Re: [PATCH v8 08/11] virtio-gpu: Handle resource blob commands

[Akihiko Odaki]

On 2024/04/24 19:30, Dmitry Osipenko wrote:

On 4/19/24 12:18, Akihiko Odaki wrote:

@@ -61,6 +61,10 @@ struct virtio_gpu_simple_resource {
   int dmabuf_fd;
   uint8_t *remapped;
   +    MemoryRegion *mr;
+    bool async_unmap_completed;
+    bool async_unmap_in_progress;
+


Don't add fields to virtio_gpu_simple_resource but instead create a
struct that embeds virtio_gpu_simple_resource in virtio-gpu-virgl.c.


Please give a justification. I'd rather rename
virtio_gpu_simple_resource s/_simple//. Simple resource already supports
blob and the added fields are directly related to the blob. Don't see
why another struct is needed.



Because mapping is only implemented in virtio-gpu-gl while blob itself 
is implemented also in virtio-gpu.

Re: [PATCH v8 07/11] virtio-gpu: Support suspension of commands processing

[Akihiko Odaki]

On 2024/04/24 18:43, Dmitry Osipenko wrote:

On 4/19/24 11:53, Akihiko Odaki wrote:

On 2024/04/19 4:00, Dmitry Osipenko wrote:

Add new "suspended" flag to virtio_gpu_ctrl_command telling cmd
processor that it should stop processing commands and retry again
next time until flag is unset.

Signed-off-by: Dmitry Osipenko 


This flag shouldn't be added to virtio_gpu_ctrl_command. suspended is
just !finished in virtio-gpu.c. Only virtio_gpu_virgl_process_cmd()
needs the distinction of suspended and !finished so it is not
appropriate to add this flag the common structure.


The VIRTIO_GPU_FILL_CMD() macro returns void and this macro is used by
every function processing commands. Changing process_cmd() to return
bool will require to change all those functions. Not worthwhile to
change it, IMO. >
The flag reflects the exact command status. The !finished + !suspended
means that command is fenced, i.e. these flags don't have exactly same
meaning.


It is not necessary to change the signature of process_cmd(). You can 
just refer to !finished. No need to have the suspended flag.




I'd keep the flag if there are no better suggestions.

RE: [PATCH] Hexagon: add PC alignment check and exception

[Brian Cain]

> -Original Message-
> From: Matheus Bernardino (QUIC) 
> Sent: Friday, April 26, 2024 1:16 PM
> To: qemu-devel@nongnu.org
> Cc: Brian Cain ; Sid Manning ;
> a...@rev.ng; a...@rev.ng; ltaylorsimp...@gmail.com
> Subject: [PATCH] Hexagon: add PC alignment check and exception
> 
> The Hexagon Programmer's Reference Manual says that the exception 0x1e
> should be raised upon an unaligned program counter. Let's implement that
> and also add tests for both the most common case as well as packets with
> multiple change-of-flow instructions.
> 
> Signed-off-by: Matheus Tavares Bernardino 

Reviewed-by: Brian Cain 

> ---
>  target/hexagon/cpu_bits.h  |  1 +
>  target/hexagon/translate.h |  2 ++
>  target/hexagon/genptr.c| 21 -
>  target/hexagon/translate.c |  2 +-
>  tests/tcg/hexagon/Makefile.target  | 13 +
>  tests/tcg/hexagon/unaligned_pc.S   | 10 ++
>  tests/tcg/hexagon/unaligned_pc_multi_cof.S | 13 +
>  7 files changed, 56 insertions(+), 6 deletions(-)
>  create mode 100644 tests/tcg/hexagon/unaligned_pc.S
>  create mode 100644 tests/tcg/hexagon/unaligned_pc_multi_cof.S
> 
> diff --git a/target/hexagon/cpu_bits.h b/target/hexagon/cpu_bits.h
> index 96fef71729..d6900c8bda 100644
> --- a/target/hexagon/cpu_bits.h
> +++ b/target/hexagon/cpu_bits.h
> @@ -23,6 +23,7 @@
>  #define HEX_EXCP_FETCH_NO_UPAGE  0x012
>  #define HEX_EXCP_INVALID_PACKET  0x015
>  #define HEX_EXCP_INVALID_OPCODE  0x015
> +#define HEX_EXCP_PC_NOT_ALIGNED  0x01e
>  #define HEX_EXCP_PRIV_NO_UREAD   0x024
>  #define HEX_EXCP_PRIV_NO_UWRITE  0x025
> 
> diff --git a/target/hexagon/translate.h b/target/hexagon/translate.h
> index 4dd59c6726..daf11eb584 100644
> --- a/target/hexagon/translate.h
> +++ b/target/hexagon/translate.h
> @@ -75,6 +75,8 @@ typedef struct DisasContext {
>  TCGv dczero_addr;
>  } DisasContext;
> 
> +void gen_exception_end_tb(DisasContext *ctx, int excp);
> +
>  static inline void ctx_log_pred_write(DisasContext *ctx, int pnum)
>  {
>  if (!test_bit(pnum, ctx->pregs_written)) {
> diff --git a/target/hexagon/genptr.c b/target/hexagon/genptr.c
> index dbae6c570a..c96edd9379 100644
> --- a/target/hexagon/genptr.c
> +++ b/target/hexagon/genptr.c
> @@ -473,6 +473,7 @@ static void gen_write_new_pc_addr(DisasContext
> *ctx, TCGv addr,
>TCGCond cond, TCGv pred)
>  {
>  TCGLabel *pred_false = NULL;
> +TCGLabel *branch_taken = NULL;
>  if (cond != TCG_COND_ALWAYS) {
>  pred_false = gen_new_label();
>  tcg_gen_brcondi_tl(cond, pred, 0, pred_false);
> @@ -480,12 +481,22 @@ static void gen_write_new_pc_addr(DisasContext
> *ctx, TCGv addr,
> 
>  if (ctx->pkt->pkt_has_multi_cof) {
>  /* If there are multiple branches in a packet, ignore the second one 
> */
> -tcg_gen_movcond_tl(TCG_COND_NE, hex_gpr[HEX_REG_PC],
> -   ctx->branch_taken, tcg_constant_tl(0),
> -   hex_gpr[HEX_REG_PC], addr);
> +branch_taken = gen_new_label();
> +tcg_gen_brcondi_tl(TCG_COND_NE, ctx->branch_taken, 0,
> branch_taken);
>  tcg_gen_movi_tl(ctx->branch_taken, 1);
> -} else {
> -tcg_gen_mov_tl(hex_gpr[HEX_REG_PC], addr);
> +}
> +
> +TCGLabel *pc_aligned = gen_new_label();
> +TCGv pc_remainder = tcg_temp_new();
> +tcg_gen_andi_tl(pc_remainder, addr, PCALIGN_MASK);
> +tcg_gen_brcondi_tl(TCG_COND_EQ, pc_remainder, 0, pc_aligned);
> +gen_exception_end_tb(ctx, HEX_EXCP_PC_NOT_ALIGNED);
> +gen_set_label(pc_aligned);
> +
> +tcg_gen_mov_tl(hex_gpr[HEX_REG_PC], addr);
> +
> +if (ctx->pkt->pkt_has_multi_cof) {
> +gen_set_label(branch_taken);
>  }
> 
>  if (cond != TCG_COND_ALWAYS) {
> diff --git a/target/hexagon/translate.c b/target/hexagon/translate.c
> index f163eefe97..e6ee63a53e 100644
> --- a/target/hexagon/translate.c
> +++ b/target/hexagon/translate.c
> @@ -185,7 +185,7 @@ static void gen_end_tb(DisasContext *ctx)
>  ctx->base.is_jmp = DISAS_NORETURN;
>  }
> 
> -static void gen_exception_end_tb(DisasContext *ctx, int excp)
> +void gen_exception_end_tb(DisasContext *ctx, int excp)
>  {
>  gen_exec_counters(ctx);
>  tcg_gen_movi_tl(hex_gpr[HEX_REG_PC], ctx->next_PC);
> diff --git a/tests/tcg/hexagon/Makefile.target
> b/tests/tcg/hexagon/Makefile.target
> index f839b2c0d5..02d7fff34c 100644
> --- a/tests/tcg/hexagon/Makefile.target
> +++ b/tests/tcg/hexagon/Makefile.target
> @@ -51,6 +51,19 @@ HEX_TESTS += scatter_gather
>  HEX_TESTS += hvx_misc
>  HEX_TESTS += hvx_histogram
>  HEX_TESTS += invalid-slots
> +HEX_TESTS += unaligned_pc
> +HEX_TESTS += unaligned_pc_multi_cof
> +
> +run-unaligned_pc: unaligned_pc
> +run-unaligned_pc_multi_cof: unaligned_pc_multi_cof
> +run-unaligned_pc run-unaligned_pc_multi_cof:
> + $(call run-test, $<, $(QEMU) $< 2> $<.stderr,"$< on
> $(TARGET_NAME)"); \
> + 

Re: [PATCH v2 1/1] target/riscv/kvm: fix timebase-frequency when using KVM acceleration

[Michael Tokarev]

14.03.2024 09:15, Yong-Xuan Wang:

The timebase-frequency of guest OS should be the same with host
machine. The timebase-frequency value in DTS should be got from
hypervisor when using KVM acceleration.


This change ended up in stable-8.2 (v8.2.3).  Interestingly, this thing
compiled not even once, or else it would be obvious it fails to compile.
Somehow I was too used to CI, forgetting that we don't have riscv *host*
in CI (and I don't have one locally either).  So 8.2.3 is broken on
riscv64 *host*.

In 8.2, KVM_RISCV_GET_TIMER macro accepts 4 arguments, because it does
not have 10f86d1b845087d1 "target/riscv/kvm: change timer regs size to u64".

What do you think, should I revert this change for stable-8.2, or pick
10f86d1b845087d1 too, or change this commit (fix timebase-frequency) to
provide the missing argument for this macro?

Thanks,

/mjt



Reviewed-by: Andrew Jones 
Signed-off-by: Yong-Xuan Wang 

---
Changelog
v2:
- update the function definition
- restructure if-else statement
---
  hw/riscv/virt.c  | 2 ++
  target/riscv/kvm/kvm-cpu.c   | 9 +
  target/riscv/kvm/kvm_riscv.h | 1 +
  3 files changed, 12 insertions(+)

diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index a094af97c32a..533b17799581 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -711,6 +711,8 @@ static void create_fdt_sockets(RISCVVirtState *s, const 
MemMapEntry *memmap,
  
  qemu_fdt_add_subnode(ms->fdt, "/cpus");

  qemu_fdt_setprop_cell(ms->fdt, "/cpus", "timebase-frequency",
+  kvm_enabled() ?
+  kvm_riscv_get_timebase_frequency(first_cpu) :
RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ);
  qemu_fdt_setprop_cell(ms->fdt, "/cpus", "#size-cells", 0x0);
  qemu_fdt_setprop_cell(ms->fdt, "/cpus", "#address-cells", 0x1);
diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
index c7afdb1e81b7..bbb115eaa867 100644
--- a/target/riscv/kvm/kvm-cpu.c
+++ b/target/riscv/kvm/kvm-cpu.c
@@ -739,6 +739,15 @@ static void kvm_riscv_put_regs_timer(CPUState *cs)
  env->kvm_timer_dirty = false;
  }
  
+uint64_t kvm_riscv_get_timebase_frequency(CPUState *cs)

+{
+uint64_t reg;
+
+KVM_RISCV_GET_TIMER(cs, frequency, reg);
+
+return reg;
+}
+
  static int kvm_riscv_get_regs_vector(CPUState *cs)
  {
  RISCVCPU *cpu = RISCV_CPU(cs);
diff --git a/target/riscv/kvm/kvm_riscv.h b/target/riscv/kvm/kvm_riscv.h
index 4bd98fddc776..58518988681d 100644
--- a/target/riscv/kvm/kvm_riscv.h
+++ b/target/riscv/kvm/kvm_riscv.h
@@ -28,5 +28,6 @@ void kvm_riscv_aia_create(MachineState *machine, uint64_t 
group_shift,
  void riscv_kvm_aplic_request(void *opaque, int irq, int level);
  int kvm_riscv_sync_mpstate_to_kvm(RISCVCPU *cpu, int state);
  void riscv_kvm_cpu_finalize_features(RISCVCPU *cpu, Error **errp);
+uint64_t kvm_riscv_get_timebase_frequency(CPUState *cs);
  
  #endif


--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH 6/6] target/i386/confidential-guest: Fix comment of x86_confidential_guest_kvm_type()

[Xiaoyao Li]

On 4/26/2024 6:07 PM, Zhao Liu wrote:

Update the comment to match the X86ConfidentialGuestClass
implementation.

Suggested-by: Xiaoyao Li 


I think it should be "Reported-by"


Signed-off-by: Zhao Liu 
---
  target/i386/confidential-guest.h | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/confidential-guest.h b/target/i386/confidential-guest.h
index 532e172a60b6..06d54a120227 100644
--- a/target/i386/confidential-guest.h
+++ b/target/i386/confidential-guest.h
@@ -44,7 +44,7 @@ struct X86ConfidentialGuestClass {
  /**
   * x86_confidential_guest_kvm_type:
   *
- * Calls #X86ConfidentialGuestClass.unplug callback of @plug_handler.
+ * Calls #X86ConfidentialGuestClass.kvm_type() callback.
   */
  static inline int x86_confidential_guest_kvm_type(X86ConfidentialGuest *cg)
  {

[PATCH v2] ui/gtk: Draw guest frame at refresh cycle

[dongwon . kim]

From: Dongwon Kim 

Draw routine needs to be manually invoked in the next refresh
if there is a scanout blob from the guest. This is to prevent
a situation where there is a scheduled draw event but it won't
happen bacause the window is currently in inactive state
(minimized or tabified). If draw is not done for a long time,
gl_block timeout and/or fence timeout (on the guest) will happen
eventually.

v2: Use gd_gl_area_draw(vc) in gtk-gl-area.c

Suggested-by: Vivek Kasireddy 
Cc: Gerd Hoffmann 
Cc: Marc-André Lureau 
Cc: Daniel P. Berrangé 
Signed-off-by: Dongwon Kim 
---
 ui/gtk-egl.c | 1 +
 ui/gtk-gl-area.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/ui/gtk-egl.c b/ui/gtk-egl.c
index 3af5ac5bcf..75f6b9011a 100644
--- a/ui/gtk-egl.c
+++ b/ui/gtk-egl.c
@@ -150,6 +150,7 @@ void gd_egl_refresh(DisplayChangeListener *dcl)
 vc, vc->window ? vc->window : vc->gfx.drawing_area);
 
 if (vc->gfx.guest_fb.dmabuf && vc->gfx.guest_fb.dmabuf->draw_submitted) {
+gd_egl_draw(vc);
 return;
 }
 
diff --git a/ui/gtk-gl-area.c b/ui/gtk-gl-area.c
index 52dcac161e..4fff957c3f 100644
--- a/ui/gtk-gl-area.c
+++ b/ui/gtk-gl-area.c
@@ -126,6 +126,7 @@ void gd_gl_area_refresh(DisplayChangeListener *dcl)
 gd_update_monitor_refresh_rate(vc, vc->window ? vc->window : 
vc->gfx.drawing_area);
 
 if (vc->gfx.guest_fb.dmabuf && vc->gfx.guest_fb.dmabuf->draw_submitted) {
+gd_gl_area_draw(vc);
 return;
 }
 
-- 
2.34.1

Re: [PULL 0/2] NBD patches for 2024-04-25

[Richard Henderson]

On 4/25/24 14:43, Eric Blake wrote:

The following changes since commit 5da72194df36535d773c8bdc951529ecd5e31707:

   Merge tag 'pull-tcg-20240424' ofhttps://gitlab.com/rth7680/qemu  into 
staging (2024-04-24 15:51:49 -0700)

are available in the Git repository at:

   https://repo.or.cz/qemu/ericb.git  tags/pull-nbd-2024-04-25

for you to fetch changes up to 4fa333e08dd96395a99ea8dd9e4c73a29dd23344:

   nbd/server: Mark negotiation functions as coroutine_fn (2024-04-25 12:59:19 
-0500)


NBD patches for 2024-04-25

- Avoid calling poll() within coroutine


Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/9.1 as 
appropriate.


r~

Re: [PATCH 1/6] target/i386/kvm: Add feature bit definitions for KVM CPUID

[Chen, Zide]

On 4/26/2024 3:07 AM, Zhao Liu wrote:
> Add feature definiations for KVM_CPUID_FEATURES in CPUID (
> CPUID[4000_0001].EAX and CPUID[4000_0001].EDX), to get rid of lots of
> offset calculations.
> 
> Signed-off-by: Zhao Liu 
> ---
> v2: Changed the prefix from CPUID_FEAT_KVM_* to CPUID_KVM_*. (Xiaoyao)
> ---
>  hw/i386/kvm/clock.c   |  5 ++---
>  target/i386/cpu.h | 23 +++
>  target/i386/kvm/kvm.c | 28 ++--
>  3 files changed, 39 insertions(+), 17 deletions(-)
> 
> diff --git a/hw/i386/kvm/clock.c b/hw/i386/kvm/clock.c
> index 40aa9a32c32c..ce416c05a3d0 100644
> --- a/hw/i386/kvm/clock.c
> +++ b/hw/i386/kvm/clock.c
> @@ -27,7 +27,6 @@
>  #include "qapi/error.h"
>  
>  #include 
> -#include "standard-headers/asm-x86/kvm_para.h"
>  #include "qom/object.h"
>  
>  #define TYPE_KVM_CLOCK "kvmclock"
> @@ -334,8 +333,8 @@ void kvmclock_create(bool create_always)
>  
>  assert(kvm_enabled());
>  if (create_always ||
> -cpu->env.features[FEAT_KVM] & ((1ULL << KVM_FEATURE_CLOCKSOURCE) |
> -   (1ULL << KVM_FEATURE_CLOCKSOURCE2))) {
> +cpu->env.features[FEAT_KVM] & (CPUID_KVM_CLOCK |
> +   CPUID_KVM_CLOCK2)) {

To achieve this purpose, how about doing the alternative to define an
API similar to KVM's guest_pv_has()?

_has() is simpler and clearer than "features[] & CPUID_x",
additionally, this helps to keep the definitions identical to KVM, more
readable and easier for future maintenance.

Re: [PATCH v3 1/2] target/s390x: report deprecated-props in cpu-model-expansion reply

[Collin Walling]

On 4/26/24 13:35, Collin Walling wrote:
> On 4/26/24 04:42, Markus Armbruster wrote:
>> Collin Walling  writes:
>>
>>> Retain a list of deprecated features disjoint from any particular
>>> CPU model. A query-cpu-model-expansion reply will now provide a list of
>>> properties (i.e. features) that are flagged as deprecated. Example:
>>>
>>> {
>>>   "return": {
>>> "model": {
>>>   "name": "z14.2-base",
>>>   "deprecated-props": [
>>> "bpb",
>>> "csske"
>>>   ],
>>>   "props": {
>>> "pfmfi": false,
>>> "exrl": true,
>>> ...a lot more props...
>>> "skey": false,
>>> "vxpdeh2": false
>>>   }
>>> }
>>>   }
>>> }
>>>
>>> It is recommended that s390 guests operate with these features
>>> explicitly disabled to ensure compatability with future hardware.
>>>
>>> Signed-off-by: Collin Walling 
>>> ---
>>>  qapi/machine-target.json |  5 -
>>>  target/s390x/cpu_features.c  | 14 ++
>>>  target/s390x/cpu_features.h  |  1 +
>>>  target/s390x/cpu_models_sysemu.c |  6 ++
>>>  4 files changed, 25 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/qapi/machine-target.json b/qapi/machine-target.json
>>> index 29e695aa06..3799a60e3d 100644
>>> --- a/qapi/machine-target.json
>>> +++ b/qapi/machine-target.json
>>> @@ -20,11 +20,14 @@
>>>  #
>>>  # @props: a dictionary of QOM properties to be applied
>>>  #
>>> +# @deprecated-props: a list of QOM properties that are flagged as 
>>> deprecated
>>
>> Deprecated by whom?  QEMU?  The CPU vendor?
>>
> 
> The CPU vendor would be the one who decides which props are deprecated.
> How about:
> 
> # @deprecated-props: a list of QOM properties that are flagged as
>deprecated by the CPU vendor
> 

^ let's ignore the incorrect indentation here.

Actually, I may be wildly incorrect with my description by referring to
this as "a list of QOM properties", when in fact this is just an array
of strings.  Also, the deprecated props may not always reflect the
features that are found by a static expansion, so I added another
sentence to describe that they are a part of a full model expansion.

# @deprecated-props: a list of properties that are flagged as deprecated
# by the CPU vendor.  These props are a subset of the model's full
# definition list of properties. (since X.Y)

I may need some help with the wording on the 2nd sentence.

[...]

> 
>>> +#
>>>  # Since: 2.8
>>>  ##
>>>  { 'struct': 'CpuModelInfo',
>>>'data': { 'name': 'str',
>>> -'*props': 'any' } }
>>> +'*props': 'any',
>>> +'*deprecated-props': ['str'] } }
>>>  
>>>  ##
>>>  # @CpuModelExpansionType:
>>
>> [...]
>>
>>
> 

-- 
Regards,
  Collin

[PULL 23/38] exec/cpu-all: Reduce 'qemu/rcu.h' header inclusion

[Philippe Mathieu-Daudé]

"exec/cpu-all.h" doesn't need definitions from "qemu/rcu.h",
however "exec/ram_addr.h" does.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20231211212003.21686-17-phi...@linaro.org>
---
 include/exec/cpu-all.h  | 1 -
 include/exec/ram_addr.h | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index b86209fc49..586dc56d9e 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -24,7 +24,6 @@
 #include "exec/tswap.h"
 #include "qemu/thread.h"
 #include "hw/core/cpu.h"
-#include "qemu/rcu.h"
 
 /* some important defines:
  *
diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h
index 07c8f86375..891c44cf2d 100644
--- a/include/exec/ram_addr.h
+++ b/include/exec/ram_addr.h
@@ -26,6 +26,7 @@
 #include "exec/ramlist.h"
 #include "exec/ramblock.h"
 #include "exec/exec-all.h"
+#include "qemu/rcu.h"
 
 extern uint64_t total_dirty_pages;
 
-- 
2.41.0

[PULL 37/38] hw/core: Avoid including the full 'hw/core/cpu.h' in 'tcg-cpu-ops.h'

[Philippe Mathieu-Daudé]

Only include what is required, avoiding the full
CPUState API from the huge "hw/core/cpu.h" header.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20240418192525.97451-4-phi...@linaro.org>
---
 include/hw/core/tcg-cpu-ops.h | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/include/hw/core/tcg-cpu-ops.h b/include/hw/core/tcg-cpu-ops.h
index dc1f16a977..9387d38748 100644
--- a/include/hw/core/tcg-cpu-ops.h
+++ b/include/hw/core/tcg-cpu-ops.h
@@ -10,7 +10,11 @@
 #ifndef TCG_CPU_OPS_H
 #define TCG_CPU_OPS_H
 
-#include "hw/core/cpu.h"
+#include "exec/breakpoint.h"
+#include "exec/hwaddr.h"
+#include "exec/memattrs.h"
+#include "exec/mmu-access-type.h"
+#include "exec/vaddr.h"
 
 struct TCGCPUOps {
 /**
-- 
2.41.0

[PULL 25/38] exec/cpu-all: Remove unused tswapls() definitions

[Philippe Mathieu-Daudé]

Last use of tswapls() was removed 2 years ago in commit
aee14c77f4 ("linux-user: Rewrite do_getdents, do_getdents64").

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Anton Johansson 
Message-Id: <20231212123401.37493-15-phi...@linaro.org>
Reviewed-by: Richard Henderson 
---
 include/exec/cpu-all.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 4de0d5a0d7..7c44ffb3af 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -38,11 +38,9 @@
 
 #if TARGET_LONG_SIZE == 4
 #define tswapl(s) tswap32(s)
-#define tswapls(s) tswap32s((uint32_t *)(s))
 #define bswaptls(s) bswap32s(s)
 #else
 #define tswapl(s) tswap64(s)
-#define tswapls(s) tswap64s((uint64_t *)(s))
 #define bswaptls(s) bswap64s(s)
 #endif
 
-- 
2.41.0

[PULL 22/38] accel/hvf: Use accel-specific per-vcpu @dirty field

[Philippe Mathieu-Daudé]

HVF has a specific use of the CPUState::vcpu_dirty field
(CPUState::vcpu_dirty is not used by common code).
To make this field accel-specific, add and use a new
@dirty variable in the AccelCPUState structure.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20240424174506.326-4-phi...@linaro.org>
---
 include/hw/core/cpu.h |  3 +--
 include/sysemu/hvf_int.h  |  1 +
 accel/hvf/hvf-accel-ops.c | 10 +-
 target/arm/hvf/hvf.c  |  4 ++--
 target/i386/hvf/hvf.c |  4 ++--
 target/i386/hvf/x86hvf.c  |  2 +-
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 7f037b158e..cead8f01a6 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -525,6 +525,7 @@ struct CPUState {
 uint32_t kvm_fetch_index;
 uint64_t dirty_pages;
 int kvm_vcpu_stats_fd;
+bool vcpu_dirty;
 
 /* Use by accel-block: CPU is executing an ioctl() */
 QemuLockCnt in_ioctl_lock;
@@ -546,8 +547,6 @@ struct CPUState {
 int32_t exception_index;
 
 AccelCPUState *accel;
-/* shared by kvm and hvf */
-bool vcpu_dirty;
 
 /* Used to keep track of an outstanding cpu throttle thread for migration
  * autoconverge
diff --git a/include/sysemu/hvf_int.h b/include/sysemu/hvf_int.h
index 718beddcdd..4a327fd526 100644
--- a/include/sysemu/hvf_int.h
+++ b/include/sysemu/hvf_int.h
@@ -55,6 +55,7 @@ struct AccelCPUState {
 bool vtimer_masked;
 sigset_t unblock_ipi_mask;
 bool guest_debug_enabled;
+bool dirty;
 };
 
 void assert_hvf_ok(hv_return_t ret);
diff --git a/accel/hvf/hvf-accel-ops.c b/accel/hvf/hvf-accel-ops.c
index d94d41ab6d..40d4187d9d 100644
--- a/accel/hvf/hvf-accel-ops.c
+++ b/accel/hvf/hvf-accel-ops.c
@@ -204,15 +204,15 @@ static void hvf_set_phys_mem(MemoryRegionSection 
*section, bool add)
 
 static void do_hvf_cpu_synchronize_state(CPUState *cpu, run_on_cpu_data arg)
 {
-if (!cpu->vcpu_dirty) {
+if (!cpu->accel->dirty) {
 hvf_get_registers(cpu);
-cpu->vcpu_dirty = true;
+cpu->accel->dirty = true;
 }
 }
 
 static void hvf_cpu_synchronize_state(CPUState *cpu)
 {
-if (!cpu->vcpu_dirty) {
+if (!cpu->accel->dirty) {
 run_on_cpu(cpu, do_hvf_cpu_synchronize_state, RUN_ON_CPU_NULL);
 }
 }
@@ -221,7 +221,7 @@ static void do_hvf_cpu_synchronize_set_dirty(CPUState *cpu,
  run_on_cpu_data arg)
 {
 /* QEMU state is the reference, push it to HVF now and on next entry */
-cpu->vcpu_dirty = true;
+cpu->accel->dirty = true;
 }
 
 static void hvf_cpu_synchronize_post_reset(CPUState *cpu)
@@ -402,7 +402,7 @@ static int hvf_init_vcpu(CPUState *cpu)
 #else
 r = hv_vcpu_create((hv_vcpuid_t *)>accel->fd, HV_VCPU_DEFAULT);
 #endif
-cpu->vcpu_dirty = 1;
+cpu->accel->dirty = true;
 assert_hvf_ok(r);
 
 cpu->accel->guest_debug_enabled = false;
diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index 65a5601804..db628c1cba 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -806,9 +806,9 @@ int hvf_put_registers(CPUState *cpu)
 
 static void flush_cpu_state(CPUState *cpu)
 {
-if (cpu->vcpu_dirty) {
+if (cpu->accel->dirty) {
 hvf_put_registers(cpu);
-cpu->vcpu_dirty = false;
+cpu->accel->dirty = false;
 }
 }
 
diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index 1ed8ed5154..e493452acb 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -419,9 +419,9 @@ int hvf_vcpu_exec(CPUState *cpu)
 }
 
 do {
-if (cpu->vcpu_dirty) {
+if (cpu->accel->dirty) {
 hvf_put_registers(cpu);
-cpu->vcpu_dirty = false;
+cpu->accel->dirty = false;
 }
 
 if (hvf_inject_interrupts(cpu)) {
diff --git a/target/i386/hvf/x86hvf.c b/target/i386/hvf/x86hvf.c
index be2c46246e..1569f860eb 100644
--- a/target/i386/hvf/x86hvf.c
+++ b/target/i386/hvf/x86hvf.c
@@ -427,7 +427,7 @@ int hvf_process_events(CPUState *cs)
 X86CPU *cpu = X86_CPU(cs);
 CPUX86State *env = >env;
 
-if (!cs->vcpu_dirty) {
+if (!cs->accel->dirty) {
 /* light weight sync for CPU_INTERRUPT_HARD and IF_MASK */
 env->eflags = rreg(cs->accel->fd, HV_X86_RFLAGS);
 }
-- 
2.41.0

[PULL 03/38] exec: Include 'cpu.h' before validating CPUArchState placement

[Philippe Mathieu-Daudé]

CPUArchState 'env' field is defined within the ArchCPU structure,
so we need to include each target "cpu.h" header which defines it.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Warner Losh 
Message-Id: <20231211212003.21686-2-phi...@linaro.org>
---
 include/exec/cpu-all.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 1a6510fd3b..b86209fc49 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -391,6 +391,7 @@ static inline bool tlb_hit(uint64_t tlb_addr, vaddr addr)
 #endif /* !CONFIG_USER_ONLY */
 
 /* Validate correct placement of CPUArchState. */
+#include "cpu.h"
 QEMU_BUILD_BUG_ON(offsetof(ArchCPU, parent_obj) != 0);
 QEMU_BUILD_BUG_ON(offsetof(ArchCPU, env) != sizeof(CPUState));
 
-- 
2.41.0

[PULL 26/38] exec: Declare target_words_bigendian() in 'exec/tswap.h'

[Philippe Mathieu-Daudé]

We usually check target endianess before swapping values,
so target_words_bigendian() declaration makes sense in
"exec/tswap.h" with the target swapping helpers.

Remove "hw/core/cpu.h" when it was only included to get
the target_words_bigendian() declaration.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Anton Johansson 
Message-Id: <20231212123401.37493-16-phi...@linaro.org>
Reviewed-by: Richard Henderson 
---
 include/exec/tswap.h | 12 +++-
 include/hw/core/cpu.h| 11 ---
 cpu-target.c |  1 +
 disas/disas.c|  1 +
 hw/audio/virtio-snd.c|  2 +-
 hw/core/cpu-sysemu.c |  2 +-
 hw/core/generic-loader.c |  2 +-
 hw/display/vga.c |  2 +-
 hw/virtio/virtio.c   |  1 +
 9 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/include/exec/tswap.h b/include/exec/tswap.h
index 5089cd6a4c..b7a4191347 100644
--- a/include/exec/tswap.h
+++ b/include/exec/tswap.h
@@ -8,9 +8,19 @@
 #ifndef TSWAP_H
 #define TSWAP_H
 
-#include "hw/core/cpu.h"
 #include "qemu/bswap.h"
 
+/**
+ * target_words_bigendian:
+ * Returns true if the (default) endianness of the target is big endian,
+ * false otherwise. Note that in target-specific code, you can use
+ * TARGET_BIG_ENDIAN directly instead. On the other hand, common
+ * code should normally never need to know about the endianness of the
+ * target, so please do *not* use this function unless you know very well
+ * what you are doing!
+ */
+bool target_words_bigendian(void);
+
 /*
  * If we're in target-specific code, we can hard-code the swapping
  * condition, otherwise we have to do (slower) run-time checks.
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index cead8f01a6..d89b2cffcb 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -1168,17 +1168,6 @@ bool cpu_exec_realizefn(CPUState *cpu, Error **errp);
 void cpu_exec_unrealizefn(CPUState *cpu);
 void cpu_exec_reset_hold(CPUState *cpu);
 
-/**
- * target_words_bigendian:
- * Returns true if the (default) endianness of the target is big endian,
- * false otherwise. Note that in target-specific code, you can use
- * TARGET_BIG_ENDIAN directly instead. On the other hand, common
- * code should normally never need to know about the endianness of the
- * target, so please do *not* use this function unless you know very well
- * what you are doing!
- */
-bool target_words_bigendian(void);
-
 const char *target_name(void);
 
 #ifdef COMPILING_PER_TARGET
diff --git a/cpu-target.c b/cpu-target.c
index 4c0621bf33..f88649c299 100644
--- a/cpu-target.c
+++ b/cpu-target.c
@@ -35,6 +35,7 @@
 #endif
 #include "sysemu/cpus.h"
 #include "sysemu/tcg.h"
+#include "exec/tswap.h"
 #include "exec/replay-core.h"
 #include "exec/cpu-common.h"
 #include "exec/exec-all.h"
diff --git a/disas/disas.c b/disas/disas.c
index 7e3b0bb46c..ec14715ecd 100644
--- a/disas/disas.c
+++ b/disas/disas.c
@@ -6,6 +6,7 @@
 #include "disas/disas.h"
 #include "disas/capstone.h"
 #include "hw/core/cpu.h"
+#include "exec/tswap.h"
 #include "exec/memory.h"
 
 /* Filled in by elfload.c.  Simplistic, but will do for now. */
diff --git a/hw/audio/virtio-snd.c b/hw/audio/virtio-snd.c
index c80b58bf5d..6a2ee085c0 100644
--- a/hw/audio/virtio-snd.c
+++ b/hw/audio/virtio-snd.c
@@ -20,11 +20,11 @@
 #include "qemu/log.h"
 #include "qemu/error-report.h"
 #include "include/qemu/lockable.h"
+#include "exec/tswap.h"
 #include "sysemu/runstate.h"
 #include "trace.h"
 #include "qapi/error.h"
 #include "hw/audio/virtio-snd.h"
-#include "hw/core/cpu.h"
 
 #define VIRTIO_SOUND_VM_VERSION 1
 #define VIRTIO_SOUND_JACK_DEFAULT 0
diff --git a/hw/core/cpu-sysemu.c b/hw/core/cpu-sysemu.c
index d0d6a910f9..2a9a2a4eb5 100644
--- a/hw/core/cpu-sysemu.c
+++ b/hw/core/cpu-sysemu.c
@@ -20,7 +20,7 @@
 
 #include "qemu/osdep.h"
 #include "qapi/error.h"
-#include "hw/core/cpu.h"
+#include "exec/tswap.h"
 #include "hw/core/sysemu-cpu-ops.h"
 
 bool cpu_paging_enabled(const CPUState *cpu)
diff --git a/hw/core/generic-loader.c b/hw/core/generic-loader.c
index d4b5c501d8..ea8628b892 100644
--- a/hw/core/generic-loader.c
+++ b/hw/core/generic-loader.c
@@ -31,7 +31,7 @@
  */
 
 #include "qemu/osdep.h"
-#include "hw/core/cpu.h"
+#include "exec/tswap.h"
 #include "sysemu/dma.h"
 #include "sysemu/reset.h"
 #include "hw/boards.h"
diff --git a/hw/display/vga.c b/hw/display/vga.c
index e91a76bf76..30facc6c8e 100644
--- a/hw/display/vga.c
+++ b/hw/display/vga.c
@@ -26,7 +26,7 @@
 #include "qemu/units.h"
 #include "sysemu/reset.h"
 #include "qapi/error.h"
-#include "hw/core/cpu.h"
+#include "exec/tswap.h"
 #include "hw/display/vga.h"
 #include "hw/i386/x86.h"
 #include "hw/pci/pci.h"
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 871674f9be..893a072c9d 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -20,6 +20,7 @@
 #include "qemu/log.h"
 #include "qemu/main-loop.h"
 #include "qemu/module.h"
+#include "exec/tswap.h"
 #include "qom/object_interfaces.h"
 #include "hw/core/cpu.h"
 #include 

[PULL 38/38] plugins: Include missing 'qemu/bitmap.h' header

[Philippe Mathieu-Daudé]

Since commit c006147122 ("plugins: create CPUPluginState and
migrate plugin_mask") "qemu/plugin.h" uses DECLARE_BITMAP(),
which is declared in "qemu/bitmap.h".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Reviewed-by: Pierrick Bouvier 
Message-Id: <20240418192525.97451-19-phi...@linaro.org>
---
 include/qemu/plugin.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/qemu/plugin.h b/include/qemu/plugin.h
index 12a96cea2a..41db748eda 100644
--- a/include/qemu/plugin.h
+++ b/include/qemu/plugin.h
@@ -13,6 +13,7 @@
 #include "qemu/queue.h"
 #include "qemu/option.h"
 #include "qemu/plugin-event.h"
+#include "qemu/bitmap.h"
 #include "exec/memopidx.h"
 #include "hw/core/cpu.h"
 
-- 
2.41.0

[PULL 21/38] accel/nvmm: Use accel-specific per-vcpu @dirty field

[Philippe Mathieu-Daudé]

NVMM has a specific use of the CPUState::vcpu_dirty field
(CPUState::vcpu_dirty is not used by common code).
To make this field accel-specific, add and use a new
@dirty variable in the AccelCPUState structure.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20240424174506.326-3-phi...@linaro.org>
---
 target/i386/nvmm/nvmm-all.c | 21 +++--
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/target/i386/nvmm/nvmm-all.c b/target/i386/nvmm/nvmm-all.c
index 49a3a3b916..f9cced53b3 100644
--- a/target/i386/nvmm/nvmm-all.c
+++ b/target/i386/nvmm/nvmm-all.c
@@ -30,6 +30,7 @@ struct AccelCPUState {
 struct nvmm_vcpu vcpu;
 uint8_t tpr;
 bool stop;
+bool dirty;
 
 /* Window-exiting for INTs/NMIs. */
 bool int_window_exit;
@@ -507,7 +508,7 @@ nvmm_io_callback(struct nvmm_io *io)
 }
 
 /* Needed, otherwise infinite loop. */
-current_cpu->vcpu_dirty = false;
+current_cpu->accel->dirty = false;
 }
 
 static void
@@ -516,7 +517,7 @@ nvmm_mem_callback(struct nvmm_mem *mem)
 cpu_physical_memory_rw(mem->gpa, mem->data, mem->size, mem->write);
 
 /* Needed, otherwise infinite loop. */
-current_cpu->vcpu_dirty = false;
+current_cpu->accel->dirty = false;
 }
 
 static struct nvmm_assist_callbacks nvmm_callbacks = {
@@ -726,9 +727,9 @@ nvmm_vcpu_loop(CPUState *cpu)
  * Inner VCPU loop.
  */
 do {
-if (cpu->vcpu_dirty) {
+if (cpu->accel->dirty) {
 nvmm_set_registers(cpu);
-cpu->vcpu_dirty = false;
+cpu->accel->dirty = false;
 }
 
 if (qcpu->stop) {
@@ -826,32 +827,32 @@ static void
 do_nvmm_cpu_synchronize_state(CPUState *cpu, run_on_cpu_data arg)
 {
 nvmm_get_registers(cpu);
-cpu->vcpu_dirty = true;
+cpu->accel->dirty = true;
 }
 
 static void
 do_nvmm_cpu_synchronize_post_reset(CPUState *cpu, run_on_cpu_data arg)
 {
 nvmm_set_registers(cpu);
-cpu->vcpu_dirty = false;
+cpu->accel->dirty = false;
 }
 
 static void
 do_nvmm_cpu_synchronize_post_init(CPUState *cpu, run_on_cpu_data arg)
 {
 nvmm_set_registers(cpu);
-cpu->vcpu_dirty = false;
+cpu->accel->dirty = false;
 }
 
 static void
 do_nvmm_cpu_synchronize_pre_loadvm(CPUState *cpu, run_on_cpu_data arg)
 {
-cpu->vcpu_dirty = true;
+cpu->accel->dirty = true;
 }
 
 void nvmm_cpu_synchronize_state(CPUState *cpu)
 {
-if (!cpu->vcpu_dirty) {
+if (!cpu->accel->dirty) {
 run_on_cpu(cpu, do_nvmm_cpu_synchronize_state, RUN_ON_CPU_NULL);
 }
 }
@@ -981,7 +982,7 @@ nvmm_init_vcpu(CPUState *cpu)
 }
 }
 
-cpu->vcpu_dirty = true;
+cpu->accel->dirty = true;
 cpu->accel = qcpu;
 
 return 0;
-- 
2.41.0

[PULL 24/38] exec/cpu-all: Remove unused 'qemu/thread.h' header

[Philippe Mathieu-Daudé]

Nothing is required from "qemu/thread.h" in "exec/cpu-all.h".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Anton Johansson 
Message-Id: <20231212123401.37493-13-phi...@linaro.org>
Reviewed-by: Richard Henderson 
---
 include/exec/cpu-all.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 586dc56d9e..4de0d5a0d7 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -22,7 +22,6 @@
 #include "exec/cpu-common.h"
 #include "exec/memory.h"
 #include "exec/tswap.h"
-#include "qemu/thread.h"
 #include "hw/core/cpu.h"
 
 /* some important defines:
-- 
2.41.0

[PULL 28/38] exec/user: Do not include 'cpu.h' in 'abitypes.h'

[Philippe Mathieu-Daudé]

"exec/user/abitypes.h" requires:

 - "exec/cpu-defs.h"   (TARGET_LONG_BITS)
 - "exec/tswap.h"  (tswap32)

In order to avoid "cpu.h", pick the minimum required headers.

Assert this user-specific header is only included from user
emulation.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
Message-Id: <20231212123401.37493-20-phi...@linaro.org>
Reviewed-by: Richard Henderson 
---
 include/exec/user/abitypes.h | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/include/exec/user/abitypes.h b/include/exec/user/abitypes.h
index 731f345ff5..3ec1969368 100644
--- a/include/exec/user/abitypes.h
+++ b/include/exec/user/abitypes.h
@@ -1,7 +1,12 @@
 #ifndef EXEC_USER_ABITYPES_H
 #define EXEC_USER_ABITYPES_H
 
-#include "cpu.h"
+#ifndef CONFIG_USER_ONLY
+#error Cannot include this header from system emulation
+#endif
+
+#include "exec/cpu-defs.h"
+#include "exec/tswap.h"
 #include "user/tswap-target.h"
 
 #ifdef TARGET_ABI32
-- 
2.41.0

[PULL 10/38] semihosting/guestfd: Remove unused 'semihosting/uaccess.h' header

[Philippe Mathieu-Daudé]

Nothing in guestfd.c requires "semihosting/uaccess.h" nor "qemu.h".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Anton Johansson 
Message-Id: <20231212123401.37493-8-phi...@linaro.org>
Reviewed-by: Richard Henderson 
---
 semihosting/guestfd.c | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/semihosting/guestfd.c b/semihosting/guestfd.c
index 955c2efbd0..d3241434c5 100644
--- a/semihosting/guestfd.c
+++ b/semihosting/guestfd.c
@@ -12,10 +12,7 @@
 #include "gdbstub/syscalls.h"
 #include "semihosting/semihost.h"
 #include "semihosting/guestfd.h"
-#ifdef CONFIG_USER_ONLY
-#include "qemu.h"
-#else
-#include "semihosting/uaccess.h"
+#ifndef CONFIG_USER_ONLY
 #include CONFIG_DEVICES
 #endif
 
-- 
2.41.0

[PULL 32/38] exec: Restrict TCG specific declarations of 'cputlb.h'

[Philippe Mathieu-Daudé]

Avoid TCG specific declarations being used from non-TCG accelerators.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20240418192525.97451-5-phi...@linaro.org>
---
 include/exec/cputlb.h | 5 +
 1 file changed, 5 insertions(+)

diff --git a/include/exec/cputlb.h b/include/exec/cputlb.h
index 6da1462c4f..ef18642a32 100644
--- a/include/exec/cputlb.h
+++ b/include/exec/cputlb.h
@@ -22,9 +22,14 @@
 
 #include "exec/cpu-common.h"
 
+#ifdef CONFIG_TCG
+
 #if !defined(CONFIG_USER_ONLY)
 /* cputlb.c */
 void tlb_protect_code(ram_addr_t ram_addr);
 void tlb_unprotect_code(ram_addr_t ram_addr);
 #endif
+
+#endif /* CONFIG_TCG */
+
 #endif
-- 
2.41.0

[PULL 29/38] exec: Declare abi_ptr type in its own 'abi_ptr.h' header

[Philippe Mathieu-Daudé]

The abi_ptr type is declared in "exec/cpu_ldst.h" with all
the load/store helpers. Some source files requiring abi_ptr
type don't need the load/store helpers. In order to simplify,
create a new "exec/abi_ptr.h" header.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20231212123401.37493-21-phi...@linaro.org>
---
 include/exec/abi_ptr.h| 33 +
 include/exec/cpu_ldst.h   | 17 +++--
 include/exec/exec-all.h   |  1 +
 include/exec/translator.h |  5 -
 4 files changed, 41 insertions(+), 15 deletions(-)
 create mode 100644 include/exec/abi_ptr.h

diff --git a/include/exec/abi_ptr.h b/include/exec/abi_ptr.h
new file mode 100644
index 00..2aedcceb0c
--- /dev/null
+++ b/include/exec/abi_ptr.h
@@ -0,0 +1,33 @@
+/*
+ * QEMU abi_ptr type definitions
+ *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ */
+#ifndef EXEC_ABI_PTR_H
+#define EXEC_ABI_PTR_H
+
+#include "cpu-param.h"
+
+#if defined(CONFIG_USER_ONLY)
+/*
+ * sparc32plus has 64bit long but 32bit space address
+ * this can make bad result with g2h() and h2g()
+ */
+#if TARGET_VIRT_ADDR_SPACE_BITS <= 32
+typedef uint32_t abi_ptr;
+#define TARGET_ABI_FMT_ptr "%x"
+#else
+typedef uint64_t abi_ptr;
+#define TARGET_ABI_FMT_ptr "%"PRIx64
+#endif
+
+#else /* !CONFIG_USER_ONLY */
+
+#include "exec/target_long.h"
+
+typedef target_ulong abi_ptr;
+#define TARGET_ABI_FMT_ptr TARGET_FMT_lx
+
+#endif /* !CONFIG_USER_ONLY */
+
+#endif
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index 82690d3947..64e0319996 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -63,20 +63,11 @@
 #define CPU_LDST_H
 
 #include "exec/memopidx.h"
+#include "exec/abi_ptr.h"
 #include "qemu/int128.h"
 #include "cpu.h"
 
 #if defined(CONFIG_USER_ONLY)
-/* sparc32plus has 64bit long but 32bit space address
- * this can make bad result with g2h() and h2g()
- */
-#if TARGET_VIRT_ADDR_SPACE_BITS <= 32
-typedef uint32_t abi_ptr;
-#define TARGET_ABI_FMT_ptr "%x"
-#else
-typedef uint64_t abi_ptr;
-#define TARGET_ABI_FMT_ptr "%"PRIx64
-#endif
 
 #ifndef TARGET_TAGGED_ADDRESSES
 static inline abi_ptr cpu_untagged_addr(CPUState *cs, abi_ptr x)
@@ -120,10 +111,8 @@ static inline bool guest_range_valid_untagged(abi_ulong 
start, abi_ulong len)
 assert(h2g_valid(x)); \
 h2g_nocheck(x); \
 })
-#else
-typedef vaddr abi_ptr;
-#define TARGET_ABI_FMT_ptr VADDR_PRIx
-#endif
+
+#endif /* CONFIG_USER_ONLY */
 
 uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr);
 int cpu_ldsb_data(CPUArchState *env, abi_ptr ptr);
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 9599e16a09..530d442112 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -22,6 +22,7 @@
 
 #include "cpu.h"
 #if defined(CONFIG_USER_ONLY)
+#include "exec/abi_ptr.h"
 #include "exec/cpu_ldst.h"
 #endif
 #include "exec/translation-block.h"
diff --git a/include/exec/translator.h b/include/exec/translator.h
index 2c4fb818e7..6cd937ac5c 100644
--- a/include/exec/translator.h
+++ b/include/exec/translator.h
@@ -19,7 +19,10 @@
  */
 
 #include "qemu/bswap.h"
-#include "exec/cpu_ldst.h" /* for abi_ptr */
+#include "exec/cpu-common.h"
+#include "exec/cpu-defs.h"
+#include "exec/abi_ptr.h"
+#include "cpu.h"
 
 /**
  * gen_intermediate_code
-- 
2.41.0

[PULL 33/38] exec: Restrict 'cpu_ldst.h' to TCG accelerator

[Philippe Mathieu-Daudé]

"exec/cpu_ldst.h" is specific to TCG, do not allow its
inclusion from other accelerators.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20240418192525.97451-6-phi...@linaro.org>
---
 include/exec/cpu_ldst.h | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index 5b99666702..f3c2a3ca74 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -1,5 +1,5 @@
 /*
- *  Software MMU support
+ *  Software MMU support (per-target)
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -62,6 +62,10 @@
 #ifndef CPU_LDST_H
 #define CPU_LDST_H
 
+#ifndef CONFIG_TCG
+#error Can only include this header with TCG
+#endif
+
 #include "exec/memopidx.h"
 #include "exec/abi_ptr.h"
 #include "exec/mmu-access-type.h"
-- 
2.41.0

[PULL 36/38] exec: Move CPUTLBEntry helpers to cputlb.c

[Philippe Mathieu-Daudé]

The following CPUTLBEntry helpers are only used in accel/tcg/cputlb.c:
  - tlb_index()
  - tlb_entry()
  - tlb_read_idx()
  - tlb_addr_write()

Move them to this file, allowing to remove the huge "cpu.h" header
inclusion from "exec/cpu_ldst.h".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20240418192525.97451-13-phi...@linaro.org>
---
 include/exec/cpu_ldst.h | 55 -
 accel/tcg/cputlb.c  | 51 ++
 2 files changed, 51 insertions(+), 55 deletions(-)

diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index 7d0a0412ad..11ba3778ba 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -70,7 +70,6 @@
 #include "exec/abi_ptr.h"
 #include "exec/mmu-access-type.h"
 #include "qemu/int128.h"
-#include "cpu.h"
 
 #if defined(CONFIG_USER_ONLY)
 
@@ -296,60 +295,6 @@ Int128 cpu_atomic_cmpxchgo_be_mmu(CPUArchState *env, 
abi_ptr addr,
   Int128 cmpv, Int128 newv,
   MemOpIdx oi, uintptr_t retaddr);
 
-#if !defined(CONFIG_USER_ONLY)
-
-#include "tcg/oversized-guest.h"
-
-static inline uint64_t tlb_read_idx(const CPUTLBEntry *entry,
-MMUAccessType access_type)
-{
-/* Do not rearrange the CPUTLBEntry structure members. */
-QEMU_BUILD_BUG_ON(offsetof(CPUTLBEntry, addr_read) !=
-  MMU_DATA_LOAD * sizeof(uint64_t));
-QEMU_BUILD_BUG_ON(offsetof(CPUTLBEntry, addr_write) !=
-  MMU_DATA_STORE * sizeof(uint64_t));
-QEMU_BUILD_BUG_ON(offsetof(CPUTLBEntry, addr_code) !=
-  MMU_INST_FETCH * sizeof(uint64_t));
-
-#if TARGET_LONG_BITS == 32
-/* Use qatomic_read, in case of addr_write; only care about low bits. */
-const uint32_t *ptr = (uint32_t *)>addr_idx[access_type];
-ptr += HOST_BIG_ENDIAN;
-return qatomic_read(ptr);
-#else
-const uint64_t *ptr = >addr_idx[access_type];
-# if TCG_OVERSIZED_GUEST
-return *ptr;
-# else
-/* ofs might correspond to .addr_write, so use qatomic_read */
-return qatomic_read(ptr);
-# endif
-#endif
-}
-
-static inline uint64_t tlb_addr_write(const CPUTLBEntry *entry)
-{
-return tlb_read_idx(entry, MMU_DATA_STORE);
-}
-
-/* Find the TLB index corresponding to the mmu_idx + address pair.  */
-static inline uintptr_t tlb_index(CPUState *cpu, uintptr_t mmu_idx,
-  vaddr addr)
-{
-uintptr_t size_mask = cpu->neg.tlb.f[mmu_idx].mask >> CPU_TLB_ENTRY_BITS;
-
-return (addr >> TARGET_PAGE_BITS) & size_mask;
-}
-
-/* Find the TLB entry corresponding to the mmu_idx + address pair.  */
-static inline CPUTLBEntry *tlb_entry(CPUState *cpu, uintptr_t mmu_idx,
- vaddr addr)
-{
-return >neg.tlb.f[mmu_idx].table[tlb_index(cpu, mmu_idx, addr)];
-}
-
-#endif /* !defined(CONFIG_USER_ONLY) */
-
 #if TARGET_BIG_ENDIAN
 # define cpu_lduw_datacpu_lduw_be_data
 # define cpu_ldsw_datacpu_ldsw_be_data
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index e16d02a62c..953c437ba9 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -27,6 +27,9 @@
 #include "exec/tb-flush.h"
 #include "exec/memory-internal.h"
 #include "exec/ram_addr.h"
+#include "exec/mmu-access-type.h"
+#include "exec/tlb-common.h"
+#include "exec/vaddr.h"
 #include "tcg/tcg.h"
 #include "qemu/error-report.h"
 #include "exec/log.h"
@@ -95,6 +98,54 @@ static inline size_t sizeof_tlb(CPUTLBDescFast *fast)
 return fast->mask + (1 << CPU_TLB_ENTRY_BITS);
 }
 
+static inline uint64_t tlb_read_idx(const CPUTLBEntry *entry,
+MMUAccessType access_type)
+{
+/* Do not rearrange the CPUTLBEntry structure members. */
+QEMU_BUILD_BUG_ON(offsetof(CPUTLBEntry, addr_read) !=
+  MMU_DATA_LOAD * sizeof(uint64_t));
+QEMU_BUILD_BUG_ON(offsetof(CPUTLBEntry, addr_write) !=
+  MMU_DATA_STORE * sizeof(uint64_t));
+QEMU_BUILD_BUG_ON(offsetof(CPUTLBEntry, addr_code) !=
+  MMU_INST_FETCH * sizeof(uint64_t));
+
+#if TARGET_LONG_BITS == 32
+/* Use qatomic_read, in case of addr_write; only care about low bits. */
+const uint32_t *ptr = (uint32_t *)>addr_idx[access_type];
+ptr += HOST_BIG_ENDIAN;
+return qatomic_read(ptr);
+#else
+const uint64_t *ptr = >addr_idx[access_type];
+# if TCG_OVERSIZED_GUEST
+return *ptr;
+# else
+/* ofs might correspond to .addr_write, so use qatomic_read */
+return qatomic_read(ptr);
+# endif
+#endif
+}
+
+static inline uint64_t tlb_addr_write(const CPUTLBEntry *entry)
+{
+return tlb_read_idx(entry, MMU_DATA_STORE);
+}
+
+/* Find the TLB index corresponding to the mmu_idx + address pair.  */
+static inline uintptr_t tlb_index(CPUState *cpu, uintptr_t mmu_idx,
+  vaddr addr)
+{
+uintptr_t size_mask = cpu->neg.tlb.f[mmu_idx].mask >> 

[PULL 34/38] exec: Rename 'exec/user/guest-base.h' as 'user/guest-base.h'

[Philippe Mathieu-Daudé]

The include/user/ directory contains the user-emulation
specific headers. Move guest-base.h there too.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Anton Johansson 
Message-Id: <20240418192525.97451-15-phi...@linaro.org>
---
 include/exec/cpu-all.h   | 2 +-
 include/{exec => }/user/guest-base.h | 4 ++--
 tcg/tcg.c| 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)
 rename include/{exec => }/user/guest-base.h (72%)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 78848f018c..027f19e052 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -65,7 +65,7 @@
 
 #if defined(CONFIG_USER_ONLY)
 #include "exec/user/abitypes.h"
-#include "exec/user/guest-base.h"
+#include "user/guest-base.h"
 
 extern bool have_guest_base;
 
diff --git a/include/exec/user/guest-base.h b/include/user/guest-base.h
similarity index 72%
rename from include/exec/user/guest-base.h
rename to include/user/guest-base.h
index afe2ab7fbb..1e42bca5db 100644
--- a/include/exec/user/guest-base.h
+++ b/include/user/guest-base.h
@@ -4,8 +4,8 @@
  *  Copyright (c) 2003 Fabrice Bellard
  */
 
-#ifndef EXEC_USER_GUEST_BASE_H
-#define EXEC_USER_GUEST_BASE_H
+#ifndef USER_GUEST_BASE_H
+#define USER_GUEST_BASE_H
 
 extern uintptr_t guest_base;
 
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 0c0bb9d169..6a32656cd4 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -57,7 +57,7 @@
 #include "tcg-internal.h"
 #include "tcg/perf.h"
 #ifdef CONFIG_USER_ONLY
-#include "exec/user/guest-base.h"
+#include "user/guest-base.h"
 #endif
 
 /* Forward declarations for functions declared in tcg-target.c.inc and
-- 
2.41.0

[PULL 27/38] exec: Move [b]tswapl() declarations to 'exec/user/tswap-target.h'

[Philippe Mathieu-Daudé]

tswapl() and bswaptls() are target-dependent and only used
by user emulation. Move their definitions to a new header:
"exec/user/tswap-target.h".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Anton Johansson 
Message-Id: <20231212123401.37493-17-phi...@linaro.org>
Reviewed-by: Richard Henderson 
---
 MAINTAINERS|  1 +
 bsd-user/freebsd/target_os_elf.h   |  1 +
 bsd-user/freebsd/target_os_stack.h |  1 +
 bsd-user/netbsd/target_os_elf.h|  1 +
 bsd-user/openbsd/target_os_elf.h   |  1 +
 include/exec/cpu-all.h |  8 
 include/exec/user/abitypes.h   |  1 +
 include/user/tswap-target.h| 22 ++
 bsd-user/signal.c  |  1 +
 bsd-user/strace.c  |  1 +
 linux-user/elfload.c   |  1 +
 linux-user/i386/signal.c   |  1 +
 linux-user/ppc/signal.c|  1 +
 13 files changed, 33 insertions(+), 8 deletions(-)
 create mode 100644 include/user/tswap-target.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 96411e6adf..302b6fd00c 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3692,6 +3692,7 @@ Overall usermode emulation
 M: Riku Voipio 
 S: Maintained
 F: accel/tcg/user-exec*.c
+F: include/exec/user/
 F: include/user/
 F: common-user/
 
diff --git a/bsd-user/freebsd/target_os_elf.h b/bsd-user/freebsd/target_os_elf.h
index 9df17d56d8..01124979f7 100644
--- a/bsd-user/freebsd/target_os_elf.h
+++ b/bsd-user/freebsd/target_os_elf.h
@@ -22,6 +22,7 @@
 
 #include "target_arch_elf.h"
 #include "elf.h"
+#include "user/tswap-target.h"
 
 #define bsd_get_ncpu() 1 /* until we pull in bsd-proc.[hc] */
 
diff --git a/bsd-user/freebsd/target_os_stack.h 
b/bsd-user/freebsd/target_os_stack.h
index d15fc3263f..ac0ef22cd7 100644
--- a/bsd-user/freebsd/target_os_stack.h
+++ b/bsd-user/freebsd/target_os_stack.h
@@ -23,6 +23,7 @@
 #include 
 #include "target_arch_sigtramp.h"
 #include "qemu/guest-random.h"
+#include "user/tswap-target.h"
 
 /*
  * The initial FreeBSD stack is as follows:
diff --git a/bsd-user/netbsd/target_os_elf.h b/bsd-user/netbsd/target_os_elf.h
index 2f3cb20871..9de0f290c0 100644
--- a/bsd-user/netbsd/target_os_elf.h
+++ b/bsd-user/netbsd/target_os_elf.h
@@ -22,6 +22,7 @@
 
 #include "target_arch_elf.h"
 #include "elf.h"
+#include "user/tswap-target.h"
 
 /* this flag is uneffective under linux too, should be deleted */
 #ifndef MAP_DENYWRITE
diff --git a/bsd-user/openbsd/target_os_elf.h b/bsd-user/openbsd/target_os_elf.h
index 6dca9c5a85..4cf5747dcd 100644
--- a/bsd-user/openbsd/target_os_elf.h
+++ b/bsd-user/openbsd/target_os_elf.h
@@ -22,6 +22,7 @@
 
 #include "target_arch_elf.h"
 #include "elf.h"
+#include "user/tswap-target.h"
 
 /* this flag is uneffective under linux too, should be deleted */
 #ifndef MAP_DENYWRITE
diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 7c44ffb3af..78848f018c 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -36,14 +36,6 @@
 #define BSWAP_NEEDED
 #endif
 
-#if TARGET_LONG_SIZE == 4
-#define tswapl(s) tswap32(s)
-#define bswaptls(s) bswap32s(s)
-#else
-#define tswapl(s) tswap64(s)
-#define bswaptls(s) bswap64s(s)
-#endif
-
 /* Target-endianness CPU memory access functions. These fit into the
  * {ld,st}{type}{sign}{size}{endian}_p naming scheme described in bswap.h.
  */
diff --git a/include/exec/user/abitypes.h b/include/exec/user/abitypes.h
index db4a670328..731f345ff5 100644
--- a/include/exec/user/abitypes.h
+++ b/include/exec/user/abitypes.h
@@ -2,6 +2,7 @@
 #define EXEC_USER_ABITYPES_H
 
 #include "cpu.h"
+#include "user/tswap-target.h"
 
 #ifdef TARGET_ABI32
 #define TARGET_ABI_BITS 32
diff --git a/include/user/tswap-target.h b/include/user/tswap-target.h
new file mode 100644
index 00..4719330dbb
--- /dev/null
+++ b/include/user/tswap-target.h
@@ -0,0 +1,22 @@
+/*
+ * target-specific swap() definitions
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ */
+#ifndef USER_TSWAP_H
+#define USER_TSWAP_H
+
+#include "exec/cpu-defs.h"
+#include "exec/tswap.h"
+
+#if TARGET_LONG_SIZE == 4
+#define tswapl(s) tswap32(s)
+#define bswaptls(s) bswap32s(s)
+#else
+#define tswapl(s) tswap64(s)
+#define bswaptls(s) bswap64s(s)
+#endif
+
+#endif
diff --git a/bsd-user/signal.c b/bsd-user/signal.c
index e5a773ddde..b2faf1d0dd 100644
--- a/bsd-user/signal.c
+++ b/bsd-user/signal.c
@@ -21,6 +21,7 @@
 #include "qemu/osdep.h"
 #include "qemu/log.h"
 #include "qemu.h"
+#include "user/tswap-target.h"
 #include "gdbstub/user.h"
 #include "signal-common.h"
 #include "trace.h"
diff --git a/bsd-user/strace.c b/bsd-user/strace.c
index 96499751eb..6dc01d3be7 100644
--- a/bsd-user/strace.c
+++ b/bsd-user/strace.c
@@ -22,6 +22,7 @@
 #include 
 
 #include "qemu.h"
+#include "user/tswap-target.h"
 
 #include "os-strace.h"  /* OS dependent strace print functions */
 
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index a0999dac15..207455c1ba 100644
--- a/linux-user/elfload.c
+++ 

[PULL 19/38] accel/tcg: Rename helper-head.h -> helper-head.h.inc

[Philippe Mathieu-Daudé]

Since commit 139c1837db ("meson: rename included C source files
to .c.inc"), QEMU standard procedure for included C files is to
use *.c.inc.

Besides, since commit 6a0057aa22 ("docs/devel: make a statement
about includes") this is documented in the Coding Style:

  If you do use template header files they should be named with
  the ``.c.inc`` or ``.h.inc`` suffix to make it clear they are
  being included for expansion.

Therefore rename "exec/helper-head.h" as "exec/helper-head.h.inc".

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: Richard Henderson 
Message-Id: <2024042417.96148-4-phi...@linaro.org>
---
 include/exec/helper-gen.h.inc | 2 +-
 include/exec/{helper-head.h => helper-head.h.inc} | 0
 include/exec/helper-proto.h.inc   | 2 +-
 include/exec/helper-info.c.inc| 2 +-
 4 files changed, 3 insertions(+), 3 deletions(-)
 rename include/exec/{helper-head.h => helper-head.h.inc} (100%)

diff --git a/include/exec/helper-gen.h.inc b/include/exec/helper-gen.h.inc
index c009641517..d9fd3ed72a 100644
--- a/include/exec/helper-gen.h.inc
+++ b/include/exec/helper-gen.h.inc
@@ -8,7 +8,7 @@
 
 #include "tcg/tcg.h"
 #include "tcg/helper-info.h"
-#include "exec/helper-head.h"
+#include "exec/helper-head.h.inc"
 
 #define DEF_HELPER_FLAGS_0(name, flags, ret)\
 extern TCGHelperInfo glue(helper_info_, name);  \
diff --git a/include/exec/helper-head.h b/include/exec/helper-head.h.inc
similarity index 100%
rename from include/exec/helper-head.h
rename to include/exec/helper-head.h.inc
diff --git a/include/exec/helper-proto.h.inc b/include/exec/helper-proto.h.inc
index c3aa666929..f8e57e43ce 100644
--- a/include/exec/helper-proto.h.inc
+++ b/include/exec/helper-proto.h.inc
@@ -5,7 +5,7 @@
  * Define HELPER_H for the header file to be expanded.
  */
 
-#include "exec/helper-head.h"
+#include "exec/helper-head.h.inc"
 
 /*
  * Work around an issue with --enable-lto, in which GCC's ipa-split pass
diff --git a/include/exec/helper-info.c.inc b/include/exec/helper-info.c.inc
index 530d2e6d35..c551736d49 100644
--- a/include/exec/helper-info.c.inc
+++ b/include/exec/helper-info.c.inc
@@ -7,7 +7,7 @@
 
 #include "tcg/tcg.h"
 #include "tcg/helper-info.h"
-#include "exec/helper-head.h"
+#include "exec/helper-head.h.inc"
 
 /*
  * Need one more level of indirection before stringification
-- 
2.41.0

[PULL 17/38] accel/tcg: Include missing headers in 'tb-jmp-cache.h'

[Philippe Mathieu-Daudé]

Due to missing headers, when including "tb-jmp-cache.h" we might get:

  accel/tcg/tb-jmp-cache.h:21:21: error: field ‘rcu’ has incomplete type
 21 | struct rcu_head rcu;
| ^~~
  accel/tcg/tb-jmp-cache.h:24:9: error: unknown type name ‘vaddr’
 24 | vaddr pc;
| ^

Add the missing "qemu/rcu.h" and "exec/cpu-common.h" headers.

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: Richard Henderson 
Message-Id: <2024062442.43755-1-phi...@linaro.org>
---
 accel/tcg/tb-jmp-cache.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/accel/tcg/tb-jmp-cache.h b/accel/tcg/tb-jmp-cache.h
index 4ab8553afc..184bb3e3e2 100644
--- a/accel/tcg/tb-jmp-cache.h
+++ b/accel/tcg/tb-jmp-cache.h
@@ -9,6 +9,9 @@
 #ifndef ACCEL_TCG_TB_JMP_CACHE_H
 #define ACCEL_TCG_TB_JMP_CACHE_H
 
+#include "qemu/rcu.h"
+#include "exec/cpu-common.h"
+
 #define TB_JMP_CACHE_BITS 12
 #define TB_JMP_CACHE_SIZE (1 << TB_JMP_CACHE_BITS)
 
-- 
2.41.0

[PULL 35/38] exec: Restrict inclusion of 'user/guest-base.h'

[Philippe Mathieu-Daudé]

Declare 'have_guest_base' in "user/guest-base.h".

Very few files require this header, so explicitly include
it there instead of "exec/cpu-all.h" which is used in many
source files.

Assert this user-specific header is only included from user
emulation.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20231211212003.21686-23-phi...@linaro.org>
Reviewed-by: Anton Johansson 
---
 include/exec/cpu-all.h| 3 ---
 include/exec/cpu_ldst.h   | 2 ++
 include/user/guest-base.h | 6 ++
 bsd-user/main.c   | 1 +
 linux-user/elfload.c  | 1 +
 linux-user/main.c | 1 +
 6 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 027f19e052..e75ec13cd0 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -65,9 +65,6 @@
 
 #if defined(CONFIG_USER_ONLY)
 #include "exec/user/abitypes.h"
-#include "user/guest-base.h"
-
-extern bool have_guest_base;
 
 /*
  * If non-zero, the guest virtual address space is a contiguous subset
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index f3c2a3ca74..7d0a0412ad 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -74,6 +74,8 @@
 
 #if defined(CONFIG_USER_ONLY)
 
+#include "user/guest-base.h"
+
 #ifndef TARGET_TAGGED_ADDRESSES
 static inline abi_ptr cpu_untagged_addr(CPUState *cs, abi_ptr x)
 {
diff --git a/include/user/guest-base.h b/include/user/guest-base.h
index 1e42bca5db..055c1d14fe 100644
--- a/include/user/guest-base.h
+++ b/include/user/guest-base.h
@@ -7,6 +7,12 @@
 #ifndef USER_GUEST_BASE_H
 #define USER_GUEST_BASE_H
 
+#ifndef CONFIG_USER_ONLY
+#error Cannot include this header from system emulation
+#endif
+
 extern uintptr_t guest_base;
 
+extern bool have_guest_base;
+
 #endif
diff --git a/bsd-user/main.c b/bsd-user/main.c
index 01b313756e..29a629d877 100644
--- a/bsd-user/main.c
+++ b/bsd-user/main.c
@@ -36,6 +36,7 @@
 #include "qemu/help_option.h"
 #include "qemu/module.h"
 #include "exec/exec-all.h"
+#include "user/guest-base.h"
 #include "tcg/startup.h"
 #include "qemu/timer.h"
 #include "qemu/envlist.h"
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 207455c1ba..f9461d2844 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -8,6 +8,7 @@
 
 #include "qemu.h"
 #include "user/tswap-target.h"
+#include "user/guest-base.h"
 #include "user-internals.h"
 #include "signal-common.h"
 #include "loader.h"
diff --git a/linux-user/main.c b/linux-user/main.c
index 149e35432e..94e4c47f05 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -38,6 +38,7 @@
 #include "qemu/help_option.h"
 #include "qemu/module.h"
 #include "qemu/plugin.h"
+#include "user/guest-base.h"
 #include "exec/exec-all.h"
 #include "exec/gdbstub.h"
 #include "gdbstub/user.h"
-- 
2.41.0

[PULL 12/38] target/ppc/excp_helper: Avoid 'abi_ptr' in system emulation

[Philippe Mathieu-Daudé]

'abi_ptr' is a user specific type. The system emulation
equivalent is 'target_ulong'. Use it in ppc_ldl_code()
to emphasis this is not an user emulation function.

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: Nicholas Piggin 
Reviewed-by: Thomas Huth 
Message-Id: <20231211212003.21686-18-phi...@linaro.org>
Reviewed-by: Richard Henderson 
---
 target/ppc/excp_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index 674c05a2ce..0712098cf7 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -142,7 +142,7 @@ static inline bool insn_need_byteswap(CPUArchState *env)
 return !!(env->msr & ((target_ulong)1 << MSR_LE));
 }
 
-static uint32_t ppc_ldl_code(CPUArchState *env, abi_ptr addr)
+static uint32_t ppc_ldl_code(CPUArchState *env, target_ulong addr)
 {
 uint32_t insn = cpu_ldl_code(env, addr);
 
-- 
2.41.0

[PULL 16/38] accel/tcg: Include missing 'hw/core/cpu.h' header

[Philippe Mathieu-Daudé]

tcg_cpu_init_cflags() accesses CPUState fields, so requires
"hw/core/cpu.h" to get its structure definition.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Anton Johansson 
Message-Id: <20231212123401.37493-12-phi...@linaro.org>
Reviewed-by: Richard Henderson 
---
 accel/tcg/tcg-accel-ops.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/accel/tcg/tcg-accel-ops.c b/accel/tcg/tcg-accel-ops.c
index 9c957f421c..2c7b0cc09e 100644
--- a/accel/tcg/tcg-accel-ops.c
+++ b/accel/tcg/tcg-accel-ops.c
@@ -37,6 +37,8 @@
 #include "exec/tb-flush.h"
 #include "exec/gdbstub.h"
 
+#include "hw/core/cpu.h"
+
 #include "tcg-accel-ops.h"
 #include "tcg-accel-ops-mttcg.h"
 #include "tcg-accel-ops-rr.h"
-- 
2.41.0

[PULL 15/38] accel/tcg: Un-inline retaddr helpers to 'user-retaddr.h'

[Philippe Mathieu-Daudé]

set_helper_retaddr() is only used in accel/tcg/user-exec.c.

clear_helper_retaddr() is only used in accel/tcg/cpu-exec.c
and accel/tcg/user-exec.c.

No need to expose their definitions to all user-emulation
files including "exec/cpu_ldst.h", move them to a new
"user-retaddr.h" header (restricted to accel/tcg/).

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20231211212003.21686-19-phi...@linaro.org>
---
 accel/tcg/user-retaddr.h | 28 
 include/exec/cpu_ldst.h  | 28 ++--
 accel/tcg/cpu-exec.c |  3 +++
 accel/tcg/user-exec.c|  1 +
 4 files changed, 34 insertions(+), 26 deletions(-)
 create mode 100644 accel/tcg/user-retaddr.h

diff --git a/accel/tcg/user-retaddr.h b/accel/tcg/user-retaddr.h
new file mode 100644
index 00..e0f57e1994
--- /dev/null
+++ b/accel/tcg/user-retaddr.h
@@ -0,0 +1,28 @@
+#ifndef ACCEL_TCG_USER_RETADDR_H
+#define ACCEL_TCG_USER_RETADDR_H
+
+#include "qemu/atomic.h"
+
+extern __thread uintptr_t helper_retaddr;
+
+static inline void set_helper_retaddr(uintptr_t ra)
+{
+helper_retaddr = ra;
+/*
+ * Ensure that this write is visible to the SIGSEGV handler that
+ * may be invoked due to a subsequent invalid memory operation.
+ */
+signal_barrier();
+}
+
+static inline void clear_helper_retaddr(void)
+{
+/*
+ * Ensure that previous memory operations have succeeded before
+ * removing the data visible to the signal handler.
+ */
+signal_barrier();
+helper_retaddr = 0;
+}
+
+#endif
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index eb8f3f0595..82690d3947 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -300,31 +300,7 @@ Int128 cpu_atomic_cmpxchgo_be_mmu(CPUArchState *env, 
abi_ptr addr,
   Int128 cmpv, Int128 newv,
   MemOpIdx oi, uintptr_t retaddr);
 
-#if defined(CONFIG_USER_ONLY)
-
-extern __thread uintptr_t helper_retaddr;
-
-static inline void set_helper_retaddr(uintptr_t ra)
-{
-helper_retaddr = ra;
-/*
- * Ensure that this write is visible to the SIGSEGV handler that
- * may be invoked due to a subsequent invalid memory operation.
- */
-signal_barrier();
-}
-
-static inline void clear_helper_retaddr(void)
-{
-/*
- * Ensure that previous memory operations have succeeded before
- * removing the data visible to the signal handler.
- */
-signal_barrier();
-helper_retaddr = 0;
-}
-
-#else
+#if !defined(CONFIG_USER_ONLY)
 
 #include "tcg/oversized-guest.h"
 
@@ -376,7 +352,7 @@ static inline CPUTLBEntry *tlb_entry(CPUState *cpu, 
uintptr_t mmu_idx,
 return >neg.tlb.f[mmu_idx].table[tlb_index(cpu, mmu_idx, addr)];
 }
 
-#endif /* defined(CONFIG_USER_ONLY) */
+#endif /* !defined(CONFIG_USER_ONLY) */
 
 #if TARGET_BIG_ENDIAN
 # define cpu_lduw_datacpu_lduw_be_data
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 5c70748060..225e5fbd3e 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -41,6 +41,9 @@
 #include "tb-context.h"
 #include "internal-common.h"
 #include "internal-target.h"
+#if defined(CONFIG_USER_ONLY)
+#include "user-retaddr.h"
+#endif
 
 /* -icount align implementation. */
 
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index 3cac3a78c4..1c621477ad 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -31,6 +31,7 @@
 #include "tcg/tcg-ldst.h"
 #include "internal-common.h"
 #include "internal-target.h"
+#include "user-retaddr.h"
 
 __thread uintptr_t helper_retaddr;
 
-- 
2.41.0

[PULL 30/38] exec: Declare MMUAccessType type in 'mmu-access-type.h' header

[Philippe Mathieu-Daudé]

The MMUAccessType enum is declared in "hw/core/cpu.h".
"hw/core/cpu.h" contains declarations related to CPUState
and CPUClass. Some source files only require MMUAccessType
and don't need to pull in all CPU* declarations. In order
to simplify, create a new "exec/mmu-access-type.h" header.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20240418192525.97451-2-phi...@linaro.org>
---
 include/exec/cpu_ldst.h|  1 +
 include/exec/exec-all.h|  1 +
 include/exec/mmu-access-type.h | 18 ++
 include/hw/core/cpu.h  |  8 +---
 4 files changed, 21 insertions(+), 7 deletions(-)
 create mode 100644 include/exec/mmu-access-type.h

diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index 64e0319996..5b99666702 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -64,6 +64,7 @@
 
 #include "exec/memopidx.h"
 #include "exec/abi_ptr.h"
+#include "exec/mmu-access-type.h"
 #include "qemu/int128.h"
 #include "cpu.h"
 
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 530d442112..4c5e470581 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -25,6 +25,7 @@
 #include "exec/abi_ptr.h"
 #include "exec/cpu_ldst.h"
 #endif
+#include "exec/mmu-access-type.h"
 #include "exec/translation-block.h"
 #include "qemu/clang-tsa.h"
 
diff --git a/include/exec/mmu-access-type.h b/include/exec/mmu-access-type.h
new file mode 100644
index 00..28bbb05b94
--- /dev/null
+++ b/include/exec/mmu-access-type.h
@@ -0,0 +1,18 @@
+/*
+ * QEMU MMU Access type definitions
+ *
+ * Copyright (c) 2012 SUSE LINUX Products GmbH
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#ifndef EXEC_MMU_ACCESS_TYPE_H
+#define EXEC_MMU_ACCESS_TYPE_H
+
+typedef enum MMUAccessType {
+MMU_DATA_LOAD  = 0,
+MMU_DATA_STORE = 1,
+MMU_INST_FETCH = 2
+#define MMU_ACCESS_COUNT 3
+} MMUAccessType;
+
+#endif
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index d89b2cffcb..759c3e7d89 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -25,6 +25,7 @@
 #include "exec/hwaddr.h"
 #include "exec/vaddr.h"
 #include "exec/memattrs.h"
+#include "exec/mmu-access-type.h"
 #include "exec/tlb-common.h"
 #include "qapi/qapi-types-run-state.h"
 #include "qemu/bitmap.h"
@@ -80,13 +81,6 @@ DECLARE_CLASS_CHECKERS(CPUClass, CPU,
 typedef struct ArchCPU CpuInstanceType; \
 OBJECT_DECLARE_TYPE(ArchCPU, CpuClassType, CPU_MODULE_OBJ_NAME);
 
-typedef enum MMUAccessType {
-MMU_DATA_LOAD  = 0,
-MMU_DATA_STORE = 1,
-MMU_INST_FETCH = 2
-#define MMU_ACCESS_COUNT 3
-} MMUAccessType;
-
 typedef struct CPUWatchpoint CPUWatchpoint;
 
 /* see accel-cpu.h */
-- 
2.41.0

[PULL 31/38] exec: Declare CPUBreakpoint/CPUWatchpoint type in 'breakpoint.h' header

[Philippe Mathieu-Daudé]

The CPUBreakpoint and CPUWatchpoint structures are declared
in "hw/core/cpu.h", which contains declarations related to
CPUState and CPUClass. Some source files only require the
BP/WP definitions and don't need to pull in all CPU* API.
In order to simplify, create a new "exec/breakpoint.h" header.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Anton Johansson 
Message-Id: <20240418192525.97451-3-phi...@linaro.org>
---
 include/exec/breakpoint.h | 30 ++
 include/hw/core/cpu.h | 16 +---
 target/arm/internals.h|  1 +
 target/ppc/internal.h |  1 +
 target/riscv/debug.h  |  2 ++
 5 files changed, 35 insertions(+), 15 deletions(-)
 create mode 100644 include/exec/breakpoint.h

diff --git a/include/exec/breakpoint.h b/include/exec/breakpoint.h
new file mode 100644
index 00..95f0482e6d
--- /dev/null
+++ b/include/exec/breakpoint.h
@@ -0,0 +1,30 @@
+/*
+ * QEMU breakpoint & watchpoint definitions
+ *
+ * Copyright (c) 2012 SUSE LINUX Products GmbH
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#ifndef EXEC_BREAKPOINT_H
+#define EXEC_BREAKPOINT_H
+
+#include "qemu/queue.h"
+#include "exec/vaddr.h"
+#include "exec/memattrs.h"
+
+typedef struct CPUBreakpoint {
+vaddr pc;
+int flags; /* BP_* */
+QTAILQ_ENTRY(CPUBreakpoint) entry;
+} CPUBreakpoint;
+
+typedef struct CPUWatchpoint {
+vaddr vaddr;
+vaddr len;
+vaddr hitaddr;
+MemTxAttrs hitattrs;
+int flags; /* BP_* */
+QTAILQ_ENTRY(CPUWatchpoint) entry;
+} CPUWatchpoint;
+
+#endif
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 759c3e7d89..46b99a7ea5 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -22,6 +22,7 @@
 
 #include "hw/qdev-core.h"
 #include "disas/dis-asm.h"
+#include "exec/breakpoint.h"
 #include "exec/hwaddr.h"
 #include "exec/vaddr.h"
 #include "exec/memattrs.h"
@@ -347,21 +348,6 @@ typedef struct CPUNegativeOffsetState {
 bool can_do_io;
 } CPUNegativeOffsetState;
 
-typedef struct CPUBreakpoint {
-vaddr pc;
-int flags; /* BP_* */
-QTAILQ_ENTRY(CPUBreakpoint) entry;
-} CPUBreakpoint;
-
-struct CPUWatchpoint {
-vaddr vaddr;
-vaddr len;
-vaddr hitaddr;
-MemTxAttrs hitattrs;
-int flags; /* BP_* */
-QTAILQ_ENTRY(CPUWatchpoint) entry;
-};
-
 struct KVMState;
 struct kvm_run;
 
diff --git a/target/arm/internals.h b/target/arm/internals.h
index b53f5e8ff2..e40ec453d5 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -25,6 +25,7 @@
 #ifndef TARGET_ARM_INTERNALS_H
 #define TARGET_ARM_INTERNALS_H
 
+#include "exec/breakpoint.h"
 #include "hw/registerfields.h"
 #include "tcg/tcg-gvec-desc.h"
 #include "syndrome.h"
diff --git a/target/ppc/internal.h b/target/ppc/internal.h
index 5b20ecbd33..601c0b533f 100644
--- a/target/ppc/internal.h
+++ b/target/ppc/internal.h
@@ -18,6 +18,7 @@
 #ifndef PPC_INTERNAL_H
 #define PPC_INTERNAL_H
 
+#include "exec/breakpoint.h"
 #include "hw/registerfields.h"
 
 /* PM instructions */
diff --git a/target/riscv/debug.h b/target/riscv/debug.h
index 5794aa6ee5..c347863578 100644
--- a/target/riscv/debug.h
+++ b/target/riscv/debug.h
@@ -22,6 +22,8 @@
 #ifndef RISCV_DEBUG_H
 #define RISCV_DEBUG_H
 
+#include "exec/breakpoint.h"
+
 #define RV_MAX_TRIGGERS 2
 
 /* register index of tdata CSRs */
-- 
2.41.0

[PULL 09/38] semihosting/uaccess: Avoid including 'cpu.h'

[Philippe Mathieu-Daudé]

"semihosting/uaccess.h" only requires the following headers:

  - "exec/cpu-defs.h" for target_ulong,
  - "exec/cpu-common.h" for cpu_memory_rw_debug()
  - "exec/tswap.h" for tswap32() and tswap64().

Include them instead of the huge "cpu.h".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <42c6471e-8383-45e0-85ee-e20ca32ec...@linaro.org>
---
 include/semihosting/uaccess.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/semihosting/uaccess.h b/include/semihosting/uaccess.h
index 3963eafc3e..dd289af8dd 100644
--- a/include/semihosting/uaccess.h
+++ b/include/semihosting/uaccess.h
@@ -14,7 +14,9 @@
 #error Cannot include semihosting/uaccess.h from user emulation
 #endif
 
-#include "cpu.h"
+#include "exec/cpu-common.h"
+#include "exec/cpu-defs.h"
+#include "exec/tswap.h"
 
 #define get_user_u64(val, addr) \
 ({ uint64_t val_ = 0;   \
-- 
2.41.0

[PULL 20/38] accel/whpx: Use accel-specific per-vcpu @dirty field

[Philippe Mathieu-Daudé]

WHPX has a specific use of the CPUState::vcpu_dirty field
(CPUState::vcpu_dirty is not used by common code).
To make this field accel-specific, add and use a new
@dirty variable in the AccelCPUState structure.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20240424174506.326-2-phi...@linaro.org>
---
 target/i386/whpx/whpx-all.c | 23 ---
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/target/i386/whpx/whpx-all.c b/target/i386/whpx/whpx-all.c
index 31eec7048c..b08e644517 100644
--- a/target/i386/whpx/whpx-all.c
+++ b/target/i386/whpx/whpx-all.c
@@ -237,6 +237,7 @@ struct AccelCPUState {
 uint64_t tpr;
 uint64_t apic_base;
 bool interruption_pending;
+bool dirty;
 
 /* Must be the last field as it may have a tail */
 WHV_RUN_VP_EXIT_CONTEXT exit_ctx;
@@ -839,7 +840,7 @@ static HRESULT CALLBACK whpx_emu_setreg_callback(
  * The emulator just successfully wrote the register state. We clear the
  * dirty state so we avoid the double write on resume of the VP.
  */
-cpu->vcpu_dirty = false;
+cpu->accel->dirty = false;
 
 return hr;
 }
@@ -1394,7 +1395,7 @@ static int whpx_last_vcpu_stopping(CPUState *cpu)
 /* Returns the address of the next instruction that is about to be executed. */
 static vaddr whpx_vcpu_get_pc(CPUState *cpu, bool exit_context_valid)
 {
-if (cpu->vcpu_dirty) {
+if (cpu->accel->dirty) {
 /* The CPU registers have been modified by other parts of QEMU. */
 return cpu_env(cpu)->eip;
 } else if (exit_context_valid) {
@@ -1713,9 +1714,9 @@ static int whpx_vcpu_run(CPUState *cpu)
 }
 
 do {
-if (cpu->vcpu_dirty) {
+if (cpu->accel->dirty) {
 whpx_set_registers(cpu, WHPX_SET_RUNTIME_STATE);
-cpu->vcpu_dirty = false;
+cpu->accel->dirty = false;
 }
 
 if (exclusive_step_mode == WHPX_STEP_NONE) {
@@ -2063,9 +2064,9 @@ static int whpx_vcpu_run(CPUState *cpu)
 
 static void do_whpx_cpu_synchronize_state(CPUState *cpu, run_on_cpu_data arg)
 {
-if (!cpu->vcpu_dirty) {
+if (!cpu->accel->dirty) {
 whpx_get_registers(cpu);
-cpu->vcpu_dirty = true;
+cpu->accel->dirty = true;
 }
 }
 
@@ -2073,20 +2074,20 @@ static void do_whpx_cpu_synchronize_post_reset(CPUState 
*cpu,
run_on_cpu_data arg)
 {
 whpx_set_registers(cpu, WHPX_SET_RESET_STATE);
-cpu->vcpu_dirty = false;
+cpu->accel->dirty = false;
 }
 
 static void do_whpx_cpu_synchronize_post_init(CPUState *cpu,
   run_on_cpu_data arg)
 {
 whpx_set_registers(cpu, WHPX_SET_FULL_STATE);
-cpu->vcpu_dirty = false;
+cpu->accel->dirty = false;
 }
 
 static void do_whpx_cpu_synchronize_pre_loadvm(CPUState *cpu,
run_on_cpu_data arg)
 {
-cpu->vcpu_dirty = true;
+cpu->accel->dirty = true;
 }
 
 /*
@@ -2095,7 +2096,7 @@ static void do_whpx_cpu_synchronize_pre_loadvm(CPUState 
*cpu,
 
 void whpx_cpu_synchronize_state(CPUState *cpu)
 {
-if (!cpu->vcpu_dirty) {
+if (!cpu->accel->dirty) {
 run_on_cpu(cpu, do_whpx_cpu_synchronize_state, RUN_ON_CPU_NULL);
 }
 }
@@ -2235,7 +2236,7 @@ int whpx_init_vcpu(CPUState *cpu)
 }
 
 vcpu->interruptable = true;
-cpu->vcpu_dirty = true;
+cpu->accel->dirty = true;
 cpu->accel = vcpu;
 max_vcpu_index = max(max_vcpu_index, cpu->cpu_index);
 qemu_add_vm_change_state_handler(whpx_cpu_update_state, env);
-- 
2.41.0

[PULL 18/38] accel/tcg: Rename load-extract/store-insert headers using .h.inc suffix

[Philippe Mathieu-Daudé]

Since commit 139c1837db ("meson: rename included C source files
to .c.inc"), QEMU standard procedure for included C files is to
use *.c.inc.

Besides, since commit 6a0057aa22 ("docs/devel: make a statement
about includes") this is documented in the Coding Style:

  If you do use template header files they should be named with
  the ``.c.inc`` or ``.h.inc`` suffix to make it clear they are
  being included for expansion.

Therefore rename 'store-insert-al16.h' as 'store-insert-al16.h.inc'
and 'load-extract-al16-al8.h' as 'load-extract-al16-al8.h.inc'.

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: Richard Henderson 
Message-Id: <2024042417.96148-3-phi...@linaro.org>
---
 .../{load-extract-al16-al8.h => load-extract-al16-al8.h.inc}  | 0
 .../host/{store-insert-al16.h => store-insert-al16.h.inc} | 0
 .../{load-extract-al16-al8.h => load-extract-al16-al8.h.inc}  | 0
 .../host/{store-insert-al16.h => store-insert-al16.h.inc} | 0
 .../{load-extract-al16-al8.h => load-extract-al16-al8.h.inc}  | 0
 .../host/{store-insert-al16.h => store-insert-al16.h.inc} | 0
 .../{load-extract-al16-al8.h => load-extract-al16-al8.h.inc}  | 0
 accel/tcg/ldst_atomicity.c.inc| 4 ++--
 8 files changed, 2 insertions(+), 2 deletions(-)
 rename host/include/aarch64/host/{load-extract-al16-al8.h => 
load-extract-al16-al8.h.inc} (100%)
 rename host/include/aarch64/host/{store-insert-al16.h => 
store-insert-al16.h.inc} (100%)
 rename host/include/generic/host/{load-extract-al16-al8.h => 
load-extract-al16-al8.h.inc} (100%)
 rename host/include/generic/host/{store-insert-al16.h => 
store-insert-al16.h.inc} (100%)
 rename host/include/loongarch64/host/{load-extract-al16-al8.h => 
load-extract-al16-al8.h.inc} (100%)
 rename host/include/loongarch64/host/{store-insert-al16.h => 
store-insert-al16.h.inc} (100%)
 rename host/include/x86_64/host/{load-extract-al16-al8.h => 
load-extract-al16-al8.h.inc} (100%)

diff --git a/host/include/aarch64/host/load-extract-al16-al8.h 
b/host/include/aarch64/host/load-extract-al16-al8.h.inc
similarity index 100%
rename from host/include/aarch64/host/load-extract-al16-al8.h
rename to host/include/aarch64/host/load-extract-al16-al8.h.inc
diff --git a/host/include/aarch64/host/store-insert-al16.h 
b/host/include/aarch64/host/store-insert-al16.h.inc
similarity index 100%
rename from host/include/aarch64/host/store-insert-al16.h
rename to host/include/aarch64/host/store-insert-al16.h.inc
diff --git a/host/include/generic/host/load-extract-al16-al8.h 
b/host/include/generic/host/load-extract-al16-al8.h.inc
similarity index 100%
rename from host/include/generic/host/load-extract-al16-al8.h
rename to host/include/generic/host/load-extract-al16-al8.h.inc
diff --git a/host/include/generic/host/store-insert-al16.h 
b/host/include/generic/host/store-insert-al16.h.inc
similarity index 100%
rename from host/include/generic/host/store-insert-al16.h
rename to host/include/generic/host/store-insert-al16.h.inc
diff --git a/host/include/loongarch64/host/load-extract-al16-al8.h 
b/host/include/loongarch64/host/load-extract-al16-al8.h.inc
similarity index 100%
rename from host/include/loongarch64/host/load-extract-al16-al8.h
rename to host/include/loongarch64/host/load-extract-al16-al8.h.inc
diff --git a/host/include/loongarch64/host/store-insert-al16.h 
b/host/include/loongarch64/host/store-insert-al16.h.inc
similarity index 100%
rename from host/include/loongarch64/host/store-insert-al16.h
rename to host/include/loongarch64/host/store-insert-al16.h.inc
diff --git a/host/include/x86_64/host/load-extract-al16-al8.h 
b/host/include/x86_64/host/load-extract-al16-al8.h.inc
similarity index 100%
rename from host/include/x86_64/host/load-extract-al16-al8.h
rename to host/include/x86_64/host/load-extract-al16-al8.h.inc
diff --git a/accel/tcg/ldst_atomicity.c.inc b/accel/tcg/ldst_atomicity.c.inc
index 97dae70d53..134da3c1da 100644
--- a/accel/tcg/ldst_atomicity.c.inc
+++ b/accel/tcg/ldst_atomicity.c.inc
@@ -9,8 +9,8 @@
  * See the COPYING file in the top-level directory.
  */
 
-#include "host/load-extract-al16-al8.h"
-#include "host/store-insert-al16.h"
+#include "host/load-extract-al16-al8.h.inc"
+#include "host/store-insert-al16.h.inc"
 
 #ifdef CONFIG_ATOMIC64
 # define HAVE_al8  true
-- 
2.41.0

[PULL 07/38] gdbstub: Simplify #ifdef'ry in helpers.h

[Philippe Mathieu-Daudé]

Slightly simplify by checking NEED_CPU_H definition in header.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20240322161439.6448-2-phi...@linaro.org>
---
 include/gdbstub/helpers.h | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/include/gdbstub/helpers.h b/include/gdbstub/helpers.h
index 6b97610f48..6277a858a1 100644
--- a/include/gdbstub/helpers.h
+++ b/include/gdbstub/helpers.h
@@ -12,7 +12,10 @@
 #ifndef _GDBSTUB_HELPERS_H_
 #define _GDBSTUB_HELPERS_H_
 
-#ifdef COMPILING_PER_TARGET
+#ifndef COMPILING_PER_TARGET
+#error "gdbstub helpers should only be included by target specific code"
+#endif
+
 #include "cpu.h"
 
 /*
@@ -96,8 +99,4 @@ static inline uint8_t *gdb_get_reg_ptr(GByteArray *buf, int 
len)
 #define ldtul_p(addr) ldl_p(addr)
 #endif
 
-#else
-#error "gdbstub helpers should only be included by target specific code"
-#endif
-
 #endif /* _GDBSTUB_HELPERS_H_ */
-- 
2.41.0

[PULL 06/38] gdbstub: Include missing 'hw/core/cpu.h' header

[Philippe Mathieu-Daudé]

Functions such gdb_get_cpu_pid() dereference CPUState so
require the structure declaration from "hw/core/cpu.h":

  static uint32_t gdb_get_cpu_pid(CPUState *cpu)
  {
...
return cpu->cluster_index + 1;
  }

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Warner Losh 
Message-Id: <20231211212003.21686-15-phi...@linaro.org>
Reviewed-by: Richard Henderson 
---
 gdbstub/gdbstub.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gdbstub/gdbstub.c b/gdbstub/gdbstub.c
index 9c23d44baf..9c2b8b5d0a 100644
--- a/gdbstub/gdbstub.c
+++ b/gdbstub/gdbstub.c
@@ -37,6 +37,7 @@
 #include "hw/cpu/cluster.h"
 #include "hw/boards.h"
 #endif
+#include "hw/core/cpu.h"
 
 #include "sysemu/hw_accel.h"
 #include "sysemu/runstate.h"
-- 
2.41.0

[PULL 00/38] Exec / accelerators patches

[Philippe Mathieu-Daudé]

The following changes since commit a118c4aff4087eafb68f7132b233ad548cf16376:

  Merge tag 'hw-misc-20240425' of https://github.com/philmd/qemu into staging 
(2024-04-25 09:43:29 -0700)

are available in the Git repository at:

  https://github.com/philmd/qemu.git tags/accel-20240426

for you to fetch changes up to 671558d290ffb93752d3245e7c5604b04b6dcdf2:

  plugins: Include missing 'qemu/bitmap.h' header (2024-04-26 21:36:19 +0200)

Selfish PR, painfully tested commit by commit.

Accelerators patches

A lot of trivial cleanups and simplifications (moving methods around,
adding/removing #include statements). Most notable changes:

- Rename NEED_CPU_H -> COMPILING_PER_TARGET
- Rename few template headers using the '.h.inc' suffix
- Extract some definitions / declarations into their own header:
  - accel/tcg/user-retaddr.h (helper_retaddr)
  - include/exec/abi_ptr.h (abi_ptr)
  - include/exec/breakpoint.h (CPUBreakpoint, CPUWatchpoint)
  - include/exec/mmu-access-type.h (MMUAccessType)
  - include/user/tswap-target.h (tswapl, bswaptls)



Philippe Mathieu-Daudé (38):
  exec: Rename NEED_CPU_H -> COMPILING_PER_TARGET
  exec: Reduce tlb_set_dirty() declaration scope
  exec: Include 'cpu.h' before validating CPUArchState placement
  exec: Expose 'target_page.h' API to user emulation
  accel: Include missing 'exec/cpu_ldst.h' header
  gdbstub: Include missing 'hw/core/cpu.h' header
  gdbstub: Simplify #ifdef'ry in helpers.h
  gdbstub: Avoid including 'cpu.h' in 'gdbstub/helpers.h'
  semihosting/uaccess: Avoid including 'cpu.h'
  semihosting/guestfd: Remove unused 'semihosting/uaccess.h' header
  target: Define TCG_GUEST_DEFAULT_MO in 'cpu-param.h'
  target/ppc/excp_helper: Avoid 'abi_ptr' in system emulation
  target/sparc: Replace abi_ulong by uint32_t for TARGET_ABI32
  target/i386: Include missing 'exec/exec-all.h' header
  accel/tcg: Un-inline retaddr helpers to 'user-retaddr.h'
  accel/tcg: Include missing 'hw/core/cpu.h' header
  accel/tcg: Include missing headers in 'tb-jmp-cache.h'
  accel/tcg: Rename load-extract/store-insert headers using .h.inc
suffix
  accel/tcg: Rename helper-head.h -> helper-head.h.inc
  accel/whpx: Use accel-specific per-vcpu @dirty field
  accel/nvmm: Use accel-specific per-vcpu @dirty field
  accel/hvf: Use accel-specific per-vcpu @dirty field
  exec/cpu-all: Reduce 'qemu/rcu.h' header inclusion
  exec/cpu-all: Remove unused 'qemu/thread.h' header
  exec/cpu-all: Remove unused tswapls() definitions
  exec: Declare target_words_bigendian() in 'exec/tswap.h'
  exec: Move [b]tswapl() declarations to 'exec/user/tswap-target.h'
  exec/user: Do not include 'cpu.h' in 'abitypes.h'
  exec: Declare abi_ptr type in its own 'abi_ptr.h' header
  exec: Declare MMUAccessType type in 'mmu-access-type.h' header
  exec: Declare CPUBreakpoint/CPUWatchpoint type in 'breakpoint.h'
header
  exec: Restrict TCG specific declarations of 'cputlb.h'
  exec: Restrict 'cpu_ldst.h' to TCG accelerator
  exec: Rename 'exec/user/guest-base.h' as 'user/guest-base.h'
  exec: Restrict inclusion of 'user/guest-base.h'
  exec: Move CPUTLBEntry helpers to cputlb.c
  hw/core: Avoid including the full 'hw/core/cpu.h' in 'tcg-cpu-ops.h'
  plugins: Include missing 'qemu/bitmap.h' header

 MAINTAINERS   |   1 +
 meson.build   |   6 +-
 accel/tcg/tb-jmp-cache.h  |   3 +
 accel/tcg/user-retaddr.h  |  28 +
 bsd-user/freebsd/target_os_elf.h  |   1 +
 bsd-user/freebsd/target_os_stack.h|   1 +
 bsd-user/netbsd/target_os_elf.h   |   1 +
 bsd-user/openbsd/target_os_elf.h  |   1 +
 include/exec/abi_ptr.h|  33 ++
 include/exec/breakpoint.h |  30 +
 include/exec/cpu-all.h|  16 +--
 include/exec/cpu-defs.h   |   2 +-
 include/exec/cpu_ldst.h   | 105 ++
 include/exec/cputlb.h |   5 +
 include/exec/exec-all.h   |   3 +-
 include/exec/memop.h  |   4 +-
 include/exec/memory.h |   4 +-
 include/exec/mmu-access-type.h|  18 +++
 include/exec/ram_addr.h   |   1 +
 include/exec/translator.h |   5 +-
 include/exec/tswap.h  |  16 ++-
 include/exec/user/abitypes.h  |   8 +-
 include/exec/user/guest-base.h|  12 --
 include/gdbstub/helpers.h |  12 +-
 include/hw/core/cpu.h |  42 +--
 include/hw/core/tcg-cpu-ops.h |   6 +-
 include/qemu/osdep.h  |   2 +-
 include/qemu/plugin.h |   1 +
 include/semihosting/

[PULL 14/38] target/i386: Include missing 'exec/exec-all.h' header

[Philippe Mathieu-Daudé]

The XRSTOR instruction ends calling tlb_flush(), declared
in "exec/exec-all.h".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20231211212003.21686-13-phi...@linaro.org>
---
 target/i386/tcg/fpu_helper.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c
index 4b965a5d6c..ece22a3553 100644
--- a/target/i386/tcg/fpu_helper.c
+++ b/target/i386/tcg/fpu_helper.c
@@ -21,6 +21,7 @@
 #include 
 #include "cpu.h"
 #include "tcg-cpu.h"
+#include "exec/exec-all.h"
 #include "exec/cpu_ldst.h"
 #include "exec/helper-proto.h"
 #include "fpu/softfloat.h"
-- 
2.41.0

[PULL 04/38] exec: Expose 'target_page.h' API to user emulation

[Philippe Mathieu-Daudé]

User-only objects might benefit from the "exec/target_page.h"
API, which allows to build some objects once for all targets.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Warner Losh 
Reviewed-by: Richard Henderson 
Message-Id: <20231211212003.21686-3-phi...@linaro.org>
---
 meson.build|  2 +-
 page-target.c  | 44 ++
 system/physmem.c   | 30 
 target/target-common.c | 10 --
 target/meson.build |  2 --
 5 files changed, 45 insertions(+), 43 deletions(-)
 create mode 100644 page-target.c
 delete mode 100644 target/target-common.c

diff --git a/meson.build b/meson.build
index 96fdc6dfd2..5db2dbc12e 100644
--- a/meson.build
+++ b/meson.build
@@ -3523,7 +3523,7 @@ if get_option('b_lto')
   pagevary = declare_dependency(link_with: pagevary)
 endif
 common_ss.add(pagevary)
-specific_ss.add(files('page-vary-target.c'))
+specific_ss.add(files('page-target.c', 'page-vary-target.c'))
 
 subdir('backends')
 subdir('disas')
diff --git a/page-target.c b/page-target.c
new file mode 100644
index 00..82211c8593
--- /dev/null
+++ b/page-target.c
@@ -0,0 +1,44 @@
+/*
+ * QEMU page values getters (target independent)
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "exec/target_page.h"
+#include "exec/cpu-defs.h"
+#include "cpu.h"
+#include "exec/cpu-all.h"
+
+size_t qemu_target_page_size(void)
+{
+return TARGET_PAGE_SIZE;
+}
+
+int qemu_target_page_mask(void)
+{
+return TARGET_PAGE_MASK;
+}
+
+int qemu_target_page_bits(void)
+{
+return TARGET_PAGE_BITS;
+}
+
+int qemu_target_page_bits_min(void)
+{
+return TARGET_PAGE_BITS_MIN;
+}
+
+/* Convert target pages to MiB (2**20). */
+size_t qemu_target_pages_to_MiB(size_t pages)
+{
+int page_bits = TARGET_PAGE_BITS;
+
+/* So far, the largest (non-huge) page size is 64k, i.e. 16 bits. */
+g_assert(page_bits < 20);
+
+return pages >> (20 - page_bits);
+}
diff --git a/system/physmem.c b/system/physmem.c
index c3d04ca921..1a81c226ba 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -3540,36 +3540,6 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
 return 0;
 }
 
-/*
- * Allows code that needs to deal with migration bitmaps etc to still be built
- * target independent.
- */
-size_t qemu_target_page_size(void)
-{
-return TARGET_PAGE_SIZE;
-}
-
-int qemu_target_page_bits(void)
-{
-return TARGET_PAGE_BITS;
-}
-
-int qemu_target_page_bits_min(void)
-{
-return TARGET_PAGE_BITS_MIN;
-}
-
-/* Convert target pages to MiB (2**20). */
-size_t qemu_target_pages_to_MiB(size_t pages)
-{
-int page_bits = TARGET_PAGE_BITS;
-
-/* So far, the largest (non-huge) page size is 64k, i.e. 16 bits. */
-g_assert(page_bits < 20);
-
-return pages >> (20 - page_bits);
-}
-
 bool cpu_physical_memory_is_io(hwaddr phys_addr)
 {
 MemoryRegion*mr;
diff --git a/target/target-common.c b/target/target-common.c
deleted file mode 100644
index 903b10cfe4..00
--- a/target/target-common.c
+++ /dev/null
@@ -1,10 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-or-later */
-#include "qemu/osdep.h"
-
-#include "cpu.h"
-#include "exec/target_page.h"
-
-int qemu_target_page_mask(void)
-{
-return TARGET_PAGE_MASK;
-}
diff --git a/target/meson.build b/target/meson.build
index 59b46b2ef4..1c2e6f2b19 100644
--- a/target/meson.build
+++ b/target/meson.build
@@ -18,5 +18,3 @@ subdir('sh4')
 subdir('sparc')
 subdir('tricore')
 subdir('xtensa')
-
-specific_ss.add(files('target-common.c'))
-- 
2.41.0

[PULL 13/38] target/sparc: Replace abi_ulong by uint32_t for TARGET_ABI32

[Philippe Mathieu-Daudé]

We have abi_ulong == uint32_t for the 32-bit ABI.
Use the generic type to avoid to depend on the
"exec/user/abitypes.h" header.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20240418192525.97451-14-phi...@linaro.org>
---
 target/sparc/gdbstub.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/sparc/gdbstub.c b/target/sparc/gdbstub.c
index 07ea81ab5f..ec0036e9ef 100644
--- a/target/sparc/gdbstub.c
+++ b/target/sparc/gdbstub.c
@@ -108,7 +108,7 @@ int sparc_cpu_gdb_write_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 SPARCCPU *cpu = SPARC_CPU(cs);
 CPUSPARCState *env = >env;
 #if defined(TARGET_ABI32)
-abi_ulong tmp;
+uint32_t tmp;
 
 tmp = ldl_p(mem_buf);
 #else
-- 
2.41.0

[PULL 11/38] target: Define TCG_GUEST_DEFAULT_MO in 'cpu-param.h'

[Philippe Mathieu-Daudé]

accel/tcg/ files requires the following definitions:

  - TARGET_LONG_BITS
  - TARGET_PAGE_BITS
  - TARGET_PHYS_ADDR_SPACE_BITS
  - TCG_GUEST_DEFAULT_MO

The first 3 are defined in "cpu-param.h". The last one
in "cpu.h", with a bunch of definitions irrelevant for
TCG. By moving the TCG_GUEST_DEFAULT_MO definition to
"cpu-param.h", we can simplify various accel/tcg includes.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Acked-by: Nicholas Piggin 
Message-Id: <20231211212003.21686-4-phi...@linaro.org>
---
 target/alpha/cpu-param.h  |  3 +++
 target/alpha/cpu.h|  3 ---
 target/arm/cpu-param.h|  8 +---
 target/arm/cpu.h  |  3 ---
 target/avr/cpu-param.h|  2 ++
 target/avr/cpu.h  |  2 --
 target/hppa/cpu-param.h   |  8 
 target/hppa/cpu.h |  6 --
 target/i386/cpu-param.h   |  3 +++
 target/i386/cpu.h |  3 ---
 target/loongarch/cpu-param.h  |  2 ++
 target/loongarch/cpu.h|  2 --
 target/microblaze/cpu-param.h |  3 +++
 target/microblaze/cpu.h   |  3 ---
 target/mips/cpu-param.h   |  2 ++
 target/mips/cpu.h |  2 --
 target/openrisc/cpu-param.h   |  2 ++
 target/openrisc/cpu.h |  2 --
 target/ppc/cpu-param.h|  2 ++
 target/ppc/cpu.h  |  2 --
 target/riscv/cpu-param.h  |  2 ++
 target/riscv/cpu.h|  2 --
 target/s390x/cpu-param.h  |  6 ++
 target/s390x/cpu.h|  3 ---
 target/sparc/cpu-param.h  | 23 +++
 target/sparc/cpu.h| 23 ---
 target/xtensa/cpu-param.h |  3 +++
 target/xtensa/cpu.h   |  3 ---
 28 files changed, 66 insertions(+), 62 deletions(-)

diff --git a/target/alpha/cpu-param.h b/target/alpha/cpu-param.h
index c969cb016b..5ce213a9a1 100644
--- a/target/alpha/cpu-param.h
+++ b/target/alpha/cpu-param.h
@@ -27,4 +27,7 @@
 # define TARGET_VIRT_ADDR_SPACE_BITS  (30 + TARGET_PAGE_BITS)
 #endif
 
+/* Alpha processors have a weak memory model */
+#define TCG_GUEST_DEFAULT_MO  (0)
+
 #endif
diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
index 7188a409a0..f9e2ecb90a 100644
--- a/target/alpha/cpu.h
+++ b/target/alpha/cpu.h
@@ -24,9 +24,6 @@
 #include "exec/cpu-defs.h"
 #include "qemu/cpu-float.h"
 
-/* Alpha processors have a weak memory model */
-#define TCG_GUEST_DEFAULT_MO  (0)
-
 #define ICACHE_LINE_SIZE 32
 #define DCACHE_LINE_SIZE 32
 
diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index da3243ab21..2d5f3aa312 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -27,14 +27,16 @@
 # else
 #  define TARGET_PAGE_BITS 12
 # endif
-#else
+#else /* !CONFIG_USER_ONLY */
 /*
  * ARMv7 and later CPUs have 4K pages minimum, but ARMv5 and v6
  * have to support 1K tiny pages.
  */
 # define TARGET_PAGE_BITS_VARY
 # define TARGET_PAGE_BITS_MIN  10
-
-#endif
+#endif /* !CONFIG_USER_ONLY */
+
+/* ARM processors have a weak memory model */
+#define TCG_GUEST_DEFAULT_MO  (0)
 
 #endif
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 97997dbd08..17efc5d565 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -30,9 +30,6 @@
 #include "target/arm/multiprocessing.h"
 #include "target/arm/gtimer.h"
 
-/* ARM processors have a weak memory model */
-#define TCG_GUEST_DEFAULT_MO  (0)
-
 #ifdef TARGET_AARCH64
 #define KVM_HAVE_MCE_INJECTION 1
 #endif
diff --git a/target/avr/cpu-param.h b/target/avr/cpu-param.h
index 9a92bc74fc..93c2f470d0 100644
--- a/target/avr/cpu-param.h
+++ b/target/avr/cpu-param.h
@@ -32,4 +32,6 @@
 #define TARGET_PHYS_ADDR_SPACE_BITS 24
 #define TARGET_VIRT_ADDR_SPACE_BITS 24
 
+#define TCG_GUEST_DEFAULT_MO 0
+
 #endif
diff --git a/target/avr/cpu.h b/target/avr/cpu.h
index d185d20dcb..4725535102 100644
--- a/target/avr/cpu.h
+++ b/target/avr/cpu.h
@@ -30,8 +30,6 @@
 
 #define CPU_RESOLVING_TYPE TYPE_AVR_CPU
 
-#define TCG_GUEST_DEFAULT_MO 0
-
 /*
  * AVR has two memory spaces, data & code.
  * e.g. both have 0 address
diff --git a/target/hppa/cpu-param.h b/target/hppa/cpu-param.h
index bb3d7ef6f7..473d489f01 100644
--- a/target/hppa/cpu-param.h
+++ b/target/hppa/cpu-param.h
@@ -21,4 +21,12 @@
 
 #define TARGET_PAGE_BITS 12
 
+/* PA-RISC 1.x processors have a strong memory model.  */
+/*
+ * ??? While we do not yet implement PA-RISC 2.0, those processors have
+ * a weak memory model, but with TLB bits that force ordering on a per-page
+ * basis.  It's probably easier to fall back to a strong memory model.
+ */
+#define TCG_GUEST_DEFAULT_MOTCG_MO_ALL
+
 #endif
diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
index a072d0bb63..fb2e4c4a98 100644
--- a/target/hppa/cpu.h
+++ b/target/hppa/cpu.h
@@ -25,12 +25,6 @@
 #include "qemu/cpu-float.h"
 #include "qemu/interval-tree.h"
 
-/* PA-RISC 1.x processors have a strong memory model.  */
-/* ??? While we do not yet implement PA-RISC 2.0, those processors have
-   a weak memory model, but with TLB bits that force ordering 

[PULL 08/38] gdbstub: Avoid including 'cpu.h' in 'gdbstub/helpers.h'

[Philippe Mathieu-Daudé]

We only need the "exec/tswap.h" and "cpu-param.h" headers.
Only include "cpu.h" in the target gdbstub.c source files.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20240418192525.97451-20-phi...@linaro.org>
---
 include/gdbstub/helpers.h | 3 ++-
 target/avr/gdbstub.c  | 1 +
 target/tricore/gdbstub.c  | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/gdbstub/helpers.h b/include/gdbstub/helpers.h
index 6277a858a1..26140ef1ac 100644
--- a/include/gdbstub/helpers.h
+++ b/include/gdbstub/helpers.h
@@ -16,7 +16,8 @@
 #error "gdbstub helpers should only be included by target specific code"
 #endif
 
-#include "cpu.h"
+#include "exec/tswap.h"
+#include "cpu-param.h"
 
 /*
  * The GDB remote protocol transfers values in target byte order. As
diff --git a/target/avr/gdbstub.c b/target/avr/gdbstub.c
index 22bf4e..d6d3c1479b 100644
--- a/target/avr/gdbstub.c
+++ b/target/avr/gdbstub.c
@@ -20,6 +20,7 @@
 
 #include "qemu/osdep.h"
 #include "gdbstub/helpers.h"
+#include "cpu.h"
 
 int avr_cpu_gdb_read_register(CPUState *cs, GByteArray *mem_buf, int n)
 {
diff --git a/target/tricore/gdbstub.c b/target/tricore/gdbstub.c
index f9309c5e27..29a70051ff 100644
--- a/target/tricore/gdbstub.c
+++ b/target/tricore/gdbstub.c
@@ -19,6 +19,7 @@
 
 #include "qemu/osdep.h"
 #include "gdbstub/helpers.h"
+#include "cpu.h"
 
 
 #define LCX_REGNUM 32
-- 
2.41.0

[PULL 01/38] exec: Rename NEED_CPU_H -> COMPILING_PER_TARGET

[Philippe Mathieu-Daudé]

'NEED_CPU_H' guard target-specific code; it is defined by meson
altogether with the 'CONFIG_TARGET' definition. Rename NEED_CPU_H
as COMPILING_PER_TARGET to clarify its meaning.

Mechanical change running:

 $ sed -i s/NEED_CPU_H/COMPILING_PER_TARGET/g $(git grep -l NEED_CPU_H)

then manually add a /* COMPILING_PER_TARGET */ comment
after the '#endif' when the block is large.

Inspired-by: Peter Maydell 
Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20240322161439.6448-4-phi...@linaro.org>
---
 meson.build| 4 ++--
 include/exec/cpu-defs.h| 2 +-
 include/exec/helper-head.h | 4 ++--
 include/exec/memop.h   | 4 ++--
 include/exec/memory.h  | 4 ++--
 include/exec/tswap.h   | 4 ++--
 include/gdbstub/helpers.h  | 2 +-
 include/hw/core/cpu.h  | 4 ++--
 include/qemu/osdep.h   | 2 +-
 include/sysemu/hvf.h   | 8 
 include/sysemu/kvm.h   | 6 +++---
 include/sysemu/nvmm.h  | 4 ++--
 include/sysemu/whpx.h  | 4 ++--
 include/sysemu/xen.h   | 4 ++--
 target/arm/kvm-consts.h| 4 ++--
 scripts/analyze-inclusions | 6 +++---
 16 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/meson.build b/meson.build
index 553b940999..96fdc6dfd2 100644
--- a/meson.build
+++ b/meson.build
@@ -3610,7 +3610,7 @@ foreach d, list : target_modules
 if target.endswith('-softmmu')
   config_target = config_target_mak[target]
   target_inc = [include_directories('target' / 
config_target['TARGET_BASE_ARCH'])]
-  c_args = ['-DNEED_CPU_H',
+  c_args = ['-DCOMPILING_PER_TARGET',
 '-DCONFIG_TARGET="@0@-config-target.h"'.format(target),
 '-DCONFIG_DEVICES="@0@-config-devices.h"'.format(target)]
   target_module_ss = module_ss.apply(config_target, strict: false)
@@ -3793,7 +3793,7 @@ foreach target : target_dirs
   target_base_arch = config_target['TARGET_BASE_ARCH']
   arch_srcs = [config_target_h[target]]
   arch_deps = []
-  c_args = ['-DNEED_CPU_H',
+  c_args = ['-DCOMPILING_PER_TARGET',
 '-DCONFIG_TARGET="@0@-config-target.h"'.format(target),
 '-DCONFIG_DEVICES="@0@-config-devices.h"'.format(target)]
   link_args = emulator_link_args
diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index 3915438b83..0dbef3010c 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -19,7 +19,7 @@
 #ifndef CPU_DEFS_H
 #define CPU_DEFS_H
 
-#ifndef NEED_CPU_H
+#ifndef COMPILING_PER_TARGET
 #error cpu.h included from common code
 #endif
 
diff --git a/include/exec/helper-head.h b/include/exec/helper-head.h
index 28ceab0a46..5ef467a79d 100644
--- a/include/exec/helper-head.h
+++ b/include/exec/helper-head.h
@@ -43,7 +43,7 @@
 #define dh_ctype_noreturn G_NORETURN void
 #define dh_ctype(t) dh_ctype_##t
 
-#ifdef NEED_CPU_H
+#ifdef COMPILING_PER_TARGET
 # ifdef TARGET_LONG_BITS
 #  if TARGET_LONG_BITS == 32
 #   define dh_alias_tl i32
@@ -54,7 +54,7 @@
 #  endif
 # endif
 # define dh_ctype_tl target_ulong
-#endif
+#endif /* COMPILING_PER_TARGET */
 
 /* We can't use glue() here because it falls foul of C preprocessor
recursive expansion rules.  */
diff --git a/include/exec/memop.h b/include/exec/memop.h
index a86dc6743a..06417ff361 100644
--- a/include/exec/memop.h
+++ b/include/exec/memop.h
@@ -35,7 +35,7 @@ typedef enum MemOp {
 MO_LE= 0,
 MO_BE= MO_BSWAP,
 #endif
-#ifdef NEED_CPU_H
+#ifdef COMPILING_PER_TARGET
 #if TARGET_BIG_ENDIAN
 MO_TE= MO_BE,
 #else
@@ -135,7 +135,7 @@ typedef enum MemOp {
 MO_BESL  = MO_BE | MO_SL,
 MO_BESQ  = MO_BE | MO_SQ,
 
-#ifdef NEED_CPU_H
+#ifdef COMPILING_PER_TARGET
 MO_TEUW  = MO_TE | MO_UW,
 MO_TEUL  = MO_TE | MO_UL,
 MO_TEUQ  = MO_TE | MO_UQ,
diff --git a/include/exec/memory.h b/include/exec/memory.h
index dbb1bad72f..dadb5cd65a 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -3107,7 +3107,7 @@ address_space_write_cached(MemoryRegionCache *cache, 
hwaddr addr,
 MemTxResult address_space_set(AddressSpace *as, hwaddr addr,
   uint8_t c, hwaddr len, MemTxAttrs attrs);
 
-#ifdef NEED_CPU_H
+#ifdef COMPILING_PER_TARGET
 /* enum device_endian to MemOp.  */
 static inline MemOp devend_memop(enum device_endian end)
 {
@@ -3125,7 +3125,7 @@ static inline MemOp devend_memop(enum device_endian end)
 return (end == non_host_endianness) ? MO_BSWAP : 0;
 #endif
 }
-#endif
+#endif /* COMPILING_PER_TARGET */
 
 /*
  * Inhibit technologies that require discarding of pages in RAM blocks, e.g.,
diff --git a/include/exec/tswap.h b/include/exec/tswap.h
index 68944a880b..5089cd6a4c 100644
--- a/include/exec/tswap.h
+++ b/include/exec/tswap.h
@@ -15,11 +15,11 @@
  * If we're in target-specific code, we can hard-code the swapping
  * condition, otherwise we have to do (slower) run-time checks.
  */
-#ifdef NEED_CPU_H
+#ifdef COMPILING_PER_TARGET
 #define target_needs_bswap()  (HOST_BIG_ENDIAN != 

[PULL 02/38] exec: Reduce tlb_set_dirty() declaration scope

[Philippe Mathieu-Daudé]

tlb_set_dirty() is only used in accel/tcg/cputlb.c,
where it is defined. Declare it statically, removing
the stub.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Harsh Prateek Bora 
Reviewed-by: Richard Henderson 
Message-Id: <20240418192525.97451-11-phi...@linaro.org>
---
 include/exec/exec-all.h | 1 -
 accel/stubs/tcg-stub.c  | 4 
 accel/tcg/cputlb.c  | 2 +-
 3 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 3e53501691..9599e16a09 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -654,7 +654,6 @@ static inline void mmap_unlock(void) {}
 #define WITH_MMAP_LOCK_GUARD()
 
 void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length);
-void tlb_set_dirty(CPUState *cpu, vaddr addr);
 void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length);
 
 MemoryRegionSection *
diff --git a/accel/stubs/tcg-stub.c b/accel/stubs/tcg-stub.c
index 8a496a2a6f..dd890d6cf6 100644
--- a/accel/stubs/tcg-stub.c
+++ b/accel/stubs/tcg-stub.c
@@ -18,10 +18,6 @@ void tb_flush(CPUState *cpu)
 {
 }
 
-void tlb_set_dirty(CPUState *cpu, vaddr vaddr)
-{
-}
-
 int probe_access_flags(CPUArchState *env, vaddr addr, int size,
MMUAccessType access_type, int mmu_idx,
bool nonfault, void **phost, uintptr_t retaddr)
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 93b1ca810b..e16d02a62c 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1039,7 +1039,7 @@ static inline void tlb_set_dirty1_locked(CPUTLBEntry 
*tlb_entry,
 
 /* update the TLB corresponding to virtual page vaddr
so that it is no longer dirty */
-void tlb_set_dirty(CPUState *cpu, vaddr addr)
+static void tlb_set_dirty(CPUState *cpu, vaddr addr)
 {
 int mmu_idx;
 
-- 
2.41.0

[PULL 05/38] accel: Include missing 'exec/cpu_ldst.h' header

[Philippe Mathieu-Daudé]

Theses files call cpu_ldl_code() which is declared
in "exec/cpu_ldst.h".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20231211212003.21686-5-phi...@linaro.org>
---
 accel/tcg/translator.c| 1 +
 target/hexagon/translate.c| 1 +
 target/microblaze/cpu.c   | 1 +
 target/microblaze/translate.c | 1 +
 4 files changed, 4 insertions(+)

diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
index 9de0bc34c8..6832e55135 100644
--- a/accel/tcg/translator.c
+++ b/accel/tcg/translator.c
@@ -12,6 +12,7 @@
 #include "qemu/error-report.h"
 #include "exec/exec-all.h"
 #include "exec/translator.h"
+#include "exec/cpu_ldst.h"
 #include "exec/plugin-gen.h"
 #include "tcg/tcg-op-common.h"
 #include "internal-target.h"
diff --git a/target/hexagon/translate.c b/target/hexagon/translate.c
index f163eefe97..47a870f42d 100644
--- a/target/hexagon/translate.c
+++ b/target/hexagon/translate.c
@@ -23,6 +23,7 @@
 #include "exec/helper-gen.h"
 #include "exec/helper-proto.h"
 #include "exec/translation-block.h"
+#include "exec/cpu_ldst.h"
 #include "exec/log.h"
 #include "internal.h"
 #include "attribs.h"
diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c
index f8dc3173fc..9eb7374ccd 100644
--- a/target/microblaze/cpu.c
+++ b/target/microblaze/cpu.c
@@ -28,6 +28,7 @@
 #include "qemu/module.h"
 #include "hw/qdev-properties.h"
 #include "exec/exec-all.h"
+#include "exec/cpu_ldst.h"
 #include "exec/gdbstub.h"
 #include "fpu/softfloat-helpers.h"
 #include "tcg/tcg.h"
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index fc451befae..6d89c1a175 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -22,6 +22,7 @@
 #include "cpu.h"
 #include "disas/disas.h"
 #include "exec/exec-all.h"
+#include "exec/cpu_ldst.h"
 #include "tcg/tcg-op.h"
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
-- 
2.41.0

Re: [PATCH 18/24] plugins: Include missing 'qemu/bitmap.h' header

[Pierrick Bouvier]

On 4/18/24 12:25, Philippe Mathieu-Daudé wrote:

"qemu/plugin.h" uses DECLARE_BITMAP(), which is
declared in "qemu/bitmap.h".

Signed-off-by: Philippe Mathieu-Daudé 
---
  include/qemu/plugin.h | 1 +
  1 file changed, 1 insertion(+)

diff --git a/include/qemu/plugin.h b/include/qemu/plugin.h
index 12a96cea2a..41db748eda 100644
--- a/include/qemu/plugin.h
+++ b/include/qemu/plugin.h
@@ -13,6 +13,7 @@
  #include "qemu/queue.h"
  #include "qemu/option.h"
  #include "qemu/plugin-event.h"
+#include "qemu/bitmap.h"
  #include "exec/memopidx.h"
  #include "hw/core/cpu.h"
  


Reviewed-by: Pierrick Bouvier 

Re: [PATCH v3 1/2] target/s390x: report deprecated-props in cpu-model-expansion reply

[Collin Walling]

On 4/26/24 13:45, David Hildenbrand wrote:
> On 26.04.24 19:44, David Hildenbrand wrote:
>> On 24.04.24 23:56, Collin Walling wrote:
>>> Retain a list of deprecated features disjoint from any particular
>>> CPU model. A query-cpu-model-expansion reply will now provide a list of
>>> properties (i.e. features) that are flagged as deprecated. Example:
>>>
>>>   {
>>> "return": {
>>>   "model": {
>>> "name": "z14.2-base",
>>> "deprecated-props": [
>>>   "bpb",
>>>   "csske"
>>> ],
>>> "props": {
>>>   "pfmfi": false,
>>>   "exrl": true,
>>>   ...a lot more props...
>>>   "skey": false,
>>>   "vxpdeh2": false
>>> }
>>>   }
>>> }
>>>   }
>>>
>>> It is recommended that s390 guests operate with these features
>>> explicitly disabled to ensure compatability with future hardware.
>>
>> Likely you should only report features that are applicable to a model.
>> that is, if it's part of the full_feat.
>>
>> Otherwise, the caller might simply want do set all features to "false",
>> and we'd fail setting a feature that is unknown to a specific CPU
>> generation.
>>
>> That is, you would AND the bitmap with the full_feat of the underlying
>> CPU definition.
> 
> Refreshing my memory, I think we can just clear any CPU features. We 
> only bail out when setting them!
> 

Very good point.  I've been working only with newer-gen machines and
would not have thought to test / catch that case.  I will filter the
deprecated-props array with features that are only available on the
full_model of the expanded CPU model.

-- 
Regards,
  Collin

[PATCH] Hexagon: add PC alignment check and exception

[Matheus Tavares Bernardino]

The Hexagon Programmer's Reference Manual says that the exception 0x1e
should be raised upon an unaligned program counter. Let's implement that
and also add tests for both the most common case as well as packets with
multiple change-of-flow instructions.

Signed-off-by: Matheus Tavares Bernardino 
---
 target/hexagon/cpu_bits.h  |  1 +
 target/hexagon/translate.h |  2 ++
 target/hexagon/genptr.c| 21 -
 target/hexagon/translate.c |  2 +-
 tests/tcg/hexagon/Makefile.target  | 13 +
 tests/tcg/hexagon/unaligned_pc.S   | 10 ++
 tests/tcg/hexagon/unaligned_pc_multi_cof.S | 13 +
 7 files changed, 56 insertions(+), 6 deletions(-)
 create mode 100644 tests/tcg/hexagon/unaligned_pc.S
 create mode 100644 tests/tcg/hexagon/unaligned_pc_multi_cof.S

diff --git a/target/hexagon/cpu_bits.h b/target/hexagon/cpu_bits.h
index 96fef71729..d6900c8bda 100644
--- a/target/hexagon/cpu_bits.h
+++ b/target/hexagon/cpu_bits.h
@@ -23,6 +23,7 @@
 #define HEX_EXCP_FETCH_NO_UPAGE  0x012
 #define HEX_EXCP_INVALID_PACKET  0x015
 #define HEX_EXCP_INVALID_OPCODE  0x015
+#define HEX_EXCP_PC_NOT_ALIGNED  0x01e
 #define HEX_EXCP_PRIV_NO_UREAD   0x024
 #define HEX_EXCP_PRIV_NO_UWRITE  0x025
 
diff --git a/target/hexagon/translate.h b/target/hexagon/translate.h
index 4dd59c6726..daf11eb584 100644
--- a/target/hexagon/translate.h
+++ b/target/hexagon/translate.h
@@ -75,6 +75,8 @@ typedef struct DisasContext {
 TCGv dczero_addr;
 } DisasContext;
 
+void gen_exception_end_tb(DisasContext *ctx, int excp);
+
 static inline void ctx_log_pred_write(DisasContext *ctx, int pnum)
 {
 if (!test_bit(pnum, ctx->pregs_written)) {
diff --git a/target/hexagon/genptr.c b/target/hexagon/genptr.c
index dbae6c570a..c96edd9379 100644
--- a/target/hexagon/genptr.c
+++ b/target/hexagon/genptr.c
@@ -473,6 +473,7 @@ static void gen_write_new_pc_addr(DisasContext *ctx, TCGv 
addr,
   TCGCond cond, TCGv pred)
 {
 TCGLabel *pred_false = NULL;
+TCGLabel *branch_taken = NULL;
 if (cond != TCG_COND_ALWAYS) {
 pred_false = gen_new_label();
 tcg_gen_brcondi_tl(cond, pred, 0, pred_false);
@@ -480,12 +481,22 @@ static void gen_write_new_pc_addr(DisasContext *ctx, TCGv 
addr,
 
 if (ctx->pkt->pkt_has_multi_cof) {
 /* If there are multiple branches in a packet, ignore the second one */
-tcg_gen_movcond_tl(TCG_COND_NE, hex_gpr[HEX_REG_PC],
-   ctx->branch_taken, tcg_constant_tl(0),
-   hex_gpr[HEX_REG_PC], addr);
+branch_taken = gen_new_label();
+tcg_gen_brcondi_tl(TCG_COND_NE, ctx->branch_taken, 0, branch_taken);
 tcg_gen_movi_tl(ctx->branch_taken, 1);
-} else {
-tcg_gen_mov_tl(hex_gpr[HEX_REG_PC], addr);
+}
+
+TCGLabel *pc_aligned = gen_new_label();
+TCGv pc_remainder = tcg_temp_new();
+tcg_gen_andi_tl(pc_remainder, addr, PCALIGN_MASK);
+tcg_gen_brcondi_tl(TCG_COND_EQ, pc_remainder, 0, pc_aligned);
+gen_exception_end_tb(ctx, HEX_EXCP_PC_NOT_ALIGNED);
+gen_set_label(pc_aligned);
+
+tcg_gen_mov_tl(hex_gpr[HEX_REG_PC], addr);
+
+if (ctx->pkt->pkt_has_multi_cof) {
+gen_set_label(branch_taken);
 }
 
 if (cond != TCG_COND_ALWAYS) {
diff --git a/target/hexagon/translate.c b/target/hexagon/translate.c
index f163eefe97..e6ee63a53e 100644
--- a/target/hexagon/translate.c
+++ b/target/hexagon/translate.c
@@ -185,7 +185,7 @@ static void gen_end_tb(DisasContext *ctx)
 ctx->base.is_jmp = DISAS_NORETURN;
 }
 
-static void gen_exception_end_tb(DisasContext *ctx, int excp)
+void gen_exception_end_tb(DisasContext *ctx, int excp)
 {
 gen_exec_counters(ctx);
 tcg_gen_movi_tl(hex_gpr[HEX_REG_PC], ctx->next_PC);
diff --git a/tests/tcg/hexagon/Makefile.target 
b/tests/tcg/hexagon/Makefile.target
index f839b2c0d5..02d7fff34c 100644
--- a/tests/tcg/hexagon/Makefile.target
+++ b/tests/tcg/hexagon/Makefile.target
@@ -51,6 +51,19 @@ HEX_TESTS += scatter_gather
 HEX_TESTS += hvx_misc
 HEX_TESTS += hvx_histogram
 HEX_TESTS += invalid-slots
+HEX_TESTS += unaligned_pc
+HEX_TESTS += unaligned_pc_multi_cof
+
+run-unaligned_pc: unaligned_pc
+run-unaligned_pc_multi_cof: unaligned_pc_multi_cof
+run-unaligned_pc run-unaligned_pc_multi_cof:
+   $(call run-test, $<, $(QEMU) $< 2> $<.stderr,"$< on $(TARGET_NAME)"); \
+   if [ $$? -ne 1 ] ; then \
+   return 1; \
+   fi
+   $(call quiet-command, \
+   grep -q "exception 0x1e" $<.stderr, \
+   "GREP", "exception 0x1e");
 
 run-and-check-exception = $(call run-test,$2,$3 2>$2.stderr; \
test $$? -eq 1 && grep -q "exception $(strip $1)" $2.stderr)
diff --git a/tests/tcg/hexagon/unaligned_pc.S b/tests/tcg/hexagon/unaligned_pc.S
new file mode 100644
index 00..39d6b2060b
--- /dev/null
+++ b/tests/tcg/hexagon/unaligned_pc.S
@@ -0,0 +1,10 @@

Re: [PATCH v2 03/10] ppc/pnv: Add a Power11 Pnv11Chip, and a Power11 Machine

[Cédric Le Goater]

On 4/26/24 19:34, Aditya Gupta wrote:

Hello Cédric,



<...snip...>

- * Multi processor support for POWER8, POWER8NVL and POWER9.
+ * Multi processor support for POWER8, POWER8NVL, POWER9, POWER10 and Power11.


POWER10 -> Power10. Don't ask me why.


Sure, got it !




* XSCOM, serial communication sideband bus to configure chiplets.
* Simple LPC Controller.
* Processor Service Interface (PSI) Controller.
- * Interrupt Controller, XICS (POWER8) and XIVE (POWER9) and XIVE2 (Power10).
+ * Interrupt Controller, XICS (POWER8) and XIVE (POWER9) and XIVE2 (Power10 &
+   Power11).
* POWER8 PHB3 PCIe Host bridge and POWER9 PHB4 PCIe Host bridge.
* Simple OCC is an on-chip micro-controller used for power management tasks.
* iBT device to handle BMC communication, with the internal BMC simulator
diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 74e7908e5ffb..06e272f3bdd3 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -431,13 +431,27 @@ static const uint8_t pa_features_31[] = { 74, 0,
   static void pnv_chip_power10_dt_populate(PnvChip *chip, void *fdt)
   {
-static const char compat[] = "ibm,power10-xscom\0ibm,xscom";
+PnvChipClass *pcc = PNV_CHIP_GET_CLASS(chip);
+static const char compat_p10[] = "ibm,power10-xscom\0ibm,xscom";
+static const char compat_p11[] = "ibm,power11-xscom\0ibm,xscom";
+
+PnvChipType chip_type = pcc->chip_type;
+const char *compat;
+int compat_len;
   int i;
+if (chip_type == PNV_TYPE_POWER11) {
+compat = compat_p11;
+compat_len = sizeof(compat_p11);
+} else {
+compat = compat_p10;
+compat_len = sizeof(compat_p10);
+}


please introduce a pnv_chip_power11_dt_populate() routine instead.


Okay.




   pnv_dt_xscom(chip, fdt, 0,
cpu_to_be64(PNV10_XSCOM_BASE(chip)),
cpu_to_be64(PNV10_XSCOM_SIZE),
- compat, sizeof(compat));
+ compat, compat_len);
   for (i = 0; i < chip->nr_cores; i++) {
   PnvCore *pnv_core = chip->cores[i];
@@ -1288,6 +1302,8 @@ static void pnv_chip_power10_intc_print_info(PnvChip 
*chip, PowerPCCPU *cpu,
   #define POWER10_CORE_MASK  (0xffull)
+#define POWER11_CORE_MASK  (0xffull)
+
   static void pnv_chip_power8_instance_init(Object *obj)
   {
   Pnv8Chip *chip8 = PNV8_CHIP(obj);
@@ -1838,6 +1854,7 @@ static void pnv_chip_power10_instance_init(Object *obj)
   static void pnv_chip_power10_quad_realize(Pnv10Chip *chip10, Error **errp)
   {
   PnvChip *chip = PNV_CHIP(chip10);
+PnvChipClass *chip_class = PNV_CHIP_GET_CLASS(chip);
   int i;
   chip10->nr_quads = DIV_ROUND_UP(chip->nr_cores, 4);
@@ -1846,7 +1863,11 @@ static void pnv_chip_power10_quad_realize(Pnv10Chip 
*chip10, Error **errp)
   for (i = 0; i < chip10->nr_quads; i++) {
   PnvQuad *eq = >quads[i];
-pnv_chip_quad_realize_one(chip, eq, chip->cores[i * 4],
+if (chip_class->chip_type == PNV_TYPE_POWER11)
+pnv_chip_quad_realize_one(chip, eq, chip->cores[i * 4],
+  PNV_QUAD_TYPE_NAME("power11"));
+else
+pnv_chip_quad_realize_one(chip, eq, chip->cores[i * 4],
 PNV_QUAD_TYPE_NAME("power10"));



Please change introduce a new pnv_chip_quad_realize() routine taking an
extra type_name argument.


Sure, can do it. But as it's called from 'pnv_chip_power10_realize',
might require a 'pnv_chip_power11_realize' function also, so it can pass
type_name as "power11" vs "power10".


Do the Power11 and Power10 processors have the same XSCOM and MMIO
address spaces ?


Will do it.





   pnv_xscom_add_subregion(chip, PNV10_XSCOM_EQ_BASE(eq->quad_id),
@@ -2116,6 +2137,35 @@ static void pnv_chip_power10_class_init(ObjectClass 
*klass, void *data)
   >parent_realize);
   }
+static void pnv_chip_power11_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+PnvChipClass *k = PNV_CHIP_CLASS(klass);
+
+static const int i2c_ports_per_engine[PNV10_CHIP_MAX_I2C] = {14, 14, 2, 
16};
+
+k->chip_cfam_id = 0x120da0498000ull; /* P11 (with NX) */
+k->chip_type = PNV_TYPE_POWER11;
+k->cores_mask = POWER11_CORE_MASK;
+k->chip_pir = pnv_chip_pir_p10;
+k->intc_create = pnv_chip_power10_intc_create;
+k->intc_reset = pnv_chip_power10_intc_reset;
+k->intc_destroy = pnv_chip_power10_intc_destroy;
+k->intc_print_info = pnv_chip_power10_intc_print_info;
+k->isa_create = pnv_chip_power10_isa_create;
+k->dt_populate = pnv_chip_power10_dt_populate;
+k->pic_print_info = pnv_chip_power10_pic_print_info;
+k->xscom_core_base = pnv_chip_power10_xscom_core_base;
+k->xscom_pcba = pnv_chip_power10_xscom_pcba;
+dc->desc = "PowerNV Chip POWER11";
+k->num_pecs = PNV10_CHIP_MAX_PEC;
+k->i2c_num_engines = PNV10_CHIP_MAX_I2C;
+k->i2c_ports_per_engine = 

Re: [PATCH v3 1/2] target/s390x: report deprecated-props in cpu-model-expansion reply

[David Hildenbrand]

On 26.04.24 19:44, David Hildenbrand wrote:

On 24.04.24 23:56, Collin Walling wrote:

Retain a list of deprecated features disjoint from any particular
CPU model. A query-cpu-model-expansion reply will now provide a list of
properties (i.e. features) that are flagged as deprecated. Example:

  {
"return": {
  "model": {
"name": "z14.2-base",
"deprecated-props": [
  "bpb",
  "csske"
],
"props": {
  "pfmfi": false,
  "exrl": true,
  ...a lot more props...
  "skey": false,
  "vxpdeh2": false
}
  }
}
  }

It is recommended that s390 guests operate with these features
explicitly disabled to ensure compatability with future hardware.


Likely you should only report features that are applicable to a model.
that is, if it's part of the full_feat.

Otherwise, the caller might simply want do set all features to "false",
and we'd fail setting a feature that is unknown to a specific CPU
generation.

That is, you would AND the bitmap with the full_feat of the underlying
CPU definition.


Refreshing my memory, I think we can just clear any CPU features. We 
only bail out when setting them!


--
Cheers,

David / dhildenb

Re: [PATCH v2 01/10] ppc/pseries: Add Power11 cpu type

[Aditya Gupta]

> > Quoting lines from docs/system/ppc/powernv.rst:
> > 
> > > Missing devices
> > > ---
> > > 
> > > A lot is missing, among which :
> > > 
> > >   * I2C controllers (yet to be merged).
> > >   * NPU/NPU2/NPU3 controllers.
> > >   * EEH support for PCIe Host bridge controllers.
> > >   * NX controller.
> > >   * VAS controller.
> > >   * chipTOD (Time Of Day).
> > >   * Self Boot Engine (SBE).
> > >   * FSI bus.
> > 
> > I can see that 'chipTOD' was added in commit 9a69950feb098. I2C mentions
> > yet to merge, is it merged yet ?
> 
> yes.

Thanks for confirming Cédric !

- Aditya Gupta

> 
> > 
> > I will check whether this needs updating, but might do it in a separate
> > patch than this series.
> 
> Thanks,
> 
> 

Re: [PATCH v3 1/2] target/s390x: report deprecated-props in cpu-model-expansion reply

[David Hildenbrand]

On 24.04.24 23:56, Collin Walling wrote:

Retain a list of deprecated features disjoint from any particular
CPU model. A query-cpu-model-expansion reply will now provide a list of
properties (i.e. features) that are flagged as deprecated. Example:

 {
   "return": {
 "model": {
   "name": "z14.2-base",
   "deprecated-props": [
 "bpb",
 "csske"
   ],
   "props": {
 "pfmfi": false,
 "exrl": true,
 ...a lot more props...
 "skey": false,
 "vxpdeh2": false
   }
 }
   }
 }

It is recommended that s390 guests operate with these features
explicitly disabled to ensure compatability with future hardware.


Likely you should only report features that are applicable to a model. 
that is, if it's part of the full_feat.


Otherwise, the caller might simply want do set all features to "false", 
and we'd fail setting a feature that is unknown to a specific CPU 
generation.


That is, you would AND the bitmap with the full_feat of the underlying 
CPU definition.


--
Cheers,

David / dhildenb

Re: [PATCH v2 10/10] ppc/pnv: Update skiboot.lid to support Power11

[Aditya Gupta]

On Fri, Apr 26, 2024 at 04:38:13PM +0200, Cédric Le Goater wrote:
> On 4/26/24 13:00, Aditya Gupta wrote:
> > Skiboot/OPAL patches are in discussion upstream [1], with corresponding
> > commits in github repository [2].
> > 
> > Update skiboot.lid, with binary built from 'upstream_power11' branch
> > of skiboot repository with Power11 enablement patches [2].
> > 
> > ---
> > This patch can be skipped for now, if need to wait for patches to be
> > merged in open-power/skiboot.
> 
> yes.
> 
> > Have updated the skiboot.lid to aid in testing this patch series.
> 
> Thanks for doing so.

Good it helped !

Thanks,
- Aditya Gupta

> 
> > ---
> > 
> > [1]:https://lists.ozlabs.org/pipermail/skiboot/2024-April/018963.html
> > [2]:https://github.com/maheshsal/skiboot.
> > 
> > Cc: Cédric Le Goater
> > Cc: Joel Stanley
> > Cc: Mahesh J Salgaonkar
> > Cc: Madhavan Srinivasan
> > Cc: Nicholas Piggin
> > Signed-off-by: Aditya Gupta
> > ---
> >   pc-bios/skiboot.lid | Bin 2527328 -> 2527328 bytes
> >   1 file changed, 0 insertions(+), 0 deletions(-)
> 
> We avoid sending such big blobs on the mailing list. We usually send a
> PR to the sub-system maintainer (Nick). When time comes (support is
> merged is skiboot), we will address the skiboot image update in QEMU.
> 
> C.
> 

Re: [PATCH v2 01/10] ppc/pseries: Add Power11 cpu type

[Cédric Le Goater]

On 4/26/24 19:05, Aditya Gupta wrote:

Hello Cédric,

Thanks for your reviews.

On Fri, Apr 26, 2024 at 04:27:04PM +0200, Cédric Le Goater wrote:

Hello Aditya

On 4/26/24 13:00, Aditya Gupta wrote:

Add base support for "--cpu power11" in QEMU.

Power11 core is same as Power10, hence reuse functions defined for
Power10.


Power11 uses the same ISA it seems. What's the value then ?


Yes, it uses the same ISA. But I added this option so we can have a
Power11 PVR in QEMU, which should be identified as Power11 in skiboot
and linux, hence defined Power11 cpu type, even though code here is
almost same as Power10.





Cc: Cédric Le Goater 
Cc: Daniel Henrique Barboza 
Cc: David Gibson 
Cc: Harsh Prateek Bora 
Cc: Mahesh J Salgaonkar 
Cc: Madhavan Srinivasan 
Cc: Nicholas Piggin 
Signed-off-by: Aditya Gupta 
---
   docs/system/ppc/pseries.rst |  6 +--
   hw/ppc/spapr_cpu_core.c |  1 +



I would separate the CPU target code adding support for a new POWER
Processor from the machine code (pseries).


Sure, I will split it in v3.





   target/ppc/compat.c |  7 +++
   target/ppc/cpu-models.c |  2 +
   target/ppc/cpu-models.h |  2 +
   target/ppc/cpu_init.c   | 99 +
   6 files changed, 114 insertions(+), 3 deletions(-)

diff --git a/docs/system/ppc/pseries.rst b/docs/system/ppc/pseries.rst
index a876d897b6e4..3277564b34c2 100644
--- a/docs/system/ppc/pseries.rst
+++ b/docs/system/ppc/pseries.rst
@@ -15,9 +15,9 @@ Supported devices
   =
* Multi processor support for many Power processors generations: POWER7,
-   POWER7+, POWER8, POWER8NVL, POWER9, and Power10. Support for POWER5+ exists,
-   but its state is unknown.
- * Interrupt Controller, XICS (POWER8) and XIVE (POWER9 and Power10)
+   POWER7+, POWER8, POWER8NVL, POWER9, Power10 and Power11. Support for POWER5+
+   exists, but its state is unknown.


The POWER5+ pseries machine seems functionnal with SLOF
(Sep 18 2023 18:57:48) and Linux 6.6.3 under TCG. May be worth
to mention (for AIX users) in another patch.


+ * Interrupt Controller, XICS (POWER8) and XIVE (POWER9, Power10, Power11)
* vPHB PCIe Host bridge.
* vscsi and vnet devices, compatible with the same devices available on a
  PowerVM hypervisor with VIOS managing LPARs.
diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index e7c9edd033c8..c6e85c031178 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -401,6 +401,7 @@ static const TypeInfo spapr_cpu_core_type_infos[] = {
   DEFINE_SPAPR_CPU_CORE_TYPE("power9_v2.0"),
   DEFINE_SPAPR_CPU_CORE_TYPE("power9_v2.2"),
   DEFINE_SPAPR_CPU_CORE_TYPE("power10_v2.0"),
+DEFINE_SPAPR_CPU_CORE_TYPE("power11"),
   #ifdef CONFIG_KVM
   DEFINE_SPAPR_CPU_CORE_TYPE("host"),
   #endif
diff --git a/target/ppc/compat.c b/target/ppc/compat.c
index ebef2cccecf3..12dd8ae290ca 100644
--- a/target/ppc/compat.c
+++ b/target/ppc/compat.c
@@ -100,6 +100,13 @@ static const CompatInfo compat_table[] = {
   .pcr_level = PCR_COMPAT_3_10,
   .max_vthreads = 8,
   },
+{ /* POWER11, ISA3.10 */
+.name = "power11",
+.pvr = CPU_POWERPC_LOGICAL_3_10_PLUS,
+.pcr = PCR_COMPAT_3_10,
+.pcr_level = PCR_COMPAT_3_10,
+.max_vthreads = 8,
+},
   };
   static const CompatInfo *compat_by_pvr(uint32_t pvr)
diff --git a/target/ppc/cpu-models.c b/target/ppc/cpu-models.c
index f2301b43f78b..1870e69b63df 100644
--- a/target/ppc/cpu-models.c
+++ b/target/ppc/cpu-models.c
@@ -734,6 +734,8 @@
   "POWER9 v2.2")
   POWERPC_DEF("power10_v2.0",  CPU_POWERPC_POWER10_DD20,   POWER10,
   "POWER10 v2.0")
+POWERPC_DEF("power11",  CPU_POWERPC_POWER11,   POWER11,
+"POWER11")
   #endif /* defined (TARGET_PPC64) */
   /***/
diff --git a/target/ppc/cpu-models.h b/target/ppc/cpu-models.h
index 0229ef3a9a5c..a1b540c3aa9e 100644
--- a/target/ppc/cpu-models.h
+++ b/target/ppc/cpu-models.h
@@ -354,6 +354,7 @@ enum {
   CPU_POWERPC_POWER10_BASE   = 0x0080,
   CPU_POWERPC_POWER10_DD1= 0x00801100,
   CPU_POWERPC_POWER10_DD20   = 0x00801200,
+CPU_POWERPC_POWER11= 0x00821200,


is that a DD2.2 PVR ? If so, It should be mentionned in the definition.



Yes, I have kept the last 2 bytes same as P10 DD2. I will mention it
above the line I have added it, in v3.


Skiboot reports :

[0.121234172,6] P11 DD1.00 detected


C.

Re: [PATCH v2 09/10] ppc: Make Power11 as default cpu type for 'pseries' and 'powernv'

[Aditya Gupta]

On Fri, Apr 26, 2024 at 04:32:18PM +0200, Cédric Le Goater wrote:
> On 4/26/24 13:00, Aditya Gupta wrote:
> > Make Power11 as default cpu type for 'pseries' and 'powernv' machine type,
> > with Power11 being the newest supported Power processor in QEMU.
> 
> This is too early. We should merge Power11 support first, possibly in 9.1,
> and then change default in a future release, 9.2, 10.0

Okay, makes sense.

I will drop this change from v3.

Thanks,
- Aditya Gupta

> 
> Thanks,
> 
> C.
> 
> 
> 
> > 
> > Cc: Cédric Le Goater 
> > Cc: Daniel Henrique Barboza 
> > Cc: David Gibson 
> > Cc: Frédéric Barrat 
> > Cc: Harsh Prateek Bora 
> > Cc: Mahesh J Salgaonkar 
> > Cc: Madhavan Srinivasan 
> > Cc: Nicholas Piggin 
> > Signed-off-by: Aditya Gupta 
> > ---
> >   hw/ppc/pnv.c   | 4 ++--
> >   hw/ppc/spapr.c | 2 +-
> >   2 files changed, 3 insertions(+), 3 deletions(-)
> > 
> > diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
> > index 06e272f3bdd3..0c5a6bc424af 100644
> > --- a/hw/ppc/pnv.c
> > +++ b/hw/ppc/pnv.c
> > @@ -2531,8 +2531,6 @@ static void 
> > pnv_machine_p10_common_class_init(ObjectClass *oc, void *data)
> >   mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power10_v2.0");
> >   compat_props_add(mc->compat_props, phb_compat, 
> > G_N_ELEMENTS(phb_compat));
> > -mc->alias = "powernv";
> > -
> >   pmc->compat = compat;
> >   pmc->compat_size = sizeof(compat);
> >   pmc->dt_power_mgt = pnv_dt_power_mgt;
> > @@ -2569,6 +2567,8 @@ static void 
> > pnv_machine_power11_class_init(ObjectClass *oc, void *data)
> >   /* do power10_class_init as p11 core is same as p10 */
> >   pnv_machine_p10_common_class_init(oc, data);
> > +mc->alias = "powernv";
> > +
> >   mc->desc = "IBM PowerNV (Non-Virtualized) POWER11";
> >   mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power11");
> > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > index d2d1e310a3be..1c3e2da8e9e4 100644
> > --- a/hw/ppc/spapr.c
> > +++ b/hw/ppc/spapr.c
> > @@ -4698,7 +4698,7 @@ static void spapr_machine_class_init(ObjectClass *oc, 
> > void *data)
> >   smc->dr_lmb_enabled = true;
> >   smc->update_dt_enabled = true;
> > -mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power10_v2.0");
> > +mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power11");
> >   mc->has_hotpluggable_cpus = true;
> >   mc->nvdimm_supported = true;
> >   smc->resize_hpt_default = SPAPR_RESIZE_HPT_ENABLED;
> 

Re: [PATCH v2 08/10] ppc/pnv: Add SBE model for Power11

[Aditya Gupta]

On Fri, Apr 26, 2024 at 04:33:33PM +0200, Cédric Le Goater wrote:
> On 4/26/24 13:00, Aditya Gupta wrote:
> > Power11 core is same as Power10, reuse PNV10_SBER initialisation, by
> > declaring PNV11_PSI as child class of PNV10_PSI
> > 
> > Cc: Cédric Le Goater 
> > Cc: Frédéric Barrat 
> > Cc: Mahesh J Salgaonkar 
> > Cc: Madhavan Srinivasan 
> > Cc: Nicholas Piggin 
> > Signed-off-by: Aditya Gupta 
> 
> 
> Reviewed-by: Cédric Le Goater 

Thank you Cédric !

- Aditya Gupta

> 
> Thanks,
> 
> C.
> 
> 
> > ---
> >   hw/ppc/pnv_sbe.c | 15 +++
> >   include/hw/ppc/pnv_sbe.h |  2 ++
> >   2 files changed, 17 insertions(+)
> > 
> > diff --git a/hw/ppc/pnv_sbe.c b/hw/ppc/pnv_sbe.c
> > index 74cee4eea7ad..a655cc7f8c9e 100644
> > --- a/hw/ppc/pnv_sbe.c
> > +++ b/hw/ppc/pnv_sbe.c
> > @@ -366,6 +366,20 @@ static const TypeInfo pnv_sbe_power10_type_info = {
> >   .name  = TYPE_PNV10_SBE,
> >   .parent= TYPE_PNV9_SBE,
> >   .class_init= pnv_sbe_power10_class_init,
> > +.class_base_init = pnv_sbe_power10_class_init,
> > +};
> > +
> > +static void pnv_sbe_power11_class_init(ObjectClass *klass, void *data)
> > +{
> > +DeviceClass *dc = DEVICE_CLASS(klass);
> > +
> > +dc->desc = "PowerNV SBE Controller (POWER11)";
> > +}
> > +
> > +static const TypeInfo pnv_sbe_power11_type_info = {
> > +.name  = TYPE_PNV11_SBE,
> > +.parent= TYPE_PNV10_SBE,
> > +.class_init= pnv_sbe_power11_class_init,
> >   };
> >   static void pnv_sbe_realize(DeviceState *dev, Error **errp)
> > @@ -409,6 +423,7 @@ static void pnv_sbe_register_types(void)
> >   type_register_static(_sbe_type_info);
> >   type_register_static(_sbe_power9_type_info);
> >   type_register_static(_sbe_power10_type_info);
> > +type_register_static(_sbe_power11_type_info);
> >   }
> >   type_init(pnv_sbe_register_types);
> > diff --git a/include/hw/ppc/pnv_sbe.h b/include/hw/ppc/pnv_sbe.h
> > index b6b378ad14c7..09073a1256d6 100644
> > --- a/include/hw/ppc/pnv_sbe.h
> > +++ b/include/hw/ppc/pnv_sbe.h
> > @@ -29,6 +29,8 @@ OBJECT_DECLARE_TYPE(PnvSBE, PnvSBEClass, PNV_SBE)
> >   DECLARE_INSTANCE_CHECKER(PnvSBE, PNV9_SBE, TYPE_PNV9_SBE)
> >   #define TYPE_PNV10_SBE TYPE_PNV_SBE "-POWER10"
> >   DECLARE_INSTANCE_CHECKER(PnvSBE, PNV10_SBE, TYPE_PNV10_SBE)
> > +#define TYPE_PNV11_SBE TYPE_PNV_SBE "-POWER11"
> > +DECLARE_INSTANCE_CHECKER(PnvSBE, PNV11_SBE, TYPE_PNV11_SBE)
> >   struct PnvSBE {
> >   DeviceState xd;
> 

Re: [PATCH v2 07/10] ppc/pnv: Add a PSI bridge model for Power11

[Aditya Gupta]

On Fri, Apr 26, 2024 at 04:33:23PM +0200, Cédric Le Goater wrote:
> On 4/26/24 13:00, Aditya Gupta wrote:
> > Power11 core is same as Power10, reuse PNV10_PSI initialisation, by
> > declaring 'PNV11_PSI' as child class of 'PNV10_PSI'
> > 
> > Cc: Cédric Le Goater 
> > Cc: Frédéric Barrat 
> > Cc: Mahesh J Salgaonkar 
> > Cc: Madhavan Srinivasan 
> > Cc: Nicholas Piggin 
> > Signed-off-by: Aditya Gupta 
> 
> 
> Reviewed-by: Cédric Le Goater 

Thanks Cédric !

- Aditya Gupta

> 
> Thanks,
> 
> C.
> 
> 
> > ---
> >   hw/ppc/pnv_psi.c | 24 
> >   include/hw/ppc/pnv_psi.h |  2 ++
> >   2 files changed, 26 insertions(+)
> > 
> > diff --git a/hw/ppc/pnv_psi.c b/hw/ppc/pnv_psi.c
> > index 26460d210deb..1f708b183a87 100644
> > --- a/hw/ppc/pnv_psi.c
> > +++ b/hw/ppc/pnv_psi.c
> > @@ -939,6 +939,29 @@ static const TypeInfo pnv_psi_power10_info = {
> >   .name  = TYPE_PNV10_PSI,
> >   .parent= TYPE_PNV9_PSI,
> >   .class_init= pnv_psi_power10_class_init,
> > +.class_base_init = pnv_psi_power10_class_init,
> > +};
> > +
> > +static void pnv_psi_power11_class_init(ObjectClass *klass, void *data)
> > +{
> > +DeviceClass *dc = DEVICE_CLASS(klass);
> > +PnvPsiClass *ppc = PNV_PSI_CLASS(klass);
> > +static const char compat[] = "ibm,power11-psihb-x\0ibm,psihb-x";
> > +
> > +dc->desc= "PowerNV PSI Controller POWER11";
> > +
> > +/*
> > + * ppc->xscom_pbca and ppc->xscom_size will be set up by
> > + * pnv_psi_power10_class_init
> > + */
> > +ppc->compat = compat;
> > +ppc->compat_size = sizeof(compat);
> > +}
> > +
> > +static const TypeInfo pnv_psi_power11_info = {
> > +.name  = TYPE_PNV11_PSI,
> > +.parent= TYPE_PNV10_PSI,
> > +.class_init= pnv_psi_power11_class_init,
> >   };
> >   static void pnv_psi_class_init(ObjectClass *klass, void *data)
> > @@ -973,6 +996,7 @@ static void pnv_psi_register_types(void)
> >   type_register_static(_psi_power8_info);
> >   type_register_static(_psi_power9_info);
> >   type_register_static(_psi_power10_info);
> > +type_register_static(_psi_power11_info);
> >   }
> >   type_init(pnv_psi_register_types);
> > diff --git a/include/hw/ppc/pnv_psi.h b/include/hw/ppc/pnv_psi.h
> > index 2a6f715350b6..9e1d31779204 100644
> > --- a/include/hw/ppc/pnv_psi.h
> > +++ b/include/hw/ppc/pnv_psi.h
> > @@ -70,6 +70,8 @@ struct Pnv9Psi {
> >   #define TYPE_PNV10_PSI TYPE_PNV_PSI "-POWER10"
> > +#define TYPE_PNV11_PSI TYPE_PNV_PSI "-POWER11"
> > +
> >   struct PnvPsiClass {
> >   SysBusDeviceClass parent_class;
> 

Re: [PATCH v2 06/10] ppc/pnv: Add OCC for Power11

[Aditya Gupta]

On Fri, Apr 26, 2024 at 04:33:13PM +0200, Cédric Le Goater wrote:
> On 4/26/24 13:00, Aditya Gupta wrote:
> > Power11 core is same as Power10, reuse PNV10_OCC initialisation,
> > by declaring `PNV11_OCC` as child class of `PNV10_OCC`
> 
> Reviewed-by: Cédric Le Goater 

Thanks Cédric !

- Aditya Gupta

> 
> Thanks,
> 
> C.
> 
> 
> 
> > 
> > Cc: Cédric Le Goater 
> > Cc: Frédéric Barrat 
> > Cc: Mahesh J Salgaonkar 
> > Cc: Madhavan Srinivasan 
> > Cc: Nicholas Piggin 
> > Signed-off-by: Aditya Gupta 
> > ---
> >   hw/ppc/pnv_occ.c | 14 ++
> >   include/hw/ppc/pnv_occ.h |  2 ++
> >   2 files changed, 16 insertions(+)
> > 
> > diff --git a/hw/ppc/pnv_occ.c b/hw/ppc/pnv_occ.c
> > index 48123ceae176..4f510419045e 100644
> > --- a/hw/ppc/pnv_occ.c
> > +++ b/hw/ppc/pnv_occ.c
> > @@ -262,6 +262,19 @@ static const TypeInfo pnv_occ_power10_type_info = {
> >   .class_init= pnv_occ_power10_class_init,
> >   };
> > +static void pnv_occ_power11_class_init(ObjectClass *klass, void *data)
> > +{
> > +DeviceClass *dc = DEVICE_CLASS(klass);
> > +
> > +dc->desc = "PowerNV OCC Controller (POWER11)";
> > +}
> > +
> > +static const TypeInfo pnv_occ_power11_type_info = {
> > +.name  = TYPE_PNV11_OCC,
> > +.parent= TYPE_PNV10_OCC,
> > +.class_init= pnv_occ_power11_class_init,
> > +};
> > +
> >   static void pnv_occ_realize(DeviceState *dev, Error **errp)
> >   {
> >   PnvOCC *occ = PNV_OCC(dev);
> > @@ -305,6 +318,7 @@ static void pnv_occ_register_types(void)
> >   type_register_static(_occ_power8_type_info);
> >   type_register_static(_occ_power9_type_info);
> >   type_register_static(_occ_power10_type_info);
> > +type_register_static(_occ_power11_type_info);
> >   }
> >   type_init(pnv_occ_register_types);
> > diff --git a/include/hw/ppc/pnv_occ.h b/include/hw/ppc/pnv_occ.h
> > index df321244e3b1..7b5e28f13b4f 100644
> > --- a/include/hw/ppc/pnv_occ.h
> > +++ b/include/hw/ppc/pnv_occ.h
> > @@ -34,6 +34,8 @@ DECLARE_INSTANCE_CHECKER(PnvOCC, PNV9_OCC,
> >TYPE_PNV9_OCC)
> >   #define TYPE_PNV10_OCC TYPE_PNV_OCC "-POWER10"
> >   DECLARE_INSTANCE_CHECKER(PnvOCC, PNV10_OCC, TYPE_PNV10_OCC)
> > +#define TYPE_PNV11_OCC TYPE_PNV_OCC "-POWER11"
> > +DECLARE_INSTANCE_CHECKER(PnvOCC, PNV11_OCC, TYPE_PNV11_OCC)
> >   #define PNV_OCC_SENSOR_DATA_BLOCK_OFFSET 0x0058
> >   #define PNV_OCC_SENSOR_DATA_BLOCK_SIZE   0x00025800
> 

Re: [PATCH v2 05/10] ppc/pnv: Add a LPC controller for POWER11

[Aditya Gupta]

On Fri, Apr 26, 2024 at 04:32:52PM +0200, Cédric Le Goater wrote:
> On 4/26/24 13:00, Aditya Gupta wrote:
> > Power11 core is same as Power10 core, declare PNV11_LPC as a child
> > class of PNV10_LPC, so it goes through same class init
> > 
> > Cc: Cédric Le Goater 
> > Cc: Frédéric Barrat 
> > Cc: Mahesh J Salgaonkar 
> > Cc: Madhavan Srinivasan 
> > Cc: Nicholas Piggin 
> > Signed-off-by: Aditya Gupta 
> 
> 
> Reviewed-by: Cédric Le Goater 

Thank you Cédric.

- Aditya Gupta

> 
> Thanks,
> 
> C.
> 
> 
> > ---
> >   hw/ppc/pnv_lpc.c | 14 ++
> >   include/hw/ppc/pnv_lpc.h |  4 
> >   2 files changed, 18 insertions(+)
> > 
> > diff --git a/hw/ppc/pnv_lpc.c b/hw/ppc/pnv_lpc.c
> > index d692858bee78..54b366221bc7 100644
> > --- a/hw/ppc/pnv_lpc.c
> > +++ b/hw/ppc/pnv_lpc.c
> > @@ -698,6 +698,19 @@ static const TypeInfo pnv_lpc_power10_info = {
> >   .class_init= pnv_lpc_power10_class_init,
> >   };
> > +static void pnv_lpc_power11_class_init(ObjectClass *klass, void *data)
> > +{
> > +DeviceClass *dc = DEVICE_CLASS(klass);
> > +
> > +dc->desc = "PowerNV LPC Controller POWER11";
> > +}
> > +
> > +static const TypeInfo pnv_lpc_power11_info = {
> > +.name  = TYPE_PNV11_LPC,
> > +.parent= TYPE_PNV10_LPC,
> > +.class_init= pnv_lpc_power11_class_init,
> > +};
> > +
> >   static void pnv_lpc_realize(DeviceState *dev, Error **errp)
> >   {
> >   PnvLpcController *lpc = PNV_LPC(dev);
> > @@ -771,6 +784,7 @@ static void pnv_lpc_register_types(void)
> >   type_register_static(_lpc_power8_info);
> >   type_register_static(_lpc_power9_info);
> >   type_register_static(_lpc_power10_info);
> > +type_register_static(_lpc_power11_info);
> >   }
> >   type_init(pnv_lpc_register_types)
> > diff --git a/include/hw/ppc/pnv_lpc.h b/include/hw/ppc/pnv_lpc.h
> > index 5d22c4557041..1069bca38dfd 100644
> > --- a/include/hw/ppc/pnv_lpc.h
> > +++ b/include/hw/ppc/pnv_lpc.h
> > @@ -41,6 +41,10 @@ DECLARE_INSTANCE_CHECKER(PnvLpcController, PNV9_LPC,
> >   DECLARE_INSTANCE_CHECKER(PnvLpcController, PNV10_LPC,
> >TYPE_PNV10_LPC)
> > +#define TYPE_PNV11_LPC TYPE_PNV_LPC "-POWER11"
> > +DECLARE_INSTANCE_CHECKER(PnvLpcController, PNV11_LPC,
> > + TYPE_PNV11_LPC)
> > +
> >   struct PnvLpcController {
> >   DeviceState parent;
> 

Re: [PATCH v2 04/10] ppc/pnv: Add HOMER for POWER11

[Aditya Gupta]

On Fri, Apr 26, 2024 at 04:32:37PM +0200, Cédric Le Goater wrote:
> On 4/26/24 13:00, Aditya Gupta wrote:
> > Power11 core is same as Power10, declare PNV11_HOMER as a child
> > class of PNV10_HOMER, so it goes through same class init
> > 
> > Cc: Cédric Le Goater 
> > Cc: Frédéric Barrat 
> > Cc: Mahesh J Salgaonkar 
> > Cc: Madhavan Srinivasan 
> > Cc: Nicholas Piggin 
> > Signed-off-by: Aditya Gupta 
> 
> 
> Reviewed-by: Cédric Le Goater 

Thank you Cédric.

- Aditya Gupta

> 
> Thanks,
> 
> C.
> 
> 
> > ---
> >   hw/ppc/pnv_homer.c | 8 
> >   include/hw/ppc/pnv_homer.h | 3 +++
> >   2 files changed, 11 insertions(+)
> > 
> > diff --git a/hw/ppc/pnv_homer.c b/hw/ppc/pnv_homer.c
> > index f9a203d11d0d..1b0123a6f2ea 100644
> > --- a/hw/ppc/pnv_homer.c
> > +++ b/hw/ppc/pnv_homer.c
> > @@ -394,6 +394,13 @@ static const TypeInfo pnv_homer_power10_type_info = {
> >   .parent= TYPE_PNV_HOMER,
> >   .instance_size = sizeof(PnvHomer),
> >   .class_init= pnv_homer_power10_class_init,
> > +.class_base_init = pnv_homer_power10_class_init,
> > +};
> > +
> > +static const TypeInfo pnv_homer_power11_type_info = {
> > +.name  = TYPE_PNV11_HOMER,
> > +.parent= TYPE_PNV10_HOMER,
> > +.instance_size = sizeof(PnvHomer),
> >   };
> >   static void pnv_homer_realize(DeviceState *dev, Error **errp)
> > @@ -442,6 +449,7 @@ static void pnv_homer_register_types(void)
> >   type_register_static(_homer_power8_type_info);
> >   type_register_static(_homer_power9_type_info);
> >   type_register_static(_homer_power10_type_info);
> > +type_register_static(_homer_power11_type_info);
> >   }
> >   type_init(pnv_homer_register_types);
> > diff --git a/include/hw/ppc/pnv_homer.h b/include/hw/ppc/pnv_homer.h
> > index b1c5d498dc55..8f1cc8135937 100644
> > --- a/include/hw/ppc/pnv_homer.h
> > +++ b/include/hw/ppc/pnv_homer.h
> > @@ -35,6 +35,9 @@ DECLARE_INSTANCE_CHECKER(PnvHomer, PNV9_HOMER,
> >   #define TYPE_PNV10_HOMER TYPE_PNV_HOMER "-POWER10"
> >   DECLARE_INSTANCE_CHECKER(PnvHomer, PNV10_HOMER,
> >TYPE_PNV10_HOMER)
> > +#define TYPE_PNV11_HOMER TYPE_PNV_HOMER "-POWER11"
> > +DECLARE_INSTANCE_CHECKER(PnvHomer, PNV11_HOMER,
> > + TYPE_PNV11_HOMER)
> >   struct PnvHomer {
> >   DeviceState parent;
> 

Re: [PATCH RFC 00/26] Multifd  device state transfer support with VFIO consumer

[Maciej S. Szmigiero]

On 24.04.2024 00:27, Peter Xu wrote:

On Tue, Apr 23, 2024 at 06:14:18PM +0200, Maciej S. Szmigiero wrote:

We don't lose any genericity since by default the transfer is done via
mixed RAM / device state multifd channels from a shared pool.

It's only when x-multifd-channels-device-state is set to value > 0 then
the requested multifd channel counts gets dedicated to device state.

It could be seen as a fine-tuning option for cases where tests show that
it provides some benefits to the particular workload - just like many
other existing migration options are.

14% downtime improvement is too much to waste - I'm not sure that's only
due to avoiding RAM syncs, it's possible that there are other subtle
performance interactions too.

For even more genericity this option could be named like
x-multifd-channels-map and contain an array of channel settings like
"ram,ram,ram,device-state,device-state".
Then a possible future other uses of multifd channels wouldn't even need
a new dedicated option.


Yeah I understand such option would only provide more options.

However as long as such option got introduced, user will start to do their
own "optimizations" on how to provision the multifd channels, and IMHO
it'll be great if we as developer can be crystal clear on why it needs to
be introduced in the first place, rather than making all channels open to
all purposes.

So I don't think I'm strongly against such parameter, but I want to double
check we really understand what's behind this to justify such parameter.
Meanwhile I'd be always be pretty caucious on introducing any migration
parameters, due to the compatibility nightmares.  The less parameter the
better..


Ack, I am also curious why dedicated device state multifd channels bring
such downtime improvement.





I think one of the reasons for these results is that mixed (RAM + device
state) multifd channels participate in the RAM sync process
(MULTIFD_FLAG_SYNC) whereas device state dedicated channels don't.


Firstly, I'm wondering whether we can have better names for these new
hooks.  Currently (only comment on the async* stuff):

- complete_precopy_async
- complete_precopy
- complete_precopy_async_wait

But perhaps better:

- complete_precopy_begin
- complete_precopy
- complete_precopy_end

?

As I don't see why the device must do something with async in such hook.
To me it's more like you're splitting one process into multiple, then
begin/end sounds more generic.


Ack, I will rename these hooks to begin/end.


Then, if with that in mind, IIUC we can already split ram_save_complete()
into >1 phases too. For example, I would be curious whether the performance
will go back to normal if we offloading multifd_send_sync_main() into the
complete_precopy_end(), because we really only need one shot of that, and I
am quite surprised it already greatly affects VFIO dumping its own things.


AFAIK there's already just one multifd_send_sync_main() during downtime -
the one called from save_live_complete_precopy SaveVMHandler.

In order to truly never interfere with device state transfer the sync would
need to be ordered after the device state transfer is complete - that is,
after VFIO complete_precopy_end (complete_precopy_async_wait) handler
returns.


Do you think it'll be worthwhile give it a shot, even if we can't decide
yet on the order of end()s to be called?


Upon a closer inspection it looks like that there are, in fact, *two*
RAM syncs done during the downtime - besides the one at the end of
ram_save_complete() there's another on in find_dirty_block(). This function
is called earlier from ram_save_complete() -> ram_find_and_save_block().

Unfortunately, skipping that intermediate sync in find_dirty_block() and
moving the one from the end of ram_save_complete() to another SaveVMHandler
that's called only after VFIO device state transfer doesn't actually
improve downtime (at least not on its own).


It'll be great if we could look into these issues instead of workarounds,
and figure out what affected the performance behind, and also whether that
can be fixed without such parameter.


I've been looking at this and added some measurements around device state
queuing for submission in multifd_queue_device_state().

To my surprise, the mixed RAM / device state config of 15/0 has *much*
lower total queuing time of around 100 msec compared to the dedicated
device state channels 15/4 config with total queuing time of around
300 msec.

Despite that, the 15/4 config still has significantly lower overall
downtime.

This means that any reason for the downtime difference is probably on
the receive / load side of the migration rather than on the save /
send side.

I guess the reason for the lower device state queuing time in the 15/0
case is that this data could be sent via any of the 15 multifd channels
rather than just the 4 dedicated ones in the 15/4 case.

Nevertheless, I will continue to look at this problem to at least find
some explanation 

Re: [PATCH v3 1/2] target/s390x: report deprecated-props in cpu-model-expansion reply

[Collin Walling]

On 4/26/24 04:42, Markus Armbruster wrote:
> Collin Walling  writes:
> 
>> Retain a list of deprecated features disjoint from any particular
>> CPU model. A query-cpu-model-expansion reply will now provide a list of
>> properties (i.e. features) that are flagged as deprecated. Example:
>>
>> {
>>   "return": {
>> "model": {
>>   "name": "z14.2-base",
>>   "deprecated-props": [
>> "bpb",
>> "csske"
>>   ],
>>   "props": {
>> "pfmfi": false,
>> "exrl": true,
>> ...a lot more props...
>> "skey": false,
>> "vxpdeh2": false
>>   }
>> }
>>   }
>> }
>>
>> It is recommended that s390 guests operate with these features
>> explicitly disabled to ensure compatability with future hardware.
>>
>> Signed-off-by: Collin Walling 
>> ---
>>  qapi/machine-target.json |  5 -
>>  target/s390x/cpu_features.c  | 14 ++
>>  target/s390x/cpu_features.h  |  1 +
>>  target/s390x/cpu_models_sysemu.c |  6 ++
>>  4 files changed, 25 insertions(+), 1 deletion(-)
>>
>> diff --git a/qapi/machine-target.json b/qapi/machine-target.json
>> index 29e695aa06..3799a60e3d 100644
>> --- a/qapi/machine-target.json
>> +++ b/qapi/machine-target.json
>> @@ -20,11 +20,14 @@
>>  #
>>  # @props: a dictionary of QOM properties to be applied
>>  #
>> +# @deprecated-props: a list of QOM properties that are flagged as deprecated
> 
> Deprecated by whom?  QEMU?  The CPU vendor?
> 

The CPU vendor would be the one who decides which props are deprecated.
How about:

# @deprecated-props: a list of QOM properties that are flagged as
 deprecated by the CPU vendor

> docs/devel/qapi-code-gen.rst:
> 
> For legibility, wrap text paragraphs so every line is at most 70
> characters long.
> 

Noted for next iteration.  Thank you.

>> +#
>>  # Since: 2.8
>>  ##
>>  { 'struct': 'CpuModelInfo',
>>'data': { 'name': 'str',
>> -'*props': 'any' } }
>> +'*props': 'any',
>> +'*deprecated-props': ['str'] } }
>>  
>>  ##
>>  # @CpuModelExpansionType:
> 
> [...]
> 
> 

-- 
Regards,
  Collin

Re: [PATCH] qga: Re-enable the qga-ssh-test when running without fuzzing

[Philippe Mathieu-Daudé]

On 26/4/24 18:23, Thomas Huth wrote:

According to the comment in qga/meson.build, the test got disabled
since there were problems with the fuzzing job. But instead of
disabling this test completely, we should still be fine running
it when fuzzing is disabled.

Signed-off-by: Thomas Huth 
---
  qga/meson.build | 5 ++---
  1 file changed, 2 insertions(+), 3 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v2 03/10] ppc/pnv: Add a Power11 Pnv11Chip, and a Power11 Machine

[Aditya Gupta]

Hello Cédric,

> >
> > <...snip...>
> >
> > - * Multi processor support for POWER8, POWER8NVL and POWER9.
> > + * Multi processor support for POWER8, POWER8NVL, POWER9, POWER10 and 
> > Power11.
> 
> POWER10 -> Power10. Don't ask me why.

Sure, got it !

> 
> >* XSCOM, serial communication sideband bus to configure chiplets.
> >* Simple LPC Controller.
> >* Processor Service Interface (PSI) Controller.
> > - * Interrupt Controller, XICS (POWER8) and XIVE (POWER9) and XIVE2 
> > (Power10).
> > + * Interrupt Controller, XICS (POWER8) and XIVE (POWER9) and XIVE2 
> > (Power10 &
> > +   Power11).
> >* POWER8 PHB3 PCIe Host bridge and POWER9 PHB4 PCIe Host bridge.
> >* Simple OCC is an on-chip micro-controller used for power management 
> > tasks.
> >* iBT device to handle BMC communication, with the internal BMC simulator
> > diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
> > index 74e7908e5ffb..06e272f3bdd3 100644
> > --- a/hw/ppc/pnv.c
> > +++ b/hw/ppc/pnv.c
> > @@ -431,13 +431,27 @@ static const uint8_t pa_features_31[] = { 74, 0,
> >   static void pnv_chip_power10_dt_populate(PnvChip *chip, void *fdt)
> >   {
> > -static const char compat[] = "ibm,power10-xscom\0ibm,xscom";
> > +PnvChipClass *pcc = PNV_CHIP_GET_CLASS(chip);
> > +static const char compat_p10[] = "ibm,power10-xscom\0ibm,xscom";
> > +static const char compat_p11[] = "ibm,power11-xscom\0ibm,xscom";
> > +
> > +PnvChipType chip_type = pcc->chip_type;
> > +const char *compat;
> > +int compat_len;
> >   int i;
> > +if (chip_type == PNV_TYPE_POWER11) {
> > +compat = compat_p11;
> > +compat_len = sizeof(compat_p11);
> > +} else {
> > +compat = compat_p10;
> > +compat_len = sizeof(compat_p10);
> > +}
> 
> please introduce a pnv_chip_power11_dt_populate() routine instead.

Okay.

> 
> >   pnv_dt_xscom(chip, fdt, 0,
> >cpu_to_be64(PNV10_XSCOM_BASE(chip)),
> >cpu_to_be64(PNV10_XSCOM_SIZE),
> > - compat, sizeof(compat));
> > + compat, compat_len);
> >   for (i = 0; i < chip->nr_cores; i++) {
> >   PnvCore *pnv_core = chip->cores[i];
> > @@ -1288,6 +1302,8 @@ static void pnv_chip_power10_intc_print_info(PnvChip 
> > *chip, PowerPCCPU *cpu,
> >   #define POWER10_CORE_MASK  (0xffull)
> > +#define POWER11_CORE_MASK  (0xffull)
> > +
> >   static void pnv_chip_power8_instance_init(Object *obj)
> >   {
> >   Pnv8Chip *chip8 = PNV8_CHIP(obj);
> > @@ -1838,6 +1854,7 @@ static void pnv_chip_power10_instance_init(Object 
> > *obj)
> >   static void pnv_chip_power10_quad_realize(Pnv10Chip *chip10, Error **errp)
> >   {
> >   PnvChip *chip = PNV_CHIP(chip10);
> > +PnvChipClass *chip_class = PNV_CHIP_GET_CLASS(chip);
> >   int i;
> >   chip10->nr_quads = DIV_ROUND_UP(chip->nr_cores, 4);
> > @@ -1846,7 +1863,11 @@ static void pnv_chip_power10_quad_realize(Pnv10Chip 
> > *chip10, Error **errp)
> >   for (i = 0; i < chip10->nr_quads; i++) {
> >   PnvQuad *eq = >quads[i];
> > -pnv_chip_quad_realize_one(chip, eq, chip->cores[i * 4],
> > +if (chip_class->chip_type == PNV_TYPE_POWER11)
> > +pnv_chip_quad_realize_one(chip, eq, chip->cores[i * 4],
> > +  PNV_QUAD_TYPE_NAME("power11"));
> > +else
> > +pnv_chip_quad_realize_one(chip, eq, chip->cores[i * 4],
> > PNV_QUAD_TYPE_NAME("power10"));
> 
> 
> Please change introduce a new pnv_chip_quad_realize() routine taking an
> extra type_name argument.

Sure, can do it. But as it's called from 'pnv_chip_power10_realize',
might require a 'pnv_chip_power11_realize' function also, so it can pass
type_name as "power11" vs "power10".
Will do it.

> 
> 
> >   pnv_xscom_add_subregion(chip, PNV10_XSCOM_EQ_BASE(eq->quad_id),
> > @@ -2116,6 +2137,35 @@ static void pnv_chip_power10_class_init(ObjectClass 
> > *klass, void *data)
> >   >parent_realize);
> >   }
> > +static void pnv_chip_power11_class_init(ObjectClass *klass, void *data)
> > +{
> > +DeviceClass *dc = DEVICE_CLASS(klass);
> > +PnvChipClass *k = PNV_CHIP_CLASS(klass);
> > +
> > +static const int i2c_ports_per_engine[PNV10_CHIP_MAX_I2C] = {14, 14, 
> > 2, 16};
> > +
> > +k->chip_cfam_id = 0x120da0498000ull; /* P11 (with NX) */
> > +k->chip_type = PNV_TYPE_POWER11;
> > +k->cores_mask = POWER11_CORE_MASK;
> > +k->chip_pir = pnv_chip_pir_p10;
> > +k->intc_create = pnv_chip_power10_intc_create;
> > +k->intc_reset = pnv_chip_power10_intc_reset;
> > +k->intc_destroy = pnv_chip_power10_intc_destroy;
> > +k->intc_print_info = pnv_chip_power10_intc_print_info;
> > +k->isa_create = pnv_chip_power10_isa_create;
> > +k->dt_populate = pnv_chip_power10_dt_populate;
> > +k->pic_print_info = pnv_chip_power10_pic_print_info;
> > +

Re: [PATCH RFC 00/26] Multifd  device state transfer support with VFIO consumer

[Maciej S. Szmigiero]

On 24.04.2024 00:35, Peter Xu wrote:

On Wed, Apr 24, 2024 at 12:25:08AM +0200, Maciej S. Szmigiero wrote:

On 24.04.2024 00:20, Peter Xu wrote:

On Tue, Apr 23, 2024 at 06:15:35PM +0200, Maciej S. Szmigiero wrote:

On 19.04.2024 17:31, Peter Xu wrote:

On Fri, Apr 19, 2024 at 11:07:21AM +0100, Daniel P. Berrangé wrote:

On Thu, Apr 18, 2024 at 04:02:49PM -0400, Peter Xu wrote:

On Thu, Apr 18, 2024 at 08:14:15PM +0200, Maciej S. Szmigiero wrote:

I think one of the reasons for these results is that mixed (RAM + device
state) multifd channels participate in the RAM sync process
(MULTIFD_FLAG_SYNC) whereas device state dedicated channels don't.


Firstly, I'm wondering whether we can have better names for these new
hooks.  Currently (only comment on the async* stuff):

 - complete_precopy_async
 - complete_precopy
 - complete_precopy_async_wait

But perhaps better:

 - complete_precopy_begin
 - complete_precopy
 - complete_precopy_end

?

As I don't see why the device must do something with async in such hook.
To me it's more like you're splitting one process into multiple, then
begin/end sounds more generic.

Then, if with that in mind, IIUC we can already split ram_save_complete()
into >1 phases too. For example, I would be curious whether the performance
will go back to normal if we offloading multifd_send_sync_main() into the
complete_precopy_end(), because we really only need one shot of that, and I
am quite surprised it already greatly affects VFIO dumping its own things.

I would even ask one step further as what Dan was asking: have you thought
about dumping VFIO states via multifd even during iterations?  Would that
help even more than this series (which IIUC only helps during the blackout
phase)?


To dump during RAM iteration, the VFIO device will need to have
dirty tracking and iterate on its state, because the guest CPUs
will still be running potentially changing VFIO state. That seems
impractical in the general case.


We already do such interations in vfio_save_iterate()?

My understanding is the recent VFIO work is based on the fact that the VFIO
device can track device state changes more or less (besides being able to
save/load full states).  E.g. I still remember in our QE tests some old
devices report much more dirty pages than expected during the iterations
when we were looking into such issue that a huge amount of dirty pages
reported.  But newer models seem to have fixed that and report much less.

That issue was about GPU not NICs, though, and IIUC a major portion of such
tracking used to be for GPU vRAMs.  So maybe I was mixing up these, and
maybe they work differently.


The device which this series was developed against (Mellanox ConnectX-7)
is already transferring its live state before the VM gets stopped (via
save_live_iterate SaveVMHandler).

It's just that in addition to the live state it has more than 400 MiB
of state that cannot be transferred while the VM is still running.
And that fact hurts a lot with respect to the migration downtime.

AFAIK it's a very similar story for (some) GPUs.


So during iteration phase VFIO cannot yet leverage the multifd channels
when with this series, am I right?


That's right.


Is it possible to extend that use case too?


I guess so, but since this phase (iteration while the VM is still
running) doesn't impact downtime it is much less critical.


But it affects the bandwidth, e.g. even with multifd enabled, the device
iteration data will still bottleneck at ~15Gbps on a common system setup
the best case, even if the hosts are 100Gbps direct connected.  Would that
be a concern in the future too, or it's known problem and it won't be fixed
anyway?


I think any improvements to the migration performance are good, even if
they don't impact downtime.

It's just that this patch set focuses on the downtime phase as the more
critical thing.

After this gets improved there's no reason why not to look at improving
performance of the VM live phase too if it brings sensible improvements.


I remember Avihai used to have plan to look into similar issues, I hope
this is exactly what he is looking for.  Otherwise changing migration
protocol from time to time is cumbersome; we always need to provide a flag
to make sure old systems migrates in the old ways, new systems run the new
ways, and for such a relatively major change I'd want to double check on
how far away we can support offload VFIO iterations data to multifd.


The device state transfer is indicated by a new flag in the multifd
header (MULTIFD_FLAG_DEVICE_STATE).

If we are to use multifd channels for VM live phase transfers these
could simply re-use the same flag type.


Thanks,



Thanks,
Maciej

Re: [PATCH v7 09/12] hw/cxl/events: Add qmp interfaces to add/release dynamic capacity extents

[fan]

On Fri, Apr 26, 2024 at 11:12:50AM +0200, Markus Armbruster wrote:
> nifan@gmail.com writes:
> 
> > From: Fan Ni 
> >
> > To simulate FM functionalities for initiating Dynamic Capacity Add
> > (Opcode 5604h) and Dynamic Capacity Release (Opcode 5605h) as in CXL spec
> > r3.1 7.6.7.6.5 and 7.6.7.6.6, we implemented two QMP interfaces to issue
> > add/release dynamic capacity extents requests.
> >
> > With the change, we allow to release an extent only when its DPA range
> > is contained by a single accepted extent in the device. That is to say,
> > extent superset release is not supported yet.
> >
> > 1. Add dynamic capacity extents:
> >
> > For example, the command to add two continuous extents (each 128MiB long)
> > to region 0 (starting at DPA offset 0) looks like below:
> >
> > { "execute": "qmp_capabilities" }
> >
> > { "execute": "cxl-add-dynamic-capacity",
> >   "arguments": {
> >   "path": "/machine/peripheral/cxl-dcd0",
> >   "hid": 0,
> >   "selection-policy": 2,
> >   "region-id": 0,
> >   "tag": "",
> >   "extents": [
> >   {
> >   "offset": 0,
> >   "len": 134217728
> >   },
> >   {
> >   "offset": 134217728,
> >   "len": 134217728
> >   }
> >   ]
> >   }
> > }
> >
> > 2. Release dynamic capacity extents:
> >
> > For example, the command to release an extent of size 128MiB from region 0
> > (DPA offset 128MiB) looks like below:
> >
> > { "execute": "cxl-release-dynamic-capacity",
> >   "arguments": {
> >   "path": "/machine/peripheral/cxl-dcd0",
> >   "hid": 0,
> >   "flags": 1,
> >   "region-id": 0,
> >   "tag": "",
> >   "extents": [
> >   {
> >   "offset": 134217728,
> >   "len": 134217728
> >   }
> >   ]
> >   }
> > }
> >
> > Signed-off-by: Fan Ni 
> > ---
> >  hw/cxl/cxl-mailbox-utils.c  |  62 +--
> >  hw/mem/cxl_type3.c  | 311 +++-
> >  hw/mem/cxl_type3_stubs.c|  20 +++
> >  include/hw/cxl/cxl_device.h |  22 +++
> >  include/hw/cxl/cxl_events.h |  18 +++
> >  qapi/cxl.json   |  69 
> >  6 files changed, 489 insertions(+), 13 deletions(-)
> >
> > diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c
> > index 9d54e10cd4..3569902e9e 100644
> > --- a/hw/cxl/cxl-mailbox-utils.c
> > +++ b/hw/cxl/cxl-mailbox-utils.c
> > @@ -1405,7 +1405,7 @@ static CXLRetCode cmd_dcd_get_dyn_cap_ext_list(const 
> > struct cxl_cmd *cmd,
> >   * Check whether any bit between addr[nr, nr+size) is set,
> >   * return true if any bit is set, otherwise return false
> >   */
> > -static bool test_any_bits_set(const unsigned long *addr, unsigned long nr,
> > +bool test_any_bits_set(const unsigned long *addr, unsigned long nr,
> >unsigned long size)
> >  {
> >  unsigned long res = find_next_bit(addr, size + nr, nr);
> > @@ -1444,7 +1444,7 @@ CXLDCRegion *cxl_find_dc_region(CXLType3Dev *ct3d, 
> > uint64_t dpa, uint64_t len)
> >  return NULL;
> >  }
> >  
> > -static void cxl_insert_extent_to_extent_list(CXLDCExtentList *list,
> > +void cxl_insert_extent_to_extent_list(CXLDCExtentList *list,
> >   uint64_t dpa,
> >   uint64_t len,
> >   uint8_t *tag,
> > @@ -1470,6 +1470,44 @@ void 
> > cxl_remove_extent_from_extent_list(CXLDCExtentList *list,
> >  g_free(extent);
> >  }
> >  
> > +/*
> > + * Add a new extent to the extent "group" if group exists;
> > + * otherwise, create a new group
> > + * Return value: return the group where the extent is inserted.
> > + */
> > +CXLDCExtentGroup *cxl_insert_extent_to_extent_group(CXLDCExtentGroup 
> > *group,
> > +uint64_t dpa,
> > +uint64_t len,
> > +uint8_t *tag,
> > +uint16_t shared_seq)
> > +{
> > +if (!group) {
> > +group = g_new0(CXLDCExtentGroup, 1);
> > +QTAILQ_INIT(>list);
> > +}
> > +cxl_insert_extent_to_extent_list(>list, dpa, len,
> > + tag, shared_seq);
> > +return group;
> > +}
> > +
> > +void cxl_extent_group_list_insert_tail(CXLDCExtentGroupList *list,
> > +   CXLDCExtentGroup *group)
> > +{
> > +QTAILQ_INSERT_TAIL(list, group, node);
> > +}
> > +
> > +void cxl_extent_group_list_delete_front(CXLDCExtentGroupList *list)
> > +{
> > +CXLDCExtent *ent, *ent_next;
> > +CXLDCExtentGroup *group = QTAILQ_FIRST(list);
> > +
> > +QTAILQ_REMOVE(list, group, node);
> > +QTAILQ_FOREACH_SAFE(ent, >list, node, ent_next) {
> > +cxl_remove_extent_from_extent_list(>list, ent);
> > +}
> > +g_free(group);
> > +}
> > +
> >  /*
> >   * CXL r3.1 Table 8-168: Add 

Re: [PATCH v2 01/10] ppc/pseries: Add Power11 cpu type

[Cédric Le Goater]

On 4/26/24 19:12, Aditya Gupta wrote:

Hello Cédric,


diff --git a/docs/system/ppc/pseries.rst b/docs/system/ppc/pseries.rst
index a876d897b6e4..3277564b34c2 100644
--- a/docs/system/ppc/pseries.rst
+++ b/docs/system/ppc/pseries.rst
@@ -15,9 +15,9 @@ Supported devices
   =
* Multi processor support for many Power processors generations: POWER7,
-   POWER7+, POWER8, POWER8NVL, POWER9, and Power10. Support for POWER5+ exists,
-   but its state is unknown.
- * Interrupt Controller, XICS (POWER8) and XIVE (POWER9 and Power10)
+   POWER7+, POWER8, POWER8NVL, POWER9, Power10 and Power11. Support for POWER5+
+   exists, but its state is unknown.


The POWER5+ pseries machine seems functionnal with SLOF
(Sep 18 2023 18:57:48) and Linux 6.6.3 under TCG. May be worth
to mention (for AIX users) in another patch.


Sure, thanks for pointing this, will add these changes in a separate
patch.

There were some points in 'powernv' docs, that might need updating:

Quoting lines from docs/system/ppc/powernv.rst:


Missing devices
---

A lot is missing, among which :

  * I2C controllers (yet to be merged).
  * NPU/NPU2/NPU3 controllers.
  * EEH support for PCIe Host bridge controllers.
  * NX controller.
  * VAS controller.
  * chipTOD (Time Of Day).
  * Self Boot Engine (SBE).
  * FSI bus.


I can see that 'chipTOD' was added in commit 9a69950feb098. I2C mentions
yet to merge, is it merged yet ?


yes.



I will check whether this needs updating, but might do it in a separate
patch than this series.


Thanks,

Re: [PATCH v2 02/10] ppc/pnv: Introduce 'PnvChipClass::chip_type'

[Aditya Gupta]

Hello Cédric,

> >
> > <...snip...>
> >
> > diff --git a/include/hw/ppc/pnv_chip.h b/include/hw/ppc/pnv_chip.h
> > index 8589f3291ed3..ebfe82b89537 100644
> > --- a/include/hw/ppc/pnv_chip.h
> > +++ b/include/hw/ppc/pnv_chip.h
> > @@ -17,12 +17,21 @@
> >   OBJECT_DECLARE_TYPE(PnvChip, PnvChipClass,
> >   PNV_CHIP)
> > +typedef enum PnvChipType {
> > +PNV_TYPE_POWER8E, /* AKA Murano (default) */
> > +PNV_TYPE_POWER8,  /* AKA Venice */
> > +PNV_TYPE_POWER8NVL,   /* AKA Naples */
> > +PNV_TYPE_POWER9,  /* AKA Nimbus */
> > +PNV_TYPE_POWER10,
> > +} PnvChipType;
> 
> Nope.
> 
> > +
> >   struct PnvChip {
> >   /*< private >*/
> >   SysBusDevice parent_obj;
> >   /*< public >*/
> >   uint32_t chip_id;
> > +
> >   uint64_t ram_start;
> >   uint64_t ram_size;
> > @@ -137,6 +146,7 @@ struct PnvChipClass {
> >   SysBusDeviceClass parent_class;
> >   /*< public >*/
> > +PnvChipType  chip_type;
> >   uint64_t chip_cfam_id;
> >   uint64_t cores_mask;
> >   uint32_t num_pecs;
> 
> Adding an enum type under PnvChipClass which is a type already
> looks wrong. Please find another way. It is possible I am sure.

True. You suggested one possible way in patch #3, to replicate the
*_dt_populate and quad_realize functions for Power11 also.

Another way to do this was depending on the type string in qemu
object's class type name, or object_cast_cache, but I decided not to go
with string comparison or depending on internal strings.

Will use your suggestion in patch #3.

Thanks,
Aditya Gupta

> 
> Thanks,
> 
> C.
> 
> 

Re: [PATCH v2 01/10] ppc/pseries: Add Power11 cpu type

[Aditya Gupta]

Hello Cédric,

> > diff --git a/docs/system/ppc/pseries.rst b/docs/system/ppc/pseries.rst
> > index a876d897b6e4..3277564b34c2 100644
> > --- a/docs/system/ppc/pseries.rst
> > +++ b/docs/system/ppc/pseries.rst
> > @@ -15,9 +15,9 @@ Supported devices
> >   =
> >* Multi processor support for many Power processors generations: POWER7,
> > -   POWER7+, POWER8, POWER8NVL, POWER9, and Power10. Support for POWER5+ 
> > exists,
> > -   but its state is unknown.
> > - * Interrupt Controller, XICS (POWER8) and XIVE (POWER9 and Power10)
> > +   POWER7+, POWER8, POWER8NVL, POWER9, Power10 and Power11. Support for 
> > POWER5+
> > +   exists, but its state is unknown.
> 
> The POWER5+ pseries machine seems functionnal with SLOF
> (Sep 18 2023 18:57:48) and Linux 6.6.3 under TCG. May be worth
> to mention (for AIX users) in another patch.

Sure, thanks for pointing this, will add these changes in a separate
patch.

There were some points in 'powernv' docs, that might need updating:

Quoting lines from docs/system/ppc/powernv.rst:

> Missing devices
> ---
> 
> A lot is missing, among which :
> 
>  * I2C controllers (yet to be merged).
>  * NPU/NPU2/NPU3 controllers.
>  * EEH support for PCIe Host bridge controllers.
>  * NX controller.
>  * VAS controller.
>  * chipTOD (Time Of Day).
>  * Self Boot Engine (SBE).
>  * FSI bus.

I can see that 'chipTOD' was added in commit 9a69950feb098. I2C mentions
yet to merge, is it merged yet ?

I will check whether this needs updating, but might do it in a separate
patch than this series.

Thanks,
- Aditya Gupta

> 
> > + * Interrupt Controller, XICS (POWER8) and XIVE (POWER9, Power10, Power11)
> >* vPHB PCIe Host bridge.
> >* vscsi and vnet devices, compatible with the same devices available on a
> >  PowerVM hypervisor with VIOS managing LPARs.

Re: [PATCH v2 01/10] ppc/pseries: Add Power11 cpu type

[Aditya Gupta]

Hello Cédric,

Thanks for your reviews.

On Fri, Apr 26, 2024 at 04:27:04PM +0200, Cédric Le Goater wrote:
> Hello Aditya
> 
> On 4/26/24 13:00, Aditya Gupta wrote:
> > Add base support for "--cpu power11" in QEMU.
> > 
> > Power11 core is same as Power10, hence reuse functions defined for
> > Power10.
> 
> Power11 uses the same ISA it seems. What's the value then ?

Yes, it uses the same ISA. But I added this option so we can have a
Power11 PVR in QEMU, which should be identified as Power11 in skiboot
and linux, hence defined Power11 cpu type, even though code here is
almost same as Power10.

> 
> > 
> > Cc: Cédric Le Goater 
> > Cc: Daniel Henrique Barboza 
> > Cc: David Gibson 
> > Cc: Harsh Prateek Bora 
> > Cc: Mahesh J Salgaonkar 
> > Cc: Madhavan Srinivasan 
> > Cc: Nicholas Piggin 
> > Signed-off-by: Aditya Gupta 
> > ---
> >   docs/system/ppc/pseries.rst |  6 +--
> >   hw/ppc/spapr_cpu_core.c |  1 +
> 
> 
> I would separate the CPU target code adding support for a new POWER
> Processor from the machine code (pseries).

Sure, I will split it in v3.

> 
> 
> >   target/ppc/compat.c |  7 +++
> >   target/ppc/cpu-models.c |  2 +
> >   target/ppc/cpu-models.h |  2 +
> >   target/ppc/cpu_init.c   | 99 +
> >   6 files changed, 114 insertions(+), 3 deletions(-)
> > 
> > diff --git a/docs/system/ppc/pseries.rst b/docs/system/ppc/pseries.rst
> > index a876d897b6e4..3277564b34c2 100644
> > --- a/docs/system/ppc/pseries.rst
> > +++ b/docs/system/ppc/pseries.rst
> > @@ -15,9 +15,9 @@ Supported devices
> >   =
> >* Multi processor support for many Power processors generations: POWER7,
> > -   POWER7+, POWER8, POWER8NVL, POWER9, and Power10. Support for POWER5+ 
> > exists,
> > -   but its state is unknown.
> > - * Interrupt Controller, XICS (POWER8) and XIVE (POWER9 and Power10)
> > +   POWER7+, POWER8, POWER8NVL, POWER9, Power10 and Power11. Support for 
> > POWER5+
> > +   exists, but its state is unknown.
> 
> The POWER5+ pseries machine seems functionnal with SLOF
> (Sep 18 2023 18:57:48) and Linux 6.6.3 under TCG. May be worth
> to mention (for AIX users) in another patch.
> 
> > + * Interrupt Controller, XICS (POWER8) and XIVE (POWER9, Power10, Power11)
> >* vPHB PCIe Host bridge.
> >* vscsi and vnet devices, compatible with the same devices available on a
> >  PowerVM hypervisor with VIOS managing LPARs.
> > diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
> > index e7c9edd033c8..c6e85c031178 100644
> > --- a/hw/ppc/spapr_cpu_core.c
> > +++ b/hw/ppc/spapr_cpu_core.c
> > @@ -401,6 +401,7 @@ static const TypeInfo spapr_cpu_core_type_infos[] = {
> >   DEFINE_SPAPR_CPU_CORE_TYPE("power9_v2.0"),
> >   DEFINE_SPAPR_CPU_CORE_TYPE("power9_v2.2"),
> >   DEFINE_SPAPR_CPU_CORE_TYPE("power10_v2.0"),
> > +DEFINE_SPAPR_CPU_CORE_TYPE("power11"),
> >   #ifdef CONFIG_KVM
> >   DEFINE_SPAPR_CPU_CORE_TYPE("host"),
> >   #endif
> > diff --git a/target/ppc/compat.c b/target/ppc/compat.c
> > index ebef2cccecf3..12dd8ae290ca 100644
> > --- a/target/ppc/compat.c
> > +++ b/target/ppc/compat.c
> > @@ -100,6 +100,13 @@ static const CompatInfo compat_table[] = {
> >   .pcr_level = PCR_COMPAT_3_10,
> >   .max_vthreads = 8,
> >   },
> > +{ /* POWER11, ISA3.10 */
> > +.name = "power11",
> > +.pvr = CPU_POWERPC_LOGICAL_3_10_PLUS,
> > +.pcr = PCR_COMPAT_3_10,
> > +.pcr_level = PCR_COMPAT_3_10,
> > +.max_vthreads = 8,
> > +},
> >   };
> >   static const CompatInfo *compat_by_pvr(uint32_t pvr)
> > diff --git a/target/ppc/cpu-models.c b/target/ppc/cpu-models.c
> > index f2301b43f78b..1870e69b63df 100644
> > --- a/target/ppc/cpu-models.c
> > +++ b/target/ppc/cpu-models.c
> > @@ -734,6 +734,8 @@
> >   "POWER9 v2.2")
> >   POWERPC_DEF("power10_v2.0",  CPU_POWERPC_POWER10_DD20,   
> > POWER10,
> >   "POWER10 v2.0")
> > +POWERPC_DEF("power11",  CPU_POWERPC_POWER11,   POWER11,
> > +"POWER11")
> >   #endif /* defined (TARGET_PPC64) */
> >   
> > /***/
> > diff --git a/target/ppc/cpu-models.h b/target/ppc/cpu-models.h
> > index 0229ef3a9a5c..a1b540c3aa9e 100644
> > --- a/target/ppc/cpu-models.h
> > +++ b/target/ppc/cpu-models.h
> > @@ -354,6 +354,7 @@ enum {
> >   CPU_POWERPC_POWER10_BASE   = 0x0080,
> >   CPU_POWERPC_POWER10_DD1= 0x00801100,
> >   CPU_POWERPC_POWER10_DD20   = 0x00801200,
> > +CPU_POWERPC_POWER11= 0x00821200,
> 
> is that a DD2.2 PVR ? If so, It should be mentionned in the definition.
> 

Yes, I have kept the last 2 bytes same as P10 DD2. I will mention it
above the line I have added it, in v3.

Thanks,
Aditya Gupta

> 
> 
> Thanks,
> 
> C.
> 
> 
> 
> >   CPU_POWERPC_970_v22= 0x00390202,
> >   CPU_POWERPC_970FX_v10  = 

Re: [PATCH v5 09/13] hw/cxl/events: Add qmp interfaces to add/release dynamic capacity extents

[Gregory Price]

On Fri, Apr 26, 2024 at 04:55:55PM +0100, Jonathan Cameron wrote:
> On Wed, 24 Apr 2024 10:33:33 -0700
> Ira Weiny  wrote:
> 
> > Markus Armbruster wrote:
> > > nifan@gmail.com writes:
> > >   
> > > > From: Fan Ni 
> > > >
> > > > Since fabric manager emulation is not supported yet, the change 
> > > > implements
> > > > the functions to add/release dynamic capacity extents as QMP 
> > > > interfaces.  
> > > 
> > > Will fabric manager emulation obsolete these commands?  
> > 
> > I don't think so.  In the development of the kernel, I see these being
> > valuable to do CI and regression testing without the complexity of an FM.
> 
> Fully agree - I also long term see these as the drivers for one
> possible virtualization stack for DCD devices (whether it turns
> out to be the way forwards for that is going to take a while to
> resolve!)
> 
> It doesn't make much sense to add a fabric manager into that flow
> or to expose an appropriate (maybe MCTP) interface from QEMU just
> to poke the emulated device.
> 
> Jonathan
> 

fwiw it's useful in modeling the Orchestrator/Fabric Manager interaction,
since you can basically build a little emulated MHD FM-LD on top of this.

You basically just put a tiny software layer in front that converts what
would be MCTP or whatever commands into QMP commands forwarded to the
appropriate socket.

When a real device comes around, you just point it at the real thing
instead of that small software layer.

But for the actual fabric manager, less useful. (Also, if you're
confused, it's because fabric manager is such an overloaded term
*laughcry*)

~Gregory

[PATCH] qga: Re-enable the qga-ssh-test when running without fuzzing

[Thomas Huth]

According to the comment in qga/meson.build, the test got disabled
since there were problems with the fuzzing job. But instead of
disabling this test completely, we should still be fine running
it when fuzzing is disabled.

Signed-off-by: Thomas Huth 
---
 qga/meson.build | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/qga/meson.build b/qga/meson.build
index 1c3d2a3d1b..46c1d83d7f 100644
--- a/qga/meson.build
+++ b/qga/meson.build
@@ -181,12 +181,11 @@ test_env = environment()
 test_env.set('G_TEST_SRCDIR', meson.current_source_dir())
 test_env.set('G_TEST_BUILDDIR', meson.current_build_dir())
 
-# disable qga-ssh-test for now. glib's G_TEST_OPTION_ISOLATE_DIRS triggers
+# disable qga-ssh-test with fuzzing: glib's G_TEST_OPTION_ISOLATE_DIRS triggers
 # the leak detector in build-oss-fuzz Gitlab CI test. we should re-enable
 # this when an alternative is implemented or when the underlying glib
 # issue is identified/fix
-#if host_os != 'windows'
-if false
+if host_os != 'windows' and not get_option('fuzzing')
   srcs = [files('commands-posix-ssh.c')]
   i = 0
   foreach output: qga_qapi_outputs
-- 
2.44.0

Re: [PATCH v2 1/4] vfio/ap: Use g_autofree variable in vfio_ap_register_irq_notifier()

[Anthony Krowiak]

On 4/25/24 5:02 AM, Cédric Le Goater wrote:

Signed-off-by: Cédric Le Goater 
---
  hw/vfio/ap.c | 10 +++---
  1 file changed, 3 insertions(+), 7 deletions(-)



LGTM

Reviewed-by: Anthony Krowiak 




diff --git a/hw/vfio/ap.c b/hw/vfio/ap.c
index 
7c4caa5938636937680fec87e999249ac84a4498..03f8ffaa5e2bf13cf8daa2f44aa4cf17809abd94
 100644
--- a/hw/vfio/ap.c
+++ b/hw/vfio/ap.c
@@ -77,7 +77,7 @@ static void vfio_ap_register_irq_notifier(VFIOAPDevice 
*vapdev,
  size_t argsz;
  IOHandler *fd_read;
  EventNotifier *notifier;
-struct vfio_irq_info *irq_info;
+g_autofree struct vfio_irq_info *irq_info = NULL;
  VFIODevice *vdev = >vdev;
  
  switch (irq) {

@@ -104,14 +104,14 @@ static void vfio_ap_register_irq_notifier(VFIOAPDevice 
*vapdev,
  if (ioctl(vdev->fd, VFIO_DEVICE_GET_IRQ_INFO,
irq_info) < 0 || irq_info->count < 1) {
  error_setg_errno(errp, errno, "vfio: Error getting irq info");
-goto out_free_info;
+return;
  }
  
  if (event_notifier_init(notifier, 0)) {

  error_setg_errno(errp, errno,
   "vfio: Unable to init event notifier for irq (%d)",
   irq);
-goto out_free_info;
+return;
  }
  
  fd = event_notifier_get_fd(notifier);

@@ -122,10 +122,6 @@ static void vfio_ap_register_irq_notifier(VFIOAPDevice 
*vapdev,
  qemu_set_fd_handler(fd, NULL, NULL, vapdev);
  event_notifier_cleanup(notifier);
  }
-
-out_free_info:
-g_free(irq_info);
-
  }
  
  static void vfio_ap_unregister_irq_notifier(VFIOAPDevice *vapdev,

Re: [PATCH] .gitlab-ci.d/cirrus: Remove the netbsd and openbsd jobs

[Thomas Huth]

On 26/04/2024 15.46, Eldon Stegall wrote:

On Fri, Apr 26, 2024 at 02:47:20PM +0200, Thomas Huth wrote:

With regards to NetBSD and OpenBSD, this is not a step backward since these
gitlab jobs were never run anyway (they could only be triggered manually,
but hardly anybody did that AFAIK).

If we want to have proper support for those OSes, I think somebody would
need to set up a custom runner on a beefy KVM-capable server somewhere where
we could run the "make vm-build-*bsd" commands. By the way, are Eldon's CI
runners still around? IIRC they were capable of running KVM ?


My datacenter had a power outage recently, so I disable my runner, and
haven't prioritized bringing it back up until now. I am glad to get this
going again, I'll look at it this weekend.


It's not for me to decide, but IMHO it would be a great possibility to run 
some additional KVM-based tests (like the vm-build-*bsd tests) in QEMU's CI!



There should also be plenty of space to build *bsd VM's. Do pre-existing
upstream BSD images have an nocloud support so that we can build from a
stable updated base? Sorry I'm not super familiar with the BSD
ecosystems, but happy to try to fill in the gaps.


QEMU's test suite comes with a handy way of doing tests on OpenBSD, NetBSD 
and FreeBSD: If you've got a KVM-capable Linux host, you just have to type 
"make vm-build-freebsd J=$(nproc)" to build and test the QEMU sources in a 
FreeBSD VM. It will automatically fetch and install a VM image for you.


 Thomas

Re: [PATCH v4 1/1] hw/arm/sbsa-ref: Enable CPU cluster on ARM sbsa machine

[Richard Henderson]

On 4/26/24 00:35, Xiong Yining wrote:

From: xiongyining1480 

Enable CPU cluster support on SbsaQemu platform, so that users can
specify a 4-level CPU hierarchy sockets/clusters/cores/threads. And
this topology can be passed to the firmware through DT cpu-map.

Signed-off-by: Xiong Yining 
tested-by: Marcin Juszkiewicz 
---
  docs/system/arm/sbsa.rst |  4 
  hw/arm/sbsa-ref.c| 37 -
  2 files changed, 40 insertions(+), 1 deletion(-)


Isn't this basically what MPIDR_EL1 is supposed to indicate?
We do not yet implement all of that in QEMU, but should.

Why does the same info need to be replicated in devicetree?


r~

Re: [PATCH v2 1/2] net: Provide MemReentrancyGuard * to qemu_new_nic()

[BALATON Zoltan]

On Fri, 26 Apr 2024, Philippe Mathieu-Daudé wrote:

On 26/4/24 14:37, Akihiko Odaki wrote:

On 2024/04/24 21:32, Thomas Huth wrote:

On 24/04/2024 12.41, Prasad Pandit wrote:
On Wednesday, 24 April, 2024 at 03:36:01 pm IST, Philippe Mathieu-Daudé 
wrote:

On 1/6/23 05:18, Akihiko Odaki wrote:

Recently MemReentrancyGuard was added to DeviceState to record that the
device is engaging in I/O. The network device backend needs to update 
it

when delivering a packet to a device.
In preparation for such a change, add MemReentrancyGuard * as a
parameter of qemu_new_nic().


An user on IRC asked if this patch is related/fixing CVE-2021-20255,
any clue?


* CVE-2021-20255 bug: infinite recursion is pointing at a different fix 
patch.

   -> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-20255

* And the this patch below has different issue tagged
-> https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08312.html
   Fixes: CVE-2023-3019


* They look different, former is an infinite recursion issue and the 
latter is a use-after-free one.


I assume the eepro reentrancy issue has been fixed with:

  https://gitlab.com/qemu-project/qemu/-/issues/556
  i.e.:
  https://gitlab.com/qemu-project/qemu/-/commit/c40ca2301c7603524eaddb5308a3


I agree. Commit c40ca2301c7603524eaddb5308a3 should be what fixed 
CVE-2021-20255, not this patch.


Thank you all for clarifying!


$ git log -p c40ca2301c7603524eaddb5308a3 --
fatal: bad revision 'c40ca2301c7603524eaddb5308a3'

It seems to actually be commit a2e1753b8054344f32cf94f31c6399a58794a380

Regards,
BALATON Zoltan

Re: [PATCH v5 09/13] hw/cxl/events: Add qmp interfaces to add/release dynamic capacity extents

[Jonathan Cameron via]

On Thu, 25 Apr 2024 10:30:51 -0700
Ira Weiny  wrote:

> Markus Armbruster wrote:
> > fan  writes:
> >   
> > > On Wed, Apr 24, 2024 at 03:09:52PM +0200, Markus Armbruster wrote:  
> > >> nifan@gmail.com writes:
> > >>   
> > >> > From: Fan Ni 
> > >> >
> > >> > Since fabric manager emulation is not supported yet, the change 
> > >> > implements
> > >> > the functions to add/release dynamic capacity extents as QMP 
> > >> > interfaces.  
> > >> 
> > >> Will fabric manager emulation obsolete these commands?  
> > >
> > > If in the future, fabric manager emulation supports commands for dynamic 
> > > capacity
> > > extent add/release, it is possible we do not need the commands.
> > > But it seems not to happen soon, we need the qmp commands for the
> > > end-to-end test with kernel DCD support.  
> > 
> > I asked because if the commands are temporary testing aids, they should
> > probably be declared unstable.  Even if they are permanent testing aids,
> > unstable might be the right choice.  This is for the CXL maintainers to
> > decide.
> > 
> > What does "unstable" mean?  docs/devel/qapi-code-gen.rst: "Interfaces so
> > marked may be withdrawn or changed incompatibly in future releases."
> > 
> > Management applications need stable interfaces.  Libvirt developers
> > generally refuse to touch anything in QMP that's declared unstable.
> > 
> > Human users and their ad hoc scripts appreciate stability, but they
> > don't need it nearly as much as management applications do.
> > 
> > A stability promise increases the maintenance burden.  By how much is
> > unclear.  In other words, by promising stability, the maintainers take
> > on risk.  Are the CXL maintainers happy to accept the risk here?
> >   
> 
> Ah...  All great points.
> 
> Outside of CXL development I don't think there is a strong need for them
> to be stable.  I would like to see more than ad hoc scripts use them
> though.  So I don't think they are going to be changed without some
> thought though.

These align closely with the data that comes from the fabric management
API in the CXL spec.  So I don't see a big maintenance burden problem
in having these as stable interfaces.  Whilst they aren't doing quite
the same job as the FM-API (which will be emulated such that it is
visible to the guest as that aids some other types of testing) that
interface defines the limits on what we can tell the device to do.

So yes, risk for these is minimal and I'm happy to accept that.
It'll be a while before we need libvirt to use them but I do
expect to see that happen. (subject to some guessing on a future
virtualization stack!)

Jonathan



> 
> Ira
> 
> [snip]

Re: [PATCH v5 09/13] hw/cxl/events: Add qmp interfaces to add/release dynamic capacity extents

[Jonathan Cameron via]

On Wed, 24 Apr 2024 10:33:33 -0700
Ira Weiny  wrote:

> Markus Armbruster wrote:
> > nifan@gmail.com writes:
> >   
> > > From: Fan Ni 
> > >
> > > Since fabric manager emulation is not supported yet, the change implements
> > > the functions to add/release dynamic capacity extents as QMP interfaces.  
> > 
> > Will fabric manager emulation obsolete these commands?  
> 
> I don't think so.  In the development of the kernel, I see these being
> valuable to do CI and regression testing without the complexity of an FM.

Fully agree - I also long term see these as the drivers for one
possible virtualization stack for DCD devices (whether it turns
out to be the way forwards for that is going to take a while to
resolve!)

It doesn't make much sense to add a fabric manager into that flow
or to expose an appropriate (maybe MCTP) interface from QEMU just
to poke the emulated device.

Jonathan


> 
> Ira
> 
> >   
> > > Note: we skips any FM issued extent release request if the exact extent
> > > does not exist in the extent list of the device. We will loose the
> > > restriction later once we have partial release support in the kernel.
> > >
> > > 1. Add dynamic capacity extents:
> > >
> > > For example, the command to add two continuous extents (each 128MiB long)
> > > to region 0 (starting at DPA offset 0) looks like below:
> > >
> > > { "execute": "qmp_capabilities" }
> > >
> > > { "execute": "cxl-add-dynamic-capacity",
> > >   "arguments": {
> > >   "path": "/machine/peripheral/cxl-dcd0",
> > >   "region-id": 0,
> > >   "extents": [
> > >   {
> > >   "dpa": 0,
> > >   "len": 134217728
> > >   },
> > >   {
> > >   "dpa": 134217728,
> > >   "len": 134217728
> > >   }
> > >   ]
> > >   }
> > > }
> > >
> > > 2. Release dynamic capacity extents:
> > >
> > > For example, the command to release an extent of size 128MiB from region 0
> > > (DPA offset 128MiB) look like below:
> > >
> > > { "execute": "cxl-release-dynamic-capacity",
> > >   "arguments": {
> > >   "path": "/machine/peripheral/cxl-dcd0",
> > >   "region-id": 0,
> > >   "extents": [
> > >   {
> > >   "dpa": 134217728,
> > >   "len": 134217728
> > >   }
> > >   ]
> > >   }
> > > }
> > >
> > > Signed-off-by: Fan Ni   
> > 
> > [...]
> >   
> > > diff --git a/qapi/cxl.json b/qapi/cxl.json
> > > index 8cc4c72fa9..2645004666 100644
> > > --- a/qapi/cxl.json
> > > +++ b/qapi/cxl.json
> > > @@ -19,13 +19,16 @@
> > >  #
> > >  # @fatal: Fatal Event Log
> > >  #
> > > +# @dyncap: Dynamic Capacity Event Log
> > > +#
> > >  # Since: 8.1
> > >  ##
> > >  { 'enum': 'CxlEventLog',
> > >'data': ['informational',
> > > 'warning',
> > > 'failure',
> > > -   'fatal']
> > > +   'fatal',
> > > +   'dyncap']  
> > 
> > We tend to avoid abbreviations in QMP identifiers: dynamic-capacity.
> >   
> > >   }
> > >  
> > >  ##
> > > @@ -361,3 +364,59 @@
> > >  ##
> > >  {'command': 'cxl-inject-correctable-error',
> > >   'data': {'path': 'str', 'type': 'CxlCorErrorType'}}
> > > +
> > > +##
> > > +# @CXLDCExtentRecord:  
> > 
> > Such traffic jams of capital letters are hard to read.
> > 
> > What does DC mean?
> >   
> > > +#
> > > +# Record of a single extent to add/release
> > > +#
> > > +# @offset: offset to the start of the region where the extent to be 
> > > operated  
> > 
> > Blank line here, please
> >   
> > > +# @len: length of the extent
> > > +#
> > > +# Since: 9.0
> > > +##
> > > +{ 'struct': 'CXLDCExtentRecord',
> > > +  'data': {
> > > +  'offset':'uint64',
> > > +  'len': 'uint64'
> > > +  }
> > > +}
> > > +
> > > +##
> > > +# @cxl-add-dynamic-capacity:
> > > +#
> > > +# Command to start add dynamic capacity extents flow. The device will  
> > 
> > I think we're missing an article here.  Is it "a flow" or "the flow"?
> >   
> > > +# have to acknowledged the acceptance of the extents before they are 
> > > usable.  
> > 
> > to acknowledge
> > 
> > docs/devel/qapi-code-gen.rst:
> > 
> > For legibility, wrap text paragraphs so every line is at most 70
> > characters long.
> > 
> > Separate sentences with two spaces.
> >   
> > > +#
> > > +# @path: CXL DCD canonical QOM path  
> > 
> > What is a CXL DCD?  Is it a device?
> > 
> > I'd prefer @qom-path, unless you can make a consistency argument for
> > @path.
> >   
> > > +# @region-id: id of the region where the extent to add  
> > 
> > What's a region, and how do they get their IDs?
> >   
> > > +# @extents: Extents to add  
> > 
> > Blank lines between argument descriptions, please.
> >   
> > > +#
> > > +# Since : 9.0  
> > 
> > 9.1
> >   
> > > +##
> > > +{ 'command': 'cxl-add-dynamic-capacity',
> > > +  'data': { 'path': 'str',
> > > +'region-id': 'uint8',
> > > +'extents': [ 'CXLDCExtentRecord' ]
> > > +   }
> > > +}
> > > +
> > > +##
> > > +# @cxl-release-dynamic-capacity:
> > > +#
> > > +# Command to 

Re: [PATCH 3/3] gitlab: remove stale s390x-all-linux-static conf hacks

[Thomas Huth]

On 26/04/2024 17.39, Alex Bennée wrote:

The libssh bug references 18.04 which we are no longer running. We
don't need to disable glusterfs because a linux-user build shouldn't
be trying to link to it anyway.

Signed-off-by: Alex Bennée 
---
  .gitlab-ci.d/custom-runners/ubuntu-22.04-s390x.yml | 4 +---
  1 file changed, 1 insertion(+), 3 deletions(-)


Reviewed-by: Thomas Huth 

Re: [PATCH 2/3] gitlab: migrate the s390x custom machine to 22.04

[Thomas Huth]

On 26/04/2024 17.39, Alex Bennée wrote:

20.04 is dead (from QEMU's point of view), long live 22.04!

Signed-off-by: Alex Bennée 
---
  .gitlab-ci.d/custom-runners.yml   |  2 +-
  ...20.04-s390x.yml => ubuntu-22.04-s390x.yml} | 28 +--
  2 files changed, 15 insertions(+), 15 deletions(-)
  rename .gitlab-ci.d/custom-runners/{ubuntu-20.04-s390x.yml => 
ubuntu-22.04-s390x.yml} (88%)


Reviewed-by: Thomas Huth 

Re: [PATCH 1/3] build-environment: make some packages optional

[Thomas Huth]

On 26/04/2024 17.39, Alex Bennée wrote:

Upgrading the s390x runner exposed some packages are not available for
it. Add an additional optional stage we only enable for arm64/x86_64
for now.

Signed-off-by: Alex Bennée 
---
  scripts/ci/setup/build-environment.yml | 16 +---
  1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/scripts/ci/setup/build-environment.yml 
b/scripts/ci/setup/build-environment.yml
index f344d1a850..de0d866a1e 100644
--- a/scripts/ci/setup/build-environment.yml
+++ b/scripts/ci/setup/build-environment.yml
@@ -95,7 +95,6 @@
- libpam0g-dev
- libpcre2-dev
- libpixman-1-dev
-  - libpmem-dev
- libpng-dev
- libpulse-dev
- librbd-dev
@@ -107,7 +106,6 @@
- libslirp-dev
- libsnappy-dev
- libspice-protocol-dev
-  - libspice-server-dev
- libssh-dev
- libsystemd-dev
- libtasn1-6-dev
@@ -119,7 +117,6 @@
- libvdeplug-dev
- libvirglrenderer-dev
- libvte-2.91-dev
-  - libxen-dev
- libxml2-dev
- libzstd-dev
- llvm
@@ -156,6 +153,19 @@
  - ansible_facts['distribution'] == 'Ubuntu'
  - ansible_facts['distribution_version'] == '22.04'
  
+# not all packages are available for all architectures

+- name: Install additional packages to build QEMU on Ubuntu 22.04
+  package:
+name:
+  - libpmem-dev
+  - libspice-server-dev
+  - libxen-dev
+state: present
+  when:
+- ansible_facts['distribution'] == 'Ubuntu'
+- ansible_facts['distribution_version'] == '22.04'
+- ansible_facts['architecture'] == 'aarch64' or 
ansible_facts['architecture'] == 'x86_64'
+
  - name: Install armhf cross-compile packages to build QEMU on AArch64 
Ubuntu 22.04
package:
  name:


Reviewed-by: Thomas Huth 

[PATCH 3/3] gitlab: remove stale s390x-all-linux-static conf hacks

[Alex Bennée]

The libssh bug references 18.04 which we are no longer running. We
don't need to disable glusterfs because a linux-user build shouldn't
be trying to link to it anyway.

Signed-off-by: Alex Bennée 
---
 .gitlab-ci.d/custom-runners/ubuntu-22.04-s390x.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.gitlab-ci.d/custom-runners/ubuntu-22.04-s390x.yml 
b/.gitlab-ci.d/custom-runners/ubuntu-22.04-s390x.yml
index 85e2809573..105981879f 100644
--- a/.gitlab-ci.d/custom-runners/ubuntu-22.04-s390x.yml
+++ b/.gitlab-ci.d/custom-runners/ubuntu-22.04-s390x.yml
@@ -13,11 +13,9 @@ ubuntu-22.04-s390x-all-linux-static:
  - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH =~ 
/^staging/'
  - if: "$S390X_RUNNER_AVAILABLE"
  script:
- # --disable-libssh is needed because of 
https://bugs.launchpad.net/qemu/+bug/1838763
- # --disable-glusterfs is needed because there's no static version of those 
libs in distro supplied packages
  - mkdir build
  - cd build
- - ../configure --enable-debug --static --disable-system --disable-glusterfs 
--disable-libssh
+ - ../configure --enable-debug --static --disable-system
|| { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make --output-sync -j`nproc`
  - make --output-sync check-tcg
-- 
2.39.2

[PATCH 0/3] testing/next: s390x gitlab updates

[Alex Bennée]

I was asked to update the custom gitlab runner from the aging 20.04 to
22.04 which has been done. However I needed to update the provisioning
scripts and clean-up some of the cruft. Sadly this doesn't seem to be
passing cleanly as we have:

  - qtest-s390x/migration-test ERROR   98.94s   killed by signal 6 
SIGABRT
  - failing TCG tests (on s390x HW)
 - float_convd fails against a generated reference
 - clc returns 1

There are also lots of scary DSO warnings:

  BFD: warning: system-supplied DSO at 0x7fedb6479000 has a corrupt string 
table index

Can I leave that to the respective maintainers to investigate please
as I have a publishing deadline coming up.

Thanks,

Alex.

Alex Bennée (3):
  build-environment: make some packages optional
  gitlab: migrate the s390x custom machine to 22.04
  gitlab: remove stale s390x-all-linux-static conf hacks

 .gitlab-ci.d/custom-runners.yml   |  2 +-
 ...20.04-s390x.yml => ubuntu-22.04-s390x.yml} | 32 +--
 scripts/ci/setup/build-environment.yml| 16 --
 3 files changed, 29 insertions(+), 21 deletions(-)
 rename .gitlab-ci.d/custom-runners/{ubuntu-20.04-s390x.yml => 
ubuntu-22.04-s390x.yml} (80%)

-- 
2.39.2

[PATCH 2/3] gitlab: migrate the s390x custom machine to 22.04

[Alex Bennée]

20.04 is dead (from QEMU's point of view), long live 22.04!

Signed-off-by: Alex Bennée 
---
 .gitlab-ci.d/custom-runners.yml   |  2 +-
 ...20.04-s390x.yml => ubuntu-22.04-s390x.yml} | 28 +--
 2 files changed, 15 insertions(+), 15 deletions(-)
 rename .gitlab-ci.d/custom-runners/{ubuntu-20.04-s390x.yml => 
ubuntu-22.04-s390x.yml} (88%)

diff --git a/.gitlab-ci.d/custom-runners.yml b/.gitlab-ci.d/custom-runners.yml
index a0e79acd39..29e52df283 100644
--- a/.gitlab-ci.d/custom-runners.yml
+++ b/.gitlab-ci.d/custom-runners.yml
@@ -29,7 +29,7 @@
   junit: build/meson-logs/testlog.junit.xml
 
 include:
-  - local: '/.gitlab-ci.d/custom-runners/ubuntu-20.04-s390x.yml'
+  - local: '/.gitlab-ci.d/custom-runners/ubuntu-22.04-s390x.yml'
   - local: '/.gitlab-ci.d/custom-runners/ubuntu-22.04-aarch64.yml'
   - local: '/.gitlab-ci.d/custom-runners/ubuntu-22.04-aarch32.yml'
   - local: '/.gitlab-ci.d/custom-runners/centos-stream-8-x86_64.yml'
diff --git a/.gitlab-ci.d/custom-runners/ubuntu-20.04-s390x.yml 
b/.gitlab-ci.d/custom-runners/ubuntu-22.04-s390x.yml
similarity index 88%
rename from .gitlab-ci.d/custom-runners/ubuntu-20.04-s390x.yml
rename to .gitlab-ci.d/custom-runners/ubuntu-22.04-s390x.yml
index cdae6c5212..85e2809573 100644
--- a/.gitlab-ci.d/custom-runners/ubuntu-20.04-s390x.yml
+++ b/.gitlab-ci.d/custom-runners/ubuntu-22.04-s390x.yml
@@ -1,13 +1,13 @@
-# All ubuntu-20.04 jobs should run successfully in an environment
+# All ubuntu-22.04 jobs should run successfully in an environment
 # setup by the scripts/ci/setup/build-environment.yml task
-# "Install basic packages to build QEMU on Ubuntu 20.04/20.04"
+# "Install basic packages to build QEMU on Ubuntu 22.04"
 
-ubuntu-20.04-s390x-all-linux-static:
+ubuntu-22.04-s390x-all-linux-static:
  extends: .custom_runner_template
  needs: []
  stage: build
  tags:
- - ubuntu_20.04
+ - ubuntu_22.04
  - s390x
  rules:
  - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH =~ 
/^staging/'
@@ -23,12 +23,12 @@ ubuntu-20.04-s390x-all-linux-static:
  - make --output-sync check-tcg
  - make --output-sync -j`nproc` check
 
-ubuntu-20.04-s390x-all:
+ubuntu-22.04-s390x-all:
  extends: .custom_runner_template
  needs: []
  stage: build
  tags:
- - ubuntu_20.04
+ - ubuntu_22.04
  - s390x
  timeout: 75m
  rules:
@@ -42,12 +42,12 @@ ubuntu-20.04-s390x-all:
  - make --output-sync -j`nproc`
  - make --output-sync -j`nproc` check
 
-ubuntu-20.04-s390x-alldbg:
+ubuntu-22.04-s390x-alldbg:
  extends: .custom_runner_template
  needs: []
  stage: build
  tags:
- - ubuntu_20.04
+ - ubuntu_22.04
  - s390x
  rules:
  - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH =~ 
/^staging/'
@@ -65,12 +65,12 @@ ubuntu-20.04-s390x-alldbg:
  - make --output-sync -j`nproc`
  - make --output-sync -j`nproc` check
 
-ubuntu-20.04-s390x-clang:
+ubuntu-22.04-s390x-clang:
  extends: .custom_runner_template
  needs: []
  stage: build
  tags:
- - ubuntu_20.04
+ - ubuntu_22.04
  - s390x
  rules:
  - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH =~ 
/^staging/'
@@ -87,11 +87,11 @@ ubuntu-20.04-s390x-clang:
  - make --output-sync -j`nproc`
  - make --output-sync -j`nproc` check
 
-ubuntu-20.04-s390x-tci:
+ubuntu-22.04-s390x-tci:
  needs: []
  stage: build
  tags:
- - ubuntu_20.04
+ - ubuntu_22.04
  - s390x
  rules:
  - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH =~ 
/^staging/'
@@ -107,12 +107,12 @@ ubuntu-20.04-s390x-tci:
|| { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make --output-sync -j`nproc`
 
-ubuntu-20.04-s390x-notcg:
+ubuntu-22.04-s390x-notcg:
  extends: .custom_runner_template
  needs: []
  stage: build
  tags:
- - ubuntu_20.04
+ - ubuntu_22.04
  - s390x
  rules:
  - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH =~ 
/^staging/'
-- 
2.39.2

[PATCH 1/3] build-environment: make some packages optional

[Alex Bennée]

Upgrading the s390x runner exposed some packages are not available for
it. Add an additional optional stage we only enable for arm64/x86_64
for now.

Signed-off-by: Alex Bennée 
---
 scripts/ci/setup/build-environment.yml | 16 +---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/scripts/ci/setup/build-environment.yml 
b/scripts/ci/setup/build-environment.yml
index f344d1a850..de0d866a1e 100644
--- a/scripts/ci/setup/build-environment.yml
+++ b/scripts/ci/setup/build-environment.yml
@@ -95,7 +95,6 @@
   - libpam0g-dev
   - libpcre2-dev
   - libpixman-1-dev
-  - libpmem-dev
   - libpng-dev
   - libpulse-dev
   - librbd-dev
@@ -107,7 +106,6 @@
   - libslirp-dev
   - libsnappy-dev
   - libspice-protocol-dev
-  - libspice-server-dev
   - libssh-dev
   - libsystemd-dev
   - libtasn1-6-dev
@@ -119,7 +117,6 @@
   - libvdeplug-dev
   - libvirglrenderer-dev
   - libvte-2.91-dev
-  - libxen-dev
   - libxml2-dev
   - libzstd-dev
   - llvm
@@ -156,6 +153,19 @@
 - ansible_facts['distribution'] == 'Ubuntu'
 - ansible_facts['distribution_version'] == '22.04'
 
+# not all packages are available for all architectures
+- name: Install additional packages to build QEMU on Ubuntu 22.04
+  package:
+name:
+  - libpmem-dev
+  - libspice-server-dev
+  - libxen-dev
+state: present
+  when:
+- ansible_facts['distribution'] == 'Ubuntu'
+- ansible_facts['distribution_version'] == '22.04'
+- ansible_facts['architecture'] == 'aarch64' or 
ansible_facts['architecture'] == 'x86_64'
+
 - name: Install armhf cross-compile packages to build QEMU on AArch64 
Ubuntu 22.04
   package:
 name:
-- 
2.39.2

Re: [PATCH] vfio/ap: Use g_autofree variable

[Anthony Krowiak]

On 4/24/24 8:54 AM, Cédric Le Goater wrote:

Also change the return value of vfio_ap_register_irq_notifier() to be
a bool since it takes and 'Error **' argument. See the qapi/error.h
Rules section.



LGTM

Signed-off-by: Anthony Krowiak 




Signed-off-by: Cédric Le Goater 
---
  hw/vfio/ap.c | 19 ---
  1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/hw/vfio/ap.c b/hw/vfio/ap.c
index 
7c4caa5938636937680fec87e999249ac84a4498..8bb024e2fde4a1d72346dee4b662d762374326b9
 100644
--- a/hw/vfio/ap.c
+++ b/hw/vfio/ap.c
@@ -70,14 +70,14 @@ static void vfio_ap_req_notifier_handler(void *opaque)
  }
  }
  
-static void vfio_ap_register_irq_notifier(VFIOAPDevice *vapdev,

+static bool vfio_ap_register_irq_notifier(VFIOAPDevice *vapdev,
unsigned int irq, Error **errp)
  {
  int fd;
  size_t argsz;
  IOHandler *fd_read;
  EventNotifier *notifier;
-struct vfio_irq_info *irq_info;
+g_autofree struct vfio_irq_info *irq_info = NULL;
  VFIODevice *vdev = >vdev;
  
  switch (irq) {

@@ -87,13 +87,13 @@ static void vfio_ap_register_irq_notifier(VFIOAPDevice 
*vapdev,
  break;
  default:
  error_setg(errp, "vfio: Unsupported device irq(%d)", irq);
-return;
+return false;
  }
  
  if (vdev->num_irqs < irq + 1) {

  error_setg(errp, "vfio: IRQ %u not available (number of irqs %u)",
 irq, vdev->num_irqs);
-return;
+return false;
  }
  
  argsz = sizeof(*irq_info);

@@ -104,14 +104,14 @@ static void vfio_ap_register_irq_notifier(VFIOAPDevice 
*vapdev,
  if (ioctl(vdev->fd, VFIO_DEVICE_GET_IRQ_INFO,
irq_info) < 0 || irq_info->count < 1) {
  error_setg_errno(errp, errno, "vfio: Error getting irq info");
-goto out_free_info;
+return false;
  }
  
  if (event_notifier_init(notifier, 0)) {

  error_setg_errno(errp, errno,
   "vfio: Unable to init event notifier for irq (%d)",
   irq);
-goto out_free_info;
+return false;
  }
  
  fd = event_notifier_get_fd(notifier);

@@ -123,9 +123,7 @@ static void vfio_ap_register_irq_notifier(VFIOAPDevice 
*vapdev,
  event_notifier_cleanup(notifier);
  }
  
-out_free_info:

-g_free(irq_info);
-
+return true;
  }
  
  static void vfio_ap_unregister_irq_notifier(VFIOAPDevice *vapdev,

@@ -171,8 +169,7 @@ static void vfio_ap_realize(DeviceState *dev, Error **errp)
  goto error;
  }
  
-vfio_ap_register_irq_notifier(vapdev, VFIO_AP_REQ_IRQ_INDEX, );

-if (err) {
+if (!vfio_ap_register_irq_notifier(vapdev, VFIO_AP_REQ_IRQ_INDEX, )) {
  /*
   * Report this error, but do not make it a failing condition.
   * Lack of this IRQ in the host does not prevent normal operation.

Re: [PATCH] .gitlab-ci.d/cirrus: Remove the netbsd and openbsd jobs

[Eldon Stegall]

On Fri, Apr 26, 2024 at 02:47:20PM +0200, Thomas Huth wrote:
> With regards to NetBSD and OpenBSD, this is not a step backward since these 
> gitlab jobs were never run anyway (they could only be triggered manually, 
> but hardly anybody did that AFAIK).
> 
> If we want to have proper support for those OSes, I think somebody would 
> need to set up a custom runner on a beefy KVM-capable server somewhere where 
> we could run the "make vm-build-*bsd" commands. By the way, are Eldon's CI 
> runners still around? IIRC they were capable of running KVM ?

My datacenter had a power outage recently, so I disable my runner, and
haven't prioritized bringing it back up until now. I am glad to get this
going again, I'll look at it this weekend. 

It is a dedicated machine (R610 or Cisco UCS C220, I don't quite recall)
with I believe ~2X cores and 100+ GB memory. I hit a couple of minor
hurdles when CI started utilizing kubernetes runners, so one question I
had was whether I should install a lightweight kubernetes system and run
the gitlab kubernetes CI operator or the normal gitlab runner service. 

There should also be plenty of space to build *bsd VM's. Do pre-existing
upstream BSD images have an nocloud support so that we can build from a
stable updated base? Sorry I'm not super familiar with the BSD
ecosystems, but happy to try to fill in the gaps.

Thanks,
Eldon

Re: [PATCH 0/3] accel: Add new @dirty field on HVF/NVMM/WHPX

[Philippe Mathieu-Daudé]

On 24/4/24 19:45, Philippe Mathieu-Daudé wrote:

We want CPUState to only contain fields used by common code.
Start using a specific @dirty field for HVF/NVMM/WHPX
(TCG then KVM will follow).

Philippe Mathieu-Daudé (3):
   accel/whpx: Use accel-specific per-vcpu @dirty field
   accel/nvmm: Use accel-specific per-vcpu @dirty field
   accel/hvf: Use accel-specific per-vcpu @dirty field


Thanks, queued.

Re: [PATCH v2 03/10] ppc/pnv: Add a Power11 Pnv11Chip, and a Power11 Machine

[Cédric Le Goater]

On 4/26/24 13:00, Aditya Gupta wrote:

Power11 core is same as Power10, use the existing functionalities to
introduce a Power11 chip and machine, with Power10 chip as parent of
Power11 chip, thus going through similar class_init paths

Cc: Cédric Le Goater 
Cc: Frédéric Barrat 
Cc: Mahesh J Salgaonkar 
Cc: Madhavan Srinivasan 
Cc: Nicholas Piggin 
Signed-off-by: Aditya Gupta 
---
  docs/system/ppc/powernv.rst |  9 ++--
  hw/ppc/pnv.c| 98 +++--
  hw/ppc/pnv_core.c   | 16 +-
  include/hw/ppc/pnv.h|  5 ++
  include/hw/ppc/pnv_chip.h   | 10 
  5 files changed, 130 insertions(+), 8 deletions(-)

diff --git a/docs/system/ppc/powernv.rst b/docs/system/ppc/powernv.rst
index 09f39658587d..626f2a119521 100644
--- a/docs/system/ppc/powernv.rst
+++ b/docs/system/ppc/powernv.rst
@@ -1,5 +1,5 @@
-PowerNV family boards (``powernv8``, ``powernv9``, ``powernv10``)
-==
+PowerNV family boards (``powernv8``, ``powernv9``, ``powernv10``, 
``powernv11``)
+
  
  PowerNV (as Non-Virtualized) is the "bare metal" platform using the

  OPAL firmware. It runs Linux on IBM and OpenPOWER systems and it can
@@ -15,11 +15,12 @@ beyond the scope of what QEMU addresses today.
  Supported devices
  -
  
- * Multi processor support for POWER8, POWER8NVL and POWER9.

+ * Multi processor support for POWER8, POWER8NVL, POWER9, POWER10 and Power11.


POWER10 -> Power10. Don't ask me why.


   * XSCOM, serial communication sideband bus to configure chiplets.
   * Simple LPC Controller.
   * Processor Service Interface (PSI) Controller.
- * Interrupt Controller, XICS (POWER8) and XIVE (POWER9) and XIVE2 (Power10).
+ * Interrupt Controller, XICS (POWER8) and XIVE (POWER9) and XIVE2 (Power10 &
+   Power11).
   * POWER8 PHB3 PCIe Host bridge and POWER9 PHB4 PCIe Host bridge.
   * Simple OCC is an on-chip micro-controller used for power management tasks.
   * iBT device to handle BMC communication, with the internal BMC simulator
diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 74e7908e5ffb..06e272f3bdd3 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -431,13 +431,27 @@ static const uint8_t pa_features_31[] = { 74, 0,
  
  static void pnv_chip_power10_dt_populate(PnvChip *chip, void *fdt)

  {
-static const char compat[] = "ibm,power10-xscom\0ibm,xscom";
+PnvChipClass *pcc = PNV_CHIP_GET_CLASS(chip);
+static const char compat_p10[] = "ibm,power10-xscom\0ibm,xscom";
+static const char compat_p11[] = "ibm,power11-xscom\0ibm,xscom";
+
+PnvChipType chip_type = pcc->chip_type;
+const char *compat;
+int compat_len;
  int i;
  
+if (chip_type == PNV_TYPE_POWER11) {

+compat = compat_p11;
+compat_len = sizeof(compat_p11);
+} else {
+compat = compat_p10;
+compat_len = sizeof(compat_p10);
+}


please introduce a pnv_chip_power11_dt_populate() routine instead.


  pnv_dt_xscom(chip, fdt, 0,
   cpu_to_be64(PNV10_XSCOM_BASE(chip)),
   cpu_to_be64(PNV10_XSCOM_SIZE),
- compat, sizeof(compat));
+ compat, compat_len);
  
  for (i = 0; i < chip->nr_cores; i++) {

  PnvCore *pnv_core = chip->cores[i];
@@ -1288,6 +1302,8 @@ static void pnv_chip_power10_intc_print_info(PnvChip 
*chip, PowerPCCPU *cpu,
  
  #define POWER10_CORE_MASK  (0xffull)
  
+#define POWER11_CORE_MASK  (0xffull)

+
  static void pnv_chip_power8_instance_init(Object *obj)
  {
  Pnv8Chip *chip8 = PNV8_CHIP(obj);
@@ -1838,6 +1854,7 @@ static void pnv_chip_power10_instance_init(Object *obj)
  static void pnv_chip_power10_quad_realize(Pnv10Chip *chip10, Error **errp)
  {
  PnvChip *chip = PNV_CHIP(chip10);
+PnvChipClass *chip_class = PNV_CHIP_GET_CLASS(chip);
  int i;
  
  chip10->nr_quads = DIV_ROUND_UP(chip->nr_cores, 4);

@@ -1846,7 +1863,11 @@ static void pnv_chip_power10_quad_realize(Pnv10Chip 
*chip10, Error **errp)
  for (i = 0; i < chip10->nr_quads; i++) {
  PnvQuad *eq = >quads[i];
  
-pnv_chip_quad_realize_one(chip, eq, chip->cores[i * 4],

+if (chip_class->chip_type == PNV_TYPE_POWER11)
+pnv_chip_quad_realize_one(chip, eq, chip->cores[i * 4],
+  PNV_QUAD_TYPE_NAME("power11"));
+else
+pnv_chip_quad_realize_one(chip, eq, chip->cores[i * 4],
PNV_QUAD_TYPE_NAME("power10"));



Please change introduce a new pnv_chip_quad_realize() routine taking an
extra type_name argument.


  
  pnv_xscom_add_subregion(chip, PNV10_XSCOM_EQ_BASE(eq->quad_id),

@@ -2116,6 +2137,35 @@ static void pnv_chip_power10_class_init(ObjectClass 
*klass, void *data)
  >parent_realize);
  }
  
+static void 

Re: [PATCH v2 10/10] ppc/pnv: Update skiboot.lid to support Power11

[Cédric Le Goater]

On 4/26/24 13:00, Aditya Gupta wrote:

Skiboot/OPAL patches are in discussion upstream [1], with corresponding
commits in github repository [2].

Update skiboot.lid, with binary built from 'upstream_power11' branch
of skiboot repository with Power11 enablement patches [2].

---
This patch can be skipped for now, if need to wait for patches to be
merged in open-power/skiboot. 


yes.


Have updated the skiboot.lid to aid in testing this patch series.


Thanks for doing so.


---

[1]:https://lists.ozlabs.org/pipermail/skiboot/2024-April/018963.html
[2]:https://github.com/maheshsal/skiboot.

Cc: Cédric Le Goater
Cc: Joel Stanley
Cc: Mahesh J Salgaonkar
Cc: Madhavan Srinivasan
Cc: Nicholas Piggin
Signed-off-by: Aditya Gupta
---
  pc-bios/skiboot.lid | Bin 2527328 -> 2527328 bytes
  1 file changed, 0 insertions(+), 0 deletions(-)


We avoid sending such big blobs on the mailing list. We usually send a
PR to the sub-system maintainer (Nick). When time comes (support is
merged is skiboot), we will address the skiboot image update in QEMU.

C.

Re: [PATCH v2 08/10] ppc/pnv: Add SBE model for Power11

[Cédric Le Goater]

On 4/26/24 13:00, Aditya Gupta wrote:

Power11 core is same as Power10, reuse PNV10_SBER initialisation, by
declaring PNV11_PSI as child class of PNV10_PSI

Cc: Cédric Le Goater 
Cc: Frédéric Barrat 
Cc: Mahesh J Salgaonkar 
Cc: Madhavan Srinivasan 
Cc: Nicholas Piggin 
Signed-off-by: Aditya Gupta 



Reviewed-by: Cédric Le Goater 

Thanks,

C.



---
  hw/ppc/pnv_sbe.c | 15 +++
  include/hw/ppc/pnv_sbe.h |  2 ++
  2 files changed, 17 insertions(+)

diff --git a/hw/ppc/pnv_sbe.c b/hw/ppc/pnv_sbe.c
index 74cee4eea7ad..a655cc7f8c9e 100644
--- a/hw/ppc/pnv_sbe.c
+++ b/hw/ppc/pnv_sbe.c
@@ -366,6 +366,20 @@ static const TypeInfo pnv_sbe_power10_type_info = {
  .name  = TYPE_PNV10_SBE,
  .parent= TYPE_PNV9_SBE,
  .class_init= pnv_sbe_power10_class_init,
+.class_base_init = pnv_sbe_power10_class_init,
+};
+
+static void pnv_sbe_power11_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->desc = "PowerNV SBE Controller (POWER11)";
+}
+
+static const TypeInfo pnv_sbe_power11_type_info = {
+.name  = TYPE_PNV11_SBE,
+.parent= TYPE_PNV10_SBE,
+.class_init= pnv_sbe_power11_class_init,
  };
  
  static void pnv_sbe_realize(DeviceState *dev, Error **errp)

@@ -409,6 +423,7 @@ static void pnv_sbe_register_types(void)
  type_register_static(_sbe_type_info);
  type_register_static(_sbe_power9_type_info);
  type_register_static(_sbe_power10_type_info);
+type_register_static(_sbe_power11_type_info);
  }
  
  type_init(pnv_sbe_register_types);

diff --git a/include/hw/ppc/pnv_sbe.h b/include/hw/ppc/pnv_sbe.h
index b6b378ad14c7..09073a1256d6 100644
--- a/include/hw/ppc/pnv_sbe.h
+++ b/include/hw/ppc/pnv_sbe.h
@@ -29,6 +29,8 @@ OBJECT_DECLARE_TYPE(PnvSBE, PnvSBEClass, PNV_SBE)
  DECLARE_INSTANCE_CHECKER(PnvSBE, PNV9_SBE, TYPE_PNV9_SBE)
  #define TYPE_PNV10_SBE TYPE_PNV_SBE "-POWER10"
  DECLARE_INSTANCE_CHECKER(PnvSBE, PNV10_SBE, TYPE_PNV10_SBE)
+#define TYPE_PNV11_SBE TYPE_PNV_SBE "-POWER11"
+DECLARE_INSTANCE_CHECKER(PnvSBE, PNV11_SBE, TYPE_PNV11_SBE)
  
  struct PnvSBE {

  DeviceState xd;

Re: [PATCH v2 05/10] ppc/pnv: Add a LPC controller for POWER11

[Cédric Le Goater]

On 4/26/24 13:00, Aditya Gupta wrote:

Power11 core is same as Power10 core, declare PNV11_LPC as a child
class of PNV10_LPC, so it goes through same class init

Cc: Cédric Le Goater 
Cc: Frédéric Barrat 
Cc: Mahesh J Salgaonkar 
Cc: Madhavan Srinivasan 
Cc: Nicholas Piggin 
Signed-off-by: Aditya Gupta 



Reviewed-by: Cédric Le Goater 

Thanks,

C.



---
  hw/ppc/pnv_lpc.c | 14 ++
  include/hw/ppc/pnv_lpc.h |  4 
  2 files changed, 18 insertions(+)

diff --git a/hw/ppc/pnv_lpc.c b/hw/ppc/pnv_lpc.c
index d692858bee78..54b366221bc7 100644
--- a/hw/ppc/pnv_lpc.c
+++ b/hw/ppc/pnv_lpc.c
@@ -698,6 +698,19 @@ static const TypeInfo pnv_lpc_power10_info = {
  .class_init= pnv_lpc_power10_class_init,
  };
  
+static void pnv_lpc_power11_class_init(ObjectClass *klass, void *data)

+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->desc = "PowerNV LPC Controller POWER11";
+}
+
+static const TypeInfo pnv_lpc_power11_info = {
+.name  = TYPE_PNV11_LPC,
+.parent= TYPE_PNV10_LPC,
+.class_init= pnv_lpc_power11_class_init,
+};
+
  static void pnv_lpc_realize(DeviceState *dev, Error **errp)
  {
  PnvLpcController *lpc = PNV_LPC(dev);
@@ -771,6 +784,7 @@ static void pnv_lpc_register_types(void)
  type_register_static(_lpc_power8_info);
  type_register_static(_lpc_power9_info);
  type_register_static(_lpc_power10_info);
+type_register_static(_lpc_power11_info);
  }
  
  type_init(pnv_lpc_register_types)

diff --git a/include/hw/ppc/pnv_lpc.h b/include/hw/ppc/pnv_lpc.h
index 5d22c4557041..1069bca38dfd 100644
--- a/include/hw/ppc/pnv_lpc.h
+++ b/include/hw/ppc/pnv_lpc.h
@@ -41,6 +41,10 @@ DECLARE_INSTANCE_CHECKER(PnvLpcController, PNV9_LPC,
  DECLARE_INSTANCE_CHECKER(PnvLpcController, PNV10_LPC,
   TYPE_PNV10_LPC)
  
+#define TYPE_PNV11_LPC TYPE_PNV_LPC "-POWER11"

+DECLARE_INSTANCE_CHECKER(PnvLpcController, PNV11_LPC,
+ TYPE_PNV11_LPC)
+
  struct PnvLpcController {
  DeviceState parent;
  

Re: [PATCH v2 07/10] ppc/pnv: Add a PSI bridge model for Power11

[Cédric Le Goater]

On 4/26/24 13:00, Aditya Gupta wrote:

Power11 core is same as Power10, reuse PNV10_PSI initialisation, by
declaring 'PNV11_PSI' as child class of 'PNV10_PSI'

Cc: Cédric Le Goater 
Cc: Frédéric Barrat 
Cc: Mahesh J Salgaonkar 
Cc: Madhavan Srinivasan 
Cc: Nicholas Piggin 
Signed-off-by: Aditya Gupta 



Reviewed-by: Cédric Le Goater 

Thanks,

C.



---
  hw/ppc/pnv_psi.c | 24 
  include/hw/ppc/pnv_psi.h |  2 ++
  2 files changed, 26 insertions(+)

diff --git a/hw/ppc/pnv_psi.c b/hw/ppc/pnv_psi.c
index 26460d210deb..1f708b183a87 100644
--- a/hw/ppc/pnv_psi.c
+++ b/hw/ppc/pnv_psi.c
@@ -939,6 +939,29 @@ static const TypeInfo pnv_psi_power10_info = {
  .name  = TYPE_PNV10_PSI,
  .parent= TYPE_PNV9_PSI,
  .class_init= pnv_psi_power10_class_init,
+.class_base_init = pnv_psi_power10_class_init,
+};
+
+static void pnv_psi_power11_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+PnvPsiClass *ppc = PNV_PSI_CLASS(klass);
+static const char compat[] = "ibm,power11-psihb-x\0ibm,psihb-x";
+
+dc->desc= "PowerNV PSI Controller POWER11";
+
+/*
+ * ppc->xscom_pbca and ppc->xscom_size will be set up by
+ * pnv_psi_power10_class_init
+ */
+ppc->compat = compat;
+ppc->compat_size = sizeof(compat);
+}
+
+static const TypeInfo pnv_psi_power11_info = {
+.name  = TYPE_PNV11_PSI,
+.parent= TYPE_PNV10_PSI,
+.class_init= pnv_psi_power11_class_init,
  };
  
  static void pnv_psi_class_init(ObjectClass *klass, void *data)

@@ -973,6 +996,7 @@ static void pnv_psi_register_types(void)
  type_register_static(_psi_power8_info);
  type_register_static(_psi_power9_info);
  type_register_static(_psi_power10_info);
+type_register_static(_psi_power11_info);
  }
  
  type_init(pnv_psi_register_types);

diff --git a/include/hw/ppc/pnv_psi.h b/include/hw/ppc/pnv_psi.h
index 2a6f715350b6..9e1d31779204 100644
--- a/include/hw/ppc/pnv_psi.h
+++ b/include/hw/ppc/pnv_psi.h
@@ -70,6 +70,8 @@ struct Pnv9Psi {
  
  #define TYPE_PNV10_PSI TYPE_PNV_PSI "-POWER10"
  
+#define TYPE_PNV11_PSI TYPE_PNV_PSI "-POWER11"

+
  
  struct PnvPsiClass {

  SysBusDeviceClass parent_class;

Re: [PATCH v2 04/10] ppc/pnv: Add HOMER for POWER11

[Cédric Le Goater]

On 4/26/24 13:00, Aditya Gupta wrote:

Power11 core is same as Power10, declare PNV11_HOMER as a child
class of PNV10_HOMER, so it goes through same class init

Cc: Cédric Le Goater 
Cc: Frédéric Barrat 
Cc: Mahesh J Salgaonkar 
Cc: Madhavan Srinivasan 
Cc: Nicholas Piggin 
Signed-off-by: Aditya Gupta 



Reviewed-by: Cédric Le Goater 

Thanks,

C.



---
  hw/ppc/pnv_homer.c | 8 
  include/hw/ppc/pnv_homer.h | 3 +++
  2 files changed, 11 insertions(+)

diff --git a/hw/ppc/pnv_homer.c b/hw/ppc/pnv_homer.c
index f9a203d11d0d..1b0123a6f2ea 100644
--- a/hw/ppc/pnv_homer.c
+++ b/hw/ppc/pnv_homer.c
@@ -394,6 +394,13 @@ static const TypeInfo pnv_homer_power10_type_info = {
  .parent= TYPE_PNV_HOMER,
  .instance_size = sizeof(PnvHomer),
  .class_init= pnv_homer_power10_class_init,
+.class_base_init = pnv_homer_power10_class_init,
+};
+
+static const TypeInfo pnv_homer_power11_type_info = {
+.name  = TYPE_PNV11_HOMER,
+.parent= TYPE_PNV10_HOMER,
+.instance_size = sizeof(PnvHomer),
  };
  
  static void pnv_homer_realize(DeviceState *dev, Error **errp)

@@ -442,6 +449,7 @@ static void pnv_homer_register_types(void)
  type_register_static(_homer_power8_type_info);
  type_register_static(_homer_power9_type_info);
  type_register_static(_homer_power10_type_info);
+type_register_static(_homer_power11_type_info);
  }
  
  type_init(pnv_homer_register_types);

diff --git a/include/hw/ppc/pnv_homer.h b/include/hw/ppc/pnv_homer.h
index b1c5d498dc55..8f1cc8135937 100644
--- a/include/hw/ppc/pnv_homer.h
+++ b/include/hw/ppc/pnv_homer.h
@@ -35,6 +35,9 @@ DECLARE_INSTANCE_CHECKER(PnvHomer, PNV9_HOMER,
  #define TYPE_PNV10_HOMER TYPE_PNV_HOMER "-POWER10"
  DECLARE_INSTANCE_CHECKER(PnvHomer, PNV10_HOMER,
   TYPE_PNV10_HOMER)
+#define TYPE_PNV11_HOMER TYPE_PNV_HOMER "-POWER11"
+DECLARE_INSTANCE_CHECKER(PnvHomer, PNV11_HOMER,
+ TYPE_PNV11_HOMER)
  
  struct PnvHomer {

  DeviceState parent;

Re: [PATCH 4/9] migration: Add direct-io parameter

[Markus Armbruster]

Fabiano Rosas  writes:

> Add the direct-io migration parameter that tells the migration code to
> use O_DIRECT when opening the migration stream file whenever possible.
>
> This is currently only used with the mapped-ram migration that has a
> clear window guaranteed to perform aligned writes.
>
> Acked-by: Markus Armbruster 
> Signed-off-by: Fabiano Rosas 

[...]

> diff --git a/qapi/migration.json b/qapi/migration.json
> index 8c65b90328..1a8a4b114c 100644
> --- a/qapi/migration.json
> +++ b/qapi/migration.json
> @@ -914,6 +914,9 @@
>  # See description in @ZeroPageDetection.  Default is 'multifd'.
>  # (since 9.0)
>  #
> +# @direct-io: Open migration files with O_DIRECT when possible. This
> +# requires that the @mapped-ram capability is enabled. (since 9.1)
> +#

Two spaces between sentences for consistency, please.

>  # Features:
>  #
>  # @deprecated: Member @block-incremental is deprecated.  Use
> @@ -948,7 +951,8 @@
> { 'name': 'x-vcpu-dirty-limit-period', 'features': ['unstable'] },
> 'vcpu-dirty-limit',
> 'mode',
> -   'zero-page-detection'] }
> +   'zero-page-detection',
> +   'direct-io'] }
>  
>  ##
>  # @MigrateSetParameters:

[...]

Re: [PATCH v2 06/10] ppc/pnv: Add OCC for Power11

[Cédric Le Goater]

On 4/26/24 13:00, Aditya Gupta wrote:

Power11 core is same as Power10, reuse PNV10_OCC initialisation,
by declaring `PNV11_OCC` as child class of `PNV10_OCC`


Reviewed-by: Cédric Le Goater 

Thanks,

C.





Cc: Cédric Le Goater 
Cc: Frédéric Barrat 
Cc: Mahesh J Salgaonkar 
Cc: Madhavan Srinivasan 
Cc: Nicholas Piggin 
Signed-off-by: Aditya Gupta 
---
  hw/ppc/pnv_occ.c | 14 ++
  include/hw/ppc/pnv_occ.h |  2 ++
  2 files changed, 16 insertions(+)

diff --git a/hw/ppc/pnv_occ.c b/hw/ppc/pnv_occ.c
index 48123ceae176..4f510419045e 100644
--- a/hw/ppc/pnv_occ.c
+++ b/hw/ppc/pnv_occ.c
@@ -262,6 +262,19 @@ static const TypeInfo pnv_occ_power10_type_info = {
  .class_init= pnv_occ_power10_class_init,
  };
  
+static void pnv_occ_power11_class_init(ObjectClass *klass, void *data)

+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->desc = "PowerNV OCC Controller (POWER11)";
+}
+
+static const TypeInfo pnv_occ_power11_type_info = {
+.name  = TYPE_PNV11_OCC,
+.parent= TYPE_PNV10_OCC,
+.class_init= pnv_occ_power11_class_init,
+};
+
  static void pnv_occ_realize(DeviceState *dev, Error **errp)
  {
  PnvOCC *occ = PNV_OCC(dev);
@@ -305,6 +318,7 @@ static void pnv_occ_register_types(void)
  type_register_static(_occ_power8_type_info);
  type_register_static(_occ_power9_type_info);
  type_register_static(_occ_power10_type_info);
+type_register_static(_occ_power11_type_info);
  }
  
  type_init(pnv_occ_register_types);

diff --git a/include/hw/ppc/pnv_occ.h b/include/hw/ppc/pnv_occ.h
index df321244e3b1..7b5e28f13b4f 100644
--- a/include/hw/ppc/pnv_occ.h
+++ b/include/hw/ppc/pnv_occ.h
@@ -34,6 +34,8 @@ DECLARE_INSTANCE_CHECKER(PnvOCC, PNV9_OCC,
   TYPE_PNV9_OCC)
  #define TYPE_PNV10_OCC TYPE_PNV_OCC "-POWER10"
  DECLARE_INSTANCE_CHECKER(PnvOCC, PNV10_OCC, TYPE_PNV10_OCC)
+#define TYPE_PNV11_OCC TYPE_PNV_OCC "-POWER11"
+DECLARE_INSTANCE_CHECKER(PnvOCC, PNV11_OCC, TYPE_PNV11_OCC)
  
  #define PNV_OCC_SENSOR_DATA_BLOCK_OFFSET 0x0058

  #define PNV_OCC_SENSOR_DATA_BLOCK_SIZE   0x00025800

Re: [PATCH v2 09/10] ppc: Make Power11 as default cpu type for 'pseries' and 'powernv'

[Cédric Le Goater]

On 4/26/24 13:00, Aditya Gupta wrote:

Make Power11 as default cpu type for 'pseries' and 'powernv' machine type,
with Power11 being the newest supported Power processor in QEMU.


This is too early. We should merge Power11 support first, possibly in 9.1,
and then change default in a future release, 9.2, 10.0

Thanks,

C.





Cc: Cédric Le Goater 
Cc: Daniel Henrique Barboza 
Cc: David Gibson 
Cc: Frédéric Barrat 
Cc: Harsh Prateek Bora 
Cc: Mahesh J Salgaonkar 
Cc: Madhavan Srinivasan 
Cc: Nicholas Piggin 
Signed-off-by: Aditya Gupta 
---
  hw/ppc/pnv.c   | 4 ++--
  hw/ppc/spapr.c | 2 +-
  2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 06e272f3bdd3..0c5a6bc424af 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -2531,8 +2531,6 @@ static void pnv_machine_p10_common_class_init(ObjectClass 
*oc, void *data)
  mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power10_v2.0");
  compat_props_add(mc->compat_props, phb_compat, G_N_ELEMENTS(phb_compat));
  
-mc->alias = "powernv";

-
  pmc->compat = compat;
  pmc->compat_size = sizeof(compat);
  pmc->dt_power_mgt = pnv_dt_power_mgt;
@@ -2569,6 +2567,8 @@ static void pnv_machine_power11_class_init(ObjectClass 
*oc, void *data)
  /* do power10_class_init as p11 core is same as p10 */
  pnv_machine_p10_common_class_init(oc, data);
  
+mc->alias = "powernv";

+
  mc->desc = "IBM PowerNV (Non-Virtualized) POWER11";
  mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power11");
  
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c

index d2d1e310a3be..1c3e2da8e9e4 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -4698,7 +4698,7 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
  
  smc->dr_lmb_enabled = true;

  smc->update_dt_enabled = true;
-mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power10_v2.0");
+mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power11");
  mc->has_hotpluggable_cpus = true;
  mc->nvdimm_supported = true;
  smc->resize_hpt_default = SPAPR_RESIZE_HPT_ENABLED;