDescription vmstate_htif;
-extern const MemoryRegionOps htif_io_ops;
-
 /* HTIF symbol callback */
 void htif_symbol_callback(const char *st_name, int st_info, uint64_t st_value,
 uint64_t st_size);
-- 
2.39.0

[PULL 09/37] hw/riscv/boot.c: make riscv_find_firmware() static

[Alistair Francis]

From: Daniel Henrique Barboza 

The only caller is riscv_find_and_load_firmware(), which is in the same
file.

Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Reviewed-by: Bin Meng 
Signed-off-by: Bin Meng 
Message-Id: <20221221182300.307900-5-dbarb...@ventanamicro.com>
Message-Id: <20221229091828.1945072-10-bm...@tinylab.org>
Signed-off-by: Alistair Francis 
---
 include/hw/riscv/boot.h |  1 -
 hw/riscv/boot.c | 44 -
 2 files changed, 22 insertions(+), 23 deletions(-)

diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
index 93e5f8760d..c03e4e74c5 100644
--- a/include/hw/riscv/boot.h
+++ b/include/hw/riscv/boot.h
@@ -37,7 +37,6 @@ target_ulong riscv_find_and_load_firmware(MachineState 
*machine,
   const char *default_machine_firmware,
   hwaddr firmware_load_addr,
   symbol_fn_t sym_cb);
-char *riscv_find_firmware(const char *firmware_filename);
 target_ulong riscv_load_firmware(const char *firmware_filename,
  hwaddr firmware_load_addr,
  symbol_fn_t sym_cb);
diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index ebd351c840..7361d5c0d8 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -75,6 +75,28 @@ target_ulong 
riscv_calc_kernel_start_addr(RISCVHartArrayState *harts,
 }
 }
 
+static char *riscv_find_firmware(const char *firmware_filename)
+{
+char *filename;
+
+filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, firmware_filename);
+if (filename == NULL) {
+if (!qtest_enabled()) {
+/*
+ * We only ship OpenSBI binary bios images in the QEMU source.
+ * For machines that use images other than the default bios,
+ * running QEMU test will complain hence let's suppress the error
+ * report for QEMU testing.
+ */
+error_report("Unable to load the RISC-V firmware \"%s\"",
+ firmware_filename);
+exit(1);
+}
+}
+
+return filename;
+}
+
 target_ulong riscv_find_and_load_firmware(MachineState *machine,
   const char *default_machine_firmware,
   hwaddr firmware_load_addr,
@@ -104,28 +126,6 @@ target_ulong riscv_find_and_load_firmware(MachineState 
*machine,
 return firmware_end_addr;
 }
 
-char *riscv_find_firmware(const char *firmware_filename)
-{
-char *filename;
-
-filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, firmware_filename);
-if (filename == NULL) {
-if (!qtest_enabled()) {
-/*
- * We only ship OpenSBI binary bios images in the QEMU source.
- * For machines that use images other than the default bios,
- * running QEMU test will complain hence let's suppress the error
- * report for QEMU testing.
- */
-error_report("Unable to load the RISC-V firmware \"%s\"",
- firmware_filename);
-exit(1);
-}
-}
-
-return filename;
-}
-
 target_ulong riscv_load_firmware(const char *firmware_filename,
  hwaddr firmware_load_addr,
  symbol_fn_t sym_cb)
-- 
2.39.0

[PULL 00/37] riscv-to-apply queue

[Alistair Francis]

From: Alistair Francis 

The following changes since commit 239b8b0699a222fd21da1c5fdeba0a2456085a47:

  Merge tag 'trivial-branch-for-8.0-pull-request' of 
https://gitlab.com/laurent_vivier/qemu into staging (2023-01-19 15:05:29 +)

are available in the Git repository at:

  https://github.com/alistair23/qemu.git tags/pull-riscv-to-apply-20230120

for you to fetch changes up to b748352c555b42d497fe8ee00ee2e44eb8627660:

  hw/riscv/virt.c: move create_fw_cfg() back to virt_machine_init() (2023-01-20 
10:14:14 +1000)


Second RISC-V PR for QEMU 8.0

* riscv_htif: Support console output via proxy syscall
* Cleanup firmware and device tree loading
* Fix elen check when using vector extensions
* add RISC-V OpenSBI boot test
* Ensure we always follow MISA parsing
* Fix up masking of vsip/vsie accesses
* Trap on writes to stimecmp from VS when hvictl.VTI=1
* Introduce helper_set_rounding_mode_chkfrm


Andrew Bresticker (2):
  target/riscv: Fix up masking of vsip/vsie accesses
  target/riscv: Trap on writes to stimecmp from VS when hvictl.VTI=1

Bin Meng (11):
  hw/char: riscv_htif: Avoid using magic numbers
  hw/char: riscv_htif: Drop {to, from}host_size in HTIFState
  hw/char: riscv_htif: Drop useless assignment of memory region
  hw/char: riscv_htif: Use conventional 's' for HTIFState
  hw/char: riscv_htif: Move registers from CPUArchState to HTIFState
  hw/char: riscv_htif: Remove forward declarations for non-existent 
variables
  hw/char: riscv_htif: Support console output via proxy syscall
  hw/riscv: spike: Remove the out-of-date comments
  hw/riscv/boot.c: Introduce riscv_find_firmware()
  hw/riscv: spike: Decouple create_fdt() dependency to ELF loading
  target/riscv: Use TARGET_FMT_lx for env->mhartid

Daniel Henrique Barboza (20):
  hw/riscv/boot.c: make riscv_find_firmware() static
  hw/riscv/boot.c: introduce riscv_default_firmware_name()
  tests/avocado: add RISC-V OpenSBI boot test
  hw/riscv/spike: use 'fdt' from MachineState
  hw/riscv/sifive_u: use 'fdt' from MachineState
  hw/riscv/boot.c: exit early if filename is NULL in load functions
  hw/riscv/spike.c: load initrd right after riscv_load_kernel()
  hw/riscv: write initrd 'chosen' FDT inside riscv_load_initrd()
  hw/riscv: write bootargs 'chosen' FDT after riscv_load_kernel()
  hw/riscv/boot.c: use MachineState in riscv_load_initrd()
  hw/riscv/boot.c: use MachineState in riscv_load_kernel()
  target/riscv/cpu: set cpu->cfg in register_cpu_props()
  target/riscv/cpu.c: do not skip misa logic in riscv_cpu_realize()
  hw/riscv/spike.c: simplify create_fdt()
  hw/riscv/virt.c: simplify create_fdt()
  hw/riscv/sifive_u.c: simplify create_fdt()
  hw/riscv/virt.c: remove 'is_32_bit' param from create_fdt_socket_cpus()
  hw/riscv: use MachineState::fdt in riscv_socket_fdt_write_id()
  hw/riscv: use ms->fdt in riscv_socket_fdt_write_distance_matrix()
  hw/riscv/virt.c: move create_fw_cfg() back to virt_machine_init()

Dongxue Zhang (1):
  target/riscv/cpu.c: Fix elen check

Richard Henderson (3):
  tcg/riscv: Use tcg_pcrel_diff in tcg_out_ldst
  target/riscv: Introduce helper_set_rounding_mode_chkfrm
  target/riscv: Remove helper_set_rod_rounding_mode

 include/hw/char/riscv_htif.h|  19 +-
 include/hw/riscv/boot.h |   9 +-
 include/hw/riscv/numa.h |  10 +-
 include/hw/riscv/sifive_u.h |   3 -
 include/hw/riscv/spike.h|   2 -
 target/riscv/cpu.h  |   8 +-
 target/riscv/helper.h   |   2 +-
 hw/char/riscv_htif.c| 172 +++-
 hw/riscv/boot.c | 105 +---
 hw/riscv/microchip_pfsoc.c  |  12 +-
 hw/riscv/numa.c |  14 +-
 hw/riscv/opentitan.c|   3 +-
 hw/riscv/sifive_e.c |   3 +-
 hw/riscv/sifive_u.c |  53 ++--
 hw/riscv/spike.c| 108 
 hw/riscv/virt.c |  86 +++---
 target/riscv/cpu.c  | 445 ++--
 target/riscv/csr.c  |  41 ++-
 target/riscv/fpu_helper.c   |  36 ++-
 target/riscv/machine.c  |   6 +-
 target/riscv/translate.c|  21 +-
 target/riscv/insn_trans/trans_rvv.c.inc |  24 +-
 tcg/riscv/tcg-target.c.inc  |   2 +-
 tests/avocado/riscv_opensbi.py  |  65 +
 24 files changed, 713 insertions(+), 536 deletions(-)
 create mode 100644 tests/avocado/riscv_opensbi.py

[PULL 13/37] target/riscv/cpu.c: Fix elen check

[Alistair Francis]

From: Dongxue Zhang 

The elen check should be cpu->cfg.elen in range [8, 64].

Signed-off-by: Dongxue Zhang 
Reviewed-by: LIU Zhiwei 
Reviewed-by: Frank Chang 
Reviewed-by: Alistair Francis 
Message-Id: <167236721596.15277.265340527322725628...@git.sr.ht>
[ Changes by AF:
 - Tidy up commit message
]
Signed-off-by: Alistair Francis 
---
 target/riscv/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index cc75ca7667..a2e6238bd7 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -882,7 +882,7 @@ static void riscv_cpu_realize(DeviceState *dev, Error 
**errp)
 "Vector extension ELEN must be power of 2");
 return;
 }
-if (cpu->cfg.elen > 64 || cpu->cfg.vlen < 8) {
+if (cpu->cfg.elen > 64 || cpu->cfg.elen < 8) {
 error_setg(errp,
 "Vector extension implementation only supports ELEN "
 "in the range [8, 64]");
-- 
2.39.0

[PULL 02/37] hw/char: riscv_htif: Drop {to, from}host_size in HTIFState

[Alistair Francis]

From: Bin Meng 

These are not used anywhere. Drop them.

Signed-off-by: Bin Meng 
Reviewed-by: Daniel Henrique Barboza 
Reviewed-by: Alistair Francis 
Message-Id: <20221229091828.1945072-3-bm...@tinylab.org>
Signed-off-by: Alistair Francis 
---
 include/hw/char/riscv_htif.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/include/hw/char/riscv_htif.h b/include/hw/char/riscv_htif.h
index f888ac1b30..3eccc1914f 100644
--- a/include/hw/char/riscv_htif.h
+++ b/include/hw/char/riscv_htif.h
@@ -33,8 +33,6 @@ typedef struct HTIFState {
 
 hwaddr tohost_offset;
 hwaddr fromhost_offset;
-uint64_t tohost_size;
-uint64_t fromhost_size;
 MemoryRegion mmio;
 MemoryRegion *address_space;
 MemoryRegion *main_mem;
-- 
2.39.0

[PULL 10/37] hw/riscv/boot.c: introduce riscv_default_firmware_name()

[Alistair Francis]

From: Daniel Henrique Barboza 

Some boards are duplicating the 'riscv_find_and_load_firmware' call
because the 32 and 64 bits images have different names. Create
a function to handle this detail instead of hardcoding it in the boards.

Ideally we would bake this logic inside riscv_find_and_load_firmware(),
or even create a riscv_load_default_firmware(), but at this moment we
cannot infer whether the machine is running 32 or 64 bits without
accessing RISCVHartArrayState, which in turn can't be accessed via the
common code from boot.c. In the end we would exchange 'firmware_name'
for a flag with riscv_is_32bit(), which isn't much better than what we
already have today.

Cc: Palmer Dabbelt 
Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Alistair Francis 
Reviewed-by: Bin Meng 
Signed-off-by: Bin Meng 
Message-Id: <20221221182300.307900-6-dbarb...@ventanamicro.com>
Message-Id: <20221229091828.1945072-11-bm...@tinylab.org>
Signed-off-by: Alistair Francis 
---
 include/hw/riscv/boot.h |  1 +
 hw/riscv/boot.c |  9 +
 hw/riscv/sifive_u.c | 11 ---
 hw/riscv/spike.c| 14 +-
 hw/riscv/virt.c | 10 +++---
 5 files changed, 22 insertions(+), 23 deletions(-)

diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
index c03e4e74c5..60cf320c88 100644
--- a/include/hw/riscv/boot.h
+++ b/include/hw/riscv/boot.h
@@ -37,6 +37,7 @@ target_ulong riscv_find_and_load_firmware(MachineState 
*machine,
   const char *default_machine_firmware,
   hwaddr firmware_load_addr,
   symbol_fn_t sym_cb);
+const char *riscv_default_firmware_name(RISCVHartArrayState *harts);
 target_ulong riscv_load_firmware(const char *firmware_filename,
  hwaddr firmware_load_addr,
  symbol_fn_t sym_cb);
diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index 7361d5c0d8..e1a544b1d9 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -75,6 +75,15 @@ target_ulong 
riscv_calc_kernel_start_addr(RISCVHartArrayState *harts,
 }
 }
 
+const char *riscv_default_firmware_name(RISCVHartArrayState *harts)
+{
+if (riscv_is_32bit(harts)) {
+return RISCV32_BIOS_BIN;
+}
+
+return RISCV64_BIOS_BIN;
+}
+
 static char *riscv_find_firmware(const char *firmware_filename)
 {
 char *filename;
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index b40a4767e2..a58ddb36ac 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -533,6 +533,7 @@ static void sifive_u_machine_init(MachineState *machine)
 MemoryRegion *flash0 = g_new(MemoryRegion, 1);
 target_ulong start_addr = memmap[SIFIVE_U_DEV_DRAM].base;
 target_ulong firmware_end_addr, kernel_start_addr;
+const char *firmware_name;
 uint32_t start_addr_hi32 = 0x;
 int i;
 uint32_t fdt_load_addr;
@@ -595,13 +596,9 @@ static void sifive_u_machine_init(MachineState *machine)
 break;
 }
 
-if (riscv_is_32bit(>soc.u_cpus)) {
-firmware_end_addr = riscv_find_and_load_firmware(machine,
-RISCV32_BIOS_BIN, start_addr, NULL);
-} else {
-firmware_end_addr = riscv_find_and_load_firmware(machine,
-RISCV64_BIOS_BIN, start_addr, NULL);
-}
+firmware_name = riscv_default_firmware_name(>soc.u_cpus);
+firmware_end_addr = riscv_find_and_load_firmware(machine, firmware_name,
+ start_addr, NULL);
 
 if (machine->kernel_filename) {
 kernel_start_addr = riscv_calc_kernel_start_addr(>soc.u_cpus,
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index df9f070707..3c8a8de673 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -190,6 +190,7 @@ static void spike_board_init(MachineState *machine)
 MemoryRegion *system_memory = get_system_memory();
 MemoryRegion *mask_rom = g_new(MemoryRegion, 1);
 target_ulong firmware_end_addr, kernel_start_addr;
+const char *firmware_name;
 uint32_t fdt_load_addr;
 uint64_t kernel_entry;
 char *soc_name;
@@ -255,15 +256,10 @@ static void spike_board_init(MachineState *machine)
 memory_region_add_subregion(system_memory, memmap[SPIKE_MROM].base,
 mask_rom);
 
-if (riscv_is_32bit(>soc[0])) {
-firmware_end_addr = riscv_find_and_load_firmware(machine,
-RISCV32_BIOS_BIN, memmap[SPIKE_DRAM].base,
-htif_symbol_callback);
-} else {
-firmware_end_addr = riscv_find_and_load_firmware(machine,
-RISCV64_BIOS_BIN, memmap[SPIKE_DRAM].base,
-htif_symbol_callback);
-}
+firmware_name = riscv_default_firmware_name(>soc[0]);
+firmware_end_addr = riscv_find_and_load_firmware(machine, firmware_name,

Re: [PATCH v2 07/11] tests/qtest/migration-test: Build command line using GString API (1/4)

[Philippe Mathieu-Daudé]

On 19/1/23 22:10, Richard Henderson wrote:

On 1/19/23 04:58, Philippe Mathieu-Daudé wrote:

Part 1/4: Convert memory & machine options.

Signed-off-by: Philippe Mathieu-Daudé 
---
  tests/qtest/migration-test.c | 22 --
  1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c
index 6c3db95113..7aa323a7a7 100644
--- a/tests/qtest/migration-test.c
+++ b/tests/qtest/migration-test.c
@@ -582,6 +582,7 @@ typedef struct {
  static int test_migrate_start(QTestState **from, QTestState **to,
    const char *uri, MigrateStart *args)
  {
+    g_autoptr(GString) cmd_common = NULL;
  g_autofree gchar *arch_source = NULL;
  g_autofree gchar *arch_target = NULL;
  g_autofree gchar *cmd_target = NULL;
@@ -601,6 +602,9 @@ static int test_migrate_start(QTestState **from, 
QTestState **to,

  }
  got_stop = false;
+
+    cmd_common = g_string_new("");
+
  bootpath = g_strdup_printf("%s/bootsect", tmpfs);
  if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
  /* the assembled x86 boot sector should be exactly one 
sector large */
@@ -644,6 +648,10 @@ static int test_migrate_start(QTestState **from, 
QTestState **to,

  } else {
  g_assert_not_reached();
  }
+    if (machine_opts) {
+    g_string_append_printf(cmd_common, " -machine %s ", 
machine_opts);

+    }
+    g_string_append_printf(cmd_common, "-m %s ", memory_size);
  if (!getenv("QTEST_LOG") && args->hide_stderr) {
  #ifdef _WIN32
@@ -674,33 +682,27 @@ static int test_migrate_start(QTestState **from, 
QTestState **to,

  if (!args->only_target) {
  g_autofree gchar *cmd_source = NULL;
-    cmd_source = g_strdup_printf("-accel kvm%s -accel tcg%s%s "
+    cmd_source = g_strdup_printf("-accel kvm%s -accel tcg%s "
   "-name source,debug-threads=on "
- "-m %s "
   "-serial file:%s/src_serial "
   "%s %s %s %s",
   args->use_dirty_ring ?
   ",dirty-ring-size=4096" : "",
- machine_opts ? " -machine " : "",
- machine_opts ? machine_opts : "",


You removed two strings here, but only one %s above.



- memory_size, tmpfs,
+ cmd_common->str, tmpfs,


One new string is added here ^^^.


   arch_source, shmem_opts,
   args->opts_source ? 
args->opts_source : "",

   ignore_stderr);
  *from = qtest_init(cmd_source);
  }
-    cmd_target = g_strdup_printf("-accel kvm%s -accel tcg%s%s "
+    cmd_target = g_strdup_printf("-accel kvm%s -accel tcg%s "
   "-name target,debug-threads=on "
- "-m %s "
   "-serial file:%s/dest_serial "
   "-incoming %s "
   "%s %s %s %s",
   args->use_dirty_ring ?
   ",dirty-ring-size=4096" : "",
- machine_opts ? " -machine " : "",
- machine_opts ? machine_opts : "",
- memory_size, tmpfs, uri,
+ cmd_common->str, tmpfs, uri,
   arch_target, shmem_opts,
   args->opts_target ? 
args->opts_target : "",

   ignore_stderr);

Re: [PATCH v2 0/4] bulk: Replace TARGET_FMT_plx by HWADDR_PRIx

[Thomas Huth]

On 11/01/2023 09.39, Philippe Mathieu-Daudé wrote:

Since v1:
- Fix checkpatch style violations
- Use HWADDR_PRIx instead of HWADDR_FMT_plx (Zoltan)

Supersedes: <20230110212947.34557-1-phi...@linaro.org>
 "bulk: Rename TARGET_FMT_plx -> HWADDR_FMT_plx"

Philippe Mathieu-Daudé (4):
   hw: Remove hardcoded tabs (code style)
   bulk: Coding style fixes
   bulk: Replace TARGET_FMT_plx -> HWADDR_PRIx
   bulk: Prefix '0x' to hex values displayed with HWADDR_PRIx format


Big sorry, I picked up v1 for my last pull request before I saw that there 
is a v2. But IMHO it's ok to have a separate macro with a %016 included, so 
I'd rather tend to keep HWADDR_FMT_plx. Anyway, if you consider the other 
changes in your series important enough, please rebase them. Sorry again for 
the additional work that this might cause.


 Thomas

Re: [PATCH v4 12/19] target/hexagon: Clean up includes

[Markus Armbruster]

Taylor Simpson  writes:

>> -Original Message-
>> From: Markus Armbruster 
>> Sent: Thursday, January 19, 2023 1:00 AM
>> To: qemu-devel@nongnu.org
>> Cc: richard.hender...@linaro.org; pbonz...@redhat.com;
>> kw...@redhat.com; hre...@redhat.com; i...@bsdimp.com;
>> kev...@freebsd.org; berra...@redhat.com; gr...@kaod.org;
>> qemu_...@crudebyte.com; m...@redhat.com; phi...@linaro.org;
>> peter.mayd...@linaro.org; alist...@alistair23.me; jasow...@redhat.com;
>> jonathan.came...@huawei.com; kbast...@mail.uni-paderborn.de;
>> quint...@redhat.com; dgilb...@redhat.com; michael.r...@amd.com;
>> kkost...@redhat.com; Taylor Simpson ;
>> pal...@dabbelt.com; bin.m...@windriver.com; qemu-bl...@nongnu.org;
>> qemu-...@nongnu.org; qemu-ri...@nongnu.org
>> Subject: [PATCH v4 12/19] target/hexagon: Clean up includes
>> 
>> Clean up includes so that osdep.h is included first and headers which it
>> implies are not included manually.
>> 
>> This commit was created with scripts/clean-includes.
>> 
>> Changes to standalone programs dropped, because I can't tell whether them
>> not using qemu/osdep.h is intentional:
>> 
>> target/hexagon/gen_dectree_import.c
>> target/hexagon/gen_semantics.c
>> target/hexagon/idef-parser/idef-parser.h
>> target/hexagon/idef-parser/parser-helpers.c
>> target/hexagon/idef-parser/parser-helpers.h
>
> Correct.  These are standalone programs not built with the full QEMU context.

I'll tweak the commit message like this:

   Changes to standalone programs dropped, because these intentionally
   don't use qemu/osdep.h:

>> Signed-off-by: Markus Armbruster 
>> ---
>>  target/hexagon/hex_arch_types.h | 1 -
>>  target/hexagon/mmvec/macros.h   | 1 -
>>  2 files changed, 2 deletions(-)
>
> Reviewed-by: Taylor Simpson 

Thanks!

Re: [PATCH v4 10/19] migration: Clean up includes

[Markus Armbruster]

"Dr. David Alan Gilbert"  writes:

> * Markus Armbruster (arm...@redhat.com) wrote:
>> "Dr. David Alan Gilbert"  writes:
>> 
>> > * Markus Armbruster (arm...@redhat.com) wrote:
>> >> Clean up includes so that osdep.h is included first and headers
>> >> which it implies are not included manually.
>> >
>> > That change doesn't seem to match the message; the patch is removing the
>> > osdep.h include.
>> 
>> It's the commit message scripts/clean-includes creates :)
>> 
>> I can throw in another patch to the script so it mentions it also
>> removes qemu/osdep.h from headers.
>
> Oh hmm it would be clearer;

What about

$GITSUBJ: Clean up includes

Clean up includes so that osdep.h is included first in .c and not in
.h, and headers which it implies are not included manually.

This commit was created with scripts/clean-includes.


> but OK then, so 
>
> Reviewed-by: Dr. David Alan Gilbert 

Thanks!

Re: [PATCH v2 09/11] tests/qtest/migration-test: Build command line using GString API (3/4)

[Philippe Mathieu-Daudé]

On 19/1/23 22:17, Richard Henderson wrote:

On 1/19/23 04:58, Philippe Mathieu-Daudé wrote:

Part 3/4: Convert accelerator options.

Signed-off-by: Philippe Mathieu-Daudé 
---
  tests/qtest/migration-test.c | 11 +--
  1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c
index 8377b3976a..015b774a9e 100644
--- a/tests/qtest/migration-test.c
+++ b/tests/qtest/migration-test.c
@@ -603,6 +603,9 @@ static int test_migrate_start(QTestState **from, 
QTestState **to,

  got_stop = false;
  cmd_common = g_string_new("");
+    g_string_append_printf(cmd_common, "-accel kvm%s ",
+   args->use_dirty_ring ? 
",dirty-ring-size=4096" : "");

+    g_string_append(cmd_common, "-accel tcg ");


Maybe clearer as

   if (args->use_dirty_ring) {
   g_string_append(s, "-accel kvm,dirty-ring-size=4096 ");
   } else {
   g_string_append(s, "-accel kvm ");
   }


Agreed, I first did that change, then went back to have simpler "one
big patch" in v1. Now since v2 splits the changes I'll do that.

[PULL 01/12] coroutine: Clean up superfluous inclusion of qemu/coroutine.h

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
Reviewed-by: Stefan Hajnoczi 
Message-Id: <20221221131435.3851212-2-arm...@redhat.com>
---
 crypto/block-luks-priv.h| 1 -
 include/block/raw-aio.h | 1 -
 include/scsi/pr-manager.h   | 1 -
 nbd/nbd-internal.h  | 1 -
 blockjob.c  | 1 -
 crypto/block-luks.c | 1 -
 hw/9pfs/codir.c | 1 -
 hw/9pfs/cofile.c| 1 -
 hw/9pfs/cofs.c  | 1 -
 hw/9pfs/coxattr.c   | 1 -
 tests/unit/test-coroutine.c | 1 -
 tests/unit/test-vmstate.c   | 1 -
 util/qemu-coroutine-lock.c  | 1 -
 util/qemu-coroutine-sleep.c | 1 -
 util/qemu-coroutine.c   | 1 -
 15 files changed, 15 deletions(-)

diff --git a/crypto/block-luks-priv.h b/crypto/block-luks-priv.h
index 90a20d432b..dc2dd14e52 100644
--- a/crypto/block-luks-priv.h
+++ b/crypto/block-luks-priv.h
@@ -31,7 +31,6 @@
 #include "crypto/random.h"
 #include "qemu/uuid.h"
 
-#include "qemu/coroutine.h"
 #include "qemu/bitmap.h"
 
 /*
diff --git a/include/block/raw-aio.h b/include/block/raw-aio.h
index 21fc10c4c9..f8cda9df91 100644
--- a/include/block/raw-aio.h
+++ b/include/block/raw-aio.h
@@ -17,7 +17,6 @@
 #define QEMU_RAW_AIO_H
 
 #include "block/aio.h"
-#include "qemu/coroutine.h"
 #include "qemu/iov.h"
 
 /* AIO request types */
diff --git a/include/scsi/pr-manager.h b/include/scsi/pr-manager.h
index e4ecbe00f6..45de28d354 100644
--- a/include/scsi/pr-manager.h
+++ b/include/scsi/pr-manager.h
@@ -5,7 +5,6 @@
 #include "qapi/visitor.h"
 #include "qom/object_interfaces.h"
 #include "block/aio.h"
-#include "qemu/coroutine.h"
 
 #define TYPE_PR_MANAGER "pr-manager"
 
diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
index 1b2141ab4b..df42fef706 100644
--- a/nbd/nbd-internal.h
+++ b/nbd/nbd-internal.h
@@ -13,7 +13,6 @@
 #include "sysemu/block-backend.h"
 #include "io/channel-tls.h"
 
-#include "qemu/coroutine.h"
 #include "qemu/iov.h"
 
 #ifndef _WIN32
diff --git a/blockjob.c b/blockjob.c
index b7daf2a9f6..54b4091a36 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -32,7 +32,6 @@
 #include "qapi/error.h"
 #include "qapi/qapi-events-block-core.h"
 #include "qapi/qmp/qerror.h"
-#include "qemu/coroutine.h"
 #include "qemu/main-loop.h"
 #include "qemu/timer.h"
 
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index ff9e3945d1..5688783ab1 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -32,7 +32,6 @@
 #include "crypto/random.h"
 #include "qemu/uuid.h"
 
-#include "qemu/coroutine.h"
 #include "qemu/bitmap.h"
 
 /*
diff --git a/hw/9pfs/codir.c b/hw/9pfs/codir.c
index 93ba44fb75..7ba63be489 100644
--- a/hw/9pfs/codir.c
+++ b/hw/9pfs/codir.c
@@ -19,7 +19,6 @@
 #include "qemu/osdep.h"
 #include "fsdev/qemu-fsdev.h"
 #include "qemu/thread.h"
-#include "qemu/coroutine.h"
 #include "qemu/main-loop.h"
 #include "coth.h"
 #include "9p-xattr.h"
diff --git a/hw/9pfs/cofile.c b/hw/9pfs/cofile.c
index 20f93a90e7..9c5344039e 100644
--- a/hw/9pfs/cofile.c
+++ b/hw/9pfs/cofile.c
@@ -19,7 +19,6 @@
 #include "qemu/osdep.h"
 #include "fsdev/qemu-fsdev.h"
 #include "qemu/thread.h"
-#include "qemu/coroutine.h"
 #include "qemu/main-loop.h"
 #include "coth.h"
 
diff --git a/hw/9pfs/cofs.c b/hw/9pfs/cofs.c
index 9d0adc2e78..67e3ae5c5c 100644
--- a/hw/9pfs/cofs.c
+++ b/hw/9pfs/cofs.c
@@ -19,7 +19,6 @@
 #include "qemu/osdep.h"
 #include "fsdev/qemu-fsdev.h"
 #include "qemu/thread.h"
-#include "qemu/coroutine.h"
 #include "qemu/main-loop.h"
 #include "coth.h"
 
diff --git a/hw/9pfs/coxattr.c b/hw/9pfs/coxattr.c
index dbcd09e0fd..cd0f8488ac 100644
--- a/hw/9pfs/coxattr.c
+++ b/hw/9pfs/coxattr.c
@@ -19,7 +19,6 @@
 #include "qemu/osdep.h"
 #include "fsdev/qemu-fsdev.h"
 #include "qemu/thread.h"
-#include "qemu/coroutine.h"
 #include "qemu/main-loop.h"
 #include "coth.h"
 
diff --git a/tests/unit/test-coroutine.c b/tests/unit/test-coroutine.c
index e16b80c245..513800d3db 100644
--- a/tests/unit/test-coroutine.c
+++ b/tests/unit/test-coroutine.c
@@ -12,7 +12,6 @@
  */
 
 #include "qemu/osdep.h"
-#include "qemu/coroutine.h"
 #include "qemu/coroutine_int.h"
 #include "qemu/lockable.h"
 
diff --git a/tests/unit/test-vmstate.c b/tests/unit/test-vmstate.c
index 541bb4f63e..79357b29ca 100644
--- a/tests/unit/test-vmstate.c
+++ b/tests/unit/test-vmstate.c
@@ -29,7 +29,6 @@
 #include "migration/qemu-file-types.h"
 #include "../migration/qemu-file.h"
 #include "../migration/savevm.h"
-#include "qemu/coroutine.h"
 #include "qemu/module.h"
 #include "io/channel-file.h"
 
diff --git a/util/qemu-coroutine-lock.c b/util/qemu-coroutine-lock.c
index 45c6b57374..58f3f77181 100644
--- a/util/qemu-coroutine-lock.c
+++ b/util/qemu-coroutine-lock.c
@@ -27,7 +27,6 @@
  */
 
 #include "qemu/osdep.h"
-#include "qemu/coroutine.h"
 #include "qemu/coroutine_int.h"
 #include "qemu/processor.h"
 #include "qemu/queue.h"
diff --git a/util/qemu-coroutine-sleep.c b/util/qemu-coroutine-sleep.c
index 571ab521ff..af59f9af98 100644
--- a/util/qemu-coroutine-sleep.c
+++ b/util/qemu-coroutine-sleep.c
@@ -12,7 +12,6 @@
  */
 
 

[PULL 11/12] include/hw/ppc: Don't include hw/pci-host/pnv_phb.h from pnv.h

[Markus Armbruster]

The next commit needs to include hw/ppc/pnv.h from
hw/pci-host/pnv_phb.h.  Avoid an inclusion loop.

Signed-off-by: Markus Armbruster 
Reviewed-by: Cédric Le Goater 
Reviewed-by: Daniel Henrique Barboza 
Message-Id: <20221222104628.659681-4-arm...@redhat.com>
---
 include/hw/pci-host/pnv_phb4.h | 3 ++-
 include/hw/ppc/pnv.h   | 3 ++-
 hw/ppc/pnv_psi.c   | 1 +
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/include/hw/pci-host/pnv_phb4.h b/include/hw/pci-host/pnv_phb4.h
index d9cea3f952..b4f2b29fb5 100644
--- a/include/hw/pci-host/pnv_phb4.h
+++ b/include/hw/pci-host/pnv_phb4.h
@@ -10,14 +10,15 @@
 #ifndef PCI_HOST_PNV_PHB4_H
 #define PCI_HOST_PNV_PHB4_H
 
+#include "hw/pci-host/pnv_phb.h"
 #include "hw/pci/pci_bus.h"
+#include "hw/ppc/pnv.h"
 #include "hw/ppc/xive.h"
 #include "qom/object.h"
 
 typedef struct PnvPhb4PecState PnvPhb4PecState;
 typedef struct PnvPhb4PecStack PnvPhb4PecStack;
 typedef struct PnvPHB4 PnvPHB4;
-typedef struct PnvPHB PnvPHB;
 typedef struct PnvChip PnvChip;
 
 /*
diff --git a/include/hw/ppc/pnv.h b/include/hw/ppc/pnv.h
index ca49e4281d..96fb850419 100644
--- a/include/hw/ppc/pnv.h
+++ b/include/hw/ppc/pnv.h
@@ -25,7 +25,6 @@
 #include "hw/sysbus.h"
 #include "hw/ipmi/ipmi.h"
 #include "hw/ppc/pnv_pnor.h"
-#include "hw/pci-host/pnv_phb.h"
 
 #define TYPE_PNV_CHIP "pnv-chip"
 
@@ -59,6 +58,8 @@ DECLARE_INSTANCE_CHECKER(PnvChip, PNV_CHIP_POWER10,
 
 PowerPCCPU *pnv_chip_find_cpu(PnvChip *chip, uint32_t pir);
 
+typedef struct PnvPHB PnvPHB;
+
 #define TYPE_PNV_MACHINE   MACHINE_TYPE_NAME("powernv")
 typedef struct PnvMachineClass PnvMachineClass;
 typedef struct PnvMachineState PnvMachineState;
diff --git a/hw/ppc/pnv_psi.c b/hw/ppc/pnv_psi.c
index 98045ed3d2..8aa09ab26b 100644
--- a/hw/ppc/pnv_psi.c
+++ b/hw/ppc/pnv_psi.c
@@ -18,6 +18,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "exec/address-spaces.h"
 #include "hw/irq.h"
 #include "target/ppc/cpu.h"
 #include "qemu/log.h"
-- 
2.39.0

[PULL 05/12] coroutine: Use Coroutine typedef name instead of structure tag

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20221221131435.3851212-6-arm...@redhat.com>
---
 include/block/aio.h | 7 +++
 util/async.c| 4 ++--
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/include/block/aio.h b/include/block/aio.h
index 3a546e7515..8fba6a3584 100644
--- a/include/block/aio.h
+++ b/include/block/aio.h
@@ -52,7 +52,6 @@ typedef void QEMUBHFunc(void *opaque);
 typedef bool AioPollFn(void *opaque);
 typedef void IOHandler(void *opaque);
 
-struct Coroutine;
 struct ThreadPool;
 struct LinuxAioState;
 struct LuringState;
@@ -694,7 +693,7 @@ static inline bool aio_node_check(AioContext *ctx, bool 
is_external)
  * is the context in which the coroutine is running (i.e. the value of
  * qemu_get_current_aio_context() from the coroutine itself).
  */
-void aio_co_schedule(AioContext *ctx, struct Coroutine *co);
+void aio_co_schedule(AioContext *ctx, Coroutine *co);
 
 /**
  * aio_co_reschedule_self:
@@ -717,7 +716,7 @@ void coroutine_fn aio_co_reschedule_self(AioContext 
*new_ctx);
  * context.  The coroutine must not be entered by anyone else while
  * aio_co_wake() is active.
  */
-void aio_co_wake(struct Coroutine *co);
+void aio_co_wake(Coroutine *co);
 
 /**
  * aio_co_enter:
@@ -726,7 +725,7 @@ void aio_co_wake(struct Coroutine *co);
  *
  * Enter a coroutine in the specified AioContext.
  */
-void aio_co_enter(AioContext *ctx, struct Coroutine *co);
+void aio_co_enter(AioContext *ctx, Coroutine *co);
 
 /**
  * Return the AioContext whose event loop runs in the current thread.
diff --git a/util/async.c b/util/async.c
index 14d63b3091..0657b75397 100644
--- a/util/async.c
+++ b/util/async.c
@@ -640,7 +640,7 @@ void coroutine_fn aio_co_reschedule_self(AioContext 
*new_ctx)
 }
 }
 
-void aio_co_wake(struct Coroutine *co)
+void aio_co_wake(Coroutine *co)
 {
 AioContext *ctx;
 
@@ -653,7 +653,7 @@ void aio_co_wake(struct Coroutine *co)
 aio_co_enter(ctx, co);
 }
 
-void aio_co_enter(AioContext *ctx, struct Coroutine *co)
+void aio_co_enter(AioContext *ctx, Coroutine *co)
 {
 if (ctx != qemu_get_current_aio_context()) {
 aio_co_schedule(ctx, co);
-- 
2.39.0

[PULL 08/12] include/hw/block: Include hw/block/block.h where needed

[Markus Armbruster]

hw/block/swim.h needs BlockConf.

Signed-off-by: Markus Armbruster 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20221221133551.3967339-4-arm...@redhat.com>
---
 include/hw/block/swim.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/hw/block/swim.h b/include/hw/block/swim.h
index c1bd5f6555..9b3dcb029d 100644
--- a/include/hw/block/swim.h
+++ b/include/hw/block/swim.h
@@ -11,6 +11,7 @@
 #ifndef SWIM_H
 #define SWIM_H
 
+#include "hw/block/block.h"
 #include "hw/sysbus.h"
 #include "qom/object.h"
 
-- 
2.39.0

[PULL 10/12] include/hw/ppc: Supply a few missing includes

[Markus Armbruster]

A few headers neglect to include headers they need.  They compile only
if something else includes the required header(s) first.  Fix that.

Signed-off-by: Markus Armbruster 
Reviewed-by: Cédric Le Goater 
Reviewed-by: Daniel Henrique Barboza 
Message-Id: <20221222104628.659681-3-arm...@redhat.com>
---
 include/hw/ppc/pnv_lpc.h| 3 ++-
 include/hw/ppc/pnv_occ.h| 3 ++-
 include/hw/ppc/pnv_pnor.h   | 2 +-
 include/hw/ppc/pnv_sbe.h| 3 ++-
 include/hw/ppc/pnv_xscom.h  | 3 ++-
 include/hw/ppc/xive2.h  | 2 ++
 include/hw/ppc/xive2_regs.h | 2 ++
 7 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/include/hw/ppc/pnv_lpc.h b/include/hw/ppc/pnv_lpc.h
index 8a8d1a3d42..001eee27d7 100644
--- a/include/hw/ppc/pnv_lpc.h
+++ b/include/hw/ppc/pnv_lpc.h
@@ -20,7 +20,8 @@
 #ifndef PPC_PNV_LPC_H
 #define PPC_PNV_LPC_H
 
-#include "qom/object.h"
+#include "exec/memory.h"
+#include "hw/qdev-core.h"
 
 #define TYPE_PNV_LPC "pnv-lpc"
 typedef struct PnvLpcClass PnvLpcClass;
diff --git a/include/hw/ppc/pnv_occ.h b/include/hw/ppc/pnv_occ.h
index 90a81dae2b..df321244e3 100644
--- a/include/hw/ppc/pnv_occ.h
+++ b/include/hw/ppc/pnv_occ.h
@@ -20,7 +20,8 @@
 #ifndef PPC_PNV_OCC_H
 #define PPC_PNV_OCC_H
 
-#include "qom/object.h"
+#include "exec/memory.h"
+#include "hw/qdev-core.h"
 
 #define TYPE_PNV_OCC "pnv-occ"
 OBJECT_DECLARE_TYPE(PnvOCC, PnvOCCClass,
diff --git a/include/hw/ppc/pnv_pnor.h b/include/hw/ppc/pnv_pnor.h
index bab2f79844..2e37ac88bf 100644
--- a/include/hw/ppc/pnv_pnor.h
+++ b/include/hw/ppc/pnv_pnor.h
@@ -10,7 +10,7 @@
 #ifndef PPC_PNV_PNOR_H
 #define PPC_PNV_PNOR_H
 
-#include "qom/object.h"
+#include "hw/sysbus.h"
 
 /*
  * PNOR offset on the LPC FW address space
diff --git a/include/hw/ppc/pnv_sbe.h b/include/hw/ppc/pnv_sbe.h
index f54a3ae9ba..b6b378ad14 100644
--- a/include/hw/ppc/pnv_sbe.h
+++ b/include/hw/ppc/pnv_sbe.h
@@ -20,7 +20,8 @@
 #ifndef PPC_PNV_SBE_H
 #define PPC_PNV_SBE_H
 
-#include "qom/object.h"
+#include "exec/memory.h"
+#include "hw/qdev-core.h"
 
 #define TYPE_PNV_SBE "pnv-sbe"
 OBJECT_DECLARE_TYPE(PnvSBE, PnvSBEClass, PNV_SBE)
diff --git a/include/hw/ppc/pnv_xscom.h b/include/hw/ppc/pnv_xscom.h
index c6e9ef8dd2..cbe848d27b 100644
--- a/include/hw/ppc/pnv_xscom.h
+++ b/include/hw/ppc/pnv_xscom.h
@@ -20,7 +20,8 @@
 #ifndef PPC_PNV_XSCOM_H
 #define PPC_PNV_XSCOM_H
 
-#include "qom/object.h"
+#include "exec/memory.h"
+#include "hw/ppc/pnv.h"
 
 typedef struct PnvXScomInterface PnvXScomInterface;
 
diff --git a/include/hw/ppc/xive2.h b/include/hw/ppc/xive2.h
index e9e3ea135e..ab68f8d157 100644
--- a/include/hw/ppc/xive2.h
+++ b/include/hw/ppc/xive2.h
@@ -11,7 +11,9 @@
 #ifndef PPC_XIVE2_H
 #define PPC_XIVE2_H
 
+#include "hw/ppc/xive.h"
 #include "hw/ppc/xive2_regs.h"
+#include "hw/sysbus.h"
 
 /*
  * XIVE2 Router (POWER10)
diff --git a/include/hw/ppc/xive2_regs.h b/include/hw/ppc/xive2_regs.h
index 14605bd458..b7adbdb7b9 100644
--- a/include/hw/ppc/xive2_regs.h
+++ b/include/hw/ppc/xive2_regs.h
@@ -10,6 +10,8 @@
 #ifndef PPC_XIVE2_REGS_H
 #define PPC_XIVE2_REGS_H
 
+#include "cpu.h"
+
 /*
  * Thread Interrupt Management Area (TIMA)
  *
-- 
2.39.0

[PULL 07/12] hw/sparc64/niagara: Use blk_name() instead of open-coding it

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20221221133551.3967339-3-arm...@redhat.com>
---
 hw/sparc64/niagara.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/hw/sparc64/niagara.c b/hw/sparc64/niagara.c
index ab3c4ec346..6725cc61fd 100644
--- a/hw/sparc64/niagara.c
+++ b/hw/sparc64/niagara.c
@@ -23,7 +23,6 @@
  */
 
 #include "qemu/osdep.h"
-#include "block/block_int-common.h"
 #include "qemu/units.h"
 #include "cpu.h"
 #include "hw/boards.h"
@@ -144,10 +143,9 @@ static void niagara_init(MachineState *machine)
 memory_region_add_subregion(get_system_memory(),
 NIAGARA_VDISK_BASE, >vdisk_ram);
 dinfo->is_default = 1;
-rom_add_file_fixed(blk_bs(blk)->filename, NIAGARA_VDISK_BASE, -1);
+rom_add_file_fixed(blk_name(blk), NIAGARA_VDISK_BASE, -1);
 } else {
-error_report("could not load ram disk '%s'",
- blk_bs(blk)->filename);
+error_report("could not load ram disk '%s'", blk_name(blk));
 exit(1);
 }
 }
-- 
2.39.0

[PULL 09/12] include/hw/ppc: Split pnv_chip.h off pnv.h

[Markus Armbruster]

PnvChipClass, PnvChip, Pnv8Chip, Pnv9Chip, and Pnv10Chip are defined
in pnv.h.  Many users of the header don't actually need them.  One
instance is this inclusion loop: hw/ppc/pnv_homer.h includes
hw/ppc/pnv.h for typedef PnvChip, and vice versa for struct PnvHomer.

Similar structs live in their own headers: PnvHomerClass and PnvHomer
in pnv_homer.h, PnvLpcClass and PnvLpcController in pci_lpc.h,
PnvPsiClass, PnvPsi, Pnv8Psi, Pnv9Psi, Pnv10Psi in pnv_psi.h, ...

Move PnvChipClass, PnvChip, Pnv8Chip, Pnv9Chip, and Pnv10Chip to new
pnv_chip.h, and adjust include directives.  This breaks the inclusion
loop mentioned above.

Signed-off-by: Markus Armbruster 
Reviewed-by: Cédric Le Goater 
Reviewed-by: Daniel Henrique Barboza 
Message-Id: <20221222104628.659681-2-arm...@redhat.com>
---
 include/hw/ppc/pnv.h   | 143 +---
 include/hw/ppc/pnv_chip.h  | 147 +
 hw/intc/pnv_xive.c |   1 +
 hw/intc/pnv_xive2.c|   1 +
 hw/pci-host/pnv_phb3.c |   1 +
 hw/pci-host/pnv_phb4_pec.c |   1 +
 hw/ppc/pnv.c   |   3 +
 hw/ppc/pnv_core.c  |   1 +
 hw/ppc/pnv_homer.c |   1 +
 hw/ppc/pnv_lpc.c   |   1 +
 hw/ppc/pnv_xscom.c |   1 +
 11 files changed, 160 insertions(+), 141 deletions(-)
 create mode 100644 include/hw/ppc/pnv_chip.h

diff --git a/include/hw/ppc/pnv.h b/include/hw/ppc/pnv.h
index 9ef7e2d0dc..ca49e4281d 100644
--- a/include/hw/ppc/pnv.h
+++ b/include/hw/ppc/pnv.h
@@ -20,158 +20,19 @@
 #ifndef PPC_PNV_H
 #define PPC_PNV_H
 
+#include "cpu.h"
 #include "hw/boards.h"
 #include "hw/sysbus.h"
 #include "hw/ipmi/ipmi.h"
-#include "hw/ppc/pnv_lpc.h"
 #include "hw/ppc/pnv_pnor.h"
-#include "hw/ppc/pnv_psi.h"
-#include "hw/ppc/pnv_occ.h"
-#include "hw/ppc/pnv_sbe.h"
-#include "hw/ppc/pnv_homer.h"
-#include "hw/ppc/pnv_xive.h"
-#include "hw/ppc/pnv_core.h"
-#include "hw/pci-host/pnv_phb3.h"
-#include "hw/pci-host/pnv_phb4.h"
 #include "hw/pci-host/pnv_phb.h"
-#include "qom/object.h"
 
 #define TYPE_PNV_CHIP "pnv-chip"
-OBJECT_DECLARE_TYPE(PnvChip, PnvChipClass,
-PNV_CHIP)
 
-struct PnvChip {
-/*< private >*/
-SysBusDevice parent_obj;
-
-/*< public >*/
-uint32_t chip_id;
-uint64_t ram_start;
-uint64_t ram_size;
-
-uint32_t nr_cores;
-uint32_t nr_threads;
-uint64_t cores_mask;
-PnvCore  **cores;
-
-uint32_t num_pecs;
-
-MemoryRegion xscom_mmio;
-MemoryRegion xscom;
-AddressSpace xscom_as;
-
-MemoryRegion *fw_mr;
-gchar*dt_isa_nodename;
-};
-
-#define TYPE_PNV8_CHIP "pnv8-chip"
+typedef struct PnvChip PnvChip;
 typedef struct Pnv8Chip Pnv8Chip;
-DECLARE_INSTANCE_CHECKER(Pnv8Chip, PNV8_CHIP,
- TYPE_PNV8_CHIP)
-
-struct Pnv8Chip {
-/*< private >*/
-PnvChip  parent_obj;
-
-/*< public >*/
-MemoryRegion icp_mmio;
-
-PnvLpcController lpc;
-Pnv8Psi  psi;
-PnvOCC   occ;
-PnvHomer homer;
-
-#define PNV8_CHIP_PHB3_MAX 4
-/*
- * The array is used to allow quick access to the phbs by
- * pnv_ics_get_child() and pnv_ics_resend_child().
- */
-PnvPHB   *phbs[PNV8_CHIP_PHB3_MAX];
-uint32_t num_phbs;
-
-XICSFabric*xics;
-};
-
-#define TYPE_PNV9_CHIP "pnv9-chip"
 typedef struct Pnv9Chip Pnv9Chip;
-DECLARE_INSTANCE_CHECKER(Pnv9Chip, PNV9_CHIP,
- TYPE_PNV9_CHIP)
-
-struct Pnv9Chip {
-/*< private >*/
-PnvChip  parent_obj;
-
-/*< public >*/
-PnvXive  xive;
-Pnv9Psi  psi;
-PnvLpcController lpc;
-PnvOCC   occ;
-PnvSBE   sbe;
-PnvHomer homer;
-
-uint32_t nr_quads;
-PnvQuad  *quads;
-
-#define PNV9_CHIP_MAX_PEC 3
-PnvPhb4PecState pecs[PNV9_CHIP_MAX_PEC];
-};
-
-/*
- * A SMT8 fused core is a pair of SMT4 cores.
- */
-#define PNV9_PIR2FUSEDCORE(pir) (((pir) >> 3) & 0xf)
-#define PNV9_PIR2CHIP(pir)  (((pir) >> 8) & 0x7f)
-
-#define TYPE_PNV10_CHIP "pnv10-chip"
 typedef struct Pnv10Chip Pnv10Chip;
-DECLARE_INSTANCE_CHECKER(Pnv10Chip, PNV10_CHIP,
- TYPE_PNV10_CHIP)
-
-struct Pnv10Chip {
-/*< private >*/
-PnvChip  parent_obj;
-
-/*< public >*/
-PnvXive2 xive;
-Pnv9Psi  psi;
-PnvLpcController lpc;
-PnvOCC   occ;
-PnvSBE   sbe;
-PnvHomer homer;
-
-uint32_t nr_quads;
-PnvQuad  *quads;
-
-#define PNV10_CHIP_MAX_PEC 2
-PnvPhb4PecState pecs[PNV10_CHIP_MAX_PEC];
-};
-
-#define PNV10_PIR2FUSEDCORE(pir) (((pir) >> 3) & 0xf)
-#define PNV10_PIR2CHIP(pir)  (((pir) >> 8) & 0x7f)
-
-struct PnvChipClass {
-/*< private >*/
-SysBusDeviceClass parent_class;
-
-/*< public >*/
-uint64_t chip_cfam_id;
-uint64_t cores_mask;
-uint32_t num_pecs;
-uint32_t num_phbs;
-
-DeviceRealize parent_realize;
-
-uint32_t (*core_pir)(PnvChip *chip, uint32_t core_id);
-   

[PULL 12/12] include/hw/ppc include/hw/pci-host: Drop extra typedefs

[Markus Armbruster]

PnvChip is typedef'ed in five places, and PnvPhb4PecState in two.
Keep one, drop the others.

Signed-off-by: Markus Armbruster 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Cédric Le Goater 
Reviewed-by: Daniel Henrique Barboza 
Message-Id: <20221222104628.659681-5-arm...@redhat.com>
---
 hw/pci-host/pnv_phb.h  | 2 +-
 include/hw/pci-host/pnv_phb3.h | 1 -
 include/hw/pci-host/pnv_phb4.h | 2 --
 include/hw/ppc/pnv_core.h  | 3 +--
 include/hw/ppc/pnv_homer.h | 2 +-
 include/hw/ppc/pnv_lpc.h   | 8 ++--
 include/hw/ppc/pnv_xive.h  | 7 +++
 7 files changed, 8 insertions(+), 17 deletions(-)

diff --git a/hw/pci-host/pnv_phb.h b/hw/pci-host/pnv_phb.h
index 58ebd6dd0f..eb429d529f 100644
--- a/hw/pci-host/pnv_phb.h
+++ b/hw/pci-host/pnv_phb.h
@@ -12,9 +12,9 @@
 
 #include "hw/pci/pcie_host.h"
 #include "hw/pci/pcie_port.h"
+#include "hw/ppc/pnv.h"
 #include "qom/object.h"
 
-typedef struct PnvChip PnvChip;
 typedef struct PnvPhb4PecState PnvPhb4PecState;
 
 struct PnvPHB {
diff --git a/include/hw/pci-host/pnv_phb3.h b/include/hw/pci-host/pnv_phb3.h
index f791ebda9b..d62b3091ac 100644
--- a/include/hw/pci-host/pnv_phb3.h
+++ b/include/hw/pci-host/pnv_phb3.h
@@ -15,7 +15,6 @@
 #include "hw/pci-host/pnv_phb.h"
 
 typedef struct PnvPHB3 PnvPHB3;
-typedef struct PnvChip PnvChip;
 
 /*
  * PHB3 XICS Source for MSIs
diff --git a/include/hw/pci-host/pnv_phb4.h b/include/hw/pci-host/pnv_phb4.h
index b4f2b29fb5..1f3237c9d5 100644
--- a/include/hw/pci-host/pnv_phb4.h
+++ b/include/hw/pci-host/pnv_phb4.h
@@ -16,10 +16,8 @@
 #include "hw/ppc/xive.h"
 #include "qom/object.h"
 
-typedef struct PnvPhb4PecState PnvPhb4PecState;
 typedef struct PnvPhb4PecStack PnvPhb4PecStack;
 typedef struct PnvPHB4 PnvPHB4;
-typedef struct PnvChip PnvChip;
 
 /*
  * We have one such address space wrapper per possible device under
diff --git a/include/hw/ppc/pnv_core.h b/include/hw/ppc/pnv_core.h
index c22eab2e1f..3d75706e95 100644
--- a/include/hw/ppc/pnv_core.h
+++ b/include/hw/ppc/pnv_core.h
@@ -22,14 +22,13 @@
 
 #include "hw/cpu/core.h"
 #include "target/ppc/cpu.h"
+#include "hw/ppc/pnv.h"
 #include "qom/object.h"
 
 #define TYPE_PNV_CORE "powernv-cpu-core"
 OBJECT_DECLARE_TYPE(PnvCore, PnvCoreClass,
 PNV_CORE)
 
-typedef struct PnvChip PnvChip;
-
 struct PnvCore {
 /*< private >*/
 CPUCore parent_obj;
diff --git a/include/hw/ppc/pnv_homer.h b/include/hw/ppc/pnv_homer.h
index 07e8b19311..b1c5d498dc 100644
--- a/include/hw/ppc/pnv_homer.h
+++ b/include/hw/ppc/pnv_homer.h
@@ -39,7 +39,7 @@ DECLARE_INSTANCE_CHECKER(PnvHomer, PNV10_HOMER,
 struct PnvHomer {
 DeviceState parent;
 
-struct PnvChip *chip;
+PnvChip *chip;
 MemoryRegion pba_regs;
 MemoryRegion regs;
 };
diff --git a/include/hw/ppc/pnv_lpc.h b/include/hw/ppc/pnv_lpc.h
index 001eee27d7..5d22c45570 100644
--- a/include/hw/ppc/pnv_lpc.h
+++ b/include/hw/ppc/pnv_lpc.h
@@ -21,6 +21,7 @@
 #define PPC_PNV_LPC_H
 
 #include "exec/memory.h"
+#include "hw/ppc/pnv.h"
 #include "hw/qdev-core.h"
 
 #define TYPE_PNV_LPC "pnv-lpc"
@@ -93,13 +94,8 @@ struct PnvLpcClass {
 DeviceRealize parent_realize;
 };
 
-/*
- * Old compilers error on typdef forward declarations. Keep them happy.
- */
-struct PnvChip;
-
 ISABus *pnv_lpc_isa_create(PnvLpcController *lpc, bool use_cpld, Error **errp);
-int pnv_dt_lpc(struct PnvChip *chip, void *fdt, int root_offset,
+int pnv_dt_lpc(PnvChip *chip, void *fdt, int root_offset,
uint64_t lpcm_addr, uint64_t lpcm_size);
 
 #endif /* PPC_PNV_LPC_H */
diff --git a/include/hw/ppc/pnv_xive.h b/include/hw/ppc/pnv_xive.h
index b5d91505e5..9c48430ee4 100644
--- a/include/hw/ppc/pnv_xive.h
+++ b/include/hw/ppc/pnv_xive.h
@@ -10,12 +10,11 @@
 #ifndef PPC_PNV_XIVE_H
 #define PPC_PNV_XIVE_H
 
+#include "hw/ppc/pnv.h"
 #include "hw/ppc/xive.h"
 #include "qom/object.h"
 #include "hw/ppc/xive2.h"
 
-struct PnvChip;
-
 #define TYPE_PNV_XIVE "pnv-xive"
 OBJECT_DECLARE_TYPE(PnvXive, PnvXiveClass,
 PNV_XIVE)
@@ -31,7 +30,7 @@ struct PnvXive {
 XiveRouterparent_obj;
 
 /* Owning chip */
-struct PnvChip *chip;
+PnvChip *chip;
 
 /* XSCOM addresses giving access to the controller registers */
 MemoryRegion  xscom_regs;
@@ -106,7 +105,7 @@ typedef struct PnvXive2 {
 Xive2Router   parent_obj;
 
 /* Owning chip */
-struct PnvChip *chip;
+PnvChip *chip;
 
 /* XSCOM addresses giving access to the controller registers */
 MemoryRegion  xscom_regs;
-- 
2.39.0

[PULL 04/12] coroutine: Split qemu/coroutine-core.h off qemu/coroutine.h

[Markus Armbruster]

qemu/coroutine.h and qemu/lockable.h include each other.

They need each other only in macro expansions, so we could simply drop
both inclusions to break the loop, and add suitable includes to files
that expand the macros.

Instead, move a part of qemu/coroutine.h to new qemu/coroutine-core.h
so that qemu/coroutine-core.h doesn't need qemu/lockable.h, and
qemu/lockable.h only needs qemu/coroutine-core.h.  Result:
qemu/coroutine.h includes qemu/lockable.h includes
qemu/coroutine-core.h.

Signed-off-by: Markus Armbruster 
Message-Id: <20221221131435.3851212-5-arm...@redhat.com>
[Semantic rebase conflict with 7c10cb38cc "accel/tcg: Add debuginfo
support" resolved]
---
 accel/tcg/debuginfo.h |   2 +
 hw/9pfs/coth.h|   2 +-
 include/block/aio.h   |   2 +-
 include/io/channel.h  |   2 +-
 include/qemu/coroutine-core.h | 154 ++
 include/qemu/coroutine.h  |  97 +
 include/qemu/lockable.h   |   2 +-
 include/qemu/typedefs.h   |   1 -
 nbd/client-connection.c   |   1 +
 tests/unit/test-aio.c |   2 +-
 ui/console.c  |   1 +
 11 files changed, 164 insertions(+), 102 deletions(-)
 create mode 100644 include/qemu/coroutine-core.h

diff --git a/accel/tcg/debuginfo.h b/accel/tcg/debuginfo.h
index 7542cfe6e0..f064e1c144 100644
--- a/accel/tcg/debuginfo.h
+++ b/accel/tcg/debuginfo.h
@@ -7,6 +7,8 @@
 #ifndef ACCEL_TCG_DEBUGINFO_H
 #define ACCEL_TCG_DEBUGINFO_H
 
+#include "qemu/bitops.h"
+
 /*
  * Debuginfo describing a certain address.
  */
diff --git a/hw/9pfs/coth.h b/hw/9pfs/coth.h
index 1a1edbdc2a..2c54249b35 100644
--- a/hw/9pfs/coth.h
+++ b/hw/9pfs/coth.h
@@ -16,7 +16,7 @@
 #define QEMU_9P_COTH_H
 
 #include "qemu/thread.h"
-#include "qemu/coroutine.h"
+#include "qemu/coroutine-core.h"
 #include "9p.h"
 
 /*
diff --git a/include/block/aio.h b/include/block/aio.h
index 0f65a3cc9e..3a546e7515 100644
--- a/include/block/aio.h
+++ b/include/block/aio.h
@@ -17,7 +17,7 @@
 #ifdef CONFIG_LINUX_IO_URING
 #include 
 #endif
-#include "qemu/coroutine.h"
+#include "qemu/coroutine-core.h"
 #include "qemu/queue.h"
 #include "qemu/event_notifier.h"
 #include "qemu/thread.h"
diff --git a/include/io/channel.h b/include/io/channel.h
index f1b7e05f81..78b15f7870 100644
--- a/include/io/channel.h
+++ b/include/io/channel.h
@@ -22,7 +22,7 @@
 #define QIO_CHANNEL_H
 
 #include "qom/object.h"
-#include "qemu/coroutine.h"
+#include "qemu/coroutine-core.h"
 #include "block/aio.h"
 
 #define TYPE_QIO_CHANNEL "qio-channel"
diff --git a/include/qemu/coroutine-core.h b/include/qemu/coroutine-core.h
new file mode 100644
index 00..230bb56517
--- /dev/null
+++ b/include/qemu/coroutine-core.h
@@ -0,0 +1,154 @@
+/*
+ * QEMU coroutine implementation
+ *
+ * Copyright IBM, Corp. 2011
+ *
+ * Authors:
+ *  Stefan Hajnoczi
+ *  Kevin Wolf 
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+
+#ifndef QEMU_COROUTINE_CORE_H
+#define QEMU_COROUTINE_CORE_H
+
+/**
+ * Coroutines are a mechanism for stack switching and can be used for
+ * cooperative userspace threading.  These functions provide a simple but
+ * useful flavor of coroutines that is suitable for writing sequential code,
+ * rather than callbacks, for operations that need to give up control while
+ * waiting for events to complete.
+ *
+ * These functions are re-entrant and may be used outside the global mutex.
+ *
+ * Functions that execute in coroutine context cannot be called
+ * directly from normal functions.  Use @coroutine_fn to mark such
+ * functions.  For example:
+ *
+ *   static void coroutine_fn foo(void) {
+ *   
+ *   }
+ *
+ * In the future it would be nice to have the compiler or a static
+ * checker catch misuse of such functions.  This annotation might make
+ * it possible and in the meantime it serves as documentation.
+ */
+
+/**
+ * Mark a function that executes in coroutine context
+ *
+ *
+ * Functions that execute in coroutine context cannot be called
+ * directly from normal functions.  Use @coroutine_fn to mark such
+ * functions.  For example:
+ *
+ *   static void coroutine_fn foo(void) {
+ *   
+ *   }
+ *
+ * In the future it would be nice to have the compiler or a static
+ * checker catch misuse of such functions.  This annotation might make
+ * it possible and in the meantime it serves as documentation.
+ */
+
+typedef struct Coroutine Coroutine;
+typedef struct CoMutex CoMutex;
+
+/**
+ * Coroutine entry point
+ *
+ * When the coroutine is entered for the first time, opaque is passed in as an
+ * argument.
+ *
+ * When this function returns, the coroutine is destroyed automatically and
+ * execution continues in the caller who last entered the coroutine.
+ */
+typedef void coroutine_fn CoroutineEntry(void *opaque);
+
+/**
+ * Create a new coroutine
+ *
+ * Use qemu_coroutine_enter() to actually 

[PULL 02/12] coroutine: Move coroutine_fn to qemu/osdep.h, trim includes

[Markus Armbruster]

block/block-hmp-cmds.h and qemu/co-shared-resource.h use coroutine_fn
without including qemu/coroutine.h.  They compile only if it's already
included from elsewhere.

I could fix that, but pulling in qemu/coroutine.h and everything it
includes just for a macro that expands into nothing feels silly.
Instead, move the macro to qemu/osdep.h.

Inclusions of qemu/coroutine.h just for coroutine_fn become
superfluous.  Drop them.

Signed-off-by: Markus Armbruster 
Reviewed-by: Stefan Hajnoczi 
Message-Id: <20221221131435.3851212-3-arm...@redhat.com>
---
 include/block/aio_task.h |  2 --
 include/block/block-common.h |  1 -
 include/block/graph-lock.h   |  2 --
 include/monitor/hmp.h|  1 -
 include/qemu/coroutine.h | 18 +++---
 include/qemu/osdep.h | 16 
 6 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/include/block/aio_task.h b/include/block/aio_task.h
index 50bc1e1817..18a9c41f4e 100644
--- a/include/block/aio_task.h
+++ b/include/block/aio_task.h
@@ -25,8 +25,6 @@
 #ifndef BLOCK_AIO_TASK_H
 #define BLOCK_AIO_TASK_H
 
-#include "qemu/coroutine.h"
-
 typedef struct AioTaskPool AioTaskPool;
 typedef struct AioTask AioTask;
 typedef int coroutine_fn (*AioTaskFunc)(AioTask *task);
diff --git a/include/block/block-common.h b/include/block/block-common.h
index 4749c46a5e..434ffc5d34 100644
--- a/include/block/block-common.h
+++ b/include/block/block-common.h
@@ -27,7 +27,6 @@
 #include "block/aio.h"
 #include "block/aio-wait.h"
 #include "qemu/iov.h"
-#include "qemu/coroutine.h"
 #include "block/accounting.h"
 #include "qemu/hbitmap.h"
 #include "qemu/transactions.h"
diff --git a/include/block/graph-lock.h b/include/block/graph-lock.h
index 4c92cd8edf..3ab924d5e2 100644
--- a/include/block/graph-lock.h
+++ b/include/block/graph-lock.h
@@ -23,8 +23,6 @@
 #include "qemu/osdep.h"
 #include "qemu/clang-tsa.h"
 
-#include "qemu/coroutine.h"
-
 /**
  * Graph Lock API
  * This API provides a rwlock used to protect block layer
diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h
index 27f86399f7..c9e3887737 100644
--- a/include/monitor/hmp.h
+++ b/include/monitor/hmp.h
@@ -15,7 +15,6 @@
 #define HMP_H
 
 #include "qemu/readline.h"
-#include "qemu/coroutine.h"
 #include "qapi/qapi-types-common.h"
 
 bool hmp_handle_error(Monitor *mon, Error *err);
diff --git a/include/qemu/coroutine.h b/include/qemu/coroutine.h
index 89650a2d7f..2496a4f4ef 100644
--- a/include/qemu/coroutine.h
+++ b/include/qemu/coroutine.h
@@ -26,23 +26,19 @@
  * waiting for events to complete.
  *
  * These functions are re-entrant and may be used outside the global mutex.
- */
-
-/**
- * Mark a function that executes in coroutine context
  *
- * Functions that execute in coroutine context cannot be called directly from
- * normal functions.  In the future it would be nice to enable compiler or
- * static checker support for catching such errors.  This annotation might make
- * it possible and in the meantime it serves as documentation.
- *
- * For example:
+ * Functions that execute in coroutine context cannot be called
+ * directly from normal functions.  Use @coroutine_fn to mark such
+ * functions.  For example:
  *
  *   static void coroutine_fn foo(void) {
  *   
  *   }
+ *
+ * In the future it would be nice to have the compiler or a static
+ * checker catch misuse of such functions.  This annotation might make
+ * it possible and in the meantime it serves as documentation.
  */
-#define coroutine_fn
 
 typedef struct Coroutine Coroutine;
 
diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index bd23a08595..c850001408 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -157,6 +157,22 @@ extern "C" {
 
 #include "qemu/typedefs.h"
 
+/**
+ * Mark a function that executes in coroutine context
+ *
+ * Functions that execute in coroutine context cannot be called directly from
+ * normal functions.  In the future it would be nice to enable compiler or
+ * static checker support for catching such errors.  This annotation might make
+ * it possible and in the meantime it serves as documentation.
+ *
+ * For example:
+ *
+ *   static void coroutine_fn foo(void) {
+ *   
+ *   }
+ */
+#define coroutine_fn
+
 /*
  * For mingw, as of v6.0.0, the function implementing the assert macro is
  * not marked as noreturn, so the compiler cannot delete code following an
-- 
2.39.0

[PULL 06/12] include/block: Untangle inclusion loops

[Markus Armbruster]

We have two inclusion loops:

   block/block.h
-> block/block-global-state.h
-> block/block-common.h
-> block/blockjob.h
-> block/block.h

   block/block.h
-> block/block-io.h
-> block/block-common.h
-> block/blockjob.h
-> block/block.h

I believe these go back to Emanuele's reorganization of the block API,
merged a few months ago in commit d7e2fe4aac8.

Fortunately, breaking them is merely a matter of deleting unnecessary
includes from headers, and adding them back in places where they are
now missing.

Signed-off-by: Markus Armbruster 
Message-Id: <20221221133551.3967339-2-arm...@redhat.com>
---
 include/block/block-common.h   |  9 ++---
 include/block/block-copy.h |  4 ++--
 include/block/block-global-state.h |  4 +++-
 include/block/block-hmp-cmds.h |  2 ++
 include/block/block-io.h   |  5 -
 include/block/block.h  |  4 ++--
 include/block/block_backup.h   |  2 +-
 include/block/block_int-common.h   | 14 +-
 include/block/block_int-global-state.h |  5 -
 include/block/block_int-io.h   |  4 +++-
 include/block/block_int.h  |  4 ++--
 include/block/blockjob.h   |  2 +-
 include/block/blockjob_int.h   |  1 -
 include/block/dirty-bitmap.h   |  1 +
 include/block/qapi.h   |  2 +-
 include/block/thread-pool.h|  2 +-
 include/block/throttle-groups.h|  2 +-
 include/sysemu/block-backend-io.h  |  1 +
 block.c|  1 +
 block/amend.c  |  1 +
 block/backup.c |  1 +
 block/blkdebug.c   |  1 +
 block/blklogwrites.c   |  1 +
 block/blkreplay.c  |  1 +
 block/blkverify.c  |  1 +
 block/block-copy.c |  4 
 block/bochs.c  |  1 +
 block/cloop.c  |  1 +
 block/copy-before-write.c  |  1 +
 block/copy-on-read.c   |  1 +
 block/curl.c   |  1 +
 block/dirty-bitmap.c   |  2 ++
 block/dmg.c|  1 +
 block/export/fuse.c|  3 ++-
 block/file-posix.c |  1 +
 block/file-win32.c |  1 +
 block/filter-compress.c|  1 +
 block/gluster.c|  1 +
 block/io.c |  1 +
 block/iscsi.c  |  1 +
 block/mirror.c |  1 +
 block/monitor/bitmap-qmp-cmds.c|  2 ++
 block/nfs.c|  1 +
 block/null.c   |  1 +
 block/nvme.c   |  1 +
 block/parallels-ext.c  |  2 ++
 block/preallocate.c|  1 +
 block/qapi-sysemu.c|  1 +
 block/qapi.c   |  1 +
 block/qcow2-bitmap.c   |  2 ++
 block/qcow2-cache.c|  1 +
 block/qcow2-cluster.c  |  1 +
 block/qcow2-refcount.c |  1 +
 block/qcow2-threads.c  |  1 +
 block/qcow2.c  |  1 +
 block/qed-check.c  |  1 +
 block/qed-table.c  |  1 +
 block/raw-format.c |  1 +
 block/rbd.c|  1 +
 block/ssh.c|  1 +
 block/throttle.c   |  2 ++
 block/vhdx-log.c   |  1 +
 block/vvfat.c  |  1 +
 block/win32-aio.c  |  1 +
 block/write-threshold.c|  1 +
 blockdev.c |  1 +
 blockjob.c |  1 +
 hw/block/block.c   |  1 +
 hw/sparc64/niagara.c   |  1 +
 hw/virtio/virtio-pmem.c|  1 +
 migration/block-dirty-bitmap.c |  1 +
 migration/block.c  |  1 +
 migration/savevm.c |  1 +
 monitor/qmp-cmds.c |  1 +
 nbd/server.c   |  2 ++
 qemu-img.c |  1 +
 softmmu/cpus.c |  1 +
 softmmu/physmem.c  |  1 +
 storage-daemon/qemu-storage-daemon.c   |  1 +
 target/i386/kvm/kvm.c  |  1 +
 tests/unit/test-bdrv-drain.c   |  2 +-
 tests/unit/test-block-iothread.c   |  1 +
 scripts/block-coroutine-wrapper.py |  3 ++-
 83 files changed, 112 insertions(+), 35 deletions(-)

diff --git a/include/block/block-common.h b/include/block/block-common.h
index 434ffc5d34..41686810de 100644
--- a/include/block/block-common.h
+++ b/include/block/block-common.h
@@ -24,12 +24,8 @@
 #ifndef BLOCK_COMMON_H
 #define BLOCK_COMMON_H
 
-#include "block/aio.h"
-#include "block/aio-wait.h"
-#include "qemu/iov.h"
-#include 

[PULL 03/12] coroutine: Clean up superfluous inclusion of qemu/lockable.h

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
Reviewed-by: Stefan Hajnoczi 
Message-Id: <20221221131435.3851212-4-arm...@redhat.com>
---
 include/qemu/progress_meter.h | 2 +-
 block/progress_meter.c| 2 ++
 tests/unit/test-coroutine.c   | 1 -
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/include/qemu/progress_meter.h b/include/qemu/progress_meter.h
index dadf822bbf..0f2c0a32d2 100644
--- a/include/qemu/progress_meter.h
+++ b/include/qemu/progress_meter.h
@@ -27,7 +27,7 @@
 #ifndef QEMU_PROGRESS_METER_H
 #define QEMU_PROGRESS_METER_H
 
-#include "qemu/lockable.h"
+#include "qemu/thread.h"
 
 typedef struct ProgressMeter {
 /**
diff --git a/block/progress_meter.c b/block/progress_meter.c
index aa2e60248c..31a170a2cd 100644
--- a/block/progress_meter.c
+++ b/block/progress_meter.c
@@ -23,7 +23,9 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+
 #include "qemu/osdep.h"
+#include "qemu/coroutine.h"
 #include "qemu/progress_meter.h"
 
 void progress_init(ProgressMeter *pm)
diff --git a/tests/unit/test-coroutine.c b/tests/unit/test-coroutine.c
index 513800d3db..b0d21d673a 100644
--- a/tests/unit/test-coroutine.c
+++ b/tests/unit/test-coroutine.c
@@ -13,7 +13,6 @@
 
 #include "qemu/osdep.h"
 #include "qemu/coroutine_int.h"
-#include "qemu/lockable.h"
 
 /*
  * Check that qemu_in_coroutine() works
-- 
2.39.0

Re: [PATCH 2/2] log: remove unneeded new line

[Philippe Mathieu-Daudé]

On 19/1/23 22:40, BALATON Zoltan wrote:

The help text of the -d plugin option has a new line at the end which
is not needed as one is added automatically. Fixing it removes the
unexpected empty line in -d help output.

Signed-off-by: BALATON Zoltan 
---
  util/log.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)


Reviewed-by: Philippe Mathieu-Daudé 

[PULL 00/12] Header cleanup patches for 2023-01-20

[Markus Armbruster]

The following changes since commit 7ec8aeb6048018680c06fb9205c01ca6bda08846:

  Merge tag 'pull-tpm-2023-01-17-1' of https://github.com/stefanberger/qemu-tpm 
into staging (2023-01-17 15:47:53 +)

are available in the Git repository at:

  https://repo.or.cz/qemu/armbru.git tags/pull-include-2023-01-20

for you to fetch changes up to b6c80037ed3ba275eea2b33bc17e36af2b89813a:

  include/hw/ppc include/hw/pci-host: Drop extra typedefs (2023-01-20 07:25:22 
+0100)


Header cleanup patches for 2023-01-20


Markus Armbruster (12):
  coroutine: Clean up superfluous inclusion of qemu/coroutine.h
  coroutine: Move coroutine_fn to qemu/osdep.h, trim includes
  coroutine: Clean up superfluous inclusion of qemu/lockable.h
  coroutine: Split qemu/coroutine-core.h off qemu/coroutine.h
  coroutine: Use Coroutine typedef name instead of structure tag
  include/block: Untangle inclusion loops
  hw/sparc64/niagara: Use blk_name() instead of open-coding it
  include/hw/block: Include hw/block/block.h where needed
  include/hw/ppc: Split pnv_chip.h off pnv.h
  include/hw/ppc: Supply a few missing includes
  include/hw/ppc: Don't include hw/pci-host/pnv_phb.h from pnv.h
  include/hw/ppc include/hw/pci-host: Drop extra typedefs

 accel/tcg/debuginfo.h  |   2 +
 crypto/block-luks-priv.h   |   1 -
 hw/9pfs/coth.h |   2 +-
 hw/pci-host/pnv_phb.h  |   2 +-
 include/block/aio.h|   9 +-
 include/block/aio_task.h   |   2 -
 include/block/block-common.h   |  10 +--
 include/block/block-copy.h |   4 +-
 include/block/block-global-state.h |   4 +-
 include/block/block-hmp-cmds.h |   2 +
 include/block/block-io.h   |   5 +-
 include/block/block.h  |   4 +-
 include/block/block_backup.h   |   2 +-
 include/block/block_int-common.h   |  14 ++-
 include/block/block_int-global-state.h |   5 +-
 include/block/block_int-io.h   |   4 +-
 include/block/block_int.h  |   4 +-
 include/block/blockjob.h   |   2 +-
 include/block/blockjob_int.h   |   1 -
 include/block/dirty-bitmap.h   |   1 +
 include/block/graph-lock.h |   2 -
 include/block/qapi.h   |   2 +-
 include/block/raw-aio.h|   1 -
 include/block/thread-pool.h|   2 +-
 include/block/throttle-groups.h|   2 +-
 include/hw/block/swim.h|   1 +
 include/hw/pci-host/pnv_phb3.h |   1 -
 include/hw/pci-host/pnv_phb4.h |   5 +-
 include/hw/ppc/pnv.h   | 146 +--
 include/hw/ppc/pnv_chip.h  | 147 +++
 include/hw/ppc/pnv_core.h  |   3 +-
 include/hw/ppc/pnv_homer.h |   2 +-
 include/hw/ppc/pnv_lpc.h   |  11 +--
 include/hw/ppc/pnv_occ.h   |   3 +-
 include/hw/ppc/pnv_pnor.h  |   2 +-
 include/hw/ppc/pnv_sbe.h   |   3 +-
 include/hw/ppc/pnv_xive.h  |   7 +-
 include/hw/ppc/pnv_xscom.h |   3 +-
 include/hw/ppc/xive2.h |   2 +
 include/hw/ppc/xive2_regs.h|   2 +
 include/io/channel.h   |   2 +-
 include/monitor/hmp.h  |   1 -
 include/qemu/coroutine-core.h  | 154 +
 include/qemu/coroutine.h   | 113 ++--
 include/qemu/lockable.h|   2 +-
 include/qemu/osdep.h   |  16 
 include/qemu/progress_meter.h  |   2 +-
 include/qemu/typedefs.h|   1 -
 include/scsi/pr-manager.h  |   1 -
 include/sysemu/block-backend-io.h  |   1 +
 nbd/nbd-internal.h |   1 -
 block.c|   1 +
 block/amend.c  |   1 +
 block/backup.c |   1 +
 block/blkdebug.c   |   1 +
 block/blklogwrites.c   |   1 +
 block/blkreplay.c  |   1 +
 block/blkverify.c  |   1 +
 block/block-copy.c |   4 +
 block/bochs.c  |   1 +
 block/cloop.c  |   1 +
 block/copy-before-write.c  |   1 +
 block/copy-on-read.c   |   1 +
 block/curl.c   |   1 +
 block/dirty-bitmap.c   |   2 +
 block/dmg.c|   1 +
 block/export/fuse.c|   3 +-
 block/file-posix.c |   1 +
 block/file-win32.c |   1 +
 block/filter-compress.c|   1 +
 block/gluster.c|   1 +
 block/io.c 

Re: [PATCH] mac_nvram: Add block backend to persist NVRAM contents

[Philippe Mathieu-Daudé]

On 19/1/23 23:28, BALATON Zoltan wrote:

Add a way to set a backing store for the mac_nvram similar to what
spapr_nvram or mac_via PRAM already does to allow to save its contents
between runs. Use -drive file=nvram.img,format=raw,if=mtd to specify
backing file where nvram.img must be MACIO_NVRAM_SIZE which is 8192
bytes. It is only wired for mac_oldworld for now but could be used by
mac_newworld in the future too.

Signed-off-by: BALATON Zoltan 
---
  hw/nvram/mac_nvram.c | 28 
  hw/ppc/mac_oldworld.c|  8 +++-
  include/hw/nvram/mac_nvram.h |  1 +
  3 files changed, 36 insertions(+), 1 deletion(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: cxl nvdimm Potential probe ordering issues.

[Gregory Price]

On Thu, Jan 19, 2023 at 04:17:11PM +, Jonathan Cameron wrote:
> 
> Whilst I still have no idea if this is the same problem, I have identified
> what goes wrong if there is a module probe ordering issue.
> https://elixir.bootlin.com/linux/v6.2-rc4/source/drivers/cxl/core/pmem.c#L306
> 
>   /*
>* The two actions below arrange for @cxl_nvd to be deleted when either
>* the top-level PMEM bridge goes down, or the endpoint device goes
>* through ->remove().
>*/
>   device_lock(_nvb->dev);
>   if (cxl_nvb->dev.driver)
>   rc = devm_add_action_or_reset(_nvb->dev, cxl_nvd_unregister,
> cxl_nvd);
>   else
> // bridge driver not loaded, so we hit this path.
>   rc = -ENXIO;
>   device_unlock(_nvb->dev);
> 
>   if (rc)
> /// and this one
>   goto err_alloc;
> 
>   /* @cxlmd carries a reference on @cxl_nvb until cxlmd_release_nvdimm */
>   return devm_add_action_or_reset(>dev, cxlmd_release_nvdimm, 
> cxlmd);
> 
> err:
>   put_device(dev);
> err_alloc:
>   cxlmd->cxl_nvb = NULL;
>   cxlmd->cxl_nvd = NULL;
>   put_device(_nvb->dev);
> // whilst we scrub the pointers we don't actually get rid of the
> // cxl_nvd that we registered.  Hence later load of the driver tries to
> // attach to that and boom because we've scrubbed these pointers here.
> // A quick hack is to just call device_del(_nvd->dev) if rc = -ENXIO here.
> // There may well be a races though
>   return rc;
> }
> EXPORT_SYMBOL_NS_GPL(devm_cxl_add_nvdimm, CXL);
> 
> 
> Of course this "fix" just stops things blowing up, it doesn't leave things
> in a remotely useful state.  If it's triggered because someone
> is messing with the load order that's fine.  If the same issue
> is occurring for Gregory, not so much. 
> 
> Jonathan
> 

mild hint in the dev_cxl_add_nvdimm_bridge path

driver/cxl/acpi.c

static int cxl_acpi_probe(struct platform_device *pdev)
{
... snip ...
  if (IS_ENABLED(CONFIG_CXL_PMEM))
rc = device_for_each_child(_port->dev, root_port,
 add_root_nvdimm_bridge);
  if (rc < 0)
return rc;

  /* In case PCI is scanned before ACPI re-trigger memdev attach */
  cxl_bus_rescan();
  return 0;
}


if PCI is presently written in a way that it's expecting nvdimm_bridge
to be present (via acpi_probe), then clearly this would break.

>From the other discussion here... that seems to be the issue?  If that's
an issue, I also imagine there are other parts that may be subject to
the same problem.


static int cxl_pmem_region_probe(struct device *dev)
{
  struct nd_mapping_desc mappings[CXL_DECODER_MAX_INTERLEAVE];
  struct cxl_pmem_region *cxlr_pmem = to_cxl_pmem_region(dev);
  struct cxl_region *cxlr = cxlr_pmem->cxlr;
  struct cxl_nvdimm_bridge *cxl_nvb = cxlr->cxl_nvb;


this may be unreachable due to prior stack traces, but you get the
point.

Reiterating my confusion a bit: I don't have an nvdimm, why am i getting
an nvdimm_bridge?  The reason it no longer appears to trigger on my
memexp example is because it doesnt go down this path:

static int cxl_mem_probe(struct device *dev)
{
... snip ...

  // resource size is 0 here due to type3dev->persistent_capacity=0
  if (resource_size(>pmem_res) && IS_ENABLED(CONFIG_CXL_PMEM)) {
rc = devm_cxl_add_nvdimm(cxlmd);
if (rc == -ENODEV)
  dev_info(dev, "PMEM disabled by platform\n");
else
  return rc;
  }
... snip ...
}

This seems like more than an ordering issue.

Re: cxl nvdimm Potential probe ordering issues.

[Gregory Price]

On Thu, Jan 19, 2023 at 03:04:49PM +, Jonathan Cameron wrote:
> Gregory, would you mind checking if
> cxl_nvb is NULL here...
> https://elixir.bootlin.com/linux/v6.2-rc4/source/drivers/cxl/pmem.c#L67
> (printk before it is used should work).
> 
> Might also be worth checking cxl_nvd and cxl_ds
> but my guess is cxl_nvb is our problem (it is when I deliberate change
> the load order).
> 
> Jonathan
> 

This is exactly the issue.  cxl_nvb is null, the rest appear fine.

Also, note, that weirdly the non-volatile bridge shows up when launching
this in volatile mode, but no stack trace appears.

¯\_(ツ)_/¯

After spending way too much time tracing through the current cxl driver
code, i have only really determined that

1) The code is very pmem oriented, and it's unclear to me how the driver
   as-is differentiates a persistent device from a volatile device. That
 code path still completely escapes me.  The only differentiating code
 i see is in the memdev probe path that creates mem#/pmem and mem#/ram

2) The code successfully manages probe, enable, and mount a REAL device
   - cxl memdev appears (/sys/bus/cxl/devices/mem0)
 - a dax device appears (/sys/bus/dax/devices/)
   This happens at boot, which I assume must be bios related
 - The memory *does not* auto-online, instead the dax device can be
   onlined as system-ram *manually* via ndctl and friends

3) The code creates an nvdimm_bridge IFF a CFMW is defined - regardless
   of the type-3 device configuration (pmem-only or vmem-only)

   # CFMW defined
   [root@fedora ~]# ls /sys/bus/cxl/devices/
   decoder0.0  decoder2.0  mem0port1
   decoder1.0  endpoint2   nvdimm-bridge0  root0

   # CFMW not defined
 [root@fedora ~]# ls /sys/bus/cxl/devices/
   decoder1.0  decoder2.0  endpoint2  mem0  port1  root0

4) As you can see above, multiple decoders are registered.  I'm not sure
   if that's correct or not, but it does seem odd given there's only one
 cxl type-3 device.  Odd that decoder0.0 shows up when CFMW is there,
 but not when it isn't.

 Note: All these tests have two root ports:
 -device pxb-cxl,id=cxl.0,bus=pcie.0,bus_nr=52 \
   -device cxl-rp,id=rp0,bus=cxl.0,chassis=0,port=0,slot=0 \
   -device cxl-rp,id=rp1,bus=cxl.0,chassis=0,port=1,slot=1 \


Don't know why I haven't thought of this until now, but is the CFMW code
reporting something odd about what's behind it?  Is it assuming the
devices are pmem?

[PATCH 2/2] hw/i386/kvm/clock.c: read kvmclock from guest memory if !correct_tsc_shift

[Marcelo Tosatti]

Before kernel commit 78db6a5037965429c04d708281f35a6e5562d31b,
kvm_guest_time_update() would use vcpu->virtual_tsc_khz to calculate
tsc_shift value in the vcpus pvclock structure written to guest memory.

For those kernels, if vcpu->virtual_tsc_khz != tsc_khz (which can be the
case when guest state is restored via migration, or if tsc-khz option is
passed to QEMU), and TSC scaling is not enabled (which happens if the
difference between the frequency requested via KVM_SET_TSC_KHZ and the
host TSC KHZ is smaller than 250ppm), then there can be a difference
between what KVM_GET_CLOCK would return and what the guest reads as
kvmclock value.

The effect is that the guest sees a jump in kvmclock value
(either forwards or backwards) in such case.

To fix incoming migration from pre-78db6a5037965 hosts, 
read kvmclock value from guest memory.

Unless the KVM_CLOCK_CORRECT_TSC_SHIFT bit indicates
that the value retrieved by KVM_GET_CLOCK on the source
is safe to be used.

Signed-off-by: Marcelo Tosatti 

Index: qemu/hw/i386/kvm/clock.c
===
--- qemu.orig/hw/i386/kvm/clock.c
+++ qemu/hw/i386/kvm/clock.c
@@ -50,6 +50,16 @@ struct KVMClockState {
 /* whether the 'clock' value was obtained in a host with
  * reliable KVM_GET_CLOCK */
 bool clock_is_reliable;
+
+/* whether machine type supports correct_tsc_shift */
+bool mach_use_correct_tsc_shift;
+
+/*
+ * whether the 'clock' value was obtained in a host
+ * that computes correct tsc_shift field (the one
+ * written to guest memory)
+ */
+bool clock_correct_tsc_shift;
 };
 
 struct pvclock_vcpu_time_info {
@@ -150,6 +160,8 @@ static void kvm_update_clock(KVMClockSta
  *   read from memory
  */
 s->clock_is_reliable = kvm_has_adjust_clock_stable();
+
+s->clock_correct_tsc_shift = kvm_has_correct_tsc_shift();
 }
 
 static void do_kvmclock_ctrl(CPUState *cpu, run_on_cpu_data data)
@@ -176,7 +188,7 @@ static void kvmclock_vm_state_change(voi
  * If the host where s->clock was read did not support reliable
  * KVM_GET_CLOCK, read kvmclock value from memory.
  */
-if (!s->clock_is_reliable) {
+if (!s->clock_is_reliable || !s->clock_correct_tsc_shift) {
 uint64_t pvclock_via_mem = kvmclock_current_nsec(s);
 /* We can't rely on the saved clock value, just discard it */
 if (pvclock_via_mem) {
@@ -252,14 +264,40 @@ static const VMStateDescription kvmclock
 };
 
 /*
+ * Sending clock_correct_tsc_shift=true means that the destination
+ * can use VMSTATE_UINT64(clock, KVMClockState) value,
+ * instead of reading from guest memory.
+ */
+static bool kvmclock_clock_correct_tsc_shift_needed(void *opaque)
+{
+KVMClockState *s = opaque;
+
+return s->mach_use_correct_tsc_shift;
+}
+
+static const VMStateDescription kvmclock_correct_tsc_shift = {
+.name = "kvmclock/clock_correct_tsc_shift",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = kvmclock_clock_correct_tsc_shift_needed,
+.fields = (VMStateField[]) {
+VMSTATE_BOOL(clock_correct_tsc_shift, KVMClockState),
+VMSTATE_END_OF_LIST()
+}
+};
+
+/*
  * When migrating, assume the source has an unreliable
- * KVM_GET_CLOCK unless told otherwise.
+ * KVM_GET_CLOCK (and computes tsc shift
+ * in guest memory using vcpu->virtual_tsc_khz),
+ * unless told otherwise.
  */
 static int kvmclock_pre_load(void *opaque)
 {
 KVMClockState *s = opaque;
 
 s->clock_is_reliable = false;
+s->clock_correct_tsc_shift = false;
 
 return 0;
 }
@@ -301,6 +339,7 @@ static const VMStateDescription kvmclock
 },
 .subsections = (const VMStateDescription * []) {
 _reliable_get_clock,
+_correct_tsc_shift,
 NULL
 }
 };
@@ -308,6 +347,8 @@ static const VMStateDescription kvmclock
 static Property kvmclock_properties[] = {
 DEFINE_PROP_BOOL("x-mach-use-reliable-get-clock", KVMClockState,
   mach_use_reliable_get_clock, true),
+DEFINE_PROP_BOOL("x-mach-use-correct-tsc-shift", KVMClockState,
+  mach_use_correct_tsc_shift, true),
 DEFINE_PROP_END_OF_LIST(),
 };
 
Index: qemu/target/i386/kvm/kvm.c
===
--- qemu.orig/target/i386/kvm/kvm.c
+++ qemu/target/i386/kvm/kvm.c
@@ -164,6 +164,13 @@ bool kvm_has_adjust_clock_stable(void)
 return (ret & KVM_CLOCK_TSC_STABLE);
 }
 
+bool kvm_has_correct_tsc_shift(void)
+{
+int ret = kvm_check_extension(kvm_state, KVM_CAP_ADJUST_CLOCK);
+
+return ret & KVM_CLOCK_CORRECT_TSC_SHIFT;
+}
+
 bool kvm_has_adjust_clock(void)
 {
 return kvm_check_extension(kvm_state, KVM_CAP_ADJUST_CLOCK);
Index: qemu/target/i386/kvm/kvm_i386.h
===
--- qemu.orig/target/i386/kvm/kvm_i386.h
+++ qemu/target/i386/kvm/kvm_i386.h
@@ -35,6 +35,7 @@
 bool 

[PATCH 1/2] linux-headers: sync KVM_CLOCK_CORRECT_TSC_SHIFT flag

[Marcelo Tosatti]

Sync new KVM_CLOCK_CORRECT_TSC_SHIFT from upstream Linux headers.

Signed-off-by: Marcelo Tosatti 

Index: qemu/linux-headers/linux/kvm.h
===
--- qemu.orig/linux-headers/linux/kvm.h
+++ qemu/linux-headers/linux/kvm.h
@@ -1300,6 +1300,9 @@ struct kvm_irqfd {
 #define KVM_CLOCK_TSC_STABLE   2
 #define KVM_CLOCK_REALTIME (1 << 2)
 #define KVM_CLOCK_HOST_TSC (1 << 3)
+/* whether tsc_shift as seen by the guest matches guest visible TSC */
+/* This is true since commit 78db6a5037965429c04d708281f35a6e5562d31b */
+#define KVM_CLOCK_CORRECT_TSC_SHIFT(1 << 4)
 
 struct kvm_clock_data {
__u64 clock;

[PATCH 0/2] read kvmclock from guest memory if !correct_tsc_shift

[Marcelo Tosatti]

Before kernel commit 78db6a5037965429c04d708281f35a6e5562d31b,
kvm_guest_time_update() would use vcpu->virtual_tsc_khz to calculate
tsc_shift value in the vcpus pvclock structure written to guest memory.

For those kernels, if vcpu->virtual_tsc_khz != tsc_khz (which can be the
case when guest state is restored via migration, or if tsc-khz option is
passed to QEMU), and TSC scaling is not enabled (which happens if the
difference between the frequency requested via KVM_SET_TSC_KHZ and the
host TSC KHZ is smaller than 250ppm), then there can be a difference
between what KVM_GET_CLOCK would return and what the guest reads as
kvmclock value.

The effect is that the guest sees a jump in kvmclock value
(either forwards or backwards) in such case.

To fix incoming migration from pre-78db6a5037965 hosts,
read kvmclock value from guest memory.

Unless the KVM_CLOCK_CORRECT_TSC_SHIFT bit indicates
that the value retrieved by KVM_GET_CLOCK on the source
is safe to be used.

Re: [PATCH v3 3/7] hw/riscv/microchip_pfsoc.c: add an Icicle Kit fdt address function

[Conor Dooley]

Hey Daniel,

Got through the stuff I wanted to get done tonight faster than
expected...

On Thu, Jan 19, 2023 at 05:17:33PM -0300, Daniel Henrique Barboza wrote:
> Are you testing it by using the command line
> you mentioned in the "qemu icicle kit es" thread?
> 
> $(QEMU)/qemu-system-riscv64 \
>   -M microchip-icicle-kit \
>   -m 2G -smp 5 \
>   -kernel $(vmlinux_bin) \
>   -dtb $(devkit).dtb \
>   -initrd $(initramfs) \
>   -display none \
>   -serial null \
>   -serial stdio

Yah, effectively. It's not quite that, but near enough as makes no real
difference:
qemu-icicle:
$(QEMU)/qemu-system-riscv64 -M microchip-icicle-kit \
-m 2G -smp 5 \
-kernel $(vmlinux_bin) \
-dtb $(wrkdir)/riscvpc.dtb \
-initrd $(initramfs) \
-display none -serial null \
-serial stdio \
-D qemu.log -d unimp

I just tried to make things somewhat more intelligible for that thread.

Also in case it is not obvious, I do work for Microchip. As I mentioned
to Alistair at LPC, I/we don't have the cycles at the moment to do
anything with QEMU, so the bits of fixes I have sent are things I fixed
while debugging other issues etc, mostly in the evenings.

Anways, I'll attempt to explain what the craic is here..

On Thu, Jan 19, 2023 at 04:17:24PM -0300, Daniel Henrique Barboza wrote:
> The Icicle Kit board works with 2 distinct RAM banks that are separated

Ehh, 2 isn't really true. There are 6 possible "windows" into the DDR on
MPFS, list here as with their start addresses.

32-bit cached 0x008000
64-bit cached 0x10
32-bit non-cached 0x00c000
64-bit non-cached 0x14
32-bit WCB0x00d000
64-bit WCB0x18

These are the "bus" addresses, where the harts think the memory is, but
the memory is not actually connected there. There are some runtime
configurable registers which determine what addresses these correspond
to in the DDR itself.

When the QEMU port for MPFS was written, only two of these were in use,
the 32-bit and 64-bit non-cached regions. The config (seg) registers
were set up so that the 32-bit cached region pointed to 0x0 in DDR and
the 64-bit region pointed to 0x3000_ in DDR.
⢰⡖⠒⠒⠒⣶⠒0x8000
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡖⠒⠒⢲⡇   ⡇ 0x4000
⢸⡇  ⢸⡇   ⡇ ⡇ 
⢸⡇  ⢸⠓⠒⠒⠒⠃ ⡇ <-- 64-bit starts here
⢸⡇  ⢸  ⡇ 
⢸⡇  ⢸  ⡇ 
⢸⡇  ⢸  ⡇ 
⢸⡇  ⢸  ⡇ 
⢸⡇  ⢸  ⡇ <-- 32-bit starts at 0x0
⠘⠓⠒0⠚⠒⠒1⠒⠒⠒0x

(These diagrams are a bit crap, I'm copy pasting them from a TUI tool
for visualising these I made for myself. The ~s can be ignored.
https://github.com/ConchuOD/memory-aperature-configurator)

> by a gap. We have a lower bank with 1GiB size, a gap follows,
> then at 64GiB the high memory starts.

As you correctly pointed out, that lower region is in fact 1 GiB & hence
there is actually an overlapping region of 256 MiB.

The Devicetree at this point in time looked like:
ddrc_cache_lo: memory@8000 {
device_type = "memory";
reg = <0x0 0x8000 0x0 0x3000>;
clocks = < CLK_DDRC>;
status = "okay";
};

ddrc_cache_hi: memory@10 {
device_type = "memory";
reg = <0x10 0x0 0x0 0x4000>;
clocks = < CLK_DDRC>;
status = "okay";
};

At some point, it was decided that instead we would use a configuration
with ~no memory at 32-bit addresses. I think it was this one here:

⢰⡖⠒⠒⢲⡖⠒⠒⠒⣶⠒0x8000
⢸⡇  ⢸⡇   ⣿ ⡇ 
⢸⠓⠒⠒⠚⡇   ⡟ ⡇ <-- 32-bit starts here
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ 0x4000
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ <-- 64-bit starts at 0x0
⠘⠒⠒0⠒⠓⠒1⠒⠓⠒0x

Because of how these windows work, the 32-bit cached region was always
there, just not used as the Devicetree became:
ddrc_cache: memory@10 {
device_type = "memory";
reg = <0x10 0x0 0x0 0x7600>;
status = "okay";
};

The remaining bit of memory is being used for some WCB buffers etc &
not for the OS itself. This was never upstreamed anywhere AFAIK as it
was a workaround.

The current Devicetree in Linux & U-Boot corresponds to a configuration
like:
⢰⡖⠒⠒⠒⣶⠒0x8000
⢸⡇   ⣿ ⡇ 
⢸⡇   ⡟ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡇   ⡇ ⡇ 
⢸⡖⠒⠒⢲⡇   ⡇ 0x4000
⢸⡇  ⢸⡇   ⡇ ⡇ 
⢸⡇  ⢸⡇   ⡇ ⡇ 
⢸⡇  ⢸⡇   ⡇ ⡇ 
⢸⡇  ⢸⡇   ⡇ ⡇ 
⢸⡇  ⢸⡇   ⡇ ⡇ 
⢸⡇  ⢸⡇ 

Re: [PATCH] hw/riscv: Add support to change default RISCV hart memory region

[Alistair Francis]

On Sun, Dec 11, 2022 at 3:29 PM Vysakh P Pillai
 wrote:
>
> Add support to optionally specify a memory region container
> to be used to override the default system memory used
> by the the RISCV harts when they are realized. Additional
> memory regions can be added as sub-regions of this container
> to dynamically control the memory regions and mappings visible
> from the hart.

Thanks for the patch.

I think it might make more sense to send this with the series adding
your board. It's a little difficult to picture how this is going to be
used otherwise.

>
> Signed-off-by: Vysakh P Pillai 
> ---
>  hw/riscv/riscv_hart.c | 5 +
>  include/hw/riscv/riscv_hart.h | 1 +
>  2 files changed, 6 insertions(+)
>
> diff --git a/hw/riscv/riscv_hart.c b/hw/riscv/riscv_hart.c
> index 613ea2aaa0..7a8dcab7e7 100644
> --- a/hw/riscv/riscv_hart.c
> +++ b/hw/riscv/riscv_hart.c
> @@ -33,6 +33,8 @@ static Property riscv_harts_props[] = {
>  DEFINE_PROP_STRING("cpu-type", RISCVHartArrayState, cpu_type),
>  DEFINE_PROP_UINT64("resetvec", RISCVHartArrayState, resetvec,
> DEFAULT_RSTVEC),
> +DEFINE_PROP_UINT64("cpu-memory", RISCVHartArrayState,
> +   cpu_memory,NULL),

I'm not sure I follow, this is a uint64_t but the default value is NULL?

I assume you are using this as a pointer then?

Alistair

>  DEFINE_PROP_END_OF_LIST(),
>  };
>
> @@ -49,6 +51,9 @@ static bool riscv_hart_realize(RISCVHartArrayState *s, int 
> idx,
>  qdev_prop_set_uint64(DEVICE(>harts[idx]), "resetvec", s->resetvec);
>  s->harts[idx].env.mhartid = s->hartid_base + idx;
>  qemu_register_reset(riscv_harts_cpu_reset, >harts[idx]);
> +if (s->cpu_memory) {
> +object_property_set_link(OBJECT(>harts[idx].parent_obj), 
> "memory",OBJECT(s->cpu_memory), _abort);
> +}
>  return qdev_realize(DEVICE(>harts[idx]), NULL, errp);
>  }
>
> diff --git a/include/hw/riscv/riscv_hart.h b/include/hw/riscv/riscv_hart.h
> index bbc21cdc9a..3e5dfeeaae 100644
> --- a/include/hw/riscv/riscv_hart.h
> +++ b/include/hw/riscv/riscv_hart.h
> @@ -38,6 +38,7 @@ struct RISCVHartArrayState {
>  uint32_t hartid_base;
>  char *cpu_type;
>  uint64_t resetvec;
> +uint64_t cpu_memory;
>  RISCVCPU *harts;
>  };
>
> --
> 2.34.1
>
>
>

Re: [PATCH v3 0/2] hw/usb: add configuration flags for emulated and passthru usb smartcard

[Jon Maloy]

On 2022-12-13 16:02, Stefan Hajnoczi wrote:

On Mon, Dec 12, 2022 at 05:09:47PM -0500, Jon Maloy wrote:

We add three new configuration flags, LIBCACARD, USB_SMARTCARD_PASSTHRU
and USB_SMARTCARD_EMULATED in order to improve configurability of these
functionalities.

Signed-off-by: Jon Maloy 

---
v2: Added a LIBACARD flag, plus reversed 'select' clauses, as suggested
 by Paolo Bonzini and Marc-André Lureau.

v3: Split in two commits, so that LIBCACARD is added separately, as suggested
 by Philippe Mathieu-Daudé.


Jon Maloy (2):
   hw/usb: add configuration flags for emulated and passthru usb
 smartcard
   hw/usb: add configuration flag for Common Access Card library code

  Kconfig.host   |  3 +++
  hw/usb/Kconfig | 14 ++
  hw/usb/meson.build | 11 ---
  meson.build|  1 +
  4 files changed, 22 insertions(+), 7 deletions(-)

--
2.35.3


I have CCed Gerd Hoffmann since he is the hw/usb/ maintainer.

Reviewed-by: Stefan Hajnoczi 


Hi Gerd,
It seems this one was forgotten, and never applied.
Could you have a look?

Thanks
///jon

Re: [PATCH v5 2/2] riscv: Allow user to set the satp mode

[Alistair Francis]

On Thu, Jan 19, 2023 at 11:00 PM Alexandre Ghiti  wrote:
>
> Hi Alistair, Andrew,
>
> On Thu, Jan 19, 2023 at 1:25 AM Alistair Francis  wrote:
> >
> > On Wed, Jan 18, 2023 at 10:19 PM Andrew Jones  
> > wrote:
> > >
> > > On Wed, Jan 18, 2023 at 10:28:46AM +1000, Alistair Francis wrote:
> > > > On Wed, Jan 18, 2023 at 2:32 AM Andrew Jones  
> > > > wrote:
> > > > >
> > > > > On Fri, Jan 13, 2023 at 11:34:53AM +0100, Alexandre Ghiti wrote:
> > > ...
> > > > > > +
> > > > > > +/* Get rid of 32-bit/64-bit incompatibility */
> > > > > > +for (int i = 0; i < 16; ++i) {
> > > > > > +if ((cpu->cfg.satp_mode.map & (1 << i)) && !valid_vm[i]) {
> > > > >
> > > > > If we ever define mode=1 for rv64, then 'sv32=on' will be incorrectly
> > > > > accepted as an alias. I think we should simply not define the sv32
> > > > > property for rv64 nor the rv64-only modes for rv32. So, down in
> > > > > riscv_add_satp_mode_properties() we can add some
> > > > >
> > > > >   #if defined(TARGET_RISCV32)
> > > > >   ...
> > > > >   #elif defined(TARGET_RISCV64)
> > > > >   ...
> > > > >   #endif
> > > >
> > > > Do not add any #if defined(TARGET_RISCV32) to QEMU.
> > > >
> > > > We are aiming for the riscv64-softmmu to be able to emulate 32-bit
> > > > CPUs and compile time macros are the wrong solution here. Instead you
> > > > can get the xlen of the hart and use that.
> > > >
> > >
> > > Does this mean we want to be able to do the following?
> > >
> > >   qemu-system-riscv64 -cpu rv32,sv32=on ...
> >
> > That's the plan
> >
> > >
> > > If so, then can we move the object_property_add() for sv32 to
> > > rv32_base_cpu_init() and the rest to rv64_base_cpu_init()?

Wait! Sorry I didn't read this carefully enough. No, that is not what
we want to do. That then won't support the vendor CPUs.

We just want to add the properties to all CPUs. Then if an invalid
option is set we should return an error.

Note that the 64-bit only configs can be hidden behind a #if
defined(TARGET_RISCV64).

Alistair

> > > Currently, that would be doing the same thing as proposed above,
> > > since those functions are under TARGET_RISCV* defines, but I guess
> > > the object_property_add()'s would then be in more or less the right
> > > places for when the 32-bit emulation support work is started.
> >
> > Sounds like a good idea :)
>
> What about riscv_any_cpu_init and riscv_host_cpu_init?
>
> >
> > Alistair
> >
> > >
> > > Thanks,
> > > drew

Re: [PATCH 10/18] Update lcitool and fedora to 37

[Paolo Bonzini]

On 1/19/23 20:35, Philippe Mathieu-Daudé wrote:

On 19/1/23 19:04, Alex Bennée wrote:

From: Marc-André Lureau 

Fedora 35 is EOL.

Update to upstream lcitool, that dropped f35 and added f37.


If you also have time to update to commit 
40589eed1c56f040d0f07fc354c242a0e0d83185 that would be nice (see 
https://patchew.org/QEMU/20230117091638.50523-1-pbonz...@redhat.com/ for 
more information).  Otherwise, no hurry.


Paolo



Signed-off-by: Marc-André Lureau 
Reviewed-by: Thomas Huth 
Message-Id: <20230110132700.833690-7-marcandre.lur...@redhat.com>
Signed-off-by: Alex Bennée 
---
  tests/docker/dockerfiles/fedora-win32-cross.docker | 4 ++--
  tests/docker/dockerfiles/fedora-win64-cross.docker | 4 ++--
  tests/docker/dockerfiles/fedora.docker | 4 ++--
  tests/lcitool/libvirt-ci   | 2 +-
  tests/lcitool/refresh  | 6 +++---
  5 files changed, 10 insertions(+), 10 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v4 13/19] riscv: Clean up includes

[Alistair Francis]

On Thu, Jan 19, 2023 at 5:10 PM Markus Armbruster  wrote:
>
> Clean up includes so that osdep.h is included first and headers
> which it implies are not included manually.
>
> This commit was created with scripts/clean-includes.
>
> Signed-off-by: Markus Armbruster 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/riscv/pmu.h | 1 -
>  1 file changed, 1 deletion(-)
>
> diff --git a/target/riscv/pmu.h b/target/riscv/pmu.h
> index 3004ce37b6..0c819ca983 100644
> --- a/target/riscv/pmu.h
> +++ b/target/riscv/pmu.h
> @@ -16,7 +16,6 @@
>   * this program.  If not, see .
>   */
>
> -#include "qemu/osdep.h"
>  #include "qemu/log.h"
>  #include "cpu.h"
>  #include "qemu/main-loop.h"
> --
> 2.39.0
>
>

Re: [PATCH v10 0/9] KVM: mm: fd-based approach for supporting KVM

[Isaku Yamahata]

On Thu, Jan 19, 2023 at 03:25:08PM +,
Sean Christopherson  wrote:

> On Thu, Jan 19, 2023, Isaku Yamahata wrote:
> > On Sat, Jan 14, 2023 at 12:37:59AM +,
> > Sean Christopherson  wrote:
> > 
> > > On Fri, Dec 02, 2022, Chao Peng wrote:
> > > > This patch series implements KVM guest private memory for confidential
> > > > computing scenarios like Intel TDX[1]. If a TDX host accesses
> > > > TDX-protected guest memory, machine check can happen which can further
> > > > crash the running host system, this is terrible for multi-tenant
> > > > configurations. The host accesses include those from KVM userspace like
> > > > QEMU. This series addresses KVM userspace induced crash by introducing
> > > > new mm and KVM interfaces so KVM userspace can still manage guest memory
> > > > via a fd-based approach, but it can never access the guest memory
> > > > content.
> > > > 
> > > > The patch series touches both core mm and KVM code. I appreciate
> > > > Andrew/Hugh and Paolo/Sean can review and pick these patches. Any other
> > > > reviews are always welcome.
> > > >   - 01: mm change, target for mm tree
> > > >   - 02-09: KVM change, target for KVM tree
> > > 
> > > A version with all of my feedback, plus reworked versions of Vishal's 
> > > selftest,
> > > is available here:
> > > 
> > >   g...@github.com:sean-jc/linux.git x86/upm_base_support
> > > 
> > > It compiles and passes the selftest, but it's otherwise barely tested.  
> > > There are
> > > a few todos (2 I think?) and many of the commits need changelogs, i.e. 
> > > it's still
> > > a WIP.
> > > 
> > > As for next steps, can you (handwaving all of the TDX folks) take a look 
> > > at what
> > > I pushed and see if there's anything horrifically broken, and that it 
> > > still works
> > > for TDX?
> > > 
> > > Fuad (and pKVM folks) same ask for you with respect to pKVM.  Absolutely 
> > > no rush
> > > (and I mean that).
> > > 
> > > On my side, the two things on my mind are (a) tests and (b) downstream 
> > > dependencies
> > > (SEV and TDX).  For tests, I want to build a lists of tests that are 
> > > required for
> > > merging so that the criteria for merging are clear, and so that if the 
> > > list is large
> > > (haven't thought much yet), the work of writing and running tests can be 
> > > distributed.
> > > 
> > > Regarding downstream dependencies, before this lands, I want to pull in 
> > > all the
> > > TDX and SNP series and see how everything fits together.  Specifically, I 
> > > want to
> > > make sure that we don't end up with a uAPI that necessitates ugly code, 
> > > and that we
> > > don't miss an opportunity to make things simpler.  The patches in the SNP 
> > > series to
> > > add "legacy" SEV support for UPM in particular made me slightly rethink 
> > > some minor
> > > details.  Nothing remotely major, but something that needs attention 
> > > since it'll
> > > be uAPI.
> > 
> > Although I'm still debuging with TDX KVM, I needed the following.
> > kvm_faultin_pfn() is called without mmu_lock held.  the race to change
> > private/shared is handled by mmu_seq.  Maybe dedicated function only for
> > kvm_faultin_pfn().
> 
> Gah, you're not on the other thread where this was discussed[*].  Simply 
> deleting
> the lockdep assertion is safe, for guest types that rely on the attributes to
> define shared vs. private, KVM rechecks the attributes under the protection of
> mmu_seq.
> 
> I'll get a fixed version pushed out today.
> 
> [*] https://lore.kernel.org/all/y8gpl+lwsusgb...@google.com

Now I have tdx kvm working. I've uploaded at the followings.
It's rebased to v6.2-rc3.
g...@github.com:yamahata/linux.git tdx/upm
g...@github.com:yamahata/qemu.git tdx/upm

kvm_mmu_do_page_fault() needs the following change.
kvm_mem_is_private() queries mem_attr_array.  kvm_faultin_pfn() also uses
kvm_mem_is_private(). So the shared-private check in kvm_faultin_pfn() doesn't
make sense. This change would belong to TDX KVM patches, though.

diff --git a/arch/x86/kvm/mmu/mmu_internal.h b/arch/x86/kvm/mmu/mmu_internal.h
index 72b0da8e27e0..f45ac438bbf4 100644
--- a/arch/x86/kvm/mmu/mmu_internal.h
+++ b/arch/x86/kvm/mmu/mmu_internal.h
@@ -430,7 +430,7 @@ static inline int kvm_mmu_do_page_fault(struct kvm_vcpu 
*vcpu, gpa_t cr2_or_gpa,
.max_level = vcpu->kvm->arch.tdp_max_page_level,
.req_level = PG_LEVEL_4K,
.goal_level = PG_LEVEL_4K,
-   .is_private = kvm_mem_is_private(vcpu->kvm, cr2_or_gpa >> 
PAGE_SHIFT),
+   .is_private = kvm_is_private_gpa(vcpu->kvm, cr2_or_gpa),
};
int r;


-- 
Isaku Yamahata 

[PATCH] mac_nvram: Add block backend to persist NVRAM contents

[BALATON Zoltan]

Add a way to set a backing store for the mac_nvram similar to what
spapr_nvram or mac_via PRAM already does to allow to save its contents
between runs. Use -drive file=nvram.img,format=raw,if=mtd to specify
backing file where nvram.img must be MACIO_NVRAM_SIZE which is 8192
bytes. It is only wired for mac_oldworld for now but could be used by
mac_newworld in the future too.

Signed-off-by: BALATON Zoltan 
---
 hw/nvram/mac_nvram.c | 28 
 hw/ppc/mac_oldworld.c|  8 +++-
 include/hw/nvram/mac_nvram.h |  1 +
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/hw/nvram/mac_nvram.c b/hw/nvram/mac_nvram.c
index 3d9ddda217..810e84f07e 100644
--- a/hw/nvram/mac_nvram.c
+++ b/hw/nvram/mac_nvram.c
@@ -24,9 +24,12 @@
  */
 
 #include "qemu/osdep.h"
+#include "qapi/error.h"
 #include "hw/nvram/chrp_nvram.h"
 #include "hw/nvram/mac_nvram.h"
 #include "hw/qdev-properties.h"
+#include "hw/qdev-properties-system.h"
+#include "sysemu/block-backend.h"
 #include "migration/vmstate.h"
 #include "qemu/cutils.h"
 #include "qemu/module.h"
@@ -44,6 +47,9 @@ static void macio_nvram_writeb(void *opaque, hwaddr addr,
 addr = (addr >> s->it_shift) & (s->size - 1);
 trace_macio_nvram_write(addr, value);
 s->data[addr] = value;
+if (s->blk) {
+blk_pwrite(s->blk, addr, 1, >data[addr], 0);
+}
 }
 
 static uint64_t macio_nvram_readb(void *opaque, hwaddr addr,
@@ -91,6 +97,27 @@ static void macio_nvram_realizefn(DeviceState *dev, Error 
**errp)
 
 s->data = g_malloc0(s->size);
 
+if (s->blk) {
+int64_t len = blk_getlength(s->blk);
+if (len < 0) {
+error_setg_errno(errp, -len,
+ "could not get length of nvram backing image");
+return;
+} else if (len != s->size) {
+error_setg_errno(errp, -len,
+ "invalid size nvram backing image");
+return;
+}
+if (blk_set_perm(s->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
+ BLK_PERM_ALL, errp) < 0) {
+return;
+}
+if (blk_pread(s->blk, 0, s->size, s->data, 0) < 0) {
+error_setg(errp, "can't read-nvram contents");
+return;
+}
+}
+
 memory_region_init_io(>mem, OBJECT(s), _nvram_ops, s,
   "macio-nvram", s->size << s->it_shift);
 sysbus_init_mmio(d, >mem);
@@ -106,6 +133,7 @@ static void macio_nvram_unrealizefn(DeviceState *dev)
 static Property macio_nvram_properties[] = {
 DEFINE_PROP_UINT32("size", MacIONVRAMState, size, 0),
 DEFINE_PROP_UINT32("it_shift", MacIONVRAMState, it_shift, 0),
+DEFINE_PROP_DRIVE("drive", MacIONVRAMState, blk),
 DEFINE_PROP_END_OF_LIST()
 };
 
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index e052ad880e..52e554710f 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -103,7 +103,7 @@ static void ppc_heathrow_init(MachineState *machine)
 DeviceState *dev, *pic_dev, *grackle_dev;
 BusState *adb_bus;
 uint16_t ppc_boot_device;
-DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+DriveInfo *dinfo, *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
 void *fw_cfg;
 uint64_t tbfreq = kvm_enabled() ? kvmppc_get_tbfreq() : TBFREQ;
 uint8_t *spd_data[3] = {};
@@ -256,6 +256,12 @@ static void ppc_heathrow_init(MachineState *machine)
 qdev_prop_set_chr(dev, "chrA", serial_hd(0));
 qdev_prop_set_chr(dev, "chrB", serial_hd(1));
 
+dinfo = drive_get(IF_MTD, 0, 0);
+if (dinfo) {
+dev = DEVICE(object_resolve_path_component(macio, "nvram"));
+qdev_prop_set_drive(dev, "drive", blk_by_legacy_dinfo(dinfo));
+}
+
 pci_realize_and_unref(PCI_DEVICE(macio), pci_bus, _fatal);
 
 pic_dev = DEVICE(object_resolve_path_component(macio, "pic"));
diff --git a/include/hw/nvram/mac_nvram.h b/include/hw/nvram/mac_nvram.h
index b780aca470..0c4dfaeff6 100644
--- a/include/hw/nvram/mac_nvram.h
+++ b/include/hw/nvram/mac_nvram.h
@@ -44,6 +44,7 @@ struct MacIONVRAMState {
 
 MemoryRegion mem;
 uint8_t *data;
+BlockBackend *blk;
 };
 
 void pmac_format_nvram_partition(MacIONVRAMState *nvr, int len);
-- 
2.30.6

Re: [RFC v4 3/3] hw/cxl: Multi-Region CXL Type-3 Devices (Volatile and Persistent)

[Gregory Price]

On Thu, Jan 19, 2023 at 05:31:12PM +, Jonathan Cameron wrote:
> On Thu, 19 Jan 2023 12:15:45 -0500
> Gregory Price  wrote:
> 
> > Found a bug, not sure how we missed this, probably happed with rebasing
> > and some fixups. We're presently reporting the volatile region as
> > non-volatile, 1 line patch.
> > 
> > Jonathan do you want a separate patch shipped or would you rather just
> > apply a fixup to the commit in your current branch?
> I'll fix up as I'd only squash the patch in anyway.
> 
> If tomorrow is slightly less crazy busy than today I'll push out a new
> tree with this and the pass through decoders support RFC
> (I'll post that to the lists as well)
> 
> Jonathan
> 

Aye aye! 

One other change to consider: the .EFI_memory_type_attr right now is set
to RESERVED.  Should this field actually be EFI_MEMORY_SP? Or is there a
reason for explicitly Reserved?

0: EfiConventionalMemory
1: EfiConventionalMemory w/ EFI_MEMORY_SP Attribute
2: EfiReservedMemoryType

I remember reading a while back that the intended marking is
special-purpose rather than reserved, but i'm hitting my wall on
knowledge.  

Dan may know, but I couldn't divine the correct setting from the kernel
(obviously this is EFI level code, so i didn't expect to).



One other thing that I am noticing:  When a CFMW is registered, an
nvdimm_bridge device becomes present in /sys/bus/cxl/devices -
regardless of whether the type3 device is persistent or volatile.

This makes me believe we aren't setting something up correctly in the
CDAT or something, but other than the below changes everything else
looks correct.  This could imply a kernel driver bug, but i've been
validating against real hardware and this behavior is not seen, even
with functional CXL memory expander devices (which the BIOS obviously
has a hand in setting up).

I started validating the DVSECs, but likewise i didn't see any
indication of error either.



diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c
index 919cdf141e..4daa0cf0f6 100644
--- a/hw/mem/cxl_type3.c
+++ b/hw/mem/cxl_type3.c
@@ -132,8 +132,9 @@ static int ct3_build_cdat_entries_for_mr(CDATSubHeader 
**cdat_table,
 .length = sizeof(*dsemts),
 },
 .DSMAS_handle = dsmad_handle,
-/* Reserved - the non volatile from DSMAS matters */
-.EFI_memory_type_attr = 2,
+/* Reserved if NV - the non volatile from DSMAS matters
+ * otherwise label this EFI_MEMORY_SP (special purpose) */
+.EFI_memory_type_attr = is_pmem ? 2 : 1,
 .DPA_offset = 0,
 .DPA_length = int128_get64(mr->size),
 };
@@ -187,7 +188,7 @@ static int ct3_build_cdat_table(CDATSubHeader 
***cdat_table, void *priv)
 /* Now fill them in */
 if (volatile_mr) {
 rc = ct3_build_cdat_entries_for_mr(table, dsmad_handle++, volatile_mr,
-   true, 0);
+   false, 0);
 if (rc < 0) {
 return rc;
 }

RE: [PATCH v4 12/19] target/hexagon: Clean up includes

[Taylor Simpson]

> -Original Message-
> From: Markus Armbruster 
> Sent: Thursday, January 19, 2023 1:00 AM
> To: qemu-devel@nongnu.org
> Cc: richard.hender...@linaro.org; pbonz...@redhat.com;
> kw...@redhat.com; hre...@redhat.com; i...@bsdimp.com;
> kev...@freebsd.org; berra...@redhat.com; gr...@kaod.org;
> qemu_...@crudebyte.com; m...@redhat.com; phi...@linaro.org;
> peter.mayd...@linaro.org; alist...@alistair23.me; jasow...@redhat.com;
> jonathan.came...@huawei.com; kbast...@mail.uni-paderborn.de;
> quint...@redhat.com; dgilb...@redhat.com; michael.r...@amd.com;
> kkost...@redhat.com; Taylor Simpson ;
> pal...@dabbelt.com; bin.m...@windriver.com; qemu-bl...@nongnu.org;
> qemu-...@nongnu.org; qemu-ri...@nongnu.org
> Subject: [PATCH v4 12/19] target/hexagon: Clean up includes
> 
> Clean up includes so that osdep.h is included first and headers which it
> implies are not included manually.
> 
> This commit was created with scripts/clean-includes.
> 
> Changes to standalone programs dropped, because I can't tell whether them
> not using qemu/osdep.h is intentional:
> 
> target/hexagon/gen_dectree_import.c
> target/hexagon/gen_semantics.c
> target/hexagon/idef-parser/idef-parser.h
> target/hexagon/idef-parser/parser-helpers.c
> target/hexagon/idef-parser/parser-helpers.h

Correct.  These are standalone programs not built with the full QEMU context.

> 
> Signed-off-by: Markus Armbruster 
> ---
>  target/hexagon/hex_arch_types.h | 1 -
>  target/hexagon/mmvec/macros.h   | 1 -
>  2 files changed, 2 deletions(-)

Reviewed-by: Taylor Simpson 

Re: [RFC] 2-stage translation emulation support for SMMUv3 on TCG

[Evgeny Iakovlev]

On 1/17/2023 18:00, Eric Auger wrote:

Hi Evgeny,
On 1/16/23 16:37, Evgeny Iakovlev wrote:

Hi!


We are using qemu-tcg-aarch64 to run Hyper-V test and debug builds for
arm. Besides some minor fixes that i have submitted over the last
couple of weeks, one big compatibility item for us is SMMUv3 2-stage
translations support. We can do fine without it right now, but having
it would also allow us to test nested arm guests with SMMUv3, which is
great.


One idea we have floating around is implementing 2-stage translations
in SMMUv3 in Qemu. We can't make a commitment yet, but before we
consider it i think it would be wise to ask the community about it,
specifically:

* Do 2-stage translations sound like something qemu-arm would be keen
on accepting? Are there any other use-cases for it besides an arguably
wild corner case of nesting an EL2 hypervisor on software-emulated arm64?

Personally I don't have anything against. I guess we cannot prevent you
from adding a feature that is supported by the spec ;-) One concern I
have is the extra complexity it will bring to the device. At least I
would recommend you to try to isolate stage2 support at most from the
rest and make your utmost to keep the stage1 perf as close as possible
to what it is currently. Indeed the main "production" use case is S1
vSMMU with KVM acceleration. Currently in linux arm-smmuv3 driver, only
S1 is used. Out of curiosity how are the S2 and S1+S2 used with HyperV?

I am mostly involved in KVM accelerated use cases so I will let others
comment on potential use cases using S2.



Hyper-V is using 2-stage xlate i think in the same scenario KVM/vfio 
does: to expose SMMU to the guest and allow it to program stage 1 tables 
and also support some nesting scenarious.




* Is there anyone already working on it as we speak maybe?

afaik I am not aware of anybody working on that at the moment

* Were there any previous attempts to do this and if yes why they
evidently didn't get through?

afaik there were no series sent publicly



Thanks for confirming, Eric!




Thanks

Eric


Thanks!

Re: [PATCH v2 1/2] target/arm: implement DBGCLAIM registers

[Evgeny Iakovlev]

On 1/17/2023 16:48, Richard Henderson wrote:

On 1/17/23 05:04, Evgeny Iakovlev wrote:

+    { .name = "DBGCLAIMCLR_EL1", .state = ARM_CP_STATE_BOTH,
+  .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 6,
+  .access = PL1_RW, .accessfn = access_tda,
+  .writefn = dbgclaimclr_write, .raw_writefn = 
dbgclaimclr_raw_write,

+  .fieldoffset = offsetof(CPUARMState, cp15.dbgclaim) },


You didn't need a new function, just .raw_writefn = raw_write
(which then uses .fieldoffset to dtrt).



Ah, i see, okay.




Otherwise,
Reviewed-by: Richard Henderson 


r~

Re: [PATCH v2 1/4] hw/char/pl011: refactor FIFO depth handling code

[Evgeny Iakovlev]

On 1/19/2023 14:45, Peter Maydell wrote:

On Tue, 17 Jan 2023 at 22:05, Evgeny Iakovlev
 wrote:

PL011 can be in either of 2 modes depending guest config: FIFO and
single register. The last mode could be viewed as a 1-element-deep FIFO.

Current code open-codes a bunch of depth-dependent logic. Refactor FIFO
depth handling code to isolate calculating current FIFO depth.

One functional (albeit guest-invisible) side-effect of this change is
that previously we would always increment s->read_pos in UARTDR read
handler even if FIFO was disabled, now we are limiting read_pos to not
exceed FIFO depth (read_pos itself is reset to 0 if user disables FIFO).

Signed-off-by: Evgeny Iakovlev 
---
  hw/char/pl011.c | 25 +
  include/hw/char/pl011.h |  5 -
  2 files changed, 17 insertions(+), 13 deletions(-)

Looking at this again, I realised that there's a subtle point
here about migration compatibility. If we do a VM migration
from an older version of QEMU without this change to a newer
version that does have this change, the incoming migration state
might indicate that we have FIFOs disabled, and there's a character
in read_fifo[] that isn't in array element 0 (because the old
code doesn't put it there). I think this works out OK because
the codepath in the UARTDR read-from-FIFO will first read the
character from read_fifo[read_pos], which will be the non-zero
read_pos as set by the old QEMU, before constraining it to be
0 when it does the advance of read_pos; and the pl011_put_fifo
code doesn't care about the actual value of read_pos.

But this is kind of tricky to reason about, and fragile to
future changes in the code, so I feel like it would be better
to have a migration post_load function that sanitizes the
incoming state to enforce the invariant assumed by the new code, i.e.

   if (pl011_fifo_depth(s) == 1 && s->read_count > 0 && s->read_pos > 0) {
   /*
* Older versions of QEMU didn't ensure that the single
* character in the FIFO in FIFO-disabled mode is in
* element 0 of the array; convert to follow the current
* code's assumptions.
*/
   s->read_fifo[0] = s->read_fifo[s->read_pos];
   s->read_pos = 0;
   }

If we're putting in a post-load function we can also sanitize
the incoming migration stream to fail the migration on bogus
(possibly malicious) data like read_pos > ARRAY_SIZE(read_fifo)
or read_count > fifo depth.



Yeah, i also saw this issue with migration and how it was not really a 
problem. I do agree with your point about making it more obviously fixed 
though.






diff --git a/hw/char/pl011.c b/hw/char/pl011.c
index c076813423..329cc6926d 100644
--- a/hw/char/pl011.c
+++ b/hw/char/pl011.c
@@ -81,6 +81,12 @@ static void pl011_update(PL011State *s)
  }
  }

+static inline unsigned pl011_get_fifo_depth(PL011State *s)
+{
+/* Note: FIFO depth is expected to be power-of-2 */
+return s->lcr & 0x10 ? PL011_FIFO_DEPTH : 1;
+}
+
  static uint64_t pl011_read(void *opaque, hwaddr offset,
 unsigned size)
  {
@@ -94,8 +100,7 @@ static uint64_t pl011_read(void *opaque, hwaddr offset,
  c = s->read_fifo[s->read_pos];
  if (s->read_count > 0) {
  s->read_count--;
-if (++s->read_pos == 16)
-s->read_pos = 0;
+s->read_pos = (s->read_pos + 1) & (pl011_get_fifo_depth(s) - 1);
  }
  if (s->read_count == 0) {
  s->flags |= PL011_FLAG_RXFE;
@@ -273,11 +278,7 @@ static int pl011_can_receive(void *opaque)
  PL011State *s = (PL011State *)opaque;
  int r;

-if (s->lcr & 0x10) {
-r = s->read_count < 16;
-} else {
-r = s->read_count < 1;
-}
+r = s->read_count < pl011_get_fifo_depth(s);
  trace_pl011_can_receive(s->lcr, s->read_count, r);
  return r;
  }
@@ -286,15 +287,15 @@ static void pl011_put_fifo(void *opaque, uint32_t value)
  {
  PL011State *s = (PL011State *)opaque;
  int slot;
+unsigned pipe_depth;

-slot = s->read_pos + s->read_count;
-if (slot >= 16)
-slot -= 16;
+pipe_depth = pl011_get_fifo_depth(s);
+slot = (s->read_pos + s->read_count) & (pipe_depth - 1);
  s->read_fifo[slot] = value;
  s->read_count++;
  s->flags &= ~PL011_FLAG_RXFE;
  trace_pl011_put_fifo(value, s->read_count);
-if (!(s->lcr & 0x10) || s->read_count == 16) {
+if (s->read_count == pipe_depth) {
  trace_pl011_put_fifo_full();
  s->flags |= PL011_FLAG_RXFF;
  }

thanks
-- PMM

Re: [PATCH v2 3/4] hw/char/pl011: better handling of FIFO flags on LCR reset

[Evgeny Iakovlev]

On 1/19/2023 14:30, Peter Maydell wrote:

On Tue, 17 Jan 2023 at 22:05, Evgeny Iakovlev
 wrote:

Current FIFO handling code does not reset RXFE/RXFF flags when guest
resets FIFO by writing to UARTLCR register, although internal FIFO state
is reset to 0 read count. Actual guest-visible flag update will happen
only on next data read or write attempt. As a result of that any guest
that expects RXFE flag to be set (and RXFF to be cleared) after resetting
FIFO will never see that happen.

Signed-off-by: Evgeny Iakovlev 
---
  hw/char/pl011.c | 14 +-
  1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/hw/char/pl011.c b/hw/char/pl011.c
index 404d52a3b8..3184949d69 100644
--- a/hw/char/pl011.c
+++ b/hw/char/pl011.c
@@ -87,6 +87,13 @@ static inline unsigned pl011_get_fifo_depth(PL011State *s)
  return s->lcr & 0x10 ? PL011_FIFO_DEPTH : 1;
  }

+static inline void pl011_reset_pipe(PL011State *s)
+{
+s->read_count = 0;
+s->read_pos = 0;
+s->flags = PL011_FLAG_RXFE | PL011_FLAG_TXFE;

Should this really be resetting all the other flags to 0 ?
I think we should set/clear only the FIFO related flags, and
leave the others alone. We don't yet implement the
modem-status signals, but if/when we ever do, clearing them
would be the wrong thing here.

(Reset still needs to reset all the flag register bits.)



Right, i thought about it, but as you mention we only use FIFO flags 
currently. Still, your suggestion about future changes makes sense.





thanks
-- PMM

Re: [PATCH v2 2/4] hw/char/pl011: implement a reset method

[Evgeny Iakovlev]

On 1/19/2023 14:27, Peter Maydell wrote:

On Tue, 17 Jan 2023 at 22:05, Evgeny Iakovlev
 wrote:

PL011 currently lacks a reset method. Implement it.

Signed-off-by: Evgeny Iakovlev 
---
  hw/char/pl011.c | 31 ++-
  1 file changed, 26 insertions(+), 5 deletions(-)

diff --git a/hw/char/pl011.c b/hw/char/pl011.c
index 329cc6926d..404d52a3b8 100644
--- a/hw/char/pl011.c
+++ b/hw/char/pl011.c
@@ -397,11 +397,6 @@ static void pl011_init(Object *obj)
  s->clk = qdev_init_clock_in(DEVICE(obj), "clk", pl011_clock_update, s,
  ClockUpdate);

-s->read_trigger = 1;
-s->ifl = 0x12;
-s->cr = 0x300;
-s->flags = 0x90;
-
  s->id = pl011_id_arm;
  }

@@ -413,11 +408,37 @@ static void pl011_realize(DeviceState *dev, Error **errp)
   pl011_event, NULL, s, NULL, true);
  }

+static void pl011_reset(DeviceState *dev)
+{
+PL011State *s = PL011(dev);
+int i;
+
+s->lcr = 0;
+s->rsr = 0;
+s->dmacr = 0;
+s->int_enabled = 0;
+s->int_level = 0;
+s->ilpr = 0;
+s->ibrd = 0;
+s->fbrd = 0;
+s->read_pos = 0;
+s->read_count = 0;
+s->read_trigger = 1;
+s->ifl = 0x12;
+s->cr = 0x300;
+s->flags = 0x90;
+
+for (i = 0; i < ARRAY_SIZE(s->irq); i++) {
+qemu_irq_lower(s->irq[i]);
+}

Reset should never touch outbound qemu_irq lines.
(The other end of the line will also reset and will end
up in the correct "as if the input is 0" state.)



Really? I saw this reset happening on other devices in hw/char (don't 
remember which ones specifically), so i though it is needed.





Otherwise
Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [RFC PATCH v4 15/15] arm/Kconfig: Do not build TCG-only boards on a KVM-only build

[Fabiano Rosas]

Philippe Mathieu-Daudé  writes:

> On 19/1/23 19:50, Richard Henderson wrote:
>> On 1/19/23 03:54, Fabiano Rosas wrote:
>>> Move all the CONFIG_FOO=y from default.mak into "default y if TCG"
>>> statements in Kconfig. That way they won't be selected when
>>> CONFIG_TCG=n.
>>>
>>> I'm leaving CONFIG_ARM_VIRT in default.mak because it allows us to
>>> keep the two default.mak files not empty and keep aarch64-default.mak
>>> including arm-default.mak. That way we don't surprise anyone that's
>>> used to altering these files.
>>>
>>> With this change we can start building with --disable-tcg.
>>>
>>> Signed-off-by: Fabiano Rosas
>>> ---
>>> sbsa-ref has an explicit check to avoid running with KVM
>>> xlnx-versal-virt has avocado tests tagged with tcg
>>> ---
>>>   configs/devices/aarch64-softmmu/default.mak |  4 --
>>>   configs/devices/arm-softmmu/default.mak | 37 --
>>>   hw/arm/Kconfig  | 42 -
>>>   3 files changed, 41 insertions(+), 42 deletions(-)
>> 
>> Reviewed-by: Richard Henderson 
>
> The previous version was cleaner IMHO, not restricting only the
> machines but also the cores:
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg24.html

I'm not able to apply that thread, there's missing emails in lore. =/

What do you suggest here? I like that you added detailed descriptions of
what was being removed and why. But it seems there's a lot left to be
restricted still, compared to this patch.

I also don't really understand what you mean by "also the cores". This
series already moved all cpus under CONFIG_TCG and what's left is only
the machines. If there's extra refinement to the configs, we should
definitely look into doing it, but I think that could come as a
follow-up series.

[PATCH] virtio-scsi: reset SCSI devices from main loop thread

[Stefan Hajnoczi]

When an IOThread is configured, the ctrl virtqueue is processed in the
IOThread. TMFs that reset SCSI devices are currently called directly
from the IOThread and trigger an assertion failure in blk_drain():

  ../block/block-backend.c:1780: void blk_drain(BlockBackend *): Assertion 
`qemu_in_main_thread()' failed.

The blk_drain() function is not designed to be called from an IOThread
because it needs the Big QEMU Lock (BQL).

This patch defers TMFs that reset SCSI devices to a Bottom Half (BH)
that runs in the main loop thread under the BQL. This way it's safe to
call blk_drain() and the assertion failure is avoided.

Introduce s->tmf_bh_list for tracking TMF requests that have been
deferred to the BH. When the BH runs it will grab the entire list and
process all requests. Care must be taken to clear the list when the
virtio-scsi device is reset or unrealized. Otherwise deferred TMF
requests could execute later and lead to use-after-free or other
undefined behavior.

The s->resetting counter that's used by TMFs that reset SCSI devices is
accessed from multiple threads. This patch makes that explicit by using
atomic accessor functions. With this patch applied the counter is only
modified by the main loop thread under the BQL but can be read by any
thread.

Reported-by: Qing Wang 
Cc: Paolo Bonzini 
Signed-off-by: Stefan Hajnoczi 
---
 include/hw/virtio/virtio-scsi.h |  11 ++-
 hw/scsi/virtio-scsi.c   | 169 +---
 2 files changed, 143 insertions(+), 37 deletions(-)

diff --git a/include/hw/virtio/virtio-scsi.h b/include/hw/virtio/virtio-scsi.h
index 37b75e15e3..779568ab5d 100644
--- a/include/hw/virtio/virtio-scsi.h
+++ b/include/hw/virtio/virtio-scsi.h
@@ -74,13 +74,22 @@ struct VirtIOSCSICommon {
 VirtQueue **cmd_vqs;
 };
 
+struct VirtIOSCSIReq;
+
 struct VirtIOSCSI {
 VirtIOSCSICommon parent_obj;
 
 SCSIBus bus;
-int resetting;
+int resetting; /* written from main loop thread, read from any thread */
 bool events_dropped;
 
+/*
+ * TMFs deferred to main loop BH. These fields are protected by
+ * virtio_scsi_acquire().
+ */
+QEMUBH *tmf_bh;
+QTAILQ_HEAD(, VirtIOSCSIReq) tmf_bh_list;
+
 /* Fields for dataplane below */
 AioContext *ctx; /* one iothread per virtio-scsi-pci for now */
 
diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
index 2b649ca976..612c525d9d 100644
--- a/hw/scsi/virtio-scsi.c
+++ b/hw/scsi/virtio-scsi.c
@@ -43,13 +43,11 @@ typedef struct VirtIOSCSIReq {
 QEMUSGList qsgl;
 QEMUIOVector resp_iov;
 
-union {
-/* Used for two-stage request submission */
-QTAILQ_ENTRY(VirtIOSCSIReq) next;
+/* Used for two-stage request submission and TMFs deferred to BH */
+QTAILQ_ENTRY(VirtIOSCSIReq) next;
 
-/* Used for cancellation of request during TMFs */
-int remaining;
-};
+/* Used for cancellation of request during TMFs */
+int remaining;
 
 SCSIRequest *sreq;
 size_t resp_size;
@@ -294,6 +292,122 @@ static inline void virtio_scsi_ctx_check(VirtIOSCSI *s, 
SCSIDevice *d)
 }
 }
 
+static void virtio_scsi_do_one_tmf_bh(VirtIOSCSIReq *req)
+{
+VirtIOSCSI *s = req->dev;
+SCSIDevice *d = virtio_scsi_device_get(s, req->req.tmf.lun);
+BusChild *kid;
+int target;
+
+switch (req->req.tmf.subtype) {
+case VIRTIO_SCSI_T_TMF_LOGICAL_UNIT_RESET:
+if (!d) {
+req->resp.tmf.response = VIRTIO_SCSI_S_BAD_TARGET;
+goto out;
+}
+if (d->lun != virtio_scsi_get_lun(req->req.tmf.lun)) {
+req->resp.tmf.response = VIRTIO_SCSI_S_INCORRECT_LUN;
+goto out;
+}
+qatomic_inc(>resetting);
+device_cold_reset(>qdev);
+qatomic_dec(>resetting);
+break;
+
+case VIRTIO_SCSI_T_TMF_I_T_NEXUS_RESET:
+target = req->req.tmf.lun[1];
+qatomic_inc(>resetting);
+
+rcu_read_lock();
+QTAILQ_FOREACH_RCU(kid, >bus.qbus.children, sibling) {
+SCSIDevice *d1 = SCSI_DEVICE(kid->child);
+if (d1->channel == 0 && d1->id == target) {
+device_cold_reset(>qdev);
+}
+}
+rcu_read_unlock();
+
+qatomic_dec(>resetting);
+break;
+
+default:
+g_assert_not_reached();
+break;
+}
+
+out:
+object_unref(OBJECT(d));
+
+virtio_scsi_acquire(s);
+virtio_scsi_complete_req(req);
+virtio_scsi_release(s);
+}
+
+/* Some TMFs must be processed from the main loop thread */
+static void virtio_scsi_do_tmf_bh(void *opaque)
+{
+VirtIOSCSI *s = opaque;
+QTAILQ_HEAD(, VirtIOSCSIReq) reqs = QTAILQ_HEAD_INITIALIZER(reqs);
+VirtIOSCSIReq *req;
+VirtIOSCSIReq *tmp;
+
+GLOBAL_STATE_CODE();
+
+virtio_scsi_acquire(s);
+
+QTAILQ_FOREACH_SAFE(req, >tmf_bh_list, next, tmp) {
+QTAILQ_REMOVE(>tmf_bh_list, req, next);
+QTAILQ_INSERT_TAIL(, req, next);
+}
+
+qemu_bh_delete(s->tmf_bh);

[PATCH 2/2] log: remove unneeded new line

[BALATON Zoltan]

The help text of the -d plugin option has a new line at the end which
is not needed as one is added automatically. Fixing it removes the
unexpected empty line in -d help output.

Signed-off-by: BALATON Zoltan 
---
 util/log.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/log.c b/util/log.c
index a3c097f320..3fe74481da 100644
--- a/util/log.c
+++ b/util/log.c
@@ -489,7 +489,7 @@ const QEMULogItem qemu_log_items[] = {
   "do not chain compiled TBs so that \"exec\" and \"cpu\" show\n"
   "complete traces" },
 #ifdef CONFIG_PLUGIN
-{ CPU_LOG_PLUGIN, "plugin", "output from TCG plugins\n"},
+{ CPU_LOG_PLUGIN, "plugin", "output from TCG plugins"},
 #endif
 { LOG_STRACE, "strace",
   "log every user-mode syscall, its input, and its result" },
-- 
2.30.6

[PATCH 1/2] log: Add separate debug option for logging invalid memory accesses

[BALATON Zoltan]

Currently -d guest_errors enables logging of different invalid actions
by the guest such as misusing hardware, accessing missing features or
invalid memory areas. The memory access logging can be quite verbose
which obscures the other messages enabled by this debug switch so
separate it by adding a new -d memaccess option to make it possible to
control it independently of other guest error logs.

Signed-off-by: BALATON Zoltan 
---
 include/qemu/log.h | 1 +
 softmmu/memory.c   | 6 +++---
 softmmu/physmem.c  | 2 +-
 util/log.c | 2 ++
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/include/qemu/log.h b/include/qemu/log.h
index c5643d8dd5..4bf0a65a85 100644
--- a/include/qemu/log.h
+++ b/include/qemu/log.h
@@ -35,6 +35,7 @@ bool qemu_log_separate(void);
 /* LOG_STRACE is used for user-mode strace logging. */
 #define LOG_STRACE (1 << 19)
 #define LOG_PER_THREAD (1 << 20)
+#define LOG_MEM_ACCESS (1 << 21)
 
 /* Lock/unlock output. */
 
diff --git a/softmmu/memory.c b/softmmu/memory.c
index 9d64efca26..0a9fa67d32 100644
--- a/softmmu/memory.c
+++ b/softmmu/memory.c
@@ -1379,7 +1379,7 @@ bool memory_region_access_valid(MemoryRegion *mr,
 {
 if (mr->ops->valid.accepts
 && !mr->ops->valid.accepts(mr->opaque, addr, size, is_write, attrs)) {
-qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX
+qemu_log_mask(LOG_MEM_ACCESS, "Invalid %s at addr 0x%" HWADDR_PRIX
   ", size %u, region '%s', reason: rejected\n",
   is_write ? "write" : "read",
   addr, size, memory_region_name(mr));
@@ -1387,7 +1387,7 @@ bool memory_region_access_valid(MemoryRegion *mr,
 }
 
 if (!mr->ops->valid.unaligned && (addr & (size - 1))) {
-qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX
+qemu_log_mask(LOG_MEM_ACCESS, "Invalid %s at addr 0x%" HWADDR_PRIX
   ", size %u, region '%s', reason: unaligned\n",
   is_write ? "write" : "read",
   addr, size, memory_region_name(mr));
@@ -1401,7 +1401,7 @@ bool memory_region_access_valid(MemoryRegion *mr,
 
 if (size > mr->ops->valid.max_access_size
 || size < mr->ops->valid.min_access_size) {
-qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX
+qemu_log_mask(LOG_MEM_ACCESS, "Invalid %s at addr 0x%" HWADDR_PRIX
   ", size %u, region '%s', reason: invalid size "
   "(min:%u max:%u)\n",
   is_write ? "write" : "read",
diff --git a/softmmu/physmem.c b/softmmu/physmem.c
index bf585e45a8..bca679ee01 100644
--- a/softmmu/physmem.c
+++ b/softmmu/physmem.c
@@ -2792,7 +2792,7 @@ static bool flatview_access_allowed(MemoryRegion *mr, 
MemTxAttrs attrs,
 if (memory_region_is_ram(mr)) {
 return true;
 }
-qemu_log_mask(LOG_GUEST_ERROR,
+qemu_log_mask(LOG_MEM_ACCESS,
   "Invalid access to non-RAM device at "
   "addr 0x%" HWADDR_PRIX ", size %" HWADDR_PRIu ", "
   "region '%s'\n", addr, len, memory_region_name(mr));
diff --git a/util/log.c b/util/log.c
index 7837ff9917..a3c097f320 100644
--- a/util/log.c
+++ b/util/log.c
@@ -495,6 +495,8 @@ const QEMULogItem qemu_log_items[] = {
   "log every user-mode syscall, its input, and its result" },
 { LOG_PER_THREAD, "tid",
   "open a separate log file per thread; filename must contain '%d'" },
+{ LOG_MEM_ACCESS, "memaccess",
+  "log invalid memory accesses" },
 { 0, NULL, NULL },
 };
 
-- 
2.30.6

Re: [RFC PATCH v4 14/15] arm/Kconfig: Always select SEMIHOSTING when TCG is present

[Fabiano Rosas]

Philippe Mathieu-Daudé  writes:

> On 19/1/23 19:50, Richard Henderson wrote:
>> On 1/19/23 03:54, Fabiano Rosas wrote:
>>> We are about to enable the build without TCG, so CONFIG_SEMIHOSTING
>>> and CONFIG_ARM_COMPATIBLE_SEMIHOSTING cannot be unconditionally set in
>>> default.mak anymore. So reflect the change in a Kconfig.
>>>
>>> Instead of using semihosting/Kconfig, use a target-specific file, so
>>> that the change doesn't affect other architectures which might
>>> implement semihosting in a way compatible with KVM.
>>>
>>> The selection from ARM_v7M needs to be removed to avoid a cycle during
>>> parsing.
>>>
>>> Signed-off-by: Fabiano Rosas
>> 
>> Reviewed-by: Richard Henderson 
>> 
>>> The linux-user build does not use Kconfig. Is it worth it to add
>>> support to it? There's just the semihosting config so far.
>> 
>> Probably not.
>
> I hit this limitation last week trying to restrict libdecnumber to
> powerpc targets.
>
> Fabiano, do you see how this can be done easily?

If you grep for Kconfig in the top level meson.build, that code there
could be adapted to also include linux-user targets.

I did some experimenting and I could generate linux-user.mak files with
all the configs from the existing Kconfigs. It would be a matter of
adding the proper CONFIG_SOFTMMU, CONFIG_LINUX_USER options to separate
the two and then hooking up the .mak files with the rest of the
build. That last part I'm not sure how to do.

[PATCH v9 2/3] hw/riscv/boot.c: consolidate all kernel init in riscv_load_kernel()

[Daniel Henrique Barboza]

The microchip_icicle_kit, sifive_u, spike and virt boards are now doing
the same steps when '-kernel' is used:

- execute load_kernel()
- load init_rd()
- write kernel_cmdline

Let's fold everything inside riscv_load_kernel() to avoid code
repetition. To not change the behavior of boards that aren't calling
riscv_load_init(), add an 'load_initrd' flag to riscv_load_kernel() and
allow these boards to opt out from initrd loading.

Cc: Palmer Dabbelt 
Reviewed-by: Bin Meng 
Reviewed-by: Alistair Francis 
Signed-off-by: Daniel Henrique Barboza 
---
 hw/riscv/boot.c| 22 +++---
 hw/riscv/microchip_pfsoc.c | 11 +--
 hw/riscv/opentitan.c   |  3 ++-
 hw/riscv/sifive_e.c|  3 ++-
 hw/riscv/sifive_u.c| 11 +--
 hw/riscv/spike.c   | 11 +--
 hw/riscv/virt.c| 11 +--
 include/hw/riscv/boot.h|  1 +
 8 files changed, 28 insertions(+), 45 deletions(-)

diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index 46fc7adccf..29e0c204d3 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -192,10 +192,12 @@ static uint64_t translate_kernel_address(void *opaque, 
uint64_t addr)
 target_ulong riscv_load_kernel(MachineState *machine,
RISCVHartArrayState *harts,
target_ulong kernel_start_addr,
+   bool load_initrd,
symbol_fn_t sym_cb)
 {
 const char *kernel_filename = machine->kernel_filename;
 uint64_t kernel_load_base, kernel_entry;
+void *fdt = machine->fdt;
 
 g_assert(kernel_filename != NULL);
 
@@ -210,21 +212,35 @@ target_ulong riscv_load_kernel(MachineState *machine,
  translate_kernel_address, harts,
  NULL, _load_base, NULL, NULL, 0,
  EM_RISCV, 1, 0, NULL, true, sym_cb) > 0) {
-return kernel_load_base;
+kernel_entry = kernel_load_base;
+goto out;
 }
 
 if (load_uimage_as(kernel_filename, _entry, NULL, NULL,
NULL, NULL, NULL) > 0) {
-return kernel_entry;
+goto out;
 }
 
 if (load_image_targphys_as(kernel_filename, kernel_start_addr,
current_machine->ram_size, NULL) > 0) {
-return kernel_start_addr;
+kernel_entry = kernel_start_addr;
+goto out;
 }
 
 error_report("could not load kernel '%s'", kernel_filename);
 exit(1);
+
+out:
+if (load_initrd && machine->initrd_filename) {
+riscv_load_initrd(machine, kernel_entry);
+}
+
+if (fdt && machine->kernel_cmdline && *machine->kernel_cmdline) {
+qemu_fdt_setprop_string(fdt, "/chosen", "bootargs",
+machine->kernel_cmdline);
+}
+
+return kernel_entry;
 }
 
 void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry)
diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c
index bdefeb3cbb..b7e171b605 100644
--- a/hw/riscv/microchip_pfsoc.c
+++ b/hw/riscv/microchip_pfsoc.c
@@ -630,16 +630,7 @@ static void microchip_icicle_kit_machine_init(MachineState 
*machine)
  firmware_end_addr);
 
 kernel_entry = riscv_load_kernel(machine, >soc.u_cpus,
- kernel_start_addr, NULL);
-
-if (machine->initrd_filename) {
-riscv_load_initrd(machine, kernel_entry);
-}
-
-if (machine->kernel_cmdline && *machine->kernel_cmdline) {
-qemu_fdt_setprop_string(machine->fdt, "/chosen",
-"bootargs", machine->kernel_cmdline);
-}
+ kernel_start_addr, true, NULL);
 
 /* Compute the fdt load address in dram */
 fdt_load_addr = riscv_load_fdt(memmap[MICROCHIP_PFSOC_DRAM_LO].base,
diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c
index 2731138c41..3af9bfa52a 100644
--- a/hw/riscv/opentitan.c
+++ b/hw/riscv/opentitan.c
@@ -102,7 +102,8 @@ static void opentitan_board_init(MachineState *machine)
 
 if (machine->kernel_filename) {
 riscv_load_kernel(machine, >soc.cpus,
-  memmap[IBEX_DEV_RAM].base, NULL);
+  memmap[IBEX_DEV_RAM].base,
+  false, NULL);
 }
 }
 
diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index 1a7d381514..04939b60c3 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -115,7 +115,8 @@ static void sifive_e_machine_init(MachineState *machine)
 
 if (machine->kernel_filename) {
 riscv_load_kernel(machine, >soc.cpus,
-  memmap[SIFIVE_E_DEV_DTIM].base, NULL);
+  memmap[SIFIVE_E_DEV_DTIM].base,
+  false, NULL);
 }
 }
 
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 83dfe09877..b0b3e6f03a 100644
--- 

[PATCH v9 0/3] hw/riscv: clear kernel_entry high bits with 32bit CPUs

[Daniel Henrique Barboza]

Hi,

In this version I changed the patch order to avoid having a patch that
would trigger the 32 bit regression Alistair observed. Patch 3 is now
the first patch.

I've also addressed the comments from Bin and Phil.

Patches based on riscv-to-apply.next.

Changes from v8:
- patch 1 (former 3):
  - comment changes
  - now open code '32' instead of using a macro
- v8 link: https://lists.gnu.org/archive/html/qemu-devel/2023-01/msg03254.html

Daniel Henrique Barboza (3):
  hw/riscv: clear kernel_entry higher bits from load_elf_ram_sym()
  hw/riscv/boot.c: consolidate all kernel init in riscv_load_kernel()
  hw/riscv/boot.c: make riscv_load_initrd() static

 hw/riscv/boot.c| 96 ++
 hw/riscv/microchip_pfsoc.c | 12 +
 hw/riscv/opentitan.c   |  4 +-
 hw/riscv/sifive_e.c|  4 +-
 hw/riscv/sifive_u.c| 12 +
 hw/riscv/spike.c   | 14 ++
 hw/riscv/virt.c| 12 +
 include/hw/riscv/boot.h|  3 +-
 8 files changed, 82 insertions(+), 75 deletions(-)

-- 
2.39.0

[PATCH v9 1/3] hw/riscv: clear kernel_entry higher bits from load_elf_ram_sym()

[Daniel Henrique Barboza]

load_elf_ram_sym() will sign-extend 32 bit addresses. If a 32 bit
QEMU guest happens to be running in a hypervisor that are using 64
bits to encode its address, kernel_entry can be padded with '1's
and create problems [1].

Use a translate_fn() callback to be called by load_elf_ram_sym() and
return only the 32 bits address if we're running a 32 bit CPU.

[1] https://lists.gnu.org/archive/html/qemu-devel/2023-01/msg02281.html

Suggested-by: Philippe Mathieu-Daudé 
Suggested-by: Bin Meng 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel Henrique Barboza 
---
 hw/riscv/boot.c| 20 +++-
 hw/riscv/microchip_pfsoc.c |  3 ++-
 hw/riscv/opentitan.c   |  3 ++-
 hw/riscv/sifive_e.c|  3 ++-
 hw/riscv/sifive_u.c|  3 ++-
 hw/riscv/spike.c   |  3 ++-
 hw/riscv/virt.c|  3 ++-
 include/hw/riscv/boot.h|  1 +
 8 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index 2594276223..46fc7adccf 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -173,7 +173,24 @@ target_ulong riscv_load_firmware(const char 
*firmware_filename,
 exit(1);
 }
 
+static uint64_t translate_kernel_address(void *opaque, uint64_t addr)
+{
+RISCVHartArrayState *harts = opaque;
+
+if (riscv_is_32bit(harts)) {
+/*
+ * For 32 bit CPUs, kernel_load_base is sign-extended
+ * (i.e. it can be padded with '1's) by load_elf().
+ * Remove the sign extension by truncating to 32-bit.
+ */
+return extract64(addr, 0, 32);
+}
+
+return addr;
+}
+
 target_ulong riscv_load_kernel(MachineState *machine,
+   RISCVHartArrayState *harts,
target_ulong kernel_start_addr,
symbol_fn_t sym_cb)
 {
@@ -189,7 +206,8 @@ target_ulong riscv_load_kernel(MachineState *machine,
  * the (expected) load address load address. This allows kernels to have
  * separate SBI and ELF entry points (used by FreeBSD, for example).
  */
-if (load_elf_ram_sym(kernel_filename, NULL, NULL, NULL,
+if (load_elf_ram_sym(kernel_filename, NULL,
+ translate_kernel_address, harts,
  NULL, _load_base, NULL, NULL, 0,
  EM_RISCV, 1, 0, NULL, true, sym_cb) > 0) {
 return kernel_load_base;
diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c
index 82ae5e7023..bdefeb3cbb 100644
--- a/hw/riscv/microchip_pfsoc.c
+++ b/hw/riscv/microchip_pfsoc.c
@@ -629,7 +629,8 @@ static void microchip_icicle_kit_machine_init(MachineState 
*machine)
 kernel_start_addr = riscv_calc_kernel_start_addr(>soc.u_cpus,
  firmware_end_addr);
 
-kernel_entry = riscv_load_kernel(machine, kernel_start_addr, NULL);
+kernel_entry = riscv_load_kernel(machine, >soc.u_cpus,
+ kernel_start_addr, NULL);
 
 if (machine->initrd_filename) {
 riscv_load_initrd(machine, kernel_entry);
diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c
index 64d5d435b9..2731138c41 100644
--- a/hw/riscv/opentitan.c
+++ b/hw/riscv/opentitan.c
@@ -101,7 +101,8 @@ static void opentitan_board_init(MachineState *machine)
 }
 
 if (machine->kernel_filename) {
-riscv_load_kernel(machine, memmap[IBEX_DEV_RAM].base, NULL);
+riscv_load_kernel(machine, >soc.cpus,
+  memmap[IBEX_DEV_RAM].base, NULL);
 }
 }
 
diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index 3e3f4b0088..1a7d381514 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -114,7 +114,8 @@ static void sifive_e_machine_init(MachineState *machine)
   memmap[SIFIVE_E_DEV_MROM].base, 
_space_memory);
 
 if (machine->kernel_filename) {
-riscv_load_kernel(machine, memmap[SIFIVE_E_DEV_DTIM].base, NULL);
+riscv_load_kernel(machine, >soc.cpus,
+  memmap[SIFIVE_E_DEV_DTIM].base, NULL);
 }
 }
 
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 2fb6ee231f..83dfe09877 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -598,7 +598,8 @@ static void sifive_u_machine_init(MachineState *machine)
 kernel_start_addr = riscv_calc_kernel_start_addr(>soc.u_cpus,
  firmware_end_addr);
 
-kernel_entry = riscv_load_kernel(machine, kernel_start_addr, NULL);
+kernel_entry = riscv_load_kernel(machine, >soc.u_cpus,
+ kernel_start_addr, NULL);
 
 if (machine->initrd_filename) {
 riscv_load_initrd(machine, kernel_entry);
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index badc11ec43..2bcc50d90d 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -305,7 +305,8 @@ static void spike_board_init(MachineState *machine)
 

[PATCH v9 3/3] hw/riscv/boot.c: make riscv_load_initrd() static

[Daniel Henrique Barboza]

The only remaining caller is riscv_load_kernel_and_initrd() which
belongs to the same file.

Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Bin Meng 
Reviewed-by: Alistair Francis 
---
 hw/riscv/boot.c | 80 -
 include/hw/riscv/boot.h |  1 -
 2 files changed, 40 insertions(+), 41 deletions(-)

diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index 29e0c204d3..62cc816b83 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -189,6 +189,46 @@ static uint64_t translate_kernel_address(void *opaque, 
uint64_t addr)
 return addr;
 }
 
+static void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry)
+{
+const char *filename = machine->initrd_filename;
+uint64_t mem_size = machine->ram_size;
+void *fdt = machine->fdt;
+hwaddr start, end;
+ssize_t size;
+
+g_assert(filename != NULL);
+
+/*
+ * We want to put the initrd far enough into RAM that when the
+ * kernel is uncompressed it will not clobber the initrd. However
+ * on boards without much RAM we must ensure that we still leave
+ * enough room for a decent sized initrd, and on boards with large
+ * amounts of RAM we must avoid the initrd being so far up in RAM
+ * that it is outside lowmem and inaccessible to the kernel.
+ * So for boards with less  than 256MB of RAM we put the initrd
+ * halfway into RAM, and for boards with 256MB of RAM or more we put
+ * the initrd at 128MB.
+ */
+start = kernel_entry + MIN(mem_size / 2, 128 * MiB);
+
+size = load_ramdisk(filename, start, mem_size - start);
+if (size == -1) {
+size = load_image_targphys(filename, start, mem_size - start);
+if (size == -1) {
+error_report("could not load ramdisk '%s'", filename);
+exit(1);
+}
+}
+
+/* Some RISC-V machines (e.g. opentitan) don't have a fdt. */
+if (fdt) {
+end = start + size;
+qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-start", start);
+qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-end", end);
+}
+}
+
 target_ulong riscv_load_kernel(MachineState *machine,
RISCVHartArrayState *harts,
target_ulong kernel_start_addr,
@@ -243,46 +283,6 @@ out:
 return kernel_entry;
 }
 
-void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry)
-{
-const char *filename = machine->initrd_filename;
-uint64_t mem_size = machine->ram_size;
-void *fdt = machine->fdt;
-hwaddr start, end;
-ssize_t size;
-
-g_assert(filename != NULL);
-
-/*
- * We want to put the initrd far enough into RAM that when the
- * kernel is uncompressed it will not clobber the initrd. However
- * on boards without much RAM we must ensure that we still leave
- * enough room for a decent sized initrd, and on boards with large
- * amounts of RAM we must avoid the initrd being so far up in RAM
- * that it is outside lowmem and inaccessible to the kernel.
- * So for boards with less  than 256MB of RAM we put the initrd
- * halfway into RAM, and for boards with 256MB of RAM or more we put
- * the initrd at 128MB.
- */
-start = kernel_entry + MIN(mem_size / 2, 128 * MiB);
-
-size = load_ramdisk(filename, start, mem_size - start);
-if (size == -1) {
-size = load_image_targphys(filename, start, mem_size - start);
-if (size == -1) {
-error_report("could not load ramdisk '%s'", filename);
-exit(1);
-}
-}
-
-/* Some RISC-V machines (e.g. opentitan) don't have a fdt. */
-if (fdt) {
-end = start + size;
-qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-start", start);
-qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-end", end);
-}
-}
-
 uint64_t riscv_load_fdt(hwaddr dram_base, uint64_t mem_size, void *fdt)
 {
 uint64_t temp, fdt_addr;
diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
index e0eab1e01b..bc9faed397 100644
--- a/include/hw/riscv/boot.h
+++ b/include/hw/riscv/boot.h
@@ -48,7 +48,6 @@ target_ulong riscv_load_kernel(MachineState *machine,
target_ulong firmware_end_addr,
bool load_initrd,
symbol_fn_t sym_cb);
-void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry);
 uint64_t riscv_load_fdt(hwaddr dram_start, uint64_t dram_size, void *fdt);
 void riscv_setup_rom_reset_vec(MachineState *machine, RISCVHartArrayState 
*harts,
hwaddr saddr,
-- 
2.39.0

Re: [PATCH] hw/misc: Add basic Aspeed GFX model

[Andrew Jeffery]

On Thu, 19 Jan 2023, at 23:14, Joel Stanley wrote:
> Enough model to capture the pinmux writes to enable correct operation of
> the parts of pinmux that depend on GFX registers.
>
> Signed-off-by: Joel Stanley 
> ---
>  include/hw/arm/aspeed_soc.h  |   3 +
>  include/hw/misc/aspeed_gfx.h |  31 +
>  hw/arm/aspeed_ast2600.c  |  11 
>  hw/arm/aspeed_soc.c  |  12 
>  hw/misc/aspeed_gfx.c | 121 +++
>  hw/misc/meson.build  |   1 +
>  hw/misc/trace-events |   4 ++
>  7 files changed, 183 insertions(+)
>  create mode 100644 include/hw/misc/aspeed_gfx.h
>  create mode 100644 hw/misc/aspeed_gfx.c
>
> diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
> index 8389200b2d01..7084e0efeb97 100644
> --- a/include/hw/arm/aspeed_soc.h
> +++ b/include/hw/arm/aspeed_soc.h
> @@ -26,6 +26,7 @@
>  #include "hw/ssi/aspeed_smc.h"
>  #include "hw/misc/aspeed_hace.h"
>  #include "hw/misc/aspeed_sbc.h"
> +#include "hw/misc/aspeed_gfx.h"
>  #include "hw/watchdog/wdt_aspeed.h"
>  #include "hw/net/ftgmac100.h"
>  #include "target/arm/cpu.h"
> @@ -81,6 +82,7 @@ struct AspeedSoCState {
>  AspeedSDHCIState emmc;
>  AspeedLPCState lpc;
>  AspeedPECIState peci;
> +AspeedGFXState gfx;
>  SerialMM uart[ASPEED_UARTS_NUM];
>  Clock *sysclk;
>  UnimplementedDeviceState iomem;
> @@ -171,6 +173,7 @@ enum {
>  ASPEED_DEV_EMMC,
>  ASPEED_DEV_KCS,
>  ASPEED_DEV_HACE,
> +ASPEED_DEV_GFX,
>  ASPEED_DEV_DPMCU,
>  ASPEED_DEV_DP,
>  ASPEED_DEV_I3C,
> diff --git a/include/hw/misc/aspeed_gfx.h b/include/hw/misc/aspeed_gfx.h
> new file mode 100644
> index ..b0736a53f577
> --- /dev/null
> +++ b/include/hw/misc/aspeed_gfx.h
> @@ -0,0 +1,31 @@
> +/*
> + * ASPEED GFX Controller
> + *
> + * Copyright (C) 2023 IBM Corp.
> + *
> + * This code is licensed under the GPL version 2 or later.  See
> + * the COPYING file in the top-level directory.
> + */

Use SPDX here?

> +
> +#ifndef ASPEED_GFX_H
> +#define ASPEED_GFX_H
> +
> +#include "hw/sysbus.h"
> +
> +#define TYPE_ASPEED_GFX "aspeed.gfx"
> +#define ASPEED_GFX(obj) OBJECT_CHECK(AspeedGFXState, (obj), TYPE_ASPEED_GFX)
> +
> +#define ASPEED_GFX_NR_REGS (0xFC >> 2)
> +
> +typedef struct AspeedGFXState {
> +/*  */
> +SysBusDevice parent;
> +
> +/*< public >*/
> +MemoryRegion iomem;
> +qemu_irq irq;
> +
> +uint32_t regs[ASPEED_GFX_NR_REGS];
> +} AspeedGFXState;
> +
> +#endif /* _ASPEED_GFX_H_ */
> diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c
> index cd75465c2bdd..10e4a13655cc 100644
> --- a/hw/arm/aspeed_ast2600.c
> +++ b/hw/arm/aspeed_ast2600.c
> @@ -43,6 +43,7 @@ static const hwaddr aspeed_soc_ast2600_memmap[] = {
>  [ASPEED_DEV_HACE]  = 0x1E6D,
>  [ASPEED_DEV_SDMC]  = 0x1E6E,
>  [ASPEED_DEV_SCU]   = 0x1E6E2000,
> +[ASPEED_DEV_GFX]   = 0x1E6E6000,
>  [ASPEED_DEV_XDMA]  = 0x1E6E7000,
>  [ASPEED_DEV_ADC]   = 0x1E6E9000,
>  [ASPEED_DEV_DP]= 0x1E6EB000,
> @@ -255,6 +256,8 @@ static void aspeed_soc_ast2600_init(Object *obj)
> 
>  object_initialize_child(obj, "sbc", >sbc, TYPE_ASPEED_SBC);
> 
> +object_initialize_child(obj, "gfx", >gfx, TYPE_ASPEED_GFX);
> +
>  object_initialize_child(obj, "iomem", >iomem, 
> TYPE_UNIMPLEMENTED_DEVICE);
>  object_initialize_child(obj, "video", >video, 
> TYPE_UNIMPLEMENTED_DEVICE);
>  object_initialize_child(obj, "dpmcu", >dpmcu, 
> TYPE_UNIMPLEMENTED_DEVICE);
> @@ -607,6 +610,14 @@ static void aspeed_soc_ast2600_realize(DeviceState 
> *dev, Error **errp)
>  return;
>  }
>  aspeed_mmio_map(s, SYS_BUS_DEVICE(>sbc), 0, 
> sc->memmap[ASPEED_DEV_SBC]);
> +
> +/* GFX */
> +if (!sysbus_realize(SYS_BUS_DEVICE(>gfx), errp)) {
> +return;
> +}
> +aspeed_mmio_map(s, SYS_BUS_DEVICE(>gfx), 0, 
> sc->memmap[ASPEED_DEV_GFX]);
> +sysbus_connect_irq(SYS_BUS_DEVICE(>gfx), 0,
> +   aspeed_soc_get_irq(s, ASPEED_DEV_GFX));

I think we're missing an entry for ASPEED_DEV_GFX in the irqmap array?

>  }
> 
>  static void aspeed_soc_ast2600_class_init(ObjectClass *oc, void *data)
> diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
> index b05b9dd41602..053149f9ccdf 100644
> --- a/hw/arm/aspeed_soc.c
> +++ b/hw/arm/aspeed_soc.c
> @@ -33,6 +33,7 @@ static const hwaddr aspeed_soc_ast2400_memmap[] = {
>  [ASPEED_DEV_SDMC]   = 0x1E6E,
>  [ASPEED_DEV_SCU]= 0x1E6E2000,
>  [ASPEED_DEV_HACE]   = 0x1E6E3000,
> +[ASPEED_DEV_GFX]= 0x1E6E6000,
>  [ASPEED_DEV_XDMA]   = 0x1E6E7000,
>  [ASPEED_DEV_VIDEO]  = 0x1E70,
>  [ASPEED_DEV_ADC]= 0x1E6E9000,
> @@ -69,6 +70,7 @@ static const hwaddr aspeed_soc_ast2500_memmap[] = {
>  [ASPEED_DEV_SDMC]   = 0x1E6E,
>  [ASPEED_DEV_SCU]= 0x1E6E2000,
>  [ASPEED_DEV_HACE]   = 0x1E6E3000,
> +[ASPEED_DEV_GFX]= 0x1E6E6000,
>  [ASPEED_DEV_XDMA]   = 

Re: [PATCH v2 11/11] tests/qtest/migration-test: Only use available accelerators

[Richard Henderson]

On 1/19/23 04:58, Philippe Mathieu-Daudé wrote:

For example, avoid when TCG is disabled:

   $ make check-qtest-aarch64
   ...
   20/20 qemu:qtest+qtest-aarch64 / qtest-aarch64/migration-test
   qemu-system-aarch64: -accel tcg: invalid accelerator tcg

Reviewed-by: Dr. David Alan Gilbert
Signed-off-by: Philippe Mathieu-Daudé
---
  tests/qtest/migration-test.c | 17 +
  1 file changed, 13 insertions(+), 4 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH v2 10/11] tests/qtest/migration-test: Build command line using GString API (4/4)

[Richard Henderson]

On 1/19/23 04:58, Philippe Mathieu-Daudé wrote:

Part 4/4: Convert rest of options.

Signed-off-by: Philippe Mathieu-Daudé
---
  tests/qtest/migration-test.c | 50 +++-
  1 file changed, 26 insertions(+), 24 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH v2 09/11] tests/qtest/migration-test: Build command line using GString API (3/4)

[Richard Henderson]

On 1/19/23 04:58, Philippe Mathieu-Daudé wrote:

Part 3/4: Convert accelerator options.

Signed-off-by: Philippe Mathieu-Daudé 
---
  tests/qtest/migration-test.c | 11 +--
  1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c
index 8377b3976a..015b774a9e 100644
--- a/tests/qtest/migration-test.c
+++ b/tests/qtest/migration-test.c
@@ -603,6 +603,9 @@ static int test_migrate_start(QTestState **from, QTestState 
**to,
  got_stop = false;
  
  cmd_common = g_string_new("");

+g_string_append_printf(cmd_common, "-accel kvm%s ",
+   args->use_dirty_ring ? ",dirty-ring-size=4096" : 
"");
+g_string_append(cmd_common, "-accel tcg ");


Maybe clearer as

  if (args->use_dirty_ring) {
  g_string_append(s, "-accel kvm,dirty-ring-size=4096 ");
  } else {
  g_string_append(s, "-accel kvm ");
  }

but what you have works, so,

Reviewed-by: Richard Henderson 


r~

Re: [PATCH v2 08/11] tests/qtest/migration-test: Build command line using GString API (2/4)

[Richard Henderson]

On 1/19/23 04:58, Philippe Mathieu-Daudé wrote:

Part 2/4: Convert shmem option.

Signed-off-by: Philippe Mathieu-Daudé
---
  tests/qtest/migration-test.c | 16 +---
  1 file changed, 5 insertions(+), 11 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 1/2] Revert "vhost-user: Monitor slave channel in vhost_user_read()"

[Stefan Hajnoczi]

Acked-by: Stefan Hajnoczi 

Re: [PATCH v2 07/11] tests/qtest/migration-test: Build command line using GString API (1/4)

[Richard Henderson]

On 1/19/23 04:58, Philippe Mathieu-Daudé wrote:

Part 1/4: Convert memory & machine options.

Signed-off-by: Philippe Mathieu-Daudé 
---
  tests/qtest/migration-test.c | 22 --
  1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c
index 6c3db95113..7aa323a7a7 100644
--- a/tests/qtest/migration-test.c
+++ b/tests/qtest/migration-test.c
@@ -582,6 +582,7 @@ typedef struct {
  static int test_migrate_start(QTestState **from, QTestState **to,
const char *uri, MigrateStart *args)
  {
+g_autoptr(GString) cmd_common = NULL;
  g_autofree gchar *arch_source = NULL;
  g_autofree gchar *arch_target = NULL;
  g_autofree gchar *cmd_target = NULL;
@@ -601,6 +602,9 @@ static int test_migrate_start(QTestState **from, QTestState 
**to,
  }
  
  got_stop = false;

+
+cmd_common = g_string_new("");
+
  bootpath = g_strdup_printf("%s/bootsect", tmpfs);
  if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
  /* the assembled x86 boot sector should be exactly one sector large */
@@ -644,6 +648,10 @@ static int test_migrate_start(QTestState **from, 
QTestState **to,
  } else {
  g_assert_not_reached();
  }
+if (machine_opts) {
+g_string_append_printf(cmd_common, " -machine %s ", machine_opts);
+}
+g_string_append_printf(cmd_common, "-m %s ", memory_size);
  
  if (!getenv("QTEST_LOG") && args->hide_stderr) {

  #ifdef _WIN32
@@ -674,33 +682,27 @@ static int test_migrate_start(QTestState **from, 
QTestState **to,
  if (!args->only_target) {
  g_autofree gchar *cmd_source = NULL;
  
-cmd_source = g_strdup_printf("-accel kvm%s -accel tcg%s%s "

+cmd_source = g_strdup_printf("-accel kvm%s -accel tcg%s "
   "-name source,debug-threads=on "
- "-m %s "
   "-serial file:%s/src_serial "
   "%s %s %s %s",
   args->use_dirty_ring ?
   ",dirty-ring-size=4096" : "",
- machine_opts ? " -machine " : "",
- machine_opts ? machine_opts : "",


You removed two strings here, but only one %s above.


r~


- memory_size, tmpfs,
+ cmd_common->str, tmpfs,
   arch_source, shmem_opts,
   args->opts_source ? args->opts_source : 
"",
   ignore_stderr);
  *from = qtest_init(cmd_source);
  }
  
-cmd_target = g_strdup_printf("-accel kvm%s -accel tcg%s%s "

+cmd_target = g_strdup_printf("-accel kvm%s -accel tcg%s "
   "-name target,debug-threads=on "
- "-m %s "
   "-serial file:%s/dest_serial "
   "-incoming %s "
   "%s %s %s %s",
   args->use_dirty_ring ?
   ",dirty-ring-size=4096" : "",
- machine_opts ? " -machine " : "",
- machine_opts ? machine_opts : "",
- memory_size, tmpfs, uri,
+ cmd_common->str, tmpfs, uri,
   arch_target, shmem_opts,
   args->opts_target ? args->opts_target : "",
   ignore_stderr);

Re: [PATCH v2 06/11] tests/qtest/migration-test: Reduce 'cmd_source' string scope

[Richard Henderson]

On 1/19/23 04:58, Philippe Mathieu-Daudé wrote:

Signed-off-by: Philippe Mathieu-Daudé
---
  tests/qtest/migration-test.c | 29 +++--
  1 file changed, 15 insertions(+), 14 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH v2 05/11] tests/qtest/migration-test: Inverse #ifdef'ry ladders

[Richard Henderson]

On 1/19/23 04:58, Philippe Mathieu-Daudé wrote:

This slighly simplify the logic, and eases the following conversion.

Signed-off-by: Philippe Mathieu-Daudé
---
  tests/qtest/migration-test.c | 6 +++---
  1 file changed, 3 insertions(+), 3 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH v2 04/11] tests/qtest/boot-serial-test: Only use available accelerators

[Richard Henderson]

On 1/19/23 04:58, Philippe Mathieu-Daudé wrote:

For example, avoid when TCG is disabled:

   $ make check-qtest-aarch64
   ...
   18/20 qemu:qtest+qtest-aarch64 / qtest-aarch64/boot-serial-test
   qemu-system-aarch64: -accel tcg: invalid accelerator tcg

Signed-off-by: Philippe Mathieu-Daudé
---
  tests/qtest/boot-serial-test.c | 14 --
  1 file changed, 12 insertions(+), 2 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH v2 03/11] tests/qtest/boot-serial-test: Build command line using GString API

[Richard Henderson]

On 1/19/23 04:58, Philippe Mathieu-Daudé wrote:

Signed-off-by: Philippe Mathieu-Daudé 
---
  tests/qtest/boot-serial-test.c | 23 +++
  1 file changed, 15 insertions(+), 8 deletions(-)



Reviewed-by: Richard Henderson 

r~

Re: [PATCH v2 02/11] tests/qtest/boot-serial-test: Simplify test_machine() a bit

[Richard Henderson]

On 1/19/23 04:58, Philippe Mathieu-Daudé wrote:

Slighly modify test_machine() to simplify next commit review.

Signed-off-by: Philippe Mathieu-Daudé
---
  tests/qtest/boot-serial-test.c | 21 +++--
  1 file changed, 7 insertions(+), 14 deletions(-)


Reviewed-by: Richard Henderson 

r~