Re: [PATCH] ppc/pnv/pci: Clean up error messages

[Philippe Mathieu-Daudé]

On 20/6/23 01:36, Joel Stanley wrote:

The phb error macros add a newline for you, so remove the second one to
avoid double whitespace.

Signed-off-by: Joel Stanley 
---
  hw/pci-host/pnv_phb4.c | 14 +++---
  1 file changed, 7 insertions(+), 7 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH] target/arm: Restructure has_vfp_d32 test

[Philippe Mathieu-Daudé]

On 19/6/23 16:02, Richard Henderson wrote:

One cannot test for feature aa32_simd_r32 without first
testing if AArch32 mode is supported at all.  This leads to

qemu-system-aarch64: ARM CPUs must have both VFP-D32 and Neon or neither

for Apple M1 cpus.

We already have a check for ARMv8-A never setting vfp-d32 true,
so restructure the code so that AArch64 avoids the test entirely.

Reported-by: Mads Ynddal 
Signed-off-by: Richard Henderson 
---
  target/arm/cpu.c | 28 +++-
  1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 353fc48567..706dbd37b1 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1402,25 +1402,27 @@ void arm_cpu_post_init(Object *obj)
   * KVM does not currently allow us to lie to the guest about its
   * ID/feature registers, so the guest always sees what the host has.
   */
-if (arm_feature(>env, ARM_FEATURE_AARCH64)
-? cpu_isar_feature(aa64_fp_simd, cpu)
-: cpu_isar_feature(aa32_vfp, cpu)) {
-cpu->has_vfp = true;
-if (!kvm_enabled()) {
-qdev_property_add_static(DEVICE(obj), _cpu_has_vfp_property);
+if (arm_feature(>env, ARM_FEATURE_AARCH64)) {
+if (cpu_isar_feature(aa64_fp_simd, cpu)) {
+cpu->has_vfp = true;
+cpu->has_vfp_d32 = true;
+if (tcg_enabled() || qtest_enabled()) {
+qdev_property_add_static(DEVICE(obj),
+ _cpu_has_vfp_property);
+}
  }
-}
-
-if (cpu->has_vfp && cpu_isar_feature(aa32_simd_r32, cpu)) {
-cpu->has_vfp_d32 = true;
-if (!kvm_enabled()) {
+} else if (cpu_isar_feature(aa32_vfp, cpu)) {
+cpu->has_vfp = true;
+if (cpu_isar_feature(aa32_simd_r32, cpu)) {
+cpu->has_vfp_d32 = true;
  /*
   * The permitted values of the SIMDReg bits [3:0] on
   * Armv8-A are either 0b and 0b0010. On such CPUs,
   * make sure that has_vfp_d32 can not be set to false.
   */
-if (!(arm_feature(>env, ARM_FEATURE_V8) &&
-  !arm_feature(>env, ARM_FEATURE_M))) {
+if ((tcg_enabled() || qtest_enabled())
+&& !(arm_feature(>env, ARM_FEATURE_V8)
+ && !arm_feature(>env, ARM_FEATURE_M))) {
  qdev_property_add_static(DEVICE(obj),
   _cpu_has_vfp_d32_property);
  }


Shouldn't we also change:

-- >8 --
@@ -1431,7 +1431,7 @@ void arm_cpu_post_init(Object *obj)

 if (arm_feature(>env, ARM_FEATURE_NEON)) {
 cpu->has_neon = true;
-if (!kvm_enabled()) {
+if (tcg_enabled() || qtest_enabled()) {
 qdev_property_add_static(DEVICE(obj), 
_cpu_has_neon_property);

 }
 }
---

?

Re: [PATCH v2 33/38] crypto: Implement aesdec_IMC with AES_imc_rot

[Philippe Mathieu-Daudé]

On 9/6/23 04:23, Richard Henderson wrote:

This method uses one uint32_t * 256 table instead of 4,
which means its data cache overhead is less.

Signed-off-by: Richard Henderson 
---
  crypto/aes.c | 42 +-
  1 file changed, 21 insertions(+), 21 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v3 12/14] target/ppc: Clean up ifdefs in excp_helper.c, part 1

[Nicholas Piggin]

On Fri Jun 16, 2023 at 9:03 AM AEST, BALATON Zoltan wrote:
> Use #ifdef, #ifndef for brevity and add comments to #endif that are
> more than a few lines apart for clarity.

These will collide with the SOFTMMU ifdef changes that Philippe is
working on I think? They seem okay but maybe wait until after those
are merged?

Thanks,
Nick

Re: [PATCH v3 10/14] target/ppc: Simplify syscall exception handlers

[Nicholas Piggin]

On Fri Jun 16, 2023 at 9:03 AM AEST, BALATON Zoltan wrote:
> After previous changes the hypercall handling in 7xx and 74xx
> exception handlers can be folded into one if statement to simpilfy
> this code.

Simplify and add unlikely?

I like to avoid slipping in improvements with cleanups. Arguably
the changelog is actually more important to describe the stuff
that isn't just rejig of code. Pretty minor in this case, but
good practice otherwise it can get out of hand.

Thanks,
Nick

>
> Signed-off-by: BALATON Zoltan 
> ---
>  target/ppc/excp_helper.c | 24 
>  1 file changed, 8 insertions(+), 16 deletions(-)
>
> diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
> index ef363b0285..a62103b8ac 100644
> --- a/target/ppc/excp_helper.c
> +++ b/target/ppc/excp_helper.c
> @@ -741,25 +741,21 @@ static void powerpc_excp_7xx(PowerPCCPU *cpu, int excp)
>  case POWERPC_EXCP_SYSCALL:   /* System call exception
> */
>  {
>  int lev = env->error_code;
> -
> -if (lev == 1 && cpu->vhyp) {
> -dump_hcall(env);
> -} else {
> -dump_syscall(env);
> -}
>  /*
>   * The Virtual Open Firmware (VOF) relies on the 'sc 1'
>   * instruction to communicate with QEMU. The pegasos2 machine
>   * uses VOF and the 7xx CPUs, so although the 7xx don't have
>   * HV mode, we need to keep hypercall support.
>   */
> -if (lev == 1 && cpu->vhyp) {
> +if (unlikely(lev == 1 && cpu->vhyp)) {
>  PPCVirtualHypervisorClass *vhc =
>  PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
> +dump_hcall(env);
>  vhc->hypercall(cpu->vhyp, cpu);
>  return;
> +} else {
> +dump_syscall(env);
>  }
> -
>  break;
>  }
>  case POWERPC_EXCP_FPU:   /* Floating-point unavailable exception 
> */
> @@ -885,25 +881,21 @@ static void powerpc_excp_74xx(PowerPCCPU *cpu, int excp)
>  case POWERPC_EXCP_SYSCALL:   /* System call exception
> */
>  {
>  int lev = env->error_code;
> -
> -if (lev == 1 && cpu->vhyp) {
> -dump_hcall(env);
> -} else {
> -dump_syscall(env);
> -}
>  /*
>   * The Virtual Open Firmware (VOF) relies on the 'sc 1'
>   * instruction to communicate with QEMU. The pegasos2 machine
>   * uses VOF and the 74xx CPUs, so although the 74xx don't have
>   * HV mode, we need to keep hypercall support.
>   */
> -if (lev == 1 && cpu->vhyp) {
> +if (unlikely(lev == 1 && cpu->vhyp)) {
>  PPCVirtualHypervisorClass *vhc =
>  PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
> +dump_hcall(env);
>  vhc->hypercall(cpu->vhyp, cpu);
>  return;
> +} else {
> +dump_syscall(env);
>  }
> -
>  break;
>  }
>  case POWERPC_EXCP_FPU:   /* Floating-point unavailable exception 
> */
> -- 
> 2.30.9

Re: [PATCH v3 05/14] target/ppc: Remove some more local CPUState variables only used once

[Nicholas Piggin]

On Fri Jun 16, 2023 at 9:03 AM AEST, BALATON Zoltan wrote:
> Some helpers only have a CPUState local to call cpu_interrupt_exittb()
> but we can use env_cpu for that and remove the local.
>
> Signed-off-by: BALATON Zoltan 

I have less issue with this one.

Acked-by: Nicholas Piggin 

> ---
>  target/ppc/excp_helper.c | 7 ++-
>  1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
> index 122e2a6e41..a175865fa9 100644
> --- a/target/ppc/excp_helper.c
> +++ b/target/ppc/excp_helper.c
> @@ -2551,8 +2551,7 @@ void helper_store_msr(CPUPPCState *env, target_ulong 
> val)
>  uint32_t excp = hreg_store_msr(env, val, 0);
>  
>  if (excp != 0) {
> -CPUState *cs = env_cpu(env);
> -cpu_interrupt_exittb(cs);
> +cpu_interrupt_exittb(env_cpu(env));
>  raise_exception(env, excp);
>  }
>  }
> @@ -2589,8 +2588,6 @@ void helper_pminsn(CPUPPCState *env, uint32_t insn)
>  
>  static void do_rfi(CPUPPCState *env, target_ulong nip, target_ulong msr)
>  {
> -CPUState *cs = env_cpu(env);
> -
>  /* MSR:POW cannot be set by any form of rfi */
>  msr &= ~(1ULL << MSR_POW);
>  
> @@ -2614,7 +2611,7 @@ static void do_rfi(CPUPPCState *env, target_ulong nip, 
> target_ulong msr)
>   * No need to raise an exception here, as rfi is always the last
>   * insn of a TB
>   */
> -cpu_interrupt_exittb(cs);
> +cpu_interrupt_exittb(env_cpu(env));
>  /* Reset the reservation */
>  env->reserve_addr = -1;
>  
> -- 
> 2.30.9

Re: [PATCH v3 04/14] target/ppc: Use env_cpu for cpu_abort in excp_helper

[Nicholas Piggin]

On Fri Jun 16, 2023 at 9:03 AM AEST, BALATON Zoltan wrote:
> Use the env_cpu function to get the CPUState for cpu_abort. These are
> only needed in case of fatal errors so this allows to avoid casting
> and storing CPUState in a local variable wnen not needed.
>

Eh, this is still replacing less typing with more. It's normal to
define these things up front of a function especially when used
multiple times. 'cs' should be as instantly recognizable as env
when looking at code so my preference is to keep it as is.

Thanks,
Nick

> Signed-off-by: BALATON Zoltan 
> ---
>  target/ppc/excp_helper.c | 118 +--
>  1 file changed, 63 insertions(+), 55 deletions(-)
>
> diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
> index 79f5ca1034..122e2a6e41 100644
> --- a/target/ppc/excp_helper.c
> +++ b/target/ppc/excp_helper.c
> @@ -424,7 +424,6 @@ static void powerpc_mcheck_checkstop(CPUPPCState *env)
>  
>  static void powerpc_excp_40x(PowerPCCPU *cpu, int excp)
>  {
> -CPUState *cs = CPU(cpu);
>  CPUPPCState *env = >env;
>  target_ulong msr, new_msr, vector;
>  int srr0, srr1;
> @@ -452,8 +451,8 @@ static void powerpc_excp_40x(PowerPCCPU *cpu, int excp)
>  
>  vector = env->excp_vectors[excp];
>  if (vector == (target_ulong)-1ULL) {
> -cpu_abort(cs, "Raised an exception without defined vector %d\n",
> -  excp);
> +cpu_abort(env_cpu(env),
> +  "Raised an exception without defined vector %d\n", excp);
>  }
>  
>  vector |= env->excp_prefix;
> @@ -502,7 +501,7 @@ static void powerpc_excp_40x(PowerPCCPU *cpu, int excp)
>  env->spr[SPR_40x_ESR] = ESR_PTR;
>  break;
>  default:
> -cpu_abort(cs, "Invalid program exception %d. Aborting\n",
> +cpu_abort(env_cpu(env), "Invalid program exception %d. 
> Aborting\n",
>env->error_code);
>  break;
>  }
> @@ -529,11 +528,12 @@ static void powerpc_excp_40x(PowerPCCPU *cpu, int excp)
>  trace_ppc_excp_print("PIT");
>  break;
>  case POWERPC_EXCP_DEBUG: /* Debug interrupt  
> */
> -cpu_abort(cs, "%s exception not implemented\n",
> +cpu_abort(env_cpu(env), "%s exception not implemented\n",
>powerpc_excp_name(excp));
>  break;
>  default:
> -cpu_abort(cs, "Invalid PowerPC exception %d. Aborting\n", excp);
> +cpu_abort(env_cpu(env), "Invalid PowerPC exception %d. Aborting\n",
> +  excp);
>  break;
>  }
>  
> @@ -548,7 +548,6 @@ static void powerpc_excp_40x(PowerPCCPU *cpu, int excp)
>  
>  static void powerpc_excp_6xx(PowerPCCPU *cpu, int excp)
>  {
> -CPUState *cs = CPU(cpu);
>  CPUPPCState *env = >env;
>  target_ulong msr, new_msr, vector;
>  
> @@ -571,8 +570,8 @@ static void powerpc_excp_6xx(PowerPCCPU *cpu, int excp)
>  
>  vector = env->excp_vectors[excp];
>  if (vector == (target_ulong)-1ULL) {
> -cpu_abort(cs, "Raised an exception without defined vector %d\n",
> -  excp);
> +cpu_abort(env_cpu(env),
> +  "Raised an exception without defined vector %d\n", excp);
>  }
>  
>  vector |= env->excp_prefix;
> @@ -632,7 +631,7 @@ static void powerpc_excp_6xx(PowerPCCPU *cpu, int excp)
>  break;
>  default:
>  /* Should never occur */
> -cpu_abort(cs, "Invalid program exception %d. Aborting\n",
> +cpu_abort(env_cpu(env), "Invalid program exception %d. 
> Aborting\n",
>env->error_code);
>  break;
>  }
> @@ -654,8 +653,9 @@ static void powerpc_excp_6xx(PowerPCCPU *cpu, int excp)
>  break;
>  case POWERPC_EXCP_RESET: /* System reset exception   
> */
>  if (FIELD_EX64(env->msr, MSR, POW)) {
> -cpu_abort(cs, "Trying to deliver power-saving system reset "
> -  "exception %d with no HV support\n", excp);
> +cpu_abort(env_cpu(env),
> +  "Trying to deliver power-saving system reset exception 
> "
> +  "%d with no HV support\n", excp);
>  }
>  break;
>  case POWERPC_EXCP_TRACE: /* Trace exception  
> */
> @@ -682,11 +682,12 @@ static void powerpc_excp_6xx(PowerPCCPU *cpu, int excp)
>  case POWERPC_EXCP_SMI:   /* System management interrupt  
> */
>  case POWERPC_EXCP_MEXTBR:/* Maskable external breakpoint 
> */
>  case POWERPC_EXCP_NMEXTBR:   /* Non maskable external breakpoint 
> */
> -cpu_abort(cs, "%s exception not implemented\n",
> +cpu_abort(env_cpu(env), "%s exception not implemented\n",
>powerpc_excp_name(excp));
>  break;
>  default:
> -cpu_abort(cs, "Invalid PowerPC exception %d. 

Re: [PATCH 4/5] docs/devel: split qom-api reference into new file

[Philippe Mathieu-Daudé]

On 19/6/23 19:14, Alex Bennée wrote:

Lets try and keep the overview of the sub-system digestible by
splitting the core API stuff into a separate file. As QOM and QDEV
work together we should also try and enumerate the qdev_ functions.
Currently this is a little broken as kerneldoc doesn't understand our
macros.

Signed-off-by: Alex Bennée 
---
  docs/devel/index-api.rst |  2 ++
  docs/devel/qdev-api.rst  | 12 
  docs/devel/qom-api.rst   |  9 +
  docs/devel/qom.rst   |  3 ++-
  4 files changed, 25 insertions(+), 1 deletion(-)
  create mode 100644 docs/devel/qdev-api.rst
  create mode 100644 docs/devel/qom-api.rst


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH 2/5] include/migration: mark vmstate_register() as a legacy function

[Philippe Mathieu-Daudé]

On 19/6/23 19:14, Alex Bennée wrote:

Mention that QOM-ified devices already have support for registering
the description.

Signed-off-by: Alex Bennée 
---
  include/migration/vmstate.h | 9 -
  1 file changed, 8 insertions(+), 1 deletion(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v3 09/14] target/ppc: Move patching nip from exception handler to helper_scv

[Nicholas Piggin]

On Fri Jun 16, 2023 at 9:03 AM AEST, BALATON Zoltan wrote:
> From: Nicholas Piggin 
>
> Unlike sc, for scv a facility unavailable interrupt must be generated
> if FSCR[SCV]=0 so we can't raise the exception with nip set to next
> instruction but we can move advancing nip if the FSCR check passes to
> helper_scv so the exception handler does not need to change it.
>
> [balaton: added commit message]
> Signed-off-by: BALATON Zoltan 

Ah you sent it, fine, thank you. But actually now I look again,
now we're off by one in the other direction for the dumps.

So... probably your way is still better because it matches the
interrupt semantics of the ISA when executing the instruction,
but it needs this patch:

For my patch you can add

Signed-off-by: Nicholas Piggin nip);
+  ppc_dump_gpr(env, 8), env->nip - 4);
 }

 static void dump_hcall(CPUPPCState *env)
@@ -132,7 +132,7 @@ static void dump_hcall(CPUPPCState *env)
   ppc_dump_gpr(env, 7), ppc_dump_gpr(env, 8),
   ppc_dump_gpr(env, 9), ppc_dump_gpr(env, 10),
   ppc_dump_gpr(env, 11), ppc_dump_gpr(env, 12),
-  env->nip);
+  env->nip - 4);
 }

 #ifdef CONFIG_TCG



> ---
> This needs SoB from Nick
>
>  target/ppc/excp_helper.c | 2 +-
>  target/ppc/translate.c   | 6 +-
>  2 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
> index 903216c2a6..ef363b0285 100644
> --- a/target/ppc/excp_helper.c
> +++ b/target/ppc/excp_helper.c
> @@ -1304,7 +1304,6 @@ static void powerpc_excp_books(PowerPCCPU *cpu, int 
> excp)
>  case POWERPC_EXCP_SYSCALL_VECTORED: /* scv exception 
> */
>  lev = env->error_code;
>  dump_syscall(env);
> -env->nip += 4;
>  new_msr |= env->msr & ((target_ulong)1 << MSR_EE);
>  new_msr |= env->msr & ((target_ulong)1 << MSR_RI);
>  
> @@ -2410,6 +2409,7 @@ void helper_ppc_maybe_interrupt(CPUPPCState *env)
>  void helper_scv(CPUPPCState *env, uint32_t lev)
>  {
>  if (env->spr[SPR_FSCR] & (1ull << FSCR_SCV)) {
> +env->nip += 4;
>  raise_exception_err(env, POWERPC_EXCP_SYSCALL_VECTORED, lev);
>  } else {
>  raise_exception_err(env, POWERPC_EXCP_FU, FSCR_IC_SCV);
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index 4260d3d66f..0360a17fb3 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -4433,7 +4433,11 @@ static void gen_scv(DisasContext *ctx)
>  {
>  uint32_t lev = (ctx->opcode >> 5) & 0x7F;
>  
> -/* Set the PC back to the faulting instruction. */
> +/*
> + * Set the PC back to the scv instruction (unlike sc), because a facility
> + * unavailable interrupt must be generated if FSCR[SCV]=0. The helper
> + * advances nip if the FSCR check passes.
> + */
>  gen_update_nip(ctx, ctx->cia);
>  gen_helper_scv(cpu_env, tcg_constant_i32(lev));
>  
> -- 
> 2.30.9

Re: [PATCH v3 08/14] target/ppc: Fix gen_sc to use correct nip

[Nicholas Piggin]

On Fri Jun 16, 2023 at 9:03 AM AEST, BALATON Zoltan wrote:
> Most exceptions are raised with nip pointing to the faulting
> instruction but the sc instruction generating a syscall exception
> leaves nip pointing to next instruction. Fix gen_sc to not use
> gen_exception_err() which sets nip back but correctly set nip to
> pc_next so we don't have to patch this in the exception handlers.
>
> This changes the nip logged in dump_syscall and dump_hcall debug
> functions but now this matches how nip would be on a real CPU.

I think this is okay. I'll just send a possible scv change after
this goes in.

Reviewed-by: Nicholas Piggin 

>
> Signed-off-by: BALATON Zoltan 
> ---
>  target/ppc/excp_helper.c | 39 ---
>  target/ppc/translate.c   |  8 +---
>  2 files changed, 5 insertions(+), 42 deletions(-)
>
> diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
> index f19a0f2d1d..903216c2a6 100644
> --- a/target/ppc/excp_helper.c
> +++ b/target/ppc/excp_helper.c
> @@ -495,12 +495,6 @@ static void powerpc_excp_40x(PowerPCCPU *cpu, int excp)
>  break;
>  case POWERPC_EXCP_SYSCALL:   /* System call exception
> */
>  dump_syscall(env);
> -
> -/*
> - * We need to correct the NIP which in this case is supposed
> - * to point to the next instruction
> - */
> -env->nip += 4;
>  break;
>  case POWERPC_EXCP_FIT:   /* Fixed-interval timer interrupt   
> */
>  trace_ppc_excp_print("FIT");
> @@ -611,12 +605,6 @@ static void powerpc_excp_6xx(PowerPCCPU *cpu, int excp)
>  break;
>  case POWERPC_EXCP_SYSCALL:   /* System call exception
> */
>  dump_syscall(env);
> -
> -/*
> - * We need to correct the NIP which in this case is supposed
> - * to point to the next instruction
> - */
> -env->nip += 4;
>  break;
>  case POWERPC_EXCP_FPU:   /* Floating-point unavailable exception 
> */
>  case POWERPC_EXCP_DECR:  /* Decrementer exception
> */
> @@ -759,13 +747,6 @@ static void powerpc_excp_7xx(PowerPCCPU *cpu, int excp)
>  } else {
>  dump_syscall(env);
>  }
> -
> -/*
> - * We need to correct the NIP which in this case is supposed
> - * to point to the next instruction
> - */
> -env->nip += 4;
> -
>  /*
>   * The Virtual Open Firmware (VOF) relies on the 'sc 1'
>   * instruction to communicate with QEMU. The pegasos2 machine
> @@ -910,13 +891,6 @@ static void powerpc_excp_74xx(PowerPCCPU *cpu, int excp)
>  } else {
>  dump_syscall(env);
>  }
> -
> -/*
> - * We need to correct the NIP which in this case is supposed
> - * to point to the next instruction
> - */
> -env->nip += 4;
> -
>  /*
>   * The Virtual Open Firmware (VOF) relies on the 'sc 1'
>   * instruction to communicate with QEMU. The pegasos2 machine
> @@ -1075,12 +1049,6 @@ static void powerpc_excp_booke(PowerPCCPU *cpu, int 
> excp)
>  break;
>  case POWERPC_EXCP_SYSCALL:   /* System call exception
> */
>  dump_syscall(env);
> -
> -/*
> - * We need to correct the NIP which in this case is supposed
> - * to point to the next instruction
> - */
> -env->nip += 4;
>  break;
>  case POWERPC_EXCP_FPU:   /* Floating-point unavailable exception 
> */
>  case POWERPC_EXCP_APU:   /* Auxiliary processor unavailable  
> */
> @@ -1322,13 +1290,6 @@ static void powerpc_excp_books(PowerPCCPU *cpu, int 
> excp)
>  } else {
>  dump_syscall(env);
>  }
> -
> -/*
> - * We need to correct the NIP which in this case is supposed
> - * to point to the next instruction
> - */
> -env->nip += 4;
> -
>  /* "PAPR mode" built-in hypercall emulation */
>  if (lev == 1 && books_vhyp_handles_hcall(cpu)) {
>  PPCVirtualHypervisorClass *vhc =
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index a32a9b8a5f..4260d3d66f 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -4419,10 +4419,12 @@ static void gen_hrfid(DisasContext *ctx)
>  #endif
>  static void gen_sc(DisasContext *ctx)
>  {
> -uint32_t lev;
> +uint32_t lev = (ctx->opcode >> 5) & 0x7F;
>  
> -lev = (ctx->opcode >> 5) & 0x7F;
> -gen_exception_err(ctx, POWERPC_SYSCALL, lev);
> +gen_update_nip(ctx, ctx->base.pc_next);
> +gen_helper_raise_exception_err(cpu_env, 
> tcg_constant_i32(POWERPC_SYSCALL),
> +   tcg_constant_i32(lev));
> +ctx->base.is_jmp = DISAS_NORETURN;
>  }
>  
>  #if defined(TARGET_PPC64)
> -- 
> 2.30.9

Re: [PATCH 4/4] ppc/spapr: Move spapr nested HV to a new file

[Nicholas Piggin]

On Sun Jun 18, 2023 at 7:53 PM AEST, Daniel Henrique Barboza wrote:
> Nick,
>
> Do you plan to send a new version of this patch with a spapr_nested.h
> header included? Otherwise I'll pick this one as is.

Hey Daniel,

I'll send another series shortly with the header split out.

Thanks,
Nick

[PATCH qemu 1/2] semihosting: Added to support GDB_O_APPEND flag of host_open()

[~foxes]

From: Foxes Hung 

Signed-off-by: Foxes Hung 
---
 semihosting/syscalls.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/semihosting/syscalls.c b/semihosting/syscalls.c
index 68899ebb1c..1a5d39da01 100644
--- a/semihosting/syscalls.c
+++ b/semihosting/syscalls.c
@@ -281,6 +281,9 @@ static void host_open(CPUState *cs, gdb_syscall_complete_cb 
complete,
 if (gdb_flags & GDB_O_TRUNC) {
 host_flags |= O_TRUNC;
 }
+if (gdb_flags & GDB_O_APPEND) {
+host_flags |= O_APPEND;
+}
 if (gdb_flags & GDB_O_EXCL) {
 host_flags |= O_EXCL;
 }
-- 
2.38.5

Re: [PATCH 2/4] target/ppc: Ensure stcx size matches larx

[Nicholas Piggin]

On Tue Jun 20, 2023 at 3:14 AM AEST, Peter Maydell wrote:
> On Mon, 19 Jun 2023 at 18:03, Richard Henderson
>  wrote:
> >
> > On 6/19/23 17:55, Peter Maydell wrote:
> > > On Mon, 19 Jun 2023 at 16:49, Richard Henderson
> > >  wrote:
> > >>
> > >> On 6/5/23 08:27, Nicholas Piggin wrote:
> > >>> On Sun Jun 4, 2023 at 8:28 PM AEST, Nicholas Piggin wrote:
> >  Differently-sized larx/stcx. pairs can succeed if the starting address
> >  matches. Add a size check to require stcx. exactly match the larx that
> >  established the reservation.
> > >>>
> > >>> Hmm, question: reserve_addr is a VMSTATE field, but reserve_val is not
> > >>> (nor reserve_size after this patch).
> > >>>
> > >>> Blue Swirl added that with commit a456d59c20f ("VM load/save support for
> > >>> PPC CPU"), and when reserve_val was added in commit 18b21a2f83a
> > >>> ("target-ppc: retain l{w,d}arx loaded value") it did not get migrated.
> > >>>
> > >>> Could we end up with reserve_addr != -1, but with a bogus reserve_val,
> > >>> which could then permit a stcx. incorrectly? Not entirely outlandish if
> > >>> reserve_val starts out initialised to zero.
> > >>>
> > >>> Could we just clear the reserve in cpu_post_load? It is permitted to be
> > >>> lost for an implementation-specific reason. Doesn't seem necessary to
> > >>> try keep it alive over a migration.
> > >>
> > >> It's not a bad idea to flush the reservation over migrate.
> > >
> > > Is there any particular reason to do so? The default simple
> > > thing is "if this is state that persists across instructions
> > > then migrate it"; we usually reserve "do something special in
> > > post-load" for oddball cases where "just copy the data" doesn't
> > > work.
> > >
> > > target/arm migrates both the exclusive addr and value.
> >
> > ppc is adding "size", which arm technically should have as well.
>
> Arm allows an implementation to require the transaction size
> to match on loadexcl and storexcl, but doesn't mandate it, fwiw.
> (Also, our implementation is miles away from the architectural
> requirements anyway because we operate on virtual addresses,
> not physical addresses.)

The same as powerpc. Size *and* address within reserve granule
does not have to match the larx which established the reserve,
but the latter we always enforced and in practice no open source
software seems to hit it (or AIX).

My thinking is that it is good to tighten it because very likely
software that gets it wrong is deviating from ISA unintentionally.
Linux provides no HWCAP bit to allow code to test such
implementation details, for example.

> > > target/mips migrates lladdr but has forgotten llval
> > > (and perhaps llval_wp and llnewval_wp, depending on what
> > > those fields do).
> >
> > So, similarly, would need to handle migration for which all of the required 
> > data is not
> > present.
> >
> > The thought is, rather than migrate this new data also, and handle 
> > compatibility, simply
> > discard all reservations.
>
> I don't see a problem for normal migration and snapshotting.
> I do wonder whether this would have a bad interaction
> with record-and-replay's use of snapshots. Does that
> expect "execution from the loaded snapshot" to match
> "execution continues from point of snapshot save" ?

I don't mind the idea of moving the new state across, I wondered
if clearing the reserve would be easier for compatibility and
backporting.

I don't know the rr code but if the snapshots use this vmstate
and the replay from that is expected to match exactly the
recording, then I think you must be right.

Thanks,
Nick

[PATCH qemu 2/2] gdbstub: Fixed gdb_open() does not work issue while an extra 'x' is being added when converting '%s' to a pointer

[~foxes]

From: Foxes Hung 

Signed-off-by: Foxes Hung 
---
 gdbstub/syscalls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gdbstub/syscalls.c b/gdbstub/syscalls.c
index 02e3a8f74c..4c6b5f728b 100644
--- a/gdbstub/syscalls.c
+++ b/gdbstub/syscalls.c
@@ -126,7 +126,7 @@ void gdb_do_syscall(gdb_syscall_complete_cb cb, const char 
*fmt, ...)
 case 's':
 i64 = va_arg(va, uint64_t);
 i32 = va_arg(va, uint32_t);
-p += snprintf(p, p_end - p, "%" PRIx64 "/%x" PRIx32, i64, i32);
+p += snprintf(p, p_end - p, "%" PRIx64 "/%" PRIx32, i64, i32);
 break;
 default:
 bad_format:
-- 
2.38.5

RE: [PATCH v2] vfio/migration: Refactor and fix print of "Migration disabled"

[Duan, Zhenzhong]

>-Original Message-
>From: Avihai Horon 
>Sent: Monday, June 19, 2023 7:14 PM
...
>> a/hw/vfio/migration.c b/hw/vfio/migration.c index
>> 6b58dddb8859..bc51aa765cb8 100644
>> --- a/hw/vfio/migration.c
>> +++ b/hw/vfio/migration.c
>> @@ -632,42 +632,41 @@ int64_t vfio_mig_bytes_transferred(void)
>>   return bytes_transferred;
>>   }
>>
>> -int vfio_migration_realize(VFIODevice *vbasedev, Error **errp)
>> +bool vfio_migration_realize(VFIODevice *vbasedev, Error **errp)
>>   {
>> -int ret = -ENOTSUP;
>> +int ret;
>>
>> -if (!vbasedev->enable_migration) {
>> +if (!vbasedev->enable_migration || vfio_migration_init(vbasedev)) {
>> +error_setg(>migration_blocker,
>> +   "VFIO device doesn't support migration");
>>   goto add_blocker;
>>   }
>>
>> -ret = vfio_migration_init(vbasedev);
>> -if (ret) {
>> +if (vfio_block_multiple_devices_migration(errp)) {
>> +error_setg(>migration_blocker,
>> +   "Migration is currently not supported with multiple "
>> +   "VFIO devices");
>>   goto add_blocker;
>>   }
>
>Here you are tying the multiple devices blocker to a specific device.
>This could be problematic:
>If you add vfio device #1 and then device #2 then the blocker will be added to
>device #2. If you then remove device #1, migration will still be blocked
>although it shouldn't.
>
>I think we should keep it as a global blocker and not a per-device blocker.

Thanks for point out, you are right, seems I need to restore the multiple 
devices part code.

Regards
Zhenzhong

Re: [PATCH] chardev/char-win-stdio: Support VT sequences on Windows 11 host

[Zhang Huasen]

From: Huasen Zhang 

Hello,

On Sat, 17 Jun 2023 11:42:06 +0200 Marc-André Lureau <
marcandre.lur...@redhat.com> wrote:
Hi

> On Fri, Jun 16, 2023 at 7:41 AM Zhang Huasen 
> wrote:
> 
> > From: Huasen Zhang 
> >
> > Hello,
> >
> > On Thu, 15 Jun 2023 12:57:55 +0200 Marc-André Lureau <
> > marcandre.lur...@redhat.com>
> > wrote:
> > > Hi
> > >
> > > On Thu, Jun 15, 2023 at 12:36 PM Zhang Huasen 
> > > wrote:
> > >
> > > > If the monitor or the serial port use STDIO as backend on Windows 11
> > > > host,
> > > > e.g. -nographic options is used, the monitor or the guest Linux do not
> > > > response to arrow keys.
> > > >
> > > > When Windows creates a console, ENABLE_VIRTUAL_PROCESS_INPUT is
> > > > disabled
> > > > by default. Arrow keys cannot be retrieved by ReadFile or
> > > > ReadConsoleInput
> > > > functions.
> > > >
> > > > Add ENABLE_VIRTUAL_PROCESS_INPUT to the flag which is passed to
> > > > SetConsoleMode,
> > > > when opening stdio console.
> > > >
> > > > Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1674
> > > >
> > > > Signed-off-by: Zhang Huasen 
> > > > ---
> > > >  chardev/char-win-stdio.c | 2 +-
> > > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > diff --git a/chardev/char-win-stdio.c b/chardev/char-win-stdio.c
> > > > index eb830eabd9..1a18999e78 100644
> > > > --- a/chardev/char-win-stdio.c
> > > > +++ b/chardev/char-win-stdio.c
> > > > @@ -190,7 +190,7 @@ static void qemu_chr_open_stdio(Chardev *chr,
> > > >  }
> > > >  }
> > > >
> > > > -dwMode |= ENABLE_LINE_INPUT;
> > > > +dwMode |= ENABLE_LINE_INPUT | ENABLE_VIRTUAL_TERMINAL_INPUT;
> > > >
> > >
> > > I think we should set it only when is_console (although that may not
> > > make a
> > > difference otherwise)
> >
> > It is okay to set ENABLE_VIRTUAL_TERMINAL_INPUT only when is_console is
> > TRUE.
> >
> > I do not understand some points of original code.
> > If the stdin is not a console, i.e. GetConsoleMode fails, we still
> > call SetConsoleMode and set ENABLE_LINE_INPUT.
> > Could you please tell what the purpose is?
> >
> 
> I have no clue. It has been this way since the beginning (commit db418a0a7).
> 
> The code doesn't check SetConsoleMode() return value, so I'd just go with
> your patch for now.
Thanks for your review and comments.

[PATCH qemu v3 1/2] target/arm: Handle IC IVAU to improve compatibility with JITs

[~jhogberg]

From: John Högberg 

Unlike architectures with precise self-modifying code semantics
(e.g. x86) ARM processors do not maintain coherency for instruction
execution and memory, and require the explicit use of cache
management instructions as well as an instruction barrier to make
code updates visible (the latter on every core that is going to
execute said code).

While this is required to make JITs work on actual hardware, QEMU
has gotten away with not handling this since it does not emulate
caches, and unconditionally invalidates code whenever the softmmu
or the user-mode page protection logic detects that code has been
modified.

Unfortunately the latter does not work in the face of dual-mapped
code (a common W^X workaround), where one page is executable and
the other is writable: user-mode has no way to connect one with the
other as that is only known to the kernel and the emulated
application.

This commit works around the issue by invalidating code in
IC IVAU instructions.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1034

Co-authored-by: Richard Henderson 
Signed-off-by: John Högberg 
Reviewed-by: Richard Henderson 
---
 target/arm/helper.c | 47 ++---
 1 file changed, 44 insertions(+), 3 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index d4bee43bd0..235e3cd0b6 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5228,6 +5228,36 @@ static void mdcr_el2_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 }
 }
 
+#ifdef CONFIG_USER_ONLY
+/*
+ * `IC IVAU` is handled to improve compatibility with JITs that dual-map their
+ * code to get around W^X restrictions, where one region is writable and the
+ * other is executable.
+ *
+ * Since the executable region is never written to we cannot detect code
+ * changes when running in user mode, and rely on the emulated JIT telling us
+ * that the code has changed by executing this instruction.
+ */
+static void ic_ivau_write(CPUARMState *env, const ARMCPRegInfo *ri,
+  uint64_t value)
+{
+uint64_t icache_line_mask, start_address, end_address;
+const ARMCPU *cpu;
+
+cpu = env_archcpu(env);
+
+icache_line_mask = (4 << extract32(cpu->ctr, 0, 4)) - 1;
+start_address = value & ~icache_line_mask;
+end_address = value | icache_line_mask;
+
+mmap_lock();
+
+tb_invalidate_phys_range(start_address, end_address);
+
+mmap_unlock();
+}
+#endif
+
 static const ARMCPRegInfo v8_cp_reginfo[] = {
 /*
  * Minimal set of EL0-visible registers. This will need to be expanded
@@ -5267,7 +5297,10 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
 { .name = "CURRENTEL", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 0, .opc2 = 2, .crn = 4, .crm = 2,
   .access = PL1_R, .type = ARM_CP_CURRENTEL },
-/* Cache ops: all NOPs since we don't emulate caches */
+/*
+ * Instruction cache ops. All of these except `IC IVAU` NOP because we
+ * don't emulate caches.
+ */
 { .name = "IC_IALLUIS", .state = ARM_CP_STATE_AA64,
   .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 1, .opc2 = 0,
   .access = PL1_W, .type = ARM_CP_NOP,
@@ -5280,9 +5313,17 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
   .accessfn = access_tocu },
 { .name = "IC_IVAU", .state = ARM_CP_STATE_AA64,
   .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 5, .opc2 = 1,
-  .access = PL0_W, .type = ARM_CP_NOP,
+  .access = PL0_W,
   .fgt = FGT_ICIVAU,
-  .accessfn = access_tocu },
+  .accessfn = access_tocu,
+#ifdef CONFIG_USER_ONLY
+  .type = ARM_CP_NO_RAW,
+  .writefn = ic_ivau_write
+#else
+  .type = ARM_CP_NOP
+#endif
+},
+/* Cache ops: all NOPs since we don't emulate caches */
 { .name = "DC_IVAC", .state = ARM_CP_STATE_AA64,
   .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 1,
   .access = PL1_W, .accessfn = aa64_cacheop_poc_access,
-- 
2.38.5

[PATCH qemu v3 2/2] tests/tcg/aarch64: Add testcases for IC IVAU and dual-mapped code

[~jhogberg]

From: John Högberg 

https://gitlab.com/qemu-project/qemu/-/issues/1034

Signed-off-by: John Högberg 
---
 tests/tcg/aarch64/Makefile.target |   3 +-
 tests/tcg/aarch64/icivau.c| 169 ++
 2 files changed, 171 insertions(+), 1 deletion(-)
 create mode 100644 tests/tcg/aarch64/icivau.c

diff --git a/tests/tcg/aarch64/Makefile.target 
b/tests/tcg/aarch64/Makefile.target
index 3430fd3cd8..de6566d0d4 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -9,9 +9,10 @@ AARCH64_SRC=$(SRC_PATH)/tests/tcg/aarch64
 VPATH  += $(AARCH64_SRC)
 
 # Base architecture tests
-AARCH64_TESTS=fcvt pcalign-a64
+AARCH64_TESTS=fcvt pcalign-a64 icivau
 
 fcvt: LDFLAGS+=-lm
+icivau: LDFLAGS+=-lrt
 
 run-fcvt: fcvt
$(call run-test,$<,$(QEMU) $<, "$< on $(TARGET_NAME)")
diff --git a/tests/tcg/aarch64/icivau.c b/tests/tcg/aarch64/icivau.c
new file mode 100644
index 00..a01f45f172
--- /dev/null
+++ b/tests/tcg/aarch64/icivau.c
@@ -0,0 +1,169 @@
+/*
+ * Tests the IC IVAU-driven workaround for catching changes made to dual-mapped
+ * code that would otherwise go unnoticed in user mode.
+ *
+ * Copyright (c) 2023 Ericsson AB
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define MAX_CODE_SIZE 128
+
+typedef int (SelfModTest)(uint32_t, uint32_t*);
+typedef int (BasicTest)(int);
+
+static void mark_code_modified(const uint32_t *exec_data, size_t length)
+{
+size_t dcache_stride, icache_stride, i;
+unsigned long ctr_el0;
+
+/*
+ * Step according to minimum cache sizes, as the cache maintenance
+ * instructions operate on the cache line of the given address.
+ *
+ * We assume that exec_data is properly aligned.
+ */
+asm ("mrs %0, ctr_el0\n" : "=r"(ctr_el0));
+dcache_stride = (4 << ((ctr_el0 >> 16) & 0xF));
+icache_stride = (4 << (ctr_el0 & 0xF));
+
+/*
+ * For completeness we might be tempted to assert that we should fail when
+ * the whole code update sequence is omitted, but that would make the test
+ * flaky as it can succeed by coincidence on actual hardware.
+ */
+for (i = 0; i < length; i += dcache_stride) {
+const char *dc_addr = &((const char *)exec_data)[i];
+asm volatile ("dc cvau, %x[dc_addr]\n"
+  : /* no outputs */
+  : [dc_addr] "r"(dc_addr)
+  : "memory");
+}
+
+asm volatile ("dmb ish\n");
+
+for (i = 0; i < length; i += icache_stride) {
+const char *ic_addr = &((const char *)exec_data)[i];
+asm volatile ("ic ivau, %x[ic_addr]\n"
+  : /* no outputs */
+  : [ic_addr] "r"(ic_addr)
+  : "memory");
+}
+
+asm volatile ("dmb ish\n"
+  "isb sy\n");
+}
+
+static int basic_test(uint32_t *rw_data, const uint32_t *exec_data)
+{
+/*
+ * As user mode only misbehaved for dual-mapped code when previously
+ * translated code had been changed, we'll start off with this basic test
+ * function to ensure that there's already some translated code at
+ * exec_data before the next test. This should cause the next test to fail
+ * if `mark_code_modified` fails to invalidate the code.
+ *
+ * Note that the payload is in binary form instead of inline assembler
+ * because we cannot use __attribute__((naked)) on this platform and the
+ * workarounds are at least as ugly as this is.
+ */
+static const uint32_t basic_payload[] = {
+0xD65F03C0 /* 0x00: RET */
+};
+
+BasicTest *copied_ptr = (BasicTest *)exec_data;
+
+memcpy(rw_data, basic_payload, sizeof(basic_payload));
+mark_code_modified(exec_data, sizeof(basic_payload));
+
+return copied_ptr(1234) == 1234;
+}
+
+static int self_modification_test(uint32_t *rw_data, const uint32_t *exec_data)
+{
+/*
+ * This test is self-modifying in an attempt to cover an edge case where
+ * the IC IVAU instruction invalidates itself.
+ *
+ * Note that the IC IVAU instruction is 16 bytes into the function, in what
+ * will be the same cache line as the modifed instruction on machines with
+ * a cache line size >= 16 bytes.
+ */
+static const uint32_t self_mod_payload[] = {
+/* Overwrite the placeholder instruction with the new one. */
+0xB9001C20, /* 0x00: STR w0, [x1, 0x1C] */
+
+/* Get the executable address of the modified instruction. */
+0x10A8, /* 0x04: ADR x8, <0x1C> */
+
+/* Mark the modified instruction as updated. */
+0xD50B7B28, /* 0x08: DC CVAU x8 */
+0xD5033BBF, /* 0x0C: DMB ISH */
+0xD50B7528, /* 0x10: IC IVAU x8 */
+0xD5033BBF, /* 0x14: DMB ISH */
+0xD5033FDF, /* 0x18: ISB */
+
+/* Placeholder instruction, overwritten above. */
+0x5280, /* 0x1C: MOV w0, 0 */
+
+   

[PATCH qemu v3 0/2] target/arm: Improve user-mode compatibility with JITs

[~jhogberg]

The test cases have been changed in v3 to fix some issues pointed out in
code review. The main change is that the tests no longer naively copy C
code around, opting instead to have hard-coded binary payloads. Given
the small amount of code I found that the workarounds for position-
independence and figuring out the actual code length were at least as
ugly, but that's only my preference, please tell me if you'd prefer
something different.



When running in user-mode QEMU currently fails to emulate JITs that
use dual-mapped code to get around W^X restrictions, where one mapping
is writable and one is executable. As it has no way of knowing that a
write to the writable region is reflected in the executable one, it
fails to invalidate previously translated code which leads to a crash
at best.

(Note that system mode is unaffected as the softmmu is fully aware of
what is going on.)

This patch series catches changes to dual-mapped code by honoring the
cache management instructions required to make things work on actual
hardware.

See https://gitlab.com/qemu-project/qemu/-/issues/1034 for more
background information

John Högberg (2):
  target/arm: Handle IC IVAU to improve compatibility with JITs
  tests/tcg/aarch64: Add testcases for IC IVAU and dual-mapped code

 target/arm/helper.c   |  47 -
 tests/tcg/aarch64/Makefile.target |   3 +-
 tests/tcg/aarch64/icivau.c| 169 ++
 3 files changed, 215 insertions(+), 4 deletions(-)
 create mode 100644 tests/tcg/aarch64/icivau.c

-- 
2.38.5

Re: [PATCH v2] hw/acpi: Fix PM control register access

[BALATON Zoltan]

On Thu, 8 Jun 2023, BALATON Zoltan wrote:

On Thu, 8 Jun 2023, Michael S. Tsirkin wrote:

On Thu, Jun 08, 2023 at 12:37:08PM +0100, Mark Cave-Ayland wrote:

On 07/06/2023 21:01, BALATON Zoltan wrote:


On pegasos2 which has ACPI as part of VT8231 south bridge the board
firmware writes PM control register by accessing the second byte so
addr will be 1. This wasn't handled correctly and the write went to
addr 0 instead. Remove the acpi_pm1_cnt_write() function which is used
only once and does not take addr into account and handle non-zero
address in acpi_pm_cnt_{read|write}. This fixes ACPI shutdown with
pegasos2 firmware.

Signed-off-by: BALATON Zoltan 
---
  hw/acpi/core.c | 52 +-
  1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/hw/acpi/core.c b/hw/acpi/core.c
index 6da275c599..00b1e79a30 100644
--- a/hw/acpi/core.c
+++ b/hw/acpi/core.c
@@ -551,30 +551,6 @@ void acpi_pm_tmr_reset(ACPIREGS *ar)
  }
  /* ACPI PM1aCNT */
-static void acpi_pm1_cnt_write(ACPIREGS *ar, uint16_t val)
-{
-ar->pm1.cnt.cnt = val & ~(ACPI_BITMASK_SLEEP_ENABLE);
-
-if (val & ACPI_BITMASK_SLEEP_ENABLE) {
-/* change suspend type */
-uint16_t sus_typ = (val >> 10) & 7;
-switch (sus_typ) {
-case 0: /* soft power off */
-qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
-break;
-case 1:
-qemu_system_suspend_request();
-break;
-default:
-if (sus_typ == ar->pm1.cnt.s4_val) { /* S4 request */
-qapi_event_send_suspend_disk();
- 
qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);

-}
-break;
-}
-}
-}
-
  void acpi_pm1_cnt_update(ACPIREGS *ar,
   bool sci_enable, bool sci_disable)
  {
@@ -593,13 +569,37 @@ void acpi_pm1_cnt_update(ACPIREGS *ar,
  static uint64_t acpi_pm_cnt_read(void *opaque, hwaddr addr, unsigned 
width)

  {
  ACPIREGS *ar = opaque;
-return ar->pm1.cnt.cnt;
+return ar->pm1.cnt.cnt >> addr * 8;


This shift here...


  }
  static void acpi_pm_cnt_write(void *opaque, hwaddr addr, uint64_t val,
unsigned width)
  {
-acpi_pm1_cnt_write(opaque, val);
+ACPIREGS *ar = opaque;
+
+if (addr == 1) {
+val = val << 8 | (ar->pm1.cnt.cnt & 0xff);
+}


and this shift here look similar to my workaround in 
https://patchew.org/QEMU/20230524211104.686087-1-mark.cave-ayl...@ilande.co.uk/20230524211104.686087-31-mark.cave-ayl...@ilande.co.uk/

which is a symptom of https://gitlab.com/qemu-project/qemu/-/issues/360.

Whilst there is no imminent fix for the above issue, it may be worth a few
mins to determine if this is the same issue and if so document it with
comments accordingly as I did so that the workaround can be removed at a
later date.


So I will add
this triggers a but in memory core,
(see
https://gitlab.com/qemu-project/qemu/-/issues/360 for more detail)

?


Apart from the typo but -> bug I'm not sure this is related to that issue but 
in any case this does not trigger but works around some possible bug so maybe 
"This work around may be related to issue URL" or something like that maybe? 
I'm also not sure what comment to add where so I'd appreciate if you can 
handle this on merging.


Ping? Is this queued somewhere or will it be merged? Maybe Adding Buglink 
tag to commit message could be sufficient or just mentioning the link in 
the commit message. I'm still not sure what the best way to do that so I 
hope you could take care of that.


Regards,
BALATON Zoltan


+ar->pm1.cnt.cnt = val & ~(ACPI_BITMASK_SLEEP_ENABLE);
+
+if (val & ACPI_BITMASK_SLEEP_ENABLE) {
+/* change suspend type */
+uint16_t sus_typ = (val >> 10) & 7;
+switch (sus_typ) {
+case 0: /* soft power off */
+qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
+break;
+case 1:
+qemu_system_suspend_request();
+break;
+default:
+if (sus_typ == ar->pm1.cnt.s4_val) { /* S4 request */
+qapi_event_send_suspend_disk();
+ 
qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);

+}
+break;
+}
+}
  }
  static const MemoryRegionOps acpi_pm_cnt_ops = {



ATB,

Mark.

[PATCH] ppc/pnv/pci: Clean up error messages

[Joel Stanley]

The phb error macros add a newline for you, so remove the second one to
avoid double whitespace.

Signed-off-by: Joel Stanley 
---
 hw/pci-host/pnv_phb4.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/hw/pci-host/pnv_phb4.c b/hw/pci-host/pnv_phb4.c
index 542f9e293221..6232cbeee161 100644
--- a/hw/pci-host/pnv_phb4.c
+++ b/hw/pci-host/pnv_phb4.c
@@ -133,13 +133,13 @@ static void pnv_phb4_rc_config_write(PnvPHB4 *phb, 
unsigned off,
 PCIDevice *pdev;
 
 if (size != 4) {
-phb_error(phb, "rc_config_write invalid size %d\n", size);
+phb_error(phb, "rc_config_write invalid size %d", size);
 return;
 }
 
 pdev = pci_find_device(pci->bus, 0, 0);
 if (!pdev) {
-phb_error(phb, "rc_config_write device not found\n");
+phb_error(phb, "rc_config_write device not found");
 return;
 }
 
@@ -155,13 +155,13 @@ static uint64_t pnv_phb4_rc_config_read(PnvPHB4 *phb, 
unsigned off,
 uint64_t val;
 
 if (size != 4) {
-phb_error(phb, "rc_config_read invalid size %d\n", size);
+phb_error(phb, "rc_config_read invalid size %d", size);
 return ~0ull;
 }
 
 pdev = pci_find_device(pci->bus, 0, 0);
 if (!pdev) {
-phb_error(phb, "rc_config_read device not found\n");
+phb_error(phb, "rc_config_read device not found");
 return ~0ull;
 }
 
@@ -1039,19 +1039,19 @@ static void pnv_pec_stk_nest_xscom_write(void *opaque, 
hwaddr addr,
 if (phb->nest_regs[PEC_NEST_STK_BAR_EN] &
 (PEC_NEST_STK_BAR_EN_MMIO0 |
  PEC_NEST_STK_BAR_EN_MMIO1)) {
-phb_pec_error(pec, "Changing enabled BAR unsupported\n");
+phb_pec_error(pec, "Changing enabled BAR unsupported");
 }
 phb->nest_regs[reg] = val & 0xff00ull;
 break;
 case PEC_NEST_STK_PHB_REGS_BAR:
 if (phb->nest_regs[PEC_NEST_STK_BAR_EN] & PEC_NEST_STK_BAR_EN_PHB) {
-phb_pec_error(pec, "Changing enabled BAR unsupported\n");
+phb_pec_error(pec, "Changing enabled BAR unsupported");
 }
 phb->nest_regs[reg] = val & 0xffc0ull;
 break;
 case PEC_NEST_STK_INT_BAR:
 if (phb->nest_regs[PEC_NEST_STK_BAR_EN] & PEC_NEST_STK_BAR_EN_INT) {
-phb_pec_error(pec, "Changing enabled BAR unsupported\n");
+phb_pec_error(pec, "Changing enabled BAR unsupported");
 }
 phb->nest_regs[reg] = val & 0xfff0ull;
 break;
-- 
2.39.2

[PATCH] STM32F100: support different density lines

[Lucas Villa Real]

This patch adds support for the emulation of different density lines
(low, medium, and high). A new class property stm32f100-soc.density=
has been introduced to allow users to state the desired configuration.
That property is recognized by a new machine, stm32f1-generic. The SOC
is configured according to the following:

   density=low   32 KB FLASH, 2 SPIs
   density=medium   128 KB FLASH, 2 SPIs
   density=high 512 KB FLASH, 3 SPIs

With this code change we should be able to introduce richer features
to STM32F100, such as support for FSMC (so that a machine with more
RAM capacity can be properly emulated). FSMC is supported on high
density line devices only.

Signed-off-by: Lucas C. Villa Real 
---
 configs/devices/arm-softmmu/default.mak |  1 +
 docs/system/arm/stm32.rst   | 14 
 hw/arm/Kconfig  |  6 ++
 hw/arm/meson.build  |  1 +
 hw/arm/stm32f100_soc.c  | 92 +
 hw/arm/stm32f1_generic.c| 70 +++
 hw/arm/stm32vldiscovery.c   |  3 +-
 include/hw/arm/stm32f100_soc.h  | 18 -
 8 files changed, 189 insertions(+), 16 deletions(-)
 create mode 100644 hw/arm/stm32f1_generic.c

diff --git a/configs/devices/arm-softmmu/default.mak 
b/configs/devices/arm-softmmu/default.mak
index 980c48a7d9..4f0f2e99c0 100644
--- a/configs/devices/arm-softmmu/default.mak
+++ b/configs/devices/arm-softmmu/default.mak
@@ -19,6 +19,7 @@ CONFIG_ARM_VIRT=y
 # CONFIG_NSERIES=n
 # CONFIG_STELLARIS=n
 # CONFIG_STM32VLDISCOVERY=n
+# CONFIG_STM32F1_GENERIC=n
 # CONFIG_REALVIEW=n
 # CONFIG_VERSATILE=n
 # CONFIG_VEXPRESS=n
diff --git a/docs/system/arm/stm32.rst b/docs/system/arm/stm32.rst
index d7265b763d..d0a3b1a7eb 100644
--- a/docs/system/arm/stm32.rst
+++ b/docs/system/arm/stm32.rst
@@ -10,6 +10,12 @@ The STM32F1 series is based on ARM Cortex-M3 core. The 
following machines are
 based on this chip :
 
 - ``stm32vldiscovery``  STM32VLDISCOVERY board with STM32F100RBT6 
microcontroller
+- ``stm32f1-generic``   Generic STM32F1 board supporting low, medium and high
+density devices. Low-density emulates a 32KB FLASH;
+medium-density emulates a 128KB FLASH; high-density
+emulates a 512KB FLASH. The density also affects the
+number of peripherals exposed by QEMU for the emulated
+device. See ``Boot options`` below for more details.
 
 The STM32F2 series is based on ARM Cortex-M3 core. The following machines are
 based on this chip :
@@ -65,3 +71,11 @@ firmware. Example:
 .. code-block:: bash
 
   $ qemu-system-arm -M stm32vldiscovery -kernel firmware.bin
+
+Additionally, the ``stm32f1-generic`` board supports the ``density`` option
+to select the device density line.  The following values are supported:
+``low``, ``medium``, ``high``. Example:
+
+.. code-block:: bash
+
+  $ qemu-system-arm -M stm32f1-generic -global stm32f100-soc.density=medium ...
\ No newline at end of file
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index 2159de3ce6..822441945c 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -301,6 +301,12 @@ config STM32VLDISCOVERY
 depends on TCG && ARM
 select STM32F100_SOC
 
+config STM32F1_GENERIC
+bool
+default y
+depends on TCG && ARM
+select STM32F100_SOC
+
 config STRONGARM
 bool
 select PXA2XX
diff --git a/hw/arm/meson.build b/hw/arm/meson.build
index 870ec67376..f88b5fe3c8 100644
--- a/hw/arm/meson.build
+++ b/hw/arm/meson.build
@@ -23,6 +23,7 @@ arm_ss.add(when: 'CONFIG_REALVIEW', if_true: 
files('realview.c'))
 arm_ss.add(when: 'CONFIG_SBSA_REF', if_true: files('sbsa-ref.c'))
 arm_ss.add(when: 'CONFIG_STELLARIS', if_true: files('stellaris.c'))
 arm_ss.add(when: 'CONFIG_STM32VLDISCOVERY', if_true: 
files('stm32vldiscovery.c'))
+arm_ss.add(when: 'CONFIG_STM32F1_GENERIC', if_true: files('stm32f1_generic.c'))
 arm_ss.add(when: 'CONFIG_COLLIE', if_true: files('collie.c'))
 arm_ss.add(when: 'CONFIG_VERSATILE', if_true: files('versatilepb.c'))
 arm_ss.add(when: 'CONFIG_VEXPRESS', if_true: files('vexpress.c'))
diff --git a/hw/arm/stm32f100_soc.c b/hw/arm/stm32f100_soc.c
index f7b344ba9f..c157ffd644 100644
--- a/hw/arm/stm32f100_soc.c
+++ b/hw/arm/stm32f100_soc.c
@@ -38,10 +38,11 @@
 
 static const uint32_t usart_addr[STM_NUM_USARTS] = { 0x40013800, 0x40004400,
 0x40004800 };
-static const uint32_t spi_addr[STM_NUM_SPIS] = { 0x40013000, 0x40003800 };
+static const uint32_t spi_addr[STM_NUM_SPIS] = { 0x40013000, 0x40003800,
+0x40003C00 };
 
 static const int usart_irq[STM_NUM_USARTS] = {37, 38, 39};
-static const int spi_irq[STM_NUM_SPIS] = {35, 36};
+static const int spi_irq[STM_NUM_SPIS] = {35, 36, 51};
 
 static void stm32f100_soc_initfn(Object *obj)
 {
@@ -50,17 +51,21 @@ static void stm32f100_soc_initfn(Object *obj)
 
 object_initialize_child(obj, "armv7m", >armv7m, TYPE_ARMV7M);
 
+/*
+ * All 

Re: Faster than real-time execution

[Alex Bennée]

"frankwmiller frankwmiller.net"  writes:

> Greetings, 
>   
> I've been contemplating using QEMU for faster-than-real-time execution of 
> SPARC executables on an X86-64 machine.
>   It appears from the base architecture of QEMU that this is not possible if 
> QEMU is using JIT of the SPARC to x86-84
> since the resulting x86-64 will run on the hardware at the processor clock 
> speed and there's not really any way around
> that. 
>   
> However, is it possible to do something like this.  Execute the SPARC 
> instructions in simulation, i.e. without any JIT, and
> then since everything is executed as simulated SPARC instructions, 
> essentially speed up time in the simulated
> environment and execute FRT that way?

Have a look at icount mode:

  -icount 
[shift=N|auto][,align=on|off][,sleep=on|off][,rr=record|replay,rrfile=filename[,rrsnapshot=snapshot]]

  Enable virtual instruction counter. The virtual cpu will execute one 
instruction every 2^N ns of virtual time. If auto is specified then the virtual 
cpu speed will be automatically adjusted to keep virtual time within a few 
seconds of real time.

  Note that while this option can give deterministic behavior, it does not 
provide cycle accurate emulation. Modern CPUs contain superscalar out of order 
cores with complex cache hierarchies. The number of instructions executed often 
has little or no correlation with actual performance.

  When the virtual cpu is sleeping, the virtual time will advance at 
default speed unless sleep=on is specified. With sleep=on, the virtual time 
will jump to the next timer deadline instantly whenever the virtual cpu goes to 
sleep mode and will not advance if no timer is enabled. This behavior gives 
deterministic execution times from the guest point of view. The default if 
icount is enabled is sleep=off. sleep=on cannot be used together with either 
shift=auto or align=on.

  align=on will activate the delay algorithm which will try to synchronise 
the host clock and the virtual clock. The goal is to have a guest running at 
the real frequency imposed by the shift option. Whenever the guest clock is 
behind the host clock and if align=on is specified then we print a message to 
the user to inform about the delay. Currently this option does not work when 
shift is auto. Note: The sync algorithm will work for those shift values for 
which the guest clock runs ahead of the host clock. Typically this happens when 
the shift value is high (how high depends on the host machine). The default if 
icount is enabled is align=off.

  When the rr option is specified deterministic record/replay is enabled. 
The rrfile= option must also be provided to specify the path to the replay log. 
In record mode data is written to this file, and in replay mode it is read 
back. If the rrsnapshot option is given then it specifies a VM snapshot name. 
In record mode, a new VM snapshot with the given name is created at the start 
of execution recording. In replay mode this option specifies the snapshot name 
used to load the initial VM state.


You can read more about how it works at: 
https://qemu.readthedocs.io/en/latest/devel/tcg-icount.html

-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro

Re: [PATCH v4 6/6] hw/riscv: Enable TPM backends

[Guenter Roeck]

Hi Alistair,

On Wed, Apr 20, 2022 at 03:52:48PM +1000, Alistair Francis wrote:
> From: Alistair Francis 
> 
> Imply the TPM sysbus devices. This allows users to add TPM devices to
> the RISC-V virt board.
> 
> This was tested by first creating an emulated TPM device:
> 
> swtpm socket --tpm2 -t -d --tpmstate dir=/tmp/tpm \
> --ctrl type=unixio,path=swtpm-sock
> 
> Then launching QEMU with:
> 
> -chardev socket,id=chrtpm,path=swtpm-sock \
> -tpmdev emulator,id=tpm0,chardev=chrtpm \
> -device tpm-tis-device,tpmdev=tpm0
> 
> The TPM device can be seen in the memory tree and the generated device
> tree.
> 
I tried to get this working with qemu 8.0, but I did not have any success.
I am quite sure I have the above command line correctly, and it does work
with arm64. Any idea what I might be missing ?

Thanks,
Guenter

> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/942
> Signed-off-by: Alistair Francis 
> Reviewed-by: Edgar E. Iglesias 
> ---
>  hw/riscv/virt.c  | 4 
>  hw/riscv/Kconfig | 1 +
>  2 files changed, 5 insertions(+)
> 
> diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
> index 6eed1f4d70..b62fd66a49 100644
> --- a/hw/riscv/virt.c
> +++ b/hw/riscv/virt.c
> @@ -43,6 +43,7 @@
>  #include "sysemu/device_tree.h"
>  #include "sysemu/sysemu.h"
>  #include "sysemu/kvm.h"
> +#include "sysemu/tpm.h"
>  #include "hw/pci/pci.h"
>  #include "hw/pci-host/gpex.h"
>  #include "hw/display/ramfb.h"
> @@ -1612,6 +1613,9 @@ static void virt_machine_class_init(ObjectClass *oc, 
> void *data)
>  hc->plug = virt_machine_device_plug_cb;
>  
>  machine_class_allow_dynamic_sysbus_dev(mc, TYPE_RAMFB_DEVICE);
> +#ifdef CONFIG_TPM
> +machine_class_allow_dynamic_sysbus_dev(mc, TYPE_TPM_TIS_SYSBUS);
> +#endif
>  
>  object_class_property_add_bool(oc, "aclint", virt_get_aclint,
> virt_set_aclint);
> diff --git a/hw/riscv/Kconfig b/hw/riscv/Kconfig
> index da790f5936..79ff61c464 100644
> --- a/hw/riscv/Kconfig
> +++ b/hw/riscv/Kconfig
> @@ -34,6 +34,7 @@ config RISCV_VIRT
>  imply PCI_DEVICES
>  imply VIRTIO_VGA
>  imply TEST_DEVICES
> +imply TPM_TIS_SYSBUS
>  select RISCV_NUMA
>  select GOLDFISH_RTC
>  select MSI_NONBROKEN
> -- 
> 2.35.1
> 
> 

Faster than real-time execution

[frankwmiller frankwmiller.net]

Greetings,
 
I've been contemplating using QEMU for faster-than-real-time execution of SPARC 
executables on an X86-64 machine.   It appears from the base architecture of 
QEMU that this is not possible if QEMU is using JIT of the SPARC to x86-84 
since the resulting x86-64 will run on the hardware at the processor clock 
speed and there's not really any way around that.
 
However, is it possible to do something like this.  Execute the SPARC 
instructions in simulation, i.e. without any JIT, and then since everything is 
executed as simulated SPARC instructions, essentially speed up time in the 
simulated environment and execute FRT that way?
 
Thanks
FM
 
 

Re: [PATCH] target/arm: Restructure has_vfp_d32 test

[Mads Ynddal]

> On 19 Jun 2023, at 16.02, Richard Henderson  
> wrote:
> 
> One cannot test for feature aa32_simd_r32 without first
> testing if AArch32 mode is supported at all.  This leads to
> 
> qemu-system-aarch64: ARM CPUs must have both VFP-D32 and Neon or neither
> 
> for Apple M1 cpus.
> 
> We already have a check for ARMv8-A never setting vfp-d32 true,
> so restructure the code so that AArch64 avoids the test entirely.
> 
> Reported-by: Mads Ynddal 
> Signed-off-by: Richard Henderson 
> ---
> target/arm/cpu.c | 28 +++-
> 1 file changed, 15 insertions(+), 13 deletions(-)
> 
> diff --git a/target/arm/cpu.c b/target/arm/cpu.c
> index 353fc48567..706dbd37b1 100644
> --- a/target/arm/cpu.c
> +++ b/target/arm/cpu.c
> @@ -1402,25 +1402,27 @@ void arm_cpu_post_init(Object *obj)
>  * KVM does not currently allow us to lie to the guest about its
>  * ID/feature registers, so the guest always sees what the host has.
>  */
> -if (arm_feature(>env, ARM_FEATURE_AARCH64)
> -? cpu_isar_feature(aa64_fp_simd, cpu)
> -: cpu_isar_feature(aa32_vfp, cpu)) {
> -cpu->has_vfp = true;
> -if (!kvm_enabled()) {
> -qdev_property_add_static(DEVICE(obj), _cpu_has_vfp_property);
> +if (arm_feature(>env, ARM_FEATURE_AARCH64)) {
> +if (cpu_isar_feature(aa64_fp_simd, cpu)) {
> +cpu->has_vfp = true;
> +cpu->has_vfp_d32 = true;
> +if (tcg_enabled() || qtest_enabled()) {
> +qdev_property_add_static(DEVICE(obj),
> + _cpu_has_vfp_property);
> +}
> }
> -}
> -
> -if (cpu->has_vfp && cpu_isar_feature(aa32_simd_r32, cpu)) {
> -cpu->has_vfp_d32 = true;
> -if (!kvm_enabled()) {
> +} else if (cpu_isar_feature(aa32_vfp, cpu)) {
> +cpu->has_vfp = true;
> +if (cpu_isar_feature(aa32_simd_r32, cpu)) {
> +cpu->has_vfp_d32 = true;
> /*
>  * The permitted values of the SIMDReg bits [3:0] on
>  * Armv8-A are either 0b and 0b0010. On such CPUs,
>  * make sure that has_vfp_d32 can not be set to false.
>  */
> -if (!(arm_feature(>env, ARM_FEATURE_V8) &&
> -  !arm_feature(>env, ARM_FEATURE_M))) {
> +if ((tcg_enabled() || qtest_enabled())
> +&& !(arm_feature(>env, ARM_FEATURE_V8)
> + && !arm_feature(>env, ARM_FEATURE_M))) {
> qdev_property_add_static(DEVICE(obj),
>  _cpu_has_vfp_d32_property);
> }
> -- 
> 2.34.1
> 

Perfect! This seems to do it for Apple M1.

Tested-by: Mads Ynddal 
Reviewed-by: Mads Ynddal 

Re: [RFC PATCH] plugins: force slow path when plugins instrument memory ops

[Alex Bennée]

Richard Henderson  writes:

> On 4/19/23 17:12, Alex Bennée wrote:
>> The lack of SVE memory instrumentation has been an omission in plugin
>> handling since it was introduced. Fortunately we can utilise the
>> probe_* functions to force all all memory access to follow the slow
>> path. We do this by checking the access type and presence of plugin
>> memory callbacks and if set return the TLB_MMIO flag.
>> We have to jump through a few hoops in user mode to re-use the flag
>> but it was the desired effect:
>>   ./qemu-system-aarch64 -display none -serial mon:stdio \
>> -M virt -cpu max -semihosting-config enable=on \
>> -kernel ./tests/tcg/aarch64-softmmu/memory-sve \
>> -plugin ./contrib/plugins/libexeclog.so,ifilter=st1w,afilter=0x40001808 
>> -d plugin
>> gives (disas doesn't currently understand st1w):
>>0, 0x40001808, 0xe54342a0, ".byte 0xa0, 0x42, 0x43, 0xe5", store,
>> 0x40213010, RAM, store, 0x40213014, RAM, store, 0x40213018, RAM
>> And for user-mode:
>>./qemu-aarch64 \
>>  -plugin contrib/plugins/libexeclog.so,afilter=0x4007c0 \
>>  -d plugin \
>>  ./tests/tcg/aarch64-linux-user/sha512-sve
>> gives:
>>1..10
>>ok 1 - do_test([i])
>>0, 0x4007c0, 0xa4004b80, ".byte 0x80, 0x4b, 0x00, 0xa4", load, 
>> 0x5500800370, load, 0x5500800371, load, 0x5500800372, load, 0x5500800373, 
>> load, 0x5500800374, load, 0x5500800375, load, 0x5500800376, load, 
>> 0x5500800377, load, 0x5500800378, load, 0x5500800379, load, 0x550080037a, 
>> load, 0x550080037b, load, 0x550080037c, load, 0x550080037d, load, 
>> 0x550080037e, load, 0x550080037f, load, 0x5500800380, load, 0x5500800381, 
>> load, 0x5500800382, load, 0x5500800383, load, 0x5500800384, load, 
>> 0x5500800385, load, 0x5500800386, lo
>>ad, 0x5500800387, load, 0x5500800388, load, 0x5500800389, load, 
>> 0x550080038a, load, 0x550080038b, load, 0x550080038c, load, 0x550080038d, 
>> load, 0x550080038e, load, 0x550080038f, load, 0x5500800390, load, 
>> 0x5500800391, load, 0x5500800392, load, 0x5500800393, load, 0x5500800394, 
>> load, 0x5500800395, load, 0x5500800396, load, 0x5500800397, load, 
>> 0x5500800398, load, 0x5500800399, load, 0x550080039a, load, 0x550080039b, 
>> load, 0x550080039c, load, 0x550080039d, load, 0x550080039e, load, 
>> 0x550080039f, load, 0x55008003a0, load, 0x55008003a1, load, 0x55008003a2, 
>> load, 0x55008003a3, load, 0x55008003a4, load, 0x55008003a5, load, 
>> 0x55008003a6, load, 0x55008003a7, load, 0x55008003a8, load, 0x55008003a9, 
>> load, 0x55008003aa, load, 0x55008003ab, load, 0x55008003ac, load, 
>> 0x55008003ad, load, 0x55008003ae, load, 0x55008003af
>> (4007c0 is the ld1b in the sha512-sve)
>> Signed-off-by: Alex Bennée 
>> Cc: Robert Henry 
>> Cc: Aaron Lindsay 
>> ---
>>   include/exec/cpu-all.h|  2 +-
>>   include/hw/core/cpu.h | 17 +
>>   accel/tcg/cputlb.c|  6 +-
>>   accel/tcg/user-exec.c |  6 +-
>>   target/arm/tcg/sve_helper.c   |  4 
>>   tests/tcg/aarch64/Makefile.target |  8 
>>   6 files changed, 36 insertions(+), 7 deletions(-)
>
> Looks good, mostly.
>
>> @@ -1530,6 +1530,7 @@ static int probe_access_internal(CPUArchState *env, 
>> target_ulong addr,
>>   target_ulong tlb_addr, page_addr;
>>   size_t elt_ofs;
>>   int flags;
>> +bool not_fetch = true;
>> switch (access_type) {
>>   case MMU_DATA_LOAD:
>> @@ -1540,6 +1541,7 @@ static int probe_access_internal(CPUArchState *env, 
>> target_ulong addr,
>>   break;
>>   case MMU_INST_FETCH:
>>   elt_ofs = offsetof(CPUTLBEntry, addr_code);
>> +not_fetch = false;
>>   break;
>>   default:
>>   g_assert_not_reached();
>> @@ -1578,7 +1580,9 @@ static int probe_access_internal(CPUArchState *env, 
>> target_ulong addr,
>>   *pfull = _tlb(env)->d[mmu_idx].fulltlb[index];
>> /* Fold all "mmio-like" bits into TLB_MMIO.  This is not
>> RAM.  */
>> -if (unlikely(flags & ~(TLB_WATCHPOINT | TLB_NOTDIRTY))) {
>> +if (unlikely(flags & ~(TLB_WATCHPOINT | TLB_NOTDIRTY))
>> +||
>> +(not_fetch && cpu_plugin_mem_cbs_enabled(env_cpu(env {
>
> Rather than introduce a new variable, just test access_type !=
> MMU_INST_FETCH.

w.r.t to not instrumenting the TLB accesses how ugly would something
like this be:

--8<---cut here---start->8---
modified   include/hw/core/cpu.h
@@ -80,10 +80,24 @@ DECLARE_CLASS_CHECKERS(CPUClass, CPU,
 typedef struct ArchCPU CpuInstanceType; \
 OBJECT_DECLARE_TYPE(ArchCPU, CpuClassType, CPU_MODULE_OBJ_NAME);
 
+/**
+ * typedef MMUAccessType - describe the type of access for cputlb
+ *
+ * When handling the access to memory we need to know the type of
+ * access we are doing. Loads and store rely on read and write page
+ * permissions where as the instruction fetch relies on execute
+ * permissions. Additional bits are used for TLB access so we can
+ * suppress 

Re: [PATCH v3] hw/pci: prevent hotplug of devices on pcie-root-ports on the wrong slot

[Michael S. Tsirkin]

On Mon, Jun 19, 2023 at 09:29:26PM +0530, Ani Sinha wrote:
> When a device is plugged into a PCIE root port, it can only be plugged into 
> slot
> 0. Hotplugging a device into a slot other than slot 0 is invalid and should be
> prevented. This change ensures that we throw an error if the user tries to 
> plug
> a device into a pcie root port on any slot other than slot 0.
> 
> CC: jus...@redhat.com
> CC: imamm...@redhat.com
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2128929
> Signed-off-by: Ani Sinha 
> ---
>  hw/pci/pci.c | 16 
>  1 file changed, 16 insertions(+)
> 
> changelog:
> v2: addressed issue with multifunction pcie root ports. Should allow
> hotplug on functions other than function 0.
> v3: improved commit message.

Weird. You say you improved it but it still only mentions
root port while code works for downstream ports too.
Improve it some more please I guess ;)


> diff --git a/hw/pci/pci.c b/hw/pci/pci.c
> index bf38905b7d..66999352cc 100644
> --- a/hw/pci/pci.c
> +++ b/hw/pci/pci.c
> @@ -64,6 +64,7 @@ bool pci_available = true;
>  static char *pcibus_get_dev_path(DeviceState *dev);
>  static char *pcibus_get_fw_dev_path(DeviceState *dev);
>  static void pcibus_reset(BusState *qbus);
> +static bool pcie_has_upstream_port(PCIDevice *dev);
>  
>  static Property pci_props[] = {
>  DEFINE_PROP_PCI_DEVFN("addr", PCIDevice, devfn, -1),
> @@ -1182,6 +1183,11 @@ static PCIDevice *do_pci_register_device(PCIDevice 
> *pci_dev,
>  } else if (dev->hotplugged &&
> !pci_is_vf(pci_dev) &&
> pci_get_function_0(pci_dev)) {
> +/*
> + * populating function 0 triggers a bus scan from the guest that
> + * exposes other non-zero functions. Hence we need to ensure that
> + * function 0 is available.

available -> wasn't added yet

> + */
>  error_setg(errp, "PCI: slot %d function 0 already occupied by %s,"
> " new func %s cannot be exposed to guest.",
> PCI_SLOT(pci_get_function_0(pci_dev)->devfn),
> @@ -1189,6 +1195,16 @@ static PCIDevice *do_pci_register_device(PCIDevice 
> *pci_dev,
> name);
>  
> return NULL;
> +} else if (dev->hotplugged &&
> +   !pci_is_vf(pci_dev) &&
> +   pcie_has_upstream_port(pci_dev) && PCI_SLOT(devfn)) {
> +/*
> + * If the device is being plugged into an upstream PCIE port,

No, it's not plugged into an upstream port. It *has* an upstream port.


> + * like a pcie root port, we only support one device at slot 0

this is wrong too, in that "device" here is a pci function, we
support only slot 0, but many functions.

> + */
> +error_setg(errp, "PCI: slot %d is not valid for %s",


Let's not just complain, explain why ;)

> +   PCI_SLOT(devfn), name);
> +return NULL;
>  }
>  
>  pci_dev->devfn = devfn;
> -- 
> 2.39.1

Re: [PATCH] contrib/plugins: add meson build file

[Alex Bennée]

Anton Kochkov  writes:

> Add crossplatform Meson file to build TCG plugins since
> the Makefile makes wrong assumptions about it being used only
> on Linux. Tested on Linux and macOS.

I think you should go the whole hog and remove the existing makefile
machinery. Otherwise it will be confusing to users who add new plugins
to the contrib directory.

Can the overall QEMU meson invoke this directly or will it get confused
by it being a separate project?

>
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1710
> Signed-off-by: Anton Kochkov 
> ---
>  contrib/plugins/meson.build   | 31 +++
>  contrib/plugins/meson_options.txt |  1 +
>  2 files changed, 32 insertions(+)
>  create mode 100644 contrib/plugins/meson.build
>  create mode 100644 contrib/plugins/meson_options.txt
>
> diff --git a/contrib/plugins/meson.build b/contrib/plugins/meson.build
> new file mode 100644
> index 00..72c4167461
> --- /dev/null
> +++ b/contrib/plugins/meson.build
> @@ -0,0 +1,31 @@
> +project('qemu-plugins', 'c', meson_version: '>=0.50.0')
> +
> +qemu_src = get_option('qemu_path')
> +if qemu_src == ''
> +  qemu_src = '../..'
> +endif
> +
> +qemu_include = qemu_src + '/include/qemu'
> +incdir = include_directories(qemu_include)
> +
> +plugins = [
> +  'execlog',
> +  'hotblocks',
> +  'hotpages',
> +  'howvec',
> +  'lockstep',
> +  'hwprofile',
> +  'cache',
> +  'drcov',
> +]
> +
> +th = dependency('threads', required: true)
> +glib = dependency('glib-2.0', required: true)
> +
> +foreach p: plugins
> +  library(p, p + '.c',
> +include_directories: incdir,
> +dependencies: [th, glib],
> +override_options: ['b_lundef=false']
> +  )
> +endforeach
> diff --git a/contrib/plugins/meson_options.txt 
> b/contrib/plugins/meson_options.txt
> new file mode 100644
> index 00..2d76cda496
> --- /dev/null
> +++ b/contrib/plugins/meson_options.txt
> @@ -0,0 +1 @@
> +option('qemu_path', type : 'string', value : '', description : 'Full
> path to the QEMU sources to build plugins for')


-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro

Re: [PATCH 05/12] hw/virtio: Add support for apple virtio-blk

[Daniel P . Berrangé]

On Wed, Jun 14, 2023 at 10:56:22PM +, Alexander Graf wrote:
> Apple has its own virtio-blk PCI device ID where it deviates from the
> official virtio-pci spec slightly: It puts a new "apple type"
> field at a static offset in config space and introduces a new discard
> command.
> 
> This patch adds a new qdev property called "apple-type" to virtio-blk-pci.
> When that property is set, we assume the virtio-blk device is an Apple one
> of the specific type and act accordingly.

I wonder if we should treat these as two separate devices. ie define
a 'apple-virtio-blk' device name, and have it be a subclass of the
main virtio blk impl. That would allow distros to drop the apple
forked impl in their downstream when they seek to minimize their
support matrix.

> 
> Signed-off-by: Alexander Graf 
> ---
>  hw/block/virtio-blk.c   | 23 +
>  hw/virtio/virtio-blk-pci.c  |  7 +++
>  include/hw/pci/pci_ids.h|  1 +
>  include/hw/virtio/virtio-blk.h  |  1 +
>  include/standard-headers/linux/virtio_blk.h |  3 +++
>  5 files changed, 35 insertions(+)
> 
> diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
> index 39e7f23fab..76b85bb3cb 100644
> --- a/hw/block/virtio-blk.c
> +++ b/hw/block/virtio-blk.c
> @@ -1120,6 +1120,20 @@ static int virtio_blk_handle_request(VirtIOBlockReq 
> *req, MultiReqBuffer *mrb)
>  
>  break;
>  }
> +case VIRTIO_BLK_T_APPLE1:
> +{
> +if (s->conf.x_apple_type) {
> +/* Only valid on Apple Virtio */
> +char buf[iov_size(in_iov, in_num)];
> +memset(buf, 0, sizeof(buf));
> +iov_from_buf(in_iov, in_num, 0, buf, sizeof(buf));
> +virtio_blk_req_complete(req, VIRTIO_BLK_S_OK);
> +} else {
> +virtio_blk_req_complete(req, VIRTIO_BLK_S_UNSUPP);
> +}
> +virtio_blk_free_request(req);
> +break;
> +}
>  default:
>  virtio_blk_req_complete(req, VIRTIO_BLK_S_UNSUPP);
>  virtio_blk_free_request(req);
> @@ -1351,6 +1365,10 @@ static void virtio_blk_update_config(VirtIODevice 
> *vdev, uint8_t *config)
>  } else {
>  blkcfg.zoned.model = VIRTIO_BLK_Z_NONE;
>  }
> +if (s->conf.x_apple_type) {
> +/* Apple abuses the same location for its type id */
> +blkcfg.max_secure_erase_sectors = s->conf.x_apple_type;
> +}
>  memcpy(config, , s->config_size);
>  }
>  
> @@ -1625,6 +1643,10 @@ static void virtio_blk_device_realize(DeviceState 
> *dev, Error **errp)
>  
>  s->config_size = virtio_get_config_size(_blk_cfg_size_params,
>  s->host_features);
> +if (s->conf.x_apple_type) {
> +/* Apple Virtio puts the blk type at 0x3c, make sure we have space. 
> */
> +s->config_size = MAX(s->config_size, 0x3d);
> +}
>  virtio_init(vdev, VIRTIO_ID_BLOCK, s->config_size);
>  
>  s->blk = conf->conf.blk;
> @@ -1734,6 +1756,7 @@ static Property virtio_blk_properties[] = {
> conf.max_write_zeroes_sectors, 
> BDRV_REQUEST_MAX_SECTORS),
>  DEFINE_PROP_BOOL("x-enable-wce-if-config-wce", VirtIOBlock,
>   conf.x_enable_wce_if_config_wce, true),
> +DEFINE_PROP_UINT32("x-apple-type", VirtIOBlock, conf.x_apple_type, 0),
>  DEFINE_PROP_END_OF_LIST(),
>  };
>  
> diff --git a/hw/virtio/virtio-blk-pci.c b/hw/virtio/virtio-blk-pci.c
> index 9743bee965..5fbf98f750 100644
> --- a/hw/virtio/virtio-blk-pci.c
> +++ b/hw/virtio/virtio-blk-pci.c
> @@ -62,6 +62,13 @@ static void virtio_blk_pci_realize(VirtIOPCIProxy 
> *vpci_dev, Error **errp)
>  }
>  
>  qdev_realize(vdev, BUS(_dev->bus), errp);
> +
> +if (conf->x_apple_type) {
> +/* Apple virtio-blk uses a different vendor/device id */
> +pci_config_set_vendor_id(vpci_dev->pci_dev.config, 
> PCI_VENDOR_ID_APPLE);
> +pci_config_set_device_id(vpci_dev->pci_dev.config,
> + PCI_DEVICE_ID_APPLE_VIRTIO_BLK);
> +}
>  }
>  
>  static void virtio_blk_pci_class_init(ObjectClass *klass, void *data)
> diff --git a/include/hw/pci/pci_ids.h b/include/hw/pci/pci_ids.h
> index e4386ebb20..74e589a298 100644
> --- a/include/hw/pci/pci_ids.h
> +++ b/include/hw/pci/pci_ids.h
> @@ -188,6 +188,7 @@
>  #define PCI_DEVICE_ID_APPLE_UNI_N_AGP0x0020
>  #define PCI_DEVICE_ID_APPLE_U3_AGP   0x004b
>  #define PCI_DEVICE_ID_APPLE_UNI_N_GMAC   0x0021
> +#define PCI_DEVICE_ID_APPLE_VIRTIO_BLK   0x1a00
>  
>  #define PCI_VENDOR_ID_SUN0x108e
>  #define PCI_DEVICE_ID_SUN_EBUS   0x1000
> diff --git a/include/hw/virtio/virtio-blk.h b/include/hw/virtio/virtio-blk.h
> index dafec432ce..7117ce754c 100644
> --- a/include/hw/virtio/virtio-blk.h
> +++ b/include/hw/virtio/virtio-blk.h
> @@ -46,6 +46,7 @@ struct VirtIOBlkConf
>  uint32_t max_discard_sectors;
>  uint32_t max_write_zeroes_sectors;
>  bool 

Re: [PATCH] target/arm: Restructure has_vfp_d32 test

[Cédric Le Goater]

On 6/19/23 16:02, Richard Henderson wrote:

One cannot test for feature aa32_simd_r32 without first
testing if AArch32 mode is supported at all.  This leads to

qemu-system-aarch64: ARM CPUs must have both VFP-D32 and Neon or neither

for Apple M1 cpus.


The orangepi5 board I use didn't have that kind problem.


We already have a check for ARMv8-A never setting vfp-d32 true,
so restructure the code so that AArch64 avoids the test entirely.

Reported-by: Mads Ynddal 
Signed-off-by: Richard Henderson 


Reviewed-by: Cédric Le Goater 


Thanks for the fix,

C.


---
  target/arm/cpu.c | 28 +++-
  1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 353fc48567..706dbd37b1 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1402,25 +1402,27 @@ void arm_cpu_post_init(Object *obj)
   * KVM does not currently allow us to lie to the guest about its
   * ID/feature registers, so the guest always sees what the host has.
   */
-if (arm_feature(>env, ARM_FEATURE_AARCH64)
-? cpu_isar_feature(aa64_fp_simd, cpu)
-: cpu_isar_feature(aa32_vfp, cpu)) {
-cpu->has_vfp = true;
-if (!kvm_enabled()) {
-qdev_property_add_static(DEVICE(obj), _cpu_has_vfp_property);
+if (arm_feature(>env, ARM_FEATURE_AARCH64)) {
+if (cpu_isar_feature(aa64_fp_simd, cpu)) {
+cpu->has_vfp = true;
+cpu->has_vfp_d32 = true;
+if (tcg_enabled() || qtest_enabled()) {
+qdev_property_add_static(DEVICE(obj),
+ _cpu_has_vfp_property);
+}
  }
-}
-
-if (cpu->has_vfp && cpu_isar_feature(aa32_simd_r32, cpu)) {
-cpu->has_vfp_d32 = true;
-if (!kvm_enabled()) {
+} else if (cpu_isar_feature(aa32_vfp, cpu)) {
+cpu->has_vfp = true;
+if (cpu_isar_feature(aa32_simd_r32, cpu)) {
+cpu->has_vfp_d32 = true;
  /*
   * The permitted values of the SIMDReg bits [3:0] on
   * Armv8-A are either 0b and 0b0010. On such CPUs,
   * make sure that has_vfp_d32 can not be set to false.
   */
-if (!(arm_feature(>env, ARM_FEATURE_V8) &&
-  !arm_feature(>env, ARM_FEATURE_M))) {
+if ((tcg_enabled() || qtest_enabled())
+&& !(arm_feature(>env, ARM_FEATURE_V8)
+ && !arm_feature(>env, ARM_FEATURE_M))) {
  qdev_property_add_static(DEVICE(obj),
   _cpu_has_vfp_d32_property);
  }

Re: [PATCH] tests/plugin: Remove duplicate insn log from libinsn.so

[Alex Bennée]

Richard Henderson  writes:

> On 6/12/23 04:50, Richard Henderson wrote:
>> On 6/11/23 02:14, Alex Bennée wrote:
>>>
>>> Richard Henderson  writes:
>>>
 This is a perfectly natural occurrence for x86 "rep movb",
 where the "rep" prefix forms a counted loop of the one insn.

 During the tests/tcg/multiarch/memory test, this logging is
 triggered over 35 times.  Within the context of cross-i386-tci
 build, which is already slow by nature, the logging is sufficient
 to push the test into timeout.
>>>
>>> How does this get triggered because I added these:
>>>
>>> # non-inline runs will trigger the duplicate instruction heuristics in 
>>> libinsn.so
>>> run-plugin-%-with-libinsn.so:
>>> $(call run-test, $@, \
>>>   $(QEMU) -monitor none -display none \
>>>   -chardev file$(COMMA)path=$@.out$(COMMA)id=output \
>>>    -plugin ../../plugin/libinsn.so$(COMMA)inline=on \
>>>   -d plugin -D $*-with-libinsn.so.pout \
>>>   $(QEMU_OPTS) $*)
>>>
>>> to prevent the callback versions from being called for x86. The original
>>> intent of the check was to detect failures due to cpu_io_recompile, see
>>> e025d799af (tests/plugin: expand insn test to detect duplicate instructions)
>> I have no idea how, but it's happening.
>> 
 Signed-off-by: Richard Henderson 
 ---
 Irritatingly, it doesn't timeout locally, so I used staging to 
 double-check:

 Fail: https://gitlab.com/qemu-project/qemu/-/jobs/4450754282#L5062
 Pass: https://gitlab.com/qemu-project/qemu/-/jobs/4450927108
>> Note that in the pass case, we don't even log that the test ran.
>
> Any further thoughts on this?  Otherwise I'll merge it to get rid of
> the cross-i386-tci failure...
>
>
> r~

I'm happy to drop the feature from the plugin but the clean-up also
needs to be applied to the run-plugin-%-with-libinsn.so: rules for i386
and x86_64.

-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro

Re: [PATCH v2 0/2] target/i386/kvm: fix two svm pmu virtualization bugs

[Dongli Zhang]

Hi Like and zhenyu,

Thank you very much! That will be very helpful.

In order to help the review, I will rebase the patchset on top of the most
recent QEMU.

Thank you very much!

Dongli Zhang

On 6/19/23 01:52, Like Xu wrote:
> I think we've been stuck here too long. Sorry Dongli.
> 
> +zhenyu, could you get someone to follow up on this, or I will start working 
> on
> that.
> 
> On 9/1/2023 9:19 am, Dongli Zhang wrote:
>> Ping?
>>
>> About [PATCH v2 2/2], the bad thing is that the customer will not be able to
>> notice the issue, that is, the "Broken BIOS detected" in dmesg, immediately.
>>
>> As a result, the customer VM many panic randomly anytime in the future (once
>> issue is encountered) if "/proc/sys/kernel/unknown_nmi_panic" is enabled.
>>
>> Thank you very much!
>>
>> Dongli Zhang
>>
>> On 12/19/22 06:45, Dongli Zhang wrote:
>>> Can I get feedback for this patchset, especially the [PATCH v2 2/2]?
>>>
>>> About the [PATCH v2 2/2], currently the issue impacts the usage of PMUs on 
>>> AMD
>>> VM, especially the below case:
>>>
>>> 1. Enable panic on nmi.
>>> 2. Use perf to monitor the performance of VM. Although without a test, I 
>>> think
>>> the nmi watchdog has the same effect.
>>> 3. A sudden system reset, or a kernel panic (kdump/kexec).
>>> 4. After reboot, there will be random unknown NMI.
>>> 5. Unfortunately, the "panic on nmi" may panic the VM randomly at any time.
>>>
>>> Thank you very much!
>>>
>>> Dongli Zhang
>>>
>>> On 12/1/22 16:22, Dongli Zhang wrote:
 This patchset is to fix two svm pmu virtualization bugs, x86 only.

 version 1:
 https://lore.kernel.org/all/20221119122901.2469-1-dongli.zh...@oracle.com/

 1. The 1st bug is that "-cpu,-pmu" cannot disable svm pmu virtualization.

 To use "-cpu EPYC" or "-cpu host,-pmu" cannot disable the pmu
 virtualization. There is still below at the VM linux side ...

 [    0.510611] Performance Events: Fam17h+ core perfctr, AMD PMU driver.

 ... although we expect something like below.

 [    0.596381] Performance Events: PMU not available due to virtualization,
 using software events only.
 [    0.600972] NMI watchdog: Perf NMI watchdog permanently disabled

 The 1st patch has introduced a new x86 only accel/kvm property
 "pmu-cap-disabled=true" to disable the pmu virtualization via
 KVM_PMU_CAP_DISABLE.

 I considered 'KVM_X86_SET_MSR_FILTER' initially before patchset v1.
 Since both KVM_X86_SET_MSR_FILTER and KVM_PMU_CAP_DISABLE are VM ioctl. I
 finally used the latter because it is easier to use.


 2. The 2nd bug is that un-reclaimed perf events (after QEMU system_reset)
 at the KVM side may inject random unwanted/unknown NMIs to the VM.

 The svm pmu registers are not reset during QEMU system_reset.

 (1). The VM resets (e.g., via QEMU system_reset or VM kdump/kexec) while it
 is running "perf top". The pmu registers are not disabled gracefully.

 (2). Although the x86_cpu_reset() resets many registers to zero, the
 kvm_put_msrs() does not puts AMD pmu registers to KVM side. As a result,
 some pmu events are still enabled at the KVM side.

 (3). The KVM pmc_speculative_in_use() always returns true so that the 
 events
 will not be reclaimed. The kvm_pmc->perf_event is still active.

 (4). After the reboot, the VM kernel reports below error:

 [    0.092011] Performance Events: Fam17h+ core perfctr, Broken BIOS
 detected, complain to your hardware vendor.
 [    0.092023] [Firmware Bug]: the BIOS has corrupted hw-PMU resources (MSR
 c0010200 is 530076)

 (5). In a worse case, the active kvm_pmc->perf_event is still able to
 inject unknown NMIs randomly to the VM kernel.

 [...] Uhhuh. NMI received for unknown reason 30 on CPU 0.

 The 2nd patch is to fix the issue by resetting AMD pmu registers as well as
 Intel registers.


 This patchset does not cover PerfMonV2, until the below patchset is merged
 into the KVM side.

 [PATCH v3 0/8] KVM: x86: Add AMD Guest PerfMonV2 PMU support
 https://lore.kernel.org/all/2022102645.82001-1-lik...@tencent.com/


 Dongli Zhang (2):
    target/i386/kvm: introduce 'pmu-cap-disabled' to set 
 KVM_PMU_CAP_DISABLE
    target/i386/kvm: get and put AMD pmu registers

   accel/kvm/kvm-all.c  |   1 +
   include/sysemu/kvm_int.h |   1 +
   qemu-options.hx  |   7 +++
   target/i386/cpu.h    |   5 ++
   target/i386/kvm/kvm.c    | 129 +-
   5 files changed, 141 insertions(+), 2 deletions(-)

 Thank you very much!

 Dongli Zhang


>>
>>

[PATCH 0/5] docs/devel: improve API documentation for QOM

[Alex Bennée]

Hi,

At the recent QEMU maintainers summit we lamented the fact it was hard
to push forward with our modernising plans as legacy approaches still
get introduced into the code. A lot of knowledge about the "modern"
way of doing things is locked up in senior developers heads. Lets make
a push to improve the developer documentation and ensure best
practice is easy to find.

Some sort of parable about distribution of fishes and knowledge seems
appropriate here.

Alex Bennée (5):
  docs/devel: add some front matter to the devel index
  include/migration: mark vmstate_register() as a legacy function
  include/hw/qdev-core: fixup kerneldoc annotations (!COMPLETE)
  docs/devel: split qom-api reference into new file
  docs/devel: introduce some key concepts for QOM development

 docs/devel/index-api.rst |   2 +
 docs/devel/index-process.rst |   2 +
 docs/devel/index-tcg.rst |   2 +
 docs/devel/index.rst |  24 ++-
 docs/devel/qdev-api.rst  |  12 
 docs/devel/qom-api.rst   |   9 +++
 docs/devel/qom.rst   |  50 +-
 docs/devel/tcg.rst   |   2 +
 include/hw/qdev-core.h   | 123 +--
 include/migration/vmstate.h  |   9 ++-
 10 files changed, 210 insertions(+), 25 deletions(-)
 create mode 100644 docs/devel/qdev-api.rst
 create mode 100644 docs/devel/qom-api.rst

-- 
2.39.2

[PATCH 5/5] docs/devel: introduce some key concepts for QOM development

[Alex Bennée]

Using QOM correctly is increasingly important to maintaining a modern
code base. However the current documentation skips some important
concepts before launching into a simple example. Lets:

  - at least mention properties
  - mention TYPE_OBJECT and TYPE_DEVICE
  - talk about why we have realize/unrealize
  - mention the QOM tree

Signed-off-by: Alex Bennée 
---
 docs/devel/qom.rst | 47 ++
 1 file changed, 47 insertions(+)

diff --git a/docs/devel/qom.rst b/docs/devel/qom.rst
index 98a4f178d5..53633fbd35 100644
--- a/docs/devel/qom.rst
+++ b/docs/devel/qom.rst
@@ -13,6 +13,53 @@ features:
 - System for dynamically registering types
 - Support for single-inheritance of types
 - Multiple inheritance of stateless interfaces
+- Mapping internal members to publicly exposed properties
+
+The root object class is TYPE_OBJECT which provides for the basic
+object methods.
+
+The Device Class
+
+
+The TYPE_DEVICE class is the parent class for all modern devices
+implemented in QEMU and adds some specific methods to handle QEMU
+device model. This includes managing the lifetime of devices from
+creation through to when they become visible to the guest and
+eventually unrealized.
+
+Device Life-cycle
+-
+
+As class initialisation cannot fail devices have an two additional
+methods to handle the creation of dynamic devices. The ``realize``
+function is called with ``Error **`` pointer which should be set if
+the device cannot complete its setup. Otherwise on successful
+completion of the ``realize`` method the device object is added to the
+QOM tree and made visible to the guest.
+
+The reverse function is ``unrealize`` and should be were clean-up
+code lives to tidy up after the system is done with the device.
+
+All devices can be instantiated by C code, however only some can
+created dynamically via the command line or monitor. Likewise only
+some can be unplugged after creation and need an explicit
+``unrealize`` implementation. This is determined by the
+``user_creatable`` and ``hotpluggable`` variables in the root
+``DeviceClass`` structure.
+
+The QOM tree
+
+
+The QOM tree is a composition tree which represents all of the objects
+that make up a QEMU "machine". You can view this tree by running
+``info qom-tree`` in the :ref:`QEMU monitor`. It will contain both
+objects created by the machine itself as well those created due to
+user configuration.
+
+Creating a minimal device
+=
+
+A simple minimal device implementation may look something like bellow:
 
 .. code-block:: c
:caption: Creating a minimal type
-- 
2.39.2

Re: [PATCH 2/4] target/ppc: Ensure stcx size matches larx

[Peter Maydell]

On Mon, 19 Jun 2023 at 18:03, Richard Henderson
 wrote:
>
> On 6/19/23 17:55, Peter Maydell wrote:
> > On Mon, 19 Jun 2023 at 16:49, Richard Henderson
> >  wrote:
> >>
> >> On 6/5/23 08:27, Nicholas Piggin wrote:
> >>> On Sun Jun 4, 2023 at 8:28 PM AEST, Nicholas Piggin wrote:
>  Differently-sized larx/stcx. pairs can succeed if the starting address
>  matches. Add a size check to require stcx. exactly match the larx that
>  established the reservation.
> >>>
> >>> Hmm, question: reserve_addr is a VMSTATE field, but reserve_val is not
> >>> (nor reserve_size after this patch).
> >>>
> >>> Blue Swirl added that with commit a456d59c20f ("VM load/save support for
> >>> PPC CPU"), and when reserve_val was added in commit 18b21a2f83a
> >>> ("target-ppc: retain l{w,d}arx loaded value") it did not get migrated.
> >>>
> >>> Could we end up with reserve_addr != -1, but with a bogus reserve_val,
> >>> which could then permit a stcx. incorrectly? Not entirely outlandish if
> >>> reserve_val starts out initialised to zero.
> >>>
> >>> Could we just clear the reserve in cpu_post_load? It is permitted to be
> >>> lost for an implementation-specific reason. Doesn't seem necessary to
> >>> try keep it alive over a migration.
> >>
> >> It's not a bad idea to flush the reservation over migrate.
> >
> > Is there any particular reason to do so? The default simple
> > thing is "if this is state that persists across instructions
> > then migrate it"; we usually reserve "do something special in
> > post-load" for oddball cases where "just copy the data" doesn't
> > work.
> >
> > target/arm migrates both the exclusive addr and value.
>
> ppc is adding "size", which arm technically should have as well.

Arm allows an implementation to require the transaction size
to match on loadexcl and storexcl, but doesn't mandate it, fwiw.
(Also, our implementation is miles away from the architectural
requirements anyway because we operate on virtual addresses,
not physical addresses.)

> > target/mips migrates lladdr but has forgotten llval
> > (and perhaps llval_wp and llnewval_wp, depending on what
> > those fields do).
>
> So, similarly, would need to handle migration for which all of the required 
> data is not
> present.
>
> The thought is, rather than migrate this new data also, and handle 
> compatibility, simply
> discard all reservations.

I don't see a problem for normal migration and snapshotting.
I do wonder whether this would have a bad interaction
with record-and-replay's use of snapshots. Does that
expect "execution from the loaded snapshot" to match
"execution continues from point of snapshot save" ?

-- PMM

[PATCH 3/5] include/hw/qdev-core: fixup kerneldoc annotations (!COMPLETE)

[Alex Bennée]

Fix up the kerneldoc markup and start documenting the various fields
in QDEV related structures. Unfortunately this is not enough include
the documentation because kerneldoc currently chokes on some of our
macros such as:

/**
 * @gpios: list of named GPIOs the device provides.
 */
QLIST_HEAD(, NamedGPIOList) gpios;

where it demands we document QLIST_HEAD and NamedGPIOList despite them
not technically being fields in the structure.

Signed-off-by: Alex Bennée 
---
 include/hw/qdev-core.h | 123 ++---
 1 file changed, 102 insertions(+), 21 deletions(-)

diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
index f1070d6dc7..74b4971d7e 100644
--- a/include/hw/qdev-core.h
+++ b/include/hw/qdev-core.h
@@ -38,7 +38,10 @@ typedef void (*BusRealize)(BusState *bus, Error **errp);
 typedef void (*BusUnrealize)(BusState *bus);
 
 /**
- * DeviceClass:
+ * struct DeviceClass:
+ *
+ * The base class for all devices.
+ *
  * @props: Properties accessing state fields.
  * @realize: Callback function invoked when the #DeviceState:realized
  * property is changed to %true.
@@ -97,22 +100,34 @@ typedef void (*BusUnrealize)(BusState *bus);
  *
  */
 struct DeviceClass {
-/*< private >*/
+/* private: */
 ObjectClass parent_class;
-/*< public >*/
+/* public: */
 
+/**
+ * @categories: device categories device belongs to
+ */
 DECLARE_BITMAP(categories, DEVICE_CATEGORY_MAX);
+/**
+ * @fw_name: name used to identify device to firmware interfaces
+ */
 const char *fw_name;
+/**
+ * @desc: human readable description of device
+ */
 const char *desc;
 
-/*
- * The underscore at the end ensures a compile-time error if someone
- * assigns to dc->props instead of using device_class_set_props.
+/**
+ * @props_: properties associated with device, should only be
+ * assigned by using device_class_set_props(). The underscore
+ * ensures a compile-time error if someone attempts to assign
+ * dc->props directly.
  */
 Property *props_;
 
-/*
- * Can this device be instantiated with -device / device_add?
+/**
+ * @user_creatable: Can this device be instantiated with -device / 
device_add?
+ *
  * All devices should support instantiation with device_add, and
  * this flag should not exist.  But we're not there, yet.  Some
  * devices fail to instantiate with cryptic error messages.
@@ -126,19 +141,28 @@ struct DeviceClass {
 bool hotpluggable;
 
 /* callbacks */
-/*
- * Reset method here is deprecated and replaced by methods in the
- * resettable class interface to implement a multi-phase reset.
+/**
+ * @reset: deprecated device reset method pointer
+ *
+ * Modern code should use the ResettableClass interface to
+ * implement a multi-phase reset.
+ *
  * TODO: remove once every reset callback is unused
  */
 DeviceReset reset;
 DeviceRealize realize;
 DeviceUnrealize unrealize;
 
-/* device state */
+/**
+ * @vmsd: device state serialisation description for
+ * migration/save/restore
+ */
 const VMStateDescription *vmsd;
 
-/* Private to qdev / bus.  */
+/**
+ * @bus_type: bus type
+ * private: to qdev / bus.
+ */
 const char *bus_type;
 };
 
@@ -168,36 +192,91 @@ typedef struct {
 } MemReentrancyGuard;
 
 /**
- * DeviceState:
- * @reset: ResettableState for the device; handled by Resettable interface.
+ * struct DeviceState - common device state, accessed with qdev helpers
  *
  * This structure should not be accessed directly.  We declare it here
  * so that it can be embedded in individual device state structures.
  */
 struct DeviceState {
-/*< private >*/
+/* private: */
 Object parent_obj;
-/*< public >*/
+/* public: */
 
+/**
+ * @id: global device id
+ */
 char *id;
+/**
+ * @canonical_path: canonical path of realized device in the QOM tree
+ */
 char *canonical_path;
+/**
+ * @realized: has device been realized?
+ */
 bool realized;
+/**
+ * @pending_deleted_event: track pending deletion events during unplug
+ */
 bool pending_deleted_event;
+/**
+ * @pending_deleted_expires_ms: optional timeout for deletion events
+ */
 int64_t pending_deleted_expires_ms;
+/**
+ * @opts: QDict of options for the device
+ */
 QDict *opts;
+/**
+ * @hotplugged: was device added after PHASE_MACHINE_READY?
+ */
 int hotplugged;
+/**
+ * @allow_unplug_during_migration: can device be unplugged during migration
+ */
 bool allow_unplug_during_migration;
+/**
+ * @parent_bus: bus this device belongs to
+ */
 BusState *parent_bus;
+/**
+ * @gpios: list of named GPIOs the device provides.
+ */
 QLIST_HEAD(, NamedGPIOList) gpios;
+/**
+ * @clocks: list of named clocks 

[PATCH 4/5] docs/devel: split qom-api reference into new file

[Alex Bennée]

Lets try and keep the overview of the sub-system digestible by
splitting the core API stuff into a separate file. As QOM and QDEV
work together we should also try and enumerate the qdev_ functions.
Currently this is a little broken as kerneldoc doesn't understand our
macros.

Signed-off-by: Alex Bennée 
---
 docs/devel/index-api.rst |  2 ++
 docs/devel/qdev-api.rst  | 12 
 docs/devel/qom-api.rst   |  9 +
 docs/devel/qom.rst   |  3 ++-
 4 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 docs/devel/qdev-api.rst
 create mode 100644 docs/devel/qom-api.rst

diff --git a/docs/devel/index-api.rst b/docs/devel/index-api.rst
index 7108821746..539ad29c21 100644
--- a/docs/devel/index-api.rst
+++ b/docs/devel/index-api.rst
@@ -11,5 +11,7 @@ generated from in-code annotations to function prototypes.
loads-stores
memory
modules
+   qom-api
+   qdev-api
ui
zoned-storage
diff --git a/docs/devel/qdev-api.rst b/docs/devel/qdev-api.rst
new file mode 100644
index 00..d47c4d7493
--- /dev/null
+++ b/docs/devel/qdev-api.rst
@@ -0,0 +1,12 @@
+.. _qdev-api:
+
+
+QEMU Device (qdev) API Reference
+
+
+We don't currently generate the API documentation for QDEV due to QEMU
+macros confusing the kerneldoc tool. For now see the headers in
+``include/hw/qdev-core.h``
+
+..
+  kernel-doc:: include/hw/qdev-core.h
diff --git a/docs/devel/qom-api.rst b/docs/devel/qom-api.rst
new file mode 100644
index 00..ed1f17e797
--- /dev/null
+++ b/docs/devel/qom-api.rst
@@ -0,0 +1,9 @@
+.. _qom-api:
+
+=
+QEMU Object Model (QOM) API Reference
+=
+
+This is the complete API documentation for :ref:`qom`.
+
+.. kernel-doc:: include/qom/object.h
diff --git a/docs/devel/qom.rst b/docs/devel/qom.rst
index c9237950d0..98a4f178d5 100644
--- a/docs/devel/qom.rst
+++ b/docs/devel/qom.rst
@@ -387,4 +387,5 @@ OBJECT_DEFINE_ABSTRACT_TYPE() macro can be used instead:
 API Reference
 -
 
-.. kernel-doc:: include/qom/object.h
+See the :ref:`QOM API` and :ref:`QDEV API`
+documents for the complete API description.
-- 
2.39.2

[PATCH 2/5] include/migration: mark vmstate_register() as a legacy function

[Alex Bennée]

Mention that QOM-ified devices already have support for registering
the description.

Signed-off-by: Alex Bennée 
---
 include/migration/vmstate.h | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 084f5e784a..35579b2c1f 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -1209,7 +1209,14 @@ int vmstate_register_with_alias_id(VMStateIf *obj, 
uint32_t instance_id,
int required_for_version,
Error **errp);
 
-/* Returns: 0 on success, -1 on failure */
+/**
+ * vmstate_register() - legacy function to register state serialisation 
description
+ *
+ * New code shouldn't be using this function as QOM-ified devices have
+ * dc->vmsd to store the serialisation description.
+ *
+ * Returns: 0 on success, -1 on failure
+ */
 static inline int vmstate_register(VMStateIf *obj, int instance_id,
const VMStateDescription *vmsd,
void *opaque)
-- 
2.39.2

[PATCH 1/5] docs/devel: add some front matter to the devel index

[Alex Bennée]

Give an overview of the most useful bits of the devel documentation to
read depending on what the developer wants to do.

Signed-off-by: Alex Bennée 
---
 docs/devel/index-process.rst |  2 ++
 docs/devel/index-tcg.rst |  2 ++
 docs/devel/index.rst | 24 ++--
 docs/devel/tcg.rst   |  2 ++
 4 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/docs/devel/index-process.rst b/docs/devel/index-process.rst
index d50dd74c3e..362f97ee30 100644
--- a/docs/devel/index-process.rst
+++ b/docs/devel/index-process.rst
@@ -1,3 +1,5 @@
+.. _development_process:
+
 QEMU Community Processes
 
 
diff --git a/docs/devel/index-tcg.rst b/docs/devel/index-tcg.rst
index b44ff8b5a4..a992844e5c 100644
--- a/docs/devel/index-tcg.rst
+++ b/docs/devel/index-tcg.rst
@@ -1,3 +1,5 @@
+.. _tcg:
+
 TCG Emulation
 -
 
diff --git a/docs/devel/index.rst b/docs/devel/index.rst
index 09cfb322be..8f7e3dd80f 100644
--- a/docs/devel/index.rst
+++ b/docs/devel/index.rst
@@ -2,10 +2,30 @@
 Developer Information
 -
 
-This section of the manual documents various parts of the internals of QEMU.
-You only need to read it if you are interested in reading or
+This section of the manual documents various parts of the internals of
+QEMU. You only need to read it if you are interested in reading or
 modifying QEMU's source code.
 
+QEMU is a large and mature project with a number of complex subsystems
+that can be overwhelming to understand. The development documentation
+is not comprehensive but hopefully presents enough of a starting point
+to get you started. If there are areas that are unclear please reach
+out either via the IRC channel or mailing list and hopefully we can
+improve the documentation for future developers.
+
+All developers will want to familiarise themselves with
+:ref:`development_process` and how the community interacts. Please pay
+particular attention to the :ref:`coding-style` and
+:ref:`submitting-a-patch` sections to avoid common pitfalls.
+
+If you wish to implement a new hardware model you will want to read
+through the :ref:`qom` documentation to understand how QEMU's object
+model works.
+
+Those wishing to enhance or add new CPU emulation capabilities will
+want to read our :ref:`tcg` documentation, especially the overview of
+the :ref:`tcg_internals`.
+
 .. toctree::
:maxdepth: 1
 
diff --git a/docs/devel/tcg.rst b/docs/devel/tcg.rst
index b4096a17df..2786f2f679 100644
--- a/docs/devel/tcg.rst
+++ b/docs/devel/tcg.rst
@@ -1,3 +1,5 @@
+.. _tcg_internals:
+
 
 Translator Internals
 
-- 
2.39.2

[PATCH v2 1/1] hw/arm/sbsa-ref: add ITS support in SBSA GIC

[Marcin Juszkiewicz]

From: Shashi Mallela 

Create ITS as part of SBSA platform GIC initialization.

GIC ITS information is in DeviceTree so TF-A can pass it to EDK2.

Bumping platform version to 0.2 as this is important hardware change.

Signed-off-by: Shashi Mallela 
Co-authored-by: Marcin Juszkiewicz 
Signed-off-by: Marcin Juszkiewicz 
---
 docs/system/arm/sbsa.rst | 14 ++
 hw/arm/sbsa-ref.c| 33 ++---
 2 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/docs/system/arm/sbsa.rst b/docs/system/arm/sbsa.rst
index f571fe645e..a8e0b530a2 100644
--- a/docs/system/arm/sbsa.rst
+++ b/docs/system/arm/sbsa.rst
@@ -46,6 +46,9 @@ to be a complete compliant DT. It currently reports:
- platform version
- GIC addresses
 
+Platform version
+
+
 The platform version is only for informing platform firmware about
 what kind of ``sbsa-ref`` board it is running on. It is neither
 a QEMU versioned machine type nor a reflection of the level of the
@@ -54,3 +57,14 @@ SBSA/SystemReady SR support provided.
 The ``machine-version-major`` value is updated when changes breaking
 fw compatibility are introduced. The ``machine-version-minor`` value
 is updated when features are added that don't break fw compatibility.
+
+Platform version changes:
+
+0.0
+  Devicetree holds information about CPUs, memory and platform version.
+
+0.1
+  GIC information is present in devicetree.
+
+0.2
+  GIC ITS information is present in devicetree.
diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
index de21200ff9..0639f97dd5 100644
--- a/hw/arm/sbsa-ref.c
+++ b/hw/arm/sbsa-ref.c
@@ -65,6 +65,7 @@ enum {
 SBSA_CPUPERIPHS,
 SBSA_GIC_DIST,
 SBSA_GIC_REDIST,
+SBSA_GIC_ITS,
 SBSA_SECURE_EC,
 SBSA_GWDT_WS0,
 SBSA_GWDT_REFRESH,
@@ -108,6 +109,7 @@ static const MemMapEntry sbsa_ref_memmap[] = {
 [SBSA_CPUPERIPHS] = { 0x4000, 0x0004 },
 [SBSA_GIC_DIST] =   { 0x4006, 0x0001 },
 [SBSA_GIC_REDIST] = { 0x4008, 0x0400 },
+[SBSA_GIC_ITS] ={ 0x44081000, 0x0002 },
 [SBSA_SECURE_EC] =  { 0x5000, 0x1000 },
 [SBSA_GWDT_REFRESH] =   { 0x5001, 0x1000 },
 [SBSA_GWDT_CONTROL] =   { 0x50011000, 0x1000 },
@@ -181,8 +183,15 @@ static void sbsa_fdt_add_gic_node(SBSAMachineState *sms)
  2, sbsa_ref_memmap[SBSA_GIC_REDIST].base,
  2, sbsa_ref_memmap[SBSA_GIC_REDIST].size);
 
+nodename = g_strdup_printf("/intc/its");
+qemu_fdt_add_subnode(sms->fdt, nodename);
+qemu_fdt_setprop_sized_cells(sms->fdt, nodename, "reg",
+ 2, sbsa_ref_memmap[SBSA_GIC_ITS].base,
+ 2, sbsa_ref_memmap[SBSA_GIC_ITS].size);
+
 g_free(nodename);
 }
+
 /*
  * Firmware on this machine only uses ACPI table to load OS, these limited
  * device tree nodes are just to let firmware know the info which varies from
@@ -219,7 +228,7 @@ static void create_fdt(SBSAMachineState *sms)
  *fw compatibility.
  */
 qemu_fdt_setprop_cell(fdt, "/", "machine-version-major", 0);
-qemu_fdt_setprop_cell(fdt, "/", "machine-version-minor", 1);
+qemu_fdt_setprop_cell(fdt, "/", "machine-version-minor", 2);
 
 if (ms->numa_state->have_numa_distance) {
 int size = nb_numa_nodes * nb_numa_nodes * 3 * sizeof(uint32_t);
@@ -409,7 +418,20 @@ static void create_secure_ram(SBSAMachineState *sms,
 memory_region_add_subregion(secure_sysmem, base, secram);
 }
 
-static void create_gic(SBSAMachineState *sms)
+static void create_its(SBSAMachineState *sms)
+{
+const char *itsclass = its_class_name();
+DeviceState *dev;
+
+dev = qdev_new(itsclass);
+
+object_property_set_link(OBJECT(dev), "parent-gicv3", OBJECT(sms->gic),
+ _abort);
+sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), _fatal);
+sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 
sbsa_ref_memmap[SBSA_GIC_ITS].base);
+}
+
+static void create_gic(SBSAMachineState *sms, MemoryRegion *mem)
 {
 unsigned int smp_cpus = MACHINE(sms)->smp.cpus;
 SysBusDevice *gicbusdev;
@@ -436,6 +458,10 @@ static void create_gic(SBSAMachineState *sms)
 qdev_prop_set_uint32(sms->gic, "len-redist-region-count", 1);
 qdev_prop_set_uint32(sms->gic, "redist-region-count[0]", redist0_count);
 
+object_property_set_link(OBJECT(sms->gic), "sysmem",
+ OBJECT(mem), _fatal);
+qdev_prop_set_bit(sms->gic, "has-lpi", true);
+
 gicbusdev = SYS_BUS_DEVICE(sms->gic);
 sysbus_realize_and_unref(gicbusdev, _fatal);
 sysbus_mmio_map(gicbusdev, 0, sbsa_ref_memmap[SBSA_GIC_DIST].base);
@@ -482,6 +508,7 @@ static void create_gic(SBSAMachineState *sms)
 sysbus_connect_irq(gicbusdev, i + 3 * smp_cpus,
qdev_get_gpio_in(cpudev, ARM_CPU_VFIQ));
 }
+create_its(sms);
 }
 
 static 

[PATCH v2 0/1] hw/arm/sbsa-ref: add ITS support in GIC

[Marcin Juszkiewicz]

In 2021 Shashi Mallela sent v8 of GIC ITS patchset [1]. At that time it
was decided to do platform versioning first.

1. 
https://lore.kernel.org/qemu-devel/20210812165341.40784-8-shashi.mall...@linaro.org/

Now we are going through our list of changes for SBSA Reference Platform
and GIC ITS is one of early ones. There was decision that there will be
no option to disable it and platform version will get a minor bump.

This is refreshed version of v8 one from 2021. GIC ITS is placed behind
GIC Redistributor in memory space to allow use of older EDK2 firmware.

New address is placed in DeviceTree for firmware to use. Due to it we
also bump platform version to 0.2 version.

Trusted Firmware will read GIC ITS address and provide to EDK2 via
Secure Monitor Call (SMC). Same way as it is done with GIC addresses
already.

Changes since v1:
- everything in one patch
- removed bogus check for kvm_irqchip_in_kernel()
- documentation about platform version changes added


Shashi Mallela (1):
  hw/arm/sbsa-ref: add ITS support in SBSA GIC

 docs/system/arm/sbsa.rst | 14 ++
 hw/arm/sbsa-ref.c| 33 ++---
 2 files changed, 44 insertions(+), 3 deletions(-)

-- 
2.40.1

Re: [PATCH v2 06/38] crypto: Add aesenc_SB_SR_AK

[Richard Henderson]

On 6/19/23 18:56, Daniel P. Berrangé wrote:

On Thu, Jun 08, 2023 at 07:23:29PM -0700, Richard Henderson wrote:

Start adding infrastructure for accelerating guest AES.
Begin with a SubBytes + ShiftRows + AddRoundKey primitive.

Signed-off-by: Richard Henderson 
---
  host/include/generic/host/aes-round.h | 16 ++
  include/crypto/aes-round.h| 44 +++
  crypto/aes.c  | 44 +++
  3 files changed, 104 insertions(+)
  create mode 100644 host/include/generic/host/aes-round.h
  create mode 100644 include/crypto/aes-round.h

diff --git a/host/include/generic/host/aes-round.h 
b/host/include/generic/host/aes-round.h
new file mode 100644
index 00..19c8505e2b
--- /dev/null
+++ b/host/include/generic/host/aes-round.h


Could we put these files under a 'crypto/' subdirectory eg

   host/include/generic/host/crypto/aes-round.h

and then add

   host/include/*/host/crypto

to MAINTAINERS for 'crypto'.


Certainly.


r~

Re: [PATCH 2/4] target/ppc: Ensure stcx size matches larx

[Richard Henderson]

On 6/19/23 17:55, Peter Maydell wrote:

On Mon, 19 Jun 2023 at 16:49, Richard Henderson
 wrote:


On 6/5/23 08:27, Nicholas Piggin wrote:

On Sun Jun 4, 2023 at 8:28 PM AEST, Nicholas Piggin wrote:

Differently-sized larx/stcx. pairs can succeed if the starting address
matches. Add a size check to require stcx. exactly match the larx that
established the reservation.


Hmm, question: reserve_addr is a VMSTATE field, but reserve_val is not
(nor reserve_size after this patch).

Blue Swirl added that with commit a456d59c20f ("VM load/save support for
PPC CPU"), and when reserve_val was added in commit 18b21a2f83a
("target-ppc: retain l{w,d}arx loaded value") it did not get migrated.

Could we end up with reserve_addr != -1, but with a bogus reserve_val,
which could then permit a stcx. incorrectly? Not entirely outlandish if
reserve_val starts out initialised to zero.

Could we just clear the reserve in cpu_post_load? It is permitted to be
lost for an implementation-specific reason. Doesn't seem necessary to
try keep it alive over a migration.


It's not a bad idea to flush the reservation over migrate.


Is there any particular reason to do so? The default simple
thing is "if this is state that persists across instructions
then migrate it"; we usually reserve "do something special in
post-load" for oddball cases where "just copy the data" doesn't
work.

target/arm migrates both the exclusive addr and value.


ppc is adding "size", which arm technically should have as well.


target/mips migrates lladdr but has forgotten llval
(and perhaps llval_wp and llnewval_wp, depending on what
those fields do).


So, similarly, would need to handle migration for which all of the required data is not 
present.


The thought is, rather than migrate this new data also, and handle compatibility, simply 
discard all reservations.



r~

Re: [PATCH] target/arm: Restructure has_vfp_d32 test

[Richard Henderson]

On 6/19/23 18:07, Philippe Mathieu-Daudé wrote:

We already have a check for ARMv8-A never setting vfp-d32 true,


... gah!  "false".


r~

Re: [PULL 00/33] target-arm queue

[Richard Henderson]

On 6/19/23 16:28, Peter Maydell wrote:

Hi; here's a target-arm pullreq. Mostly this is some decodetree
conversion patches from me, plus a scattering of other bug fixes.

thanks
-- PMM

The following changes since commit e3660cc1e3cb136af50c0eaaeac27943c2438d1d:

   Merge tag 'pull-loongarch-20230616' of https://gitlab.com/gaosong/qemu into 
staging (2023-06-16 12:30:16 +0200)

are available in the Git repository at:

   https://git.linaro.org/people/pmaydell/qemu-arm.git 
tags/pull-target-arm-20230619

for you to fetch changes up to 074259c0f2ac40042dce766d870318cc22f388eb:

   hw/misc/bcm2835_property: Handle CORE_CLK_ID firmware property (2023-06-19 
15:27:21 +0100)


target-arm queue:
  * Fix return value from LDSMIN/LDSMAX 8/16 bit atomics
  * Return correct result for LDG when ATA=0
  * Conversion of system insns, loads and stores to decodetree
  * hw/intc/allwinner-a10-pic: Handle IRQ levels other than 0 or 1
  * hw/sd/allwinner-sdhost: Don't send non-boolean IRQ line levels
  * hw/timer/nrf51_timer: Don't lose time when timer is queried in tight loop
  * hw/arm/Kconfig: sbsa-ref uses Bochs display
  * imx_serial: set wake bit when we receive a data byte
  * docs: sbsa: document board to firmware interface
  * hw/misc/bcm2835_property: avoid hard-coded constants


Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/8.1 as 
appropriate.


r~

Re: [PATCH v2 06/38] crypto: Add aesenc_SB_SR_AK

[Daniel P . Berrangé]

On Thu, Jun 08, 2023 at 07:23:29PM -0700, Richard Henderson wrote:
> Start adding infrastructure for accelerating guest AES.
> Begin with a SubBytes + ShiftRows + AddRoundKey primitive.
> 
> Signed-off-by: Richard Henderson 
> ---
>  host/include/generic/host/aes-round.h | 16 ++
>  include/crypto/aes-round.h| 44 +++
>  crypto/aes.c  | 44 +++
>  3 files changed, 104 insertions(+)
>  create mode 100644 host/include/generic/host/aes-round.h
>  create mode 100644 include/crypto/aes-round.h
> 
> diff --git a/host/include/generic/host/aes-round.h 
> b/host/include/generic/host/aes-round.h
> new file mode 100644
> index 00..19c8505e2b
> --- /dev/null
> +++ b/host/include/generic/host/aes-round.h

Could we put these files under a 'crypto/' subdirectory eg

  host/include/generic/host/crypto/aes-round.h

and then add

  host/include/*/host/crypto

to MAINTAINERS for 'crypto'.

> @@ -0,0 +1,16 @@
> +/*
> + * No host specific aes acceleration.
> + * SPDX-License-Identifier: GPL-2.0-or-later
> + */
> +
> +#ifndef GENERIC_HOST_AES_ROUND_H
> +#define GENERIC_HOST_AES_ROUND_H

To match the extra sub-dir GENERIC_HOST_CRYPTO_AES_ROUND_H

> +
> +#define HAVE_AES_ACCEL  false
> +#define ATTR_AES_ACCEL
> +
> +void aesenc_SB_SR_AK_accel(AESState *, const AESState *,
> +   const AESState *, bool)
> +QEMU_ERROR("unsupported accel");
> +
> +#endif
> diff --git a/include/crypto/aes-round.h b/include/crypto/aes-round.h
> new file mode 100644
> index 00..15ea1f42bc
> --- /dev/null
> +++ b/include/crypto/aes-round.h
> @@ -0,0 +1,44 @@
> +/*
> + * AES round fragments, generic version
> + * SPDX-License-Identifier: GPL-2.0-or-later
> + *
> + * Copyright (C) 2023 Linaro, Ltd.
> + */
> +
> +#ifndef CRYPTO_AES_ROUND_H
> +#define CRYPTO_AES_ROUND_H
> +
> +/* Hosts with acceleration will usually need a 16-byte vector type. */
> +typedef uint8_t AESStateVec __attribute__((vector_size(16)));
> +
> +typedef union {
> +uint8_t b[16];
> +uint32_t w[4];
> +uint64_t d[4];
> +AESStateVec v;
> +} AESState;
> +
> +#include "host/aes-round.h"
> +
> +/*
> + * Perform SubBytes + ShiftRows.
> + */
> +
> +void aesenc_SB_SR_AK_gen(AESState *ret, const AESState *st,
> + const AESState *rk);
> +void aesenc_SB_SR_AK_genrev(AESState *ret, const AESState *st,
> +const AESState *rk);
> +
> +static inline void aesenc_SB_SR_AK(AESState *r, const AESState *st,
> +   const AESState *rk, bool be)
> +{
> +if (HAVE_AES_ACCEL) {
> +aesenc_SB_SR_AK_accel(r, st, rk, be);
> +} else if (HOST_BIG_ENDIAN == be) {
> +aesenc_SB_SR_AK_gen(r, st, rk);
> +} else {
> +aesenc_SB_SR_AK_genrev(r, st, rk);
> +}
> +}
> +
> +#endif /* CRYPTO_AES_ROUND_H */
> diff --git a/crypto/aes.c b/crypto/aes.c
> index cdf937883d..896f6f44f1 100644
> --- a/crypto/aes.c
> +++ b/crypto/aes.c
> @@ -29,6 +29,7 @@
>   */
>  #include "qemu/osdep.h"
>  #include "crypto/aes.h"
> +#include "crypto/aes-round.h"
>  
>  typedef uint32_t u32;
>  typedef uint8_t u8;
> @@ -1249,6 +1250,49 @@ static const u32 rcon[] = {
>  0x1B00, 0x3600, /* for 128-bit blocks, Rijndael never uses 
> more than 10 rcon values */
>  };
>  
> +/* Perform SubBytes + ShiftRows + AddRoundKey. */
> +static inline void
> +aesenc_SB_SR_AK_swap(AESState *ret, const AESState *st,
> + const AESState *rk, bool swap)
> +{
> +const int swap_b = swap ? 15 : 0;
> +AESState t;
> +
> +t.b[swap_b ^ 0x0] = AES_sbox[st->b[swap_b ^ AES_SH_0]];
> +t.b[swap_b ^ 0x1] = AES_sbox[st->b[swap_b ^ AES_SH_1]];
> +t.b[swap_b ^ 0x2] = AES_sbox[st->b[swap_b ^ AES_SH_2]];
> +t.b[swap_b ^ 0x3] = AES_sbox[st->b[swap_b ^ AES_SH_3]];
> +t.b[swap_b ^ 0x4] = AES_sbox[st->b[swap_b ^ AES_SH_4]];
> +t.b[swap_b ^ 0x5] = AES_sbox[st->b[swap_b ^ AES_SH_5]];
> +t.b[swap_b ^ 0x6] = AES_sbox[st->b[swap_b ^ AES_SH_6]];
> +t.b[swap_b ^ 0x7] = AES_sbox[st->b[swap_b ^ AES_SH_7]];
> +t.b[swap_b ^ 0x8] = AES_sbox[st->b[swap_b ^ AES_SH_8]];
> +t.b[swap_b ^ 0x9] = AES_sbox[st->b[swap_b ^ AES_SH_9]];
> +t.b[swap_b ^ 0xa] = AES_sbox[st->b[swap_b ^ AES_SH_A]];
> +t.b[swap_b ^ 0xb] = AES_sbox[st->b[swap_b ^ AES_SH_B]];
> +t.b[swap_b ^ 0xc] = AES_sbox[st->b[swap_b ^ AES_SH_C]];
> +t.b[swap_b ^ 0xd] = AES_sbox[st->b[swap_b ^ AES_SH_D]];
> +t.b[swap_b ^ 0xe] = AES_sbox[st->b[swap_b ^ AES_SH_E]];
> +t.b[swap_b ^ 0xf] = AES_sbox[st->b[swap_b ^ AES_SH_F]];
> +
> +/*
> + * Perform the AddRoundKey with generic vectors.
> + * This may be expanded to either host integer or host vector code.
> + * The key and output endianness match, so no bswap required.
> + */
> +ret->v = t.v ^ rk->v;
> +}
> +
> +void aesenc_SB_SR_AK_gen(AESState *r, const AESState *s, const AESState *k)
> +{
> +

Re: [PATCH v2 04/38] target/arm: Move aesmc and aesimc tables to crypto/aes.c

[Daniel P . Berrangé]

On Thu, Jun 08, 2023 at 07:23:27PM -0700, Richard Henderson wrote:
> We do not currently have a table in crypto/ for just MixColumns.
> Move both tables for consistency.
> 
> Reviewed-by: Philippe Mathieu-Daudé 
> Signed-off-by: Richard Henderson 
> ---
>  include/crypto/aes.h   |   6 ++
>  crypto/aes.c   | 140 
>  target/arm/tcg/crypto_helper.c | 143 ++---
>  3 files changed, 151 insertions(+), 138 deletions(-)

Acked-by: Daniel P. Berrangé 


With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH] target/arm: Restructure has_vfp_d32 test

[Philippe Mathieu-Daudé]

On 19/6/23 16:02, Richard Henderson wrote:

One cannot test for feature aa32_simd_r32 without first
testing if AArch32 mode is supported at all.  This leads to

qemu-system-aarch64: ARM CPUs must have both VFP-D32 and Neon or neither

for Apple M1 cpus.

We already have a check for ARMv8-A never setting vfp-d32 true,
so restructure the code so that AArch64 avoids the test entirely.

Reported-by: Mads Ynddal 
Signed-off-by: Richard Henderson 
---
  target/arm/cpu.c | 28 +++-
  1 file changed, 15 insertions(+), 13 deletions(-)


Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 

[PATCH v3 28/34] target/arm/tcg: Move v8m_stackcheck() from op_helper.c to m_helper.c

[Philippe Mathieu-Daudé]

No need to have the v8m_stackcheck() helper in the generic
op_helper.c, move it with the rest of the M-profile helpers.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/tcg/m_helper.c  | 16 
 target/arm/tcg/op_helper.c | 16 
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/target/arm/tcg/m_helper.c b/target/arm/tcg/m_helper.c
index 0891acc29c..0780bb3dea 100644
--- a/target/arm/tcg/m_helper.c
+++ b/target/arm/tcg/m_helper.c
@@ -2893,3 +2893,19 @@ uint32_t *arm_v7m_get_sp_ptr(CPUARMState *env, bool 
secure, bool threadmode,
 }
 }
 }
+
+void HELPER(v8m_stackcheck)(CPUARMState *env, uint32_t newvalue)
+{
+/*
+ * Perform the v8M stack limit check for SP updates from translated code,
+ * raising an exception if the limit is breached.
+ */
+if (newvalue < v7m_sp_limit(env)) {
+/*
+ * Stack limit exceptions are a rare case, so rather than syncing
+ * PC/condbits before the call, we use raise_exception_ra() so
+ * that cpu_restore_state() will sort them out.
+ */
+raise_exception_ra(env, EXCP_STKOF, 0, 1, GETPC());
+}
+}
diff --git a/target/arm/tcg/op_helper.c b/target/arm/tcg/op_helper.c
index 70a9c37b74..04a90e3e3a 100644
--- a/target/arm/tcg/op_helper.c
+++ b/target/arm/tcg/op_helper.c
@@ -82,22 +82,6 @@ void raise_exception_ra(CPUARMState *env, uint32_t excp, 
uint32_t syndrome,
 raise_exception(env, excp, syndrome, target_el);
 }
 
-void HELPER(v8m_stackcheck)(CPUARMState *env, uint32_t newvalue)
-{
-/*
- * Perform the v8M stack limit check for SP updates from translated code,
- * raising an exception if the limit is breached.
- */
-if (newvalue < v7m_sp_limit(env)) {
-/*
- * Stack limit exceptions are a rare case, so rather than syncing
- * PC/condbits before the call, we use raise_exception_ra() so
- * that cpu_restore_state() will sort them out.
- */
-raise_exception_ra(env, EXCP_STKOF, 0, 1, GETPC());
-}
-}
-
 uint32_t HELPER(add_setq)(CPUARMState *env, uint32_t a, uint32_t b)
 {
 uint32_t res = a + b;
-- 
2.38.1

[PATCH v3 30/34] target/arm/tcg: Reduce 'helper-m.h.inc' inclusion

[Philippe Mathieu-Daudé]

Instead of including helper-m.h.inc via helper.h which is
included by all TCG files, restrict it to the few files
that require it.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/helper.h   | 2 --
 target/arm/tcg/m_helper.c | 4 
 target/arm/tcg/translate-m-nocp.c | 6 ++
 target/arm/tcg/translate-vfp.c| 4 
 target/arm/tcg/translate.c| 4 
 5 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 70ae3513e5..77c004a70c 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -95,5 +95,3 @@ DEF_HELPER_3(ror_cc, i32, env, i32, i32)
 
 DEF_HELPER_FLAGS_3(crc32, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
 DEF_HELPER_FLAGS_3(crc32c, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
-
-#include "tcg/helper-m.h.inc"
diff --git a/target/arm/tcg/m_helper.c b/target/arm/tcg/m_helper.c
index 0780bb3dea..45568d96bb 100644
--- a/target/arm/tcg/m_helper.c
+++ b/target/arm/tcg/m_helper.c
@@ -21,6 +21,10 @@
 #include "hw/intc/armv7m_nvic.h"
 #endif
 
+#define HELPER_H "tcg/helper-m.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 static void v7m_msr_xpsr(CPUARMState *env, uint32_t mask,
  uint32_t reg, uint32_t val)
 {
diff --git a/target/arm/tcg/translate-m-nocp.c 
b/target/arm/tcg/translate-m-nocp.c
index 7343945b41..ee9c296a98 100644
--- a/target/arm/tcg/translate-m-nocp.c
+++ b/target/arm/tcg/translate-m-nocp.c
@@ -25,6 +25,12 @@
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-m.h.inc"
+#include "exec/helper-proto.h.inc"
+#include "exec/helper-gen.h.inc"
+#include "exec/helper-info.c.inc"
+#undef  HELPER_H
+
 /* Include the generated decoder */
 #include "decode-m-nocp.c.inc"
 
diff --git a/target/arm/tcg/translate-vfp.c b/target/arm/tcg/translate-vfp.c
index b890c7ed01..ff61c53db2 100644
--- a/target/arm/tcg/translate-vfp.c
+++ b/target/arm/tcg/translate-vfp.c
@@ -24,6 +24,10 @@
 #include "translate.h"
 #include "translate-a32.h"
 
+#define HELPER_H "tcg/helper-m.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
 #define HELPER_H "tcg/helper-vfp.h.inc"
 #include "exec/helper-proto.h.inc"
 #include "exec/helper-gen.h.inc"
diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
index a71c60f4fb..4b54e177d1 100644
--- a/target/arm/tcg/translate.c
+++ b/target/arm/tcg/translate.c
@@ -37,6 +37,10 @@
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-m.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
 #define HELPER_H "helper.h"
 #include "exec/helper-info.c.inc"
 #undef  HELPER_H
-- 
2.38.1

[PATCH v3 31/34] target/arm/tcg: Inline 'exec/helper-gen.h'

[Philippe Mathieu-Daudé]

Suggested-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/tcg/translate.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/arm/tcg/translate.h b/target/arm/tcg/translate.h
index 7d57a71b67..13d59d8417 100644
--- a/target/arm/tcg/translate.h
+++ b/target/arm/tcg/translate.h
@@ -6,9 +6,11 @@
 #include "tcg/tcg-op-gvec.h"
 #include "exec/exec-all.h"
 #include "exec/translator.h"
-#include "exec/helper-gen.h"
 #include "internals.h"
 
+#define HELPER_H "helper.h"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
 
 /* internal defines */
 
-- 
2.38.1

[PATCH v3 29/34] target/arm/tcg: Extract M-profile definitions to 'helper-m.h.inc'

[Philippe Mathieu-Daudé]

helper.h is used by all units, but not all require the
M-profile definitions. Move them to a new header; the next
commit will remove it from the common helper.h.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/helper.h   | 17 ++---
 target/arm/tcg/helper-m.h.inc | 23 +++
 2 files changed, 25 insertions(+), 15 deletions(-)
 create mode 100644 target/arm/tcg/helper-m.h.inc

diff --git a/target/arm/helper.h b/target/arm/helper.h
index aae2a38407..70ae3513e5 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -62,21 +62,6 @@ DEF_HELPER_3(cpsr_write, void, env, i32, i32)
 DEF_HELPER_2(cpsr_write_eret, void, env, i32)
 DEF_HELPER_1(cpsr_read, i32, env)
 
-DEF_HELPER_3(v7m_msr, void, env, i32, i32)
-DEF_HELPER_2(v7m_mrs, i32, env, i32)
-
-DEF_HELPER_2(v7m_bxns, void, env, i32)
-DEF_HELPER_2(v7m_blxns, void, env, i32)
-
-DEF_HELPER_3(v7m_tt, i32, env, i32, i32)
-
-DEF_HELPER_1(v7m_preserve_fp_state, void, env)
-
-DEF_HELPER_2(v7m_vlstm, void, env, i32)
-DEF_HELPER_2(v7m_vlldm, void, env, i32)
-
-DEF_HELPER_2(v8m_stackcheck, void, env, i32)
-
 DEF_HELPER_FLAGS_2(check_bxj_trap, TCG_CALL_NO_WG, void, env, i32)
 
 DEF_HELPER_4(access_check_cp_reg, cptr, env, i32, i32, i32)
@@ -110,3 +95,5 @@ DEF_HELPER_3(ror_cc, i32, env, i32, i32)
 
 DEF_HELPER_FLAGS_3(crc32, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
 DEF_HELPER_FLAGS_3(crc32c, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
+
+#include "tcg/helper-m.h.inc"
diff --git a/target/arm/tcg/helper-m.h.inc b/target/arm/tcg/helper-m.h.inc
new file mode 100644
index 00..122311b6d0
--- /dev/null
+++ b/target/arm/tcg/helper-m.h.inc
@@ -0,0 +1,23 @@
+/*
+ * ARM M-profile helper definitions
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+DEF_HELPER_3(v7m_msr, void, env, i32, i32)
+DEF_HELPER_2(v7m_mrs, i32, env, i32)
+
+DEF_HELPER_2(v7m_bxns, void, env, i32)
+DEF_HELPER_2(v7m_blxns, void, env, i32)
+
+DEF_HELPER_3(v7m_tt, i32, env, i32, i32)
+
+DEF_HELPER_1(v7m_preserve_fp_state, void, env)
+
+DEF_HELPER_2(v7m_vlstm, void, env, i32)
+DEF_HELPER_2(v7m_vlldm, void, env, i32)
+
+DEF_HELPER_2(v8m_stackcheck, void, env, i32)
-- 
2.38.1

[PATCH v3] hw/pci: prevent hotplug of devices on pcie-root-ports on the wrong slot

[Ani Sinha]

When a device is plugged into a PCIE root port, it can only be plugged into slot
0. Hotplugging a device into a slot other than slot 0 is invalid and should be
prevented. This change ensures that we throw an error if the user tries to plug
a device into a pcie root port on any slot other than slot 0.

CC: jus...@redhat.com
CC: imamm...@redhat.com
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2128929
Signed-off-by: Ani Sinha 
---
 hw/pci/pci.c | 16 
 1 file changed, 16 insertions(+)

changelog:
v2: addressed issue with multifunction pcie root ports. Should allow
hotplug on functions other than function 0.
v3: improved commit message.

diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index bf38905b7d..66999352cc 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -64,6 +64,7 @@ bool pci_available = true;
 static char *pcibus_get_dev_path(DeviceState *dev);
 static char *pcibus_get_fw_dev_path(DeviceState *dev);
 static void pcibus_reset(BusState *qbus);
+static bool pcie_has_upstream_port(PCIDevice *dev);
 
 static Property pci_props[] = {
 DEFINE_PROP_PCI_DEVFN("addr", PCIDevice, devfn, -1),
@@ -1182,6 +1183,11 @@ static PCIDevice *do_pci_register_device(PCIDevice 
*pci_dev,
 } else if (dev->hotplugged &&
!pci_is_vf(pci_dev) &&
pci_get_function_0(pci_dev)) {
+/*
+ * populating function 0 triggers a bus scan from the guest that
+ * exposes other non-zero functions. Hence we need to ensure that
+ * function 0 is available.
+ */
 error_setg(errp, "PCI: slot %d function 0 already occupied by %s,"
" new func %s cannot be exposed to guest.",
PCI_SLOT(pci_get_function_0(pci_dev)->devfn),
@@ -1189,6 +1195,16 @@ static PCIDevice *do_pci_register_device(PCIDevice 
*pci_dev,
name);
 
return NULL;
+} else if (dev->hotplugged &&
+   !pci_is_vf(pci_dev) &&
+   pcie_has_upstream_port(pci_dev) && PCI_SLOT(devfn)) {
+/*
+ * If the device is being plugged into an upstream PCIE port,
+ * like a pcie root port, we only support one device at slot 0
+ */
+error_setg(errp, "PCI: slot %d is not valid for %s",
+   PCI_SLOT(devfn), name);
+return NULL;
 }
 
 pci_dev->devfn = devfn;
-- 
2.39.1

[PATCH v3 33/34] target/arm/tcg: Rename 'helper.h' -> 'tcg/helper.h.inc'

[Philippe Mathieu-Daudé]

Since commit 139c1837db ("meson: rename included C source files
to .c.inc"), QEMU standard procedure for included C files is to
use *.c.inc.

Besides, since commit 6a0057aa22 ("docs/devel: make a statement
about includes") this is documented as the Coding Style:

  If you do use template header files they should be named with
  the ``.c.inc`` or ``.h.inc`` suffix to make it clear they are
  being included for expansion.

Therefore rename 'helper.h' as 'helper.h.inc'. Since this file
is TCG-specific, move it to the tcg/ directory.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/tcg/translate.h| 2 +-
 target/arm/{helper.h => tcg/helper.h.inc} | 0
 target/arm/debug_helper.c | 2 +-
 target/arm/helper.c   | 2 +-
 target/arm/tcg/helper-a64.c   | 2 +-
 target/arm/tcg/hflags.c   | 2 +-
 target/arm/tcg/m_helper.c | 2 +-
 target/arm/tcg/op_helper.c| 2 +-
 target/arm/tcg/psci.c | 2 +-
 target/arm/tcg/tlb_helper.c   | 2 +-
 target/arm/tcg/translate.c| 2 +-
 11 files changed, 10 insertions(+), 10 deletions(-)
 rename target/arm/{helper.h => tcg/helper.h.inc} (100%)

diff --git a/target/arm/tcg/translate.h b/target/arm/tcg/translate.h
index 13d59d8417..6516852c06 100644
--- a/target/arm/tcg/translate.h
+++ b/target/arm/tcg/translate.h
@@ -8,7 +8,7 @@
 #include "exec/translator.h"
 #include "internals.h"
 
-#define HELPER_H "helper.h"
+#define HELPER_H "tcg/helper.h.inc"
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
diff --git a/target/arm/helper.h b/target/arm/tcg/helper.h.inc
similarity index 100%
rename from target/arm/helper.h
rename to target/arm/tcg/helper.h.inc
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
index 31165b92a5..b32852e947 100644
--- a/target/arm/debug_helper.c
+++ b/target/arm/debug_helper.c
@@ -15,7 +15,7 @@
 
 #ifdef CONFIG_TCG
 
-#define HELPER_H "helper.h"
+#define HELPER_H "tcg/helper.h.inc"
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
 
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 63ed29b841..425cc86c7a 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -26,7 +26,7 @@
 #include "qemu/guest-random.h"
 #ifdef CONFIG_TCG
 
-#define HELPER_H "helper.h"
+#define HELPER_H "tcg/helper.h.inc"
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
 
diff --git a/target/arm/tcg/helper-a64.c b/target/arm/tcg/helper-a64.c
index 58a573e21d..5573c0c15e 100644
--- a/target/arm/tcg/helper-a64.c
+++ b/target/arm/tcg/helper-a64.c
@@ -34,7 +34,7 @@
 #include "fpu/softfloat.h"
 #include  /* For crc32 */
 
-#define HELPER_H "helper.h"
+#define HELPER_H "tcg/helper.h.inc"
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
 
diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c
index 83a1aa08e4..e75cb0100e 100644
--- a/target/arm/tcg/hflags.c
+++ b/target/arm/tcg/hflags.c
@@ -10,7 +10,7 @@
 #include "internals.h"
 #include "cpregs.h"
 
-#define HELPER_H "helper.h"
+#define HELPER_H "tcg/helper.h.inc"
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
 
diff --git a/target/arm/tcg/m_helper.c b/target/arm/tcg/m_helper.c
index 1991eafe05..4100161775 100644
--- a/target/arm/tcg/m_helper.c
+++ b/target/arm/tcg/m_helper.c
@@ -24,7 +24,7 @@
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
 
-#define HELPER_H "helper.h"
+#define HELPER_H "tcg/helper.h.inc"
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
 
diff --git a/target/arm/tcg/op_helper.c b/target/arm/tcg/op_helper.c
index 24205074cc..e1aadd63f0 100644
--- a/target/arm/tcg/op_helper.c
+++ b/target/arm/tcg/op_helper.c
@@ -24,7 +24,7 @@
 #include "exec/cpu_ldst.h"
 #include "cpregs.h"
 
-#define HELPER_H "helper.h"
+#define HELPER_H "tcg/helper.h.inc"
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
 
diff --git a/target/arm/tcg/psci.c b/target/arm/tcg/psci.c
index 2822a6b96a..e00b9b1493 100644
--- a/target/arm/tcg/psci.c
+++ b/target/arm/tcg/psci.c
@@ -24,7 +24,7 @@
 #include "internals.h"
 #include "arm-powerctl.h"
 
-#define HELPER_H "helper.h"
+#define HELPER_H "tcg/helper.h.inc"
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
 
diff --git a/target/arm/tcg/tlb_helper.c b/target/arm/tcg/tlb_helper.c
index e663aef2fd..3f8cb358a6 100644
--- a/target/arm/tcg/tlb_helper.c
+++ b/target/arm/tcg/tlb_helper.c
@@ -10,7 +10,7 @@
 #include "internals.h"
 #include "exec/exec-all.h"
 
-#define HELPER_H "helper.h"
+#define HELPER_H "tcg/helper.h.inc"
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
 
diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
index bb8756d0ff..00b73c9151 100644
--- a/target/arm/tcg/translate.c
+++ b/target/arm/tcg/translate.c
@@ -40,7 +40,7 @@
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
-#define HELPER_H "helper.h"
+#define HELPER_H "tcg/helper.h.inc"
 #include "exec/helper-proto.h.inc"
 #include "exec/helper-info.c.inc"
 #undef  HELPER_H
-- 
2.38.1

Re: [PATCH][RESEND v5 3/3] Add a Hyper-V Dynamic Memory Protocol driver (hv-balloon)

[David Hildenbrand]

[...]

Sorry for the late reply!

Still trying to make up my mind what the right way forward with this is.



This usage is still problematic I suspect (well, and a layer violation 
regarding the machine). The machine hotplug handler is supposed to call the 
pre_plug/plug/unplug hooks as response to pre_plug/plug/unplug notifications 
from the core. See how we handle virtio-mem/virtio-pmem/nvdimms as an example.

We assume that when memory_device_pre_plug() gets called, that the device is 
not realized yet, but once it gets plugged, that it already is realized, and 
that the device will actually vanish (get unrealized) when unplugging the 
device.
Otherwise memory device logic like in get_plugged_memory_size() stops working.


get_plugged_memory_size() just calls get_plugged_size() method on every
realized TYPE_MEMORY_DEVICE.

While this now always returns the whole backing memory size (once the
backend gets plugged) I don't see a reason why this method could not be
overridden in hv-balloon to return just the currently hot-added size.

By the way, this function seems to be used just for reporting stats via QMP.


memory_device_build_list() is another example, used for 
memory_device_get_free_addr(). You'd be blocking memory address ranges 
with an unplugged-but-realized memory device.


Memory device code expects that realized memory devices are plugged and 
vice versa.






As an example, see device_set_realized() on the pre_plug+realize+plug 
interaction.

IIRC, you're reusing the already-realized hv-balloon device here, correct?


Yes - in this version of the driver.

The previous version used separate virtual DIMM devices instead but you have
recommended against that approach.



Yes. My recommendation was to make the hv-balloon device a memory device 
and use a single memory region, which you did (and I think it's much 
better).


It's now all about when we (un)plug the memory device itself -- and how.



Why can't you call the pre_plug/plug/unplug functions from the machine 
pre_plug/plug/unplug hooks -- exactly once for the memory device when plugging 
the hv-balloon device?

Is it to support the !memdev case or why is this this plugging/unplugging in 
our_range_plugged_new()/our_range_plugged_free() required?


At least for three (four) reasons:
1a) At the hv-balloon plug time the device doesn't yet know the guest
alignement requirements - or whether the guest supports memory hot add at
all - that's what the device will learn only once the guest connects
to the protocol.


Understood, so you want to at least expose the memory dynamically to the 
VM (map the MR on demand).


That could be done using a memory region container like virtio-mem is 
planning [1] on using fairly easily.


[1] https://lkml.kernel.org/r/20230616092654.175518-14-da...@redhat.com


1b) For the same reason the memory region has to be unplugged at the VM
reset time - the new guest might have stricter alignement requirements


Alignment is certainly interesting, but is it a real problem?

As default (not other memory devices) you get an address that's aligned 
to 1 GiB. And, in fact, you can simply always request a 1 GiB alignment 
for the device, independent of the guest requirement.


Would the guest requirement be even stricter than that (e.g., 2 GiB)?

In theory, when using a memory region container (again [1]) into which 
you dynamically map the RAM region, you can do this alignment internally.


So it might be an option to use a memory region container and 
dynamically map into that one as you please (it just has to have a fixed 
size).




By the way, the memory region *can't* be unplugged yet at VMBus device
reset time - Windows keeps on using it until the system is restarted,
even after disconnecting from the VMBus.


Yes, similar to virtio-mem -- we can only e.g. do it at system reset time.



2) The !memdev case, when the driver is just used for Windows-native
ballooning and stats reporting.


So we'd want support for a memory device that doesn't expose any memory 
-- in the current configuration. Should be doable (NULL returned as 
device memory region -> skip pre_plug/plug/unplug and teach the other 
code to just ignore this device). It would be easier if we could decide 
at runtime that this device is not a memory device ...


But let's first figure out if that's the right approach.




3) This will hopefully allow sharing the backing memory device between
virtio-mem and hv-balloon in the future - Linux guests will connect to
the former interface while Windows guests will connect to the later.



I've been told that the virtio-mem driver for Windows will show up 
polished in the near future ... we'll see :)


Anyhow, I consider that a secondary requirement. (virtio-mem is not 
compatible with shared memdevs)





Supporting the !memdev case is interesting: you essentially want to plug a 
memory device without a device region (or with an empty stub). I guess we 
should get that figured out somehow.



That's why 

[PATCH v3 27/34] target/arm/tcg: Reduce 'helper-a64.h.inc' inclusion

[Philippe Mathieu-Daudé]

Instead of including helper-a64.h.inc via helper.h which
is included by all TCG files, restrict it to the few files
that require it.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/helper.h| 4 
 target/arm/tcg/helper-a64.c| 4 
 target/arm/tcg/sve_helper.c| 5 -
 target/arm/tcg/translate-a64.c | 6 ++
 target/arm/tcg/vec_helper.c| 5 -
 5 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 159ed9664f..aae2a38407 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -110,7 +110,3 @@ DEF_HELPER_3(ror_cc, i32, env, i32, i32)
 
 DEF_HELPER_FLAGS_3(crc32, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
 DEF_HELPER_FLAGS_3(crc32c, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
-
-#ifdef TARGET_AARCH64
-#include "tcg/helper-a64.h.inc"
-#endif
diff --git a/target/arm/tcg/helper-a64.c b/target/arm/tcg/helper-a64.c
index 6312238676..782b6b6e94 100644
--- a/target/arm/tcg/helper-a64.c
+++ b/target/arm/tcg/helper-a64.c
@@ -35,6 +35,10 @@
 #include "fpu/softfloat.h"
 #include  /* For crc32 */
 
+#define HELPER_H "tcg/helper-a64.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 /* C2.4.7 Multiply and divide */
 /* special cases for 0 and LLONG_MIN are mandated by the standard */
 uint64_t HELPER(udiv64)(uint64_t num, uint64_t den)
diff --git a/target/arm/tcg/sve_helper.c b/target/arm/tcg/sve_helper.c
index 79a42af591..64f744bf6a 100644
--- a/target/arm/tcg/sve_helper.c
+++ b/target/arm/tcg/sve_helper.c
@@ -21,7 +21,6 @@
 #include "cpu.h"
 #include "internals.h"
 #include "exec/exec-all.h"
-#include "exec/helper-proto.h"
 #include "tcg/tcg-gvec-desc.h"
 #include "fpu/softfloat.h"
 #include "tcg/tcg.h"
@@ -37,6 +36,10 @@
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-a64.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 /* Return a value for NZCV as per the ARM PredTest pseudofunction.
  *
  * The return value has bit 31 set if N is set, bit 1 set if Z is clear,
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index a3d4265f85..73697f0cc9 100644
--- a/target/arm/tcg/translate-a64.c
+++ b/target/arm/tcg/translate-a64.c
@@ -58,6 +58,12 @@
 #include "exec/helper-info.c.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-a64.h.inc"
+#include "exec/helper-proto.h.inc"
+#include "exec/helper-gen.h.inc"
+#include "exec/helper-info.c.inc"
+#undef  HELPER_H
+
 static TCGv_i64 cpu_X[32];
 static TCGv_i64 cpu_pc;
 
diff --git a/target/arm/tcg/vec_helper.c b/target/arm/tcg/vec_helper.c
index 99f81df9e1..dcfb3cfc96 100644
--- a/target/arm/tcg/vec_helper.c
+++ b/target/arm/tcg/vec_helper.c
@@ -19,7 +19,6 @@
 
 #include "qemu/osdep.h"
 #include "cpu.h"
-#include "exec/helper-proto.h"
 #include "tcg/tcg-gvec-desc.h"
 #include "fpu/softfloat.h"
 #include "qemu/int128.h"
@@ -41,6 +40,10 @@
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-a64.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 /*
  * Data for expanding active predicate bits to bytes, for byte elements.
  *
-- 
2.38.1

[PATCH v3 18/34] target/arm/tcg: Reduce 'helper-gvec.h.inc' inclusion

[Philippe Mathieu-Daudé]

Instead of including helper-gvec.h.inc via helper.h which
is included by all TCG files, restrict it to the few files
that require it.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/helper.h | 1 -
 target/arm/tcg/translate-a64.c  | 4 
 target/arm/tcg/translate-gvec.c | 6 ++
 target/arm/tcg/translate-neon.c | 4 
 target/arm/tcg/translate-sve.c  | 3 +++
 target/arm/tcg/vec_helper.c | 4 
 6 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index df22f1a117..6d61694f5e 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -198,5 +198,4 @@ DEF_HELPER_FLAGS_6(sve2_fmlal_zzxw_s, TCG_CALL_NO_RWG,
 #include "tcg/helper-sme.h.inc"
 #endif
 
-#include "tcg/helper-gvec.h.inc"
 #include "tcg/helper-mve.h.inc"
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index 22caf89bb0..924bbdbf1d 100644
--- a/target/arm/tcg/translate-a64.c
+++ b/target/arm/tcg/translate-a64.c
@@ -26,6 +26,10 @@
 #include "semihosting/semihost.h"
 #include "cpregs.h"
 
+#define HELPER_H "tcg/helper-gvec.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
 #define HELPER_H "tcg/helper-vfp.h.inc"
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
diff --git a/target/arm/tcg/translate-gvec.c b/target/arm/tcg/translate-gvec.c
index 8b1d5e283c..1ae346c5a8 100644
--- a/target/arm/tcg/translate-gvec.c
+++ b/target/arm/tcg/translate-gvec.c
@@ -13,6 +13,12 @@
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-gvec.h.inc"
+#include "exec/helper-proto.h.inc"
+#include "exec/helper-gen.h.inc"
+#include "exec/helper-info.c.inc"
+#undef  HELPER_H
+
 static void gen_gvec_fn3_qc(uint32_t rd_ofs, uint32_t rn_ofs, uint32_t rm_ofs,
 uint32_t opr_sz, uint32_t max_sz,
 gen_helper_gvec_3_ptr *fn)
diff --git a/target/arm/tcg/translate-neon.c b/target/arm/tcg/translate-neon.c
index 9a1831f849..fa13e7e8cb 100644
--- a/target/arm/tcg/translate-neon.c
+++ b/target/arm/tcg/translate-neon.c
@@ -24,6 +24,10 @@
 #include "translate.h"
 #include "translate-a32.h"
 
+#define HELPER_H "tcg/helper-gvec.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
 #define HELPER_H "tcg/helper-vfp.h.inc"
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
diff --git a/target/arm/tcg/translate-sve.c b/target/arm/tcg/translate-sve.c
index ff050626e6..605cce0979 100644
--- a/target/arm/tcg/translate-sve.c
+++ b/target/arm/tcg/translate-sve.c
@@ -22,6 +22,9 @@
 #include "translate-a64.h"
 #include "fpu/softfloat.h"
 
+#define HELPER_H "tcg/helper-gvec.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
 
 typedef void GVecGen2sFn(unsigned, uint32_t, uint32_t,
  TCGv_i64, uint32_t, uint32_t);
diff --git a/target/arm/tcg/vec_helper.c b/target/arm/tcg/vec_helper.c
index af325577f0..b0aaca38e7 100644
--- a/target/arm/tcg/vec_helper.c
+++ b/target/arm/tcg/vec_helper.c
@@ -25,6 +25,10 @@
 #include "qemu/int128.h"
 #include "vec_internal.h"
 
+#define HELPER_H "tcg/helper-gvec.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 #define HELPER_H "tcg/helper-vfp.h.inc"
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
-- 
2.38.1

[PATCH v3 32/34] target/arm/tcg: Inline 'exec/helper-proto.h'

[Philippe Mathieu-Daudé]

Suggested-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/debug_helper.c   | 6 +-
 target/arm/helper.c | 6 +-
 target/arm/tcg/helper-a64.c | 5 -
 target/arm/tcg/hflags.c | 5 -
 target/arm/tcg/m_helper.c   | 5 -
 target/arm/tcg/op_helper.c  | 5 -
 target/arm/tcg/psci.c   | 5 -
 target/arm/tcg/tlb_helper.c | 4 +++-
 target/arm/tcg/translate.c  | 2 +-
 9 files changed, 34 insertions(+), 9 deletions(-)

diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
index 8362462a07..31165b92a5 100644
--- a/target/arm/debug_helper.c
+++ b/target/arm/debug_helper.c
@@ -11,10 +11,14 @@
 #include "internals.h"
 #include "cpregs.h"
 #include "exec/exec-all.h"
-#include "exec/helper-proto.h"
 #include "sysemu/tcg.h"
 
 #ifdef CONFIG_TCG
+
+#define HELPER_H "helper.h"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 /* Return the Exception Level targeted by debug exceptions. */
 static int arm_debug_target_el(CPUARMState *env)
 {
diff --git a/target/arm/helper.c b/target/arm/helper.c
index d4bee43bd0..63ed29b841 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11,7 +11,6 @@
 #include "trace.h"
 #include "cpu.h"
 #include "internals.h"
-#include "exec/helper-proto.h"
 #include "qemu/main-loop.h"
 #include "qemu/timer.h"
 #include "qemu/bitops.h"
@@ -26,6 +25,11 @@
 #include "qapi/error.h"
 #include "qemu/guest-random.h"
 #ifdef CONFIG_TCG
+
+#define HELPER_H "helper.h"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 #include "semihosting/common-semi.h"
 #endif
 #include "cpregs.h"
diff --git a/target/arm/tcg/helper-a64.c b/target/arm/tcg/helper-a64.c
index 782b6b6e94..58a573e21d 100644
--- a/target/arm/tcg/helper-a64.c
+++ b/target/arm/tcg/helper-a64.c
@@ -21,7 +21,6 @@
 #include "qemu/units.h"
 #include "cpu.h"
 #include "gdbstub/helpers.h"
-#include "exec/helper-proto.h"
 #include "qemu/host-utils.h"
 #include "qemu/log.h"
 #include "qemu/main-loop.h"
@@ -35,6 +34,10 @@
 #include "fpu/softfloat.h"
 #include  /* For crc32 */
 
+#define HELPER_H "helper.h"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 #define HELPER_H "tcg/helper-a64.h.inc"
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c
index 616c5fa723..83a1aa08e4 100644
--- a/target/arm/tcg/hflags.c
+++ b/target/arm/tcg/hflags.c
@@ -8,9 +8,12 @@
 #include "qemu/osdep.h"
 #include "cpu.h"
 #include "internals.h"
-#include "exec/helper-proto.h"
 #include "cpregs.h"
 
+#define HELPER_H "helper.h"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 static inline bool fgt_svc(CPUARMState *env, int el)
 {
 /*
diff --git a/target/arm/tcg/m_helper.c b/target/arm/tcg/m_helper.c
index 45568d96bb..1991eafe05 100644
--- a/target/arm/tcg/m_helper.c
+++ b/target/arm/tcg/m_helper.c
@@ -10,7 +10,6 @@
 #include "cpu.h"
 #include "internals.h"
 #include "gdbstub/helpers.h"
-#include "exec/helper-proto.h"
 #include "qemu/main-loop.h"
 #include "qemu/bitops.h"
 #include "qemu/log.h"
@@ -25,6 +24,10 @@
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "helper.h"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 static void v7m_msr_xpsr(CPUARMState *env, uint32_t mask,
  uint32_t reg, uint32_t val)
 {
diff --git a/target/arm/tcg/op_helper.c b/target/arm/tcg/op_helper.c
index 04a90e3e3a..24205074cc 100644
--- a/target/arm/tcg/op_helper.c
+++ b/target/arm/tcg/op_helper.c
@@ -19,12 +19,15 @@
 #include "qemu/osdep.h"
 #include "qemu/main-loop.h"
 #include "cpu.h"
-#include "exec/helper-proto.h"
 #include "internals.h"
 #include "exec/exec-all.h"
 #include "exec/cpu_ldst.h"
 #include "cpregs.h"
 
+#define HELPER_H "helper.h"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 #define SIGNBIT (uint32_t)0x8000
 #define SIGNBIT64 ((uint64_t)1 << 63)
 
diff --git a/target/arm/tcg/psci.c b/target/arm/tcg/psci.c
index 6c1239bb96..2822a6b96a 100644
--- a/target/arm/tcg/psci.c
+++ b/target/arm/tcg/psci.c
@@ -18,13 +18,16 @@
 
 #include "qemu/osdep.h"
 #include "cpu.h"
-#include "exec/helper-proto.h"
 #include "kvm-consts.h"
 #include "qemu/main-loop.h"
 #include "sysemu/runstate.h"
 #include "internals.h"
 #include "arm-powerctl.h"
 
+#define HELPER_H "helper.h"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 bool arm_is_psci_call(ARMCPU *cpu, int excp_type)
 {
 /*
diff --git a/target/arm/tcg/tlb_helper.c b/target/arm/tcg/tlb_helper.c
index 8df36c2cbf..e663aef2fd 100644
--- a/target/arm/tcg/tlb_helper.c
+++ b/target/arm/tcg/tlb_helper.c
@@ -9,8 +9,10 @@
 #include "cpu.h"
 #include "internals.h"
 #include "exec/exec-all.h"
-#include "exec/helper-proto.h"
 
+#define HELPER_H "helper.h"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
 
 /*
  * Returns true if the stage 1 translation regime is using LPAE format page
diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
index 4b54e177d1..bb8756d0ff 100644
--- 

[PATCH v3 24/34] target/arm/tcg: Reduce 'helper-sme.h.inc' inclusion

[Philippe Mathieu-Daudé]

Instead of including helper-sme.h.inc via helper.h which
is included by all TCG files, restrict it to the few files
that require it.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/helper.h| 1 -
 target/arm/tcg/sme_helper.c| 5 -
 target/arm/tcg/translate-a64.c | 4 
 target/arm/tcg/translate-sme.c | 6 ++
 4 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 6ea6384855..159ed9664f 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -113,5 +113,4 @@ DEF_HELPER_FLAGS_3(crc32c, TCG_CALL_NO_RWG_SE, i32, i32, 
i32, i32)
 
 #ifdef TARGET_AARCH64
 #include "tcg/helper-a64.h.inc"
-#include "tcg/helper-sme.h.inc"
 #endif
diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c
index 1e67fcac30..04170ad18d 100644
--- a/target/arm/tcg/sme_helper.c
+++ b/target/arm/tcg/sme_helper.c
@@ -21,7 +21,6 @@
 #include "cpu.h"
 #include "internals.h"
 #include "tcg/tcg-gvec-desc.h"
-#include "exec/helper-proto.h"
 #include "exec/cpu_ldst.h"
 #include "exec/exec-all.h"
 #include "qemu/int128.h"
@@ -29,6 +28,10 @@
 #include "vec_internal.h"
 #include "sve_ldst_internal.h"
 
+#define HELPER_H "tcg/helper-sme.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 void helper_set_svcr(CPUARMState *env, uint32_t val, uint32_t mask)
 {
 aarch64_set_svcr(env, val, mask);
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index 46428ef034..f4c9448582 100644
--- a/target/arm/tcg/translate-a64.c
+++ b/target/arm/tcg/translate-a64.c
@@ -42,6 +42,10 @@
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-sme.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
 static TCGv_i64 cpu_X[32];
 static TCGv_i64 cpu_pc;
 
diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c
index e63b9883a9..fa0dc20bf2 100644
--- a/target/arm/tcg/translate-sme.c
+++ b/target/arm/tcg/translate-sme.c
@@ -29,6 +29,12 @@
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-sme.h.inc"
+#include "exec/helper-proto.h.inc"
+#include "exec/helper-gen.h.inc"
+#include "exec/helper-info.c.inc"
+#undef  HELPER_H
+
 /*
  * Include the generated decoder.
  */
-- 
2.38.1

[PATCH v3 23/34] target/arm/tcg: Reduce 'helper-mve.h.inc' inclusion

[Philippe Mathieu-Daudé]

Instead of including helper-mve.h.inc via helper.h which
is included by all TCG files, restrict it to the few files
that require it.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/helper.h| 2 --
 target/arm/tcg/mve_helper.c| 5 -
 target/arm/tcg/translate-mve.c | 6 ++
 target/arm/tcg/translate.c | 4 
 4 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index e132969837..6ea6384855 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -115,5 +115,3 @@ DEF_HELPER_FLAGS_3(crc32c, TCG_CALL_NO_RWG_SE, i32, i32, 
i32, i32)
 #include "tcg/helper-a64.h.inc"
 #include "tcg/helper-sme.h.inc"
 #endif
-
-#include "tcg/helper-mve.h.inc"
diff --git a/target/arm/tcg/mve_helper.c b/target/arm/tcg/mve_helper.c
index d8ba5a9e60..a3fca486e0 100644
--- a/target/arm/tcg/mve_helper.c
+++ b/target/arm/tcg/mve_helper.c
@@ -21,7 +21,6 @@
 #include "cpu.h"
 #include "internals.h"
 #include "vec_internal.h"
-#include "exec/helper-proto.h"
 #include "exec/cpu_ldst.h"
 #include "exec/exec-all.h"
 #include "tcg/tcg.h"
@@ -31,6 +30,10 @@
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-mve.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 static uint16_t mve_eci_mask(CPUARMState *env)
 {
 /*
diff --git a/target/arm/tcg/translate-mve.c b/target/arm/tcg/translate-mve.c
index bbc7b3f4ce..8577dc4377 100644
--- a/target/arm/tcg/translate-mve.c
+++ b/target/arm/tcg/translate-mve.c
@@ -21,6 +21,12 @@
 #include "translate.h"
 #include "translate-a32.h"
 
+#define HELPER_H "tcg/helper-mve.h.inc"
+#include "exec/helper-proto.h.inc"
+#include "exec/helper-gen.h.inc"
+#include "exec/helper-info.c.inc"
+#undef  HELPER_H
+
 static inline int vidup_imm(DisasContext *s, int x)
 {
 return 1 << x;
diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
index ddc9baeafb..a71c60f4fb 100644
--- a/target/arm/tcg/translate.c
+++ b/target/arm/tcg/translate.c
@@ -33,6 +33,10 @@
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-mve.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
 #define HELPER_H "helper.h"
 #include "exec/helper-info.c.inc"
 #undef  HELPER_H
-- 
2.38.1

[PATCH v3 34/34] tests/tcg/aarch64: Rename bti-crt.inc.c -> bti-crt.c.inc

[Philippe Mathieu-Daudé]

Since commit 139c1837db ("meson: rename included C source files
to .c.inc"), QEMU standard procedure for included C files is to
use *.c.inc.

Besides, since commit 6a0057aa22 ("docs/devel: make a statement
about includes") this is documented as the Coding Style:

  If you do use template header files they should be named with
  the ``.c.inc`` or ``.h.inc`` suffix to make it clear they are
  being included for expansion.

Therefore rename 'bti-crt.inc.c' as 'bti-crt.c.inc'.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Reviewed-by: Alex Bennée 
---
 tests/tcg/aarch64/bti-1.c  | 2 +-
 tests/tcg/aarch64/bti-3.c  | 2 +-
 tests/tcg/aarch64/{bti-crt.inc.c => bti-crt.c.inc} | 0
 3 files changed, 2 insertions(+), 2 deletions(-)
 rename tests/tcg/aarch64/{bti-crt.inc.c => bti-crt.c.inc} (100%)

diff --git a/tests/tcg/aarch64/bti-1.c b/tests/tcg/aarch64/bti-1.c
index 61924f0d7a..99a879af23 100644
--- a/tests/tcg/aarch64/bti-1.c
+++ b/tests/tcg/aarch64/bti-1.c
@@ -2,7 +2,7 @@
  * Branch target identification, basic notskip cases.
  */
 
-#include "bti-crt.inc.c"
+#include "bti-crt.c.inc"
 
 static void skip2_sigill(int sig, siginfo_t *info, ucontext_t *uc)
 {
diff --git a/tests/tcg/aarch64/bti-3.c b/tests/tcg/aarch64/bti-3.c
index a852856d9a..8c534c09d7 100644
--- a/tests/tcg/aarch64/bti-3.c
+++ b/tests/tcg/aarch64/bti-3.c
@@ -2,7 +2,7 @@
  * BTI vs PACIASP
  */
 
-#include "bti-crt.inc.c"
+#include "bti-crt.c.inc"
 
 static void skip2_sigill(int sig, siginfo_t *info, ucontext_t *uc)
 {
diff --git a/tests/tcg/aarch64/bti-crt.inc.c b/tests/tcg/aarch64/bti-crt.c.inc
similarity index 100%
rename from tests/tcg/aarch64/bti-crt.inc.c
rename to tests/tcg/aarch64/bti-crt.c.inc
-- 
2.38.1

[PATCH v3 17/34] target/arm/tcg: Extract gvec definitions to 'helper-gvec.h.inc'

[Philippe Mathieu-Daudé]

helper.h is used by all units, but not all require the generic
vector definitions. Move them to a new header; the next commit
will remove it from the common helper.h.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/helper.h  | 380 +--
 target/arm/tcg/helper-gvec.h.inc | 378 ++
 2 files changed, 379 insertions(+), 379 deletions(-)
 create mode 100644 target/arm/tcg/helper-gvec.h.inc

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 819d27d597..df22f1a117 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -146,15 +146,6 @@ DEF_HELPER_FLAGS_4(crypto_rax1, TCG_CALL_NO_RWG, void, 
ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(crc32, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
 DEF_HELPER_FLAGS_3(crc32c, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
 
-DEF_HELPER_FLAGS_5(gvec_qrdmlah_s16, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(gvec_qrdmlsh_s16, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(gvec_qrdmlah_s32, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(gvec_qrdmlsh_s32, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-
 DEF_HELPER_FLAGS_5(sve2_sqrdmlah_b, TCG_CALL_NO_RWG,
void, ptr, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_5(sve2_sqrdmlsh_b, TCG_CALL_NO_RWG,
@@ -172,336 +163,6 @@ DEF_HELPER_FLAGS_5(sve2_sqrdmlah_d, TCG_CALL_NO_RWG,
 DEF_HELPER_FLAGS_5(sve2_sqrdmlsh_d, TCG_CALL_NO_RWG,
void, ptr, ptr, ptr, ptr, i32)
 
-DEF_HELPER_FLAGS_5(gvec_sdot_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(gvec_udot_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(gvec_sdot_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(gvec_udot_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(gvec_usdot_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
-
-DEF_HELPER_FLAGS_5(gvec_sdot_idx_b, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(gvec_udot_idx_b, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(gvec_sdot_idx_h, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(gvec_udot_idx_h, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(gvec_sudot_idx_b, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(gvec_usdot_idx_b, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_5(gvec_fcaddh, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(gvec_fcadds, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(gvec_fcaddd, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_6(gvec_fcmlah, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_6(gvec_fcmlah_idx, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_6(gvec_fcmlas, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_6(gvec_fcmlas_idx, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_6(gvec_fcmlad, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_4(gvec_sstoh, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(gvec_sitos, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(gvec_ustoh, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(gvec_uitos, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(gvec_tosszh, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(gvec_tosizs, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(gvec_touszh, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(gvec_touizs, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_4(gvec_vcvt_sf, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(gvec_vcvt_uf, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(gvec_vcvt_fs, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(gvec_vcvt_fu, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_4(gvec_vcvt_sh, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(gvec_vcvt_uh, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(gvec_vcvt_hs, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(gvec_vcvt_hu, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_4(gvec_vcvt_rm_ss, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(gvec_vcvt_rm_us, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(gvec_vcvt_rm_sh, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(gvec_vcvt_rm_uh, 

[PATCH v3 21/34] target/arm/tcg: Extract crypto definitions to 'helper-crypto.h.inc'

[Philippe Mathieu-Daudé]

helper.h is used by all units, but not all require the crypto
definitions. Move them to a new header; the next commit will
remove it from the common helper.h.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/helper.h| 37 ++
 target/arm/tcg/helper-crypto.h.inc | 42 ++
 2 files changed, 44 insertions(+), 35 deletions(-)
 create mode 100644 target/arm/tcg/helper-crypto.h.inc

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 38d3d1a2f3..175589cbb4 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -108,44 +108,11 @@ DEF_HELPER_3(shr_cc, i32, env, i32, i32)
 DEF_HELPER_3(sar_cc, i32, env, i32, i32)
 DEF_HELPER_3(ror_cc, i32, env, i32, i32)
 
-DEF_HELPER_FLAGS_4(crypto_aese, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_3(crypto_aesmc, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_4(crypto_sha1su0, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(crypto_sha1c, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(crypto_sha1p, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(crypto_sha1m, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_3(crypto_sha1h, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
-DEF_HELPER_FLAGS_3(crypto_sha1su1, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_4(crypto_sha256h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(crypto_sha256h2, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_3(crypto_sha256su0, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(crypto_sha256su1, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_4(crypto_sha512h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(crypto_sha512h2, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_3(crypto_sha512su0, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(crypto_sha512su1, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_4(crypto_sm3tt1a, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(crypto_sm3tt1b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(crypto_sm3tt2a, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(crypto_sm3tt2b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(crypto_sm3partw1, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(crypto_sm3partw2, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_4(crypto_sm4e, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(crypto_sm4ekey, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_4(crypto_rax1, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-
 DEF_HELPER_FLAGS_3(crc32, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
 DEF_HELPER_FLAGS_3(crc32c, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
 
+#include "tcg/helper-crypto.h.inc"
+
 #ifdef TARGET_AARCH64
 #include "tcg/helper-a64.h.inc"
 #include "tcg/helper-sme.h.inc"
diff --git a/target/arm/tcg/helper-crypto.h.inc 
b/target/arm/tcg/helper-crypto.h.inc
new file mode 100644
index 00..d86f5002c4
--- /dev/null
+++ b/target/arm/tcg/helper-crypto.h.inc
@@ -0,0 +1,42 @@
+/*
+ * crypto_helper.c - emulate v8 Crypto Extensions instructions
+ *
+ * Copyright (C) 2013 - 2018 Linaro Ltd 
+ *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ */
+
+DEF_HELPER_FLAGS_4(crypto_aese, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(crypto_aesmc, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(crypto_sha1su0, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(crypto_sha1c, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(crypto_sha1p, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(crypto_sha1m, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(crypto_sha1h, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(crypto_sha1su1, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(crypto_sha256h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(crypto_sha256h2, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(crypto_sha256su0, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(crypto_sha256su1, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(crypto_sha512h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(crypto_sha512h2, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(crypto_sha512su0, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(crypto_sha512su1, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(crypto_sm3tt1a, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(crypto_sm3tt1b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(crypto_sm3tt2a, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(crypto_sm3tt2b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)

[PATCH v3 19/34] target/arm/tcg: Extract SVE2 definitions to 'helper-sve.h.inc'

[Philippe Mathieu-Daudé]

helper.h is used by all units, but not all require the
SVE2 definitions. We already have helper-sve.h.inc for
SVE* definitions, move them there. The next commit will
remove it from the common helper.h.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
---
 target/arm/helper.h | 46 -
 target/arm/tcg/helper-sve.h.inc | 46 +
 2 files changed, 46 insertions(+), 46 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 6d61694f5e..f347305c0f 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -146,52 +146,6 @@ DEF_HELPER_FLAGS_4(crypto_rax1, TCG_CALL_NO_RWG, void, 
ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(crc32, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
 DEF_HELPER_FLAGS_3(crc32c, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
 
-DEF_HELPER_FLAGS_5(sve2_sqrdmlah_b, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(sve2_sqrdmlsh_b, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(sve2_sqrdmlah_h, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(sve2_sqrdmlsh_h, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(sve2_sqrdmlah_s, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(sve2_sqrdmlsh_s, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(sve2_sqrdmlah_d, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_5(sve2_sqrdmlsh_d, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_4(sve2_sqdmulh_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(sve2_sqdmulh_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(sve2_sqdmulh_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(sve2_sqdmulh_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_4(sve2_sqrdmulh_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(sve2_sqrdmulh_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(sve2_sqrdmulh_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(sve2_sqrdmulh_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_4(sve2_sqdmulh_idx_h, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(sve2_sqdmulh_idx_s, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(sve2_sqdmulh_idx_d, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_4(sve2_sqrdmulh_idx_h, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(sve2_sqrdmulh_idx_s, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_4(sve2_sqrdmulh_idx_d, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, i32)
-
-DEF_HELPER_FLAGS_6(sve2_fmlal_zzzw_s, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, ptr, i32)
-DEF_HELPER_FLAGS_6(sve2_fmlal_zzxw_s, TCG_CALL_NO_RWG,
-   void, ptr, ptr, ptr, ptr, ptr, i32)
-
 #ifdef TARGET_AARCH64
 #include "tcg/helper-a64.h.inc"
 #include "tcg/helper-sve.h.inc"
diff --git a/target/arm/tcg/helper-sve.h.inc b/target/arm/tcg/helper-sve.h.inc
index cc4e1d8948..042a29d76a 100644
--- a/target/arm/tcg/helper-sve.h.inc
+++ b/target/arm/tcg/helper-sve.h.inc
@@ -2802,3 +2802,49 @@ DEF_HELPER_FLAGS_4(sve2_sqshlu_b, TCG_CALL_NO_RWG, void, 
ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(sve2_sqshlu_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(sve2_sqshlu_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(sve2_sqshlu_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve2_sqdmulh_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve2_sqdmulh_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve2_sqdmulh_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve2_sqdmulh_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve2_sqrdmulh_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve2_sqrdmulh_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve2_sqrdmulh_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve2_sqrdmulh_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_5(sve2_sqrdmlah_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve2_sqrdmlsh_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve2_sqrdmlah_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve2_sqrdmlsh_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve2_sqrdmlah_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)

[PATCH v3 15/34] target/arm/tcg: Export some generic vector helpers

[Philippe Mathieu-Daudé]

We want to extract gvec helpers to a new translate-gvec.c
file. Some helpers will still be accessed out of it, from
the current translate.c. Expose their prototype.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/tcg/translate.h | 5 +
 target/arm/tcg/translate.c | 8 
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/target/arm/tcg/translate.h b/target/arm/tcg/translate.h
index d2a98b9f3a..7d57a71b67 100644
--- a/target/arm/tcg/translate.h
+++ b/target/arm/tcg/translate.h
@@ -418,6 +418,11 @@ void gen_sshl_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b);
 void gen_ushl_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b);
 void gen_sshl_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b);
 
+void gen_urshr32_i32(TCGv_i32 d, TCGv_i32 a, int32_t sh);
+void gen_srshr32_i32(TCGv_i32 d, TCGv_i32 a, int32_t sh);
+void gen_urshr64_i64(TCGv_i64 d, TCGv_i64 a, int64_t sh);
+void gen_srshr64_i64(TCGv_i64 d, TCGv_i64 a, int64_t sh);
+
 void gen_gvec_uqadd_qc(unsigned vece, uint32_t rd_ofs, uint32_t rn_ofs,
uint32_t rm_ofs, uint32_t opr_sz, uint32_t max_sz);
 void gen_gvec_sqadd_qc(unsigned vece, uint32_t rd_ofs, uint32_t rn_ofs,
diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
index 2b3951cece..adefa737c9 100644
--- a/target/arm/tcg/translate.c
+++ b/target/arm/tcg/translate.c
@@ -1925,7 +1925,7 @@ static void gen_srshr16_i64(TCGv_i64 d, TCGv_i64 a, 
int64_t sh)
 tcg_gen_vec_add16_i64(d, d, t);
 }
 
-static void gen_srshr32_i32(TCGv_i32 d, TCGv_i32 a, int32_t sh)
+void gen_srshr32_i32(TCGv_i32 d, TCGv_i32 a, int32_t sh)
 {
 TCGv_i32 t;
 
@@ -1940,7 +1940,7 @@ static void gen_srshr32_i32(TCGv_i32 d, TCGv_i32 a, 
int32_t sh)
 tcg_gen_add_i32(d, d, t);
 }
 
-static void gen_srshr64_i64(TCGv_i64 d, TCGv_i64 a, int64_t sh)
+void gen_srshr64_i64(TCGv_i64 d, TCGv_i64 a, int64_t sh)
 {
 TCGv_i64 t = tcg_temp_new_i64();
 
@@ -2120,7 +2120,7 @@ static void gen_urshr16_i64(TCGv_i64 d, TCGv_i64 a, 
int64_t sh)
 tcg_gen_vec_add16_i64(d, d, t);
 }
 
-static void gen_urshr32_i32(TCGv_i32 d, TCGv_i32 a, int32_t sh)
+void gen_urshr32_i32(TCGv_i32 d, TCGv_i32 a, int32_t sh)
 {
 TCGv_i32 t;
 
@@ -2135,7 +2135,7 @@ static void gen_urshr32_i32(TCGv_i32 d, TCGv_i32 a, 
int32_t sh)
 tcg_gen_add_i32(d, d, t);
 }
 
-static void gen_urshr64_i64(TCGv_i64 d, TCGv_i64 a, int64_t sh)
+void gen_urshr64_i64(TCGv_i64 d, TCGv_i64 a, int64_t sh)
 {
 TCGv_i64 t = tcg_temp_new_i64();
 
-- 
2.38.1

[PATCH v3 16/34] target/arm/tcg: Extract generic vector helpers to translate-gvec.c

[Philippe Mathieu-Daudé]

Extract 1600 lines from the big enough translate.c.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/tcg/translate-gvec.c | 1644 +++
 target/arm/tcg/translate.c  | 1630 --
 target/arm/tcg/meson.build  |1 +
 3 files changed, 1645 insertions(+), 1630 deletions(-)
 create mode 100644 target/arm/tcg/translate-gvec.c

diff --git a/target/arm/tcg/translate-gvec.c b/target/arm/tcg/translate-gvec.c
new file mode 100644
index 00..8b1d5e283c
--- /dev/null
+++ b/target/arm/tcg/translate-gvec.c
@@ -0,0 +1,1644 @@
+/*
+ * ARM AdvSIMD / SVE Vector Helpers
+ *
+ * Copyright (c) 2020 Linaro
+ *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "translate.h"
+
+#define HELPER_H "tcg/helper-neon.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
+static void gen_gvec_fn3_qc(uint32_t rd_ofs, uint32_t rn_ofs, uint32_t rm_ofs,
+uint32_t opr_sz, uint32_t max_sz,
+gen_helper_gvec_3_ptr *fn)
+{
+TCGv_ptr qc_ptr = tcg_temp_new_ptr();
+
+tcg_gen_addi_ptr(qc_ptr, cpu_env, offsetof(CPUARMState, vfp.qc));
+tcg_gen_gvec_3_ptr(rd_ofs, rn_ofs, rm_ofs, qc_ptr,
+   opr_sz, max_sz, 0, fn);
+}
+
+void gen_gvec_sqrdmlah_qc(unsigned vece, uint32_t rd_ofs, uint32_t rn_ofs,
+  uint32_t rm_ofs, uint32_t opr_sz, uint32_t max_sz)
+{
+static gen_helper_gvec_3_ptr * const fns[2] = {
+gen_helper_gvec_qrdmlah_s16, gen_helper_gvec_qrdmlah_s32
+};
+tcg_debug_assert(vece >= 1 && vece <= 2);
+gen_gvec_fn3_qc(rd_ofs, rn_ofs, rm_ofs, opr_sz, max_sz, fns[vece - 1]);
+}
+
+void gen_gvec_sqrdmlsh_qc(unsigned vece, uint32_t rd_ofs, uint32_t rn_ofs,
+  uint32_t rm_ofs, uint32_t opr_sz, uint32_t max_sz)
+{
+static gen_helper_gvec_3_ptr * const fns[2] = {
+gen_helper_gvec_qrdmlsh_s16, gen_helper_gvec_qrdmlsh_s32
+};
+tcg_debug_assert(vece >= 1 && vece <= 2);
+gen_gvec_fn3_qc(rd_ofs, rn_ofs, rm_ofs, opr_sz, max_sz, fns[vece - 1]);
+}
+
+#define GEN_CMP0(NAME, COND)\
+static void gen_##NAME##0_i32(TCGv_i32 d, TCGv_i32 a)   \
+{   \
+tcg_gen_setcondi_i32(COND, d, a, 0);\
+tcg_gen_neg_i32(d, d);  \
+}   \
+static void gen_##NAME##0_i64(TCGv_i64 d, TCGv_i64 a)   \
+{   \
+tcg_gen_setcondi_i64(COND, d, a, 0);\
+tcg_gen_neg_i64(d, d);  \
+}   \
+static void gen_##NAME##0_vec(unsigned vece, TCGv_vec d, TCGv_vec a) \
+{   \
+TCGv_vec zero = tcg_constant_vec_matching(d, vece, 0);  \
+tcg_gen_cmp_vec(COND, vece, d, a, zero);\
+}   \
+void gen_gvec_##NAME##0(unsigned vece, uint32_t d, uint32_t m,  \
+uint32_t opr_sz, uint32_t max_sz)   \
+{   \
+const GVecGen2 op[4] = {\
+{ .fno = gen_helper_gvec_##NAME##0_b,   \
+  .fniv = gen_##NAME##0_vec,\
+  .opt_opc = vecop_list_cmp,\
+  .vece = MO_8 },   \
+{ .fno = gen_helper_gvec_##NAME##0_h,   \
+  .fniv = gen_##NAME##0_vec,\
+  .opt_opc = vecop_list_cmp,\
+  .vece = MO_16 },  \
+{ .fni4 = gen_##NAME##0_i32,\
+  .fniv = gen_##NAME##0_vec,\
+  .opt_opc = vecop_list_cmp,\
+  .vece = MO_32 },  \
+{ .fni8 = gen_##NAME##0_i64,\
+  .fniv = gen_##NAME##0_vec,\
+  .opt_opc = vecop_list_cmp,\
+  .prefer_i64 = TCG_TARGET_REG_BITS == 64,  \
+  .vece = MO_64 },  \
+};  \
+

[PATCH v3 26/34] target/arm/tcg: Extract MemTag definitions to 'helper-mte.h.inc'

[Philippe Mathieu-Daudé]

helper.h is used by all units, but not all require the crypto
definitions. Move them to a new header, which we only include
where necessary, removing the need for "exec/helper-proto.h".

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/tcg/helper-a64.h.inc | 16 
 target/arm/tcg/helper-mte.h.inc | 23 +++
 target/arm/tcg/mte_helper.c |  4 +++-
 target/arm/tcg/translate-a64.c  |  6 ++
 4 files changed, 32 insertions(+), 17 deletions(-)
 create mode 100644 target/arm/tcg/helper-mte.h.inc

diff --git a/target/arm/tcg/helper-a64.h.inc b/target/arm/tcg/helper-a64.h.inc
index 2f1aeb3ea5..e975f44bef 100644
--- a/target/arm/tcg/helper-a64.h.inc
+++ b/target/arm/tcg/helper-a64.h.inc
@@ -68,21 +68,5 @@ DEF_HELPER_2(sqrt_f16, f16, f16, ptr)
 
 DEF_HELPER_2(exception_return, void, env, i64)
 DEF_HELPER_FLAGS_2(dc_zva, TCG_CALL_NO_WG, void, env, i64)
-
-DEF_HELPER_FLAGS_3(mte_check, TCG_CALL_NO_WG, i64, env, i32, i64)
-DEF_HELPER_FLAGS_3(mte_check_zva, TCG_CALL_NO_WG, i64, env, i32, i64)
-DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64)
-DEF_HELPER_FLAGS_4(addsubg, TCG_CALL_NO_RWG_SE, i64, env, i64, s32, i32)
-DEF_HELPER_FLAGS_3(ldg, TCG_CALL_NO_WG, i64, env, i64, i64)
-DEF_HELPER_FLAGS_3(stg, TCG_CALL_NO_WG, void, env, i64, i64)
-DEF_HELPER_FLAGS_3(stg_parallel, TCG_CALL_NO_WG, void, env, i64, i64)
-DEF_HELPER_FLAGS_2(stg_stub, TCG_CALL_NO_WG, void, env, i64)
-DEF_HELPER_FLAGS_3(st2g, TCG_CALL_NO_WG, void, env, i64, i64)
-DEF_HELPER_FLAGS_3(st2g_parallel, TCG_CALL_NO_WG, void, env, i64, i64)
-DEF_HELPER_FLAGS_2(st2g_stub, TCG_CALL_NO_WG, void, env, i64)
-DEF_HELPER_FLAGS_2(ldgm, TCG_CALL_NO_WG, i64, env, i64)
-DEF_HELPER_FLAGS_3(stgm, TCG_CALL_NO_WG, void, env, i64, i64)
-DEF_HELPER_FLAGS_3(stzgm_tags, TCG_CALL_NO_WG, void, env, i64, i64)
-
 DEF_HELPER_FLAGS_4(unaligned_access, TCG_CALL_NO_WG,
noreturn, env, i64, i32, i32)
diff --git a/target/arm/tcg/helper-mte.h.inc b/target/arm/tcg/helper-mte.h.inc
new file mode 100644
index 00..dc954d49a0
--- /dev/null
+++ b/target/arm/tcg/helper-mte.h.inc
@@ -0,0 +1,23 @@
+/*
+ * ARM v8.5-MemTag helper definitions
+ *
+ * Copyright (c) 2020 Linaro, Ltd.
+ *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ */
+
+DEF_HELPER_FLAGS_3(mte_check, TCG_CALL_NO_WG, i64, env, i32, i64)
+DEF_HELPER_FLAGS_3(mte_check_zva, TCG_CALL_NO_WG, i64, env, i32, i64)
+
+DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_4(addsubg, TCG_CALL_NO_RWG_SE, i64, env, i64, s32, i32)
+DEF_HELPER_FLAGS_3(ldg, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(stg, TCG_CALL_NO_WG, void, env, i64, i64)
+DEF_HELPER_FLAGS_3(stg_parallel, TCG_CALL_NO_WG, void, env, i64, i64)
+DEF_HELPER_FLAGS_2(stg_stub, TCG_CALL_NO_WG, void, env, i64)
+DEF_HELPER_FLAGS_3(st2g, TCG_CALL_NO_WG, void, env, i64, i64)
+DEF_HELPER_FLAGS_3(st2g_parallel, TCG_CALL_NO_WG, void, env, i64, i64)
+DEF_HELPER_FLAGS_2(st2g_stub, TCG_CALL_NO_WG, void, env, i64)
+DEF_HELPER_FLAGS_2(ldgm, TCG_CALL_NO_WG, i64, env, i64)
+DEF_HELPER_FLAGS_3(stgm, TCG_CALL_NO_WG, void, env, i64, i64)
+DEF_HELPER_FLAGS_3(stzgm_tags, TCG_CALL_NO_WG, void, env, i64, i64)
diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c
index 9c64def081..89840c6f7e 100644
--- a/target/arm/tcg/mte_helper.c
+++ b/target/arm/tcg/mte_helper.c
@@ -24,11 +24,13 @@
 #include "exec/exec-all.h"
 #include "exec/ram_addr.h"
 #include "exec/cpu_ldst.h"
-#include "exec/helper-proto.h"
 #include "hw/core/tcg-cpu-ops.h"
 #include "qapi/error.h"
 #include "qemu/guest-random.h"
 
+#define HELPER_H "tcg/helper-mte.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
 
 static int choose_nonexcluded_tag(int tag, int offset, uint16_t exclude)
 {
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index 0d74e5b6e4..a3d4265f85 100644
--- a/target/arm/tcg/translate-a64.c
+++ b/target/arm/tcg/translate-a64.c
@@ -46,6 +46,12 @@
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-mte.h.inc"
+#include "exec/helper-proto.h.inc"
+#include "exec/helper-gen.h.inc"
+#include "exec/helper-info.c.inc"
+#undef  HELPER_H
+
 #define HELPER_H "tcg/helper-pauth.h.inc"
 #include "exec/helper-proto.h.inc"
 #include "exec/helper-gen.h.inc"
-- 
2.38.1

[PATCH v3 25/34] target/arm/tcg: Extract PAuth definitions to 'helper-pauth.h.inc'

[Philippe Mathieu-Daudé]

helper.h is used by all units, but not all require the crypto
definitions. Move them to a new header, which we only include
where necessary, removing the need for "exec/helper-proto.h".

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/tcg/helper-a64.h.inc   | 12 
 target/arm/tcg/helper-pauth.h.inc | 19 +++
 target/arm/tcg/pauth_helper.c |  4 +++-
 target/arm/tcg/translate-a64.c|  6 ++
 4 files changed, 28 insertions(+), 13 deletions(-)
 create mode 100644 target/arm/tcg/helper-pauth.h.inc

diff --git a/target/arm/tcg/helper-a64.h.inc b/target/arm/tcg/helper-a64.h.inc
index adff15600d..2f1aeb3ea5 100644
--- a/target/arm/tcg/helper-a64.h.inc
+++ b/target/arm/tcg/helper-a64.h.inc
@@ -69,18 +69,6 @@ DEF_HELPER_2(sqrt_f16, f16, f16, ptr)
 DEF_HELPER_2(exception_return, void, env, i64)
 DEF_HELPER_FLAGS_2(dc_zva, TCG_CALL_NO_WG, void, env, i64)
 
-DEF_HELPER_FLAGS_3(pacia, TCG_CALL_NO_WG, i64, env, i64, i64)
-DEF_HELPER_FLAGS_3(pacib, TCG_CALL_NO_WG, i64, env, i64, i64)
-DEF_HELPER_FLAGS_3(pacda, TCG_CALL_NO_WG, i64, env, i64, i64)
-DEF_HELPER_FLAGS_3(pacdb, TCG_CALL_NO_WG, i64, env, i64, i64)
-DEF_HELPER_FLAGS_3(pacga, TCG_CALL_NO_WG, i64, env, i64, i64)
-DEF_HELPER_FLAGS_3(autia, TCG_CALL_NO_WG, i64, env, i64, i64)
-DEF_HELPER_FLAGS_3(autib, TCG_CALL_NO_WG, i64, env, i64, i64)
-DEF_HELPER_FLAGS_3(autda, TCG_CALL_NO_WG, i64, env, i64, i64)
-DEF_HELPER_FLAGS_3(autdb, TCG_CALL_NO_WG, i64, env, i64, i64)
-DEF_HELPER_FLAGS_2(xpaci, TCG_CALL_NO_RWG_SE, i64, env, i64)
-DEF_HELPER_FLAGS_2(xpacd, TCG_CALL_NO_RWG_SE, i64, env, i64)
-
 DEF_HELPER_FLAGS_3(mte_check, TCG_CALL_NO_WG, i64, env, i32, i64)
 DEF_HELPER_FLAGS_3(mte_check_zva, TCG_CALL_NO_WG, i64, env, i32, i64)
 DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64)
diff --git a/target/arm/tcg/helper-pauth.h.inc 
b/target/arm/tcg/helper-pauth.h.inc
new file mode 100644
index 00..b5bf8aae24
--- /dev/null
+++ b/target/arm/tcg/helper-pauth.h.inc
@@ -0,0 +1,19 @@
+/*
+ * ARM v8.3-PAuth helper definitions
+ *
+ * Copyright (c) 2019 Linaro, Ltd.
+ *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ */
+
+DEF_HELPER_FLAGS_3(pacia, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(pacib, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(pacda, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(pacdb, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(pacga, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(autia, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(autib, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(autda, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(autdb, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_2(xpaci, TCG_CALL_NO_RWG_SE, i64, env, i64)
+DEF_HELPER_FLAGS_2(xpacd, TCG_CALL_NO_RWG_SE, i64, env, i64)
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index 62af569341..c872f7e337 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -22,10 +22,12 @@
 #include "internals.h"
 #include "exec/exec-all.h"
 #include "exec/cpu_ldst.h"
-#include "exec/helper-proto.h"
 #include "tcg/tcg-gvec-desc.h"
 #include "qemu/xxhash.h"
 
+#define HELPER_H "tcg/helper-pauth.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
 
 static uint64_t pac_cell_shuffle(uint64_t i)
 {
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index f4c9448582..0d74e5b6e4 100644
--- a/target/arm/tcg/translate-a64.c
+++ b/target/arm/tcg/translate-a64.c
@@ -46,6 +46,12 @@
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-pauth.h.inc"
+#include "exec/helper-proto.h.inc"
+#include "exec/helper-gen.h.inc"
+#include "exec/helper-info.c.inc"
+#undef  HELPER_H
+
 static TCGv_i64 cpu_X[32];
 static TCGv_i64 cpu_pc;
 
-- 
2.38.1

[PATCH v3 22/34] target/arm/tcg: Reduce 'helper-crypto.h.inc' inclusion

[Philippe Mathieu-Daudé]

Instead of including helper-crypto.h.inc via helper.h which
is included by all TCG files, restrict it to the few files
that require it.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/helper.h | 2 --
 target/arm/tcg/crypto_helper.c  | 7 ++-
 target/arm/tcg/translate-a64.c  | 4 
 target/arm/tcg/translate-neon.c | 4 
 target/arm/tcg/translate-sve.c  | 4 
 5 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 175589cbb4..e132969837 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -111,8 +111,6 @@ DEF_HELPER_3(ror_cc, i32, env, i32, i32)
 DEF_HELPER_FLAGS_3(crc32, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
 DEF_HELPER_FLAGS_3(crc32c, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
 
-#include "tcg/helper-crypto.h.inc"
-
 #ifdef TARGET_AARCH64
 #include "tcg/helper-a64.h.inc"
 #include "tcg/helper-sme.h.inc"
diff --git a/target/arm/tcg/crypto_helper.c b/target/arm/tcg/crypto_helper.c
index d28690321f..75d9e57e3d 100644
--- a/target/arm/tcg/crypto_helper.c
+++ b/target/arm/tcg/crypto_helper.c
@@ -12,12 +12,17 @@
 #include "qemu/osdep.h"
 
 #include "cpu.h"
-#include "exec/helper-proto.h"
 #include "tcg/tcg-gvec-desc.h"
 #include "crypto/aes.h"
 #include "crypto/sm4.h"
 #include "vec_internal.h"
 
+#define HELPER_H "tcg/helper-crypto.h.inc"
+#include "exec/helper-proto.h.inc"
+#include "exec/helper-gen.h.inc"
+#include "exec/helper-info.c.inc"
+#undef  HELPER_H
+
 union CRYPTO_STATE {
 uint8_tbytes[16];
 uint32_t   words[4];
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index 924bbdbf1d..46428ef034 100644
--- a/target/arm/tcg/translate-a64.c
+++ b/target/arm/tcg/translate-a64.c
@@ -38,6 +38,10 @@
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-crypto.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
 static TCGv_i64 cpu_X[32];
 static TCGv_i64 cpu_pc;
 
diff --git a/target/arm/tcg/translate-neon.c b/target/arm/tcg/translate-neon.c
index fa13e7e8cb..ba9f1a9801 100644
--- a/target/arm/tcg/translate-neon.c
+++ b/target/arm/tcg/translate-neon.c
@@ -32,6 +32,10 @@
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-crypto.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
 #define HELPER_H "tcg/helper-neon.h.inc"
 #include "exec/helper-proto.h.inc"
 #include "exec/helper-gen.h.inc"
diff --git a/target/arm/tcg/translate-sve.c b/target/arm/tcg/translate-sve.c
index 87f92b4d1d..0fa3a14512 100644
--- a/target/arm/tcg/translate-sve.c
+++ b/target/arm/tcg/translate-sve.c
@@ -26,6 +26,10 @@
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-crypto.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
 #define HELPER_H "tcg/helper-sve.h.inc"
 #include "exec/helper-proto.h.inc"
 #include "exec/helper-gen.h.inc"
-- 
2.38.1

[PATCH v3 20/34] target/arm/tcg: Reduce 'helper-sve.h.inc' inclusion

[Philippe Mathieu-Daudé]

Instead of including helper-sve.h.inc via helper.h which
is included by all TCG files, restrict it to the few files
that require it.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/helper.h| 1 -
 target/arm/tcg/sve_helper.c| 4 
 target/arm/tcg/translate-sme.c | 4 
 target/arm/tcg/translate-sve.c | 6 ++
 target/arm/tcg/vec_helper.c| 4 
 5 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index f347305c0f..38d3d1a2f3 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -148,7 +148,6 @@ DEF_HELPER_FLAGS_3(crc32c, TCG_CALL_NO_RWG_SE, i32, i32, 
i32, i32)
 
 #ifdef TARGET_AARCH64
 #include "tcg/helper-a64.h.inc"
-#include "tcg/helper-sve.h.inc"
 #include "tcg/helper-sme.h.inc"
 #endif
 
diff --git a/target/arm/tcg/sve_helper.c b/target/arm/tcg/sve_helper.c
index 8a0d966aae..79a42af591 100644
--- a/target/arm/tcg/sve_helper.c
+++ b/target/arm/tcg/sve_helper.c
@@ -33,6 +33,10 @@
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-sve.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 /* Return a value for NZCV as per the ARM PredTest pseudofunction.
  *
  * The return value has bit 31 set if N is set, bit 1 set if Z is clear,
diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c
index 24796e5d9e..e63b9883a9 100644
--- a/target/arm/tcg/translate-sme.c
+++ b/target/arm/tcg/translate-sme.c
@@ -25,6 +25,10 @@
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-sve.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
 /*
  * Include the generated decoder.
  */
diff --git a/target/arm/tcg/translate-sve.c b/target/arm/tcg/translate-sve.c
index 605cce0979..87f92b4d1d 100644
--- a/target/arm/tcg/translate-sve.c
+++ b/target/arm/tcg/translate-sve.c
@@ -26,6 +26,12 @@
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-sve.h.inc"
+#include "exec/helper-proto.h.inc"
+#include "exec/helper-gen.h.inc"
+#include "exec/helper-info.c.inc"
+#undef  HELPER_H
+
 typedef void GVecGen2sFn(unsigned, uint32_t, uint32_t,
  TCGv_i64, uint32_t, uint32_t);
 
diff --git a/target/arm/tcg/vec_helper.c b/target/arm/tcg/vec_helper.c
index b0aaca38e7..99f81df9e1 100644
--- a/target/arm/tcg/vec_helper.c
+++ b/target/arm/tcg/vec_helper.c
@@ -37,6 +37,10 @@
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-sve.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 /*
  * Data for expanding active predicate bits to bytes, for byte elements.
  *
-- 
2.38.1

Re: [PATCH 2/4] target/ppc: Ensure stcx size matches larx

[Peter Maydell]

On Mon, 19 Jun 2023 at 16:49, Richard Henderson
 wrote:
>
> On 6/5/23 08:27, Nicholas Piggin wrote:
> > On Sun Jun 4, 2023 at 8:28 PM AEST, Nicholas Piggin wrote:
> >> Differently-sized larx/stcx. pairs can succeed if the starting address
> >> matches. Add a size check to require stcx. exactly match the larx that
> >> established the reservation.
> >
> > Hmm, question: reserve_addr is a VMSTATE field, but reserve_val is not
> > (nor reserve_size after this patch).
> >
> > Blue Swirl added that with commit a456d59c20f ("VM load/save support for
> > PPC CPU"), and when reserve_val was added in commit 18b21a2f83a
> > ("target-ppc: retain l{w,d}arx loaded value") it did not get migrated.
> >
> > Could we end up with reserve_addr != -1, but with a bogus reserve_val,
> > which could then permit a stcx. incorrectly? Not entirely outlandish if
> > reserve_val starts out initialised to zero.
> >
> > Could we just clear the reserve in cpu_post_load? It is permitted to be
> > lost for an implementation-specific reason. Doesn't seem necessary to
> > try keep it alive over a migration.
>
> It's not a bad idea to flush the reservation over migrate.

Is there any particular reason to do so? The default simple
thing is "if this is state that persists across instructions
then migrate it"; we usually reserve "do something special in
post-load" for oddball cases where "just copy the data" doesn't
work.

target/arm migrates both the exclusive addr and value.

target/mips migrates lladdr but has forgotten llval
(and perhaps llval_wp and llnewval_wp, depending on what
those fields do).

thanks
-- PMM

[PATCH v3 14/34] target/arm/tcg: Reduce 'helper-neon.h.inc' inclusion

[Philippe Mathieu-Daudé]

Instead of including helper-neon.h.inc via helper.h which
is included by all TCG files, restrict it to the few files
that require it.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/helper.h | 1 -
 target/arm/tcg/neon_helper.c| 5 -
 target/arm/tcg/translate-a64.c  | 4 
 target/arm/tcg/translate-neon.c | 6 ++
 target/arm/tcg/translate-sme.c  | 4 
 target/arm/tcg/translate.c  | 4 
 target/arm/tcg/vec_helper.c | 4 
 7 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 2600c150f4..819d27d597 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -577,5 +577,4 @@ DEF_HELPER_FLAGS_5(gvec_uclamp_d, TCG_CALL_NO_RWG,
 #include "tcg/helper-sme.h.inc"
 #endif
 
-#include "tcg/helper-neon.h.inc"
 #include "tcg/helper-mve.h.inc"
diff --git a/target/arm/tcg/neon_helper.c b/target/arm/tcg/neon_helper.c
index cd668eb43a..6a4b3a8abf 100644
--- a/target/arm/tcg/neon_helper.c
+++ b/target/arm/tcg/neon_helper.c
@@ -9,10 +9,13 @@
 #include "qemu/osdep.h"
 
 #include "cpu.h"
-#include "exec/helper-proto.h"
 #include "fpu/softfloat.h"
 #include "vec_internal.h"
 
+#define HELPER_H "tcg/helper-neon.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 #define SIGNBIT (uint32_t)0x8000
 #define SIGNBIT64 ((uint64_t)1 << 63)
 
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index c0727c900f..22caf89bb0 100644
--- a/target/arm/tcg/translate-a64.c
+++ b/target/arm/tcg/translate-a64.c
@@ -30,6 +30,10 @@
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-neon.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
 static TCGv_i64 cpu_X[32];
 static TCGv_i64 cpu_pc;
 
diff --git a/target/arm/tcg/translate-neon.c b/target/arm/tcg/translate-neon.c
index 497aba2e39..9a1831f849 100644
--- a/target/arm/tcg/translate-neon.c
+++ b/target/arm/tcg/translate-neon.c
@@ -28,6 +28,12 @@
 #include "exec/helper-gen.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-neon.h.inc"
+#include "exec/helper-proto.h.inc"
+#include "exec/helper-gen.h.inc"
+#include "exec/helper-info.c.inc"
+#undef  HELPER_H
+
 /* Include the generated Neon decoder */
 #include "decode-neon-dp.c.inc"
 #include "decode-neon-ls.c.inc"
diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c
index d0054e3f77..24796e5d9e 100644
--- a/target/arm/tcg/translate-sme.c
+++ b/target/arm/tcg/translate-sme.c
@@ -21,6 +21,10 @@
 #include "translate.h"
 #include "translate-a64.h"
 
+#define HELPER_H "tcg/helper-neon.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
 /*
  * Include the generated decoder.
  */
diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
index a352fced6e..2b3951cece 100644
--- a/target/arm/tcg/translate.c
+++ b/target/arm/tcg/translate.c
@@ -29,6 +29,10 @@
 #include "cpregs.h"
 #include "exec/helper-proto.h"
 
+#define HELPER_H "tcg/helper-neon.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
 #define HELPER_H "helper.h"
 #include "exec/helper-info.c.inc"
 #undef  HELPER_H
diff --git a/target/arm/tcg/vec_helper.c b/target/arm/tcg/vec_helper.c
index 013ca1b05f..af325577f0 100644
--- a/target/arm/tcg/vec_helper.c
+++ b/target/arm/tcg/vec_helper.c
@@ -29,6 +29,10 @@
 #include "exec/helper-proto.h.inc"
 #undef  HELPER_H
 
+#define HELPER_H "tcg/helper-neon.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 /*
  * Data for expanding active predicate bits to bytes, for byte elements.
  *
-- 
2.38.1

[PATCH v3 13/34] target/arm/tcg: Extract NEON definitions to 'helper-neon.h.inc'

[Philippe Mathieu-Daudé]

helper.h is used by all units, but not all require the NEON
definitions. Move them to a new header; the next commit will
remove it from the common helper.h.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
---
 target/arm/helper.h  | 207 +---
 target/arm/tcg/helper-a64.h.inc  |   7 -
 target/arm/tcg/helper-neon.h.inc | 224 +++
 3 files changed, 225 insertions(+), 213 deletions(-)
 create mode 100644 target/arm/tcg/helper-neon.h.inc

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 2419650ec6..2600c150f4 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -103,198 +103,11 @@ DEF_HELPER_FLAGS_2(rebuild_hflags_a64, TCG_CALL_NO_RWG, 
void, env, int)
 
 DEF_HELPER_FLAGS_5(probe_access, TCG_CALL_NO_WG, void, env, tl, i32, i32, i32)
 
-DEF_HELPER_FLAGS_4(neon_tbl, TCG_CALL_NO_RWG, i64, env, i32, i64, i64)
-
 DEF_HELPER_3(shl_cc, i32, env, i32, i32)
 DEF_HELPER_3(shr_cc, i32, env, i32, i32)
 DEF_HELPER_3(sar_cc, i32, env, i32, i32)
 DEF_HELPER_3(ror_cc, i32, env, i32, i32)
 
-/* neon_helper.c */
-DEF_HELPER_FLAGS_3(neon_qadd_u8, TCG_CALL_NO_RWG, i32, env, i32, i32)
-DEF_HELPER_FLAGS_3(neon_qadd_s8, TCG_CALL_NO_RWG, i32, env, i32, i32)
-DEF_HELPER_FLAGS_3(neon_qadd_u16, TCG_CALL_NO_RWG, i32, env, i32, i32)
-DEF_HELPER_FLAGS_3(neon_qadd_s16, TCG_CALL_NO_RWG, i32, env, i32, i32)
-DEF_HELPER_FLAGS_3(neon_qadd_u32, TCG_CALL_NO_RWG, i32, env, i32, i32)
-DEF_HELPER_FLAGS_3(neon_qadd_s32, TCG_CALL_NO_RWG, i32, env, i32, i32)
-DEF_HELPER_FLAGS_3(neon_uqadd_s8, TCG_CALL_NO_RWG, i32, env, i32, i32)
-DEF_HELPER_FLAGS_3(neon_uqadd_s16, TCG_CALL_NO_RWG, i32, env, i32, i32)
-DEF_HELPER_FLAGS_3(neon_uqadd_s32, TCG_CALL_NO_RWG, i32, env, i32, i32)
-DEF_HELPER_FLAGS_3(neon_uqadd_s64, TCG_CALL_NO_RWG, i64, env, i64, i64)
-DEF_HELPER_FLAGS_3(neon_sqadd_u8, TCG_CALL_NO_RWG, i32, env, i32, i32)
-DEF_HELPER_FLAGS_3(neon_sqadd_u16, TCG_CALL_NO_RWG, i32, env, i32, i32)
-DEF_HELPER_FLAGS_3(neon_sqadd_u32, TCG_CALL_NO_RWG, i32, env, i32, i32)
-DEF_HELPER_FLAGS_3(neon_sqadd_u64, TCG_CALL_NO_RWG, i64, env, i64, i64)
-DEF_HELPER_3(neon_qsub_u8, i32, env, i32, i32)
-DEF_HELPER_3(neon_qsub_s8, i32, env, i32, i32)
-DEF_HELPER_3(neon_qsub_u16, i32, env, i32, i32)
-DEF_HELPER_3(neon_qsub_s16, i32, env, i32, i32)
-DEF_HELPER_3(neon_qsub_u32, i32, env, i32, i32)
-DEF_HELPER_3(neon_qsub_s32, i32, env, i32, i32)
-DEF_HELPER_3(neon_qadd_u64, i64, env, i64, i64)
-DEF_HELPER_3(neon_qadd_s64, i64, env, i64, i64)
-DEF_HELPER_3(neon_qsub_u64, i64, env, i64, i64)
-DEF_HELPER_3(neon_qsub_s64, i64, env, i64, i64)
-
-DEF_HELPER_2(neon_hadd_s8, i32, i32, i32)
-DEF_HELPER_2(neon_hadd_u8, i32, i32, i32)
-DEF_HELPER_2(neon_hadd_s16, i32, i32, i32)
-DEF_HELPER_2(neon_hadd_u16, i32, i32, i32)
-DEF_HELPER_2(neon_hadd_s32, s32, s32, s32)
-DEF_HELPER_2(neon_hadd_u32, i32, i32, i32)
-DEF_HELPER_2(neon_rhadd_s8, i32, i32, i32)
-DEF_HELPER_2(neon_rhadd_u8, i32, i32, i32)
-DEF_HELPER_2(neon_rhadd_s16, i32, i32, i32)
-DEF_HELPER_2(neon_rhadd_u16, i32, i32, i32)
-DEF_HELPER_2(neon_rhadd_s32, s32, s32, s32)
-DEF_HELPER_2(neon_rhadd_u32, i32, i32, i32)
-DEF_HELPER_2(neon_hsub_s8, i32, i32, i32)
-DEF_HELPER_2(neon_hsub_u8, i32, i32, i32)
-DEF_HELPER_2(neon_hsub_s16, i32, i32, i32)
-DEF_HELPER_2(neon_hsub_u16, i32, i32, i32)
-DEF_HELPER_2(neon_hsub_s32, s32, s32, s32)
-DEF_HELPER_2(neon_hsub_u32, i32, i32, i32)
-
-DEF_HELPER_2(neon_pmin_u8, i32, i32, i32)
-DEF_HELPER_2(neon_pmin_s8, i32, i32, i32)
-DEF_HELPER_2(neon_pmin_u16, i32, i32, i32)
-DEF_HELPER_2(neon_pmin_s16, i32, i32, i32)
-DEF_HELPER_2(neon_pmax_u8, i32, i32, i32)
-DEF_HELPER_2(neon_pmax_s8, i32, i32, i32)
-DEF_HELPER_2(neon_pmax_u16, i32, i32, i32)
-DEF_HELPER_2(neon_pmax_s16, i32, i32, i32)
-
-DEF_HELPER_2(neon_shl_u16, i32, i32, i32)
-DEF_HELPER_2(neon_shl_s16, i32, i32, i32)
-DEF_HELPER_2(neon_rshl_u8, i32, i32, i32)
-DEF_HELPER_2(neon_rshl_s8, i32, i32, i32)
-DEF_HELPER_2(neon_rshl_u16, i32, i32, i32)
-DEF_HELPER_2(neon_rshl_s16, i32, i32, i32)
-DEF_HELPER_2(neon_rshl_u32, i32, i32, i32)
-DEF_HELPER_2(neon_rshl_s32, i32, i32, i32)
-DEF_HELPER_2(neon_rshl_u64, i64, i64, i64)
-DEF_HELPER_2(neon_rshl_s64, i64, i64, i64)
-DEF_HELPER_3(neon_qshl_u8, i32, env, i32, i32)
-DEF_HELPER_3(neon_qshl_s8, i32, env, i32, i32)
-DEF_HELPER_3(neon_qshl_u16, i32, env, i32, i32)
-DEF_HELPER_3(neon_qshl_s16, i32, env, i32, i32)
-DEF_HELPER_3(neon_qshl_u32, i32, env, i32, i32)
-DEF_HELPER_3(neon_qshl_s32, i32, env, i32, i32)
-DEF_HELPER_3(neon_qshl_u64, i64, env, i64, i64)
-DEF_HELPER_3(neon_qshl_s64, i64, env, i64, i64)
-DEF_HELPER_3(neon_qshlu_s8, i32, env, i32, i32)
-DEF_HELPER_3(neon_qshlu_s16, i32, env, i32, i32)
-DEF_HELPER_3(neon_qshlu_s32, i32, env, i32, i32)
-DEF_HELPER_3(neon_qshlu_s64, i64, env, i64, i64)
-DEF_HELPER_3(neon_qrshl_u8, i32, env, i32, i32)
-DEF_HELPER_3(neon_qrshl_s8, i32, env, i32, i32)
-DEF_HELPER_3(neon_qrshl_u16, i32, env, i32, i32)
-DEF_HELPER_3(neon_qrshl_s16, i32, env, i32, i32)

Re: [PATCH 2/4] target/ppc: Ensure stcx size matches larx

[Richard Henderson]

On 6/5/23 08:27, Nicholas Piggin wrote:

On Sun Jun 4, 2023 at 8:28 PM AEST, Nicholas Piggin wrote:

Differently-sized larx/stcx. pairs can succeed if the starting address
matches. Add a size check to require stcx. exactly match the larx that
established the reservation.


Hmm, question: reserve_addr is a VMSTATE field, but reserve_val is not
(nor reserve_size after this patch).

Blue Swirl added that with commit a456d59c20f ("VM load/save support for
PPC CPU"), and when reserve_val was added in commit 18b21a2f83a
("target-ppc: retain l{w,d}arx loaded value") it did not get migrated.

Could we end up with reserve_addr != -1, but with a bogus reserve_val,
which could then permit a stcx. incorrectly? Not entirely outlandish if
reserve_val starts out initialised to zero.

Could we just clear the reserve in cpu_post_load? It is permitted to be
lost for an implementation-specific reason. Doesn't seem necessary to
try keep it alive over a migration.


It's not a bad idea to flush the reservation over migrate.
You can do

-   VMSTATE_UINTTL(env.reserve_addr, PowerPCCPU),
+   VMSTATE_UNUSED(sizeof(target_long))

when making that change.

Peter, any thoughts on this?  If we're going to do one guest, we might ought to do the 
same for all load-lock/store-conditional guests.



r~

[PATCH v3 11/34] target/arm/tcg: Reduce 'helper-vfp.h.inc' inclusion

[Philippe Mathieu-Daudé]

Instead of including helper-vfp.h.inc via helper.h which
is included by all TCG files, restrict it to the few files
that require it.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/helper.h   | 1 -
 target/arm/tcg/mve_helper.c   | 4 
 target/arm/tcg/sve_helper.c   | 3 +++
 target/arm/tcg/translate-a64.c| 4 
 target/arm/tcg/translate-m-nocp.c | 5 +
 target/arm/tcg/translate-neon.c   | 4 
 target/arm/tcg/translate-vfp.c| 6 ++
 target/arm/tcg/vec_helper.c   | 4 
 target/arm/vfp_helper.c   | 5 -
 9 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index e81ea87d37..2419650ec6 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -783,5 +783,4 @@ DEF_HELPER_FLAGS_5(gvec_uclamp_d, TCG_CALL_NO_RWG,
 #include "tcg/helper-sme.h.inc"
 #endif
 
-#include "tcg/helper-vfp.h.inc"
 #include "tcg/helper-mve.h.inc"
diff --git a/target/arm/tcg/mve_helper.c b/target/arm/tcg/mve_helper.c
index 403b345ea3..d8ba5a9e60 100644
--- a/target/arm/tcg/mve_helper.c
+++ b/target/arm/tcg/mve_helper.c
@@ -27,6 +27,10 @@
 #include "tcg/tcg.h"
 #include "fpu/softfloat.h"
 
+#define HELPER_H "tcg/helper-vfp.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 static uint16_t mve_eci_mask(CPUARMState *env)
 {
 /*
diff --git a/target/arm/tcg/sve_helper.c b/target/arm/tcg/sve_helper.c
index 0097522470..8a0d966aae 100644
--- a/target/arm/tcg/sve_helper.c
+++ b/target/arm/tcg/sve_helper.c
@@ -29,6 +29,9 @@
 #include "sve_ldst_internal.h"
 #include "hw/core/tcg-cpu-ops.h"
 
+#define HELPER_H "tcg/helper-vfp.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
 
 /* Return a value for NZCV as per the ARM PredTest pseudofunction.
  *
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index aa93f37e21..c0727c900f 100644
--- a/target/arm/tcg/translate-a64.c
+++ b/target/arm/tcg/translate-a64.c
@@ -26,6 +26,10 @@
 #include "semihosting/semihost.h"
 #include "cpregs.h"
 
+#define HELPER_H "tcg/helper-vfp.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
 static TCGv_i64 cpu_X[32];
 static TCGv_i64 cpu_pc;
 
diff --git a/target/arm/tcg/translate-m-nocp.c 
b/target/arm/tcg/translate-m-nocp.c
index 33f6478bb9..7343945b41 100644
--- a/target/arm/tcg/translate-m-nocp.c
+++ b/target/arm/tcg/translate-m-nocp.c
@@ -21,6 +21,11 @@
 #include "translate.h"
 #include "translate-a32.h"
 
+#define HELPER_H "tcg/helper-vfp.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
+/* Include the generated decoder */
 #include "decode-m-nocp.c.inc"
 
 /*
diff --git a/target/arm/tcg/translate-neon.c b/target/arm/tcg/translate-neon.c
index 03913de047..497aba2e39 100644
--- a/target/arm/tcg/translate-neon.c
+++ b/target/arm/tcg/translate-neon.c
@@ -24,6 +24,10 @@
 #include "translate.h"
 #include "translate-a32.h"
 
+#define HELPER_H "tcg/helper-vfp.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+
 /* Include the generated Neon decoder */
 #include "decode-neon-dp.c.inc"
 #include "decode-neon-ls.c.inc"
diff --git a/target/arm/tcg/translate-vfp.c b/target/arm/tcg/translate-vfp.c
index 4bfd857141..b890c7ed01 100644
--- a/target/arm/tcg/translate-vfp.c
+++ b/target/arm/tcg/translate-vfp.c
@@ -24,6 +24,12 @@
 #include "translate.h"
 #include "translate-a32.h"
 
+#define HELPER_H "tcg/helper-vfp.h.inc"
+#include "exec/helper-proto.h.inc"
+#include "exec/helper-gen.h.inc"
+#include "exec/helper-info.c.inc"
+#undef  HELPER_H
+
 /* Include the generated VFP decoder */
 #include "decode-vfp.c.inc"
 #include "decode-vfp-uncond.c.inc"
diff --git a/target/arm/tcg/vec_helper.c b/target/arm/tcg/vec_helper.c
index f59d3b26ea..013ca1b05f 100644
--- a/target/arm/tcg/vec_helper.c
+++ b/target/arm/tcg/vec_helper.c
@@ -25,6 +25,10 @@
 #include "qemu/int128.h"
 #include "vec_internal.h"
 
+#define HELPER_H "tcg/helper-vfp.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 /*
  * Data for expanding active predicate bits to bytes, for byte elements.
  *
diff --git a/target/arm/vfp_helper.c b/target/arm/vfp_helper.c
index 0a5b2993a4..7046a2a554 100644
--- a/target/arm/vfp_helper.c
+++ b/target/arm/vfp_helper.c
@@ -19,7 +19,6 @@
 
 #include "qemu/osdep.h"
 #include "cpu.h"
-#include "exec/helper-proto.h"
 #include "internals.h"
 #ifdef CONFIG_TCG
 #include "qemu/log.h"
@@ -32,6 +31,10 @@
 
 #ifdef CONFIG_TCG
 
+#define HELPER_H "tcg/helper-vfp.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
+
 /* Convert host exception flags to vfp form.  */
 static inline int vfp_exceptbits_from_host(int host_bits)
 {
-- 
2.38.1

[PATCH v3 12/34] target/arm/tcg: Move NEON helpers to neon_helper.c

[Philippe Mathieu-Daudé]

Move various NEON helpers to the well named neon_helper.c.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/tcg/helper-a64.c  |  80 --
 target/arm/tcg/neon_helper.c | 106 +++
 target/arm/tcg/op_helper.c   |  22 
 3 files changed, 106 insertions(+), 102 deletions(-)

diff --git a/target/arm/tcg/helper-a64.c b/target/arm/tcg/helper-a64.c
index c43f22e7d4..6312238676 100644
--- a/target/arm/tcg/helper-a64.c
+++ b/target/arm/tcg/helper-a64.c
@@ -93,25 +93,6 @@ void HELPER(msr_i_daifclear)(CPUARMState *env, uint32_t imm)
 arm_rebuild_hflags(env);
 }
 
-/* 64bit/double versions of the neon float compare functions */
-uint64_t HELPER(neon_ceq_f64)(float64 a, float64 b, void *fpstp)
-{
-float_status *fpst = fpstp;
-return -float64_eq_quiet(a, b, fpst);
-}
-
-uint64_t HELPER(neon_cge_f64)(float64 a, float64 b, void *fpstp)
-{
-float_status *fpst = fpstp;
-return -float64_le(b, a, fpst);
-}
-
-uint64_t HELPER(neon_cgt_f64)(float64 a, float64 b, void *fpstp)
-{
-float_status *fpst = fpstp;
-return -float64_lt(b, a, fpst);
-}
-
 /* Reciprocal step and sqrt step. Note that unlike the A32/T32
  * versions, these do a fully fused multiply-add or
  * multiply-add-and-halve.
@@ -207,67 +188,6 @@ float64 HELPER(rsqrtsf_f64)(float64 a, float64 b, void 
*fpstp)
 return float64_muladd(a, b, float64_three, float_muladd_halve_result, 
fpst);
 }
 
-/* Pairwise long add: add pairs of adjacent elements into
- * double-width elements in the result (eg _s8 is an 8x8->16 op)
- */
-uint64_t HELPER(neon_addlp_s8)(uint64_t a)
-{
-uint64_t nsignmask = 0x0080008000800080ULL;
-uint64_t wsignmask = 0x8000800080008000ULL;
-uint64_t elementmask = 0x00ff00ff00ff00ffULL;
-uint64_t tmp1, tmp2;
-uint64_t res, signres;
-
-/* Extract odd elements, sign extend each to a 16 bit field */
-tmp1 = a & elementmask;
-tmp1 ^= nsignmask;
-tmp1 |= wsignmask;
-tmp1 = (tmp1 - nsignmask) ^ wsignmask;
-/* Ditto for the even elements */
-tmp2 = (a >> 8) & elementmask;
-tmp2 ^= nsignmask;
-tmp2 |= wsignmask;
-tmp2 = (tmp2 - nsignmask) ^ wsignmask;
-
-/* calculate the result by summing bits 0..14, 16..22, etc,
- * and then adjusting the sign bits 15, 23, etc manually.
- * This ensures the addition can't overflow the 16 bit field.
- */
-signres = (tmp1 ^ tmp2) & wsignmask;
-res = (tmp1 & ~wsignmask) + (tmp2 & ~wsignmask);
-res ^= signres;
-
-return res;
-}
-
-uint64_t HELPER(neon_addlp_u8)(uint64_t a)
-{
-uint64_t tmp;
-
-tmp = a & 0x00ff00ff00ff00ffULL;
-tmp += (a >> 8) & 0x00ff00ff00ff00ffULL;
-return tmp;
-}
-
-uint64_t HELPER(neon_addlp_s16)(uint64_t a)
-{
-int32_t reslo, reshi;
-
-reslo = (int32_t)(int16_t)a + (int32_t)(int16_t)(a >> 16);
-reshi = (int32_t)(int16_t)(a >> 32) + (int32_t)(int16_t)(a >> 48);
-
-return (uint32_t)reslo | (((uint64_t)reshi) << 32);
-}
-
-uint64_t HELPER(neon_addlp_u16)(uint64_t a)
-{
-uint64_t tmp;
-
-tmp = a & 0xULL;
-tmp += (a >> 16) & 0xULL;
-return tmp;
-}
-
 /* Floating-point reciprocal exponent - see FPRecpX in ARM ARM */
 uint32_t HELPER(frecpx_f16)(uint32_t a, void *fpstp)
 {
diff --git a/target/arm/tcg/neon_helper.c b/target/arm/tcg/neon_helper.c
index bc6c4a54e9..cd668eb43a 100644
--- a/target/arm/tcg/neon_helper.c
+++ b/target/arm/tcg/neon_helper.c
@@ -1738,3 +1738,109 @@ void HELPER(neon_zip16)(void *vd, void *vm)
 rm[0] = m0;
 rd[0] = d0;
 }
+
+uint64_t HELPER(neon_tbl)(CPUARMState *env, uint32_t desc,
+  uint64_t ireg, uint64_t def)
+{
+uint64_t tmp, val = 0;
+uint32_t maxindex = ((desc & 3) + 1) * 8;
+uint32_t base_reg = desc >> 2;
+uint32_t shift, index, reg;
+
+for (shift = 0; shift < 64; shift += 8) {
+index = (ireg >> shift) & 0xff;
+if (index < maxindex) {
+reg = base_reg + (index >> 3);
+tmp = *aa32_vfp_dreg(env, reg);
+tmp = ((tmp >> ((index & 7) << 3)) & 0xff) << shift;
+} else {
+tmp = def & (0xffull << shift);
+}
+val |= tmp;
+}
+return val;
+}
+
+#ifdef TARGET_AARCH64
+
+/* Pairwise long add: add pairs of adjacent elements into
+ * double-width elements in the result (eg _s8 is an 8x8->16 op)
+ */
+uint64_t HELPER(neon_addlp_s8)(uint64_t a)
+{
+uint64_t nsignmask = 0x0080008000800080ULL;
+uint64_t wsignmask = 0x8000800080008000ULL;
+uint64_t elementmask = 0x00ff00ff00ff00ffULL;
+uint64_t tmp1, tmp2;
+uint64_t res, signres;
+
+/* Extract odd elements, sign extend each to a 16 bit field */
+tmp1 = a & elementmask;
+tmp1 ^= nsignmask;
+tmp1 |= wsignmask;
+tmp1 = (tmp1 - nsignmask) ^ wsignmask;
+/* Ditto for the even elements */
+tmp2 = (a >> 8) & elementmask;
+tmp2 ^= nsignmask;
+tmp2 |= wsignmask;
+tmp2 = (tmp2 - nsignmask) ^ wsignmask;

[PATCH v3 10/34] target/arm/tcg: Extract VFP definitions to 'helper-vfp.h.inc'

[Philippe Mathieu-Daudé]

helper.h is used by all units, but not all require the
VFP definitions. Move them (along with definitions in
helper-a64.h.inc) to a new header; the next commit will
remove it from the common helper.h.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/helper.h | 167 +---
 target/arm/tcg/helper-a64.h.inc |   8 --
 target/arm/tcg/helper-vfp.h.inc | 189 
 3 files changed, 190 insertions(+), 174 deletions(-)
 create mode 100644 target/arm/tcg/helper-vfp.h.inc

diff --git a/target/arm/helper.h b/target/arm/helper.h
index dd12fee107..e81ea87d37 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -103,155 +103,6 @@ DEF_HELPER_FLAGS_2(rebuild_hflags_a64, TCG_CALL_NO_RWG, 
void, env, int)
 
 DEF_HELPER_FLAGS_5(probe_access, TCG_CALL_NO_WG, void, env, tl, i32, i32, i32)
 
-DEF_HELPER_1(vfp_get_fpscr, i32, env)
-DEF_HELPER_2(vfp_set_fpscr, void, env, i32)
-
-DEF_HELPER_3(vfp_addh, f16, f16, f16, ptr)
-DEF_HELPER_3(vfp_adds, f32, f32, f32, ptr)
-DEF_HELPER_3(vfp_addd, f64, f64, f64, ptr)
-DEF_HELPER_3(vfp_subh, f16, f16, f16, ptr)
-DEF_HELPER_3(vfp_subs, f32, f32, f32, ptr)
-DEF_HELPER_3(vfp_subd, f64, f64, f64, ptr)
-DEF_HELPER_3(vfp_mulh, f16, f16, f16, ptr)
-DEF_HELPER_3(vfp_muls, f32, f32, f32, ptr)
-DEF_HELPER_3(vfp_muld, f64, f64, f64, ptr)
-DEF_HELPER_3(vfp_divh, f16, f16, f16, ptr)
-DEF_HELPER_3(vfp_divs, f32, f32, f32, ptr)
-DEF_HELPER_3(vfp_divd, f64, f64, f64, ptr)
-DEF_HELPER_3(vfp_maxh, f16, f16, f16, ptr)
-DEF_HELPER_3(vfp_maxs, f32, f32, f32, ptr)
-DEF_HELPER_3(vfp_maxd, f64, f64, f64, ptr)
-DEF_HELPER_3(vfp_minh, f16, f16, f16, ptr)
-DEF_HELPER_3(vfp_mins, f32, f32, f32, ptr)
-DEF_HELPER_3(vfp_mind, f64, f64, f64, ptr)
-DEF_HELPER_3(vfp_maxnumh, f16, f16, f16, ptr)
-DEF_HELPER_3(vfp_maxnums, f32, f32, f32, ptr)
-DEF_HELPER_3(vfp_maxnumd, f64, f64, f64, ptr)
-DEF_HELPER_3(vfp_minnumh, f16, f16, f16, ptr)
-DEF_HELPER_3(vfp_minnums, f32, f32, f32, ptr)
-DEF_HELPER_3(vfp_minnumd, f64, f64, f64, ptr)
-DEF_HELPER_1(vfp_negh, f16, f16)
-DEF_HELPER_1(vfp_negs, f32, f32)
-DEF_HELPER_1(vfp_negd, f64, f64)
-DEF_HELPER_1(vfp_absh, f16, f16)
-DEF_HELPER_1(vfp_abss, f32, f32)
-DEF_HELPER_1(vfp_absd, f64, f64)
-DEF_HELPER_2(vfp_sqrth, f16, f16, env)
-DEF_HELPER_2(vfp_sqrts, f32, f32, env)
-DEF_HELPER_2(vfp_sqrtd, f64, f64, env)
-DEF_HELPER_3(vfp_cmph, void, f16, f16, env)
-DEF_HELPER_3(vfp_cmps, void, f32, f32, env)
-DEF_HELPER_3(vfp_cmpd, void, f64, f64, env)
-DEF_HELPER_3(vfp_cmpeh, void, f16, f16, env)
-DEF_HELPER_3(vfp_cmpes, void, f32, f32, env)
-DEF_HELPER_3(vfp_cmped, void, f64, f64, env)
-
-DEF_HELPER_2(vfp_fcvtds, f64, f32, env)
-DEF_HELPER_2(vfp_fcvtsd, f32, f64, env)
-DEF_HELPER_FLAGS_2(bfcvt, TCG_CALL_NO_RWG, i32, f32, ptr)
-DEF_HELPER_FLAGS_2(bfcvt_pair, TCG_CALL_NO_RWG, i32, i64, ptr)
-
-DEF_HELPER_2(vfp_uitoh, f16, i32, ptr)
-DEF_HELPER_2(vfp_uitos, f32, i32, ptr)
-DEF_HELPER_2(vfp_uitod, f64, i32, ptr)
-DEF_HELPER_2(vfp_sitoh, f16, i32, ptr)
-DEF_HELPER_2(vfp_sitos, f32, i32, ptr)
-DEF_HELPER_2(vfp_sitod, f64, i32, ptr)
-
-DEF_HELPER_2(vfp_touih, i32, f16, ptr)
-DEF_HELPER_2(vfp_touis, i32, f32, ptr)
-DEF_HELPER_2(vfp_touid, i32, f64, ptr)
-DEF_HELPER_2(vfp_touizh, i32, f16, ptr)
-DEF_HELPER_2(vfp_touizs, i32, f32, ptr)
-DEF_HELPER_2(vfp_touizd, i32, f64, ptr)
-DEF_HELPER_2(vfp_tosih, s32, f16, ptr)
-DEF_HELPER_2(vfp_tosis, s32, f32, ptr)
-DEF_HELPER_2(vfp_tosid, s32, f64, ptr)
-DEF_HELPER_2(vfp_tosizh, s32, f16, ptr)
-DEF_HELPER_2(vfp_tosizs, s32, f32, ptr)
-DEF_HELPER_2(vfp_tosizd, s32, f64, ptr)
-
-DEF_HELPER_3(vfp_toshh_round_to_zero, i32, f16, i32, ptr)
-DEF_HELPER_3(vfp_toslh_round_to_zero, i32, f16, i32, ptr)
-DEF_HELPER_3(vfp_touhh_round_to_zero, i32, f16, i32, ptr)
-DEF_HELPER_3(vfp_toulh_round_to_zero, i32, f16, i32, ptr)
-DEF_HELPER_3(vfp_toshs_round_to_zero, i32, f32, i32, ptr)
-DEF_HELPER_3(vfp_tosls_round_to_zero, i32, f32, i32, ptr)
-DEF_HELPER_3(vfp_touhs_round_to_zero, i32, f32, i32, ptr)
-DEF_HELPER_3(vfp_touls_round_to_zero, i32, f32, i32, ptr)
-DEF_HELPER_3(vfp_toshd_round_to_zero, i64, f64, i32, ptr)
-DEF_HELPER_3(vfp_tosld_round_to_zero, i64, f64, i32, ptr)
-DEF_HELPER_3(vfp_touhd_round_to_zero, i64, f64, i32, ptr)
-DEF_HELPER_3(vfp_tould_round_to_zero, i64, f64, i32, ptr)
-DEF_HELPER_3(vfp_touhh, i32, f16, i32, ptr)
-DEF_HELPER_3(vfp_toshh, i32, f16, i32, ptr)
-DEF_HELPER_3(vfp_toulh, i32, f16, i32, ptr)
-DEF_HELPER_3(vfp_toslh, i32, f16, i32, ptr)
-DEF_HELPER_3(vfp_touqh, i64, f16, i32, ptr)
-DEF_HELPER_3(vfp_tosqh, i64, f16, i32, ptr)
-DEF_HELPER_3(vfp_toshs, i32, f32, i32, ptr)
-DEF_HELPER_3(vfp_tosls, i32, f32, i32, ptr)
-DEF_HELPER_3(vfp_tosqs, i64, f32, i32, ptr)
-DEF_HELPER_3(vfp_touhs, i32, f32, i32, ptr)
-DEF_HELPER_3(vfp_touls, i32, f32, i32, ptr)
-DEF_HELPER_3(vfp_touqs, i64, f32, i32, ptr)
-DEF_HELPER_3(vfp_toshd, i64, f64, i32, ptr)
-DEF_HELPER_3(vfp_tosld, i64, f64, i32, ptr)
-DEF_HELPER_3(vfp_tosqd, i64, f64, i32, ptr)
-DEF_HELPER_3(vfp_touhd, i64, f64, i32, ptr)

[PATCH v3 07/34] target/arm/tcg: Reduce 'helper-iwmmxt.h.inc' inclusion

[Philippe Mathieu-Daudé]

Instead of including helper-iwmmxt.h.inc via helper.h which
is included by all TCG files, restrict it to the few files
that require it.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/helper.h   | 1 -
 target/arm/tcg/iwmmxt_helper.c| 5 -
 target/arm/tcg/translate-iwmmxt.c | 6 ++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index c4a321c0ea..dd12fee107 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -949,5 +949,4 @@ DEF_HELPER_FLAGS_5(gvec_uclamp_d, TCG_CALL_NO_RWG,
 #include "tcg/helper-sme.h.inc"
 #endif
 
-#include "tcg/helper-iwmmxt.h.inc"
 #include "tcg/helper-mve.h.inc"
diff --git a/target/arm/tcg/iwmmxt_helper.c b/target/arm/tcg/iwmmxt_helper.c
index 610b1b2103..ee607a3d3d 100644
--- a/target/arm/tcg/iwmmxt_helper.c
+++ b/target/arm/tcg/iwmmxt_helper.c
@@ -22,7 +22,10 @@
 #include "qemu/osdep.h"
 
 #include "cpu.h"
-#include "exec/helper-proto.h"
+
+#define HELPER_H "tcg/helper-iwmmxt.h.inc"
+#include "exec/helper-proto.h.inc"
+#undef  HELPER_H
 
 /* iwMMXt macros extracted from GNU gdb.  */
 
diff --git a/target/arm/tcg/translate-iwmmxt.c 
b/target/arm/tcg/translate-iwmmxt.c
index 57a924c578..9f6d717ee0 100644
--- a/target/arm/tcg/translate-iwmmxt.c
+++ b/target/arm/tcg/translate-iwmmxt.c
@@ -12,6 +12,12 @@
 #include "translate.h"
 #include "translate-a32.h"
 
+#define HELPER_H "tcg/helper-iwmmxt.h.inc"
+#include "exec/helper-proto.h.inc"
+#include "exec/helper-gen.h.inc"
+#include "exec/helper-info.c.inc"
+#undef  HELPER_H
+
 #define ARM_CP_RW_BIT   (1 << 20)
 
 static inline void iwmmxt_load_reg(TCGv_i64 var, int reg)
-- 
2.38.1

[PATCH v3 09/34] target/arm/tcg: Move VFP helpers from helper-a64.c to vfp_helper.c

[Philippe Mathieu-Daudé]

Keep the VFP helpers in the same file, guarding them with #ifdef'ry.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/tcg/helper-a64.c | 87 --
 target/arm/vfp_helper.c | 93 -
 2 files changed, 92 insertions(+), 88 deletions(-)

diff --git a/target/arm/tcg/helper-a64.c b/target/arm/tcg/helper-a64.c
index 1c9370f07b..c43f22e7d4 100644
--- a/target/arm/tcg/helper-a64.c
+++ b/target/arm/tcg/helper-a64.c
@@ -93,93 +93,6 @@ void HELPER(msr_i_daifclear)(CPUARMState *env, uint32_t imm)
 arm_rebuild_hflags(env);
 }
 
-/* Convert a softfloat float_relation_ (as returned by
- * the float*_compare functions) to the correct ARM
- * NZCV flag state.
- */
-static inline uint32_t float_rel_to_flags(int res)
-{
-uint64_t flags;
-switch (res) {
-case float_relation_equal:
-flags = PSTATE_Z | PSTATE_C;
-break;
-case float_relation_less:
-flags = PSTATE_N;
-break;
-case float_relation_greater:
-flags = PSTATE_C;
-break;
-case float_relation_unordered:
-default:
-flags = PSTATE_C | PSTATE_V;
-break;
-}
-return flags;
-}
-
-uint64_t HELPER(vfp_cmph_a64)(uint32_t x, uint32_t y, void *fp_status)
-{
-return float_rel_to_flags(float16_compare_quiet(x, y, fp_status));
-}
-
-uint64_t HELPER(vfp_cmpeh_a64)(uint32_t x, uint32_t y, void *fp_status)
-{
-return float_rel_to_flags(float16_compare(x, y, fp_status));
-}
-
-uint64_t HELPER(vfp_cmps_a64)(float32 x, float32 y, void *fp_status)
-{
-return float_rel_to_flags(float32_compare_quiet(x, y, fp_status));
-}
-
-uint64_t HELPER(vfp_cmpes_a64)(float32 x, float32 y, void *fp_status)
-{
-return float_rel_to_flags(float32_compare(x, y, fp_status));
-}
-
-uint64_t HELPER(vfp_cmpd_a64)(float64 x, float64 y, void *fp_status)
-{
-return float_rel_to_flags(float64_compare_quiet(x, y, fp_status));
-}
-
-uint64_t HELPER(vfp_cmped_a64)(float64 x, float64 y, void *fp_status)
-{
-return float_rel_to_flags(float64_compare(x, y, fp_status));
-}
-
-float32 HELPER(vfp_mulxs)(float32 a, float32 b, void *fpstp)
-{
-float_status *fpst = fpstp;
-
-a = float32_squash_input_denormal(a, fpst);
-b = float32_squash_input_denormal(b, fpst);
-
-if ((float32_is_zero(a) && float32_is_infinity(b)) ||
-(float32_is_infinity(a) && float32_is_zero(b))) {
-/* 2.0 with the sign bit set to sign(A) XOR sign(B) */
-return make_float32((1U << 30) |
-((float32_val(a) ^ float32_val(b)) & (1U << 31)));
-}
-return float32_mul(a, b, fpst);
-}
-
-float64 HELPER(vfp_mulxd)(float64 a, float64 b, void *fpstp)
-{
-float_status *fpst = fpstp;
-
-a = float64_squash_input_denormal(a, fpst);
-b = float64_squash_input_denormal(b, fpst);
-
-if ((float64_is_zero(a) && float64_is_infinity(b)) ||
-(float64_is_infinity(a) && float64_is_zero(b))) {
-/* 2.0 with the sign bit set to sign(A) XOR sign(B) */
-return make_float64((1ULL << 62) |
-((float64_val(a) ^ float64_val(b)) & (1ULL << 
63)));
-}
-return float64_mul(a, b, fpst);
-}
-
 /* 64bit/double versions of the neon float compare functions */
 uint64_t HELPER(neon_ceq_f64)(float64 a, float64 b, void *fpstp)
 {
diff --git a/target/arm/vfp_helper.c b/target/arm/vfp_helper.c
index 36906db8e0..0a5b2993a4 100644
--- a/target/arm/vfp_helper.c
+++ b/target/arm/vfp_helper.c
@@ -1326,4 +1326,95 @@ void HELPER(check_hcr_el2_trap)(CPUARMState *env, 
uint32_t rt, uint32_t reg)
 raise_exception(env, EXCP_HYP_TRAP, syndrome, 2);
 }
 
-#endif
+#ifdef TARGET_AARCH64
+
+/* Convert a softfloat float_relation_ (as returned by
+ * the float*_compare functions) to the correct ARM
+ * NZCV flag state.
+ */
+static inline uint32_t float_rel_to_flags(int res)
+{
+uint64_t flags;
+switch (res) {
+case float_relation_equal:
+flags = PSTATE_Z | PSTATE_C;
+break;
+case float_relation_less:
+flags = PSTATE_N;
+break;
+case float_relation_greater:
+flags = PSTATE_C;
+break;
+case float_relation_unordered:
+default:
+flags = PSTATE_C | PSTATE_V;
+break;
+}
+return flags;
+}
+
+uint64_t HELPER(vfp_cmph_a64)(uint32_t x, uint32_t y, void *fp_status)
+{
+return float_rel_to_flags(float16_compare_quiet(x, y, fp_status));
+}
+
+uint64_t HELPER(vfp_cmpeh_a64)(uint32_t x, uint32_t y, void *fp_status)
+{
+return float_rel_to_flags(float16_compare(x, y, fp_status));
+}
+
+uint64_t HELPER(vfp_cmps_a64)(float32 x, float32 y, void *fp_status)
+{
+return float_rel_to_flags(float32_compare_quiet(x, y, fp_status));
+}
+
+uint64_t HELPER(vfp_cmpes_a64)(float32 x, float32 y, void *fp_status)
+{
+return float_rel_to_flags(float32_compare(x, y, fp_status));
+}
+
+uint64_t HELPER(vfp_cmpd_a64)(float64 x, float64 y, void *fp_status)
+{
+return 

[PATCH v3 06/34] target/arm/tcg: Extract iwmmxt code to translate-iwmmxt.c

[Philippe Mathieu-Daudé]

Extract 1300 lines from the big enough translate.c.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/tcg/translate-iwmmxt.c | 1325 +
 target/arm/tcg/translate.c| 1312 
 target/arm/tcg/meson.build|1 +
 3 files changed, 1326 insertions(+), 1312 deletions(-)
 create mode 100644 target/arm/tcg/translate-iwmmxt.c

diff --git a/target/arm/tcg/translate-iwmmxt.c 
b/target/arm/tcg/translate-iwmmxt.c
new file mode 100644
index 00..57a924c578
--- /dev/null
+++ b/target/arm/tcg/translate-iwmmxt.c
@@ -0,0 +1,1325 @@
+/*
+ * XScale iwMMXt translation
+ *
+ * Copyright (c) 2007 OpenedHand, Ltd.
+ * Written by Andrzej Zaborowski 
+ * Copyright (c) 2008 CodeSourcery
+ *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "translate.h"
+#include "translate-a32.h"
+
+#define ARM_CP_RW_BIT   (1 << 20)
+
+static inline void iwmmxt_load_reg(TCGv_i64 var, int reg)
+{
+tcg_gen_ld_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
+}
+
+static inline void iwmmxt_store_reg(TCGv_i64 var, int reg)
+{
+tcg_gen_st_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
+}
+
+static inline TCGv_i32 iwmmxt_load_creg(int reg)
+{
+TCGv_i32 var = tcg_temp_new_i32();
+tcg_gen_ld_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
+return var;
+}
+
+static inline void iwmmxt_store_creg(int reg, TCGv_i32 var)
+{
+tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
+}
+
+static inline void gen_op_iwmmxt_movq_wRn_M0(int rn)
+{
+iwmmxt_store_reg(cpu_M0, rn);
+}
+
+static inline void gen_op_iwmmxt_movq_M0_wRn(int rn)
+{
+iwmmxt_load_reg(cpu_M0, rn);
+}
+
+static inline void gen_op_iwmmxt_orq_M0_wRn(int rn)
+{
+iwmmxt_load_reg(cpu_V1, rn);
+tcg_gen_or_i64(cpu_M0, cpu_M0, cpu_V1);
+}
+
+static inline void gen_op_iwmmxt_andq_M0_wRn(int rn)
+{
+iwmmxt_load_reg(cpu_V1, rn);
+tcg_gen_and_i64(cpu_M0, cpu_M0, cpu_V1);
+}
+
+static inline void gen_op_iwmmxt_xorq_M0_wRn(int rn)
+{
+iwmmxt_load_reg(cpu_V1, rn);
+tcg_gen_xor_i64(cpu_M0, cpu_M0, cpu_V1);
+}
+
+#define IWMMXT_OP(name) \
+static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
+{ \
+iwmmxt_load_reg(cpu_V1, rn); \
+gen_helper_iwmmxt_##name(cpu_M0, cpu_M0, cpu_V1); \
+}
+
+#define IWMMXT_OP_ENV(name) \
+static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
+{ \
+iwmmxt_load_reg(cpu_V1, rn); \
+gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0, cpu_V1); \
+}
+
+#define IWMMXT_OP_ENV_SIZE(name) \
+IWMMXT_OP_ENV(name##b) \
+IWMMXT_OP_ENV(name##w) \
+IWMMXT_OP_ENV(name##l)
+
+#define IWMMXT_OP_ENV1(name) \
+static inline void gen_op_iwmmxt_##name##_M0(void) \
+{ \
+gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0); \
+}
+
+IWMMXT_OP(maddsq)
+IWMMXT_OP(madduq)
+IWMMXT_OP(sadb)
+IWMMXT_OP(sadw)
+IWMMXT_OP(mulslw)
+IWMMXT_OP(mulshw)
+IWMMXT_OP(mululw)
+IWMMXT_OP(muluhw)
+IWMMXT_OP(macsw)
+IWMMXT_OP(macuw)
+
+IWMMXT_OP_ENV_SIZE(unpackl)
+IWMMXT_OP_ENV_SIZE(unpackh)
+
+IWMMXT_OP_ENV1(unpacklub)
+IWMMXT_OP_ENV1(unpackluw)
+IWMMXT_OP_ENV1(unpacklul)
+IWMMXT_OP_ENV1(unpackhub)
+IWMMXT_OP_ENV1(unpackhuw)
+IWMMXT_OP_ENV1(unpackhul)
+IWMMXT_OP_ENV1(unpacklsb)
+IWMMXT_OP_ENV1(unpacklsw)
+IWMMXT_OP_ENV1(unpacklsl)
+IWMMXT_OP_ENV1(unpackhsb)
+IWMMXT_OP_ENV1(unpackhsw)
+IWMMXT_OP_ENV1(unpackhsl)
+
+IWMMXT_OP_ENV_SIZE(cmpeq)
+IWMMXT_OP_ENV_SIZE(cmpgtu)
+IWMMXT_OP_ENV_SIZE(cmpgts)
+
+IWMMXT_OP_ENV_SIZE(mins)
+IWMMXT_OP_ENV_SIZE(minu)
+IWMMXT_OP_ENV_SIZE(maxs)
+IWMMXT_OP_ENV_SIZE(maxu)
+
+IWMMXT_OP_ENV_SIZE(subn)
+IWMMXT_OP_ENV_SIZE(addn)
+IWMMXT_OP_ENV_SIZE(subu)
+IWMMXT_OP_ENV_SIZE(addu)
+IWMMXT_OP_ENV_SIZE(subs)
+IWMMXT_OP_ENV_SIZE(adds)
+
+IWMMXT_OP_ENV(avgb0)
+IWMMXT_OP_ENV(avgb1)
+IWMMXT_OP_ENV(avgw0)
+IWMMXT_OP_ENV(avgw1)
+
+IWMMXT_OP_ENV(packuw)
+IWMMXT_OP_ENV(packul)
+IWMMXT_OP_ENV(packuq)
+IWMMXT_OP_ENV(packsw)
+IWMMXT_OP_ENV(packsl)
+IWMMXT_OP_ENV(packsq)
+
+static void gen_op_iwmmxt_set_mup(void)
+{
+TCGv_i32 tmp;
+tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
+tcg_gen_ori_i32(tmp, tmp, 2);
+store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
+}
+
+static void gen_op_iwmmxt_set_cup(void)
+{
+TCGv_i32 tmp;
+tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
+tcg_gen_ori_i32(tmp, tmp, 1);
+store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
+}
+
+static void gen_op_iwmmxt_setpsr_nz(void)
+{
+TCGv_i32 tmp = tcg_temp_new_i32();
+gen_helper_iwmmxt_setpsr_nz(tmp, cpu_M0);
+store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCASF]);
+}
+
+static inline void gen_op_iwmmxt_addl_M0_wRn(int rn)
+{
+iwmmxt_load_reg(cpu_V1, rn);
+tcg_gen_ext32u_i64(cpu_V1, cpu_V1);
+tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
+}
+
+static inline int gen_iwmmxt_address(DisasContext *s, uint32_t insn,
+ TCGv_i32 dest)
+{
+int rd;
+uint32_t offset;
+

[PATCH v3 08/34] target/arm/tcg: Un-inline VFP translation helpers

[Philippe Mathieu-Daudé]

In order to restrict lookup_cp_reg() and set_rmode() helpers
to VFP translation, un-inline gen_lookup_cp_reg and gen_set /
gen_restore_rmode.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/tcg/translate.h | 22 +++---
 target/arm/tcg/translate-vfp.c | 21 +
 2 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/target/arm/tcg/translate.h b/target/arm/tcg/translate.h
index 3d7c55d3b6..d2a98b9f3a 100644
--- a/target/arm/tcg/translate.h
+++ b/target/arm/tcg/translate.h
@@ -680,29 +680,13 @@ static inline void set_disas_label(DisasContext *s, 
DisasLabel l)
 s->pc_save = l.pc_save;
 }
 
-static inline TCGv_ptr gen_lookup_cp_reg(uint32_t key)
-{
-TCGv_ptr ret = tcg_temp_new_ptr();
-gen_helper_lookup_cp_reg(ret, cpu_env, tcg_constant_i32(key));
-return ret;
-}
+TCGv_ptr gen_lookup_cp_reg(uint32_t key);
 
 /*
  * Set and reset rounding mode around another operation.
  */
-static inline TCGv_i32 gen_set_rmode(ARMFPRounding rmode, TCGv_ptr fpst)
-{
-TCGv_i32 new = tcg_constant_i32(arm_rmode_to_sf(rmode));
-TCGv_i32 old = tcg_temp_new_i32();
-
-gen_helper_set_rmode(old, new, fpst);
-return old;
-}
-
-static inline void gen_restore_rmode(TCGv_i32 old, TCGv_ptr fpst)
-{
-gen_helper_set_rmode(old, old, fpst);
-}
+TCGv_i32 gen_set_rmode(ARMFPRounding rmode, TCGv_ptr fpst);
+void gen_restore_rmode(TCGv_i32 old, TCGv_ptr fpst);
 
 /*
  * Helpers for implementing sets of trans_* functions.
diff --git a/target/arm/tcg/translate-vfp.c b/target/arm/tcg/translate-vfp.c
index 359b1e3e96..4bfd857141 100644
--- a/target/arm/tcg/translate-vfp.c
+++ b/target/arm/tcg/translate-vfp.c
@@ -28,6 +28,27 @@
 #include "decode-vfp.c.inc"
 #include "decode-vfp-uncond.c.inc"
 
+TCGv_ptr gen_lookup_cp_reg(uint32_t key)
+{
+TCGv_ptr ret = tcg_temp_new_ptr();
+gen_helper_lookup_cp_reg(ret, cpu_env, tcg_constant_i32(key));
+return ret;
+}
+
+TCGv_i32 gen_set_rmode(ARMFPRounding rmode, TCGv_ptr fpst)
+{
+TCGv_i32 new = tcg_constant_i32(arm_rmode_to_sf(rmode));
+TCGv_i32 old = tcg_temp_new_i32();
+
+gen_helper_set_rmode(old, new, fpst);
+return old;
+}
+
+void gen_restore_rmode(TCGv_i32 old, TCGv_ptr fpst)
+{
+gen_helper_set_rmode(old, old, fpst);
+}
+
 static inline void vfp_load_reg64(TCGv_i64 var, int reg)
 {
 tcg_gen_ld_i64(var, cpu_env, vfp_reg_offset(true, reg));
-- 
2.38.1

[PATCH v3 05/34] target/arm/tcg: Expose some iwmmxt methods in 'translate.h'

[Philippe Mathieu-Daudé]

Expose a few methods and variables before extracting iwmmxt
code from translate.c.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
---
 target/arm/tcg/translate.h | 6 ++
 target/arm/tcg/translate.c | 8 
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/target/arm/tcg/translate.h b/target/arm/tcg/translate.h
index d1cacff0b2..3d7c55d3b6 100644
--- a/target/arm/tcg/translate.h
+++ b/target/arm/tcg/translate.h
@@ -165,6 +165,7 @@ typedef struct DisasCompare {
 } DisasCompare;
 
 /* Share the TCG temporaries common between 32 and 64 bit modes.  */
+extern TCGv_i32 cpu_R[16];
 extern TCGv_i32 cpu_NF, cpu_ZF, cpu_CF, cpu_VF;
 extern TCGv_i64 cpu_exclusive_addr;
 extern TCGv_i64 cpu_exclusive_val;
@@ -298,6 +299,11 @@ static inline int curr_insn_len(DisasContext *s)
 /* CPU state was modified dynamically; no need to exit, but do not chain. */
 #define DISAS_UPDATE_NOCHAIN  DISAS_TARGET_10
 
+/* These are TCG temporaries used only by the legacy iwMMXt decoder */
+extern TCGv_i64 cpu_V0, cpu_V1, cpu_M0;
+int disas_iwmmxt_insn(DisasContext *s, uint32_t insn);
+int disas_dsp_insn(DisasContext *s, uint32_t insn);
+
 #ifdef TARGET_AARCH64
 void a64_translate_init(void);
 void gen_a64_update_pc(DisasContext *s, target_long diff);
diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
index 3238463f13..aaa479521e 100644
--- a/target/arm/tcg/translate.c
+++ b/target/arm/tcg/translate.c
@@ -45,9 +45,9 @@
 #define ENABLE_ARCH_8 arm_dc_feature(s, ARM_FEATURE_V8)
 
 /* These are TCG temporaries used only by the legacy iwMMXt decoder */
-static TCGv_i64 cpu_V0, cpu_V1, cpu_M0;
+TCGv_i64 cpu_V0, cpu_V1, cpu_M0;
 /* These are TCG globals which alias CPUARMState fields */
-static TCGv_i32 cpu_R[16];
+TCGv_i32 cpu_R[16];
 TCGv_i32 cpu_CF, cpu_NF, cpu_VF, cpu_ZF;
 TCGv_i64 cpu_exclusive_addr;
 TCGv_i64 cpu_exclusive_val;
@@ -1490,7 +1490,7 @@ static inline int gen_iwmmxt_shift(uint32_t insn, 
uint32_t mask, TCGv_i32 dest)
  * Disassemble an iwMMXt instruction.
  * Returns nonzero if an error occurred (ie. an undefined instruction).
  */
-static int disas_iwmmxt_insn(DisasContext *s, uint32_t insn)
+int disas_iwmmxt_insn(DisasContext *s, uint32_t insn)
 {
 int rd, wrd;
 int rdhi, rdlo, rd0, rd1, i;
@@ -2509,7 +2509,7 @@ static int disas_iwmmxt_insn(DisasContext *s, uint32_t 
insn)
  * Disassemble an XScale DSP instruction.
  * Returns nonzero if an error occurred (ie. an undefined instruction).
  */
-static int disas_dsp_insn(DisasContext *s, uint32_t insn)
+int disas_dsp_insn(DisasContext *s, uint32_t insn)
 {
 int acc, rd0, rd1, rdhi, rdlo;
 TCGv_i32 tmp, tmp2;
-- 
2.38.1

[PATCH v3 04/34] target/arm/tcg: Fix iwmmxt-related code style

[Philippe Mathieu-Daudé]

In order to be able to move the iwmmxt-related code,
fix its style to avoid:

  ERROR: braces {} are necessary for all arms of this statement
  ERROR: space prohibited before that '++' (ctx:WxB)

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
---
 target/arm/tcg/translate.c | 227 +++--
 1 file changed, 141 insertions(+), 86 deletions(-)

diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
index 13c88ba1b9..3238463f13 100644
--- a/target/arm/tcg/translate.c
+++ b/target/arm/tcg/translate.c
@@ -1441,10 +1441,11 @@ static inline int gen_iwmmxt_address(DisasContext *s, 
uint32_t insn,
 offset = (insn & 0xff) << ((insn >> 7) & 2);
 if (insn & (1 << 24)) {
 /* Pre indexed */
-if (insn & (1 << 23))
+if (insn & (1 << 23)) {
 tcg_gen_addi_i32(tmp, tmp, offset);
-else
+} else {
 tcg_gen_addi_i32(tmp, tmp, -offset);
+}
 tcg_gen_mov_i32(dest, tmp);
 if (insn & (1 << 21)) {
 store_reg(s, rd, tmp);
@@ -1452,13 +1453,15 @@ static inline int gen_iwmmxt_address(DisasContext *s, 
uint32_t insn,
 } else if (insn & (1 << 21)) {
 /* Post indexed */
 tcg_gen_mov_i32(dest, tmp);
-if (insn & (1 << 23))
+if (insn & (1 << 23)) {
 tcg_gen_addi_i32(tmp, tmp, offset);
-else
+} else {
 tcg_gen_addi_i32(tmp, tmp, -offset);
+}
 store_reg(s, rd, tmp);
-} else if (!(insn & (1 << 23)))
+} else if (!(insn & (1 << 23))) {
 return 1;
+}
 return 0;
 }
 
@@ -1483,8 +1486,10 @@ static inline int gen_iwmmxt_shift(uint32_t insn, 
uint32_t mask, TCGv_i32 dest)
 return 0;
 }
 
-/* Disassemble an iwMMXt instruction.  Returns nonzero if an error occurred
-   (ie. an undefined instruction).  */
+/*
+ * Disassemble an iwMMXt instruction.
+ * Returns nonzero if an error occurred (ie. an undefined instruction).
+ */
 static int disas_iwmmxt_insn(DisasContext *s, uint32_t insn)
 {
 int rd, wrd;
@@ -1570,8 +1575,9 @@ static int disas_iwmmxt_insn(DisasContext *s, uint32_t 
insn)
 return 0;
 }
 
-if ((insn & 0x0f00) != 0x0e00)
+if ((insn & 0x0f00) != 0x0e00) {
 return 1;
+}
 
 switch (((insn >> 12) & 0xf00) | ((insn >> 4) & 0xff)) {
 case 0x000: /* WOR */
@@ -1586,8 +1592,9 @@ static int disas_iwmmxt_insn(DisasContext *s, uint32_t 
insn)
 gen_op_iwmmxt_set_cup();
 break;
 case 0x011: /* TMCR */
-if (insn & 0xf)
+if (insn & 0xf) {
 return 1;
+}
 rd = (insn >> 12) & 0xf;
 wrd = (insn >> 16) & 0xf;
 switch (wrd) {
@@ -1627,8 +1634,9 @@ static int disas_iwmmxt_insn(DisasContext *s, uint32_t 
insn)
 gen_op_iwmmxt_set_cup();
 break;
 case 0x111: /* TMRC */
-if (insn & 0xf)
+if (insn & 0xf) {
 return 1;
+}
 rd = (insn >> 12) & 0xf;
 wrd = (insn >> 16) & 0xf;
 tmp = iwmmxt_load_creg(wrd);
@@ -1662,10 +1670,11 @@ static int disas_iwmmxt_insn(DisasContext *s, uint32_t 
insn)
 rd0 = (insn >> 0) & 0xf;
 rd1 = (insn >> 16) & 0xf;
 gen_op_iwmmxt_movq_M0_wRn(rd0);
-if (insn & (1 << 21))
+if (insn & (1 << 21)) {
 gen_op_iwmmxt_maddsq_M0_wRn(rd1);
-else
+} else {
 gen_op_iwmmxt_madduq_M0_wRn(rd1);
+}
 gen_op_iwmmxt_movq_wRn_M0(wrd);
 gen_op_iwmmxt_set_mup();
 break;
@@ -1718,12 +1727,14 @@ static int disas_iwmmxt_insn(DisasContext *s, uint32_t 
insn)
 rd0 = (insn >> 16) & 0xf;
 rd1 = (insn >> 0) & 0xf;
 gen_op_iwmmxt_movq_M0_wRn(rd0);
-if (insn & (1 << 22))
+if (insn & (1 << 22)) {
 gen_op_iwmmxt_sadw_M0_wRn(rd1);
-else
+} else {
 gen_op_iwmmxt_sadb_M0_wRn(rd1);
-if (!(insn & (1 << 20)))
+}
+if (!(insn & (1 << 20))) {
 gen_op_iwmmxt_addl_M0_wRn(wrd);
+}
 gen_op_iwmmxt_movq_wRn_M0(wrd);
 gen_op_iwmmxt_set_mup();
 break;
@@ -1733,15 +1744,17 @@ static int disas_iwmmxt_insn(DisasContext *s, uint32_t 
insn)
 rd1 = (insn >> 0) & 0xf;
 gen_op_iwmmxt_movq_M0_wRn(rd0);
 if (insn & (1 << 21)) {
-if (insn & (1 << 20))
+if (insn & (1 << 20)) {
 gen_op_iwmmxt_mulshw_M0_wRn(rd1);
-else
+} else {
 gen_op_iwmmxt_mulslw_M0_wRn(rd1);
+}
 } else {
-if (insn & (1 << 20))
+if (insn & (1 << 20)) {
 gen_op_iwmmxt_muluhw_M0_wRn(rd1);
-else
+} else {
 gen_op_iwmmxt_mululw_M0_wRn(rd1);
+   

[PATCH v3 02/34] target/arm/tcg: Rename helper template headers as '.h.inc'

[Philippe Mathieu-Daudé]

Since commit 139c1837db ("meson: rename included C source files
to .c.inc"), QEMU standard procedure for included C files is to
use *.c.inc.

Besides, since commit 6a0057aa22 ("docs/devel: make a statement
about includes") this is documented as the Coding Style:

  If you do use template header files they should be named with
  the ``.c.inc`` or ``.h.inc`` suffix to make it clear they are
  being included for expansion.

Therefore rename the included templates as '.h.inc'.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
---
 target/arm/helper.h   | 8 
 target/arm/tcg/{helper-a64.h => helper-a64.h.inc} | 0
 target/arm/tcg/{helper-mve.h => helper-mve.h.inc} | 0
 target/arm/tcg/{helper-sme.h => helper-sme.h.inc} | 0
 target/arm/tcg/{helper-sve.h => helper-sve.h.inc} | 0
 5 files changed, 4 insertions(+), 4 deletions(-)
 rename target/arm/tcg/{helper-a64.h => helper-a64.h.inc} (100%)
 rename target/arm/tcg/{helper-mve.h => helper-mve.h.inc} (100%)
 rename target/arm/tcg/{helper-sme.h => helper-sme.h.inc} (100%)
 rename target/arm/tcg/{helper-sve.h => helper-sve.h.inc} (100%)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 3335c2b10b..4218d98b51 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -1039,9 +1039,9 @@ DEF_HELPER_FLAGS_5(gvec_uclamp_d, TCG_CALL_NO_RWG,
void, ptr, ptr, ptr, ptr, i32)
 
 #ifdef TARGET_AARCH64
-#include "tcg/helper-a64.h"
-#include "tcg/helper-sve.h"
-#include "tcg/helper-sme.h"
+#include "tcg/helper-a64.h.inc"
+#include "tcg/helper-sve.h.inc"
+#include "tcg/helper-sme.h.inc"
 #endif
 
-#include "tcg/helper-mve.h"
+#include "tcg/helper-mve.h.inc"
diff --git a/target/arm/tcg/helper-a64.h b/target/arm/tcg/helper-a64.h.inc
similarity index 100%
rename from target/arm/tcg/helper-a64.h
rename to target/arm/tcg/helper-a64.h.inc
diff --git a/target/arm/tcg/helper-mve.h b/target/arm/tcg/helper-mve.h.inc
similarity index 100%
rename from target/arm/tcg/helper-mve.h
rename to target/arm/tcg/helper-mve.h.inc
diff --git a/target/arm/tcg/helper-sme.h b/target/arm/tcg/helper-sme.h.inc
similarity index 100%
rename from target/arm/tcg/helper-sme.h
rename to target/arm/tcg/helper-sme.h.inc
diff --git a/target/arm/tcg/helper-sve.h b/target/arm/tcg/helper-sve.h.inc
similarity index 100%
rename from target/arm/tcg/helper-sve.h
rename to target/arm/tcg/helper-sve.h.inc
-- 
2.38.1

[PATCH v3 03/34] target/arm/tcg: Extract iwMMXt helpers from the generic 'helper.h'

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
---
 target/arm/helper.h|  96 +--
 target/arm/tcg/helper-iwmmxt.h.inc | 103 +
 2 files changed, 104 insertions(+), 95 deletions(-)
 create mode 100644 target/arm/tcg/helper-iwmmxt.h.inc

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 4218d98b51..c4a321c0ea 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -445,101 +445,6 @@ DEF_HELPER_3(neon_acgt_f32, i32, i32, i32, ptr)
 DEF_HELPER_3(neon_acge_f64, i64, i64, i64, ptr)
 DEF_HELPER_3(neon_acgt_f64, i64, i64, i64, ptr)
 
-/* iwmmxt_helper.c */
-DEF_HELPER_2(iwmmxt_maddsq, i64, i64, i64)
-DEF_HELPER_2(iwmmxt_madduq, i64, i64, i64)
-DEF_HELPER_2(iwmmxt_sadb, i64, i64, i64)
-DEF_HELPER_2(iwmmxt_sadw, i64, i64, i64)
-DEF_HELPER_2(iwmmxt_mulslw, i64, i64, i64)
-DEF_HELPER_2(iwmmxt_mulshw, i64, i64, i64)
-DEF_HELPER_2(iwmmxt_mululw, i64, i64, i64)
-DEF_HELPER_2(iwmmxt_muluhw, i64, i64, i64)
-DEF_HELPER_2(iwmmxt_macsw, i64, i64, i64)
-DEF_HELPER_2(iwmmxt_macuw, i64, i64, i64)
-DEF_HELPER_1(iwmmxt_setpsr_nz, i32, i64)
-
-#define DEF_IWMMXT_HELPER_SIZE_ENV(name) \
-DEF_HELPER_3(iwmmxt_##name##b, i64, env, i64, i64) \
-DEF_HELPER_3(iwmmxt_##name##w, i64, env, i64, i64) \
-DEF_HELPER_3(iwmmxt_##name##l, i64, env, i64, i64) \
-
-DEF_IWMMXT_HELPER_SIZE_ENV(unpackl)
-DEF_IWMMXT_HELPER_SIZE_ENV(unpackh)
-
-DEF_HELPER_2(iwmmxt_unpacklub, i64, env, i64)
-DEF_HELPER_2(iwmmxt_unpackluw, i64, env, i64)
-DEF_HELPER_2(iwmmxt_unpacklul, i64, env, i64)
-DEF_HELPER_2(iwmmxt_unpackhub, i64, env, i64)
-DEF_HELPER_2(iwmmxt_unpackhuw, i64, env, i64)
-DEF_HELPER_2(iwmmxt_unpackhul, i64, env, i64)
-DEF_HELPER_2(iwmmxt_unpacklsb, i64, env, i64)
-DEF_HELPER_2(iwmmxt_unpacklsw, i64, env, i64)
-DEF_HELPER_2(iwmmxt_unpacklsl, i64, env, i64)
-DEF_HELPER_2(iwmmxt_unpackhsb, i64, env, i64)
-DEF_HELPER_2(iwmmxt_unpackhsw, i64, env, i64)
-DEF_HELPER_2(iwmmxt_unpackhsl, i64, env, i64)
-
-DEF_IWMMXT_HELPER_SIZE_ENV(cmpeq)
-DEF_IWMMXT_HELPER_SIZE_ENV(cmpgtu)
-DEF_IWMMXT_HELPER_SIZE_ENV(cmpgts)
-
-DEF_IWMMXT_HELPER_SIZE_ENV(mins)
-DEF_IWMMXT_HELPER_SIZE_ENV(minu)
-DEF_IWMMXT_HELPER_SIZE_ENV(maxs)
-DEF_IWMMXT_HELPER_SIZE_ENV(maxu)
-
-DEF_IWMMXT_HELPER_SIZE_ENV(subn)
-DEF_IWMMXT_HELPER_SIZE_ENV(addn)
-DEF_IWMMXT_HELPER_SIZE_ENV(subu)
-DEF_IWMMXT_HELPER_SIZE_ENV(addu)
-DEF_IWMMXT_HELPER_SIZE_ENV(subs)
-DEF_IWMMXT_HELPER_SIZE_ENV(adds)
-
-DEF_HELPER_3(iwmmxt_avgb0, i64, env, i64, i64)
-DEF_HELPER_3(iwmmxt_avgb1, i64, env, i64, i64)
-DEF_HELPER_3(iwmmxt_avgw0, i64, env, i64, i64)
-DEF_HELPER_3(iwmmxt_avgw1, i64, env, i64, i64)
-
-DEF_HELPER_3(iwmmxt_align, i64, i64, i64, i32)
-DEF_HELPER_4(iwmmxt_insr, i64, i64, i32, i32, i32)
-
-DEF_HELPER_1(iwmmxt_bcstb, i64, i32)
-DEF_HELPER_1(iwmmxt_bcstw, i64, i32)
-DEF_HELPER_1(iwmmxt_bcstl, i64, i32)
-
-DEF_HELPER_1(iwmmxt_addcb, i64, i64)
-DEF_HELPER_1(iwmmxt_addcw, i64, i64)
-DEF_HELPER_1(iwmmxt_addcl, i64, i64)
-
-DEF_HELPER_1(iwmmxt_msbb, i32, i64)
-DEF_HELPER_1(iwmmxt_msbw, i32, i64)
-DEF_HELPER_1(iwmmxt_msbl, i32, i64)
-
-DEF_HELPER_3(iwmmxt_srlw, i64, env, i64, i32)
-DEF_HELPER_3(iwmmxt_srll, i64, env, i64, i32)
-DEF_HELPER_3(iwmmxt_srlq, i64, env, i64, i32)
-DEF_HELPER_3(iwmmxt_sllw, i64, env, i64, i32)
-DEF_HELPER_3(iwmmxt_slll, i64, env, i64, i32)
-DEF_HELPER_3(iwmmxt_sllq, i64, env, i64, i32)
-DEF_HELPER_3(iwmmxt_sraw, i64, env, i64, i32)
-DEF_HELPER_3(iwmmxt_sral, i64, env, i64, i32)
-DEF_HELPER_3(iwmmxt_sraq, i64, env, i64, i32)
-DEF_HELPER_3(iwmmxt_rorw, i64, env, i64, i32)
-DEF_HELPER_3(iwmmxt_rorl, i64, env, i64, i32)
-DEF_HELPER_3(iwmmxt_rorq, i64, env, i64, i32)
-DEF_HELPER_3(iwmmxt_shufh, i64, env, i64, i32)
-
-DEF_HELPER_3(iwmmxt_packuw, i64, env, i64, i64)
-DEF_HELPER_3(iwmmxt_packul, i64, env, i64, i64)
-DEF_HELPER_3(iwmmxt_packuq, i64, env, i64, i64)
-DEF_HELPER_3(iwmmxt_packsw, i64, env, i64, i64)
-DEF_HELPER_3(iwmmxt_packsl, i64, env, i64, i64)
-DEF_HELPER_3(iwmmxt_packsq, i64, env, i64, i64)
-
-DEF_HELPER_3(iwmmxt_muladdsl, i64, i64, i32, i32)
-DEF_HELPER_3(iwmmxt_muladdsw, i64, i64, i32, i32)
-DEF_HELPER_3(iwmmxt_muladdswl, i64, i64, i32, i32)
-
 DEF_HELPER_FLAGS_2(neon_unzip8, TCG_CALL_NO_RWG, void, ptr, ptr)
 DEF_HELPER_FLAGS_2(neon_unzip16, TCG_CALL_NO_RWG, void, ptr, ptr)
 DEF_HELPER_FLAGS_2(neon_qunzip8, TCG_CALL_NO_RWG, void, ptr, ptr)
@@ -1044,4 +949,5 @@ DEF_HELPER_FLAGS_5(gvec_uclamp_d, TCG_CALL_NO_RWG,
 #include "tcg/helper-sme.h.inc"
 #endif
 
+#include "tcg/helper-iwmmxt.h.inc"
 #include "tcg/helper-mve.h.inc"
diff --git a/target/arm/tcg/helper-iwmmxt.h.inc 
b/target/arm/tcg/helper-iwmmxt.h.inc
new file mode 100644
index 00..955ab2365b
--- /dev/null
+++ b/target/arm/tcg/helper-iwmmxt.h.inc
@@ -0,0 +1,103 @@
+/*
+ * XScale iwMMXt specific helper definitions
+ *
+ * Copyright (c) 2007 OpenedHand, Ltd.
+ * Written by Andrzej Zaborowski 
+ * Copyright (c) 2008 CodeSourcery
+ *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ */
+
+DEF_HELPER_2(iwmmxt_maddsq, 

[PATCH v3 01/34] target/arm/tcg: Remove CONFIG_TCG #ifdef'ry check

[Philippe Mathieu-Daudé]

CONFIG_TCG is always defined within target/arm/tcg/.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
---
 target/arm/tcg/cpu32.c| 4 +---
 target/arm/tcg/m_helper.c | 6 --
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/target/arm/tcg/cpu32.c b/target/arm/tcg/cpu32.c
index 47d2e8e781..0672519b89 100644
--- a/target/arm/tcg/cpu32.c
+++ b/target/arm/tcg/cpu32.c
@@ -13,11 +13,9 @@
 #include "hw/core/tcg-cpu-ops.h"
 #include "internals.h"
 #include "target/arm/idau.h"
+#include "cpregs.h"
 #if !defined(CONFIG_USER_ONLY)
 #include "hw/boards.h"
-#endif
-#include "cpregs.h"
-#if !defined(CONFIG_USER_ONLY) && defined(CONFIG_TCG)
 #include "hw/intc/armv7m_nvic.h"
 #endif
 
diff --git a/target/arm/tcg/m_helper.c b/target/arm/tcg/m_helper.c
index 9cef70e5c9..0891acc29c 100644
--- a/target/arm/tcg/m_helper.c
+++ b/target/arm/tcg/m_helper.c
@@ -15,10 +15,8 @@
 #include "qemu/bitops.h"
 #include "qemu/log.h"
 #include "exec/exec-all.h"
-#ifdef CONFIG_TCG
 #include "exec/cpu_ldst.h"
 #include "semihosting/common-semi.h"
-#endif
 #if !defined(CONFIG_USER_ONLY)
 #include "hw/intc/armv7m_nvic.h"
 #endif
@@ -2345,11 +2343,7 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
 qemu_log_mask(CPU_LOG_INT,
   "...handling as semihosting call 0x%x\n",
   env->regs[0]);
-#ifdef CONFIG_TCG
 do_common_semihosting(cs);
-#else
-g_assert_not_reached();
-#endif
 env->regs[15] += env->thumb ? 2 : 4;
 return;
 case EXCP_BKPT:
-- 
2.38.1

[PATCH v3 00/34] target/arm/tcg: Remove inclusions of 'exec/helper-[proto/gen].h'

[Philippe Mathieu-Daudé]

Since v2:
- Addressed rth's review comments (unnecessary helper-gen)
- Added R-b
- Extracted crypto, pauth, mte, gvec

Possible follow-up:
- merge gvec/vfp
- rename neon -> advsimd
- rename historical op_helper -> misc_helper

Since v1:
- Addressed rth's review comments (unnecessary helper-gen)
- Added R-b
- Extract M-profile helpers
- Fixed licence in new files

Hi,

This series tries to do what Richard suggested in [*]:

  Targets that have a tcg/ subdir should have helper.h.inc
  moved into there.  At the end, include/exec/helper-gen.h
  and include/exec/helper-proto.h become unused and go away.

but only for the ARM target, to first see if this is heading
in the correct direction.

Instead of having TCG generated helpers included by all
translate/helper units, they are reduced to the few places
really needing them. I expect the build step to be slighly
improved, since the compiler doesn't have to compile and
track unused helpers definitions.

[*] 
https://lore.kernel.org/qemu-devel/cad000d7-f408-9337-9328-ccb262c5f...@linaro.org/

Philippe Mathieu-Daudé (34):
  target/arm/tcg: Remove CONFIG_TCG #ifdef'ry check
  target/arm/tcg: Rename helper template headers as '.h.inc'
  target/arm/tcg: Extract iwMMXt helpers from the generic 'helper.h'
  target/arm/tcg: Fix iwmmxt-related code style
  target/arm/tcg: Expose some iwmmxt methods in 'translate.h'
  target/arm/tcg: Extract iwmmxt code to translate-iwmmxt.c
  target/arm/tcg: Reduce 'helper-iwmmxt.h.inc' inclusion
  target/arm/tcg: Un-inline VFP translation helpers
  target/arm/tcg: Move VFP helpers from helper-a64.c to vfp_helper.c
  target/arm/tcg: Extract VFP definitions to 'helper-vfp.h.inc'
  target/arm/tcg: Reduce 'helper-vfp.h.inc' inclusion
  target/arm/tcg: Move NEON helpers to neon_helper.c
  target/arm/tcg: Extract NEON definitions to 'helper-neon.h.inc'
  target/arm/tcg: Reduce 'helper-neon.h.inc' inclusion
  target/arm/tcg: Export some generic vector helpers
  target/arm/tcg: Extract generic vector helpers to translate-gvec.c
  target/arm/tcg: Extract gvec definitions to 'helper-gvec.h.inc'
  target/arm/tcg: Reduce 'helper-gvec.h.inc' inclusion
  target/arm/tcg: Extract SVE2 definitions to 'helper-sve.h.inc'
  target/arm/tcg: Reduce 'helper-sve.h.inc' inclusion
  target/arm/tcg: Extract crypto definitions to 'helper-crypto.h.inc'
  target/arm/tcg: Reduce 'helper-crypto.h.inc' inclusion
  target/arm/tcg: Reduce 'helper-mve.h.inc' inclusion
  target/arm/tcg: Reduce 'helper-sme.h.inc' inclusion
  target/arm/tcg: Extract PAuth definitions to 'helper-pauth.h.inc'
  target/arm/tcg: Extract MemTag definitions to 'helper-mte.h.inc'
  target/arm/tcg: Reduce 'helper-a64.h.inc' inclusion
  target/arm/tcg: Move v8m_stackcheck() from op_helper.c to m_helper.c
  target/arm/tcg: Extract M-profile definitions to 'helper-m.h.inc'
  target/arm/tcg: Reduce 'helper-m.h.inc' inclusion
  target/arm/tcg: Inline 'exec/helper-gen.h'
  target/arm/tcg: Inline 'exec/helper-proto.h'
  target/arm/tcg: Rename 'helper.h' -> 'tcg/helper.h.inc'
  tests/tcg/aarch64: Rename bti-crt.inc.c -> bti-crt.c.inc

 target/arm/helper.h   | 1047 --
 target/arm/tcg/translate.h|   37 +-
 .../tcg/{helper-a64.h => helper-a64.h.inc}|   43 -
 target/arm/tcg/helper-crypto.h.inc|   42 +
 target/arm/tcg/helper-gvec.h.inc  |  378 +++
 target/arm/tcg/helper-iwmmxt.h.inc|  103 +
 target/arm/tcg/helper-m.h.inc |   23 +
 target/arm/tcg/helper-mte.h.inc   |   23 +
 .../tcg/{helper-mve.h => helper-mve.h.inc}|0
 target/arm/tcg/helper-neon.h.inc  |  224 ++
 target/arm/tcg/helper-pauth.h.inc |   19 +
 .../tcg/{helper-sme.h => helper-sme.h.inc}|0
 .../tcg/{helper-sve.h => helper-sve.h.inc}|   46 +
 target/arm/tcg/helper-vfp.h.inc   |  189 ++
 target/arm/tcg/helper.h.inc   |   97 +
 target/arm/debug_helper.c |6 +-
 target/arm/helper.c   |6 +-
 target/arm/tcg/cpu32.c|4 +-
 target/arm/tcg/crypto_helper.c|7 +-
 target/arm/tcg/helper-a64.c   |  176 +-
 target/arm/tcg/hflags.c   |5 +-
 target/arm/tcg/iwmmxt_helper.c|5 +-
 target/arm/tcg/m_helper.c |   31 +-
 target/arm/tcg/mte_helper.c   |4 +-
 target/arm/tcg/mve_helper.c   |9 +-
 target/arm/tcg/neon_helper.c  |  111 +-
 target/arm/tcg/op_helper.c|   43 +-
 target/arm/tcg/pauth_helper.c |4 +-
 target/arm/tcg/psci.c |5 +-
 target/arm/tcg/sme_helper.c   |5 +-
 target/arm/tcg/sve_helper.c   |   12 +-
 target/arm/tcg/tlb_helper.c   |4 +-
 target/arm/tcg/translate-a64.c|   38 +
 target/arm/tcg/translate-gvec.c   

Re: [PATCH v2 05/38] crypto/aes: Add constants for ShiftRows, InvShiftRows

[Daniel P . Berrangé]

On Thu, Jun 08, 2023 at 07:23:28PM -0700, Richard Henderson wrote:
> These symbols will avoid the indirection through memory
> when fully unrolling some new primitives.
> 
> Reviewed-by: Philippe Mathieu-Daudé 
> Signed-off-by: Richard Henderson 
> ---
>  crypto/aes.c | 50 --
>  1 file changed, 48 insertions(+), 2 deletions(-)

Acked-by: Daniel P. Berrangé 


With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH for-8.1] target/sparc: Use tcg_gen_lookup_and_goto_ptr

[Richard Henderson]

On 5/11/23 13:02, Richard Henderson wrote:

On 5/11/23 09:40, Mark Cave-Ayland wrote:
Obviously nothing notionally against this patch, however if you could give me a few days 
to run my OpenBIOS SPARC32/SPARC64 boot tests against git master with this patch applied 
to double-check there are no regressions, that would be great.


No problem.  I just didn't want it to get lost.


Ping for results?


r~

Re: [PATCH] tests/plugin: Remove duplicate insn log from libinsn.so

[Richard Henderson]

On 6/12/23 04:50, Richard Henderson wrote:

On 6/11/23 02:14, Alex Bennée wrote:


Richard Henderson  writes:


This is a perfectly natural occurrence for x86 "rep movb",
where the "rep" prefix forms a counted loop of the one insn.

During the tests/tcg/multiarch/memory test, this logging is
triggered over 35 times.  Within the context of cross-i386-tci
build, which is already slow by nature, the logging is sufficient
to push the test into timeout.


How does this get triggered because I added these:

# non-inline runs will trigger the duplicate instruction heuristics in 
libinsn.so
run-plugin-%-with-libinsn.so:
$(call run-test, $@, \
  $(QEMU) -monitor none -display none \
  -chardev file$(COMMA)path=$@.out$(COMMA)id=output \
   -plugin ../../plugin/libinsn.so$(COMMA)inline=on \
  -d plugin -D $*-with-libinsn.so.pout \
  $(QEMU_OPTS) $*)

to prevent the callback versions from being called for x86. The original
intent of the check was to detect failures due to cpu_io_recompile, see
e025d799af (tests/plugin: expand insn test to detect duplicate instructions)


I have no idea how, but it's happening.



Signed-off-by: Richard Henderson 
---
Irritatingly, it doesn't timeout locally, so I used staging to double-check:

Fail: https://gitlab.com/qemu-project/qemu/-/jobs/4450754282#L5062
Pass: https://gitlab.com/qemu-project/qemu/-/jobs/4450927108


Note that in the pass case, we don't even log that the test ran.


Any further thoughts on this?  Otherwise I'll merge it to get rid of the cross-i386-tci 
failure...



r~

Re: [PATCH v4 1/1] hw/arm/sbsa-ref: use XHCI to replace EHCI

[Chen Baozi]

> On Jun 19, 2023, at 18:28, Peter Maydell  wrote:
> 
> On Wed, 7 Jun 2023 at 08:25, Chen Baozi  wrote:
>> 
>> 
>>> On Jun 7, 2023, at 10:33, Yuquan Wang  wrote:
>>> 
>>> The current sbsa-ref cannot use EHCI controller which is only
>>> able to do 32-bit DMA, since sbsa-ref doesn't have RAM below 4GB.
>>> Hence, this uses system bus XHCI to provide a usb controller with
>>> 64-bit DMA capablity instead of EHCI.
>>> 
>>> Signed-off-by: Yuquan Wang 
>> 
>> Signed-off-by: Chen Baozi > >
> 
> Hi; why have you added yourself as a Signed-off-by: here?
> Did you do the work jointly with Yuquan? Or did you intend
> to provide some other tag (like a reviewed-by or a tested-by?)

Oh yes, we are. And I asked him to send this patch upstream after we have 
worked it
out internally first.

Cheers,

Baozi.

Re: [RFC 2/4] qcow2: add configurations for zoned format extension

[Sam Li]

Stefan Hajnoczi  于2023年6月19日周一 22:42写道：
>
> On Mon, Jun 19, 2023 at 06:32:52PM +0800, Sam Li wrote:
> > Stefan Hajnoczi  于2023年6月19日周一 18:10写道：
> > > On Mon, Jun 05, 2023 at 06:41:06PM +0800, Sam Li wrote:
> > > > diff --git a/block/qcow2.h b/block/qcow2.h
> > > > index 4f67eb912a..fe18dc4d97 100644
> > > > --- a/block/qcow2.h
> > > > +++ b/block/qcow2.h
> > > > @@ -235,6 +235,20 @@ typedef struct Qcow2CryptoHeaderExtension {
> > > >  uint64_t length;
> > > >  } QEMU_PACKED Qcow2CryptoHeaderExtension;
> > > >
> > > > +typedef struct Qcow2ZonedHeaderExtension {
> > > > +/* Zoned device attributes */
> > > > +BlockZonedProfile zoned_profile;
> > > > +BlockZoneModel zoned;
> > > > +uint32_t zone_size;
> > > > +uint32_t zone_capacity;
> > > > +uint32_t nr_zones;
> > > > +uint32_t zone_nr_conv;
> > > > +uint32_t max_active_zones;
> > > > +uint32_t max_open_zones;
> > > > +uint32_t max_append_sectors;
> > > > +uint8_t padding[3];
> > >
> > > This looks strange. Why is there 3 bytes of padding at the end? Normally
> > > padding would align to an even power-of-two number of bytes like 2, 4,
> > > 8, etc.
> >
> > It is calculated as 3 if sizeof(zoned+zoned_profile) = 8. Else if it's
> > 16, the padding is 2.
>
> I don't understand. Can you explain why there is padding at the end of
> this struct?

The overall size should be aligned with 64 bit, which leaves use one
uint32_t and two fields zoned, zoned_profile. I am not sure the size
of macros here and it used 4 for each. So it makes 3 (*8) + 32 + 8 =
64 in the end. If the macro size is wrong, then the padding will
change as well.

Sam

Re: [PATCH v2] hw: Fix format for comments

[Peter Xu]

On Mon, Jun 19, 2023 at 08:34:04AM -0400, Shaoqin Huang wrote:
> Simply fix the #vcpus_count to @vcpus_count in CPUArchId comments. Whlie
> at it, reorder the parameters in comments to match the sequence of
> parameters which defined in the CPUArchId.
> 
> Reviewed-by: Igor Mammedov 
> Signed-off-by: Shaoqin Huang 

Reviewed-by: Peter Xu 

-- 
Peter Xu

Re: [PATCH v2 3/3] hw/ufs: Support for UFS logical unit

[Stefan Hajnoczi]

On Mon, Jun 19, 2023 at 08:16:27PM +0900, Jeuk Kim wrote:
> On Fri, Jun 19, 2023, Stefan Hajnoczi wrote:
> >On Fri, Jun 16, 2023 at 03:58:27PM +0900, Jeuk Kim wrote:
> >> This commit adds support for ufs logical unit.
> >> The LU handles processing for the SCSI command,
> >> unit descriptor query request.
> >> 
> >> This commit enables the UFS device to process
> >> IO requests.
> >
> >Is UFS a SCSI Host Bus Adapter capable of exposing any SCSI device? The
> >code is written as if UFS was a special-purpose SCSI bus that cannot
> >handle regular SCSI devices already emulated by QEMU (like scsi-hd). As
> >a result, it duplicates a lot of SCSI device code instead of just
> >focussing on unwrapping/wrapping the SCSI commands and responses from
> >the UFS interface.
> >
> >Would it be possible to have:
> >
> >  --device ufs,id=
> >  --device scsi-hd,bus=
> >
> >?
> >
> >I think that would involve less code and be more flexible.
> >
> 
> Unfortunately, UFS is not a generic SCSI Host Bus Adapter.
> UFS uses the SCSI specification to communicate with the driver,
> but its behaviour is very different from that of a typical SCSI device.
> (So it's intentional that UFS looks like a special-purpose SCSI bus.)
> 
> For example, UFS has the well-known lu.
> Unlike typical SCSI devices, where each lu is independent,
> UFS can control other lu's through the well-known lu.
> 
> Therefore, UFS can only work properly with ufs-lu, and not with
> other scsi devices such as scsi-hd. :'(
> 
> That's why I made the UFS bus and added the ufs_bus_check_address()
> to prevent normal scsi devices and UFS from connecting to each other.
> 
> Also, in the future, I will add more ufs-specific features
> like hibernation and zoned, which are different from normal SCSI devices.
> 
> So personally, I think we should define ufs-lu separately as we do now.
> Is that okay?

Yes, I think that makes sense. Thanks for explaining.

Paolo Bonzini is the QEMU SCSI emulation maintainer. He might have more
thoughts about this. I have CCed him, but I think you can continue with
the current approach unless Paolo decides to get involved in this patch
series.

Stefan


signature.asc
Description: PGP signature

Re: [PATCH v2 02/38] util: Add cpuinfo-ppc.c

[Richard Henderson]

On 6/19/23 12:37, Philippe Mathieu-Daudé wrote:

On 9/6/23 04:23, Richard Henderson wrote:

Move the code from tcg/.  Fix a bug in that PPC_FEATURE2_ARCH_3_10
is actually spelled PPC_FEATURE2_ARCH_3_1.


This is rather confusing.


Signed-off-by: Richard Henderson 
---
  host/include/ppc/host/cpuinfo.h   | 29 
  host/include/ppc64/host/cpuinfo.h |  1 +
  tcg/ppc/tcg-target.h  | 16 -
  util/cpuinfo-ppc.c    | 57 +++
  tcg/ppc/tcg-target.c.inc  | 44 +---
  util/meson.build  |  2 ++
  6 files changed, 98 insertions(+), 51 deletions(-)
  create mode 100644 host/include/ppc/host/cpuinfo.h
  create mode 100644 host/include/ppc64/host/cpuinfo.h
  create mode 100644 util/cpuinfo-ppc.c

diff --git a/host/include/ppc/host/cpuinfo.h b/host/include/ppc/host/cpuinfo.h
new file mode 100644
index 00..7ec252ef52
--- /dev/null
+++ b/host/include/ppc/host/cpuinfo.h
@@ -0,0 +1,29 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Host specific cpu indentification for ppc.
+ */
+
+#ifndef HOST_CPUINFO_H
+#define HOST_CPUINFO_H
+
+/* Digested version of  */
+
+#define CPUINFO_ALWAYS  (1u << 0)  /* so cpuinfo is nonzero */
+#define CPUINFO_V2_06   (1u << 1)
+#define CPUINFO_V2_07   (1u << 2)
+#define CPUINFO_V3_00   (1u << 3)
+#define CPUINFO_V3_10   (1u << 4)


Could we define as CPUINFO_V3_1 ...


+#define CPUINFO_ISEL    (1u << 5)
+#define CPUINFO_ALTIVEC (1u << 6)
+#define CPUINFO_VSX (1u << 7)




-#define have_isa_2_06  (have_isa >= tcg_isa_2_06)
-#define have_isa_2_07  (have_isa >= tcg_isa_2_07)
-#define have_isa_3_00  (have_isa >= tcg_isa_3_00)
-#define have_isa_3_10  (have_isa >= tcg_isa_3_10)
+#define have_isa_2_06  (cpuinfo & CPUINFO_V2_06)
+#define have_isa_2_07  (cpuinfo & CPUINFO_V2_07)
+#define have_isa_3_00  (cpuinfo & CPUINFO_V3_00)
+#define have_isa_3_10  (cpuinfo & CPUINFO_V3_10)


... and have_isa_3_1 instead?


I suppose we could, but they all line up this way.  :-)

r~



Otherwise,

Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v3 0/5] tcg: Issue memory barriers for guest memory model

[Richard Henderson]

On 6/19/23 16:23, Richard Henderson wrote:

v1: 
https://lore.kernel.org/qemu-devel/20210316220735.2048137-1-richard.hender...@linaro.org/
v2: 
https://lore.kernel.org/qemu-devel/20230306015710.1868853-1-richard.hender...@linaro.org/

Changes for v3:
   * Update for tcg-built-once.
   * Require TCG_GUEST_DEFAULT_MO if TARGET_SUPPORTS_MTTCG.


I just noticed that patches 2,3,5 were reviewed (thanks phil)
and I failed to copy the r-b.  I have now done so.


r~


Richard Henderson (5):
   target/microblaze: Define TCG_GUEST_DEFAULT_MO
   tcg: Do not elide memory barriers for !CF_PARALLEL in system mode
   tcg: Elide memory barriers implied by the host memory model
   tcg: Add host memory barriers to cpu_ldst.h interfaces
   accel/tcg: Remove check_tcg_memory_orders_compatible

  accel/tcg/internal.h| 34 ++
  target/microblaze/cpu.h |  3 +++
  accel/tcg/cputlb.c  | 10 ++
  accel/tcg/tcg-all.c | 39 ++-
  accel/tcg/user-exec.c   | 10 ++
  tcg/tcg-op.c| 20 ++--
  6 files changed, 85 insertions(+), 31 deletions(-)

Re: [RFC 2/4] qcow2: add configurations for zoned format extension

[Stefan Hajnoczi]

On Mon, Jun 19, 2023 at 06:32:52PM +0800, Sam Li wrote:
> Stefan Hajnoczi  于2023年6月19日周一 18:10写道：
> > On Mon, Jun 05, 2023 at 06:41:06PM +0800, Sam Li wrote:
> > > diff --git a/block/qcow2.h b/block/qcow2.h
> > > index 4f67eb912a..fe18dc4d97 100644
> > > --- a/block/qcow2.h
> > > +++ b/block/qcow2.h
> > > @@ -235,6 +235,20 @@ typedef struct Qcow2CryptoHeaderExtension {
> > >  uint64_t length;
> > >  } QEMU_PACKED Qcow2CryptoHeaderExtension;
> > >
> > > +typedef struct Qcow2ZonedHeaderExtension {
> > > +/* Zoned device attributes */
> > > +BlockZonedProfile zoned_profile;
> > > +BlockZoneModel zoned;
> > > +uint32_t zone_size;
> > > +uint32_t zone_capacity;
> > > +uint32_t nr_zones;
> > > +uint32_t zone_nr_conv;
> > > +uint32_t max_active_zones;
> > > +uint32_t max_open_zones;
> > > +uint32_t max_append_sectors;
> > > +uint8_t padding[3];
> >
> > This looks strange. Why is there 3 bytes of padding at the end? Normally
> > padding would align to an even power-of-two number of bytes like 2, 4,
> > 8, etc.
> 
> It is calculated as 3 if sizeof(zoned+zoned_profile) = 8. Else if it's
> 16, the padding is 2.

I don't understand. Can you explain why there is padding at the end of
this struct?


signature.asc
Description: PGP signature

Re: [RFC 4/4] iotests: test the zoned format feature for qcow2 file

[Stefan Hajnoczi]

On Mon, Jun 05, 2023 at 06:41:08PM +0800, Sam Li wrote:
> The zoned format feature can be tested by:
> $ tests/qemu-iotests/check zoned-qcow2
> 
> Signed-off-by: Sam Li 
> ---
>  tests/qemu-iotests/tests/zoned-qcow2 | 110 +++
>  tests/qemu-iotests/tests/zoned-qcow2.out |  87 ++
>  2 files changed, 197 insertions(+)
>  create mode 100755 tests/qemu-iotests/tests/zoned-qcow2
>  create mode 100644 tests/qemu-iotests/tests/zoned-qcow2.out
> 
> diff --git a/tests/qemu-iotests/tests/zoned-qcow2 
> b/tests/qemu-iotests/tests/zoned-qcow2
> new file mode 100755
> index 00..6aa5ab3a03
> --- /dev/null
> +++ b/tests/qemu-iotests/tests/zoned-qcow2
> @@ -0,0 +1,110 @@
> +#!/usr/bin/env bash
> +#
> +# Test zone management operations for qcow2 file.
> +#
> +
> +seq="$(basename $0)"
> +echo "QA output created by $seq"
> +status=1 # failure is the default!
> +
> +file_name="zbc.qcow2"

Please use $TEST_IMG_FILE instead of defining your own variable here.
(TEST_IMG_FILE is already defined in common.rc.)

> +_cleanup()
> +{
> +  _cleanup_test_img
> +  _rm_test_img "$file_name"
> +}
> +trap "_cleanup; exit \$status" 0 1 2 3 15
> +
> +# get standard environment, filters and checks
> +. ../common.rc
> +. ../common.filter
> +. ../common.qemu
> +
> +# This test only runs on Linux hosts with qcow2 image files.

Then you need to add:
_supported_fmt qcow2

> +_supported_proto file
> +_supported_os Linux

Is this test really Linux-specific?

> +
> +echo
> +echo "=== Initial image setup ==="
> +echo
> +
> +$QEMU_IMG create -f qcow2 $file_name -o size=768M -o zone_size=64M \
> +-o zone_capacity=64M -o zone_nr_conv=0 -o max_append_sectors=512 \
> +-o max_open_zones=0 -o max_active_zones=0 -o zoned_profile=zbc
> +
> +IMG="--image-opts -n driver=qcow2,file.driver=file,file.filename=$file_name"
> +QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT
> +
> +echo
> +echo "=== Testing a qcow2 img with zoned format ==="
> +echo
> +echo "case 1: if the operations work"
> +
> +echo "(1) report the first zone:"
> +$QEMU_IO $IMG -c "zrp 0 1"
> +echo
> +echo "report the first 10 zones"
> +$QEMU_IO $IMG -c "zrp 0 10"
> +echo
> +echo "report the last zone:"
> +$QEMU_IO $IMG -c "zrp 0x2C00 2" # 0x2C00 / 512 = 0x16
> +echo
> +echo
> +echo "(2) opening the first zone"
> +$QEMU_IO $IMG -c "zo 0 0x400" # 0x400 / 512 = 0x2
> +echo "report after:"
> +$QEMU_IO $IMG -c "zrp 0 1"
> +echo
> +echo "opening the second zone"
> +$QEMU_IO $IMG -c "zo 0x400 0x400"
> +echo "report after:"
> +$QEMU_IO $IMG -c "zrp 0x400 1"
> +echo
> +echo "opening the last zone"
> +$QEMU_IO $IMG -c "zo 0x2C00 0x400"
> +echo "report after:"
> +$QEMU_IO $IMG -c "zrp 0x2C00 2"
> +echo
> +echo
> +echo "(3) closing the first zone"
> +$QEMU_IO $IMG -c "zc 0 0x400"
> +echo "report after:"
> +$QEMU_IO $IMG -c "zrp 0 1"
> +echo
> +echo "closing the last zone"
> +$QEMU_IO $IMG -c "zc 0x3e7000 0x400"
> +echo "report after:"
> +$QEMU_IO $IMG -c "zrp 0x3e7000 2"
> +echo
> +echo
> +echo "(4) finishing the second zone"
> +$QEMU_IO $IMG -c "zf 0x400 0x400"
> +echo "After finishing a zone:"
> +$QEMU_IO $IMG -c "zrp 0x400 1"
> +echo
> +echo
> +echo "(5) resetting the second zone"
> +$QEMU_IO $IMG -c "zrs 0x400 0x400"
> +echo "After resetting a zone:"
> +$QEMU_IO $IMG -c "zrp 0x400 1"
> +echo
> +echo
> +echo "(6) append write" # the physical block size of the device is 4096
> +$QEMU_IO $IMG -c "zrp 0 1"
> +$QEMU_IO $IMG -c "zap -p 0 0x1000 0x2000"
> +echo "After appending the first zone firstly:"
> +$QEMU_IO $IMG -c "zrp 0 1"
> +$QEMU_IO $IMG -c "zap -p 0 0x1000 0x2000"
> +echo "After appending the first zone secondly:"
> +$QEMU_IO $IMG -c "zrp 0 1"
> +$QEMU_IO $IMG -c "zap -p 0x400 0x1000 0x2000"
> +echo "After appending the second zone firstly:"
> +$QEMU_IO $IMG -c "zrp 0x400 1"
> +$QEMU_IO $IMG -c "zap -p 0x400 0x1000 0x2000"
> +echo "After appending the second zone secondly:"
> +$QEMU_IO $IMG -c "zrp 0x400 1"
> +
> +# success, all done
> +echo "*** done"
> +rm -f $seq.full
> +status=0
> diff --git a/tests/qemu-iotests/tests/zoned-qcow2.out 
> b/tests/qemu-iotests/tests/zoned-qcow2.out
> new file mode 100644
> index 00..288bceffc4
> --- /dev/null
> +++ b/tests/qemu-iotests/tests/zoned-qcow2.out
> @@ -0,0 +1,87 @@
> +QA output created by zoned-qcow2
> +
> +=== Initial image setup ===
> +
> +Formatting 'zbc.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off 
> compression_type=zlib zoned_profile=zbc zone_size=67108864 
> zone_capacity=67108864 zone_nr_conv=0 max_append_sectors=512 
> max_active_zones=0 max_open_zones=0 size=805306368 lazy_refcounts=off 
> refcount_bits=16
> +
> +=== Testing a qcow2 img with zoned format ===
> +
> +case 1: if the operations work
> +(1) report the first zone:
> +start: 0x0, len 0x2, cap 0x2, wptr 0x0, zcond:1, [type: 2]
> +
> +report the first 10 zones
> +start: 0x0, len 0x2, cap 0x2, wptr 0x0, zcond:1, [type: