[PATCH] sgx: Move sgx object from /machine/unattached to /machine

[Yang Zhong]

When Libvirt start, it get the vcpu's unavailable-features from
/machine/unattached/device[0] path by qom-get command, but in SGX
guest, since the sgx-epc virtual device is initialized before VCPU
creation(virtual sgx need set the virtual EPC info in the cpuid). This
/machine/unattached/device[0] is occupied by sgx-epc device, which
fail to get the unvailable-features from /machine/unattached/device[0].

This patch make one new /machine/sgx object to avoid this issue.
(qemu) qom-list /machine/unattached/
device[0] (child)

(qemu) qom-list /machine/sgx
device[0] (child)

Signed-off-by: Yang Zhong 
---
 hw/core/qdev.c | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index 84f3019440..4154eef0d8 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -497,7 +497,7 @@ static void device_set_realized(Object *obj, bool value, 
Error **errp)
 NamedClockList *ncl;
 Error *local_err = NULL;
 bool unattached_parent = false;
-static int unattached_count;
+static int unattached_count, sgx_count;
 
 if (dev->hotplugged && !dc->hotpluggable) {
 error_setg(errp, QERR_DEVICE_NO_HOTPLUG, object_get_typename(obj));
@@ -509,7 +509,15 @@ static void device_set_realized(Object *obj, bool value, 
Error **errp)
 goto fail;
 }
 
-if (!obj->parent) {
+if (!obj->parent && !strcmp(object_get_typename(obj), "sgx-epc")) {
+gchar *name = g_strdup_printf("device[%d]", sgx_count++);
+
+object_property_add_child(container_get(qdev_get_machine(),
+"/sgx"),
+  name, obj);
+unattached_parent = true;
+g_free(name);
+} else if (!obj->parent) {
 gchar *name = g_strdup_printf("device[%d]", unattached_count++);
 
 object_property_add_child(container_get(qdev_get_machine(),

RE: [PATCH v4 05/12] target/riscv: Implement kvm_arch_put_registers

[Jiangyifei via]

> -Original Message-
> From: Alistair Francis [mailto:alistai...@gmail.com]
> Sent: Tuesday, January 11, 2022 7:07 AM
> To: Jiangyifei 
> Cc: qemu-devel@nongnu.org Developers ; open
> list:RISC-V ; kvm-ri...@lists.infradead.org; open
> list:Overall ; libvir-l...@redhat.com; Anup Patel
> ; Palmer Dabbelt ; Alistair
> Francis ; Bin Meng ;
> Fanliang (EulerOS) ; Wubin (H)
> ; Wanghaibin (D) ;
> wanbo (G) ; limingwang (A)
> ; Anup Patel 
> Subject: Re: [PATCH v4 05/12] target/riscv: Implement kvm_arch_put_registers
> 
> On Mon, Jan 10, 2022 at 11:57 AM Yifei Jiang via 
> wrote:
> >
> > Put GPR CSR and FP registers to kvm by KVM_SET_ONE_REG ioctl
> >
> > Signed-off-by: Yifei Jiang 
> > Signed-off-by: Mingwang Li 
> > Reviewed-by: Alistair Francis 
> > Reviewed-by: Anup Patel 
> > ---
> >  target/riscv/kvm.c | 104
> > -
> >  1 file changed, 103 insertions(+), 1 deletion(-)
> >
> > diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c index
> > 6d4df0ef6d..e695b91dc7 100644
> > --- a/target/riscv/kvm.c
> > +++ b/target/riscv/kvm.c
> > @@ -73,6 +73,14 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env,
> uint64_t type, uint64_t idx
> >  } \
> >  } while(0)
> >
> > +#define KVM_RISCV_SET_CSR(cs, env, csr, reg) \
> > +do { \
> > +int ret = kvm_set_one_reg(cs, RISCV_CSR_REG(env, csr), ®); \
> > +if (ret) { \
> > +return ret; \
> > +} \
> > +} while(0)
> 
> This fails checkpatch. I know there is lots of QEMU code like this, but it 
> probably
> should be `while (0)` to keep checkpatch happy.
> 
> Please run checkpatch on all the patches.
> 
> Alistair

OK, it will be modified in the next series.

Yifei

Re: [PATCH v2 2/2] tests/qtest: Add test for Aspeed HACE accumulative mode

[Troy Lee]

[ Adding Klaus ]

On Wed, Jan 12, 2022 at 4:09 PM Troy Lee  wrote:
>
> This add two addition test cases for accumulative mode under sg enabled.
>
> The input vector was manually craft with "abc" + bit 1 + padding zeros + L.
> The padding length depends on algorithm, i.e. SHA512 (1024 bit),
> SHA256 (512 bit).
>
> The result was calculated by command line sha512sum/sha256sum utilities
> without padding, i.e. only "abc" ascii text.
>
> Signed-off-by: Troy Lee 
> ---
>  tests/qtest/aspeed_hace-test.c | 145 +
>  1 file changed, 145 insertions(+)
>
> diff --git a/tests/qtest/aspeed_hace-test.c b/tests/qtest/aspeed_hace-test.c
> index 09ee31545e..6a2f404b93 100644
> --- a/tests/qtest/aspeed_hace-test.c
> +++ b/tests/qtest/aspeed_hace-test.c
> @@ -21,6 +21,7 @@
>  #define  HACE_ALGO_SHA512(BIT(5) | BIT(6))
>  #define  HACE_ALGO_SHA384(BIT(5) | BIT(6) | BIT(10))
>  #define  HACE_SG_EN  BIT(18)
> +#define  HACE_ACCUM_EN   BIT(8)
>
>  #define HACE_STS 0x1c
>  #define  HACE_RSA_ISRBIT(13)
> @@ -96,6 +97,57 @@ static const uint8_t test_result_sg_sha256[] = {
>  0x55, 0x1e, 0x1e, 0xc5, 0x80, 0xdd, 0x6d, 0x5a, 0x6e, 0xcd, 0xe9, 0xf3,
>  0xd3, 0x5e, 0x6e, 0x4a, 0x71, 0x7f, 0xbd, 0xe4};
>
> +/*
> + * The accumulative mode requires firmware to provide internal initial state
> + * and message padding (including length L at the end of padding).
> + *
> + * This test vector is a ascii text "abc" with padding message.
> + *
> + * Expected results were generated using command line utitiles:
> + *
> + *  echo -n -e 'abc' | dd of=/tmp/test
> + *  for hash in sha512sum sha256sum; do $hash /tmp/test; done
> + */
> +static const uint8_t test_vector_accum_512[] = {
> +0x61, 0x62, 0x63, 0x80, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18};
> +
> +static const uint8_t test_vector_accum_256[] = {
> +0x61, 0x62, 0x63, 0x80, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18};
> +
> +static const uint8_t test_result_accum_sha512[] = {
> +0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49,
> +0xae, 0x20, 0x41, 0x31, 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2,
> +0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a, 0x21, 0x92, 0x99, 0x2a,
> +0x27, 0x4f, 0xc1, 0xa8, 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
> +0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, 0x2a, 0x9a, 0xc9, 0x4f,
> +0xa5, 0x4c, 0xa4, 0x9f};
> +
> +static const uint8_t test_result_accum_sha256[] = {
> +0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde,
> +0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
> +0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad};
>
>  static void write_regs(QTestState *s, uint32_t base, uint32_t src,
> uint32_t length, uint32_t out, uint32_t method)
> @@ -308,6 +360,86 @@ static void test_sha512_sg(const char *machine, const 
> uint32_t base,
>  qtest_quit(s);
>  }
>
> +static void test_sha256_accum(const char *machine, const uint32_t base,
> +const uint32_t src_addr)
> +{
> +QTestState *s = qtest_init(machine);
> +
> +const uint32_t buffer_addr = src_addr + 0x100;
> +const uint32_t digest_addr = src_addr + 0x400;
> +uint8_t digest[32] = {0};
> +struct AspeedSgList array[] = {
> +{  cpu_to_le32(sizeof(test_vector_accum_256) | SG_LIST_LEN_LAST),
> +   cpu_to_le32(buffer_addr) },
> +};
> +
> +/* Check engine is idle, no busy or irq bits set */
> +g_assert_cmphex(qtest_readl(s, base + HACE_STS), ==, 0);
> +
> +/* Write test vector into memory */
> +qtest_memwrite(s, buffer_addr, test_vector_accum_256, 
> sizeof(test_vector_accum_256));
> +qtest_memwrite(s, src_addr, array, sizeof(array)

RE: [PATCH v4 06/12] target/riscv: Support start kernel directly by KVM

[Jiangyifei via]

> -Original Message-
> From: Alistair Francis [mailto:alistai...@gmail.com]
> Sent: Tuesday, January 11, 2022 8:28 AM
> To: Jiangyifei 
> Cc: qemu-devel@nongnu.org Developers ; open
> list:RISC-V ; kvm-ri...@lists.infradead.org; open
> list:Overall ; libvir-l...@redhat.com; Anup Patel
> ; Palmer Dabbelt ; Alistair
> Francis ; Bin Meng ;
> Fanliang (EulerOS) ; Wubin (H)
> ; Wanghaibin (D) ;
> wanbo (G) ; limingwang (A)
> 
> Subject: Re: [PATCH v4 06/12] target/riscv: Support start kernel directly by 
> KVM
> 
> On Mon, Jan 10, 2022 at 11:52 AM Yifei Jiang via 
> wrote:
> >
> > Get kernel and fdt start address in virt.c, and pass them to KVM when
> > cpu reset. Add kvm_riscv.h to place riscv specific interface.
> >
> > In addition, PLIC is created without M-mode PLIC contexts when KVM is
> > enabled.
> >
> > Signed-off-by: Yifei Jiang 
> > Signed-off-by: Mingwang Li 
> > Reviewed-by: Alistair Francis 
> > ---
> >  hw/intc/sifive_plic.c| 21 +++---
> >  hw/riscv/boot.c  | 16 +++-
> >  hw/riscv/virt.c  | 83 
> >  include/hw/riscv/boot.h  |  1 +
> >  target/riscv/cpu.c   |  8 
> >  target/riscv/cpu.h   |  3 ++
> >  target/riscv/kvm-stub.c  | 25 
> >  target/riscv/kvm.c   | 14 +++
> >  target/riscv/kvm_riscv.h | 24   target/riscv/meson.build
> > |  2 +-
> >  10 files changed, 164 insertions(+), 33 deletions(-)  create mode
> > 100644 target/riscv/kvm-stub.c  create mode 100644
> > target/riscv/kvm_riscv.h
> >
> > diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c index
> > 877e76877c..58c16881cb 100644
> > --- a/hw/intc/sifive_plic.c
> > +++ b/hw/intc/sifive_plic.c
> > @@ -30,6 +30,7 @@
> >  #include "target/riscv/cpu.h"
> >  #include "migration/vmstate.h"
> >  #include "hw/irq.h"
> > +#include "sysemu/kvm.h"
> >
> >  #define RISCV_DEBUG_PLIC 0
> >
> > @@ -533,6 +534,8 @@ DeviceState *sifive_plic_create(hwaddr addr, char
> > *hart_config,  {
> >  DeviceState *dev = qdev_new(TYPE_SIFIVE_PLIC);
> >  int i;
> > +SiFivePLICState *plic;
> > +int s_count = 0, m_count = 0;
> >
> >  assert(enable_stride == (enable_stride & -enable_stride));
> >  assert(context_stride == (context_stride & -context_stride)); @@
> > -550,13 +553,19 @@ DeviceState *sifive_plic_create(hwaddr addr, char
> *hart_config,
> >  sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
> >  sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, addr);
> >
> > -for (i = 0; i < num_harts; i++) {
> > -CPUState *cpu = qemu_get_cpu(hartid_base + i);
> > +plic = SIFIVE_PLIC(dev);
> > +for (i = 0; i < plic->num_addrs; i++) {
> > +CPUState *cpu = qemu_get_cpu(plic->addr_config[i].hartid);
> >
> > -qdev_connect_gpio_out(dev, i,
> > -  qdev_get_gpio_in(DEVICE(cpu),
> IRQ_S_EXT));
> > -qdev_connect_gpio_out(dev, num_harts + i,
> > -  qdev_get_gpio_in(DEVICE(cpu),
> IRQ_M_EXT));
> > +if (plic->addr_config[i].mode == PLICMode_S) {
> > +qdev_connect_gpio_out(dev, s_count++,
> > +  qdev_get_gpio_in(DEVICE(cpu),
> IRQ_S_EXT));
> > +}
> > +
> > +if (plic->addr_config[i].mode == PLICMode_M) {
> > +qdev_connect_gpio_out(dev, num_harts + m_count++,
> > +  qdev_get_gpio_in(DEVICE(cpu),
> IRQ_M_EXT));
> > +}
> >  }
> 
> This PLIC change breaks my 5.11.0 buildroot test case on the SiFive U board
> 
> The boot process just hangs at:
> 
> [0.542798] usbcore: registered new interface driver usbhid
> [0.543021] usbhid: USB HID core driver
> [0.544584] NET: Registered protocol family 10
> [4.054768] Segment Routing with IPv6
> [4.055325] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
> [4.057956] NET: Registered protocol family 17
> [4.059327] 9pnet: Installing 9P2000 support
> [4.059787] Key type dns_resolver registered
> [4.060515] debug_vm_pgtable: [debug_vm_pgtable ]:
> Validating architecture page table helpers
> [4.078710] macb 1009.ethernet eth0: PHY
> [1009.ethernet-:00] driver [Generic PHY] (irq=POLL)
> [4.079454] macb 1009.ethernet eth0: configuring for phy/gmii link
> mode
> [4.087031] macb 1009.ethernet eth0: Link is Up - 1Gbps/Full -
> flow control tx
> [4.094634] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
> 
> Alistair

SiFive-u machine cpu 0 is the management hart that does not have S-mode.
The logic here causes an offset of the PLIC S-mode context. When the kernel
driver enables the CPU 1 S-mode interrupt, it shifts to CPU 0. As a result,
the interrupt is lost.

I will fix this bug in the next series.

Yifei

RE: [PATCH v4 02/12] target/riscv: Add target/riscv/kvm.c to place the public kvm interface

[Jiangyifei via]

> -Original Message-
> From: Alistair Francis [mailto:alistai...@gmail.com]
> Sent: Tuesday, January 11, 2022 7:10 AM
> To: Jiangyifei 
> Cc: qemu-devel@nongnu.org Developers ; open
> list:RISC-V ; kvm-ri...@lists.infradead.org; open
> list:Overall ; libvir-l...@redhat.com; Anup Patel
> ; Palmer Dabbelt ; Alistair
> Francis ; Bin Meng ;
> Fanliang (EulerOS) ; Wubin (H)
> ; Wanghaibin (D) ;
> wanbo (G) ; limingwang (A)
> ; Anup Patel 
> Subject: Re: [PATCH v4 02/12] target/riscv: Add target/riscv/kvm.c to place 
> the
> public kvm interface
> 
> On Mon, Jan 10, 2022 at 11:48 AM Yifei Jiang via 
> wrote:
> >
> > Add target/riscv/kvm.c to place kvm_arch_* function needed by
> > kvm/kvm-all.c. Meanwhile, add kvm support in meson.build file.
> >
> > Signed-off-by: Yifei Jiang 
> > Signed-off-by: Mingwang Li 
> > Reviewed-by: Alistair Francis 
> > Reviewed-by: Anup Patel 
> > ---
> >  meson.build  |   2 +
> >  target/riscv/kvm.c   | 133
> +++
> >  target/riscv/meson.build |   1 +
> >  3 files changed, 136 insertions(+)
> >  create mode 100644 target/riscv/kvm.c
> >
> > diff --git a/meson.build b/meson.build index 53065e96ec..7eaec31a3a
> > 100644
> > --- a/meson.build
> > +++ b/meson.build
> > @@ -90,6 +90,8 @@ elif cpu in ['ppc', 'ppc64']
> >kvm_targets = ['ppc-softmmu', 'ppc64-softmmu']  elif cpu in
> > ['mips', 'mips64']
> >kvm_targets = ['mips-softmmu', 'mipsel-softmmu', 'mips64-softmmu',
> > 'mips64el-softmmu']
> > +elif cpu in ['riscv']
> > +  kvm_targets = ['riscv32-softmmu', 'riscv64-softmmu']
> >  else
> >kvm_targets = []
> >  endif
> 
> Can you add this as a separate commit at the end of the series?
> 
> That way we have implemented KVM support before we enable it for users.
> 
> Alistair

Yes, that makes sense.

Yifei

[PATCH v5 02/13] target/riscv: Add target/riscv/kvm.c to place the public kvm interface

[Yifei Jiang via]

Add target/riscv/kvm.c to place kvm_arch_* function needed by
kvm/kvm-all.c.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Alistair Francis 
Reviewed-by: Anup Patel 
---
 target/riscv/kvm.c   | 133 +++
 target/riscv/meson.build |   1 +
 2 files changed, 134 insertions(+)
 create mode 100644 target/riscv/kvm.c

diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
new file mode 100644
index 00..687dd4b621
--- /dev/null
+++ b/target/riscv/kvm.c
@@ -0,0 +1,133 @@
+/*
+ * RISC-V implementation of KVM hooks
+ *
+ * Copyright (c) 2020 Huawei Technologies Co., Ltd
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include 
+
+#include 
+
+#include "qemu-common.h"
+#include "qemu/timer.h"
+#include "qemu/error-report.h"
+#include "qemu/main-loop.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/kvm.h"
+#include "sysemu/kvm_int.h"
+#include "cpu.h"
+#include "trace.h"
+#include "hw/pci/pci.h"
+#include "exec/memattrs.h"
+#include "exec/address-spaces.h"
+#include "hw/boards.h"
+#include "hw/irq.h"
+#include "qemu/log.h"
+#include "hw/loader.h"
+
+const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
+KVM_CAP_LAST_INFO
+};
+
+int kvm_arch_get_registers(CPUState *cs)
+{
+return 0;
+}
+
+int kvm_arch_put_registers(CPUState *cs, int level)
+{
+return 0;
+}
+
+int kvm_arch_release_virq_post(int virq)
+{
+return 0;
+}
+
+int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry *route,
+ uint64_t address, uint32_t data, PCIDevice *dev)
+{
+return 0;
+}
+
+int kvm_arch_destroy_vcpu(CPUState *cs)
+{
+return 0;
+}
+
+unsigned long kvm_arch_vcpu_id(CPUState *cpu)
+{
+return cpu->cpu_index;
+}
+
+void kvm_arch_init_irq_routing(KVMState *s)
+{
+}
+
+int kvm_arch_init_vcpu(CPUState *cs)
+{
+return 0;
+}
+
+int kvm_arch_msi_data_to_gsi(uint32_t data)
+{
+abort();
+}
+
+int kvm_arch_add_msi_route_post(struct kvm_irq_routing_entry *route,
+int vector, PCIDevice *dev)
+{
+return 0;
+}
+
+int kvm_arch_init(MachineState *ms, KVMState *s)
+{
+return 0;
+}
+
+int kvm_arch_irqchip_create(KVMState *s)
+{
+return 0;
+}
+
+int kvm_arch_process_async_events(CPUState *cs)
+{
+return 0;
+}
+
+void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
+{
+}
+
+MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
+{
+return MEMTXATTRS_UNSPECIFIED;
+}
+
+bool kvm_arch_stop_on_emulation_error(CPUState *cs)
+{
+return true;
+}
+
+int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
+{
+return 0;
+}
+
+bool kvm_arch_cpu_check_are_resettable(void)
+{
+return true;
+}
diff --git a/target/riscv/meson.build b/target/riscv/meson.build
index a32158da93..95340b44aa 100644
--- a/target/riscv/meson.build
+++ b/target/riscv/meson.build
@@ -20,6 +20,7 @@ riscv_ss.add(files(
   'translate.c',
   'm128_helper.c'
 ))
+riscv_ss.add(when: 'CONFIG_KVM', if_true: files('kvm.c'))
 
 riscv_softmmu_ss = ss.source_set()
 riscv_softmmu_ss.add(files(
-- 
2.19.1

[PATCH v5 04/13] target/riscv: Implement kvm_arch_get_registers

[Yifei Jiang via]

Get GPR CSR and FP registers from kvm by KVM_GET_ONE_REG ioctl.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Alistair Francis 
Reviewed-by: Anup Patel 
---
 target/riscv/kvm.c | 112 -
 1 file changed, 111 insertions(+), 1 deletion(-)

diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
index 9e66b4a97f..039af22125 100644
--- a/target/riscv/kvm.c
+++ b/target/riscv/kvm.c
@@ -56,13 +56,123 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, 
uint64_t type,
 return id;
 }
 
+#define RISCV_CORE_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, \
+ KVM_REG_RISCV_CORE_REG(name))
+
+#define RISCV_CSR_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_CSR, \
+ KVM_REG_RISCV_CSR_REG(name))
+
+#define RISCV_FP_F_REG(env, idx)  kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_F, 
idx)
+
+#define RISCV_FP_D_REG(env, idx)  kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_D, 
idx)
+
+#define KVM_RISCV_GET_CSR(cs, env, csr, reg) \
+do { \
+int ret = kvm_get_one_reg(cs, RISCV_CSR_REG(env, csr), ®); \
+if (ret) { \
+return ret; \
+} \
+} while (0)
+
+static int kvm_riscv_get_regs_core(CPUState *cs)
+{
+int ret = 0;
+int i;
+target_ulong reg;
+CPURISCVState *env = &RISCV_CPU(cs)->env;
+
+ret = kvm_get_one_reg(cs, RISCV_CORE_REG(env, regs.pc), ®);
+if (ret) {
+return ret;
+}
+env->pc = reg;
+
+for (i = 1; i < 32; i++) {
+uint64_t id = kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, i);
+ret = kvm_get_one_reg(cs, id, ®);
+if (ret) {
+return ret;
+}
+env->gpr[i] = reg;
+}
+
+return ret;
+}
+
+static int kvm_riscv_get_regs_csr(CPUState *cs)
+{
+int ret = 0;
+CPURISCVState *env = &RISCV_CPU(cs)->env;
+
+KVM_RISCV_GET_CSR(cs, env, sstatus, env->mstatus);
+KVM_RISCV_GET_CSR(cs, env, sie, env->mie);
+KVM_RISCV_GET_CSR(cs, env, stvec, env->stvec);
+KVM_RISCV_GET_CSR(cs, env, sscratch, env->sscratch);
+KVM_RISCV_GET_CSR(cs, env, sepc, env->sepc);
+KVM_RISCV_GET_CSR(cs, env, scause, env->scause);
+KVM_RISCV_GET_CSR(cs, env, stval, env->stval);
+KVM_RISCV_GET_CSR(cs, env, sip, env->mip);
+KVM_RISCV_GET_CSR(cs, env, satp, env->satp);
+return ret;
+}
+
+static int kvm_riscv_get_regs_fp(CPUState *cs)
+{
+int ret = 0;
+int i;
+CPURISCVState *env = &RISCV_CPU(cs)->env;
+
+if (riscv_has_ext(env, RVD)) {
+uint64_t reg;
+for (i = 0; i < 32; i++) {
+ret = kvm_get_one_reg(cs, RISCV_FP_D_REG(env, i), ®);
+if (ret) {
+return ret;
+}
+env->fpr[i] = reg;
+}
+return ret;
+}
+
+if (riscv_has_ext(env, RVF)) {
+uint32_t reg;
+for (i = 0; i < 32; i++) {
+ret = kvm_get_one_reg(cs, RISCV_FP_F_REG(env, i), ®);
+if (ret) {
+return ret;
+}
+env->fpr[i] = reg;
+}
+return ret;
+}
+
+return ret;
+}
+
 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 KVM_CAP_LAST_INFO
 };
 
 int kvm_arch_get_registers(CPUState *cs)
 {
-return 0;
+int ret = 0;
+
+ret = kvm_riscv_get_regs_core(cs);
+if (ret) {
+return ret;
+}
+
+ret = kvm_riscv_get_regs_csr(cs);
+if (ret) {
+return ret;
+}
+
+ret = kvm_riscv_get_regs_fp(cs);
+if (ret) {
+return ret;
+}
+
+return ret;
 }
 
 int kvm_arch_put_registers(CPUState *cs, int level)
-- 
2.19.1

Re: [PATCH v2 1/2] hw/misc: Supporting AST2600 HACE accumulative mode

[Troy Lee]

[ Adding Klaus ]

Sorry I forgot to add Klaus to the CC list.

On Wed, Jan 12, 2022 at 4:10 PM Troy Lee  wrote:
>
> Accumulative mode will supply a initial state and append padding bit at
> the end of hash stream.  However, the crypto library will padding those
> bit automatically, so ripped it off from iov array.
>
> The aspeed ast2600 acculumative mode is described in datasheet
> ast2600v10.pdf section 25.6.4:
>  1. Allocationg and initiating accumulative hash digest write buffer
> with initial state.
> * Since QEMU crypto/hash api doesn't provide the API to set initial
>   state of hash library, and the initial state is already setted by
>   crypto library (gcrypt/glib/...), so skip this step.
>  2. Calculating accumulative hash digest.
> (a) When receiving the last accumulative data, software need to add
> padding message at the end of the accumulative data. Padding
> message described in specific of MD5, SHA-1, SHA224, SHA256,
> SHA512, SHA512/224, SHA512/256.
> * Since the crypto library (gcrypt/glib) already pad the
>   padding message internally.
> * This patch is to remove the padding message which fed byguest
>   machine driver.
>
> Changes in v2:
> - Coding style
> - Add accumulative mode description in comment
>
> Signed-off-by: Troy Lee 
> ---
>  hw/misc/aspeed_hace.c | 43 ---
>  include/hw/misc/aspeed_hace.h |  1 +
>  2 files changed, 36 insertions(+), 8 deletions(-)
>
> diff --git a/hw/misc/aspeed_hace.c b/hw/misc/aspeed_hace.c
> index 10f00e65f4..0710f44621 100644
> --- a/hw/misc/aspeed_hace.c
> +++ b/hw/misc/aspeed_hace.c
> @@ -11,6 +11,7 @@
>  #include "qemu/osdep.h"
>  #include "qemu/log.h"
>  #include "qemu/error-report.h"
> +#include "qemu/bswap.h"
>  #include "hw/misc/aspeed_hace.h"
>  #include "qapi/error.h"
>  #include "migration/vmstate.h"
> @@ -27,6 +28,7 @@
>
>  #define R_HASH_SRC  (0x20 / 4)
>  #define R_HASH_DEST (0x24 / 4)
> +#define R_HASH_KEY_BUFF (0x28 / 4)
>  #define R_HASH_SRC_LEN  (0x2c / 4)
>
>  #define R_HASH_CMD  (0x30 / 4)
> @@ -94,7 +96,8 @@ static int hash_algo_lookup(uint32_t reg)
>  return -1;
>  }
>
> -static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode)
> +static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode,
> +  bool acc_mode)
>  {
>  struct iovec iov[ASPEED_HACE_MAX_SG];
>  g_autofree uint8_t *digest_buf;
> @@ -103,6 +106,7 @@ static void do_hash_operation(AspeedHACEState *s, int 
> algo, bool sg_mode)
>
>  if (sg_mode) {
>  uint32_t len = 0;
> +uint32_t total_len = 0;
>
>  for (i = 0; !(len & SG_LIST_LEN_LAST); i++) {
>  uint32_t addr, src;
> @@ -123,10 +127,26 @@ static void do_hash_operation(AspeedHACEState *s, int 
> algo, bool sg_mode)
>  MEMTXATTRS_UNSPECIFIED, NULL);
>  addr &= SG_LIST_ADDR_MASK;
>
> -iov[i].iov_len = len & SG_LIST_LEN_MASK;
> -plen = iov[i].iov_len;
> +plen = len & SG_LIST_LEN_MASK;
>  iov[i].iov_base = address_space_map(&s->dram_as, addr, &plen, 
> false,
>  MEMTXATTRS_UNSPECIFIED);
> +
> +if (acc_mode) {
> +total_len += plen;
> +
> +if (len & SG_LIST_LEN_LAST) {
> +/*
> + * In the padding message, the last 64/128 bit represents
> + * the total length of bitstream in big endian.
> + * SHA-224, SHA-256 are 64 bit
> + * SHA-384, SHA-512, SHA-512/224, SHA-512/256 are 128 bit
> + * However, we would not process such a huge bit stream.
> + */
> +plen -= total_len - (ldq_be_p(iov[i].iov_base + plen - 
> 8) / 8);
> +}
> +}
> +
> +iov[i].iov_len = plen;
>  }
>  } else {
>  hwaddr len = s->regs[R_HASH_SRC_LEN];
> @@ -210,6 +230,9 @@ static void aspeed_hace_write(void *opaque, hwaddr addr, 
> uint64_t data,
>  case R_HASH_DEST:
>  data &= ahc->dest_mask;
>  break;
> +case R_HASH_KEY_BUFF:
> +data &= ahc->key_mask;
> +break;
>  case R_HASH_SRC_LEN:
>  data &= 0x0FFF;
>  break;
> @@ -229,12 +252,13 @@ static void aspeed_hace_write(void *opaque, hwaddr 
> addr, uint64_t data,
>  }
>  algo = hash_algo_lookup(data);
>  if (algo < 0) {
> -qemu_log_mask(LOG_GUEST_ERROR,
> -"%s: Invalid hash algorithm selection 0x%"PRIx64"\n",
> -__func__, data & ahc->hash_mask);
> -break;
> +qemu_log_mask(LOG_GUEST_ERROR,
> +"%s: Invalid hash algorithm selection 0x%"PRIx64"\n",
> +__func__, data & ahc-

[PATCH v5 01/13] update-linux-headers: Add asm-riscv/kvm.h

[Yifei Jiang via]

Add asm-riscv/kvm.h for RISC-V KVM.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Acked-by: Alistair Francis 
Reviewed-by: Anup Patel 
---
 linux-headers/asm-riscv/kvm.h | 128 ++
 1 file changed, 128 insertions(+)
 create mode 100644 linux-headers/asm-riscv/kvm.h

diff --git a/linux-headers/asm-riscv/kvm.h b/linux-headers/asm-riscv/kvm.h
new file mode 100644
index 00..f808ad1ce5
--- /dev/null
+++ b/linux-headers/asm-riscv/kvm.h
@@ -0,0 +1,128 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+/*
+ * Copyright (C) 2019 Western Digital Corporation or its affiliates.
+ *
+ * Authors:
+ * Anup Patel 
+ */
+
+#ifndef __LINUX_KVM_RISCV_H
+#define __LINUX_KVM_RISCV_H
+
+#ifndef __ASSEMBLY__
+
+#include 
+#include 
+
+#define __KVM_HAVE_READONLY_MEM
+
+#define KVM_COALESCED_MMIO_PAGE_OFFSET 1
+
+#define KVM_INTERRUPT_SET  -1U
+#define KVM_INTERRUPT_UNSET-2U
+
+/* for KVM_GET_REGS and KVM_SET_REGS */
+struct kvm_regs {
+};
+
+/* for KVM_GET_FPU and KVM_SET_FPU */
+struct kvm_fpu {
+};
+
+/* KVM Debug exit structure */
+struct kvm_debug_exit_arch {
+};
+
+/* for KVM_SET_GUEST_DEBUG */
+struct kvm_guest_debug_arch {
+};
+
+/* definition of registers in kvm_run */
+struct kvm_sync_regs {
+};
+
+/* for KVM_GET_SREGS and KVM_SET_SREGS */
+struct kvm_sregs {
+};
+
+/* CONFIG registers for KVM_GET_ONE_REG and KVM_SET_ONE_REG */
+struct kvm_riscv_config {
+   unsigned long isa;
+};
+
+/* CORE registers for KVM_GET_ONE_REG and KVM_SET_ONE_REG */
+struct kvm_riscv_core {
+   struct user_regs_struct regs;
+   unsigned long mode;
+};
+
+/* Possible privilege modes for kvm_riscv_core */
+#define KVM_RISCV_MODE_S   1
+#define KVM_RISCV_MODE_U   0
+
+/* CSR registers for KVM_GET_ONE_REG and KVM_SET_ONE_REG */
+struct kvm_riscv_csr {
+   unsigned long sstatus;
+   unsigned long sie;
+   unsigned long stvec;
+   unsigned long sscratch;
+   unsigned long sepc;
+   unsigned long scause;
+   unsigned long stval;
+   unsigned long sip;
+   unsigned long satp;
+   unsigned long scounteren;
+};
+
+/* TIMER registers for KVM_GET_ONE_REG and KVM_SET_ONE_REG */
+struct kvm_riscv_timer {
+   __u64 frequency;
+   __u64 time;
+   __u64 compare;
+   __u64 state;
+};
+
+/* Possible states for kvm_riscv_timer */
+#define KVM_RISCV_TIMER_STATE_OFF  0
+#define KVM_RISCV_TIMER_STATE_ON   1
+
+#define KVM_REG_SIZE(id)   \
+   (1U << (((id) & KVM_REG_SIZE_MASK) >> KVM_REG_SIZE_SHIFT))
+
+/* If you need to interpret the index values, here is the key: */
+#define KVM_REG_RISCV_TYPE_MASK0xFF00
+#define KVM_REG_RISCV_TYPE_SHIFT   24
+
+/* Config registers are mapped as type 1 */
+#define KVM_REG_RISCV_CONFIG   (0x01 << KVM_REG_RISCV_TYPE_SHIFT)
+#define KVM_REG_RISCV_CONFIG_REG(name) \
+   (offsetof(struct kvm_riscv_config, name) / sizeof(unsigned long))
+
+/* Core registers are mapped as type 2 */
+#define KVM_REG_RISCV_CORE (0x02 << KVM_REG_RISCV_TYPE_SHIFT)
+#define KVM_REG_RISCV_CORE_REG(name)   \
+   (offsetof(struct kvm_riscv_core, name) / sizeof(unsigned long))
+
+/* Control and status registers are mapped as type 3 */
+#define KVM_REG_RISCV_CSR  (0x03 << KVM_REG_RISCV_TYPE_SHIFT)
+#define KVM_REG_RISCV_CSR_REG(name)\
+   (offsetof(struct kvm_riscv_csr, name) / sizeof(unsigned long))
+
+/* Timer registers are mapped as type 4 */
+#define KVM_REG_RISCV_TIMER(0x04 << KVM_REG_RISCV_TYPE_SHIFT)
+#define KVM_REG_RISCV_TIMER_REG(name)  \
+   (offsetof(struct kvm_riscv_timer, name) / sizeof(__u64))
+
+/* F extension registers are mapped as type 5 */
+#define KVM_REG_RISCV_FP_F (0x05 << KVM_REG_RISCV_TYPE_SHIFT)
+#define KVM_REG_RISCV_FP_F_REG(name)   \
+   (offsetof(struct __riscv_f_ext_state, name) / sizeof(__u32))
+
+/* D extension registers are mapped as type 6 */
+#define KVM_REG_RISCV_FP_D (0x06 << KVM_REG_RISCV_TYPE_SHIFT)
+#define KVM_REG_RISCV_FP_D_REG(name)   \
+   (offsetof(struct __riscv_d_ext_state, name) / sizeof(__u64))
+
+#endif
+
+#endif /* __LINUX_KVM_RISCV_H */
-- 
2.19.1

[PATCH v5 07/13] target/riscv: Support setting external interrupt by KVM

[Yifei Jiang via]

When KVM is enabled, set the S-mode external interrupt through
kvm_riscv_set_irq function.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Alistair Francis 
Reviewed-by: Anup Patel 
---
 target/riscv/cpu.c   |  6 +-
 target/riscv/kvm-stub.c  |  5 +
 target/riscv/kvm.c   | 17 +
 target/riscv/kvm_riscv.h |  1 +
 4 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index a6922dde05..53b0524830 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -630,7 +630,11 @@ static void riscv_cpu_set_irq(void *opaque, int irq, int 
level)
 case IRQ_S_EXT:
 case IRQ_VS_EXT:
 case IRQ_M_EXT:
-riscv_cpu_update_mip(cpu, 1 << irq, BOOL_TO_MASK(level));
+if (kvm_enabled()) {
+kvm_riscv_set_irq(cpu, irq, level);
+} else {
+riscv_cpu_update_mip(cpu, 1 << irq, BOOL_TO_MASK(level));
+}
 break;
 default:
 g_assert_not_reached();
diff --git a/target/riscv/kvm-stub.c b/target/riscv/kvm-stub.c
index 39b96fe3f4..4e8fc31a21 100644
--- a/target/riscv/kvm-stub.c
+++ b/target/riscv/kvm-stub.c
@@ -23,3 +23,8 @@ void kvm_riscv_reset_vcpu(RISCVCPU *cpu)
 {
 abort();
 }
+
+void kvm_riscv_set_irq(RISCVCPU *cpu, int irq, int level)
+{
+abort();
+}
diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
index d5c6a9d41a..0ba64795d5 100644
--- a/target/riscv/kvm.c
+++ b/target/riscv/kvm.c
@@ -385,6 +385,23 @@ void kvm_riscv_reset_vcpu(RISCVCPU *cpu)
 env->satp = 0;
 }
 
+void kvm_riscv_set_irq(RISCVCPU *cpu, int irq, int level)
+{
+int ret;
+unsigned virq = level ? KVM_INTERRUPT_SET : KVM_INTERRUPT_UNSET;
+
+if (irq != IRQ_S_EXT) {
+perror("kvm riscv set irq != IRQ_S_EXT\n");
+abort();
+}
+
+ret = kvm_vcpu_ioctl(CPU(cpu), KVM_INTERRUPT, &virq);
+if (ret < 0) {
+perror("Set irq failed");
+abort();
+}
+}
+
 bool kvm_arch_cpu_check_are_resettable(void)
 {
 return true;
diff --git a/target/riscv/kvm_riscv.h b/target/riscv/kvm_riscv.h
index f38c82bf59..ed281bdce0 100644
--- a/target/riscv/kvm_riscv.h
+++ b/target/riscv/kvm_riscv.h
@@ -20,5 +20,6 @@
 #define QEMU_KVM_RISCV_H
 
 void kvm_riscv_reset_vcpu(RISCVCPU *cpu);
+void kvm_riscv_set_irq(RISCVCPU *cpu, int irq, int level);
 
 #endif
-- 
2.19.1

[PATCH v5 00/13] Add riscv kvm accel support

[Yifei Jiang via]

This series adds both riscv32 and riscv64 kvm support, and implements
migration based on riscv.

Because of RISC-V KVM has been merged into the Linux master, so this
series are changed from RFC to patch.

Several steps to use this:
1. Build emulation
$ ./configure --target-list=riscv64-softmmu
$ make -j$(nproc)

2. Build kernel

3. Build QEMU VM
Cross built in riscv toolchain.
$ PKG_CONFIG_LIBDIR=
$ export PKG_CONFIG_SYSROOT_DIR=
$ ./configure --target-list=riscv64-softmmu --enable-kvm \
--cross-prefix=riscv64-linux-gnu- --disable-libiscsi --disable-glusterfs \
--disable-libusb --disable-usb-redir --audio-drv-list= --disable-opengl \
--disable-libxml2
$ make -j$(nproc)

4. Start emulation
$ ./qemu-system-riscv64 -M virt -m 4096M -cpu rv64 -nographic \
-name guest=riscv-hyp,debug-threads=on \
-smp 4 \
-bios ./fw_jump.bin \
-kernel ./Image \
-drive file=./hyp.img,format=raw,id=hd0 \
-device virtio-blk-device,drive=hd0 \
-append "root=/dev/vda rw console=ttyS0 earlycon=sbi"

5. Start kvm-acceled QEMU VM in emulation
$ ./qemu-system-riscv64 -M virt,accel=kvm -m 1024M -cpu host -nographic \
-name guest=riscv-guset \
-smp 2 \
-bios none \
-kernel ./Image \
-drive file=./guest.img,format=raw,id=hd0 \
-device virtio-blk-device,drive=hd0 \
-append "root=/dev/vda rw console=ttyS0 earlycon=sbi"

Changes since patch v4
- Commit enable kvm accel as an independent patch.
- Bugfix some checkpatch errors.
- Bugfix lost a interrupt in the sifive_u machine.

Changes since patch v3
- Re-write the for-loop in sifive_plic_create().
- Drop unnecessary change in hw/riscv/virt.c.
- Use serial to handle console sbi call.

Changes since patch v2
- Create a macro for get and put timer csr.
- Remove M-mode PLIC contexts when kvm is enabled.
- Add get timer frequency.
- Move cpu_host_load to vmstate_kvmtimer.

Changes since patch v1
- Rebase on recent commit a216e7cf119c91ffdf5931834a1a030ebea40d70
- Sync-up headers with Linux-5.16-rc4.
- Fixbug in kvm_arch_init_vcpu.
- Create a macro for get and put regs csr.
- Start kernel directly when kvm_enabled.
- Use riscv_cpu_set_irq to inject KVM interrupts.
- Use the Semihosting Console API for RISC-V kvm handle sbi.
- Update vmstate_riscv_cpu version id.
  Placing kvm_timer into a subsection.

Changes since RFC v6
- Rebase on recent commit 8627edfb3f1fca24a96a0954148885c3241c10f8
- Sync-up headers with Linux-5.16-rc1

Changes since RFC v5
- Rebase on QEMU v6.1.0-rc1 and kvm-riscv linux v19.
- Move kvm interrupt setting to riscv_cpu_update_mip().
- Replace __u64 with uint64_t.

Changes since RFC v4
- Rebase on QEMU v6.0.0-rc2 and kvm-riscv linux v17.
- Remove time scaling support as software solution is incomplete.
  Because it will cause unacceptable performance degradation. and
  We will post a better solution.
- Revise according to Alistair's review comments.
  - Remove compile time XLEN checks in kvm_riscv_reg_id
  - Surround TYPE_RISCV_CPU_HOST definition by CONFIG_KVM and share
it between RV32 and RV64.
  - Add kvm-stub.c for reduce unnecessary compilation checks.
  - Add riscv_setup_direct_kernel() to direct boot kernel for KVM.

Changes since RFC v3
- Rebase on QEMU v5.2.0-rc2 and kvm-riscv linux v15.
- Add time scaling support(New patches 13, 14 and 15).
- Fix the bug that guest vm can't reboot.

Changes since RFC v2
- Fix checkpatch error at target/riscv/sbi_ecall_interface.h.
- Add riscv migration support.

Changes since RFC v1
- Add separate SBI ecall interface header.
- Add riscv32 kvm accel support.

Yifei Jiang (13):
  update-linux-headers: Add asm-riscv/kvm.h
  target/riscv: Add target/riscv/kvm.c to place the public kvm interface
  target/riscv: Implement function kvm_arch_init_vcpu
  target/riscv: Implement kvm_arch_get_registers
  target/riscv: Implement kvm_arch_put_registers
  target/riscv: Support start kernel directly by KVM
  target/riscv: Support setting external interrupt by KVM
  target/riscv: Handle KVM_EXIT_RISCV_SBI exit
  target/riscv: Add host cpu type
  target/riscv: Add kvm_riscv_get/put_regs_timer
  target/riscv: Implement virtual time adjusting with vm state changing
  target/riscv: Support virtual time context synchronization
  target/riscv: enable riscv kvm accel

 hw/intc/sifive_plic.c  |  20 +-
 hw/riscv/boot.c|  16 +-
 hw/riscv/virt.c|  83 +++--
 include/hw/riscv/boot.h|   1 +
 linux-headers/asm-riscv/kvm.h  | 128 +++
 meson.build|   2 +
 target/riscv/cpu.c |  29 +-
 target/riscv/cpu.h |  11 +
 target/riscv/kvm-stub.c|  30 ++
 target/riscv/kvm.c | 535 +
 target/riscv/kvm_riscv.h   |  25 ++
 target/riscv/machine.c |  30 ++
 target/riscv/meson.build   |   1 +
 target/riscv/sbi_ecall_interface.h |  72 
 14 files changed, 951 ins

[PATCH v5 03/13] target/riscv: Implement function kvm_arch_init_vcpu

[Yifei Jiang via]

Get isa info from kvm while kvm init.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Alistair Francis 
Reviewed-by: Anup Patel 
---
 target/riscv/kvm.c | 34 +-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
index 687dd4b621..9e66b4a97f 100644
--- a/target/riscv/kvm.c
+++ b/target/riscv/kvm.c
@@ -38,6 +38,24 @@
 #include "qemu/log.h"
 #include "hw/loader.h"
 
+static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type,
+ uint64_t idx)
+{
+uint64_t id = KVM_REG_RISCV | type | idx;
+
+switch (riscv_cpu_mxl(env)) {
+case MXL_RV32:
+id |= KVM_REG_SIZE_U32;
+break;
+case MXL_RV64:
+id |= KVM_REG_SIZE_U64;
+break;
+default:
+g_assert_not_reached();
+}
+return id;
+}
+
 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 KVM_CAP_LAST_INFO
 };
@@ -79,7 +97,21 @@ void kvm_arch_init_irq_routing(KVMState *s)
 
 int kvm_arch_init_vcpu(CPUState *cs)
 {
-return 0;
+int ret = 0;
+target_ulong isa;
+RISCVCPU *cpu = RISCV_CPU(cs);
+CPURISCVState *env = &cpu->env;
+uint64_t id;
+
+id = kvm_riscv_reg_id(env, KVM_REG_RISCV_CONFIG,
+  KVM_REG_RISCV_CONFIG_REG(isa));
+ret = kvm_get_one_reg(cs, id, &isa);
+if (ret) {
+return ret;
+}
+env->misa_ext = isa;
+
+return ret;
 }
 
 int kvm_arch_msi_data_to_gsi(uint32_t data)
-- 
2.19.1

[PATCH v5 09/13] target/riscv: Add host cpu type

[Yifei Jiang via]

'host' type cpu is set isa to RV32 or RV64 simply, more isa info
will obtain from KVM in kvm_arch_init_vcpu()

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Alistair Francis 
Reviewed-by: Anup Patel 
---
 target/riscv/cpu.c | 15 +++
 target/riscv/cpu.h |  1 +
 2 files changed, 16 insertions(+)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 53b0524830..32879f1403 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -235,6 +235,18 @@ static void rv32_imafcu_nommu_cpu_init(Object *obj)
 }
 #endif
 
+#if defined(CONFIG_KVM)
+static void riscv_host_cpu_init(Object *obj)
+{
+CPURISCVState *env = &RISCV_CPU(obj)->env;
+#if defined(TARGET_RISCV32)
+set_misa(env, MXL_RV32, 0);
+#elif defined(TARGET_RISCV64)
+set_misa(env, MXL_RV64, 0);
+#endif
+}
+#endif
+
 static ObjectClass *riscv_cpu_class_by_name(const char *cpu_model)
 {
 ObjectClass *oc;
@@ -847,6 +859,9 @@ static const TypeInfo riscv_cpu_type_infos[] = {
 .class_init = riscv_cpu_class_init,
 },
 DEFINE_CPU(TYPE_RISCV_CPU_ANY,  riscv_any_cpu_init),
+#if defined(CONFIG_KVM)
+DEFINE_CPU(TYPE_RISCV_CPU_HOST, riscv_host_cpu_init),
+#endif
 #if defined(TARGET_RISCV32)
 DEFINE_CPU(TYPE_RISCV_CPU_BASE32,   rv32_base_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_IBEX, rv32_ibex_cpu_init),
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 8fa6fdcd77..73ced2116b 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -47,6 +47,7 @@
 #define TYPE_RISCV_CPU_SIFIVE_E51   RISCV_CPU_TYPE_NAME("sifive-e51")
 #define TYPE_RISCV_CPU_SIFIVE_U34   RISCV_CPU_TYPE_NAME("sifive-u34")
 #define TYPE_RISCV_CPU_SIFIVE_U54   RISCV_CPU_TYPE_NAME("sifive-u54")
+#define TYPE_RISCV_CPU_HOST RISCV_CPU_TYPE_NAME("host")
 
 #if defined(TARGET_RISCV32)
 # define TYPE_RISCV_CPU_BASETYPE_RISCV_CPU_BASE32
-- 
2.19.1

[PATCH v5 05/13] target/riscv: Implement kvm_arch_put_registers

[Yifei Jiang via]

Put GPR CSR and FP registers to kvm by KVM_SET_ONE_REG ioctl

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Alistair Francis 
Reviewed-by: Anup Patel 
---
 target/riscv/kvm.c | 104 -
 1 file changed, 103 insertions(+), 1 deletion(-)

diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
index 039af22125..dbaff53bf2 100644
--- a/target/riscv/kvm.c
+++ b/target/riscv/kvm.c
@@ -74,6 +74,14 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, 
uint64_t type,
 } \
 } while (0)
 
+#define KVM_RISCV_SET_CSR(cs, env, csr, reg) \
+do { \
+int ret = kvm_set_one_reg(cs, RISCV_CSR_REG(env, csr), ®); \
+if (ret) { \
+return ret; \
+} \
+} while (0)
+
 static int kvm_riscv_get_regs_core(CPUState *cs)
 {
 int ret = 0;
@@ -99,6 +107,31 @@ static int kvm_riscv_get_regs_core(CPUState *cs)
 return ret;
 }
 
+static int kvm_riscv_put_regs_core(CPUState *cs)
+{
+int ret = 0;
+int i;
+target_ulong reg;
+CPURISCVState *env = &RISCV_CPU(cs)->env;
+
+reg = env->pc;
+ret = kvm_set_one_reg(cs, RISCV_CORE_REG(env, regs.pc), ®);
+if (ret) {
+return ret;
+}
+
+for (i = 1; i < 32; i++) {
+uint64_t id = kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, i);
+reg = env->gpr[i];
+ret = kvm_set_one_reg(cs, id, ®);
+if (ret) {
+return ret;
+}
+}
+
+return ret;
+}
+
 static int kvm_riscv_get_regs_csr(CPUState *cs)
 {
 int ret = 0;
@@ -116,6 +149,24 @@ static int kvm_riscv_get_regs_csr(CPUState *cs)
 return ret;
 }
 
+static int kvm_riscv_put_regs_csr(CPUState *cs)
+{
+int ret = 0;
+CPURISCVState *env = &RISCV_CPU(cs)->env;
+
+KVM_RISCV_SET_CSR(cs, env, sstatus, env->mstatus);
+KVM_RISCV_SET_CSR(cs, env, sie, env->mie);
+KVM_RISCV_SET_CSR(cs, env, stvec, env->stvec);
+KVM_RISCV_SET_CSR(cs, env, sscratch, env->sscratch);
+KVM_RISCV_SET_CSR(cs, env, sepc, env->sepc);
+KVM_RISCV_SET_CSR(cs, env, scause, env->scause);
+KVM_RISCV_SET_CSR(cs, env, stval, env->stval);
+KVM_RISCV_SET_CSR(cs, env, sip, env->mip);
+KVM_RISCV_SET_CSR(cs, env, satp, env->satp);
+
+return ret;
+}
+
 static int kvm_riscv_get_regs_fp(CPUState *cs)
 {
 int ret = 0;
@@ -149,6 +200,40 @@ static int kvm_riscv_get_regs_fp(CPUState *cs)
 return ret;
 }
 
+static int kvm_riscv_put_regs_fp(CPUState *cs)
+{
+int ret = 0;
+int i;
+CPURISCVState *env = &RISCV_CPU(cs)->env;
+
+if (riscv_has_ext(env, RVD)) {
+uint64_t reg;
+for (i = 0; i < 32; i++) {
+reg = env->fpr[i];
+ret = kvm_set_one_reg(cs, RISCV_FP_D_REG(env, i), ®);
+if (ret) {
+return ret;
+}
+}
+return ret;
+}
+
+if (riscv_has_ext(env, RVF)) {
+uint32_t reg;
+for (i = 0; i < 32; i++) {
+reg = env->fpr[i];
+ret = kvm_set_one_reg(cs, RISCV_FP_F_REG(env, i), ®);
+if (ret) {
+return ret;
+}
+}
+return ret;
+}
+
+return ret;
+}
+
+
 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 KVM_CAP_LAST_INFO
 };
@@ -177,7 +262,24 @@ int kvm_arch_get_registers(CPUState *cs)
 
 int kvm_arch_put_registers(CPUState *cs, int level)
 {
-return 0;
+int ret = 0;
+
+ret = kvm_riscv_put_regs_core(cs);
+if (ret) {
+return ret;
+}
+
+ret = kvm_riscv_put_regs_csr(cs);
+if (ret) {
+return ret;
+}
+
+ret = kvm_riscv_put_regs_fp(cs);
+if (ret) {
+return ret;
+}
+
+return ret;
 }
 
 int kvm_arch_release_virq_post(int virq)
-- 
2.19.1

[PATCH v5 06/13] target/riscv: Support start kernel directly by KVM

[Yifei Jiang via]

Get kernel and fdt start address in virt.c, and pass them to KVM
when cpu reset. Add kvm_riscv.h to place riscv specific interface.

In addition, PLIC is created without M-mode PLIC contexts when KVM
is enabled.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Alistair Francis 
---
 hw/intc/sifive_plic.c| 20 +++---
 hw/riscv/boot.c  | 16 +++-
 hw/riscv/virt.c  | 83 
 include/hw/riscv/boot.h  |  1 +
 target/riscv/cpu.c   |  8 
 target/riscv/cpu.h   |  3 ++
 target/riscv/kvm-stub.c  | 25 
 target/riscv/kvm.c   | 14 +++
 target/riscv/kvm_riscv.h | 24 
 target/riscv/meson.build |  2 +-
 10 files changed, 164 insertions(+), 32 deletions(-)
 create mode 100644 target/riscv/kvm-stub.c
 create mode 100644 target/riscv/kvm_riscv.h

diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c
index 746c0f0343..eebbcf33d4 100644
--- a/hw/intc/sifive_plic.c
+++ b/hw/intc/sifive_plic.c
@@ -30,6 +30,7 @@
 #include "target/riscv/cpu.h"
 #include "migration/vmstate.h"
 #include "hw/irq.h"
+#include "sysemu/kvm.h"
 
 static bool addr_between(uint32_t addr, uint32_t base, uint32_t num)
 {
@@ -430,7 +431,8 @@ DeviceState *sifive_plic_create(hwaddr addr, char 
*hart_config,
 uint32_t context_stride, uint32_t aperture_size)
 {
 DeviceState *dev = qdev_new(TYPE_SIFIVE_PLIC);
-int i;
+int i, j = 0;
+SiFivePLICState *plic;
 
 assert(enable_stride == (enable_stride & -enable_stride));
 assert(context_stride == (context_stride & -context_stride));
@@ -448,13 +450,21 @@ DeviceState *sifive_plic_create(hwaddr addr, char 
*hart_config,
 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, addr);
 
+plic = SIFIVE_PLIC(dev);
 for (i = 0; i < num_harts; i++) {
 CPUState *cpu = qemu_get_cpu(hartid_base + i);
 
-qdev_connect_gpio_out(dev, i,
-  qdev_get_gpio_in(DEVICE(cpu), IRQ_S_EXT));
-qdev_connect_gpio_out(dev, num_harts + i,
-  qdev_get_gpio_in(DEVICE(cpu), IRQ_M_EXT));
+if (plic->addr_config[j].mode == PLICMode_M) {
+j++;
+qdev_connect_gpio_out(dev, num_harts + i,
+  qdev_get_gpio_in(DEVICE(cpu), IRQ_M_EXT));
+}
+
+if (plic->addr_config[j].mode == PLICMode_S) {
+j++;
+qdev_connect_gpio_out(dev, i,
+  qdev_get_gpio_in(DEVICE(cpu), IRQ_S_EXT));
+}
 }
 
 return dev;
diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index f67264374e..cae74fcbcd 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -30,6 +30,7 @@
 #include "elf.h"
 #include "sysemu/device_tree.h"
 #include "sysemu/qtest.h"
+#include "sysemu/kvm.h"
 
 #include 
 
@@ -51,7 +52,9 @@ char *riscv_plic_hart_config_string(int hart_count)
 CPUState *cs = qemu_get_cpu(i);
 CPURISCVState *env = &RISCV_CPU(cs)->env;
 
-if (riscv_has_ext(env, RVS)) {
+if (kvm_enabled()) {
+vals[i] = "S";
+} else if (riscv_has_ext(env, RVS)) {
 vals[i] = "MS";
 } else {
 vals[i] = "M";
@@ -324,3 +327,14 @@ void riscv_setup_rom_reset_vec(MachineState *machine, 
RISCVHartArrayState *harts
 
 return;
 }
+
+void riscv_setup_direct_kernel(hwaddr kernel_addr, hwaddr fdt_addr)
+{
+CPUState *cs;
+
+for (cs = first_cpu; cs; cs = CPU_NEXT(cs)) {
+RISCVCPU *riscv_cpu = RISCV_CPU(cs);
+riscv_cpu->env.kernel_addr = kernel_addr;
+riscv_cpu->env.fdt_addr = fdt_addr;
+}
+}
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 3af074148e..2643c8bc37 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -38,6 +38,7 @@
 #include "chardev/char.h"
 #include "sysemu/device_tree.h"
 #include "sysemu/sysemu.h"
+#include "sysemu/kvm.h"
 #include "hw/pci/pci.h"
 #include "hw/pci-host/gpex.h"
 #include "hw/display/ramfb.h"
@@ -372,13 +373,22 @@ static void create_fdt_socket_plic(RISCVVirtState *s,
 "sifive,plic-1.0.0", "riscv,plic0"
 };
 
-plic_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4);
+if (kvm_enabled()) {
+plic_cells = g_new0(uint32_t, s->soc[socket].num_harts * 2);
+} else {
+plic_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4);
+}
 
 for (cpu = 0; cpu < s->soc[socket].num_harts; cpu++) {
-plic_cells[cpu * 4 + 0] = cpu_to_be32(intc_phandles[cpu]);
-plic_cells[cpu * 4 + 1] = cpu_to_be32(IRQ_M_EXT);
-plic_cells[cpu * 4 + 2] = cpu_to_be32(intc_phandles[cpu]);
-plic_cells[cpu * 4 + 3] = cpu_to_be32(IRQ_S_EXT);
+if (kvm_enabled()) {
+plic_cells[cpu * 2 + 0] = cpu_to_be32(intc_phandles[cpu]);
+plic_cells[cpu * 2 + 1] = cpu_to_be32(IRQ_S_EXT);
+} else {
+plic_cells[cpu * 4 + 0] = cpu_to_be32(intc_phandles[cpu]);
+

[PATCH v5 11/13] target/riscv: Implement virtual time adjusting with vm state changing

[Yifei Jiang via]

We hope that virtual time adjusts with vm state changing. When a vm
is stopped, guest virtual time should stop counting and kvm_timer
should be stopped. When the vm is resumed, guest virtual time should
continue to count and kvm_timer should be restored.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Anup Patel 
Reviewed-by: Alistair Francis 
---
 target/riscv/kvm.c | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
index a43d5a2988..e6b7cb6d4d 100644
--- a/target/riscv/kvm.c
+++ b/target/riscv/kvm.c
@@ -41,6 +41,7 @@
 #include "sbi_ecall_interface.h"
 #include "chardev/char-fe.h"
 #include "migration/migration.h"
+#include "sysemu/runstate.h"
 
 static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type,
  uint64_t idx)
@@ -378,6 +379,18 @@ unsigned long kvm_arch_vcpu_id(CPUState *cpu)
 return cpu->cpu_index;
 }
 
+static void kvm_riscv_vm_state_change(void *opaque, bool running,
+  RunState state)
+{
+CPUState *cs = opaque;
+
+if (running) {
+kvm_riscv_put_regs_timer(cs);
+} else {
+kvm_riscv_get_regs_timer(cs);
+}
+}
+
 void kvm_arch_init_irq_routing(KVMState *s)
 {
 }
@@ -390,6 +403,8 @@ int kvm_arch_init_vcpu(CPUState *cs)
 CPURISCVState *env = &cpu->env;
 uint64_t id;
 
+qemu_add_vm_change_state_handler(kvm_riscv_vm_state_change, cs);
+
 id = kvm_riscv_reg_id(env, KVM_REG_RISCV_CONFIG,
   KVM_REG_RISCV_CONFIG_REG(isa));
 ret = kvm_get_one_reg(cs, id, &isa);
-- 
2.19.1

[PATCH v5 12/13] target/riscv: Support virtual time context synchronization

[Yifei Jiang via]

Add virtual time context description to vmstate_kvmtimer. After cpu being
loaded, virtual time context is updated to KVM.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Anup Patel 
Reviewed-by: Alistair Francis 
---
 target/riscv/machine.c | 30 ++
 1 file changed, 30 insertions(+)

diff --git a/target/riscv/machine.c b/target/riscv/machine.c
index 13b9ab375b..098670e680 100644
--- a/target/riscv/machine.c
+++ b/target/riscv/machine.c
@@ -185,6 +185,35 @@ static const VMStateDescription vmstate_rv128 = {
 }
 };
 
+static bool kvmtimer_needed(void *opaque)
+{
+return kvm_enabled();
+}
+
+static int cpu_post_load(void *opaque, int version_id)
+{
+RISCVCPU *cpu = opaque;
+CPURISCVState *env = &cpu->env;
+
+env->kvm_timer_dirty = true;
+return 0;
+}
+
+static const VMStateDescription vmstate_kvmtimer = {
+.name = "cpu/kvmtimer",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = kvmtimer_needed,
+.post_load = cpu_post_load,
+.fields = (VMStateField[]) {
+VMSTATE_UINT64(env.kvm_timer_time, RISCVCPU),
+VMSTATE_UINT64(env.kvm_timer_compare, RISCVCPU),
+VMSTATE_UINT64(env.kvm_timer_state, RISCVCPU),
+
+VMSTATE_END_OF_LIST()
+}
+};
+
 const VMStateDescription vmstate_riscv_cpu = {
 .name = "cpu",
 .version_id = 3,
@@ -240,6 +269,7 @@ const VMStateDescription vmstate_riscv_cpu = {
 &vmstate_vector,
 &vmstate_pointermasking,
 &vmstate_rv128,
+&vmstate_kvmtimer,
 NULL
 }
 };
-- 
2.19.1

[PATCH v5 08/13] target/riscv: Handle KVM_EXIT_RISCV_SBI exit

[Yifei Jiang via]

Use char-fe to handle console sbi call, which implement early
console io while apply 'earlycon=sbi' into kernel parameters.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Anup Patel 
Reviewed-by: Alistair Francis 
---
 target/riscv/kvm.c | 42 -
 target/riscv/sbi_ecall_interface.h | 72 ++
 2 files changed, 113 insertions(+), 1 deletion(-)
 create mode 100644 target/riscv/sbi_ecall_interface.h

diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
index 0ba64795d5..e90e2a6709 100644
--- a/target/riscv/kvm.c
+++ b/target/riscv/kvm.c
@@ -38,6 +38,8 @@
 #include "qemu/log.h"
 #include "hw/loader.h"
 #include "kvm_riscv.h"
+#include "sbi_ecall_interface.h"
+#include "chardev/char-fe.h"
 
 static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type,
  uint64_t idx)
@@ -367,9 +369,47 @@ bool kvm_arch_stop_on_emulation_error(CPUState *cs)
 return true;
 }
 
+static int kvm_riscv_handle_sbi(CPUState *cs, struct kvm_run *run)
+{
+int ret = 0;
+unsigned char ch;
+switch (run->riscv_sbi.extension_id) {
+case SBI_EXT_0_1_CONSOLE_PUTCHAR:
+ch = run->riscv_sbi.args[0];
+qemu_chr_fe_write(serial_hd(0)->be, &ch, sizeof(ch));
+break;
+case SBI_EXT_0_1_CONSOLE_GETCHAR:
+ret = qemu_chr_fe_read_all(serial_hd(0)->be, &ch, sizeof(ch));
+if (ret == sizeof(ch)) {
+run->riscv_sbi.args[0] = ch;
+} else {
+run->riscv_sbi.args[0] = -1;
+}
+break;
+default:
+qemu_log_mask(LOG_UNIMP,
+  "%s: un-handled SBI EXIT, specific reasons is %lu\n",
+  __func__, run->riscv_sbi.extension_id);
+ret = -1;
+break;
+}
+return ret;
+}
+
 int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
 {
-return 0;
+int ret = 0;
+switch (run->exit_reason) {
+case KVM_EXIT_RISCV_SBI:
+ret = kvm_riscv_handle_sbi(cs, run);
+break;
+default:
+qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n",
+  __func__, run->exit_reason);
+ret = -1;
+break;
+}
+return ret;
 }
 
 void kvm_riscv_reset_vcpu(RISCVCPU *cpu)
diff --git a/target/riscv/sbi_ecall_interface.h 
b/target/riscv/sbi_ecall_interface.h
new file mode 100644
index 00..fb1a3fa8f2
--- /dev/null
+++ b/target/riscv/sbi_ecall_interface.h
@@ -0,0 +1,72 @@
+/*
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2019 Western Digital Corporation or its affiliates.
+ *
+ * Authors:
+ *   Anup Patel 
+ */
+
+#ifndef __SBI_ECALL_INTERFACE_H__
+#define __SBI_ECALL_INTERFACE_H__
+
+/* clang-format off */
+
+/* SBI Extension IDs */
+#define SBI_EXT_0_1_SET_TIMER   0x0
+#define SBI_EXT_0_1_CONSOLE_PUTCHAR 0x1
+#define SBI_EXT_0_1_CONSOLE_GETCHAR 0x2
+#define SBI_EXT_0_1_CLEAR_IPI   0x3
+#define SBI_EXT_0_1_SEND_IPI0x4
+#define SBI_EXT_0_1_REMOTE_FENCE_I  0x5
+#define SBI_EXT_0_1_REMOTE_SFENCE_VMA   0x6
+#define SBI_EXT_0_1_REMOTE_SFENCE_VMA_ASID 0x7
+#define SBI_EXT_0_1_SHUTDOWN0x8
+#define SBI_EXT_BASE0x10
+#define SBI_EXT_TIME0x54494D45
+#define SBI_EXT_IPI 0x735049
+#define SBI_EXT_RFENCE  0x52464E43
+#define SBI_EXT_HSM 0x48534D
+
+/* SBI function IDs for BASE extension*/
+#define SBI_EXT_BASE_GET_SPEC_VERSION   0x0
+#define SBI_EXT_BASE_GET_IMP_ID 0x1
+#define SBI_EXT_BASE_GET_IMP_VERSION0x2
+#define SBI_EXT_BASE_PROBE_EXT  0x3
+#define SBI_EXT_BASE_GET_MVENDORID  0x4
+#define SBI_EXT_BASE_GET_MARCHID0x5
+#define SBI_EXT_BASE_GET_MIMPID 0x6
+
+/* SBI function IDs for TIME extension*/
+#define SBI_EXT_TIME_SET_TIMER  0x0
+
+/* SBI function IDs for IPI extension*/
+#define SBI_EXT_IPI_SEND_IPI0x0
+
+/* SBI function IDs for RFENCE extension*/
+#define SBI_EXT_RFENCE_REMOTE_FENCE_I   0x0
+#define SBI_EXT_RFENCE_REMOTE_SFENCE_VMA0x1
+#define SBI_EXT_RFENCE_REMOTE_SFENCE_VMA_ASID  0x2
+#define SBI_EXT_RFENCE_REMOTE_HFENCE_GVMA   0x3
+#define SBI_EXT_RFENCE_REMOTE_HFENCE_GVMA_VMID 0x4
+#define SBI_EXT_RFENCE_REMOTE_HFENCE_VVMA   0x5
+#define SBI_EXT_RFENCE_REMOTE_HFENCE_VVMA_ASID 0x6
+
+/* SBI function IDs for HSM extension */
+#define SBI_EXT_HSM_HART_START  0x0
+#define SBI_EXT_HSM_HART_STOP   0x1
+#define SBI_EXT_HSM_HART_GET_STATUS 0x2
+
+#define SBI_HSM_HART_STATUS_STARTED 0x0
+#define SBI_HSM_HART_STATUS_STOPPED 0x1
+#define SBI_HSM_HART_STATUS_START_PENDING   0x2
+#define SBI_HSM_HART_STATUS_STOP_PENDING0x3
+
+#define SBI_SPEC_VERSION_MAJOR_OFFSET   24
+#define SBI_SPEC_VERSION_MAJOR_MASK 0x7f
+#define SBI_SPEC_VERSION_MINOR_MASK 0xff
+#define SBI_EXT_VENDOR_START0x0900
+#define SBI_EXT_VENDOR_END  0x09FF
+/* clang-fo

[PATCH v5 13/13] target/riscv: enable riscv kvm accel

[Yifei Jiang via]

Add riscv kvm support in meson.build file.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
---
 meson.build | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meson.build b/meson.build
index c1b1db1e28..06a5476254 100644
--- a/meson.build
+++ b/meson.build
@@ -90,6 +90,8 @@ elif cpu in ['ppc', 'ppc64']
   kvm_targets = ['ppc-softmmu', 'ppc64-softmmu']
 elif cpu in ['mips', 'mips64']
   kvm_targets = ['mips-softmmu', 'mipsel-softmmu', 'mips64-softmmu', 
'mips64el-softmmu']
+elif cpu in ['riscv']
+  kvm_targets = ['riscv32-softmmu', 'riscv64-softmmu']
 else
   kvm_targets = []
 endif
-- 
2.19.1

Re: [PATCH 1/1] ppc/pnv: use stack->pci_regs[] in pnv_pec_stk_pci_xscom_write()

[Frederic Barrat]

On 11/01/2022 21:01, Daniel Henrique Barboza wrote:

pnv_pec_stk_pci_xscom_write() is pnv_pec_stk_pci_xscom_ops write
callback. It writes values into regs in the stack->nest_regs[] array.
The pnv_pec_stk_pci_xscom_read read callback, on the other hand, returns
values of the stack->pci_regs[]. In fact, at this moment, the only use
of stack->pci_regs[] is in pnv_pec_stk_pci_xscom_read(). There's no code
that is written anything in stack->pci_regs[], which is suspicious.

Considering that stack->nest_regs[] is widely used by the nested
MemoryOps pnv_pec_stk_nest_xscom_ops, in both read and write callbacks,
the conclusion is that we're writing the wrong array in
pnv_pec_stk_pci_xscom_write(). This function should write stack->pci_regs[]
instead.

Signed-off-by: Daniel Henrique Barboza 
---



I guess it shows how much those registers are used with our model :-) 
They are mostly FIR registers...

Looks good to me.
Reviewed-by: Frederic Barrat 



  hw/pci-host/pnv_phb4.c | 20 ++--
  1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/hw/pci-host/pnv_phb4.c b/hw/pci-host/pnv_phb4.c
index be29174f13..a7b638831e 100644
--- a/hw/pci-host/pnv_phb4.c
+++ b/hw/pci-host/pnv_phb4.c
@@ -1086,39 +1086,39 @@ static void pnv_pec_stk_pci_xscom_write(void *opaque, 
hwaddr addr,
  
  switch (reg) {

  case PEC_PCI_STK_PCI_FIR:
-stack->nest_regs[reg] = val;
+stack->pci_regs[reg] = val;
  break;
  case PEC_PCI_STK_PCI_FIR_CLR:
-stack->nest_regs[PEC_PCI_STK_PCI_FIR] &= val;
+stack->pci_regs[PEC_PCI_STK_PCI_FIR] &= val;
  break;
  case PEC_PCI_STK_PCI_FIR_SET:
-stack->nest_regs[PEC_PCI_STK_PCI_FIR] |= val;
+stack->pci_regs[PEC_PCI_STK_PCI_FIR] |= val;
  break;
  case PEC_PCI_STK_PCI_FIR_MSK:
-stack->nest_regs[reg] = val;
+stack->pci_regs[reg] = val;
  break;
  case PEC_PCI_STK_PCI_FIR_MSKC:
-stack->nest_regs[PEC_PCI_STK_PCI_FIR_MSK] &= val;
+stack->pci_regs[PEC_PCI_STK_PCI_FIR_MSK] &= val;
  break;
  case PEC_PCI_STK_PCI_FIR_MSKS:
-stack->nest_regs[PEC_PCI_STK_PCI_FIR_MSK] |= val;
+stack->pci_regs[PEC_PCI_STK_PCI_FIR_MSK] |= val;
  break;
  case PEC_PCI_STK_PCI_FIR_ACT0:
  case PEC_PCI_STK_PCI_FIR_ACT1:
-stack->nest_regs[reg] = val;
+stack->pci_regs[reg] = val;
  break;
  case PEC_PCI_STK_PCI_FIR_WOF:
-stack->nest_regs[reg] = 0;
+stack->pci_regs[reg] = 0;
  break;
  case PEC_PCI_STK_ETU_RESET:
-stack->nest_regs[reg] = val & 0x8000ull;
+stack->pci_regs[reg] = val & 0x8000ull;
  /* TODO: Implement reset */
  break;
  case PEC_PCI_STK_PBAIB_ERR_REPORT:
  break;
  case PEC_PCI_STK_PBAIB_TX_CMD_CRED:
  case PEC_PCI_STK_PBAIB_TX_DAT_CRED:
-stack->nest_regs[reg] = val;
+stack->pci_regs[reg] = val;
  break;
  default:
  qemu_log_mask(LOG_UNIMP, "phb4_pec_stk: pci_xscom_write 
0x%"HWADDR_PRIx

Re: [PATCH v10 0/7] Add vmnet.framework based network backend

[Roman Bolshakov]

On Wed, Jan 12, 2022 at 10:50:04AM +0300, Roman Bolshakov wrote:
> On Wed, Jan 12, 2022 at 12:14:15AM +0300, Vladislav Yaroshchuk wrote:
> > macOS provides networking API for VMs called 'vmnet.framework':
> > https://developer.apple.com/documentation/vmnet
> > 
> > We can provide its support as the new QEMU network backends which
> > represent three different vmnet.framework interface usage modes:
> > 
> >   * `vmnet-shared`:
> > allows the guest to communicate with other guests in shared mode and
> > also with external network (Internet) via NAT. Has (macOS-provided)
> > DHCP server; subnet mask and IP range can be configured;
> > 
> >   * `vmnet-host`:
> > allows the guest to communicate with other guests in host mode.
> > By default has enabled DHCP as `vmnet-shared`, but providing
> > network unique id (uuid) can make `vmnet-host` interfaces isolated
> > from each other and also disables DHCP.
> > 
> >   * `vmnet-bridged`:
> > bridges the guest with a physical network interface.
> > 
> > This backends cannot work on macOS Catalina 10.15 cause we use
> > vmnet.framework API provided only with macOS 11 and newer. Seems
> > that it is not a problem, because QEMU guarantees to work on two most
> > recent versions of macOS which now are Big Sur (11) and Monterey (12).
> > 
> > Also, we have one inconvenient restriction: vmnet.framework interfaces
> > can create only privileged user:
> > `$ sudo qemu-system-x86_64 -nic vmnet-shared`
> > 
> > Attempt of `vmnet-*` netdev creation being unprivileged user fails with
> > vmnet's 'general failure'.
> > 
> > This happens because vmnet.framework requires `com.apple.vm.networking`
> > entitlement which is: "restricted to developers of virtualization software.
> > To request this entitlement, contact your Apple representative." as Apple
> > documentation says:
> > https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_vm_networking
> > 
> > One more note: we still have quite useful but not supported
> > 'vmnet.framework' features as creating port forwarding rules, IPv6
> > NAT prefix specifying and so on.
> > 
> > Nevertheless, new backends work fine and tested within `qemu-system-x86-64`
> > on macOS Bir Sur 11.5.2 host with such nic models:
> >   * e1000-82545em
> >   * virtio-net-pci
> >   * vmxnet3
> > 
> > The guests were:
> >   * macOS 10.15.7
> >   * Ubuntu Bionic (server cloudimg)
> > 
> > 
> > This series partially reuses patches by Phillip Tennen:
> > https://patchew.org/QEMU/20210218134947.1860-1-phillip.en...@gmail.com/
> > So I included them signed-off line into one of the commit messages and
> > also here.
> > 
> > v1 -> v2:
> >  Since v1 minor typos were fixed, patches rebased onto latest master,
> >  redundant changes removed (small commits squashed)
> > v2 -> v3:
> >  - QAPI style fixes
> >  - Typos fixes in comments
> >  - `#include`'s updated to be in sync with recent master
> > v3 -> v4:
> >  - Support vmnet interfaces isolation feature
> >  - Support vmnet-host network uuid setting feature
> >  - Refactored sources a bit
> > v4 -> v5:
> >  - Missed 6.2 boat, now 7.0 candidate
> >  - Fix qapi netdev descriptions and styles
> >(@subnetmask -> @subnet-mask)
> >  - Support vmnet-shared IPv6 prefix setting feature
> > v5 -> v6
> >  - provide detailed commit messages for commits of
> >many changes
> >  - rename properties @dhcpstart and @dhcpend to
> >@start-address and @end-address
> >  - improve qapi documentation about isolation
> >features (@isolated, @net-uuid)
> > v6 -> v7:
> >  - update MAINTAINERS list
> > v7 -> v8
> >  - QAPI code style fixes
> > v8 -> v9
> >  - Fix building on Linux: add missing qapi
> >`'if': 'CONFIG_VMNET'` statement to Netdev union
> > v9 -> v10
> >  - Disable vmnet feature for macOS < 11.0: add
> >vmnet.framework API probe into meson.build.
> >This fixes QEMU building on macOS < 11.0:
> >https://patchew.org/QEMU/20220110034000.20221-1-jasow...@redhat.com/
> > 
> 
> Hi Vladislav,
> 
> What symbols are missing on Catalina except VMNET_SHARING_BUSY?
> 
> It'd be great to get the feature working there.
> 
> Thanks,
> Roman
> 

Ok it turned out not that many symbols are needed for successfull
compilation on Catalina:

vmnet_enable_isolation_key
vmnet_network_identifier_key
VMNET_SHARING_SERVICE_BUSY

The compilation suceeds if they're wrappeed by ifdefs. I haven't tested
it yet though.

Regards,
Roman

> > Vladislav Yaroshchuk (7):
> >   net/vmnet: add vmnet dependency and customizable option
> >   net/vmnet: add vmnet backends to qapi/net
> >   net/vmnet: implement shared mode (vmnet-shared)
> >   net/vmnet: implement host mode (vmnet-host)
> >   net/vmnet: implement bridged mode (vmnet-bridged)
> >   net/vmnet: update qemu-options.hx
> >   net/vmnet: update MAINTAINERS list
> > 
> >  MAINTAINERS   |   5 +
> >  meson.build   |  16 +-
> >  meson_options.txt |   2 +
> >  net/clients.h 

[PATCH v5 10/13] target/riscv: Add kvm_riscv_get/put_regs_timer

[Yifei Jiang via]

Add kvm_riscv_get/put_regs_timer to synchronize virtual time context
from KVM.

To set register of RISCV_TIMER_REG(state) will occur a error from KVM
on kvm_timer_state == 0. It's better to adapt in KVM, but it doesn't matter
that adaping in QEMU.

Signed-off-by: Yifei Jiang 
Signed-off-by: Mingwang Li 
Reviewed-by: Anup Patel 
Acked-by: Alistair Francis 
---
 target/riscv/cpu.h |  7 +
 target/riscv/kvm.c | 72 ++
 2 files changed, 79 insertions(+)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 73ced2116b..22c94d3c57 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -273,6 +273,13 @@ struct CPURISCVState {
 
 hwaddr kernel_addr;
 hwaddr fdt_addr;
+
+/* kvm timer */
+bool kvm_timer_dirty;
+uint64_t kvm_timer_time;
+uint64_t kvm_timer_compare;
+uint64_t kvm_timer_state;
+uint64_t kvm_timer_frequency;
 };
 
 OBJECT_DECLARE_TYPE(RISCVCPU, RISCVCPUClass,
diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c
index e90e2a6709..a43d5a2988 100644
--- a/target/riscv/kvm.c
+++ b/target/riscv/kvm.c
@@ -40,6 +40,7 @@
 #include "kvm_riscv.h"
 #include "sbi_ecall_interface.h"
 #include "chardev/char-fe.h"
+#include "migration/migration.h"
 
 static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type,
  uint64_t idx)
@@ -65,6 +66,9 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t 
type,
 #define RISCV_CSR_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_CSR, \
  KVM_REG_RISCV_CSR_REG(name))
 
+#define RISCV_TIMER_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_TIMER, 
\
+ KVM_REG_RISCV_TIMER_REG(name))
+
 #define RISCV_FP_F_REG(env, idx)  kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_F, 
idx)
 
 #define RISCV_FP_D_REG(env, idx)  kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_D, 
idx)
@@ -85,6 +89,22 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, 
uint64_t type,
 } \
 } while (0)
 
+#define KVM_RISCV_GET_TIMER(cs, env, name, reg) \
+do { \
+int ret = kvm_get_one_reg(cs, RISCV_TIMER_REG(env, name), ®); \
+if (ret) { \
+abort(); \
+} \
+} while (0)
+
+#define KVM_RISCV_SET_TIMER(cs, env, name, reg) \
+do { \
+int ret = kvm_set_one_reg(cs, RISCV_TIMER_REG(env, time), ®); \
+if (ret) { \
+abort(); \
+} \
+} while (0)
+
 static int kvm_riscv_get_regs_core(CPUState *cs)
 {
 int ret = 0;
@@ -236,6 +256,58 @@ static int kvm_riscv_put_regs_fp(CPUState *cs)
 return ret;
 }
 
+static void kvm_riscv_get_regs_timer(CPUState *cs)
+{
+CPURISCVState *env = &RISCV_CPU(cs)->env;
+
+if (env->kvm_timer_dirty) {
+return;
+}
+
+KVM_RISCV_GET_TIMER(cs, env, time, env->kvm_timer_time);
+KVM_RISCV_GET_TIMER(cs, env, compare, env->kvm_timer_compare);
+KVM_RISCV_GET_TIMER(cs, env, state, env->kvm_timer_state);
+KVM_RISCV_GET_TIMER(cs, env, frequency, env->kvm_timer_frequency);
+
+env->kvm_timer_dirty = true;
+}
+
+static void kvm_riscv_put_regs_timer(CPUState *cs)
+{
+uint64_t reg;
+CPURISCVState *env = &RISCV_CPU(cs)->env;
+
+if (!env->kvm_timer_dirty) {
+return;
+}
+
+KVM_RISCV_SET_TIMER(cs, env, time, env->kvm_timer_time);
+KVM_RISCV_SET_TIMER(cs, env, compare, env->kvm_timer_compare);
+
+/*
+ * To set register of RISCV_TIMER_REG(state) will occur a error from KVM
+ * on env->kvm_timer_state == 0, It's better to adapt in KVM, but it
+ * doesn't matter that adaping in QEMU now.
+ * TODO If KVM changes, adapt here.
+ */
+if (env->kvm_timer_state) {
+KVM_RISCV_SET_TIMER(cs, env, state, env->kvm_timer_state);
+}
+
+/*
+ * For now, migration will not work between Hosts with different timer
+ * frequency. Therefore, we should check whether they are the same here
+ * during the migration.
+ */
+if (migration_is_running(migrate_get_current()->state)) {
+KVM_RISCV_GET_TIMER(cs, env, frequency, reg);
+if (reg != env->kvm_timer_frequency) {
+error_report("Dst Hosts timer frequency != Src Hosts");
+}
+}
+
+env->kvm_timer_dirty = false;
+}
 
 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 KVM_CAP_LAST_INFO
-- 
2.19.1

[PULL V2 05/13] net/colo-compare.c: Update the default value comments

[Jason Wang]

From: Zhang Chen 

Make the comments consistent with the REGULAR_PACKET_CHECK_MS.

Signed-off-by: Zhang Chen 
Signed-off-by: Jason Wang 
---
 net/colo-compare.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/colo-compare.c b/net/colo-compare.c
index 216de5a..62554b5 100644
--- a/net/colo-compare.c
+++ b/net/colo-compare.c
@@ -1267,7 +1267,7 @@ static void colo_compare_complete(UserCreatable *uc, 
Error **errp)
 }
 
 if (!s->expired_scan_cycle) {
-/* Set default value to 3000 MS */
+/* Set default value to 1000 MS */
 s->expired_scan_cycle = REGULAR_PACKET_CHECK_MS;
 }
 
-- 
2.7.4

[PULL V2 01/13] hw/net/vmxnet3: Log guest-triggerable errors using LOG_GUEST_ERROR

[Jason Wang]

From: Philippe Mathieu-Daudé 

The "Interrupt Cause" register (VMXNET3_REG_ICR) is read-only.
Write accesses are ignored. Log them with as LOG_GUEST_ERROR
instead of aborting:

  [R +0.239743] writeq 0xe0002031 0x46291a5a55460800
  ERROR:hw/net/vmxnet3.c:1819:vmxnet3_io_bar1_write: code should not be reached
  Thread 1 "qemu-system-i38" received signal SIGABRT, Aborted.
  (gdb) bt
  #3  0x74c397d3 in __GI_abort () at abort.c:79
  #4  0x76d3cd4c in g_assertion_message (domain=, 
file=, line=, func=, 
message=) at ../glib/gtestutils.c:3223
  #5  0x76d9d45f in g_assertion_message_expr
  (domain=0x0, file=0x59fc2e53 "hw/net/vmxnet3.c", line=1819, 
func=0x59fc11e0 <__func__.vmxnet3_io_bar1_write> "vmxnet3_io_bar1_write", 
expr=)
  at ../glib/gtestutils.c:3249
  #6  0x57e80a3a in vmxnet3_io_bar1_write (opaque=0x62814100, addr=56, val=70, 
size=4) at hw/net/vmxnet3.c:1819
  #7  0x58c2d894 in memory_region_write_accessor (mr=0x62816b90, addr=56, 
value=0x7fff9450, size=4, shift=0, mask=4294967295, attrs=...) at 
softmmu/memory.c:492
  #8  0x58c2d1d2 in access_with_adjusted_size (addr=56, value=0x7fff9450, 
size=1, access_size_min=4, access_size_max=4, access_fn=
  0x58c2d290 , mr=0x62816b90, attrs=...) at 
softmmu/memory.c:554
  #9  0x58c2bae7 in memory_region_dispatch_write (mr=0x62816b90, addr=56, 
data=70, op=MO_8, attrs=...) at softmmu/memory.c:1504
  #10 0x58bfd034 in flatview_write_continue (fv=0x606000181700, 
addr=0xe0002038, attrs=..., ptr=0x7fffb9e0, len=1, addr1=56, l=1, mr=0x62816b90)
  at softmmu/physmem.c:2782
  #11 0x58beba00 in flatview_write (fv=0x606000181700, addr=0xe0002031, 
attrs=..., buf=0x7fffb9e0, len=8) at softmmu/physmem.c:2822
  #12 0x58beb589 in address_space_write (as=0x60815f20, addr=0xe0002031, 
attrs=..., buf=0x7fffb9e0, len=8) at softmmu/physmem.c:2914

Reported-by: Dike 
Reported-by: Duhao <504224...@qq.com>
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=2032932
Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet3.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index f65af4e..0b7acf7 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -1816,7 +1816,9 @@ vmxnet3_io_bar1_write(void *opaque,
 case VMXNET3_REG_ICR:
 VMW_CBPRN("Write BAR1 [VMXNET3_REG_ICR] = %" PRIx64 ", size %d",
   val, size);
-g_assert_not_reached();
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: write to read-only register VMXNET3_REG_ICR\n",
+  TYPE_VMXNET3);
 break;
 
 /* Event Cause Register */
-- 
2.7.4

[PULL V2 00/13] Net patches

[Jason Wang]

The following changes since commit 64c01c7da449bcafc614b27ecf1325bb08031c84:

  Merge remote-tracking branch 'remotes/philmd/tags/sdmmc-20220108' into 
staging (2022-01-11 11:39:31 +)

are available in the git repository at:

  https://github.com/jasowang/qemu.git tags/net-pull-request

for you to fetch changes up to 99420f216cf5cd2e5c09e0d491b9e44d16030aba:

  net/vmnet: update MAINTAINERS list (2022-01-12 16:27:19 +0800)




Peter Foley (2):
  net/tap: Set return code on failure
  net: Fix uninitialized data usage

Philippe Mathieu-Daudé (1):
  hw/net/vmxnet3: Log guest-triggerable errors using LOG_GUEST_ERROR

Rao Lei (1):
  net/filter: Optimize filter_send to coroutine

Vladislav Yaroshchuk (7):
  net/vmnet: add vmnet dependency and customizable option
  net/vmnet: add vmnet backends to qapi/net
  net/vmnet: implement shared mode (vmnet-shared)
  net/vmnet: implement host mode (vmnet-host)
  net/vmnet: implement bridged mode (vmnet-bridged)
  net/vmnet: update qemu-options.hx
  net/vmnet: update MAINTAINERS list

Zhang Chen (2):
  net/colo-compare.c: Optimize compare order for performance
  net/colo-compare.c: Update the default value comments

 MAINTAINERS   |   5 +
 hw/net/vmxnet3.c  |   4 +-
 meson.build   |  16 +-
 meson_options.txt |   2 +
 net/clients.h |  11 ++
 net/colo-compare.c|  28 ++--
 net/filter-mirror.c   |  66 +++--
 net/meson.build   |   7 +
 net/net.c |  10 ++
 net/tap-linux.c   |   1 +
 net/tap.c |   1 +
 net/vmnet-bridged.m   | 111 ++
 net/vmnet-common.m| 330 ++
 net/vmnet-host.c  | 105 ++
 net/vmnet-shared.c|  91 
 net/vmnet_int.h   |  48 ++
 qapi/net.json | 132 -
 qemu-options.hx   |  25 
 scripts/meson-buildoptions.sh |   3 +
 19 files changed, 965 insertions(+), 31 deletions(-)
 create mode 100644 net/vmnet-bridged.m
 create mode 100644 net/vmnet-common.m
 create mode 100644 net/vmnet-host.c
 create mode 100644 net/vmnet-shared.c
 create mode 100644 net/vmnet_int.h

[PULL V2 07/13] net/vmnet: add vmnet dependency and customizable option

[Jason Wang]

From: Vladislav Yaroshchuk 

vmnet.framework dependency is added with 'vmnet' option
to enable or disable it. Default value is 'auto'.

vmnet features to be used are available since macOS 11.0,
corresponding probe is created into meson.build.

Signed-off-by: Vladislav Yaroshchuk 
Signed-off-by: Jason Wang 
---
 meson.build   | 16 +++-
 meson_options.txt |  2 ++
 scripts/meson-buildoptions.sh |  3 +++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/meson.build b/meson.build
index c1b1db1..a6751ec 100644
--- a/meson.build
+++ b/meson.build
@@ -496,6 +496,18 @@ if cocoa.found() and get_option('gtk').enabled()
   error('Cocoa and GTK+ cannot be enabled at the same time')
 endif
 
+vmnet = dependency('appleframeworks', modules: 'vmnet', required: 
get_option('vmnet'))
+if vmnet.found() and not cc.has_header_symbol('vmnet/vmnet.h',
+  'VMNET_SHARING_SERVICE_BUSY',
+  dependencies: vmnet)
+  vmnet = not_found
+  if get_option('vmnet').enabled()
+error('vmnet.framework API is outdated')
+  else
+warning('vmnet.framework API is outdated, disabling')
+  endif
+endif
+
 seccomp = not_found
 if not get_option('seccomp').auto() or have_system or have_tools
   seccomp = dependency('libseccomp', version: '>=2.3.0',
@@ -1492,6 +1504,7 @@ config_host_data.set('CONFIG_SECCOMP', seccomp.found())
 config_host_data.set('CONFIG_SNAPPY', snappy.found())
 config_host_data.set('CONFIG_USB_LIBUSB', libusb.found())
 config_host_data.set('CONFIG_VDE', vde.found())
+config_host_data.set('CONFIG_VMNET', vmnet.found())
 config_host_data.set('CONFIG_VHOST_USER_BLK_SERVER', 
have_vhost_user_blk_server)
 config_host_data.set('CONFIG_VNC', vnc.found())
 config_host_data.set('CONFIG_VNC_JPEG', jpeg.found())
@@ -3406,7 +3419,8 @@ summary(summary_info, bool_yn: true, section: 'Crypto')
 # Libraries
 summary_info = {}
 if targetos == 'darwin'
-  summary_info += {'Cocoa support':   cocoa}
+  summary_info += {'Cocoa support':   cocoa}
+  summary_info += {'vmnet.framework support': vmnet}
 endif
 summary_info += {'SDL support':   sdl}
 summary_info += {'SDL image support': sdl_image}
diff --git a/meson_options.txt b/meson_options.txt
index 921967e..701e138 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -151,6 +151,8 @@ option('netmap', type : 'feature', value : 'auto',
description: 'netmap network backend support')
 option('vde', type : 'feature', value : 'auto',
description: 'vde network backend support')
+option('vmnet', type : 'feature', value : 'auto',
+   description: 'vmnet.framework network backend support')
 option('virglrenderer', type : 'feature', value : 'auto',
description: 'virgl rendering support')
 option('vnc', type : 'feature', value : 'auto',
diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh
index 50bd7be..cdcece4 100644
--- a/scripts/meson-buildoptions.sh
+++ b/scripts/meson-buildoptions.sh
@@ -84,6 +84,7 @@ meson_options_help() {
   printf "%s\n" '  u2f U2F emulation support'
   printf "%s\n" '  usb-redir   libusbredir support'
   printf "%s\n" '  vde vde network backend support'
+  printf "%s\n" '  vmnet   vmnet.framework network backend support'
   printf "%s\n" '  vhost-user-blk-server'
   printf "%s\n" '  build vhost-user-blk server'
   printf "%s\n" '  virglrenderer   virgl rendering support'
@@ -248,6 +249,8 @@ _meson_option_parse() {
 --disable-usb-redir) printf "%s" -Dusb_redir=disabled ;;
 --enable-vde) printf "%s" -Dvde=enabled ;;
 --disable-vde) printf "%s" -Dvde=disabled ;;
+--enable-vmnet) printf "%s" -Dvmnet=enabled ;;
+--disable-vmnet) printf "%s" -Dvmnet=disabled ;;
 --enable-vhost-user-blk-server) printf "%s" 
-Dvhost_user_blk_server=enabled ;;
 --disable-vhost-user-blk-server) printf "%s" 
-Dvhost_user_blk_server=disabled ;;
 --enable-virglrenderer) printf "%s" -Dvirglrenderer=enabled ;;
-- 
2.7.4

[PULL V2 02/13] net/tap: Set return code on failure

[Jason Wang]

From: Peter Foley 

Match the other error handling in this function.

Fixes: e7b347d0bf6 ("net: detect errors from probing vnet hdr flag for TAP 
devices")

Reviewed-by: Patrick Venture 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Peter Foley 
Signed-off-by: Jason Wang 
---
 net/tap.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/tap.c b/net/tap.c
index f716be3..c5cbeaa 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -900,6 +900,7 @@ int net_init_tap(const Netdev *netdev, const char *name,
 if (i == 0) {
 vnet_hdr = tap_probe_vnet_hdr(fd, errp);
 if (vnet_hdr < 0) {
+ret = -1;
 goto free_fail;
 }
 } else if (vnet_hdr != tap_probe_vnet_hdr(fd, NULL)) {
-- 
2.7.4

Re: [PATCH v2 1/5] target/s390x: Fix SLDA sign bit index

[David Hildenbrand]

On 12.01.22 05:39, Ilya Leoshkevich wrote:
> David Hildenbrand noticed that sign bit index for SLDA is wrong: since
> SLDA operates on 64-bit values, it should be 63, not 31.

Maybe just replace the "David ... noticed" by a Reported-by (below).

> 
> Fixes: a79ba3398a0a ("target-s390: Convert SHIFT DOUBLE")
> Signed-off-by: Ilya Leoshkevich 
> ---
>  target/s390x/tcg/insn-data.def | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/s390x/tcg/insn-data.def b/target/s390x/tcg/insn-data.def
> index f0af458aee..90c753068c 100644
> --- a/target/s390x/tcg/insn-data.def
> +++ b/target/s390x/tcg/insn-data.def
> @@ -800,7 +800,7 @@
>  C(0xebde, SRLK,RSY_a, DO,  r3_32u, sh32, new, r1_32, srl, 0)
>  C(0xeb0c, SRLG,RSY_a, Z,   r3_o, sh64, r1, 0, srl, 0)
>  /* SHIFT LEFT DOUBLE */
> -D(0x8f00, SLDA,RS_a,  Z,   r1_D32, sh64, new, r1_D32, sla, 0, 31)
> +D(0x8f00, SLDA,RS_a,  Z,   r1_D32, sh64, new, r1_D32, sla, 0, 63)
>  /* SHIFT LEFT DOUBLE LOGICAL */
>  C(0x8d00, SLDL,RS_a,  Z,   r1_D32, sh64, new, r1_D32, sll, 0)
>  /* SHIFT RIGHT DOUBLE */

Reported-by: David Hildenbrand 
Reviewed-by: David Hildenbrand 


Thanks :)

-- 
Thanks,

David / dhildenb

[PULL V2 04/13] net/colo-compare.c: Optimize compare order for performance

[Jason Wang]

From: Zhang Chen 

COLO-compare use the glib function g_queue_find_custom to dump
another VM's networking packet to compare. But this function always
start find from the queue->head(here is the newest packet), It will
reduce the success rate of comparison. So this patch reversed
the order of the queues for performance.

Signed-off-by: Zhang Chen 
Reported-by: leirao 
Signed-off-by: Jason Wang 
---
 net/colo-compare.c | 26 +-
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/net/colo-compare.c b/net/colo-compare.c
index b966e7e..216de5a 100644
--- a/net/colo-compare.c
+++ b/net/colo-compare.c
@@ -197,7 +197,7 @@ static void colo_compare_inconsistency_notify(CompareState 
*s)
 /* Use restricted to colo_insert_packet() */
 static gint seq_sorter(Packet *a, Packet *b, gpointer data)
 {
-return a->tcp_seq - b->tcp_seq;
+return b->tcp_seq - a->tcp_seq;
 }
 
 static void fill_pkt_tcp_info(void *data, uint32_t *max_ack)
@@ -421,13 +421,13 @@ pri:
 if (g_queue_is_empty(&conn->primary_list)) {
 return;
 }
-ppkt = g_queue_pop_head(&conn->primary_list);
+ppkt = g_queue_pop_tail(&conn->primary_list);
 sec:
 if (g_queue_is_empty(&conn->secondary_list)) {
-g_queue_push_head(&conn->primary_list, ppkt);
+g_queue_push_tail(&conn->primary_list, ppkt);
 return;
 }
-spkt = g_queue_pop_head(&conn->secondary_list);
+spkt = g_queue_pop_tail(&conn->secondary_list);
 
 if (ppkt->tcp_seq == ppkt->seq_end) {
 colo_release_primary_pkt(s, ppkt);
@@ -458,7 +458,7 @@ sec:
 }
 }
 if (!ppkt) {
-g_queue_push_head(&conn->secondary_list, spkt);
+g_queue_push_tail(&conn->secondary_list, spkt);
 goto pri;
 }
 }
@@ -477,7 +477,7 @@ sec:
 if (mark == COLO_COMPARE_FREE_PRIMARY) {
 conn->compare_seq = ppkt->seq_end;
 colo_release_primary_pkt(s, ppkt);
-g_queue_push_head(&conn->secondary_list, spkt);
+g_queue_push_tail(&conn->secondary_list, spkt);
 goto pri;
 } else if (mark == COLO_COMPARE_FREE_SECONDARY) {
 conn->compare_seq = spkt->seq_end;
@@ -490,8 +490,8 @@ sec:
 goto pri;
 }
 } else {
-g_queue_push_head(&conn->primary_list, ppkt);
-g_queue_push_head(&conn->secondary_list, spkt);
+g_queue_push_tail(&conn->primary_list, ppkt);
+g_queue_push_tail(&conn->secondary_list, spkt);
 
 #ifdef DEBUG_COLO_PACKETS
 qemu_hexdump(stderr, "colo-compare ppkt", ppkt->data, ppkt->size);
@@ -673,7 +673,7 @@ static void colo_compare_packet(CompareState *s, Connection 
*conn,
 
 while (!g_queue_is_empty(&conn->primary_list) &&
!g_queue_is_empty(&conn->secondary_list)) {
-pkt = g_queue_pop_head(&conn->primary_list);
+pkt = g_queue_pop_tail(&conn->primary_list);
 result = g_queue_find_custom(&conn->secondary_list,
  pkt, (GCompareFunc)HandlePacket);
 
@@ -689,7 +689,7 @@ static void colo_compare_packet(CompareState *s, Connection 
*conn,
  * timeout, it will trigger a checkpoint request.
  */
 trace_colo_compare_main("packet different");
-g_queue_push_head(&conn->primary_list, pkt);
+g_queue_push_tail(&conn->primary_list, pkt);
 
 colo_compare_inconsistency_notify(s);
 break;
@@ -819,7 +819,7 @@ static int compare_chr_send(CompareState *s,
 entry->buf = g_malloc(size);
 memcpy(entry->buf, buf, size);
 }
-g_queue_push_head(&sendco->send_list, entry);
+g_queue_push_tail(&sendco->send_list, entry);
 
 if (sendco->done) {
 sendco->co = qemu_coroutine_create(_compare_chr_send, sendco);
@@ -1347,7 +1347,7 @@ static void colo_flush_packets(void *opaque, void 
*user_data)
 Packet *pkt = NULL;
 
 while (!g_queue_is_empty(&conn->primary_list)) {
-pkt = g_queue_pop_head(&conn->primary_list);
+pkt = g_queue_pop_tail(&conn->primary_list);
 compare_chr_send(s,
  pkt->data,
  pkt->size,
@@ -1357,7 +1357,7 @@ static void colo_flush_packets(void *opaque, void 
*user_data)
 packet_destroy_partial(pkt, NULL);
 }
 while (!g_queue_is_empty(&conn->secondary_list)) {
-pkt = g_queue_pop_head(&conn->secondary_list);
+pkt = g_queue_pop_tail(&conn->secondary_list);
 packet_destroy(pkt, NULL);
 }
 }
-- 
2.7.4

[PULL V2 03/13] net: Fix uninitialized data usage

[Jason Wang]

From: Peter Foley 

e.g.
1109 15:16:20.151506 Uninitialized bytes in ioctl_common_pre at offset 0 inside 
[0x7ffc516af9b8, 4)
 1109 15:16:20.151659 ==588974==WARNING: MemorySanitizer: 
use-of-uninitialized-value
 1109 15:16:20.312923 #0 0x5639b88acb21 in tap_probe_vnet_hdr_len 
third_party/qemu/net/tap-linux.c:183:9
 1109 15:16:20.312952 #1 0x5639b88afd66 in net_tap_fd_init 
third_party/qemu/net/tap.c:409:9
 1109 15:16:20.312954 #2 0x5639b88b2d1b in net_init_tap_one 
third_party/qemu/net/tap.c:681:19
 1109 15:16:20.312956 #3 0x5639b88b16a8 in net_init_tap 
third_party/qemu/net/tap.c:912:13
 1109 15:16:20.312957 #4 0x5639b8890175 in net_client_init1 
third_party/qemu/net/net.c:1110:9
 1109 15:16:20.312958 #5 0x5639b888f912 in net_client_init 
third_party/qemu/net/net.c:1208:15
 1109 15:16:20.312960 #6 0x5639b8894aa5 in net_param_nic 
third_party/qemu/net/net.c:1588:11
 1109 15:16:20.312961 #7 0x5639b900cd18 in qemu_opts_foreach 
third_party/qemu/util/qemu-option.c:1135:14
 1109 15:16:20.312962 #8 0x5639b889393c in net_init_clients 
third_party/qemu/net/net.c:1612:9
 1109 15:16:20.312964 #9 0x5639b717aaf3 in qemu_create_late_backends 
third_party/qemu/softmmu/vl.c:1962:5
 1109 15:16:20.312965 #10 0x5639b717aaf3 in qemu_init 
third_party/qemu/softmmu/vl.c:3694:5
 1109 15:16:20.312967 #11 0x5639b71083b8 in main 
third_party/qemu/softmmu/main.c:49:5
 1109 15:16:20.312968 #12 0x7f464de1d8d2 in __libc_start_main 
(/usr/grte/v5/lib64/libc.so.6+0x628d2)
 1109 15:16:20.312969 #13 0x5639b6bbd389 in _start 
/usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
 1109 15:16:20.312970
 1109 15:16:20.312975   Uninitialized value was stored to memory at
 1109 15:16:20.313393 #0 0x5639b88acbee in tap_probe_vnet_hdr_len 
third_party/qemu/net/tap-linux.c
 1109 15:16:20.313396 #1 0x5639b88afd66 in net_tap_fd_init 
third_party/qemu/net/tap.c:409:9
 1109 15:16:20.313398 #2 0x5639b88b2d1b in net_init_tap_one 
third_party/qemu/net/tap.c:681:19
 1109 15:16:20.313399 #3 0x5639b88b16a8 in net_init_tap 
third_party/qemu/net/tap.c:912:13
 1109 15:16:20.313400 #4 0x5639b8890175 in net_client_init1 
third_party/qemu/net/net.c:1110:9
 1109 15:16:20.313401 #5 0x5639b888f912 in net_client_init 
third_party/qemu/net/net.c:1208:15
 1109 15:16:20.313403 #6 0x5639b8894aa5 in net_param_nic 
third_party/qemu/net/net.c:1588:11
 1109 15:16:20.313404 #7 0x5639b900cd18 in qemu_opts_foreach 
third_party/qemu/util/qemu-option.c:1135:14
 1109 15:16:20.313405 #8 0x5639b889393c in net_init_clients 
third_party/qemu/net/net.c:1612:9
 1109 15:16:20.313407 #9 0x5639b717aaf3 in qemu_create_late_backends 
third_party/qemu/softmmu/vl.c:1962:5
 1109 15:16:20.313408 #10 0x5639b717aaf3 in qemu_init 
third_party/qemu/softmmu/vl.c:3694:5
 1109 15:16:20.313409 #11 0x5639b71083b8 in main 
third_party/qemu/softmmu/main.c:49:5
 1109 15:16:20.313410 #12 0x7f464de1d8d2 in __libc_start_main 
(/usr/grte/v5/lib64/libc.so.6+0x628d2)
 1109 15:16:20.313412 #13 0x5639b6bbd389 in _start 
/usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
 1109 15:16:20.313413
 1109 15:16:20.313417   Uninitialized value was stored to memory at
 1109 15:16:20.313791 #0 0x5639b88affbd in net_tap_fd_init 
third_party/qemu/net/tap.c:400:26
 1109 15:16:20.313826 #1 0x5639b88b2d1b in net_init_tap_one 
third_party/qemu/net/tap.c:681:19
 1109 15:16:20.313829 #2 0x5639b88b16a8 in net_init_tap 
third_party/qemu/net/tap.c:912:13
 1109 15:16:20.313831 #3 0x5639b8890175 in net_client_init1 
third_party/qemu/net/net.c:1110:9
 1109 15:16:20.313836 #4 0x5639b888f912 in net_client_init 
third_party/qemu/net/net.c:1208:15
 1109 15:16:20.313838 #5 0x5639b8894aa5 in net_param_nic 
third_party/qemu/net/net.c:1588:11
 1109 15:16:20.313839 #6 0x5639b900cd18 in qemu_opts_foreach 
third_party/qemu/util/qemu-option.c:1135:14
 1109 15:16:20.313841 #7 0x5639b889393c in net_init_clients 
third_party/qemu/net/net.c:1612:9
 1109 15:16:20.313843 #8 0x5639b717aaf3 in qemu_create_late_backends 
third_party/qemu/softmmu/vl.c:1962:5
 1109 15:16:20.313844 #9 0x5639b717aaf3 in qemu_init 
third_party/qemu/softmmu/vl.c:3694:5
 1109 15:16:20.313845 #10 0x5639b71083b8 in main 
third_party/qemu/softmmu/main.c:49:5
 1109 15:16:20.313846 #11 0x7f464de1d8d2 in __libc_start_main 
(/usr/grte/v5/lib64/libc.so.6+0x628d2)
 1109 15:16:20.313847 #12 0x5639b6bbd389 in _start 
/usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
 1109 15:16:20.313849
 1109 15:16:20.313851   Uninitialized value was created by an allocation of 
'ifr' in the stack frame of function 'tap_probe_vnet_hdr'
 1109 15:16:20.313855 #0 0x5639b88ac680 in tap_probe_vnet_hdr 
third_party/qemu/net/tap-linux.c:151
 1109 15:16:20.313856
 1109 15:16:20.313878 SUMMARY: MemorySanitizer: use-of-uninitialized-value 
third_party/qemu/net/tap-linux.c:183:9 in tap_probe_vnet_hdr_len

Fixes: dc69004c7d8 (

[PULL V2 12/13] net/vmnet: update qemu-options.hx

[Jason Wang]

From: Vladislav Yaroshchuk 

Signed-off-by: Vladislav Yaroshchuk 
Signed-off-by: Jason Wang 
---
 qemu-options.hx | 25 +
 1 file changed, 25 insertions(+)

diff --git a/qemu-options.hx b/qemu-options.hx
index ec90505..81dd34f 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2733,6 +2733,25 @@ DEF("netdev", HAS_ARG, QEMU_OPTION_netdev,
 "-netdev vhost-vdpa,id=str,vhostdev=/path/to/dev\n"
 "configure a vhost-vdpa network,Establish a vhost-vdpa 
netdev\n"
 #endif
+#ifdef CONFIG_VMNET
+"-netdev vmnet-host,id=str[,isolated=on|off][,net-uuid=uuid]\n"
+" [,start-address=addr,end-address=addr,subnet-mask=mask]\n"
+"configure a vmnet network backend in host mode with ID 
'str',\n"
+"isolate this interface from others with 'isolated',\n"
+"configure the address range and choose a subnet mask,\n"
+"specify network UUID 'uuid' to disable DHCP and interact 
with\n"
+"vmnet-host interfaces within this isolated network\n"
+"-netdev vmnet-shared,id=str[,isolated=on|off][,nat66-prefix=addr]\n"
+" [,start-address=addr,end-address=addr,subnet-mask=mask]\n"
+"configure a vmnet network backend in shared mode with ID 
'str',\n"
+"configure the address range and choose a subnet mask,\n"
+"set IPv6 ULA prefix (of length 64) to use for internal 
network,\n"
+"isolate this interface from others with 'isolated'\n"
+"-netdev vmnet-bridged,id=str,ifname=name[,isolated=on|off]\n"
+"configure a vmnet network backend in bridged mode with ID 
'str',\n"
+"use 'ifname=name' to select a physical network interface 
to be bridged,\n"
+"isolate this interface from others with 'isolated'\n"
+#endif
 "-netdev hubport,id=str,hubid=n[,netdev=nd]\n"
 "configure a hub port on the hub with ID 'n'\n", 
QEMU_ARCH_ALL)
 DEF("nic", HAS_ARG, QEMU_OPTION_nic,
@@ -2752,6 +2771,9 @@ DEF("nic", HAS_ARG, QEMU_OPTION_nic,
 #ifdef CONFIG_POSIX
 "vhost-user|"
 #endif
+#ifdef CONFIG_VMNET
+"vmnet-host|vmnet-shared|vmnet-bridged|"
+#endif
 "socket][,option][,...][mac=macaddr]\n"
 "initialize an on-board / default host NIC (using MAC 
address\n"
 "macaddr) and connect it to the given host network 
backend\n"
@@ -2774,6 +2796,9 @@ DEF("net", HAS_ARG, QEMU_OPTION_net,
 #ifdef CONFIG_NETMAP
 "netmap|"
 #endif
+#ifdef CONFIG_VMNET
+"vmnet-host|vmnet-shared|vmnet-bridged|"
+#endif
 "socket][,option][,option][,...]\n"
 "old way to initialize a host network interface\n"
 "(use the -netdev option if possible instead)\n", 
QEMU_ARCH_ALL)
-- 
2.7.4

[PULL V2 06/13] net/filter: Optimize filter_send to coroutine

[Jason Wang]

From: Rao Lei 

This patch is to improve the logic of QEMU main thread sleep code in
qemu_chr_write_buffer() where it can be blocked and can't run other
coroutines during COLO IO stress test.

Our approach is to put filter_send() in a coroutine. In this way,
filter_send() will call qemu_coroutine_yield() in qemu_co_sleep_ns(),
so that it can be scheduled out and QEMU main thread has opportunity to
run other tasks.

Signed-off-by: Lei Rao 
Signed-off-by: Zhang Chen 
Reviewed-by: Li Zhijian 
Reviewed-by: Zhang Chen 
Signed-off-by: Jason Wang 
---
 net/filter-mirror.c | 66 ++---
 1 file changed, 53 insertions(+), 13 deletions(-)

diff --git a/net/filter-mirror.c b/net/filter-mirror.c
index f20240c..34a63b5 100644
--- a/net/filter-mirror.c
+++ b/net/filter-mirror.c
@@ -20,6 +20,7 @@
 #include "chardev/char-fe.h"
 #include "qemu/iov.h"
 #include "qemu/sockets.h"
+#include "block/aio-wait.h"
 
 #define TYPE_FILTER_MIRROR "filter-mirror"
 typedef struct MirrorState MirrorState;
@@ -42,20 +43,21 @@ struct MirrorState {
 bool vnet_hdr;
 };
 
-static int filter_send(MirrorState *s,
-   const struct iovec *iov,
-   int iovcnt)
+typedef struct FilterSendCo {
+MirrorState *s;
+char *buf;
+ssize_t size;
+bool done;
+int ret;
+} FilterSendCo;
+
+static int _filter_send(MirrorState *s,
+   char *buf,
+   ssize_t size)
 {
 NetFilterState *nf = NETFILTER(s);
 int ret = 0;
-ssize_t size = 0;
 uint32_t len = 0;
-char *buf;
-
-size = iov_size(iov, iovcnt);
-if (!size) {
-return 0;
-}
 
 len = htonl(size);
 ret = qemu_chr_fe_write_all(&s->chr_out, (uint8_t *)&len, sizeof(len));
@@ -80,10 +82,7 @@ static int filter_send(MirrorState *s,
 }
 }
 
-buf = g_malloc(size);
-iov_to_buf(iov, iovcnt, 0, buf, size);
 ret = qemu_chr_fe_write_all(&s->chr_out, (uint8_t *)buf, size);
-g_free(buf);
 if (ret != size) {
 goto err;
 }
@@ -94,6 +93,47 @@ err:
 return ret < 0 ? ret : -EIO;
 }
 
+static void coroutine_fn filter_send_co(void *opaque)
+{
+FilterSendCo *data = opaque;
+
+data->ret = _filter_send(data->s, data->buf, data->size);
+data->done = true;
+g_free(data->buf);
+aio_wait_kick();
+}
+
+static int filter_send(MirrorState *s,
+   const struct iovec *iov,
+   int iovcnt)
+{
+ssize_t size = iov_size(iov, iovcnt);
+char *buf = NULL;
+
+if (!size) {
+return 0;
+}
+
+buf = g_malloc(size);
+iov_to_buf(iov, iovcnt, 0, buf, size);
+
+FilterSendCo data = {
+.s = s,
+.size = size,
+.buf = buf,
+.ret = 0,
+};
+
+Coroutine *co = qemu_coroutine_create(filter_send_co, &data);
+qemu_coroutine_enter(co);
+
+while (!data.done) {
+aio_poll(qemu_get_aio_context(), true);
+}
+
+return data.ret;
+}
+
 static void redirector_to_filter(NetFilterState *nf,
  const uint8_t *buf,
  int len)
-- 
2.7.4

[PULL V2 08/13] net/vmnet: add vmnet backends to qapi/net

[Jason Wang]

From: Vladislav Yaroshchuk 

Create separate netdevs for each vmnet operating mode:

- vmnet-host
- vmnet-shared
- vmnet-bridged

Signed-off-by: Vladislav Yaroshchuk 
Signed-off-by: Jason Wang 
---
 net/clients.h   |  11 +
 net/meson.build |   7 +++
 net/net.c   |  10 
 net/vmnet-bridged.m |  25 ++
 net/vmnet-common.m  |  19 
 net/vmnet-host.c|  24 ++
 net/vmnet-shared.c  |  25 ++
 net/vmnet_int.h |  25 ++
 qapi/net.json   | 132 +++-
 9 files changed, 276 insertions(+), 2 deletions(-)
 create mode 100644 net/vmnet-bridged.m
 create mode 100644 net/vmnet-common.m
 create mode 100644 net/vmnet-host.c
 create mode 100644 net/vmnet-shared.c
 create mode 100644 net/vmnet_int.h

diff --git a/net/clients.h b/net/clients.h
index 92f9b59..c915778 100644
--- a/net/clients.h
+++ b/net/clients.h
@@ -63,4 +63,15 @@ int net_init_vhost_user(const Netdev *netdev, const char 
*name,
 
 int net_init_vhost_vdpa(const Netdev *netdev, const char *name,
 NetClientState *peer, Error **errp);
+#ifdef CONFIG_VMNET
+int net_init_vmnet_host(const Netdev *netdev, const char *name,
+  NetClientState *peer, Error **errp);
+
+int net_init_vmnet_shared(const Netdev *netdev, const char *name,
+  NetClientState *peer, Error **errp);
+
+int net_init_vmnet_bridged(const Netdev *netdev, const char *name,
+  NetClientState *peer, Error **errp);
+#endif /* CONFIG_VMNET */
+
 #endif /* QEMU_NET_CLIENTS_H */
diff --git a/net/meson.build b/net/meson.build
index 847bc2a..00a88c4 100644
--- a/net/meson.build
+++ b/net/meson.build
@@ -42,4 +42,11 @@ softmmu_ss.add(when: 'CONFIG_POSIX', if_true: 
files(tap_posix))
 softmmu_ss.add(when: 'CONFIG_WIN32', if_true: files('tap-win32.c'))
 softmmu_ss.add(when: 'CONFIG_VHOST_NET_VDPA', if_true: files('vhost-vdpa.c'))
 
+vmnet_files = files(
+  'vmnet-common.m',
+  'vmnet-bridged.m',
+  'vmnet-host.c',
+  'vmnet-shared.c'
+)
+softmmu_ss.add(when: vmnet, if_true: vmnet_files)
 subdir('can')
diff --git a/net/net.c b/net/net.c
index f0d14db..1dbb64b 100644
--- a/net/net.c
+++ b/net/net.c
@@ -1021,6 +1021,11 @@ static int (* const 
net_client_init_fun[NET_CLIENT_DRIVER__MAX])(
 #ifdef CONFIG_L2TPV3
 [NET_CLIENT_DRIVER_L2TPV3]= net_init_l2tpv3,
 #endif
+#ifdef CONFIG_VMNET
+[NET_CLIENT_DRIVER_VMNET_HOST] = net_init_vmnet_host,
+[NET_CLIENT_DRIVER_VMNET_SHARED] = net_init_vmnet_shared,
+[NET_CLIENT_DRIVER_VMNET_BRIDGED] = net_init_vmnet_bridged,
+#endif /* CONFIG_VMNET */
 };
 
 
@@ -1107,6 +1112,11 @@ void show_netdevs(void)
 #ifdef CONFIG_VHOST_VDPA
 "vhost-vdpa",
 #endif
+#ifdef CONFIG_VMNET
+"vmnet-host",
+"vmnet-shared",
+"vmnet-bridged",
+#endif
 };
 
 qemu_printf("Available netdev backend types:\n");
diff --git a/net/vmnet-bridged.m b/net/vmnet-bridged.m
new file mode 100644
index 000..4e42a90
--- /dev/null
+++ b/net/vmnet-bridged.m
@@ -0,0 +1,25 @@
+/*
+ * vmnet-bridged.m
+ *
+ * Copyright(c) 2021 Vladislav Yaroshchuk 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/qapi-types-net.h"
+#include "vmnet_int.h"
+#include "clients.h"
+#include "qemu/error-report.h"
+#include "qapi/error.h"
+
+#include 
+
+int net_init_vmnet_bridged(const Netdev *netdev, const char *name,
+   NetClientState *peer, Error **errp)
+{
+  error_setg(errp, "vmnet-bridged is not implemented yet");
+  return -1;
+}
diff --git a/net/vmnet-common.m b/net/vmnet-common.m
new file mode 100644
index 000..f949eb6
--- /dev/null
+++ b/net/vmnet-common.m
@@ -0,0 +1,19 @@
+/*
+ * vmnet-common.m - network client wrapper for Apple vmnet.framework
+ *
+ * Copyright(c) 2021 Vladislav Yaroshchuk 
+ * Copyright(c) 2021 Phillip Tennen 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/qapi-types-net.h"
+#include "vmnet_int.h"
+#include "clients.h"
+#include "qemu/error-report.h"
+#include "qapi/error.h"
+
+#include 
diff --git a/net/vmnet-host.c b/net/vmnet-host.c
new file mode 100644
index 000..4a5ef99
--- /dev/null
+++ b/net/vmnet-host.c
@@ -0,0 +1,24 @@
+/*
+ * vmnet-host.c
+ *
+ * Copyright(c) 2021 Vladislav Yaroshchuk 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/qapi-types-net.h"
+#include "vmnet_int.h"
+#include "clients.h"
+#include "qemu/error-report.h"
+#include "qapi/error.h"
+
+#include 
+
+int net_init_vmnet_host(const Netdev *netdev, const char *name,
+NetClientState *peer, Error **e

[PULL V2 13/13] net/vmnet: update MAINTAINERS list

[Jason Wang]

From: Vladislav Yaroshchuk 

Signed-off-by: Vladislav Yaroshchuk 
Signed-off-by: Jason Wang 
---
 MAINTAINERS | 5 +
 1 file changed, 5 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index c98a61c..638d129 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2641,6 +2641,11 @@ W: http://info.iet.unipi.it/~luigi/netmap/
 S: Maintained
 F: net/netmap.c
 
+Apple vmnet network backends
+M: Vladislav Yaroshchuk 
+S: Maintained
+F: net/vmnet*
+
 Host Memory Backends
 M: David Hildenbrand 
 M: Igor Mammedov 
-- 
2.7.4

Re: [PATCH v2 2/5] target/s390x: Fix SRDA CC calculation

[David Hildenbrand]

On 12.01.22 05:39, Ilya Leoshkevich wrote:
> SRDA uses r1_D32 for binding the first operand and s64 for setting CC.
> cout_s64() relies on o->out being the shift result, however,
> wout_r1_D32() clobbers it.
> 
> Fix by using a temporary.
> 
> Fixes: a79ba3398a0a ("target-s390: Convert SHIFT DOUBLE")
> Signed-off-by: Ilya Leoshkevich 

Reviewed-by: David Hildenbrand 


-- 
Thanks,

David / dhildenb

[PULL V2 10/13] net/vmnet: implement host mode (vmnet-host)

[Jason Wang]

From: Vladislav Yaroshchuk 

Signed-off-by: Vladislav Yaroshchuk 
Signed-off-by: Jason Wang 
---
 net/vmnet-host.c | 93 
 1 file changed, 87 insertions(+), 6 deletions(-)

diff --git a/net/vmnet-host.c b/net/vmnet-host.c
index 4a5ef99..9c2e760 100644
--- a/net/vmnet-host.c
+++ b/net/vmnet-host.c
@@ -9,16 +9,97 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/uuid.h"
 #include "qapi/qapi-types-net.h"
-#include "vmnet_int.h"
-#include "clients.h"
-#include "qemu/error-report.h"
 #include "qapi/error.h"
+#include "clients.h"
+#include "vmnet_int.h"
 
 #include 
 
+typedef struct VmnetHostState {
+  VmnetCommonState cs;
+  QemuUUID network_uuid;
+} VmnetHostState;
+
+static xpc_object_t create_if_desc(const Netdev *netdev,
+   NetClientState *nc,
+   Error **errp)
+{
+const NetdevVmnetHostOptions *options = &(netdev->u.vmnet_host);
+VmnetCommonState *cs = DO_UPCAST(VmnetCommonState, nc, nc);
+VmnetHostState *hs = DO_UPCAST(VmnetHostState, cs, cs);
+
+xpc_object_t if_desc = xpc_dictionary_create(NULL, NULL, 0);
+
+xpc_dictionary_set_uint64(
+if_desc,
+vmnet_operation_mode_key,
+VMNET_HOST_MODE
+);
+
+xpc_dictionary_set_bool(
+if_desc,
+vmnet_enable_isolation_key,
+options->isolated
+);
+
+if (options->has_net_uuid) {
+if (qemu_uuid_parse(options->net_uuid, &hs->network_uuid) < 0) {
+error_setg(errp, "Invalid UUID provided in 'net-uuid'");
+}
+
+xpc_dictionary_set_uuid(
+if_desc,
+vmnet_network_identifier_key,
+hs->network_uuid.data
+);
+}
+
+if (options->has_start_address ||
+options->has_end_address ||
+options->has_subnet_mask) {
+
+if (options->has_start_address &&
+options->has_end_address &&
+options->has_subnet_mask) {
+
+xpc_dictionary_set_string(if_desc,
+  vmnet_start_address_key,
+  options->start_address);
+xpc_dictionary_set_string(if_desc,
+  vmnet_end_address_key,
+  options->end_address);
+xpc_dictionary_set_string(if_desc,
+  vmnet_subnet_mask_key,
+  options->subnet_mask);
+} else {
+error_setg(
+errp,
+"'start-address', 'end-address', 'subnet_mask' "
+"should be provided together"
+);
+}
+}
+
+return if_desc;
+}
+
+static NetClientInfo net_vmnet_host_info = {
+.type = NET_CLIENT_DRIVER_VMNET_HOST,
+.size = sizeof(VmnetHostState),
+.receive = vmnet_receive_common,
+.cleanup = vmnet_cleanup_common,
+};
+
 int net_init_vmnet_host(const Netdev *netdev, const char *name,
-NetClientState *peer, Error **errp) {
-  error_setg(errp, "vmnet-host is not implemented yet");
-  return -1;
+NetClientState *peer, Error **errp)
+{
+NetClientState *nc;
+xpc_object_t if_desc;
+
+nc = qemu_new_net_client(&net_vmnet_host_info,
+ peer, "vmnet-host", name);
+if_desc = create_if_desc(netdev, nc, errp);
+return vmnet_if_create(nc, if_desc, errp, NULL);
 }
-- 
2.7.4

[PATCH v2 2/2] tests/qtest: Add test for Aspeed HACE accumulative mode

[Troy Lee]

This add two addition test cases for accumulative mode under sg enabled.

The input vector was manually craft with "abc" + bit 1 + padding zeros + L.
The padding length depends on algorithm, i.e. SHA512 (1024 bit),
SHA256 (512 bit).

The result was calculated by command line sha512sum/sha256sum utilities
without padding, i.e. only "abc" ascii text.

Signed-off-by: Troy Lee 
---
 tests/qtest/aspeed_hace-test.c | 145 +
 1 file changed, 145 insertions(+)

diff --git a/tests/qtest/aspeed_hace-test.c b/tests/qtest/aspeed_hace-test.c
index 09ee31545e..6a2f404b93 100644
--- a/tests/qtest/aspeed_hace-test.c
+++ b/tests/qtest/aspeed_hace-test.c
@@ -21,6 +21,7 @@
 #define  HACE_ALGO_SHA512(BIT(5) | BIT(6))
 #define  HACE_ALGO_SHA384(BIT(5) | BIT(6) | BIT(10))
 #define  HACE_SG_EN  BIT(18)
+#define  HACE_ACCUM_EN   BIT(8)
 
 #define HACE_STS 0x1c
 #define  HACE_RSA_ISRBIT(13)
@@ -96,6 +97,57 @@ static const uint8_t test_result_sg_sha256[] = {
 0x55, 0x1e, 0x1e, 0xc5, 0x80, 0xdd, 0x6d, 0x5a, 0x6e, 0xcd, 0xe9, 0xf3,
 0xd3, 0x5e, 0x6e, 0x4a, 0x71, 0x7f, 0xbd, 0xe4};
 
+/*
+ * The accumulative mode requires firmware to provide internal initial state
+ * and message padding (including length L at the end of padding).
+ *
+ * This test vector is a ascii text "abc" with padding message.
+ *
+ * Expected results were generated using command line utitiles:
+ *
+ *  echo -n -e 'abc' | dd of=/tmp/test
+ *  for hash in sha512sum sha256sum; do $hash /tmp/test; done
+ */
+static const uint8_t test_vector_accum_512[] = {
+0x61, 0x62, 0x63, 0x80, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18};
+
+static const uint8_t test_vector_accum_256[] = {
+0x61, 0x62, 0x63, 0x80, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18};
+
+static const uint8_t test_result_accum_sha512[] = {
+0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49,
+0xae, 0x20, 0x41, 0x31, 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2,
+0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a, 0x21, 0x92, 0x99, 0x2a,
+0x27, 0x4f, 0xc1, 0xa8, 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
+0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, 0x2a, 0x9a, 0xc9, 0x4f,
+0xa5, 0x4c, 0xa4, 0x9f};
+
+static const uint8_t test_result_accum_sha256[] = {
+0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde,
+0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
+0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad};
 
 static void write_regs(QTestState *s, uint32_t base, uint32_t src,
uint32_t length, uint32_t out, uint32_t method)
@@ -308,6 +360,86 @@ static void test_sha512_sg(const char *machine, const 
uint32_t base,
 qtest_quit(s);
 }
 
+static void test_sha256_accum(const char *machine, const uint32_t base,
+const uint32_t src_addr)
+{
+QTestState *s = qtest_init(machine);
+
+const uint32_t buffer_addr = src_addr + 0x100;
+const uint32_t digest_addr = src_addr + 0x400;
+uint8_t digest[32] = {0};
+struct AspeedSgList array[] = {
+{  cpu_to_le32(sizeof(test_vector_accum_256) | SG_LIST_LEN_LAST),
+   cpu_to_le32(buffer_addr) },
+};
+
+/* Check engine is idle, no busy or irq bits set */
+g_assert_cmphex(qtest_readl(s, base + HACE_STS), ==, 0);
+
+/* Write test vector into memory */
+qtest_memwrite(s, buffer_addr, test_vector_accum_256, 
sizeof(test_vector_accum_256));
+qtest_memwrite(s, src_addr, array, sizeof(array));
+
+write_regs(s, base, src_addr, sizeof(test_vector_accum_256),
+   digest_addr, HACE_ALGO_SHA256 | HACE_SG_EN | HACE_ACCUM_EN);
+
+/* Check hash IRQ status is asserted */
+g_assert_cmphex(qtest_readl(s, base + HACE_STS), ==, 0x0200);
+
+/*

[PULL V2 09/13] net/vmnet: implement shared mode (vmnet-shared)

[Jason Wang]

From: Vladislav Yaroshchuk 

Interaction with vmnet.framework in different modes
differs only on configuration stage, so we can create
common `send`, `receive`, etc. procedures and reuse them.

vmnet.framework supports iov, but writing more than
one iov into vmnet interface fails with
'VMNET_INVALID_ARGUMENT'. Collecting provided iovs into
one and passing it to vmnet works fine. That's the
reason why receive_iov() left unimplemented. But it still
works with good enough performance having .receive()
implemented only.

Also, there is no way to unsubscribe from vmnet packages
receiving except registering and unregistering event
callback or simply drop packages just ignoring and
not processing them when related flag is set. Here we do
using the second way.

Signed-off-by: Phillip Tennen 
Signed-off-by: Vladislav Yaroshchuk 
Signed-off-by: Jason Wang 
---
 net/vmnet-common.m | 311 +
 net/vmnet-shared.c |  74 -
 net/vmnet_int.h|  23 
 3 files changed, 404 insertions(+), 4 deletions(-)

diff --git a/net/vmnet-common.m b/net/vmnet-common.m
index f949eb6..6d474af 100644
--- a/net/vmnet-common.m
+++ b/net/vmnet-common.m
@@ -10,6 +10,8 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/main-loop.h"
+#include "qemu/log.h"
 #include "qapi/qapi-types-net.h"
 #include "vmnet_int.h"
 #include "clients.h"
@@ -17,3 +19,312 @@
 #include "qapi/error.h"
 
 #include 
+#include 
+
+#ifdef DEBUG
+#define D(x) x
+#define D_LOG(...) qemu_log(__VA_ARGS__)
+#else
+#define D(x) do { } while (0)
+#define D_LOG(...) do { } while (0)
+#endif
+
+typedef struct vmpktdesc vmpktdesc_t;
+typedef struct iovec iovec_t;
+
+static void vmnet_set_send_enabled(VmnetCommonState *s, bool enable)
+{
+s->send_enabled = enable;
+}
+
+
+static void vmnet_send_completed(NetClientState *nc, ssize_t len)
+{
+VmnetCommonState *s = DO_UPCAST(VmnetCommonState, nc, nc);
+vmnet_set_send_enabled(s, true);
+}
+
+
+static void vmnet_send(NetClientState *nc,
+   interface_event_t event_id,
+   xpc_object_t event)
+{
+assert(event_id == VMNET_INTERFACE_PACKETS_AVAILABLE);
+
+VmnetCommonState *s;
+uint64_t packets_available;
+
+struct iovec *iov;
+struct vmpktdesc *packets;
+int pkt_cnt;
+int i;
+
+vmnet_return_t if_status;
+ssize_t size;
+
+s = DO_UPCAST(VmnetCommonState, nc, nc);
+
+packets_available = xpc_dictionary_get_uint64(
+event,
+vmnet_estimated_packets_available_key
+);
+
+pkt_cnt = (packets_available < VMNET_PACKETS_LIMIT) ?
+  packets_available :
+  VMNET_PACKETS_LIMIT;
+
+
+iov = s->iov_buf;
+packets = s->packets_buf;
+
+for (i = 0; i < pkt_cnt; ++i) {
+packets[i].vm_pkt_size = s->max_packet_size;
+packets[i].vm_pkt_iovcnt = 1;
+packets[i].vm_flags = 0;
+}
+
+if_status = vmnet_read(s->vmnet_if, packets, &pkt_cnt);
+if (if_status != VMNET_SUCCESS) {
+error_printf("vmnet: read failed: %s\n",
+ vmnet_status_map_str(if_status));
+}
+qemu_mutex_lock_iothread();
+for (i = 0; i < pkt_cnt; ++i) {
+size = qemu_send_packet_async(nc,
+  iov[i].iov_base,
+  packets[i].vm_pkt_size,
+  vmnet_send_completed);
+if (size == 0) {
+vmnet_set_send_enabled(s, false);
+} else if (size < 0) {
+break;
+}
+}
+qemu_mutex_unlock_iothread();
+
+}
+
+
+static void vmnet_register_event_callback(VmnetCommonState *s)
+{
+dispatch_queue_t avail_pkt_q = dispatch_queue_create(
+"org.qemu.vmnet.if_queue",
+DISPATCH_QUEUE_SERIAL
+);
+
+vmnet_interface_set_event_callback(
+s->vmnet_if,
+VMNET_INTERFACE_PACKETS_AVAILABLE,
+avail_pkt_q,
+^(interface_event_t event_id, xpc_object_t event) {
+  if (s->send_enabled) {
+  vmnet_send(&s->nc, event_id, event);
+  }
+});
+}
+
+
+static void vmnet_bufs_init(VmnetCommonState *s)
+{
+int i;
+struct vmpktdesc *packets;
+struct iovec *iov;
+
+packets = s->packets_buf;
+iov = s->iov_buf;
+
+for (i = 0; i < VMNET_PACKETS_LIMIT; ++i) {
+iov[i].iov_len = s->max_packet_size;
+iov[i].iov_base = g_malloc0(iov[i].iov_len);
+packets[i].vm_pkt_iov = iov + i;
+}
+}
+
+
+const char *vmnet_status_map_str(vmnet_return_t status)
+{
+switch (status) {
+case VMNET_SUCCESS:
+return "success";
+case VMNET_FAILURE:
+return "general failure";
+case VMNET_MEM_FAILURE:
+return "memory allocation failure";
+case VMNET_INVALID_ARGUMENT:
+return "invalid argument specified";
+case VMNET_SETUP_INCOMPLETE:
+return "interface setup is not complete";
+case VMNET_INVALID_ACCESS:
+return "invalid acce

[PULL V2 11/13] net/vmnet: implement bridged mode (vmnet-bridged)

[Jason Wang]

From: Vladislav Yaroshchuk 

Signed-off-by: Vladislav Yaroshchuk 
Signed-off-by: Jason Wang 
---
 net/vmnet-bridged.m | 98 +
 1 file changed, 92 insertions(+), 6 deletions(-)

diff --git a/net/vmnet-bridged.m b/net/vmnet-bridged.m
index 4e42a90..3c9da9d 100644
--- a/net/vmnet-bridged.m
+++ b/net/vmnet-bridged.m
@@ -10,16 +10,102 @@
 
 #include "qemu/osdep.h"
 #include "qapi/qapi-types-net.h"
-#include "vmnet_int.h"
-#include "clients.h"
-#include "qemu/error-report.h"
 #include "qapi/error.h"
+#include "clients.h"
+#include "vmnet_int.h"
 
 #include 
 
+typedef struct VmnetBridgedState {
+  VmnetCommonState cs;
+} VmnetBridgedState;
+
+static bool validate_ifname(const char *ifname)
+{
+xpc_object_t shared_if_list = vmnet_copy_shared_interface_list();
+__block bool match = false;
+
+xpc_array_apply(
+shared_if_list,
+^bool(size_t index, xpc_object_t value) {
+  if (strcmp(xpc_string_get_string_ptr(value), ifname) == 0) {
+  match = true;
+  return false;
+  }
+  return true;
+});
+
+return match;
+}
+
+static const char *get_valid_ifnames(void)
+{
+xpc_object_t shared_if_list = vmnet_copy_shared_interface_list();
+__block char *if_list = NULL;
+
+xpc_array_apply(
+shared_if_list,
+^bool(size_t index, xpc_object_t value) {
+  if_list = g_strconcat(xpc_string_get_string_ptr(value),
+" ",
+if_list,
+NULL);
+  return true;
+});
+
+if (if_list) {
+return if_list;
+}
+return "[no interfaces]";
+}
+
+static xpc_object_t create_if_desc(const Netdev *netdev, Error **errp)
+{
+const NetdevVmnetBridgedOptions *options = &(netdev->u.vmnet_bridged);
+xpc_object_t if_desc = xpc_dictionary_create(NULL, NULL, 0);
+
+xpc_dictionary_set_uint64(
+if_desc,
+vmnet_operation_mode_key,
+VMNET_BRIDGED_MODE
+);
+
+xpc_dictionary_set_bool(
+if_desc,
+vmnet_enable_isolation_key,
+options->isolated
+);
+
+if (validate_ifname(options->ifname)) {
+xpc_dictionary_set_string(if_desc,
+  vmnet_shared_interface_name_key,
+  options->ifname);
+} else {
+return NULL;
+}
+return if_desc;
+}
+
+static NetClientInfo net_vmnet_bridged_info = {
+.type = NET_CLIENT_DRIVER_VMNET_BRIDGED,
+.size = sizeof(VmnetBridgedState),
+.receive = vmnet_receive_common,
+.cleanup = vmnet_cleanup_common,
+};
+
 int net_init_vmnet_bridged(const Netdev *netdev, const char *name,
NetClientState *peer, Error **errp)
 {
-  error_setg(errp, "vmnet-bridged is not implemented yet");
-  return -1;
-}
+NetClientState *nc = qemu_new_net_client(&net_vmnet_bridged_info,
+ peer, "vmnet-bridged", name);
+xpc_object_t if_desc = create_if_desc(netdev, errp);;
+
+if (!if_desc) {
+error_setg(errp,
+   "unsupported ifname, should be one of: %s",
+   get_valid_ifnames());
+return -1;
+}
+
+return vmnet_if_create(nc, if_desc, errp, NULL);
+}
\ No newline at end of file
-- 
2.7.4

Re: [PATCH v2 4/5] target/s390x: Fix shifting 32-bit values for more than 31 bits

[David Hildenbrand]

>  
> +static uint32_t cc_calc_sla_32(uint32_t src, int shift)
> +{
> +return cc_calc_sla_64(((uint64_t)src) << 32, shift);
> +}
> +

Nice trick. What about doing the shift in op_sla if  s->insn->data == 31
and unifying to a single CC_OP_SLA ?

>  static uint32_t cc_calc_flogr(uint64_t dst)
>  {
>  return dst ? 2 : 0;
> diff --git a/target/s390x/tcg/insn-data.def b/target/s390x/tcg/insn-data.def
> index 90c753068c..1c3e115712 100644
> --- a/target/s390x/tcg/insn-data.def
> +++ b/target/s390x/tcg/insn-data.def
> @@ -747,8 +747,8 @@
>  C(0xb9e1, POPCNT,  RRE,   PC,  0, r2_o, r1, 0, popcnt, nz64)
>  
>  /* ROTATE LEFT SINGLE LOGICAL */
> -C(0xeb1d, RLL, RSY_a, Z,   r3_o, sh32, new, r1_32, rll32, 0)
> -C(0xeb1c, RLLG,RSY_a, Z,   r3_o, sh64, r1, 0, rll64, 0)
> +C(0xeb1d, RLL, RSY_a, Z,   r3_o, sh, new, r1_32, rll32, 0)
> +C(0xeb1c, RLLG,RSY_a, Z,   r3_o, sh, r1, 0, rll64, 0)
>  
>  /* ROTATE THEN INSERT SELECTED BITS */
>  C(0xec55, RISBG,   RIE_f, GIE, 0, r2, r1, 0, risbg, s64)
> @@ -784,29 +784,29 @@
>  C(0x0400, SPM, RR_a,  Z,   r1, 0, 0, 0, spm, 0)
>  
>  /* SHIFT LEFT SINGLE */
> -D(0x8b00, SLA, RS_a,  Z,   r1, sh32, new, r1_32, sla, 0, 31)
> -D(0xebdd, SLAK,RSY_a, DO,  r3, sh32, new, r1_32, sla, 0, 31)
> -D(0xeb0b, SLAG,RSY_a, Z,   r3, sh64, r1, 0, sla, 0, 63)
> +D(0x8b00, SLA, RS_a,  Z,   r1, sh, new, r1_32, sla, 0, 31)
> +D(0xebdd, SLAK,RSY_a, DO,  r3, sh, new, r1_32, sla, 0, 31)
> +D(0xeb0b, SLAG,RSY_a, Z,   r3, sh, r1, 0, sla, 0, 63)
>  /* SHIFT LEFT SINGLE LOGICAL */
> -C(0x8900, SLL, RS_a,  Z,   r1_o, sh32, new, r1_32, sll, 0)
> -C(0xebdf, SLLK,RSY_a, DO,  r3_o, sh32, new, r1_32, sll, 0)
> -C(0xeb0d, SLLG,RSY_a, Z,   r3_o, sh64, r1, 0, sll, 0)
> +C(0x8900, SLL, RS_a,  Z,   r1_o, sh, new, r1_32, sll, 0)
> +C(0xebdf, SLLK,RSY_a, DO,  r3_o, sh, new, r1_32, sll, 0)
> +C(0xeb0d, SLLG,RSY_a, Z,   r3_o, sh, r1, 0, sll, 0)
>  /* SHIFT RIGHT SINGLE */
> -C(0x8a00, SRA, RS_a,  Z,   r1_32s, sh32, new, r1_32, sra, s32)
> -C(0xebdc, SRAK,RSY_a, DO,  r3_32s, sh32, new, r1_32, sra, s32)
> -C(0xeb0a, SRAG,RSY_a, Z,   r3_o, sh64, r1, 0, sra, s64)
> +C(0x8a00, SRA, RS_a,  Z,   r1_32s, sh, new, r1_32, sra, s32)
> +C(0xebdc, SRAK,RSY_a, DO,  r3_32s, sh, new, r1_32, sra, s32)
> +C(0xeb0a, SRAG,RSY_a, Z,   r3_o, sh, r1, 0, sra, s64)
>  /* SHIFT RIGHT SINGLE LOGICAL */
> -C(0x8800, SRL, RS_a,  Z,   r1_32u, sh32, new, r1_32, srl, 0)
> -C(0xebde, SRLK,RSY_a, DO,  r3_32u, sh32, new, r1_32, srl, 0)
> -C(0xeb0c, SRLG,RSY_a, Z,   r3_o, sh64, r1, 0, srl, 0)
> +C(0x8800, SRL, RS_a,  Z,   r1_32u, sh, new, r1_32, srl, 0)
> +C(0xebde, SRLK,RSY_a, DO,  r3_32u, sh, new, r1_32, srl, 0)
> +C(0xeb0c, SRLG,RSY_a, Z,   r3_o, sh, r1, 0, srl, 0)
>  /* SHIFT LEFT DOUBLE */
> -D(0x8f00, SLDA,RS_a,  Z,   r1_D32, sh64, new, r1_D32, sla, 0, 63)
> +D(0x8f00, SLDA,RS_a,  Z,   r1_D32, sh, new, r1_D32, sla, 0, 63)
>  /* SHIFT LEFT DOUBLE LOGICAL */
> -C(0x8d00, SLDL,RS_a,  Z,   r1_D32, sh64, new, r1_D32, sll, 0)
> +C(0x8d00, SLDL,RS_a,  Z,   r1_D32, sh, new, r1_D32, sll, 0)
>  /* SHIFT RIGHT DOUBLE */
> -C(0x8e00, SRDA,RS_a,  Z,   r1_D32, sh64, new, r1_D32, sra, s64)
> +C(0x8e00, SRDA,RS_a,  Z,   r1_D32, sh, new, r1_D32, sra, s64)
>  /* SHIFT RIGHT DOUBLE LOGICAL */
> -C(0x8c00, SRDL,RS_a,  Z,   r1_D32, sh64, new, r1_D32, srl, 0)
> +C(0x8c00, SRDL,RS_a,  Z,   r1_D32, sh, new, r1_D32, srl, 0)
>  
>  /* SQUARE ROOT */
>  F(0xb314, SQEBR,   RRE,   Z,   0, e2, new, e1, sqeb, 0, IF_BFP)
> diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
> index 68ca7e476a..5a2b609d0f 100644
> --- a/target/s390x/tcg/translate.c
> +++ b/target/s390x/tcg/translate.c
> @@ -1178,19 +1178,6 @@ struct DisasInsn {
>  /* == */
>  /* Miscellaneous helpers, used by several operations.  */
>  
> -static void help_l2_shift(DisasContext *s, DisasOps *o, int mask)
> -{
> -int b2 = get_field(s, b2);
> -int d2 = get_field(s, d2);
> -
> -if (b2 == 0) {
> -o->in2 = tcg_const_i64(d2 & mask);
> -} else {
> -o->in2 = get_address(s, 0, b2, d2);
> -tcg_gen_andi_i64(o->in2, o->in2, mask);
> -}
> -}
> -
>  static DisasJumpType help_goto_direct(DisasContext *s, uint64_t dest)
>  {
>  if (dest == s->pc_tmp) {
> @@ -5923,17 +5910,19 @@ static void in2_ri2(DisasContext *s, DisasOps *o)
>  }
>  #define SPEC_in2_ri2 0
>  
> -static void in2_sh32(DisasContext *s, DisasOps *o)
> +static void in2_sh(DisasContext *s, DisasOps *o)
>  {
> -help_l2_shift(s, o, 31);
> -}
> -#define SPEC_in2_sh32 0
> +int b2 = get_field(s, b2);
> +int d2 = get_field(s, d2);
>  
> -static void in2_sh64(DisasContext *s, DisasOps *o)
> -{
> -help_l2_shift(s, o, 63);
> 

[PATCH v2 0/2] Supporting AST2600 HACE engine accumulative mode

[Troy Lee]

This patch series implements ast2600 hace engine with accumulative mode
and unit test against to it.

Changes in v2:
- Coding style
- Add accumulative mode description in comment
- Add unit test cases

Troy Lee (2):
  hw/misc: Supporting AST2600 HACE accumulative mode
  tests/qtest: Add test for Aspeed HACE accumulative mode

 hw/misc/aspeed_hace.c  |  43 --
 include/hw/misc/aspeed_hace.h  |   1 +
 tests/qtest/aspeed_hace-test.c | 145 +
 3 files changed, 181 insertions(+), 8 deletions(-)

-- 
2.25.1

[PATCH] hw/usb/dev-wacom: add missing HID descriptor

[Dario Binacchi]

Linux need to fill up the HID descriptor in order to let the driver be
emulated. The descriptor was downloaded from [1]. The patch was tested
with evtest tool on top of qemu 5.2.0 with linux kernel 4.19.208.

[1] 
https://github.com/linuxwacom/wacom-hid-descriptors/tree/master/Wacom%20PenPartner

Signed-off-by: Michael Trimarchi 
Co-developed-by: Michael Trimarchi 
Signed-off-by: Dario Binacchi 
---

 hw/usb/dev-wacom.c | 72 +-
 1 file changed, 71 insertions(+), 1 deletion(-)

diff --git a/hw/usb/dev-wacom.c b/hw/usb/dev-wacom.c
index ed687bc9f1eb..8323650c6a4d 100644
--- a/hw/usb/dev-wacom.c
+++ b/hw/usb/dev-wacom.c
@@ -69,6 +69,65 @@ static const USBDescStrings desc_strings = {
 [STR_SERIALNUMBER] = "1",
 };
 
+static const uint8_t qemu_wacom_hid_report_descriptor[] = {
+0x05, 0x01,  /* Usage Page (Desktop) */
+0x09, 0x02,  /* Usage (Mouse) */
+0xa1, 0x01,  /* Collection (Application) */
+0x85, 0x01,  /*Report ID (1) */
+0x09, 0x01,  /*Usage (Pointer) */
+0xa1, 0x00,  /*Collection (Physical) */
+0x05, 0x09,  /*   Usage Page (Button) */
+0x19, 0x01,  /*   Usage Minimum (01h) */
+0x29, 0x03,  /*   Usage Maximum (03h) */
+0x15, 0x00,  /*   Logical Minimum (0) */
+0x25, 0x01,  /*   Logical Maximum (1) */
+0x95, 0x03,  /*   Report Count (3) */
+0x75, 0x01,  /*   Report Size (1) */
+0x81, 0x02,  /*   Input (Data, Variable, Absolute) */
+0x95, 0x01,  /*   Report Count (1) */
+0x75, 0x05,  /*   Report Size (5) */
+0x81, 0x01,  /*   Input (Constant) */
+0x05, 0x01,  /*   Usage Page (Desktop) */
+0x09, 0x30,  /*   Usage (X) */
+0x09, 0x31,  /*   Usage (Y) */
+0x09, 0x38,  /*   Usage (Wheel) */
+0x15, 0x81,  /*   Logical Minimum (-127) */
+0x25, 0x7f,  /*   Logical Maximum (127) */
+0x75, 0x08,  /*   Report Size (8) */
+0x95, 0x03,  /*   Report Count (3) */
+0x81, 0x06,  /*   Input (Data, Variable, Relative) */
+0x95, 0x03,  /*   Report Count (3) */
+0x81, 0x01,  /*   Input (Constant) */
+0xc0,/*End Collection */
+0xc0,/* End Collection */
+0x05, 0x0d,  /* Usage Page (Digitizer) */
+0x09, 0x01,  /* Usage (Digitizer) */
+0xa1, 0x01,  /* Collection (Application) */
+0x85, 0x02,  /*Report ID (2) */
+0xa1, 0x00,  /*Collection (Physical) */
+0x06, 0x00, 0xff,/*   Usage Page (ff00h), vendor-defined */
+0x09, 0x01,  /*   Usage (01h) */
+0x15, 0x00,  /*   Logical Minimum (0) */
+0x26, 0xff, 0x00,/*   Logical Maximum (255) */
+0x75, 0x08,  /*   Report Size (8) */
+0x95, 0x07,  /*   Report Count (7) */
+0x81, 0x02,  /*   Input (Data, Variable, Absolute) */
+0xc0,/*End Collection */
+0x09, 0x01,  /*Usage (01h) */
+0x85, 0x63,  /*Report ID (99) */
+0x95, 0x07,  /*Report Count (7) */
+0x81, 0x02,  /*Input (Data, Variable, Absolute) */
+0x09, 0x01,  /*Usage (01h) */
+0x85, 0x02,  /*Report ID (2) */
+0x95, 0x01,  /*Report Count (1) */
+0xb1, 0x02,  /*Feature (Variable) */
+0x09, 0x01,  /*Usage (01h) */
+0x85, 0x03,  /*Report ID (3) */
+0x95, 0x01,  /*Report Count (1) */
+0xb1, 0x02,  /*Feature (Variable) */
+0xc0 /* End Collection */
+};
+
 static const USBDescIface desc_iface_wacom = {
 .bInterfaceNumber  = 0,
 .bNumEndpoints = 1,
@@ -86,7 +145,7 @@ static const USBDescIface desc_iface_wacom = {
 0x00,  /*  u8  country_code */
 0x01,  /*  u8  num_descriptors */
 USB_DT_REPORT, /*  u8  type: Report */
-0x6e, 0,   /*  u16 len */
+sizeof(qemu_wacom_hid_report_descriptor), 0, /*  u16 len */
 },
 },
 },
@@ -266,6 +325,17 @@ static void usb_wacom_handle_control(USBDevice *dev, 
USBPacket *p,
 }
 
 switch (request) {
+case InterfaceRequest | USB_REQ_GET_DESCRIPTOR:
+switch (value >> 8) {
+case 0x22:
+memcpy(data, qemu_wacom_hid_report_descriptor,
+   sizeof(qemu_wacom_hid_report_descriptor));
+p->actual_length = sizeof(qemu_wacom_hid_report_descriptor);
+break;
+default:
+return;
+}
+break;
 case WACOM_SET_REPORT:
 if (s->mouse_grabbed) {
 qemu_remove_mouse_event_handler(s->eh_entry);
-- 
2.32.0

[PATCH v2 1/2] hw/misc: Supporting AST2600 HACE accumulative mode

[Troy Lee]

Accumulative mode will supply a initial state and append padding bit at
the end of hash stream.  However, the crypto library will padding those
bit automatically, so ripped it off from iov array.

The aspeed ast2600 acculumative mode is described in datasheet
ast2600v10.pdf section 25.6.4:
 1. Allocationg and initiating accumulative hash digest write buffer
with initial state.
* Since QEMU crypto/hash api doesn't provide the API to set initial
  state of hash library, and the initial state is already setted by
  crypto library (gcrypt/glib/...), so skip this step.
 2. Calculating accumulative hash digest.
(a) When receiving the last accumulative data, software need to add
padding message at the end of the accumulative data. Padding
message described in specific of MD5, SHA-1, SHA224, SHA256,
SHA512, SHA512/224, SHA512/256.
* Since the crypto library (gcrypt/glib) already pad the
  padding message internally.
* This patch is to remove the padding message which fed byguest
  machine driver.

Changes in v2:
- Coding style
- Add accumulative mode description in comment

Signed-off-by: Troy Lee 
---
 hw/misc/aspeed_hace.c | 43 ---
 include/hw/misc/aspeed_hace.h |  1 +
 2 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/hw/misc/aspeed_hace.c b/hw/misc/aspeed_hace.c
index 10f00e65f4..0710f44621 100644
--- a/hw/misc/aspeed_hace.c
+++ b/hw/misc/aspeed_hace.c
@@ -11,6 +11,7 @@
 #include "qemu/osdep.h"
 #include "qemu/log.h"
 #include "qemu/error-report.h"
+#include "qemu/bswap.h"
 #include "hw/misc/aspeed_hace.h"
 #include "qapi/error.h"
 #include "migration/vmstate.h"
@@ -27,6 +28,7 @@
 
 #define R_HASH_SRC  (0x20 / 4)
 #define R_HASH_DEST (0x24 / 4)
+#define R_HASH_KEY_BUFF (0x28 / 4)
 #define R_HASH_SRC_LEN  (0x2c / 4)
 
 #define R_HASH_CMD  (0x30 / 4)
@@ -94,7 +96,8 @@ static int hash_algo_lookup(uint32_t reg)
 return -1;
 }
 
-static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode)
+static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode,
+  bool acc_mode)
 {
 struct iovec iov[ASPEED_HACE_MAX_SG];
 g_autofree uint8_t *digest_buf;
@@ -103,6 +106,7 @@ static void do_hash_operation(AspeedHACEState *s, int algo, 
bool sg_mode)
 
 if (sg_mode) {
 uint32_t len = 0;
+uint32_t total_len = 0;
 
 for (i = 0; !(len & SG_LIST_LEN_LAST); i++) {
 uint32_t addr, src;
@@ -123,10 +127,26 @@ static void do_hash_operation(AspeedHACEState *s, int 
algo, bool sg_mode)
 MEMTXATTRS_UNSPECIFIED, NULL);
 addr &= SG_LIST_ADDR_MASK;
 
-iov[i].iov_len = len & SG_LIST_LEN_MASK;
-plen = iov[i].iov_len;
+plen = len & SG_LIST_LEN_MASK;
 iov[i].iov_base = address_space_map(&s->dram_as, addr, &plen, 
false,
 MEMTXATTRS_UNSPECIFIED);
+
+if (acc_mode) {
+total_len += plen;
+
+if (len & SG_LIST_LEN_LAST) {
+/*
+ * In the padding message, the last 64/128 bit represents
+ * the total length of bitstream in big endian.
+ * SHA-224, SHA-256 are 64 bit
+ * SHA-384, SHA-512, SHA-512/224, SHA-512/256 are 128 bit
+ * However, we would not process such a huge bit stream.
+ */
+plen -= total_len - (ldq_be_p(iov[i].iov_base + plen - 8) 
/ 8);
+}
+}
+
+iov[i].iov_len = plen;
 }
 } else {
 hwaddr len = s->regs[R_HASH_SRC_LEN];
@@ -210,6 +230,9 @@ static void aspeed_hace_write(void *opaque, hwaddr addr, 
uint64_t data,
 case R_HASH_DEST:
 data &= ahc->dest_mask;
 break;
+case R_HASH_KEY_BUFF:
+data &= ahc->key_mask;
+break;
 case R_HASH_SRC_LEN:
 data &= 0x0FFF;
 break;
@@ -229,12 +252,13 @@ static void aspeed_hace_write(void *opaque, hwaddr addr, 
uint64_t data,
 }
 algo = hash_algo_lookup(data);
 if (algo < 0) {
-qemu_log_mask(LOG_GUEST_ERROR,
-"%s: Invalid hash algorithm selection 0x%"PRIx64"\n",
-__func__, data & ahc->hash_mask);
-break;
+qemu_log_mask(LOG_GUEST_ERROR,
+"%s: Invalid hash algorithm selection 0x%"PRIx64"\n",
+__func__, data & ahc->hash_mask);
+break;
 }
-do_hash_operation(s, algo, data & HASH_SG_EN);
+do_hash_operation(s, algo, data & HASH_SG_EN,
+((data & HASH_HMAC_MASK) == HASH_DIGEST_ACCUM));
 
 if (data & HASH_IRQ_EN) {
 qemu_irq_raise(s->irq);
@@ -333,6 +357,7 @@ static void aspeed_ast2400_hace_c

Re: [PATCH v2 5/5] tests/tcg/s390x: Test shift instructions

[David Hildenbrand]

On 12.01.22 05:39, Ilya Leoshkevich wrote:
> Add a test for each shift instruction in order to to prevent
> regressions.
> 
> Signed-off-by: Ilya Leoshkevich 
> ---
>  tests/tcg/s390x/Makefile.target |   1 +
>  tests/tcg/s390x/shift.c | 258 
>  2 files changed, 259 insertions(+)
>  create mode 100644 tests/tcg/s390x/shift.c
> 
> diff --git a/tests/tcg/s390x/Makefile.target b/tests/tcg/s390x/Makefile.target
> index cc64dd32d2..1a7238b4eb 100644
> --- a/tests/tcg/s390x/Makefile.target
> +++ b/tests/tcg/s390x/Makefile.target
> @@ -9,6 +9,7 @@ TESTS+=exrl-trtr
>  TESTS+=pack
>  TESTS+=mvo
>  TESTS+=mvc
> +TESTS+=shift
>  TESTS+=trap
>  TESTS+=signals-s390x
>  
> diff --git a/tests/tcg/s390x/shift.c b/tests/tcg/s390x/shift.c
> new file mode 100644
> index 00..73bac9d255
> --- /dev/null
> +++ b/tests/tcg/s390x/shift.c
> @@ -0,0 +1,258 @@
> +#include 
> +#include 
> +#include 
> +
> +#define DEFINE_SHIFT_SINGLE_COMMON(name, insn_str) \
> +static uint64_t name(uint64_t op1, uint64_t op2, uint64_t *cc) \
> +{ \
> +asm("spm %[cc]\n" \
> +"" insn_str "\n" \
> +"ipm %[cc]" \
> +: [op1] "+&r" (op1), \
> +  [cc] "+r" (*cc) \
> +: [op2] "r" (op2) \
> +: "cc"); \
> +return op1; \
> +}

It might help to highlight the macro parameter like

s/name/NAME/ or s/name/_name/


> +#define DEFINE_SHIFT_SINGLE_2(insn, offset) \
> +DEFINE_SHIFT_SINGLE_COMMON(insn ## _ ## offset, \
> +   #insn " %[op1]," #offset "(%[op2])")
> +#define DEFINE_SHIFT_SINGLE_3(insn, offset) \
> +DEFINE_SHIFT_SINGLE_COMMON(insn ## _ ## offset, \
> +   #insn " %[op1],%[op1]," #offset "(%[op2])")
> +#define DEFINE_SHIFT_DOUBLE(insn, offset) \
> +static uint64_t insn ## _ ## offset(uint64_t op1, uint64_t op2, \
> +uint64_t *cc) \
> +{ \
> +uint32_t op1h = op1 >> 32; \
> +uint32_t op1l = op1 & 0x; \
> +register uint32_t r2 asm("2") = op1h; \
> +register uint32_t r3 asm("3") = op1l; \
> +\
> +asm("spm %[cc]\n" \
> +"" #insn " %[r2]," #offset "(%[op2])\n" \
> +"ipm %[cc]" \
> +: [r2] "+&r" (r2), \
> +  [r3] "+&r" (r3), \
> +  [cc] "+r" (*cc) \
> +: [op2] "r" (op2) \
> +: "cc"); \
> +op1h = r2; \
> +op1l = r3; \
> +return (((uint64_t)op1h) << 32) | op1l; \
> +}
> +
> +DEFINE_SHIFT_SINGLE_3(rll, 0x4cf3b);
> +DEFINE_SHIFT_SINGLE_3(rllg, 0x697c9);
> +DEFINE_SHIFT_SINGLE_2(sla, 0x4b0);
> +DEFINE_SHIFT_SINGLE_2(sla, 0xd54);
> +DEFINE_SHIFT_SINGLE_3(slak, 0x2832c);
> +DEFINE_SHIFT_SINGLE_3(slag, 0x66cc4);
> +DEFINE_SHIFT_SINGLE_2(sll, 0xd04);
> +DEFINE_SHIFT_SINGLE_3(sllk, 0x2699f);
> +DEFINE_SHIFT_SINGLE_3(sllg, 0x59df9);
> +DEFINE_SHIFT_SINGLE_2(sra, 0x67e);
> +DEFINE_SHIFT_SINGLE_3(srak, 0x60943);
> +DEFINE_SHIFT_SINGLE_3(srag, 0x6b048);
> +DEFINE_SHIFT_SINGLE_2(srl, 0x035);
> +DEFINE_SHIFT_SINGLE_3(srlk, 0x43dfc);
> +DEFINE_SHIFT_SINGLE_3(srlg, 0x27227);
> +DEFINE_SHIFT_DOUBLE(slda, 0x38b);
> +DEFINE_SHIFT_DOUBLE(sldl, 0x031);
> +DEFINE_SHIFT_DOUBLE(srda, 0x36f);
> +DEFINE_SHIFT_DOUBLE(srdl, 0x99a);
> +
> +struct shift_test {
> +const char *name;
> +uint64_t (*insn)(uint64_t, uint64_t, uint64_t *);
> +uint64_t op1;
> +uint64_t op2;
> +uint64_t exp_result;
> +uint64_t exp_cc;
> +};
> +
> +static const struct shift_test tests[] = {
> +{
> +.name = "rll",
> +.insn = rll_0x4cf3b,
> +.op1 = 0xecbd589a45c248f5ull,
> +.op2 = 0x62e5508ccb4c99fdull,
> +.exp_result = 0xecbd589af545c248ull,
> +.exp_cc = 0,
> +},
> +{
> +.name = "rllg",
> +.insn = rllg_0x697c9,
> +.op1 = 0xaa2d54c1b729f7f4ull,
> +.op2 = 0x5ffcf7465f5cd71full,
> +.exp_result = 0x29f7f4aa2d54c1b7ull,
> +.exp_cc = 0,
> +},
> +{
> +.name = "sla-1",
> +.insn = sla_0x4b0,
> +.op1 = 0x8bf21fb67cca0e96ull,
> +.op2 = 0x3ddf2f53347d3030ull,
> +.exp_result = 0x8bf21fb6ull,
> +.exp_cc = 3,
> +},
> +{
> +.name = "sla-2",
> +.insn = sla_0xd54,
> +.op1 = 0xe4faaed5def0e926ull,
> +.op2 = 0x18d586fab239cbeeull,
> +.exp_result = 0xe4faaed5fbc3a498ull,
> +.exp_cc = 3,
> +},
> +{
> +.name = "slak",
> +.insn = slak_0x2832c,
> +.op1 = 0x7300bf78707f09f9ull,
> +.op2 = 0x4d193b85bb5cb39bull,
> +.exp_result = 0x7300bf783f84fc80ull,
> +.exp_cc = 3,
> +},
> +{
> +.name = "slag",
> +.insn = slag_0x66cc4,
> +.op1 = 0xe805966de1a77762ull,
> +.op2 = 0x0e92953f6aa91c6bull,
> +.exp_result = 0xbbb1ull,
> +.exp_cc = 3,
> +},
> +

Re: [PATCH v3 09/10] hw/dma: Move ScatterGatherEntry / QEMUSGList declarations around

[David Hildenbrand]

On 11.01.22 19:43, Philippe Mathieu-Daudé wrote:
> In the next commit we will use the dma_addr_t type in the QEMUSGList
> structure. Since currently dma_addr_t is defined after QEMUSGList,
> move the declarations to have dma_addr_t defined first. This is a
> pure code-movement patch.

Oh, that was the underlying reason for the movement. Anyhow, this
certainly makes the next patch easier to review

Reviewed-by: David Hildenbrand 

> 
> Suggested-by: David Hildenbrand 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/sysemu/dma.h | 22 +++---
>  1 file changed, 11 insertions(+), 11 deletions(-)
> 
> diff --git a/include/sysemu/dma.h b/include/sysemu/dma.h
> index 0db2478a506..c992d9d5d6b 100644
> --- a/include/sysemu/dma.h
> +++ b/include/sysemu/dma.h
> @@ -15,22 +15,11 @@
>  #include "block/block.h"
>  #include "block/accounting.h"
>  
> -typedef struct ScatterGatherEntry ScatterGatherEntry;
> -
>  typedef enum {
>  DMA_DIRECTION_TO_DEVICE = 0,
>  DMA_DIRECTION_FROM_DEVICE = 1,
>  } DMADirection;
>  
> -struct QEMUSGList {
> -ScatterGatherEntry *sg;
> -int nsg;
> -int nalloc;
> -size_t size;
> -DeviceState *dev;
> -AddressSpace *as;
> -};
> -
>  /*
>   * When an IOMMU is present, bus addresses become distinct from
>   * CPU/memory physical addresses and may be a different size.  Because
> @@ -43,6 +32,17 @@ typedef uint64_t dma_addr_t;
>  #define DMA_ADDR_BITS 64
>  #define DMA_ADDR_FMT "%" PRIx64
>  
> +typedef struct ScatterGatherEntry ScatterGatherEntry;
> +
> +struct QEMUSGList {
> +ScatterGatherEntry *sg;
> +int nsg;
> +int nalloc;
> +size_t size;
> +DeviceState *dev;
> +AddressSpace *as;
> +};
> +
>  static inline void dma_barrier(AddressSpace *as, DMADirection dir)
>  {
>  /*


-- 
Thanks,

David / dhildenb

Re: [PATCH v2 3/5] target/s390x: Fix cc_calc_sla_64() missing overflows

[David Hildenbrand]

On 12.01.22 05:39, Ilya Leoshkevich wrote:
> An overflow occurs for SLAG when at least one shifted bit is not equal
> to sign bit. Therefore, we need to check that `shift + 1` bits are
> neither all 0s nor all 1s. The current code checks only `shift` bits,
> missing some overflows.

Right, "shifted + 1" here means, the shifted bits + the sign bit.

But doesn't the

if (src & sign) {
match = mask;
} else {
match = 0;
}

logic handle that?

If the sign is false, the shifted bits (mask) have to be 0.
If the sign bit is true, the shifted bits (mask) have to be set.

Do you have an example that would be broken?

> 
> Fixes: cbe24bfa91d2 ("target-s390: Convert SHIFT, ROTATE SINGLE")
> Signed-off-by: Ilya Leoshkevich 
> ---
>  target/s390x/tcg/cc_helper.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/target/s390x/tcg/cc_helper.c b/target/s390x/tcg/cc_helper.c
> index c2c96c3a3c..b6acffa3e8 100644
> --- a/target/s390x/tcg/cc_helper.c
> +++ b/target/s390x/tcg/cc_helper.c
> @@ -297,7 +297,8 @@ static uint32_t cc_calc_sla_32(uint32_t src, int shift)
>  
>  static uint32_t cc_calc_sla_64(uint64_t src, int shift)
>  {
> -uint64_t mask = ((1ULL << shift) - 1ULL) << (64 - shift);
> +/* Do not use (1ULL << (shift + 1)): it triggers UB when shift is 63.  */
> +uint64_t mask = 1ULL << shift) - 1) << 1) + 1) << (64 - (shift + 1));
>  uint64_t sign = 1ULL << 63;
>  uint64_t match;
>  int64_t r;

This looks like some black magic :)

-- 
Thanks,

David / dhildenb

Re: [PATCH v3 01/10] stubs: Restrict fw_cfg to system emulation

[David Hildenbrand]

On 11.01.22 19:43, Philippe Mathieu-Daudé wrote:
> fw_cfg_arch_key_name() stub is only required for sysemu.
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  stubs/meson.build | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/stubs/meson.build b/stubs/meson.build
> index 71469c1d50a..363f6fa785d 100644
> --- a/stubs/meson.build
> +++ b/stubs/meson.build
> @@ -11,7 +11,6 @@
>  stub_ss.add(files('dump.c'))
>  stub_ss.add(files('error-printf.c'))
>  stub_ss.add(files('fdset.c'))
> -stub_ss.add(files('fw_cfg.c'))
>  stub_ss.add(files('gdbstub.c'))
>  stub_ss.add(files('get-vm-name.c'))
>  if linux_io_uring.found()
> @@ -51,6 +50,7 @@
>stub_ss.add(files('replay-tools.c'))
>  endif
>  if have_system
> +  stub_ss.add(files('fw_cfg.c'))
>stub_ss.add(files('semihost.c'))
>stub_ss.add(files('usb-dev-stub.c'))
>stub_ss.add(files('xen-hw-stub.c'))

Reviewed-by: David Hildenbrand 

-- 
Thanks,

David / dhildenb

Re: [PATCH 1/2] block/rbd: fix handling of holes in .bdrv_co_block_status

[Ilya Dryomov]

On Mon, Jan 10, 2022 at 12:42 PM Peter Lieven  wrote:
>
> the assumption that we can't hit a hole if we do not diff against a snapshot 
> was wrong.
>
> We can see a hole in an image if we diff against base if there exists an 
> older snapshot
> of the image and we have discarded blocks in the image where the snapshot has 
> data.
>
> Fixes: 0347a8fd4c3faaedf119be04c197804be40a384b
> Cc: qemu-sta...@nongnu.org
> Signed-off-by: Peter Lieven 
> ---
>  block/rbd.c | 55 +
>  1 file changed, 34 insertions(+), 21 deletions(-)
>
> diff --git a/block/rbd.c b/block/rbd.c
> index def96292e0..5e9dc91d81 100644
> --- a/block/rbd.c
> +++ b/block/rbd.c
> @@ -1279,13 +1279,24 @@ static int qemu_rbd_diff_iterate_cb(uint64_t offs, 
> size_t len,
>  RBDDiffIterateReq *req = opaque;
>
>  assert(req->offs + req->bytes <= offs);
> -/*
> - * we do not diff against a snapshot so we should never receive a 
> callback
> - * for a hole.
> - */
> -assert(exists);
>
> -if (!req->exists && offs > req->offs) {
> +if (req->exists && offs > req->offs + req->bytes) {
> +/*
> + * we started in an allocated area and jumped over an unallocated 
> area,
> + * req->bytes contains the length of the allocated area before the
> + * unallocated area. stop further processing.
> + */
> +return QEMU_RBD_EXIT_DIFF_ITERATE2;
> +}
> +if (req->exists && !exists) {
> +/*
> + * we started in an allocated area and reached a hole. req->bytes
> + * contains the length of the allocated area before the hole.
> + * stop further processing.
> + */
> +return QEMU_RBD_EXIT_DIFF_ITERATE2;
> +}
> +if (!req->exists && exists && offs > req->offs) {
>  /*
>   * we started in an unallocated area and hit the first allocated
>   * block. req->bytes must be set to the length of the unallocated 
> area
> @@ -1295,17 +1306,19 @@ static int qemu_rbd_diff_iterate_cb(uint64_t offs, 
> size_t len,
>  return QEMU_RBD_EXIT_DIFF_ITERATE2;
>  }
>
> -if (req->exists && offs > req->offs + req->bytes) {
> -/*
> - * we started in an allocated area and jumped over an unallocated 
> area,
> - * req->bytes contains the length of the allocated area before the
> - * unallocated area. stop further processing.
> - */
> -return QEMU_RBD_EXIT_DIFF_ITERATE2;
> -}
> +/*
> + * assert that we caught all cases above and allocation state has not
> + * changed during callbacks.
> + */
> +assert(exists == req->exists || !req->bytes);
> +req->exists = exists;
>
> -req->bytes += len;
> -req->exists = true;
> +/*
> + * assert that we either return an unallocated block or have got 
> callbacks
> + * for all allocated blocks present.
> + */
> +assert(!req->exists || offs == req->offs + req->bytes);
> +req->bytes = offs + len - req->offs;
>
>  return 0;
>  }
> @@ -1354,13 +1367,13 @@ static int coroutine_fn 
> qemu_rbd_co_block_status(BlockDriverState *bs,
>  }
>  assert(req.bytes <= bytes);
>  if (!req.exists) {
> -if (r == 0) {
> +if (r == 0 && !req.bytes) {
>  /*
> - * rbd_diff_iterate2 does not invoke callbacks for unallocated
> - * areas. This here catches the case where no callback was
> - * invoked at all (req.bytes == 0).
> + * rbd_diff_iterate2 does not invoke callbacks for unallocated 
> areas
> + * except for the case where an overlay has a hole where the 
> parent
> + * or an older snapshot of the image has not. This here catches 
> the
> + * case where no callback was invoked at all.
>   */
> -assert(req.bytes == 0);
>  req.bytes = bytes;
>  }
>  status = BDRV_BLOCK_ZERO | BDRV_BLOCK_OFFSET_VALID;
> --
> 2.25.1
>
>

Hi Peter,

Can we just skip these "holes" by replacing the existing assert with
an if statement that would simply bail from the callback on !exists?

Just trying to keep the logic as simple as possible since as it turns
out we get to contend with ages-old librbd bugs here...

Thanks,

Ilya

Re: [PATCH v3 02/10] hw/nvram: Restrict fw_cfg QOM interface to sysemu and tools

[David Hildenbrand]

On 11.01.22 19:43, Philippe Mathieu-Daudé wrote:
> From: Philippe Mathieu-Daudé 
> 
> fw_cfg QOM interface is required by system emulation and
> qemu-storage-daemon. User-mode emulation doesn't need it.
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/nvram/meson.build | 6 --
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/nvram/meson.build b/hw/nvram/meson.build
> index 202a5466e63..f5ee9f6b88c 100644
> --- a/hw/nvram/meson.build
> +++ b/hw/nvram/meson.build
> @@ -1,5 +1,7 @@
> -# QOM interfaces must be available anytime QOM is used.
> -qom_ss.add(files('fw_cfg-interface.c'))
> +if have_system or have_tools
> +  # QOM interfaces must be available anytime QOM is used.
> +  qom_ss.add(files('fw_cfg-interface.c'))
> +endif
>  
>  softmmu_ss.add(files('fw_cfg.c'))
>  softmmu_ss.add(when: 'CONFIG_CHRP_NVRAM', if_true: files('chrp_nvram.c'))

Reviewed-by: David Hildenbrand 

-- 
Thanks,

David / dhildenb

Re: [PULL 0/4] Python patches

[Peter Maydell]

On Mon, 10 Jan 2022 at 23:25, John Snow  wrote:
>
> The following changes since commit de3f5223fa4cf8bfc5e3fe1fd495ddf468edcdf7:
>
>   Merge remote-tracking branch 
> 'remotes/vivier/tags/m68k-for-7.0-pull-request' into staging (2022-01-10 
> 14:43:03 +)
>
> are available in the Git repository at:
>
>   https://gitlab.com/jsnow/qemu.git tags/python-pull-request
>
> for you to fetch changes up to 9ebfc5a583d8aa94bf1bc37c1f71559187fd809c:
>
>   simplebench: Fix Python syntax error (reported by LGTM) (2022-01-10 
> 18:23:10 -0500)
>
> 
> Python pull request
>
> Fixes for the tests that broke during vacation, plus a simple syntax fix
> for a python script.


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/7.0
for any user-visible changes.

-- PMM

Re: [PATCH v14 02/26] target/loongarch: Add core definition

[gaosong]

Hi,

On 2022/1/9 下午5:25, WANG Xuerui wrote:

+    data = FIELD_DP32(data, CPUCFG16, L1_DPRE, 1);
+    data = FIELD_DP32(data, CPUCFG16, L2_IUPRE, 1);
+    data = FIELD_DP32(data, CPUCFG16, L2_IUUNIFY, 1);
+    data = FIELD_DP32(data, CPUCFG16, L2_IUPRIV, 1);
+    data = FIELD_DP32(data, CPUCFG16, L3_IUPRE, 1);
+    data = FIELD_DP32(data, CPUCFG16, L3_IUUNIFY, 1);
+    data = FIELD_DP32(data, CPUCFG16, L3_IUINCL, 1);
+    env->cpucfg[16] = data;
+
+    data = 0;
+    data = FIELD_DP32(data, CPUCFG17, L1IU_WAYS, 0x8003);


This seems out-of-place, according to the manual this field is Way-1 
for the L1I cache, so you have 0x8004=32772 ways in this cache?


Same for all similar constructions below.


I have time to reply to your comment now.

As in the previous comments, I don't remember which one,these values should be 
the same as the values of the physical environment. I dumped 'CPUCFG17' value 
again,
the value is no problem. Maybe you didn't think about dumping these values when 
you commented. The value of  'L11U_SIZE' is dumped to be 0. and cpucfg[i] has 
been
initialized to 0 before. There is no need to set it again.

Thanks
Song

Re: [RFC PATCH v3 22/27] hw/loongarch: Add some devices support for 3A5000.

[maobibo]

On 12/23/2021 06:52 PM, Mark Cave-Ayland wrote:
> On 22/12/2021 08:26, yangxiaojuan wrote:
> 
>> Hi, Mark
>>
>> On 12/18/2021 06:02 PM, Mark Cave-Ayland wrote:
>>> On 04/12/2021 12:07, Xiaojuan Yang wrote:
>>>
 1.Add uart,virtio-net,vga and usb for 3A5000.
 2.Add irq set and map for the pci host. Non pci device
 use irq 0-16, pci device use 16-64.
 3.Add some unimplented device to emulate guest unused
 memory space.

 Signed-off-by: Xiaojuan Yang 
 Signed-off-by: Song Gao 
 ---
    hw/loongarch/Kconfig    |  8 +
    hw/loongarch/loongson3.c    | 63 +++--
    hw/pci-host/ls7a.c  | 42 +-
    include/hw/intc/loongarch_ipi.h |  2 ++
    include/hw/pci-host/ls7a.h  |  4 +++
    softmmu/qdev-monitor.c  |  3 +-
    6 files changed, 117 insertions(+), 5 deletions(-)

 diff --git a/hw/loongarch/Kconfig b/hw/loongarch/Kconfig
 index 468e3acc74..9ea3b92708 100644
 --- a/hw/loongarch/Kconfig
 +++ b/hw/loongarch/Kconfig
 @@ -1,5 +1,13 @@
    config LOONGSON3_LS7A
    bool
 +    imply VGA_PCI
 +    imply VIRTIO_VGA
 +    imply PARALLEL
 +    imply PCI_DEVICES
 +    select ISA_BUS
 +    select SERIAL
 +    select SERIAL_ISA
 +    select VIRTIO_PCI
    select PCI_EXPRESS_7A
    select LOONGARCH_IPI
    select LOONGARCH_PCH_PIC
 diff --git a/hw/loongarch/loongson3.c b/hw/loongarch/loongson3.c
 index c42f830208..e4a02e7c18 100644
 --- a/hw/loongarch/loongson3.c
 +++ b/hw/loongarch/loongson3.c
 @@ -10,8 +10,11 @@
    #include "qemu/datadir.h"
    #include "qapi/error.h"
    #include "hw/boards.h"
 +#include "hw/char/serial.h"
    #include "sysemu/sysemu.h"
    #include "sysemu/qtest.h"
 +#include "hw/irq.h"
 +#include "net/net.h"
    #include "sysemu/runstate.h"
    #include "sysemu/reset.h"
    #include "hw/loongarch/loongarch.h"
 @@ -20,6 +23,7 @@
    #include "hw/intc/loongarch_pch_pic.h"
    #include "hw/intc/loongarch_pch_msi.h"
    #include "hw/pci-host/ls7a.h"
 +#include "hw/misc/unimp.h"
    static void loongarch_cpu_reset(void *opaque)
 @@ -91,11 +95,12 @@ static void sysbus_mmio_map_loongarch(SysBusDevice 
 *dev, int n,
    memory_region_add_subregion(iocsr, addr, dev->mmio[n].memory);
    }
    -static void loongson3_irq_init(MachineState *machine)
 +static PCIBus *loongson3_irq_init(MachineState *machine)
    {
    LoongArchMachineState *lams = LOONGARCH_MACHINE(machine);
 -    DeviceState *ipi, *extioi, *pch_pic, *pch_msi, *cpudev;
 +    DeviceState *ipi, *extioi, *pch_pic, *pch_msi, *cpudev, *pciehost;
    SysBusDevice *d;
 +    PCIBus *pci_bus;
    int cpu, pin, i;
    unsigned long ipi_addr;
    @@ -135,6 +140,10 @@ static void loongson3_irq_init(MachineState 
 *machine)
    sysbus_realize_and_unref(d, &error_fatal);
    sysbus_mmio_map(d, 0, LS7A_IOAPIC_REG_BASE);
    +    serial_mm_init(get_system_memory(), LS7A_UART_BASE, 0,
 +   qdev_get_gpio_in(pch_pic, LS7A_UART_IRQ - 
 PCH_PIC_IRQ_OFFSET),
 +   115200, serial_hd(0), DEVICE_LITTLE_ENDIAN);
 +
    /* Connect 64 pch_pic irqs to extioi */
    for (int i = 0; i < PCH_PIC_IRQ_NUM; i++) {
    sysbus_connect_irq(d, i, qdev_get_gpio_in(extioi, i));
 @@ -149,6 +158,35 @@ static void loongson3_irq_init(MachineState *machine)
    sysbus_connect_irq(d, i,
   qdev_get_gpio_in(extioi, i + 
 PCH_MSI_IRQ_START));
    }
 +
 +    pciehost = qdev_new(TYPE_LS7A_HOST_DEVICE);
 +    d = SYS_BUS_DEVICE(pciehost);
 +    sysbus_realize_and_unref(d, &error_fatal);
 +    pci_bus = PCI_HOST_BRIDGE(pciehost)->bus;
 +
 +    /* Connect 48 pci irq to pch_pic */
 +    for (i = 0; i < LS7A_PCI_IRQS; i++) {
 +    qdev_connect_gpio_out(pciehost, i,
 +  qdev_get_gpio_in(pch_pic, i + 
 LS7A_DEVICE_IRQS));
 +    }
 +
 +    return pci_bus;
 +}
 +
 +/* Network support */
 +static void network_init(PCIBus *pci_bus)
 +{
 +    int i;
 +
 +    for (i = 0; i < nb_nics; i++) {
 +    NICInfo *nd = &nd_table[i];
 +
 +    if (!nd->model) {
 +    nd->model = g_strdup("virtio");
 +    }
 +
 +    pci_nic_init_nofail(nd, pci_bus, nd->model, NULL);
 +    }
    }
  static void loongson3_init(MachineState *machine)
 @@ -161,6 +199,7 @@ static void loongson3_init(MachineState *machine)
    MemoryRegion *address_space_mem = get_system_memory();
    LoongArchMachineState *lams = LOONGARCH_MACHINE(machine);
    int i;
 +    PCIBu

Re: RFC: QMP configuration - allocating/setting qdev array properties?

[Damien Hedde]

Hi Mirela,

On 1/11/22 17:54, Mirela Grujic wrote:

Hi,


While working on a prototype and configuring a whole machine using QMP 
we run into the following scenario.



Some device models use array properties. The array is allocated when 
len- property is set, then, individual elements of the array 
can be set as any other property (see description above the 
DEFINE_PROP_ARRAY definition in qdev-properties.h for more details). We 
need to do both (allocate the array and set its elements) before the 
device can be realized. Attempting to set len- and array 
elements in a single device_add command does not work because the order 
of setting properties is not guaranteed, i.e. we're likely attempting to 
set an element of the array that's not yet allocated.


It happens because device options are stored in an optdict. When this 
optdict is traversed to set the qdev-properties, no specific order is used.


Better json format support would probably solve this issue in the 
long-term. But right now, we are stuck with the optdict in the middle 
which do not support advanced structure like lists or dictionaries.


We could solve this by being more "smart" in when setting the 
properties. I'm not sure we can be really smart here and detect which 
options is an array length but we could at least have some heuristic and 
for example: set first "len-xxx" properties so that array will be 
allocated before being filled.




Allowing the device initialize and realize phases to be split would 
solve this problem. For example, the device_add would be issued with 
'realized=false', we can set the len- in the same device_add 
command or a following qom-set command, then we would use a sequence of 
qom-set commands to set array elements, and at the end, we would realize 
the device by issuing qom-set path= property=realized 
value=true. This is what we currently do in our prototype.


I think that is a bad idea. Because then the user would have access to a 
"not-realized" device (which is really a not-constructed object).
It could then do anything with the object (which might work or not 
might). And at the end, maybe realize will fail and that would leave 
qemu in a inconsistent state: the object will be used somewhere and at 
the same time it will be a state where it is not usable.


Thanks,
Damien

Re: [PATCH 2/2] block/rbd: workaround for ceph issue #53784

[Ilya Dryomov]

On Mon, Jan 10, 2022 at 12:43 PM Peter Lieven  wrote:
>
> librbd had a bug until early 2022 that affected all versions of ceph that
> supported fast-diff. This bug results in reporting of incorrect offsets
> if the offset parameter to rbd_diff_iterate2 is not object aligned.
> Work around this bug by rounding down the offset to object boundaries.
>
> Fixes: https://tracker.ceph.com/issues/53784

I don't think the Fixes tag is appropriate here.  Linking librbd
ticket is fine but this patch doesn't really fix anything.

> Cc: qemu-sta...@nongnu.org
> Signed-off-by: Peter Lieven 
> ---
>  block/rbd.c | 17 -
>  1 file changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/block/rbd.c b/block/rbd.c
> index 5e9dc91d81..260cb9f4b4 100644
> --- a/block/rbd.c
> +++ b/block/rbd.c
> @@ -1333,6 +1333,7 @@ static int coroutine_fn 
> qemu_rbd_co_block_status(BlockDriverState *bs,
>  int status, r;
>  RBDDiffIterateReq req = { .offs = offset };
>  uint64_t features, flags;
> +int64_t head;
>
>  assert(offset + bytes <= s->image_size);
>
> @@ -1360,6 +1361,19 @@ static int coroutine_fn 
> qemu_rbd_co_block_status(BlockDriverState *bs,
>  return status;
>  }
>
> +/*
> + * librbd had a bug until early 2022 that affected all versions of ceph 
> that
> + * supported fast-diff. This bug results in reporting of incorrect 
> offsets
> + * if the offset parameter to rbd_diff_iterate2 is not object aligned.
> + * Work around this bug by rounding down the offset to object boundaries.
> + *
> + * See: https://tracker.ceph.com/issues/53784
> + */
> +head = offset & (s->object_size - 1);
> +offset -= head;
> +req.offs -= head;
> +bytes += head;

So it looks like the intention is to have more or less a permanent
workaround since all librbd versions are affected, right?  For that,
I think we would need to also reject custom striping patterns and
clones.  For the above to be reliable, the image has to be standalone
and have a default striping pattern (stripe_unit == object_size &&
stripe_count == 1).  Otherwise, behave as if fast-diff is disabled or
invalid.

> +

Nit: I'd replace { .offs = offset } initialization at the top with {}
and assign to req.offs here, right before calling rbd_diff_iterate2().

>  r = rbd_diff_iterate2(s->image, NULL, offset, bytes, true, true,
>qemu_rbd_diff_iterate_cb, &req);
>  if (r < 0 && r != QEMU_RBD_EXIT_DIFF_ITERATE2) {
> @@ -1379,7 +1393,8 @@ static int coroutine_fn 
> qemu_rbd_co_block_status(BlockDriverState *bs,
>  status = BDRV_BLOCK_ZERO | BDRV_BLOCK_OFFSET_VALID;
>  }
>
> -*pnum = req.bytes;
> +assert(req.bytes > head);

I'd expand the workaround comment with an explanation of why it's OK
to round down the offset -- because rbd_diff_iterate2() is called with
whole_object=true.  If that wasn't the case, on top of inconsistent
results for different offsets within an object, this assert could be
triggered.

Thanks,

Ilya

Re: [RFC qemu.qmp PATCH 17/24] Makefile: add build and publish targets

[Daniel P . Berrangé]

On Tue, Jan 11, 2022 at 02:48:55PM -0500, John Snow wrote:
> On Fri, Dec 17, 2021 at 8:46 AM Daniel P. Berrangé 
> wrote:
> 
> > On Thu, Dec 16, 2021 at 06:35:23PM -0500, John Snow wrote:
> > > On Thu, Dec 16, 2021 at 5:48 AM Daniel P. Berrangé 
> > > wrote:
> > >
> > > > On Wed, Dec 15, 2021 at 04:06:27PM -0500, John Snow wrote:
> > > > > Signed-off-by: John Snow 
> > > > > ---
> > > > >  Makefile | 32 
> > > > >  1 file changed, 32 insertions(+)
> > > > >
> > > > > diff --git a/Makefile b/Makefile
> > > > > index 97d737a..81bfca8 100644
> > > > > --- a/Makefile
> > > > > +++ b/Makefile
> > > > > @@ -110,3 +110,35 @@ distclean: clean
> > > > >   rm -f .coverage .coverage.*
> > > > >   rm -rf htmlcov/
> > > > >   rm -rf test-results/
> > > > > +
> > > > > +.PHONY: pristine
> > > > > +pristine:
> > > > > + @git diff-files --quiet --ignore-submodules -- || \
> > > > > + (echo "You have unstaged changes."; exit 1)
> > > > > + @git diff-index --cached --quiet HEAD --ignore-submodules --
> > || \
> > > > > + (echo "Your index contains uncommitted changes."; exit
> > 1)
> > > > > + @[ -z "$(shell git ls-files -o)" ] || \
> > > > > + (echo "You have untracked files: $(shell git ls-files
> > > > -o)"; exit 1)
> > > > > +
> > > > > +dist: setup.cfg setup.py Makefile README.rst
> > > > > + python3 -m build
> > > > > + @touch dist
> > > > > +
> > > > > +.PHONY: pre-publish
> > > > > +pre-publish: pristine dist
> > > > > + @git describe --exact-match 2>/dev/null || \
> > > > > + (echo -e "\033[0;31mThere is no annotated tag for this
> > > > commit.\033[0m"; exit 1)
> > > > > + python3 -m twine check --strict dist/*
> > > > > + git push -v --atomic --follow-tags --dry-run
> > > > > +
> > > > > +.PHONY: publish
> > > > > +publish: pre-publish
> > > > > + # Set the username via TWINE_USERNAME.
> > > > > + # Set the password via TWINE_PASSWORD.
> > > > > + # Set the pkg repository via TWINE_REPOSITORY.
> > > > > + python3 -m twine upload --verbose dist/*
> > > > > + git push -v --atomic --follow-tags
> > > > > +
> > > > > +.PHONY: publish-test
> > > > > +publish-test: pre-publish
> > > > > + python3 -m twine upload --verbose -r testpypi dist/*
> > > >
> > > > It doesn't feel very pythonic to have a makefile in the project.
> > > >
> > > > If we want some helpers for publishing releases, I would have
> > > > expected to see a python script  eg scripts/publish.py
> > > >
> > > >
> > > Eh, Python folks use Makefiles too. I've been using these little Makefile
> > > targets for hobby things for a while and I had them laying around and
> > ready
> > > to go. I have no strong need to "upgrade" to python scripts for these
> > right
> > > now, unless there's some extra features you want to see.
> >
> > Using make means you have to worry about portability across different
> > impls of make and different impls of shell. Using python means your
> > python project is portable to anywhere that python runs.
> 
> 
> I still like the idea of using a Makefile as a "canonical menu of things
> you can do in this directory", but there's probably room for interactive
> error checking and so on with the TWINE_USERNAME / TWINE_PASSWORD /
> TWINE_REPOSITORY environment variables in a python script. I'll look into
> it as a follow-up, if that's fine. (I'm worried it's a lot of polish and
> effort on a maintainers-only interface that only I will likely use for at
> least the next year or two.)
> 
> Ultimately, what's likely to happen here is that I will generate some oauth
> tokens with publish permissions and a hypothetical user would set e.g.
> TWINE_USERNAME to "__token__", and the password would be
> "pypi-tokengoeshere". Using the "keyring" python package, we could attempt
> to fetch stored values from a session keyring, falling back to an
> interactive prompt if they're unset.

FWIW, don't consider this original comment of mine to be a technical
blocker, rather it is more of a conceptual observation.  If you don't
think it matters, I won't mind.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH] sgx: Move sgx object from /machine/unattached to /machine

[Daniel P . Berrangé]

On Wed, Jan 12, 2022 at 11:55:17AM -0500, Yang Zhong wrote:
> When Libvirt start, it get the vcpu's unavailable-features from
> /machine/unattached/device[0] path by qom-get command, but in SGX
> guest, since the sgx-epc virtual device is initialized before VCPU
> creation(virtual sgx need set the virtual EPC info in the cpuid). This
> /machine/unattached/device[0] is occupied by sgx-epc device, which
> fail to get the unvailable-features from /machine/unattached/device[0].

If libvirt decides to enable SGX in a VM, then surely it knows
that it should just query /machine/unattached/device[1] to get
the CPU features instead. Why do we need to do anything in QEMU ?

> 
> This patch make one new /machine/sgx object to avoid this issue.
> (qemu) qom-list /machine/unattached/
> device[0] (child)
> 
> (qemu) qom-list /machine/sgx
> device[0] (child)
> 
> Signed-off-by: Yang Zhong 
> ---
>  hw/core/qdev.c | 12 ++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/core/qdev.c b/hw/core/qdev.c
> index 84f3019440..4154eef0d8 100644
> --- a/hw/core/qdev.c
> +++ b/hw/core/qdev.c
> @@ -497,7 +497,7 @@ static void device_set_realized(Object *obj, bool value, 
> Error **errp)
>  NamedClockList *ncl;
>  Error *local_err = NULL;
>  bool unattached_parent = false;
> -static int unattached_count;
> +static int unattached_count, sgx_count;
>  
>  if (dev->hotplugged && !dc->hotpluggable) {
>  error_setg(errp, QERR_DEVICE_NO_HOTPLUG, object_get_typename(obj));
> @@ -509,7 +509,15 @@ static void device_set_realized(Object *obj, bool value, 
> Error **errp)
>  goto fail;
>  }
>  
> -if (!obj->parent) {
> +if (!obj->parent && !strcmp(object_get_typename(obj), "sgx-epc")) {
> +gchar *name = g_strdup_printf("device[%d]", sgx_count++);
> +
> +object_property_add_child(container_get(qdev_get_machine(),
> +"/sgx"),
> +  name, obj);
> +unattached_parent = true;
> +g_free(name);

The qdev.c file is part of our generic object code. It should not
contain any code that is tied to very specific object types like
this.

> +} else if (!obj->parent) {
>  gchar *name = g_strdup_printf("device[%d]", unattached_count++);
>  
>  object_property_add_child(container_get(qdev_get_machine(),

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH] sgx: Move sgx object from /machine/unattached to /machine

[Peter Maydell]

On Wed, 12 Jan 2022 at 10:14, Daniel P. Berrangé  wrote:
>
> On Wed, Jan 12, 2022 at 11:55:17AM -0500, Yang Zhong wrote:
> > When Libvirt start, it get the vcpu's unavailable-features from
> > /machine/unattached/device[0] path by qom-get command, but in SGX
> > guest, since the sgx-epc virtual device is initialized before VCPU
> > creation(virtual sgx need set the virtual EPC info in the cpuid). This
> > /machine/unattached/device[0] is occupied by sgx-epc device, which
> > fail to get the unvailable-features from /machine/unattached/device[0].
>
> If libvirt decides to enable SGX in a VM, then surely it knows
> that it should just query /machine/unattached/device[1] to get
> the CPU features instead. Why do we need to do anything in QEMU ?

libvirt having to know it needs to look at /machine/unattached/device[n]
for anything is a bit fragile, really... it's effectively encoding
knowledge about what order things happen to get created inside QEMU.

-- PMM

Re: [PATCH v14 02/26] target/loongarch: Add core definition

[gaosong]

Hi,

On 2022/1/12 下午5:28, gaosong wrote:

+    data = FIELD_DP32(data, CPUCFG16, L3_IUUNIFY, 1);
+    data = FIELD_DP32(data, CPUCFG16, L3_IUINCL, 1);
+    env->cpucfg[16] = data;
+
+    data = 0;
+    data = FIELD_DP32(data, CPUCFG17, L1IU_WAYS, 0x8003);


This seems out-of-place, according to the manual this field is Way-1 
for the L1I cache, so you have 0x8004=32772 ways in this cache?


Same for all similar constructions below.


I have time to reply to your comment now.
As in the previous comments, I don't remember which one,these values should be 
the same as the values of the physical environment. I dumped 'CPUCFG17' value 
again,
the value is no problem. Maybe you didn't think about dumping these values when 
you commented. The value of  'L11U_SIZE' is dumped to be 0. and cpucfg[i] has 
been
initialized to 0 before. There is no need to set it again.


Not quite right,  cpucfg[17] is '0x6083', I missed a '0',  I don't know 
from which version it's wrong
Thank you very much,  if I hadn't dumped the value today, I wouldn't have 
realized the wrong.


Thanks
Song

Re: [PATCH v3 0/2] block-backend: prevent dangling BDS pointers across aio_poll()

[Kevin Wolf]

Am 11.01.2022 um 16:36 hat Stefan Hajnoczi geschrieben:
> This series fixes use-after-free bugs when blk->root changes across 
> aio_poll().
> For example, a temporary filter node can be removed by a blockjob when a
> drained section begins. If the caller doesn't hold a ref on the BDS then it
> will have been freed.
> 
> Hanna Reitz (1):
>   iotests/stream-error-on-reset: New test
> 
> Stefan Hajnoczi (1):
>   block-backend: prevent dangling BDS pointers across aio_poll()

Thanks, applied to the block branch.

Kevin

Re: [PATCH] sgx: Move sgx object from /machine/unattached to /machine

[Daniel P . Berrangé]

On Wed, Jan 12, 2022 at 10:16:33AM +, Peter Maydell wrote:
> On Wed, 12 Jan 2022 at 10:14, Daniel P. Berrangé  wrote:
> >
> > On Wed, Jan 12, 2022 at 11:55:17AM -0500, Yang Zhong wrote:
> > > When Libvirt start, it get the vcpu's unavailable-features from
> > > /machine/unattached/device[0] path by qom-get command, but in SGX
> > > guest, since the sgx-epc virtual device is initialized before VCPU
> > > creation(virtual sgx need set the virtual EPC info in the cpuid). This
> > > /machine/unattached/device[0] is occupied by sgx-epc device, which
> > > fail to get the unvailable-features from /machine/unattached/device[0].
> >
> > If libvirt decides to enable SGX in a VM, then surely it knows
> > that it should just query /machine/unattached/device[1] to get
> > the CPU features instead. Why do we need to do anything in QEMU ?
> 
> libvirt having to know it needs to look at /machine/unattached/device[n]
> for anything is a bit fragile, really... it's effectively encoding
> knowledge about what order things happen to get created inside QEMU.

So how do CPUs and other devices end up being under /unattached/ ?
Can we ensure that *all* QEMU devices have a well defined attachment
point ?

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[PATCH] migration: Add canary to VMSTATE_END_OF_LIST

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

We fairly regularly forget VMSTATE_END_OF_LIST markers off descriptions;
given that the current check is only for ->name being NULL, sometimes
we get unlucky and the code apparently works and no one spots the error.

Explicitly add a flag, VMS_END that should be set, and assert it is
set during the traversal.

Note: This can't go in until we update the copy of vmstate.h in slirp.

Suggested-by: Peter Maydell 
Signed-off-by: Dr. David Alan Gilbert 
---
 include/migration/vmstate.h | 7 ++-
 migration/vmstate.c | 2 ++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 017c03675c..b50708e57a 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -147,6 +147,9 @@ enum VMStateFlags {
  * VMStateField.struct_version_id to tell which version of the
  * structure we are referencing to use. */
 VMS_VSTRUCT   = 0x8000,
+
+/* Marker for end of list */
+VMS_END = 0x1
 };
 
 typedef enum {
@@ -1163,7 +1166,9 @@ extern const VMStateInfo vmstate_info_qlist;
 VMSTATE_UNUSED_BUFFER(_test, 0, _size)
 
 #define VMSTATE_END_OF_LIST() \
-{}
+{ \
+.flags = VMS_END, \
+}
 
 int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd,
void *opaque, int version_id);
diff --git a/migration/vmstate.c b/migration/vmstate.c
index 05f87cdddc..181ba08c7d 100644
--- a/migration/vmstate.c
+++ b/migration/vmstate.c
@@ -160,6 +160,7 @@ int vmstate_load_state(QEMUFile *f, const 
VMStateDescription *vmsd,
 }
 field++;
 }
+assert(field->flags == VMS_END);
 ret = vmstate_subsection_load(f, vmsd, opaque);
 if (ret != 0) {
 return ret;
@@ -413,6 +414,7 @@ int vmstate_save_state_v(QEMUFile *f, const 
VMStateDescription *vmsd,
 }
 field++;
 }
+assert(field->flags == VMS_END);
 
 if (vmdesc) {
 json_writer_end_array(vmdesc);
-- 
2.34.1

Re: [PATCH RFC v2] MAINTAINERS: split out s390x sections

[Cornelia Huck]

On Wed, Jan 05 2022, Eric Farman  wrote:

> On Wed, 2021-12-22 at 11:55 +0100, Cornelia Huck wrote:
>> Split out some more specialized devices etc., so that we can build
>> smarter lists of people to be put on cc: in the future.
>> 
>> Reviewed-by: Philippe Mathieu-Daudé 
>> Acked-by: David Hildenbrand 
>> Acked-by: Christian Borntraeger 
>> Acked-by: Thomas Huth 
>> Acked-by: Halil Pasic 
>> Signed-off-by: Cornelia Huck 
>
> (Late to the party, Happy New Year!) I like the rearrangement:

Happy new year :)

>
> Acked-by: Eric Farman 
>
> Of course, you also said in v1:
>
> """
> - The new sections have inherited the maintainers of the sections
>   they have been split out of (except where people had already
>   volunteered). That's easy to change, obviously, and I hope that
>   the cc: list already contains people who might have interest in
>   volunteering for some sections.
> """
>
> As someone on cc, I could volunteer to help with these sections:
>
> S390 Machines
> -
> S390 Virtio-ccw
> S390 channel subsystem
>
> Devices
> ---
> virtio-ccw

Thanks!

Do you want to do a patch on top, or should I do a v3? (A separate patch
is probably better.)

Re: [PATCH] migration: Add canary to VMSTATE_END_OF_LIST

[Peter Maydell]

On Wed, 12 Jan 2022 at 10:24, Dr. David Alan Gilbert (git)
 wrote:
>
> From: "Dr. David Alan Gilbert" 
>
> We fairly regularly forget VMSTATE_END_OF_LIST markers off descriptions;
> given that the current check is only for ->name being NULL, sometimes
> we get unlucky and the code apparently works and no one spots the error.
>
> Explicitly add a flag, VMS_END that should be set, and assert it is
> set during the traversal.

Does 'make check' definitely do the traversal for all vmstate
structs, or do we need to add a "sanity check them all on startup"
bit of test code ?

thanks
-- PMM

Re: [PATCH v14 02/26] target/loongarch: Add core definition

[WANG Xuerui]

Hi,

On 2022/1/12 18:17, gaosong wrote:
>
> Hi,
>
> On 2022/1/12 下午5:28, gaosong wrote:
 +    data = FIELD_DP32(data, CPUCFG16, L3_IUUNIFY, 1);
 +    data = FIELD_DP32(data, CPUCFG16, L3_IUINCL, 1);
 +    env->cpucfg[16] = data;
 +
 +    data = 0;
 +    data = FIELD_DP32(data, CPUCFG17, L1IU_WAYS, 0x8003);
>>>
>>> This seems out-of-place, according to the manual this field is Way-1
>>> for the L1I cache, so you have 0x8004=32772 ways in this cache?
>>>
>>> Same for all similar constructions below.
>>>
>> I have time to reply to your comment now.
>> As in the previous comments, I don't remember which one,these values should 
>> be the same as the values of the physical environment. I dumped 'CPUCFG17' 
>> value again,
>> the value is no problem. Maybe you didn't think about dumping these values 
>> when you commented. The value of  'L11U_SIZE' is dumped to be 0. and 
>> cpucfg[i] has been 
>> initialized to 0 before. There is no need to set it again.
> Not quite right,  cpucfg[17] is '0x6083', I missed a '0',  I don't know 
> from which version it's wrong
> Thank you very much,  if I hadn't dumped the value today, I wouldn't have 
> realized the wrong.  

Still not quite right; maybe you made a typo there as the value is
`0x06080003` (the fields are all whole bytes/shorts, so very easy to
recognize).

I used the following snippet to get real values from the 3A5000 system:

#include 

int cpucfg(const int sel)
{
    int ret;
    __asm__ __volatile__("cpucfg %0, %1" : "=r"(ret) : "r"(sel));
    return ret;
}

int main(void)
{
    int i;
    int c;
    for (i = 0; i < 64; i++) {
    c = cpucfg(i);
    if (!c) {
    continue;
    }
    printf("CPUCFG.0x%-2x = 0x%08x\n", i, c);
    }

    return 0;
}

And I got the following output so we can cross-check:

CPUCFG.0x0  = 0x0014c010
CPUCFG.0x1  = 0x03f2f2fe
CPUCFG.0x2  = 0x007ccfc7
CPUCFG.0x3  = 0xfcff
CPUCFG.0x4  = 0x05f5e100
CPUCFG.0x5  = 0x00010001
CPUCFG.0x6  = 0x7f33
CPUCFG.0x10 = 0x2c3d
CPUCFG.0x11 = 0x06080003
CPUCFG.0x12 = 0x06080003
CPUCFG.0x13 = 0x0608000f
CPUCFG.0x14 = 0x060e000f
CPUCFG.0x30 = 0x000e

Obviously the 0x30 leaf is undocumented, but not implementing it
shouldn't matter either, as userspace has no way to make use of that
when people aren't even aware of its existence. The other fields are of
course to be checked to only leave the implemented bits set in the QEMU
implementation.

Hope that helps!

Re: [PATCH] iotests/308: Fix for CAP_DAC_OVERRIDE

[Kevin Wolf]

Am 03.01.2022 um 13:00 hat Hanna Reitz geschrieben:
> With CAP_DAC_OVERRIDE (which e.g. root generally has), permission checks
> will be bypassed when opening files.
> 
> 308 in one instance tries to open a read-only file (FUSE export) with
> qemu-io as read/write, and expects this to fail.  However, when running
> it as root, opening will succeed (thanks to CAP_DAC_OVERRIDE) and only
> the actual write operation will fail.
> 
> Note this as "Case not run", but have the test pass in either case.
> 
> Reported-by: Vladimir Sementsov-Ogievskiy 
> Fixes: 2c7dd057aa7bd7a875e9b1a53975c220d6380bc4
>("export/fuse: Pass default_permissions for mount")
> Signed-off-by: Hanna Reitz 

Thanks, applied to the block branch.

Kevin

Re: [RFC] virtio_pmem: enable live migration support

[David Hildenbrand]

On 31.12.21 13:01, Pankaj Gupta wrote:
> From: Pankaj Gupta >
> 
> Enable live migration support for virtio-pmem device.
> Tested this: with live migration on same host.
> 
> Need suggestion on below points to support virtio-pmem live migration
> between two separate host systems:

I assume emulated NVDIMMs would have the exact same issue, right?

There are two cases to consider I think:

1) Backing storage is migrated manually to the destination (i.e., a file
that is copied/moved/transmitted during migration)

2) Backing storage is located on a shared network storage (i.e., a file
that is not copied during migration)

IIRC you're concerned about 2).

> 
> - There is still possibility of stale page cache page at the
>   destination host which we cannot invalidate currently as done in 1]
>   for write-back mode because virtio-pmem memory backend file is mmaped
>   in guest address space and invalidating corresponding page cache pages
>   would also fault all the other userspace process mappings on the same file.
>   Or we make it strict no other process would mmap this backing file?

I'd have assume that a simple fsync on the src once migration is about
to switch over (e.g., pre_save/post_save handler) should be enough to
trigger writeback to the backing storage, at which point the dst can
take over. So handling the src is easy.

So is the issue that the dst might still have stale pagecache
information, because it already accessed some of that file previously,
correct?

> 
>   -- In commit 1] we first fsync and then invalidate all the pages from 
> destination
>  page cache. fsync would sync the stale dirty page cache page, Is this 
> the right
>  thing to do as we might end up in data discrepency?

It would be weird if

a) The src used/modified the file and fsync'ed the modifications back to
   backing storage
b) The dst has stale dirty pagecache pages that would result in a
   modification of backing storage during fsync()

I mean, that would be fundamentally broken, because the fsync() would
corrupt the file. So I assume in a sane environment, the dst could only
have stale clean pagecache pages. And we'd have to get rid of these to
re-read everything from file.

IIRC, an existing mmap of the file on the dst should not really be
problematic *as long as* we didn't actually access file content that way
and faulted in the pages. So *maybe*, if we do the POSIX_FADV_DONTNEED
on the dst before accessing file content via the mmap, there shouldn't
be an issue. Unless the mmap itself is already problematic.

I think we can assume that once QEMU starts on the dst and wants to mmap
the file that it's not mapped into any other process yet. vhost-user
will only mmap *after* being told from QEMU about the mmap region and
the location in GPA.

So if the existing QEMU mmap is not problematic, it should be easy, just
do the POSIX_FADV_DONTNEED on the destination when initializing
virtio-pmem. If we have to POSIX_FADV_DONTNEED *before* performing the
mmap, we might need a way to tell QEMU to POSIX_FADV_DONTNEED before
doing the mmap. The could be a parameter for memory-backend-file like
"flush=on", or doing that implicitly when we're told that we expect an
incoming migration.

-- 
Thanks,

David / dhildenb

Re: [PATCH] migration: Add canary to VMSTATE_END_OF_LIST

[Dr. David Alan Gilbert]

* Peter Maydell (peter.mayd...@linaro.org) wrote:
> On Wed, 12 Jan 2022 at 10:24, Dr. David Alan Gilbert (git)
>  wrote:
> >
> > From: "Dr. David Alan Gilbert" 
> >
> > We fairly regularly forget VMSTATE_END_OF_LIST markers off descriptions;
> > given that the current check is only for ->name being NULL, sometimes
> > we get unlucky and the code apparently works and no one spots the error.
> >
> > Explicitly add a flag, VMS_END that should be set, and assert it is
> > set during the traversal.
> 
> Does 'make check' definitely do the traversal for all vmstate
> structs, or do we need to add a "sanity check them all on startup"
> bit of test code ?

Oh I doubt it does; some vmsd's are conditional on guest state, many are
only on particular machine types.

I think the closest we have to being able to walk the tree, is
--dump-vmstate - although you need to call that for each machine type.
(I forgot to add the canary check in the dump-vmstate code, I'll fix
that).

Dave

> thanks
> -- PMM
> 
-- 
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [PATCH v2 1/4] jobs: drop qmp_ trace points

[Stefan Hajnoczi]

On Tue, Jan 11, 2022 at 06:44:58PM -0500, John Snow wrote:
> On Mon, Jan 10, 2022 at 11:06 AM Stefan Hajnoczi  wrote:
> >
> > On Thu, Dec 23, 2021 at 12:07:53PM +0100, Vladimir Sementsov-Ogievskiy 
> > wrote:
> > > diff --git a/block/trace-events b/block/trace-events
> > > index 549090d453..5be3e3913b 100644
> > > --- a/block/trace-events
> > > +++ b/block/trace-events
> > > @@ -49,15 +49,6 @@ block_copy_read_fail(void *bcs, int64_t start, int 
> > > ret) "bcs %p start %"PRId64"
> > >  block_copy_write_fail(void *bcs, int64_t start, int ret) "bcs %p start 
> > > %"PRId64" ret %d"
> > >  block_copy_write_zeroes_fail(void *bcs, int64_t start, int ret) "bcs %p 
> > > start %"PRId64" ret %d"
> > >
> > > -# ../blockdev.c
> > > -qmp_block_job_cancel(void *job) "job %p"
> > > -qmp_block_job_pause(void *job) "job %p"
> > > -qmp_block_job_resume(void *job) "job %p"
> > > -qmp_block_job_complete(void *job) "job %p"
> > > -qmp_block_job_finalize(void *job) "job %p"
> > > -qmp_block_job_dismiss(void *job) "job %p"
> > > -qmp_block_stream(void *bs) "bs %p"
> > > -
> > >  # file-win32.c
> > >  file_paio_submit(void *acb, void *opaque, int64_t offset, int count, int 
> > > type) "acb %p opaque %p offset %"PRId64" count %d type %d"
> > >
> > > diff --git a/trace-events b/trace-events
> > > index a637a61eba..1265f1e0cc 100644
> > > --- a/trace-events
> > > +++ b/trace-events
> > > @@ -79,14 +79,6 @@ job_state_transition(void *job,  int ret, const char 
> > > *legal, const char *s0, con
> > >  job_apply_verb(void *job, const char *state, const char *verb, const 
> > > char *legal) "job %p in state %s; applying verb %s (%s)"
> > >  job_completed(void *job, int ret) "job %p ret %d"
> > >
> > > -# job-qmp.c
> > > -qmp_job_cancel(void *job) "job %p"
> > > -qmp_job_pause(void *job) "job %p"
> > > -qmp_job_resume(void *job) "job %p"
> > > -qmp_job_complete(void *job) "job %p"
> > > -qmp_job_finalize(void *job) "job %p"
> > > -qmp_job_dismiss(void *job) "job %p"
> >
> > The job pointer argument will be lost. That's not ideal but probably
> > worth getting trace events for all QMP commands.
> >
> > Stefan
> 
> We could move the six job-related tracepoints into the implementation
> routines instead; i.e. job_user_cancel, job_user_pause, etc. This
> would cover all 12 QMP interface tracepoints, and that'd let us keep
> the "implementation" trace points.

Good idea. Having the job pointer might be handy so it's worth
preserving these trace events.

Stefan


signature.asc
Description: PGP signature

Re: [PATCH v2 2/4] scripts/qapi/commands: gen_commands(): add add_trace_points argument

[Stefan Hajnoczi]

On Tue, Jan 11, 2022 at 07:32:52PM -0500, John Snow wrote:
> On Tue, Jan 11, 2022 at 6:53 PM John Snow  wrote:
> >
> > On Thu, Dec 23, 2021 at 6:08 AM Vladimir Sementsov-Ogievskiy
> >  wrote:
> > >
> > > Add possibility to generate trace points for each qmp command.
> > >
> > > We should generate both trace points and trace-events file, for further
> > > trace point code generation.
> > >
> > > Signed-off-by: Vladimir Sementsov-Ogievskiy 
> > > ---
> > >  scripts/qapi/commands.py | 84 ++--
> > >  1 file changed, 73 insertions(+), 11 deletions(-)
> > >
> > > diff --git a/scripts/qapi/commands.py b/scripts/qapi/commands.py
> > > index 21001bbd6b..9691c11f96 100644
> > > --- a/scripts/qapi/commands.py
> > > +++ b/scripts/qapi/commands.py
> > > @@ -53,7 +53,8 @@ def gen_command_decl(name: str,
> > >  def gen_call(name: str,
> > >   arg_type: Optional[QAPISchemaObjectType],
> > >   boxed: bool,
> > > - ret_type: Optional[QAPISchemaType]) -> str:
> > > + ret_type: Optional[QAPISchemaType],
> > > + add_trace_points: bool) -> str:
> > >  ret = ''
> > >
> > >  argstr = ''
> > > @@ -71,21 +72,65 @@ def gen_call(name: str,
> > >  if ret_type:
> > >  lhs = 'retval = '
> > >
> > > -ret = mcgen('''
> > > +qmp_name = f'qmp_{c_name(name)}'
> > > +upper = qmp_name.upper()
> > > +
> > > +if add_trace_points:
> > > +ret += mcgen('''
> > > +
> > > +if (trace_event_get_state_backends(TRACE_%(upper)s)) {
> > > +g_autoptr(GString) req_json = qobject_to_json(QOBJECT(args));
> > > +trace_%(qmp_name)s("", req_json->str);
> > > +}
> > > +''',
> > > + upper=upper, qmp_name=qmp_name)
> > > +
> > > +ret += mcgen('''
> > >
> > >  %(lhs)sqmp_%(c_name)s(%(args)s&err);
> > > -error_propagate(errp, err);
> > >  ''',
> > >  c_name=c_name(name), args=argstr, lhs=lhs)
> > > -if ret_type:
> > > -ret += mcgen('''
> > > +
> > > +ret += mcgen('''
> > >  if (err) {
> > > +''')
> > > +
> > > +if add_trace_points:
> > > +ret += mcgen('''
> > > +trace_%(qmp_name)s("FAIL: ", error_get_pretty(err));
> > > +''',
> > > + qmp_name=qmp_name)
> > > +
> > > +ret += mcgen('''
> > > +error_propagate(errp, err);
> > >  goto out;
> > >  }
> > > +''')
> > > +
> > > +if ret_type:
> > > +ret += mcgen('''
> > >
> > >  qmp_marshal_output_%(c_name)s(retval, ret, errp);
> > >  ''',
> > >   c_name=ret_type.c_name())
> > > +
> > > +if add_trace_points:
> > > +if ret_type:
> > > +ret += mcgen('''
> > > +
> > > +if (trace_event_get_state_backends(TRACE_%(upper)s)) {
> > > +g_autoptr(GString) ret_json = qobject_to_json(*ret);
> > > +trace_%(qmp_name)s("RET:", ret_json->str);
> > > +}
> > > +''',
> > > + upper=upper, qmp_name=qmp_name)
> > > +else:
> > > +ret += mcgen('''
> > > +
> > > +trace_%(qmp_name)s("SUCCESS", "");
> > > +''',
> > > + qmp_name=qmp_name)
> > > +
> > >  return ret
> > >
> > >
> > > @@ -122,10 +167,14 @@ def gen_marshal_decl(name: str) -> str:
> > >   proto=build_marshal_proto(name))
> > >
> > >
> > > +def gen_trace(name: str) -> str:
> > > +return f'qmp_{c_name(name)}(const char *tag, const char *json) 
> > > "%s%s"\n'
> > > +
> > >  def gen_marshal(name: str,
> > >  arg_type: Optional[QAPISchemaObjectType],
> > >  boxed: bool,
> > > -ret_type: Optional[QAPISchemaType]) -> str:
> > > +ret_type: Optional[QAPISchemaType],
> > > +add_trace_points: bool) -> str:
> > >  have_args = boxed or (arg_type and not arg_type.is_empty())
> > >  if have_args:
> > >  assert arg_type is not None
> > > @@ -180,7 +229,7 @@ def gen_marshal(name: str,
> > >  }
> > >  ''')
> > >
> > > -ret += gen_call(name, arg_type, boxed, ret_type)
> > > +ret += gen_call(name, arg_type, boxed, ret_type, add_trace_points)
> > >
> > >  ret += mcgen('''
> > >
> > > @@ -238,11 +287,12 @@ def gen_register_command(name: str,
> > >
> > >
> > >  class QAPISchemaGenCommandVisitor(QAPISchemaModularCVisitor):
> > > -def __init__(self, prefix: str):
> > > +def __init__(self, prefix: str, add_trace_points: bool):
> > >  super().__init__(
> > >  prefix, 'qapi-commands',
> > >  ' * Schema-defined QAPI/QMP commands', None, __doc__)
> > >  self._visited_ret_types: Dict[QAPIGenC, Set[QAPISchemaType]] = {}
> > > +self.add_trace_points = add_trace_points
> > >
> > >  def _begin_user_module(self, name: str) -> None:
> > >  self._visited_ret_types[self._genc] = set()
> > > @@ -261,6 +311,15 @@ def _begin_user_module(self, name: str) -> None:
> > >
> > >  ''',
> 

Re: [PATCH] migration: Add canary to VMSTATE_END_OF_LIST

[Peter Maydell]

On Wed, 12 Jan 2022 at 10:42, Dr. David Alan Gilbert
 wrote:
>
> * Peter Maydell (peter.mayd...@linaro.org) wrote:
> > Does 'make check' definitely do the traversal for all vmstate
> > structs, or do we need to add a "sanity check them all on startup"
> > bit of test code ?
>
> Oh I doubt it does; some vmsd's are conditional on guest state, many are
> only on particular machine types.
>
> I think the closest we have to being able to walk the tree, is
> --dump-vmstate - although you need to call that for each machine type.
> (I forgot to add the canary check in the dump-vmstate code, I'll fix
> that).

We could have vmstate_register_with_alias_id() iterate through
and assert presence of the right terminator (probably only if
qtest enabled, or some other suitable condition). Then the
existing tests that do the basic "check we can instantiate every
device and initialize every board model" would run that code
and catch most missing terminator cases, I think.

-- PMM

Re: PyPI account

[Stefan Hajnoczi]

[Context: John created a PyPI QEMU user in order to publish the qemu.qmp
package. If anyone wants to publish additional Python packages from
qemu.git, please contact him for PyPI access.]

On Tue, Jan 11, 2022 at 03:42:23PM -0500, John Snow wrote:
> Account made: https://pypi.org/user/QEMU/
> 
> I can't update the wiki, I lack admin perms to edit
> https://wiki.qemu.org/AdminContacts
> 
> I assume in the event that I fall into a black hole or get launched
> out of a cannon into the sun, any mails sent to js...@redhat.com can
> be recovered by Red Hat in general, so there's a sufficient recourse
> for recovering the account in that circumstance.

Thanks, I have added the PyPI QEMU user and added you as the admin
contact:
https://wiki.qemu.org/AdminContacts#Other_resources

Stefan


signature.asc
Description: PGP signature

Re: [PATCH v3 0/2] Aspeed I3C device model

[Graeme Gregory]

On Tue, Jan 11, 2022 at 04:45:44PM +0800, Troy Lee wrote:
> This series of patch introduce a dummy implemenation of aspeed i3c
> model, and it provide just enough information for guest machine.
> However, the driver probing is still failed, but it will not cause
> kernel panic.
> 

These patches arrived just in time for our i3c testing. This stops
our CI halting due to kernel panic on i3c probing.

Reviewed-by: Graeme Gregory 
Tested-by: Graeme Gregory 

> v3:
> - Remove unused AspeedI3CClass
> - Refine memory region
> - Refine register reset
> - Remove unrelated changes to SPI2 address
> - Remove i3c controller irq line
> 
> v2:
> - Split i3c model into i3c and i3c_device
> - Create 6x i3c devices
> - Using register fields macro
> - Rebase to mainline QEMU
> 
> Troy Lee (2):
>   Introduce a dummy AST2600 I3C model.
>   This patch includes i3c instance in ast2600 soc.
> 
>  hw/arm/aspeed_ast2600.c  |  16 ++
>  hw/misc/aspeed_i3c.c | 381 +++
>  hw/misc/meson.build  |   1 +
>  hw/misc/trace-events |   6 +
>  include/hw/arm/aspeed_soc.h  |   3 +
>  include/hw/misc/aspeed_i3c.h |  48 +
>  6 files changed, 455 insertions(+)
>  create mode 100644 hw/misc/aspeed_i3c.c
>  create mode 100644 include/hw/misc/aspeed_i3c.h
> 
> -- 
> 2.25.1
> 
> 

[PULL 08/31] tests/docker: auto-generate centos8.docker with lcitool

[Alex Bennée]

From: Daniel P. Berrangé 

This commit is best examined using the "-b" option to diff.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrangé 
Signed-off-by: Alex Bennée 
Message-Id: <20211215141949.3512719-9-berra...@redhat.com>
Message-Id: <20220105135009.1584676-9-alex.ben...@linaro.org>

diff --git a/tests/docker/dockerfiles/centos8.docker 
b/tests/docker/dockerfiles/centos8.docker
index 7f135f8e8c..3c62b62a99 100644
--- a/tests/docker/dockerfiles/centos8.docker
+++ b/tests/docker/dockerfiles/centos8.docker
@@ -1,112 +1,135 @@
-FROM docker.io/centos:8
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile centos-8 qemu
+#
+# https://gitlab.com/libvirt/libvirt-ci
 
-RUN dnf -y update
-ENV PACKAGES \
-SDL2-devel \
-alsa-lib-devel \
-bc \
-brlapi-devel \
-bzip2 \
-bzip2-devel \
-ca-certificates \
-capstone-devel \
-ccache \
-clang \
-ctags \
-cyrus-sasl-devel \
-daxctl-devel \
-dbus-daemon \
-device-mapper-multipath-devel \
-diffutils \
-findutils \
-gcc \
-gcc-c++ \
-genisoimage \
-gettext \
-git \
-glib2-devel \
-glibc-langpack-en \
-glibc-static \
-glusterfs-api-devel \
-gnutls-devel \
-gtk3-devel \
-hostname \
-jemalloc-devel \
-libaio-devel \
-libasan \
-libattr-devel \
-libbpf-devel \
-libcacard-devel \
-libcap-ng-devel \
-libcurl-devel \
-libdrm-devel \
-libepoxy-devel \
-libfdt-devel \
-libffi-devel \
-libgcrypt-devel \
-libiscsi-devel \
-libjpeg-devel \
-libnfs-devel \
-libpmem-devel \
-libpng-devel \
-librbd-devel \
-libseccomp-devel \
-libselinux-devel \
-libslirp-devel \
-libssh-devel \
-libtasn1-devel \
-libubsan \
-libudev-devel \
-libusbx-devel \
-libxml2-devel \
-libzstd-devel \
-llvm \
-lzo-devel \
-make \
-mesa-libgbm-devel \
-ncurses-devel \
-nettle-devel \
-ninja-build \
-nmap-ncat \
-numactl-devel \
-openssh-clients \
-pam-devel \
-perl \
-perl-Test-Harness \
-pixman-devel \
-pkgconfig \
-pulseaudio-libs-devel \
-python3 \
-python3-PyYAML \
-python3-numpy \
-python3-pillow \
-python3-pip \
-python3-setuptools \
-python3-sphinx \
-python3-sphinx_rtd_theme \
-python3-virtualenv \
-python3-wheel \
-rdma-core-devel \
-rpm \
-sed \
-snappy-devel \
-spice-protocol \
-spice-server-devel \
-systemd-devel \
-systemtap-sdt-devel \
-tar \
-texinfo \
-usbredir-devel \
-util-linux \
-virglrenderer-devel \
-vte291-devel \
-which \
-xfsprogs-devel \
-zlib-devel
+FROM docker.io/library/centos:8
 
-RUN dnf install -y dnf-plugins-core && \
-  dnf config-manager --set-enabled powertools && \
-  dnf install -y centos-release-advanced-virtualization && \
-  dnf install -y epel-release && \
-  dnf install -y $PACKAGES
-RUN rpm -q $PACKAGES | sort > /packages.txt
+RUN dnf update -y && \
+dnf install 'dnf-command(config-manager)' -y && \
+dnf config-manager --set-enabled -y powertools && \
+dnf install -y centos-release-advanced-virtualization && \
+dnf install -y epel-release && \
+dnf install -y \
+SDL2-devel \
+alsa-lib-devel \
+bash \
+bc \
+brlapi-devel \
+bzip2 \
+bzip2-devel \
+ca-certificates \
+capstone-devel \
+ccache \
+clang \
+ctags \
+cyrus-sasl-devel \
+daxctl-devel \
+dbus-daemon \
+device-mapper-multipath-devel \
+diffutils \
+findutils \
+gcc \
+gcc-c++ \
+genisoimage \
+gettext \
+git \
+glib2-devel \
+glib2-static \
+glibc-langpack-en \
+glibc-static \
+glusterfs-api-devel \
+gnutls-devel \
+gtk3-devel \
+hostname \
+jemalloc-devel \
+libaio-devel \
+libasan \
+libattr-devel \
+libbpf-devel \
+libcacard-devel \
+libcap-ng-devel \
+libcurl-devel \
+libdrm-devel \
+libepoxy-devel \
+libfdt-devel \
+libffi-devel \
+libgcrypt-devel \
+libiscsi-devel \
+libjpeg-devel \
+libnfs-devel \
+libpmem-devel \
+libpng-devel \
+librbd-devel \
+libseccomp-devel \
+libselinux-devel \
+libslirp-devel \
+libssh-devel \
+libtasn1-devel \
+libubsan \
+libudev-devel \
+liburing-devel \
+libusbx-devel \
+libxml2-devel \
+libzstd-devel \
+llvm \
+lttng-ust-devel \
+lzo-devel \
+make \
+mesa-libgbm-devel \
+meson \
+ncurses-devel \
+nettle-devel \
+ninja-build \
+nmap-ncat \
+numactl-devel \
+openssh-cl

[PULL 12/31] tests/docker: auto-generate opensuse-leap.docker with lcitool

[Alex Bennée]

From: Daniel P. Berrangé 

This commit is best examined using the "-b" option to diff.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrangé 
Signed-off-by: Alex Bennée 
Message-Id: <20211215141949.3512719-13-berra...@redhat.com>
Message-Id: <20220105135009.1584676-13-alex.ben...@linaro.org>

diff --git a/tests/docker/dockerfiles/opensuse-leap.docker 
b/tests/docker/dockerfiles/opensuse-leap.docker
index 3bbdb67f4f..5510bdf19c 100644
--- a/tests/docker/dockerfiles/opensuse-leap.docker
+++ b/tests/docker/dockerfiles/opensuse-leap.docker
@@ -1,114 +1,137 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile opensuse-leap-152 qemu
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
 FROM registry.opensuse.org/opensuse/leap:15.2
 
-# Please keep this list sorted alphabetically
-ENV PACKAGES \
-Mesa-devel \
-alsa-lib-devel \
-bc \
-brlapi-devel \
-bzip2 \
-ca-certificates \
-ccache \
-clang \
-ctags \
-cyrus-sasl-devel \
-dbus-1 \
-diffutils \
-findutils \
-gcc \
-gcc-c++ \
-gcovr \
-gettext-runtime \
-git \
-glib2-devel \
-glibc-locale \
-glibc-static \
-glusterfs-devel \
-gtk3-devel \
-hostname \
-jemalloc-devel \
-libSDL2-devel \
-libSDL2_image-devel \
-libaio-devel \
-libasan6 \
-libattr-devel \
-libbpf-devel \
-libbz2-devel \
-libcacard-devel \
-libcap-ng-devel \
-libcurl-devel \
-libdrm-devel \
-libepoxy-devel \
-libfdt-devel \
-libffi-devel \
-libgcrypt-devel \
-libgnutls-devel \
-libiscsi-devel \
-libjpeg8-devel \
-libndctl-devel \
-libnettle-devel \
-libnfs-devel \
-libnuma-devel \
-libpixman-1-0-devel \
-libpmem-devel \
-libpng16-devel \
-libpulse-devel \
-librbd-devel \
-libseccomp-devel \
-libselinux-devel \
-libspice-server-devel \
-libssh-devel \
-libtasn1-devel \
-libubsan1 \
-libudev-devel \
-libusb-1_0-devel \
-libxml2-devel \
-libzstd-devel \
-llvm \
-lttng-ust-devel \
-lzo-devel \
-make \
-mkisofs \
-ncat \
-ncurses-devel \
-ninja \
-openssh \
-pam-devel \
-perl-Test-Harness \
-perl-base \
-pkgconfig \
-python3-Pillow \
-python3-PyYAML \
-python3-Sphinx \
-python3-base \
-python3-numpy \
-python3-opencv \
-python3-pip \
-python3-setuptools \
-python3-sphinx_rtd_theme \
-python3-virtualenv \
-python3-wheel \
-rdma-core-devel \
-rpm \
-sed \
-snappy-devel \
-sparse \
-spice-protocol-devel \
-systemd-devel \
-systemtap-sdt-devel \
-tar \
-tesseract-ocr \
-tesseract-ocr-traineddata-english \
-texinfo \
-usbredir-devel \
-util-linux \
-virglrenderer-devel \
-vte-devel \
-which \
-xen-devel \
-xfsprogs-devel \
-zlib-devel
-ENV QEMU_CONFIGURE_OPTS --python=/usr/bin/python3.6
+RUN zypper update -y && \
+zypper install -y \
+   Mesa-devel \
+   alsa-lib-devel \
+   bash \
+   bc \
+   brlapi-devel \
+   bzip2 \
+   ca-certificates \
+   ccache \
+   clang \
+   ctags \
+   cyrus-sasl-devel \
+   dbus-1 \
+   diffutils \
+   findutils \
+   gcc \
+   gcc-c++ \
+   gcovr \
+   gettext-runtime \
+   git \
+   glib2-devel \
+   glibc-locale \
+   glibc-static \
+   glusterfs-devel \
+   gtk3-devel \
+   hostname \
+   jemalloc-devel \
+   libSDL2-devel \
+   libSDL2_image-devel \
+   libaio-devel \
+   libasan6 \
+   libattr-devel \
+   libbpf-devel \
+   libbz2-devel \
+   libcacard-devel \
+   libcap-ng-devel \
+   libcurl-devel \
+   libdrm-devel \
+   libepoxy-devel \
+   libfdt-devel \
+   libffi-devel \
+   libgcrypt-devel \
+   libgnutls-devel \
+   libiscsi-devel \
+   libjpeg8-devel \
+   libndctl-devel \
+   libnettle-devel \
+   libnfs-devel \
+   libnuma-devel \
+   libpixman-1-0-devel \
+   libpmem-devel \
+   libpng16-devel \
+   libpulse-devel \
+   librbd-devel \
+   libseccomp-devel \
+   libselinux-devel \
+   libspice-server-devel \
+   libssh-devel \
+   libtasn1-devel \
+   libubsan1 \
+   libudev-devel \
+   liburing-devel \
+   libusb-1_0-devel \
+   libxml2-devel \
+   libzstd-devel \
+   llvm \
+   lttng-ust-devel \
+   lzo-devel \
+   make \
+   mkisofs \
+   ncat \
+   ncurses-devel \
+   ninja \
+   openssh \
+   pam-devel \
+   pcre-devel-static \

[PULL 02/31] spice: Update QXLInterface for spice >= 0.15.0

[Alex Bennée]

From: John Snow 

spice updated the spelling (and arguments) of "attache_worker" in
0.15.0. Update QEMU to match, preventing -Wdeprecated-declarations
compilations from reporting build errors.

See also:
https://gitlab.freedesktop.org/spice/spice/-/commit/974692bda1e77af92b71ed43b022439448492cb9

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: John Snow 
Signed-off-by: Daniel P. Berrangé 
Signed-off-by: Alex Bennée 
Message-Id: <20211215141949.3512719-3-berra...@redhat.com>
Message-Id: <20220105135009.1584676-3-alex.ben...@linaro.org>

diff --git a/include/ui/qemu-spice.h b/include/ui/qemu-spice.h
index 71ecd6cfd1..21fe195e18 100644
--- a/include/ui/qemu-spice.h
+++ b/include/ui/qemu-spice.h
@@ -40,6 +40,12 @@ int qemu_spice_migrate_info(const char *hostname, int port, 
int tls_port,
 #define SPICE_NEEDS_SET_MM_TIME 0
 #endif
 
+#if defined(SPICE_SERVER_VERSION) && (SPICE_SERVER_VERSION >= 0x000f00)
+#define SPICE_HAS_ATTACHED_WORKER 1
+#else
+#define SPICE_HAS_ATTACHED_WORKER 0
+#endif
+
 #else  /* CONFIG_SPICE */
 
 #include "qemu/error-report.h"
diff --git a/hw/display/qxl.c b/hw/display/qxl.c
index e2d6e317da..1f9ad31943 100644
--- a/hw/display/qxl.c
+++ b/hw/display/qxl.c
@@ -517,13 +517,20 @@ static int qxl_track_command(PCIQXLDevice *qxl, struct 
QXLCommandExt *ext)
 
 /* spice display interface callbacks */
 
-static void interface_attach_worker(QXLInstance *sin, QXLWorker *qxl_worker)
+static void interface_attached_worker(QXLInstance *sin)
 {
 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
 
 trace_qxl_interface_attach_worker(qxl->id);
 }
 
+#if !(SPICE_HAS_ATTACHED_WORKER)
+static void interface_attach_worker(QXLInstance *sin, QXLWorker *qxl_worker)
+{
+interface_attached_worker(sin);
+}
+#endif
+
 static void interface_set_compression_level(QXLInstance *sin, int level)
 {
 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
@@ -1131,7 +1138,12 @@ static const QXLInterface qxl_interface = {
 .base.major_version  = SPICE_INTERFACE_QXL_MAJOR,
 .base.minor_version  = SPICE_INTERFACE_QXL_MINOR,
 
+#if SPICE_HAS_ATTACHED_WORKER
+.attached_worker = interface_attached_worker,
+#else
 .attache_worker  = interface_attach_worker,
+#endif
+
 .set_compression_level   = interface_set_compression_level,
 #if SPICE_NEEDS_SET_MM_TIME
 .set_mm_time = interface_set_mm_time,
diff --git a/ui/spice-display.c b/ui/spice-display.c
index 1043f47f94..a3078adf91 100644
--- a/ui/spice-display.c
+++ b/ui/spice-display.c
@@ -500,10 +500,17 @@ void qemu_spice_display_refresh(SimpleSpiceDisplay *ssd)
 
 /* spice display interface callbacks */
 
+#if SPICE_HAS_ATTACHED_WORKER
+static void interface_attached_worker(QXLInstance *sin)
+{
+/* nothing to do */
+}
+#else
 static void interface_attach_worker(QXLInstance *sin, QXLWorker *qxl_worker)
 {
 /* nothing to do */
 }
+#endif
 
 static void interface_set_compression_level(QXLInstance *sin, int level)
 {
@@ -702,7 +709,11 @@ static const QXLInterface dpy_interface = {
 .base.major_version  = SPICE_INTERFACE_QXL_MAJOR,
 .base.minor_version  = SPICE_INTERFACE_QXL_MINOR,
 
+#if SPICE_HAS_ATTACHED_WORKER
+.attached_worker = interface_attached_worker,
+#else
 .attache_worker  = interface_attach_worker,
+#endif
 .set_compression_level   = interface_set_compression_level,
 #if SPICE_NEEDS_SET_MM_TIME
 .set_mm_time = interface_set_mm_time,
-- 
2.30.2

[PULL 06/31] tests/docker: switch fedora image to release 35

[Alex Bennée]

From: Daniel P. Berrangé 

The Fedora 33 release is shortly end of life. Switch to the newest
Fedora 35 to maximise lifespan until we need to update again.

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrangé 
Signed-off-by: Alex Bennée 
Message-Id: <20211215141949.3512719-7-berra...@redhat.com>
Message-Id: <20220105135009.1584676-7-alex.ben...@linaro.org>

diff --git a/tests/docker/dockerfiles/fedora.docker 
b/tests/docker/dockerfiles/fedora.docker
index c6fd7e1113..855aefaac5 100644
--- a/tests/docker/dockerfiles/fedora.docker
+++ b/tests/docker/dockerfiles/fedora.docker
@@ -1,4 +1,4 @@
-FROM registry.fedoraproject.org/fedora:33
+FROM registry.fedoraproject.org/fedora:35
 
 # Please keep this list sorted alphabetically
 ENV PACKAGES \
-- 
2.30.2

[PULL 13/31] tests/docker: remove ubuntu.docker container

[Alex Bennée]

From: Daniel P. Berrangé 

This duplicates the ubuntu2004 container but with an inconsistent set of
packages.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrangé 
Signed-off-by: Alex Bennée 
Message-Id: <20211215141949.3512719-14-berra...@redhat.com>
Message-Id: <20220105135009.1584676-14-alex.ben...@linaro.org>

diff --git a/.gitlab-ci.d/containers.yml b/.gitlab-ci.d/containers.yml
index cd06d3f5f4..b9b675fdcb 100644
--- a/.gitlab-ci.d/containers.yml
+++ b/.gitlab-ci.d/containers.yml
@@ -29,11 +29,6 @@ amd64-ubuntu2004-container:
   variables:
 NAME: ubuntu2004
 
-amd64-ubuntu-container:
-  extends: .container_job_template
-  variables:
-NAME: ubuntu
-
 amd64-opensuse-leap-container:
   extends: .container_job_template
   variables:
diff --git a/tests/docker/dockerfiles/ubuntu.docker 
b/tests/docker/dockerfiles/ubuntu.docker
deleted file mode 100644
index f0e0180d21..00
--- a/tests/docker/dockerfiles/ubuntu.docker
+++ /dev/null
@@ -1,71 +0,0 @@
-#
-# Latest Ubuntu Release
-#
-# Useful for testing against relatively bleeding edge libraries and
-# compilers. We also have seperate recipe for the most recent LTS
-# release.
-#
-# When updating use the full tag not :latest otherwise the build
-# system won't pick up that it has changed.
-#
-
-FROM docker.io/library/ubuntu:20.04
-ENV PACKAGES \
-ccache \
-clang \
-dbus \
-gcc \
-gettext \
-git \
-glusterfs-common \
-libaio-dev \
-libattr1-dev \
-libbrlapi-dev \
-libbz2-dev \
-libcacard-dev \
-libcap-ng-dev \
-libcurl4-gnutls-dev \
-libdrm-dev \
-libepoxy-dev \
-libfdt-dev \
-libffi-dev \
-libgbm-dev \
-libgnutls28-dev \
-libgtk-3-dev \
-libibverbs-dev \
-libiscsi-dev \
-libjemalloc-dev \
-libjpeg-turbo8-dev \
-liblzo2-dev \
-libncurses5-dev \
-libncursesw5-dev \
-libnfs-dev \
-libnuma-dev \
-libpixman-1-dev \
-libpng-dev \
-librados-dev \
-librbd-dev \
-librdmacm-dev \
-libsasl2-dev \
-libsdl2-dev \
-libseccomp-dev \
-libsnappy-dev \
-libspice-protocol-dev \
-libspice-server-dev \
-libssh-dev \
-libusb-1.0-0-dev \
-libusbredirhost-dev \
-libvdeplug-dev \
-libvte-2.91-dev \
-libxen-dev \
-libzstd-dev \
-make \
-ninja-build \
-python3-yaml \
-python3-sphinx \
-python3-sphinx-rtd-theme \
-sparse \
-xfslibs-dev
-RUN apt-get update && \
-DEBIAN_FRONTEND=noninteractive apt-get -y install $PACKAGES
-RUN dpkg -l $PACKAGES | sort > /packages.txt
-- 
2.30.2

[PULL 10/31] tests/docker: auto-generate ubuntu1804.docker with lcitool

[Alex Bennée]

From: Daniel P. Berrangé 

This commit is best examined using the "-b" option to diff.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrangé 
Signed-off-by: Alex Bennée 
Message-Id: <20211215141949.3512719-11-berra...@redhat.com>
Message-Id: <20220105135009.1584676-11-alex.ben...@linaro.org>

diff --git a/tests/docker/dockerfiles/ubuntu1804.docker 
b/tests/docker/dockerfiles/ubuntu1804.docker
index 450fd06d0d..0ffa3c4d4b 100644
--- a/tests/docker/dockerfiles/ubuntu1804.docker
+++ b/tests/docker/dockerfiles/ubuntu1804.docker
@@ -1,117 +1,146 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile ubuntu-1804 qemu
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
 FROM docker.io/library/ubuntu:18.04
-ENV PACKAGES \
-bc \
-bsdmainutils \
-bzip2 \
-ca-certificates \
-ccache \
-clang \
-dbus \
-debianutils \
-diffutils \
-exuberant-ctags \
-findutils \
-g++ \
-gcc \
-gcovr \
-genisoimage \
-gettext \
-git \
-glusterfs-common \
-hostname \
-libaio-dev \
-libasan5 \
-libasound2-dev \
-libattr1-dev \
-libbrlapi-dev \
-libbz2-dev \
-libc6-dev \
-libcacard-dev \
-libcap-ng-dev \
-libcapstone-dev \
-libcurl4-gnutls-dev \
-libdaxctl-dev \
-libdrm-dev \
-libepoxy-dev \
-libfdt-dev \
-libffi-dev \
-libgbm-dev \
-libgcrypt20-dev \
-libglib2.0-dev \
-libgnutls28-dev \
-libgtk-3-dev \
-libibverbs-dev \
-libiscsi-dev \
-libjemalloc-dev \
-libjpeg-turbo8-dev \
-liblttng-ust-dev \
-liblzo2-dev \
-libncursesw5-dev \
-libnfs-dev \
-libnuma-dev \
-libpam0g-dev \
-libpixman-1-dev \
-libpmem-dev \
-libpng-dev \
-libpulse-dev \
-librbd-dev \
-librdmacm-dev \
-libsasl2-dev \
-libsdl2-dev \
-libsdl2-image-dev \
-libseccomp-dev \
-libselinux-dev \
-libsnappy-dev \
-libspice-protocol-dev \
-libspice-server-dev \
-libssh-dev \
-libsystemd-dev \
-libtasn1-6-dev \
-libtest-harness-perl \
-libubsan1 \
-libudev-dev \
-libusb-1.0-0-dev \
-libusbredirhost-dev \
-libvdeplug-dev \
-libvirglrenderer-dev \
-libvte-2.91-dev \
-libxen-dev \
-libxml2-dev \
-libzstd-dev \
-llvm \
-locales \
-make \
-multipath-tools \
-netcat-openbsd \
-nettle-dev \
-ninja-build \
-openssh-client \
-perl-base \
-pkgconf \
-python3 \
-python3-numpy \
-python3-opencv \
-python3-pillow \
-python3-pip \
-python3-setuptools \
-python3-sphinx \
-python3-sphinx-rtd-theme \
-python3-venv \
-python3-wheel \
-python3-yaml \
-rpm2cpio \
-sed \
-sparse \
-systemtap-sdt-dev \
-tar \
-tesseract-ocr \
-tesseract-ocr-eng \
-texinfo \
-xfslibs-dev \
-zlib1g-dev
-RUN apt-get update && \
-DEBIAN_FRONTEND=noninteractive apt-get -y install $PACKAGES
-RUN dpkg -l $PACKAGES | sort > /packages.txt
 
+RUN export DEBIAN_FRONTEND=noninteractive && \
+apt-get update && \
+apt-get install -y eatmydata && \
+eatmydata apt-get dist-upgrade -y && \
+eatmydata apt-get install --no-install-recommends -y \
+bash \
+bc \
+bsdmainutils \
+bzip2 \
+ca-certificates \
+ccache \
+clang \
+dbus \
+debianutils \
+diffutils \
+exuberant-ctags \
+findutils \
+g++ \
+gcc \
+gcovr \
+genisoimage \
+gettext \
+git \
+glusterfs-common \
+hostname \
+libaio-dev \
+libasan5 \
+libasound2-dev \
+libattr1-dev \
+libbrlapi-dev \
+libbz2-dev \
+libc6-dev \
+libcacard-dev \
+libcap-ng-dev \
+libcapstone-dev \
+libcurl4-gnutls-dev \
+libdaxctl-dev \
+libdrm-dev \
+libepoxy-dev \
+libfdt-dev \
+libffi-dev \
+libgbm-dev \
+libgcrypt20-dev \
+libglib2.0-dev \
+libgnutls28-dev \
+libgtk-3-dev \
+libibverbs-dev \
+libiscsi-dev \
+libjemalloc-dev \
+libjpeg-turbo8-dev \
+liblttng-ust-dev \
+liblzo2-dev \
+libncursesw5-dev \
+libnfs-dev \
+libnuma-dev \
+libpam0g-dev \
+libpcre2-dev \
+libpixman-1-dev \
+libpmem-dev \
+libpng-dev \
+libpulse-dev \
+librbd-dev \
+librdmacm-dev \
+libsasl2-dev \
+libsdl2-dev \
+libsdl2-image-dev \
+libseccomp-dev \
+libselinux1-dev \
+libsnappy-dev \
+libspice-protoc

[PULL 16/31] tests/docker: fix sorting of alpine image package lists

[Alex Bennée]

From: Daniel P. Berrangé 

"python" sorts alphabetically after "py3-"

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrangé 
Signed-off-by: Alex Bennée 
Message-Id: <20211215141949.3512719-17-berra...@redhat.com>
Message-Id: <20220105135009.1584676-17-alex.ben...@linaro.org>

diff --git a/tests/docker/dockerfiles/alpine.docker 
b/tests/docker/dockerfiles/alpine.docker
index 5a1808726e..ca4b3b58d2 100644
--- a/tests/docker/dockerfiles/alpine.docker
+++ b/tests/docker/dockerfiles/alpine.docker
@@ -35,9 +35,9 @@ ENV PACKAGES \
ncurses-dev \
perl \
pulseaudio-dev \
-   python3 \
py3-sphinx \
py3-sphinx_rtd_theme \
+   python3 \
samurai \
snappy-dev \
spice-dev \
-- 
2.30.2

[PULL 00/31] testing/next and other misc fixes

[Alex Bennée]

The following changes since commit bf99e0ec9a51976868d7a8334620716df15fe7fe:

  Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging 
(2022-01-11 10:12:29 +)

are available in the Git repository at:

  https://github.com/stsquad/qemu.git tags/pull-for-7.0-110122-1

for you to fetch changes up to dbd30b7abee963f4fb08892a7d7f920bb76ece58:

  linux-user: Remove the deprecated ppc64abi32 target (2022-01-11 13:00:53 
+)


Various testing and other misc updates:

  - fix compiler warnings with ui and sdl
  - update QXL/spice dependancy
  - skip I/O tests on Alpine
  - update fedora image to latest version
  - integrate lcitool and regenerate docker images
  - favour CONFIG_LINUX_USER over CONFIG_LINUX
  - add libfuse3 dependencies to docker images
  - add dtb-kaslr-seed control knob to virt machine
  - fix build breakage from HMP update
  - update docs for C standard and suffix usage
  - add more logging for debugging user hole finding
  - fix bug with linux-user hold calculation
  - avoid affecting flags when printing results in float tests
  - add float reference files for ppc64
  - update FreeBSD to 12.3
  - add bison dependancy to tricore images
  - remove deprecated ppc64abi32 target


Alex Bennée (6):
  hw/arm: add control knob to disable kaslr_seed via DTB
  monitor: move x-query-profile into accel/tcg to fix build
  docs/devel: update C standard to C11
  docs/devel: more documentation on the use of suffixes
  linux-user/elfload: add extra logging for hole finding
  linux-user: don't adjust base of found hole

Brad Smith (1):
  FreeBSD: Upgrade to 12.3 release

Daniel P. Berrangé (17):
  ui: avoid compiler warnings from unused clipboard info variable
  meson: require liburing >= 0.3
  ui: avoid warnings about directdb on Alpine / musl libc
  ci: explicitly skip I/O tests on alpine
  tests/docker: switch fedora image to release 35
  tests: integrate lcitool for generating build env manifests
  tests/docker: auto-generate centos8.docker with lcitool
  tests/docker: auto-generate fedora.docker with lcitool
  tests/docker: auto-generate ubuntu1804.docker with lcitool
  tests/docker: auto-generate ubuntu2004.docker with lcitool
  tests/docker: auto-generate opensuse-leap.docker with lcitool
  tests/docker: remove ubuntu.docker container
  .gitlab-ci.d/cirrus: auto-generate variables with lcitool
  tests/docker: updates to alpine package list
  tests/docker: fix sorting of alpine image package lists
  tests/docker: fully expand the alpine package list
  tests/docker: auto-generate alpine.docker with lcitool

John Snow (1):
  spice: Update QXLInterface for spice >= 0.15.0

Paolo Bonzini (2):
  tests/tcg: use CONFIG_LINUX_USER, not CONFIG_LINUX
  docker: include bison in debian-tricore-cross

Richard Henderson (2):
  tests/tcg/multiarch: Read fp flags before printf
  test/tcg/ppc64le: Add float reference files

Stefan Hajnoczi (1):
  tests/docker: add libfuse3 development headers

Thomas Huth (1):
  linux-user: Remove the deprecated ppc64abi32 target

 docs/about/deprecated.rst  |   7 -
 docs/about/removed-features.rst|   8 +
 docs/devel/style.rst   |  14 +-
 docs/devel/testing.rst | 104 ++-
 docs/system/arm/virt.rst   |   8 +
 docs/user/main.rst |   1 -
 configure  |  29 +-
 Makefile   |   2 +
 configs/targets/ppc64abi32-linux-user.mak  |   8 -
 meson.build|   3 +-
 qapi/machine.json  |   1 +
 include/glib-compat.h  |   6 +-
 include/hw/arm/virt.h  |   1 +
 include/ui/qemu-spice.h|   6 +
 include/ui/sdl2.h  |  11 +
 linux-user/ppc/target_syscall.h|   4 +-
 linux-user/syscall_defs.h  |   6 +-
 accel/tcg/cpu-exec.c   |  31 +
 hw/arm/virt.c  |  32 +-
 hw/display/qxl.c   |  14 +-
 linux-user/elfload.c   |  27 +-
 linux-user/ppc/signal.c|  11 +-
 monitor/qmp-cmds.c |  31 -
 tests/tcg/multiarch/float_convs.c  |   2 +-
 tests/tcg/multiarch/float_madds.c  |   2 +-
 ui/clipboard.c |   4 +-
 ui/spice-display.c |  11 +
 .gitlab-ci.d/buildtest.yml |  29 +-
 .gitlab-ci.d/cirrus.ym

[PULL 01/31] ui: avoid compiler warnings from unused clipboard info variable

[Alex Bennée]

From: Daniel P. Berrangé 

With latest clang 13.0.0 we get

../ui/clipboard.c:47:34: error: variable 'old' set but not used 
[-Werror,-Wunused-but-set-variable]
g_autoptr(QemuClipboardInfo) old = NULL;
 ^

The compiler can't tell that we only declared this variable in
order to get the side effect of free'ing it when out of scope.

This pattern is a little dubious for a use of g_autoptr, so
rewrite the code to avoid it.

Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrangé 
[AJB: fix merge conflict]
Signed-off-by: Alex Bennée 
Message-Id: <20211215141949.3512719-2-berra...@redhat.com>
Message-Id: <20220105135009.1584676-2-alex.ben...@linaro.org>

diff --git a/ui/clipboard.c b/ui/clipboard.c
index 82572ea116..5f15cf853d 100644
--- a/ui/clipboard.c
+++ b/ui/clipboard.c
@@ -62,13 +62,11 @@ void qemu_clipboard_update(QemuClipboardInfo *info)
 .type = QEMU_CLIPBOARD_UPDATE_INFO,
 .info = info,
 };
-g_autoptr(QemuClipboardInfo) old = NULL;
-
 assert(info->selection < QEMU_CLIPBOARD_SELECTION__COUNT);
 
 notifier_list_notify(&clipboard_notifiers, ¬ify);
 
-old = cbinfo[info->selection];
+qemu_clipboard_info_unref(cbinfo[info->selection]);
 cbinfo[info->selection] = qemu_clipboard_info_ref(info);
 }
 
-- 
2.30.2

[PULL 04/31] ui: avoid warnings about directdb on Alpine / musl libc

[Alex Bennée]

From: Daniel P. Berrangé 

On Alpine, SDL is built with directfb support and this triggers warnings
during QEMU build

In file included from /usr/include/directfb/direct/thread.h:38,
 from /usr/include/directfb/direct/debug.h:43,
 from /usr/include/directfb/direct/interface.h:36,
 from /usr/include/directfb/directfb.h:49,
 from /usr/include/SDL2/SDL_syswm.h:80,
 from /builds/berrange/qemu/include/ui/sdl2.h:8,
 from ../ui/sdl2-gl.c:31:
/usr/include/directfb/direct/os/waitqueue.h:41:25: error: redundant 
redeclaration of 'direct_waitqueue_init' [-Werror=redundant-decls]
   41 | DirectResult DIRECT_API direct_waitqueue_init( DirectWaitQueue 
*queue );
  | ^

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrangé 
Signed-off-by: Alex Bennée 
Message-Id: <20211215141949.3512719-5-berra...@redhat.com>
Message-Id: <20220105135009.1584676-5-alex.ben...@linaro.org>

diff --git a/include/ui/sdl2.h b/include/ui/sdl2.h
index 71bcf7ebda..8fb7e08262 100644
--- a/include/ui/sdl2.h
+++ b/include/ui/sdl2.h
@@ -5,7 +5,18 @@
 #undef WIN32_LEAN_AND_MEAN
 
 #include 
+
+/* with Alpine / muslc SDL headers pull in directfb headers
+ * which in turn trigger warning about redundant decls for
+ * direct_waitqueue_deinit.
+ */
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wredundant-decls"
+
 #include 
+
+#pragma GCC diagnostic pop
+
 #ifdef CONFIG_SDL_IMAGE
 # include 
 #endif
-- 
2.30.2

[PULL 07/31] tests: integrate lcitool for generating build env manifests

[Alex Bennée]

From: Daniel P. Berrangé 

This introduces

  https://gitlab.com/libvirt/libvirt-ci

as a git submodule at tests/lcitool/libvirt-ci

The 'lcitool' program within this submodule will be used to
automatically generate build environment manifests from a definition
of requirements in tests/lcitool/projects/qemu.yml

It will ultimately be capable of generating

 - Dockerfiles
 - Package lists for installation in VMs
 - Variables for configuring Cirrus CI environments

When a new build pre-requisite is needed for QEMU, if this package
is not currently known to libvirt-ci, it must first be added to the
'mappings.yml' file in the above git repo.

Then the submodule can be updated and the build pre-requisite added
to the tests/lcitool/projects/qemu.yml file. Now all the build env
manifests can be re-generated using  'make lcitool-refresh'

This ensures that when a new build pre-requisite is introduced, it
is added to all the different OS containers, VMs and Cirrus CI
environments consistently.

It also facilitates the addition of containers targetting new distros
or updating existing containers to new versions of the same distro,
where packages might have been renamed.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrangé 
Signed-off-by: Alex Bennée 
Message-Id: <20211215141949.3512719-8-berra...@redhat.com>
Message-Id: <20220105135009.1584676-8-alex.ben...@linaro.org>

diff --git a/docs/devel/testing.rst b/docs/devel/testing.rst
index 755343c7dd..d744b5909c 100644
--- a/docs/devel/testing.rst
+++ b/docs/devel/testing.rst
@@ -382,14 +382,112 @@ Along with many other images, the ``centos8`` image is 
defined in a Dockerfile
 in ``tests/docker/dockerfiles/``, called ``centos8.docker``. ``make 
docker-help``
 command will list all the available images.
 
-To add a new image, simply create a new ``.docker`` file under the
-``tests/docker/dockerfiles/`` directory.
-
 A ``.pre`` script can be added beside the ``.docker`` file, which will be
 executed before building the image under the build context directory. This is
 mainly used to do necessary host side setup. One such setup is ``binfmt_misc``,
 for example, to make qemu-user powered cross build containers work.
 
+Most of the existing Dockerfiles were written by hand, simply by creating a
+a new ``.docker`` file under the ``tests/docker/dockerfiles/`` directory.
+This has led to an inconsistent set of packages being present across the
+different containers.
+
+Thus going forward, QEMU is aiming to automatically generate the Dockerfiles
+using the ``lcitool`` program provided by the ``libvirt-ci`` project:
+
+  https://gitlab.com/libvirt/libvirt-ci
+
+In that project, there is a ``mappings.yml`` file defining the distro native
+package names for a wide variety of third party projects. This is processed
+in combination with a project defined list of build pre-requisites to determine
+the list of native packages to install on each distribution. This can be used
+to generate dockerfiles, VM package lists and Cirrus CI variables needed to
+setup build environments across OS distributions with a consistent set of
+packages present.
+
+When preparing a patch series that adds a new build pre-requisite to QEMU,
+updates to various lcitool data files may be required.
+
+
+Adding new build pre-requisites
+^^^
+
+In the simple case where the pre-requisite is already known to ``libvirt-ci``
+the following steps are needed
+
+ * Edit ``tests/lcitool/projects/qemu.yml`` and add the pre-requisite
+
+ * Run ``make lcitool-refresh`` to re-generate all relevant build environment
+   manifests
+
+In some cases ``libvirt-ci`` will not know about the build pre-requisite and
+thus some extra preparation steps will be required first
+
+ * Fork the ``libvirt-ci`` project on gitlab
+
+ * Edit the ``mappings.yml`` change to add an entry for the new build
+   prerequisite, listing its native package name on as many OS distros
+   as practical.
+
+ * Commit the ``mappings.yml`` change and submit a merge request to
+   the ``libvirt-ci`` project, noting in the description that this
+   is a new build pre-requisite desired for use with QEMU
+
+ * CI pipeline will run to validate that the changes to ``mappings.yml``
+   are correct, by attempting to install the newly listed package on
+   all OS distributions supported by ``libvirt-ci``.
+
+ * Once the merge request is accepted, go back to QEMU and update
+   the ``libvirt-ci`` submodule to point to a commit that contains
+   the ``mappings.yml`` update.
+
+
+Adding new OS distros
+^
+
+In some cases ``libvirt-ci`` will not know about the OS distro that is
+desired to be tested. Before adding a new OS distro, discuss the proposed
+addition:
+
+ * Send a mail to qemu-devel, copying people listed in the
+   MAINTAINERS file for ``Build and test automation``.
+
+   There are limited CI compute resources available to QEMU, so the
+   cost/benefit tradeoff of adding new OS distros needs t

[PULL 21/31] hw/arm: add control knob to disable kaslr_seed via DTB

[Alex Bennée]

Generally a guest needs an external source of randomness to properly
enable things like address space randomisation. However in a trusted
boot environment where the firmware will cryptographically verify
components having random data in the DTB will cause verification to
fail. Add a control knob so we can prevent this being added to the
system DTB.

Signed-off-by: Alex Bennée 
Tested-by: Heinrich Schuchardt 
Acked-by: Ilias Apalodimas 
Acked-by: Jerome Forissier 
Reviewed-by: Andrew Jones 
Message-Id: <20220105135009.1584676-22-alex.ben...@linaro.org>

diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
index 850787495b..1544632b67 100644
--- a/docs/system/arm/virt.rst
+++ b/docs/system/arm/virt.rst
@@ -121,6 +121,14 @@ ras
   Set ``on``/``off`` to enable/disable reporting host memory errors to a guest
   using ACPI and guest external abort exceptions. The default is off.
 
+dtb-kaslr-seed
+  Set ``on``/``off`` to pass a random seed via the guest dtb
+  kaslr-seed node (in both "/chosen" and /secure-chosen) to use
+  for features like address space randomisation. The default is
+  ``on``. You will want to disable it if your trusted boot chain will
+  verify the DTB it is passed. It would be the responsibility of the
+  firmware to come up with a seed and pass it on if it wants to.
+
 Linux guest kernel configuration
 
 
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index dc6b66ffc8..be0534608f 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -148,6 +148,7 @@ struct VirtMachineState {
 bool virt;
 bool ras;
 bool mte;
+bool dtb_kaslr_seed;
 OnOffAuto acpi;
 VirtGICType gic_version;
 VirtIOMMUType iommu;
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index b45b52c90e..84c2444fff 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -247,11 +247,15 @@ static void create_fdt(VirtMachineState *vms)
 
 /* /chosen must exist for load_dtb to fill in necessary properties later */
 qemu_fdt_add_subnode(fdt, "/chosen");
-create_kaslr_seed(ms, "/chosen");
+if (vms->dtb_kaslr_seed) {
+create_kaslr_seed(ms, "/chosen");
+}
 
 if (vms->secure) {
 qemu_fdt_add_subnode(fdt, "/secure-chosen");
-create_kaslr_seed(ms, "/secure-chosen");
+if (vms->dtb_kaslr_seed) {
+create_kaslr_seed(ms, "/secure-chosen");
+}
 }
 
 /* Clock node, for the benefit of the UART. The kernel device tree
@@ -2235,6 +2239,20 @@ static void virt_set_its(Object *obj, bool value, Error 
**errp)
 vms->its = value;
 }
 
+static bool virt_get_dtb_kaslr_seed(Object *obj, Error **errp)
+{
+VirtMachineState *vms = VIRT_MACHINE(obj);
+
+return vms->dtb_kaslr_seed;
+}
+
+static void virt_set_dtb_kaslr_seed(Object *obj, bool value, Error **errp)
+{
+VirtMachineState *vms = VIRT_MACHINE(obj);
+
+vms->dtb_kaslr_seed = value;
+}
+
 static char *virt_get_oem_id(Object *obj, Error **errp)
 {
 VirtMachineState *vms = VIRT_MACHINE(obj);
@@ -2764,6 +2782,13 @@ static void virt_machine_class_init(ObjectClass *oc, 
void *data)
   "Set on/off to enable/disable "
   "ITS instantiation");
 
+object_class_property_add_bool(oc, "dtb-kaslr-seed",
+   virt_get_dtb_kaslr_seed,
+   virt_set_dtb_kaslr_seed);
+object_class_property_set_description(oc, "dtb-kaslr-seed",
+  "Set off to disable passing of 
kaslr-seed "
+  "dtb node to guest");
+
 object_class_property_add_str(oc, "x-oem-id",
   virt_get_oem_id,
   virt_set_oem_id);
@@ -2828,6 +2853,9 @@ static void virt_instance_init(Object *obj)
 /* MTE is disabled by default.  */
 vms->mte = false;
 
+/* Supply a kaslr-seed by default */
+vms->dtb_kaslr_seed = true;
+
 vms->irqmap = a15irqmap;
 
 virt_flash_create(vms);
-- 
2.30.2

[PULL 05/31] ci: explicitly skip I/O tests on alpine

[Alex Bennée]

From: Daniel P. Berrangé 

The block I/O tests don't work on Alpine because their alternative libc
impl emits different strings for errnos, which breaks the expected
output matching. e.g.

=== IO: pattern 102
 wrote 512/512 bytes at offset 512
 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-qemu-img: Error while reading offset 0 of 
blkdebug:TEST_DIR/blkdebug.conf:TEST_DIR/t.IMGFMT: Input/output error
+qemu-img: Error while reading offset 0 of 
blkdebug:TEST_DIR/blkdebug.conf:TEST_DIR/t.IMGFMT: I/O error
 4
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
 Formatting 'TEST_DIR/t.IMGFMT.2', fmt=IMGFMT size=0

Currently the I/O tests are skipped as a side effect of the Alpine image
containing a minimal busybox 'sed' binary, rather than GNU sed. This is
a fragile assumption that will be invalidated when the dockerfile is
changed to be autogenerated from a standardized package list that
includes GNU sed.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrangé 
Signed-off-by: Alex Bennée 
Message-Id: <20211215141949.3512719-6-berra...@redhat.com>
Reviewed-by: Thomas Huth 
Message-Id: <20220105135009.1584676-6-alex.ben...@linaro.org>

diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
index 12fb1130fe..8f2a3c8f5b 100644
--- a/.gitlab-ci.d/buildtest.yml
+++ b/.gitlab-ci.d/buildtest.yml
@@ -24,7 +24,7 @@ check-system-alpine:
   artifacts: true
   variables:
 IMAGE: alpine
-MAKE_CHECK_ARGS: check
+MAKE_CHECK_ARGS: check-unit check-qtest
 
 avocado-system-alpine:
   extends: .avocado_test_job_template
-- 
2.30.2

[PULL 03/31] meson: require liburing >= 0.3

[Alex Bennée]

From: Daniel P. Berrangé 

openSUSE Leap 15.2 ships with liburing == 0.2 against which QEMU fails
to build.

../util/fdmon-io_uring.c: In function ‘fdmon_io_uring_need_wait’:
../util/fdmon-io_uring.c:305:9: error: implicit declaration of function 
‘io_uring_sq_ready’; did you mean ‘io_uring_cq_ready’? 
[-Werror=implicit-function-declaration]
 if (io_uring_sq_ready(&ctx->fdmon_io_uring)) {
 ^
 io_uring_cq_ready

This method was introduced in liburing 0.3, so set that as a minimum
requirement.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrangé 
Signed-off-by: Alex Bennée 
Message-Id: <20211215141949.3512719-4-berra...@redhat.com>
Message-Id: <20220105135009.1584676-4-alex.ben...@linaro.org>

diff --git a/meson.build b/meson.build
index c1b1db1e28..076d85baba 100644
--- a/meson.build
+++ b/meson.build
@@ -440,7 +440,8 @@ if not get_option('linux_aio').auto() or have_block
 endif
 linux_io_uring = not_found
 if not get_option('linux_io_uring').auto() or have_block
-  linux_io_uring = dependency('liburing', required: 
get_option('linux_io_uring'),
+  linux_io_uring = dependency('liburing', version: '>=0.3',
+  required: get_option('linux_io_uring'),
   method: 'pkg-config', kwargs: static_kwargs)
 endif
 libxml2 = not_found
-- 
2.30.2

[PULL 20/31] tests/docker: add libfuse3 development headers

[Alex Bennée]

From: Stefan Hajnoczi 

The FUSE exports feature is not built because most container images do
not have libfuse3 development headers installed. Add the necessary
packages to the Dockerfiles.

Cc: Hanna Reitz 
Cc: Richard W.M. Jones 
Signed-off-by: Stefan Hajnoczi 
Acked-by: Richard W.M. Jones 
Reviewed-by: Beraldo Leal 
Tested-by: Beraldo Leal 
Message-Id: <20211207160025.52466-1-stefa...@redhat.com>
[AJB: migrate to lcitool qemu.yml and regenerate]
Signed-off-by: Alex Bennée 
Reviewed-by: Richard W.M. Jones 
Message-Id: <20220105135009.1584676-21-alex.ben...@linaro.org>

diff --git a/tests/docker/dockerfiles/alpine.docker 
b/tests/docker/dockerfiles/alpine.docker
index 97c7a88d1f..eb2251c81c 100644
--- a/tests/docker/dockerfiles/alpine.docker
+++ b/tests/docker/dockerfiles/alpine.docker
@@ -29,6 +29,7 @@ RUN apk update && \
 dtc-dev \
 eudev-dev \
 findutils \
+fuse3-dev \
 g++ \
 gcc \
 gcovr \
diff --git a/tests/docker/dockerfiles/centos8.docker 
b/tests/docker/dockerfiles/centos8.docker
index 3c62b62a99..cbb909d02b 100644
--- a/tests/docker/dockerfiles/centos8.docker
+++ b/tests/docker/dockerfiles/centos8.docker
@@ -30,6 +30,7 @@ RUN dnf update -y && \
 device-mapper-multipath-devel \
 diffutils \
 findutils \
+fuse3-devel \
 gcc \
 gcc-c++ \
 genisoimage \
diff --git a/tests/docker/dockerfiles/fedora.docker 
b/tests/docker/dockerfiles/fedora.docker
index 6784878b56..60207f3da3 100644
--- a/tests/docker/dockerfiles/fedora.docker
+++ b/tests/docker/dockerfiles/fedora.docker
@@ -37,6 +37,7 @@ exec "$@"' > /usr/bin/nosync && \
 device-mapper-multipath-devel \
 diffutils \
 findutils \
+fuse3-devel \
 gcc \
 gcc-c++ \
 gcovr \
diff --git a/tests/docker/dockerfiles/opensuse-leap.docker 
b/tests/docker/dockerfiles/opensuse-leap.docker
index 5510bdf19c..f57d8cfb29 100644
--- a/tests/docker/dockerfiles/opensuse-leap.docker
+++ b/tests/docker/dockerfiles/opensuse-leap.docker
@@ -22,6 +22,7 @@ RUN zypper update -y && \
dbus-1 \
diffutils \
findutils \
+   fuse3-devel \
gcc \
gcc-c++ \
gcovr \
diff --git a/tests/docker/dockerfiles/ubuntu2004.docker 
b/tests/docker/dockerfiles/ubuntu2004.docker
index 40402b91fe..4e562dfdcd 100644
--- a/tests/docker/dockerfiles/ubuntu2004.docker
+++ b/tests/docker/dockerfiles/ubuntu2004.docker
@@ -46,6 +46,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
 libepoxy-dev \
 libfdt-dev \
 libffi-dev \
+libfuse3-dev \
 libgbm-dev \
 libgcrypt20-dev \
 libglib2.0-dev \
diff --git a/tests/lcitool/projects/qemu.yml b/tests/lcitool/projects/qemu.yml
index 2e2271510e..ed5ab1407a 100644
--- a/tests/lcitool/projects/qemu.yml
+++ b/tests/lcitool/projects/qemu.yml
@@ -18,6 +18,7 @@ packages:
  - diffutils
  - dtrace
  - findutils
+ - fuse3
  - g++
  - gcc
  - gcovr
-- 
2.30.2

[PULL 11/31] tests/docker: auto-generate ubuntu2004.docker with lcitool

[Alex Bennée]

From: Daniel P. Berrangé 

This commit is best examined using the "-b" option to diff.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrangé 
Signed-off-by: Alex Bennée 
Message-Id: <20211215141949.3512719-12-berra...@redhat.com>
Message-Id: <20220105135009.1584676-12-alex.ben...@linaro.org>

diff --git a/tests/docker/dockerfiles/ubuntu2004.docker 
b/tests/docker/dockerfiles/ubuntu2004.docker
index 15a026be09..40402b91fe 100644
--- a/tests/docker/dockerfiles/ubuntu2004.docker
+++ b/tests/docker/dockerfiles/ubuntu2004.docker
@@ -1,119 +1,148 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile ubuntu-2004 qemu
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
 FROM docker.io/library/ubuntu:20.04
-ENV PACKAGES \
-bc \
-bsdmainutils \
-bzip2 \
-ca-certificates \
-ccache \
-clang \
-dbus \
-debianutils \
-diffutils \
-exuberant-ctags \
-findutils \
-g++ \
-gcc \
-gcovr \
-genisoimage \
-gettext \
-git \
-hostname \
-libaio-dev \
-libasan5 \
-libasound2-dev \
-libattr1-dev \
-libbrlapi-dev \
-libbz2-dev \
-libc6-dev \
-libcacard-dev \
-libcap-ng-dev \
-libcapstone-dev \
-libcurl4-gnutls-dev \
-libdaxctl-dev \
-libdrm-dev \
-libepoxy-dev \
-libfdt-dev \
-libffi-dev \
-libgbm-dev \
-libgcrypt20-dev \
-libglib2.0-dev \
-libglusterfs-dev \
-libgnutls28-dev \
-libgtk-3-dev \
-libibverbs-dev \
-libiscsi-dev \
-libjemalloc-dev \
-libjpeg-turbo8-dev \
-liblttng-ust-dev \
-liblzo2-dev \
-libncursesw5-dev \
-libnfs-dev \
-libnuma-dev \
-libpam0g-dev \
-libpixman-1-dev \
-libpmem-dev \
-libpng-dev \
-libpulse-dev \
-librbd-dev \
-librdmacm-dev \
-libsasl2-dev \
-libsdl2-dev \
-libsdl2-image-dev \
-libseccomp-dev \
-libselinux-dev \
-libslirp-dev \
-libsnappy-dev \
-libspice-protocol-dev \
-libspice-server-dev \
-libssh-dev \
-libsystemd-dev \
-libtasn1-6-dev \
-libtest-harness-perl \
-libubsan1 \
-libudev-dev \
-libusb-1.0-0-dev \
-libusbredirhost-dev \
-libvdeplug-dev \
-libvirglrenderer-dev \
-libvte-2.91-dev \
-libxen-dev \
-libxml2-dev \
-libzstd-dev \
-llvm \
-locales \
-make \
-multipath-tools \
-ncat \
-nettle-dev \
-ninja-build \
-openssh-client \
-perl-base \
-pkgconf \
-python3 \
-python3-numpy \
-python3-opencv \
-python3-pillow \
-python3-pip \
-python3-setuptools \
-python3-sphinx \
-python3-sphinx-rtd-theme \
-python3-venv \
-python3-wheel \
-python3-yaml \
-rpm2cpio \
-sed \
-sparse \
-systemtap-sdt-dev \
-tar \
-tesseract-ocr \
-tesseract-ocr-eng \
-texinfo \
-xfslibs-dev \
-zlib1g-dev
-RUN apt-get update && \
-DEBIAN_FRONTEND=noninteractive apt-get -y install $PACKAGES
-RUN dpkg -l $PACKAGES | sort > /packages.txt
 
+RUN export DEBIAN_FRONTEND=noninteractive && \
+apt-get update && \
+apt-get install -y eatmydata && \
+eatmydata apt-get dist-upgrade -y && \
+eatmydata apt-get install --no-install-recommends -y \
+bash \
+bc \
+bsdmainutils \
+bzip2 \
+ca-certificates \
+ccache \
+clang \
+dbus \
+debianutils \
+diffutils \
+exuberant-ctags \
+findutils \
+g++ \
+gcc \
+gcovr \
+genisoimage \
+gettext \
+git \
+hostname \
+libaio-dev \
+libasan5 \
+libasound2-dev \
+libattr1-dev \
+libbrlapi-dev \
+libbz2-dev \
+libc6-dev \
+libcacard-dev \
+libcap-ng-dev \
+libcapstone-dev \
+libcurl4-gnutls-dev \
+libdaxctl-dev \
+libdrm-dev \
+libepoxy-dev \
+libfdt-dev \
+libffi-dev \
+libgbm-dev \
+libgcrypt20-dev \
+libglib2.0-dev \
+libglusterfs-dev \
+libgnutls28-dev \
+libgtk-3-dev \
+libibverbs-dev \
+libiscsi-dev \
+libjemalloc-dev \
+libjpeg-turbo8-dev \
+liblttng-ust-dev \
+liblzo2-dev \
+libncursesw5-dev \
+libnfs-dev \
+libnuma-dev \
+libpam0g-dev \
+libpcre2-dev \
+libpixman-1-dev \
+libpmem-dev \
+libpng-dev \
+libpulse-dev \
+librbd-dev \
+librdmacm-dev \
+libsasl2-dev \
+libsdl2-dev \
+libsdl2-image-dev \
+libseccomp-dev \
+libselinux1-dev \
+libslirp-dev \
+libsna

[PULL 17/31] tests/docker: fully expand the alpine package list

[Alex Bennée]

From: Daniel P. Berrangé 

Add many extra alpine packages to cover the various optional QEMU build
dependencies pulled in by other dockerfiles.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrangé 
Signed-off-by: Alex Bennée 
Message-Id: <20211215141949.3512719-18-berra...@redhat.com>
Message-Id: <20220105135009.1584676-18-alex.ben...@linaro.org>

diff --git a/tests/docker/dockerfiles/alpine.docker 
b/tests/docker/dockerfiles/alpine.docker
index ca4b3b58d2..0ac30c8014 100644
--- a/tests/docker/dockerfiles/alpine.docker
+++ b/tests/docker/dockerfiles/alpine.docker
@@ -7,11 +7,29 @@ RUN apk upgrade
 # Please keep this list sorted alphabetically
 ENV PACKAGES \
alsa-lib-dev \
+   attr-dev \
bash \
+   bc \
+   bzip2 \
+   bzip2-dev \
+   ca-certificates \
+   capstone-dev \
ccache \
+   cdrkit \
+   ceph-dev \
+   clang \
+   ctags \
curl-dev \
+   cyrus-sasl-dev \
+   dbus \
+   diffutils \
+   dtc-dev \
+   eudev-dev \
+   findutils \
g++ \
gcc \
+   gcovr \
+   gettext \
git \
glib-dev \
glib-static \
@@ -20,34 +38,72 @@ ENV PACKAGES \
libaio-dev \
libbpf-dev \
libcap-ng-dev \
+   libdrm-dev \
+   libepoxy-dev \
libffi-dev \
+   libgcrypt-dev \
libjpeg-turbo-dev \
libnfs-dev \
libpng-dev \
libseccomp-dev \
+   libselinux-dev \
+   libslirp-dev \
libssh-dev \
+   libtasn1-dev \
+   liburing-dev \
libusb-dev \
libxml2-dev \
+   linux-pam-dev \
+   llvm11 \
+   lttng-ust-dev \
lzo-dev \
make \
mesa-dev \
meson \
+   multipath-tools \
ncurses-dev \
+   ndctl-dev \
+   net-tools \
+   nettle-dev \
+   nmap-ncat \
+   numactl-dev \
+   openssh-client \
+   pcre-dev \
perl \
+   perl-test-harness \
+   pixman-dev \
+   pkgconf \
pulseaudio-dev \
+   py3-numpy \
+   py3-pillow \
+   py3-pip \
py3-sphinx \
py3-sphinx_rtd_theme \
+   py3-virtualenv \
+   py3-yaml \
python3 \
+   rpm2cpio \
samurai \
+   sdl2-dev \
+   sdl2_image-dev \
+   sed \
snappy-dev \
+   sparse \
spice-dev \
+   spice-protocol \
+   tar \
+   tesseract-ocr \
texinfo \
usbredir-dev \
+   util-linux \
vde2-dev \
virglrenderer-dev \
vte3-dev \
+   which \
+   xen-dev \
xfsprogs-dev \
zlib-dev \
-   zlib-static
+   zlib-static \
+   zstd-dev
 
 RUN apk add $PACKAGES
-- 
2.30.2

[PATCH 2/2] hw/virtio: add vhost-user-gpio-pci boilerplate

[Viresh Kumar]

This allows is to instantiate a vhost-user-gpio device as part of a PCI
bus. It is mostly boilerplate which looks pretty similar to the
vhost-user-fs-pci device.

Signed-off-by: Viresh Kumar 
---
 hw/virtio/meson.build   |  1 +
 hw/virtio/vhost-user-gpio-pci.c | 69 +
 2 files changed, 70 insertions(+)
 create mode 100644 hw/virtio/vhost-user-gpio-pci.c

diff --git a/hw/virtio/meson.build b/hw/virtio/meson.build
index c7e67adff337..fe6a4e9acb2a 100644
--- a/hw/virtio/meson.build
+++ b/hw/virtio/meson.build
@@ -30,6 +30,7 @@ virtio_ss.add(when: ['CONFIG_VIRTIO_PCI', 
'CONFIG_VHOST_USER_I2C'], if_true: fil
 virtio_ss.add(when: 'CONFIG_VHOST_USER_RNG', if_true: 
files('vhost-user-rng.c'))
 virtio_ss.add(when: ['CONFIG_VHOST_USER_RNG', 'CONFIG_VIRTIO_PCI'], if_true: 
files('vhost-user-rng-pci.c'))
 virtio_ss.add(when: 'CONFIG_VHOST_USER_GPIO', if_true: 
files('vhost-user-gpio.c'))
+virtio_ss.add(when: ['CONFIG_VIRTIO_PCI', 'CONFIG_VHOST_USER_GPIO'], if_true: 
files('vhost-user-gpio-pci.c'))
 
 virtio_pci_ss = ss.source_set()
 virtio_pci_ss.add(when: 'CONFIG_VHOST_VSOCK', if_true: 
files('vhost-vsock-pci.c'))
diff --git a/hw/virtio/vhost-user-gpio-pci.c b/hw/virtio/vhost-user-gpio-pci.c
new file mode 100644
index ..8dd042d5e1c1
--- /dev/null
+++ b/hw/virtio/vhost-user-gpio-pci.c
@@ -0,0 +1,69 @@
+/*
+ * Vhost-user gpio virtio device PCI glue
+ *
+ * Copyright (c) 2022 Viresh Kumar 
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "hw/qdev-properties.h"
+#include "hw/virtio/vhost-user-gpio.h"
+#include "virtio-pci.h"
+
+struct VHostUserGPIOPCI {
+VirtIOPCIProxy parent_obj;
+VHostUserGPIO vdev;
+};
+
+typedef struct VHostUserGPIOPCI VHostUserGPIOPCI;
+
+#define TYPE_VHOST_USER_GPIO_PCI "vhost-user-gpio-pci-base"
+
+DECLARE_INSTANCE_CHECKER(VHostUserGPIOPCI, VHOST_USER_GPIO_PCI,
+ TYPE_VHOST_USER_GPIO_PCI)
+
+static void vhost_user_gpio_pci_realize(VirtIOPCIProxy *vpci_dev, Error **errp)
+{
+VHostUserGPIOPCI *dev = VHOST_USER_GPIO_PCI(vpci_dev);
+DeviceState *vdev = DEVICE(&dev->vdev);
+
+vpci_dev->nvectors = 1;
+qdev_realize(vdev, BUS(&vpci_dev->bus), errp);
+}
+
+static void vhost_user_gpio_pci_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+VirtioPCIClass *k = VIRTIO_PCI_CLASS(klass);
+PCIDeviceClass *pcidev_k = PCI_DEVICE_CLASS(klass);
+k->realize = vhost_user_gpio_pci_realize;
+set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
+pcidev_k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
+pcidev_k->device_id = 0; /* Set by virtio-pci based on virtio id */
+pcidev_k->revision = 0x00;
+pcidev_k->class_id = PCI_CLASS_COMMUNICATION_OTHER;
+}
+
+static void vhost_user_gpio_pci_instance_init(Object *obj)
+{
+VHostUserGPIOPCI *dev = VHOST_USER_GPIO_PCI(obj);
+
+virtio_instance_init_common(obj, &dev->vdev, sizeof(dev->vdev),
+TYPE_VHOST_USER_GPIO);
+}
+
+static const VirtioPCIDeviceTypeInfo vhost_user_gpio_pci_info = {
+.base_name = TYPE_VHOST_USER_GPIO_PCI,
+.non_transitional_name = "vhost-user-gpio-pci",
+.instance_size = sizeof(VHostUserGPIOPCI),
+.instance_init = vhost_user_gpio_pci_instance_init,
+.class_init = vhost_user_gpio_pci_class_init,
+};
+
+static void vhost_user_gpio_pci_register(void)
+{
+virtio_pci_types_register(&vhost_user_gpio_pci_info);
+}
+
+type_init(vhost_user_gpio_pci_register);
-- 
2.31.1.272.g89b43f80a514

[PULL 14/31] .gitlab-ci.d/cirrus: auto-generate variables with lcitool

[Alex Bennée]

From: Daniel P. Berrangé 

The current Cirrus CI variables files were previously generated by using
lcitool. This change wires them up to the refresh script to make that
link explicit.

This changes the package list because libvirt-ci now knows about the
mapping for dtc on FreeBSD and macOS platforms.

The variables are also now emit in sorted order for stability across
runs.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrangé 
Signed-off-by: Alex Bennée 
Message-Id: <20211215141949.3512719-15-berra...@redhat.com>
Message-Id: <20220105135009.1584676-15-alex.ben...@linaro.org>

diff --git a/.gitlab-ci.d/cirrus/freebsd-12.vars 
b/.gitlab-ci.d/cirrus/freebsd-12.vars
index 2099b21354..9c52266811 100644
--- a/.gitlab-ci.d/cirrus/freebsd-12.vars
+++ b/.gitlab-ci.d/cirrus/freebsd-12.vars
@@ -2,12 +2,15 @@
 #
 #  $ lcitool variables freebsd-12 qemu
 #
-# 
https://gitlab.com/libvirt/libvirt-ci/-/commit/c7e275ab27ac0dcd09da290817b9adeea1fd1eb1
+# https://gitlab.com/libvirt/libvirt-ci
 
-PACKAGING_COMMAND='pkg'
 CCACHE='/usr/local/bin/ccache'
+CPAN_PKGS=''
+CROSS_PKGS=''
 MAKE='/usr/local/bin/gmake'
 NINJA='/usr/local/bin/ninja'
-PYTHON='/usr/local/bin/python3'
+PACKAGING_COMMAND='pkg'
 PIP3='/usr/local/bin/pip-3.8'
-PKGS='alsa-lib bash bzip2 ca_root_nss capstone4 ccache cdrkit-genisoimage 
ctags curl cyrus-sasl dbus diffutils gettext git glib gmake gnutls gsed gtk3 
libepoxy libffi libgcrypt libjpeg-turbo libnfs libspice-server libssh libtasn1 
libxml2 llvm lttng-ust lzo2 meson ncurses nettle ninja opencv p5-Test-Harness 
perl5 pixman pkgconf png py38-numpy py38-pillow py38-pip py38-sphinx 
py38-sphinx_rtd_theme py38-virtualenv py38-yaml python3 rpm2cpio sdl2 
sdl2_image snappy spice-protocol tesseract texinfo usbredir virglrenderer vte3 
zstd'
+PKGS='alsa-lib bash bzip2 ca_root_nss capstone4 ccache cdrkit-genisoimage 
ctags curl cyrus-sasl dbus diffutils dtc gettext git glib gmake gnutls gsed 
gtk3 libepoxy libffi libgcrypt libjpeg-turbo libnfs libspice-server libssh 
libtasn1 libxml2 llvm lttng-ust lzo2 meson ncurses nettle ninja opencv 
p5-Test-Harness perl5 pixman pkgconf png py38-numpy py38-pillow py38-pip 
py38-sphinx py38-sphinx_rtd_theme py38-virtualenv py38-yaml python3 rpm2cpio 
sdl2 sdl2_image snappy spice-protocol tesseract texinfo usbredir virglrenderer 
vte3 zstd'
+PYPI_PKGS=''
+PYTHON='/usr/local/bin/python3'
diff --git a/.gitlab-ci.d/cirrus/freebsd-13.vars 
b/.gitlab-ci.d/cirrus/freebsd-13.vars
index 323fe806d5..7b44dba324 100644
--- a/.gitlab-ci.d/cirrus/freebsd-13.vars
+++ b/.gitlab-ci.d/cirrus/freebsd-13.vars
@@ -2,12 +2,15 @@
 #
 #  $ lcitool variables freebsd-13 qemu
 #
-# 
https://gitlab.com/libvirt/libvirt-ci/-/commit/c7e275ab27ac0dcd09da290817b9adeea1fd1eb1
+# https://gitlab.com/libvirt/libvirt-ci
 
-PACKAGING_COMMAND='pkg'
 CCACHE='/usr/local/bin/ccache'
+CPAN_PKGS=''
+CROSS_PKGS=''
 MAKE='/usr/local/bin/gmake'
 NINJA='/usr/local/bin/ninja'
-PYTHON='/usr/local/bin/python3'
+PACKAGING_COMMAND='pkg'
 PIP3='/usr/local/bin/pip-3.8'
-PKGS='alsa-lib bash bzip2 ca_root_nss capstone4 ccache cdrkit-genisoimage 
ctags curl cyrus-sasl dbus diffutils gettext git glib gmake gnutls gsed gtk3 
libepoxy libffi libgcrypt libjpeg-turbo libnfs libspice-server libssh libtasn1 
libxml2 llvm lttng-ust lzo2 meson ncurses nettle ninja opencv p5-Test-Harness 
perl5 pixman pkgconf png py38-numpy py38-pillow py38-pip py38-sphinx 
py38-sphinx_rtd_theme py38-virtualenv py38-yaml python3 rpm2cpio sdl2 
sdl2_image snappy spice-protocol tesseract texinfo usbredir virglrenderer vte3 
zstd'
+PKGS='alsa-lib bash bzip2 ca_root_nss capstone4 ccache cdrkit-genisoimage 
ctags curl cyrus-sasl dbus diffutils dtc gettext git glib gmake gnutls gsed 
gtk3 libepoxy libffi libgcrypt libjpeg-turbo libnfs libspice-server libssh 
libtasn1 libxml2 llvm lttng-ust lzo2 meson ncurses nettle ninja opencv 
p5-Test-Harness perl5 pixman pkgconf png py38-numpy py38-pillow py38-pip 
py38-sphinx py38-sphinx_rtd_theme py38-virtualenv py38-yaml python3 rpm2cpio 
sdl2 sdl2_image snappy spice-protocol tesseract texinfo usbredir virglrenderer 
vte3 zstd'
+PYPI_PKGS=''
+PYTHON='/usr/local/bin/python3'
diff --git a/.gitlab-ci.d/cirrus/macos-11.vars 
b/.gitlab-ci.d/cirrus/macos-11.vars
index cbec8a44a3..613d1373c2 100644
--- a/.gitlab-ci.d/cirrus/macos-11.vars
+++ b/.gitlab-ci.d/cirrus/macos-11.vars
@@ -2,14 +2,15 @@
 #
 #  $ lcitool variables macos-11 qemu
 #
-# 
https://gitlab.com/libvirt/libvirt-ci/-/commit/c7e275ab27ac0dcd09da290817b9adeea1fd1eb1
+# https://gitlab.com/libvirt/libvirt-ci
 
-PACKAGING_COMMAND='brew'
 CCACHE='/usr/local/bin/ccache'
+CPAN_PKGS='Test::Harness'
+CROSS_PKGS=''
 MAKE='/usr/local/bin/gmake'
 NINJA='/usr/local/bin/ninja'
-PYTHON='/usr/local/bin/python3'
+PACKAGING_COMMAND='brew'
 PIP3='/usr/local/bin/pip3'
-PKGS='bash bc bzip2 capstone ccache cpanminus ctags curl dbus diffutils gcovr 
gettext git glib gnu-sed gnutls gtk+3 jemalloc jpeg-turbo libepoxy libffi 
libgcrypt libiscsi libnfs libpng libslirp libssh libt

[PULL 30/31] docker: include bison in debian-tricore-cross

[Alex Bennée]

From: Paolo Bonzini 

Binutils sometimes fail to build if bison is not installed:

  /bin/sh ./ylwrap `test -f arparse.y || echo ./`arparse.y y.tab.c arparse.c 
y.tab.h arparse.h y.output arparse.output --  -d
  ./ylwrap: 109: ./ylwrap: -d: not found

(the correct invocation of ylwrap would have "bison -d" after the double
dash).  Work around by installing it in the container.

Signed-off-by: Paolo Bonzini 
Reviewed-by: Philippe Mathieu-Daudé 
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/596
Reviewed-by: Richard Henderson 
Message-Id: <2021122624.352804-1-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220105135009.1584676-34-alex.ben...@linaro.org>

diff --git a/tests/docker/dockerfiles/debian-tricore-cross.docker 
b/tests/docker/dockerfiles/debian-tricore-cross.docker
index d8df2c6117..3f6b55562c 100644
--- a/tests/docker/dockerfiles/debian-tricore-cross.docker
+++ b/tests/docker/dockerfiles/debian-tricore-cross.docker
@@ -16,6 +16,7 @@ MAINTAINER Philippe Mathieu-Daudé 
 RUN apt update && \
 DEBIAN_FRONTEND=noninteractive apt install -yy eatmydata && \
 DEBIAN_FRONTEND=noninteractive eatmydata apt install -yy \
+   bison \
bzip2 \
ca-certificates \
ccache \
-- 
2.30.2

[PULL 22/31] monitor: move x-query-profile into accel/tcg to fix build

[Alex Bennée]

As --enable-profiler isn't defended in CI we missed this breakage.
Move the qmp handler into accel/tcg so we have access to the helpers
we need. While we are at it ensure we gate the feature on CONFIG_TCG.

Signed-off-by: Alex Bennée 
Suggested-by: Daniel P. Berrangé 
Reported-by: Mark Cave-Ayland 
Fixes: 37087fde0e ("qapi: introduce x-query-profile QMP command")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/773
Reviewed-by: Daniel P. Berrangé 
Tested-by: Mark Cave-Ayland 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20220105135009.1584676-23-alex.ben...@linaro.org>

diff --git a/qapi/machine.json b/qapi/machine.json
index b6a37e17c4..c87c81b803 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -1503,6 +1503,7 @@
 ##
 { 'command': 'x-query-profile',
   'returns': 'HumanReadableText',
+  'if': 'CONFIG_TCG',
   'features': [ 'unstable' ] }
 
 ##
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 409ec8c38c..8b4cd6c59d 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -1090,4 +1090,35 @@ HumanReadableText *qmp_x_query_opcount(Error **errp)
 return human_readable_text_from_str(buf);
 }
 
+#ifdef CONFIG_PROFILER
+
+int64_t dev_time;
+
+HumanReadableText *qmp_x_query_profile(Error **errp)
+{
+g_autoptr(GString) buf = g_string_new("");
+static int64_t last_cpu_exec_time;
+int64_t cpu_exec_time;
+int64_t delta;
+
+cpu_exec_time = tcg_cpu_exec_time();
+delta = cpu_exec_time - last_cpu_exec_time;
+
+g_string_append_printf(buf, "async time  %" PRId64 " (%0.3f)\n",
+   dev_time, dev_time / 
(double)NANOSECONDS_PER_SECOND);
+g_string_append_printf(buf, "qemu time   %" PRId64 " (%0.3f)\n",
+   delta, delta / (double)NANOSECONDS_PER_SECOND);
+last_cpu_exec_time = cpu_exec_time;
+dev_time = 0;
+
+return human_readable_text_from_str(buf);
+}
+#else
+HumanReadableText *qmp_x_query_profile(Error **errp)
+{
+error_setg(errp, "Internal profiler not compiled");
+return NULL;
+}
+#endif
+
 #endif /* !CONFIG_USER_ONLY */
diff --git a/monitor/qmp-cmds.c b/monitor/qmp-cmds.c
index 14e3beeaaf..db4d186448 100644
--- a/monitor/qmp-cmds.c
+++ b/monitor/qmp-cmds.c
@@ -368,37 +368,6 @@ void qmp_display_reload(DisplayReloadOptions *arg, Error 
**errp)
 }
 }
 
-#ifdef CONFIG_PROFILER
-
-int64_t dev_time;
-
-HumanReadableText *qmp_x_query_profile(Error **errp)
-{
-g_autoptr(GString) buf = g_string_new("");
-static int64_t last_cpu_exec_time;
-int64_t cpu_exec_time;
-int64_t delta;
-
-cpu_exec_time = tcg_cpu_exec_time();
-delta = cpu_exec_time - last_cpu_exec_time;
-
-g_string_append_printf(buf, "async time  %" PRId64 " (%0.3f)\n",
-   dev_time, dev_time / 
(double)NANOSECONDS_PER_SECOND);
-g_string_append_printf(buf, "qemu time   %" PRId64 " (%0.3f)\n",
-   delta, delta / (double)NANOSECONDS_PER_SECOND);
-last_cpu_exec_time = cpu_exec_time;
-dev_time = 0;
-
-return human_readable_text_from_str(buf);
-}
-#else
-HumanReadableText *qmp_x_query_profile(Error **errp)
-{
-error_setg(errp, "Internal profiler not compiled");
-return NULL;
-}
-#endif
-
 static int qmp_x_query_rdma_foreach(Object *obj, void *opaque)
 {
 RdmaProvider *rdma;
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
index 407a1da800..e90f20a107 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
@@ -358,6 +358,7 @@ SRST
 Show host USB devices.
 ERST
 
+#if defined(CONFIG_TCG)
 {
 .name   = "profile",
 .args_type  = "",
@@ -365,6 +366,7 @@ ERST
 .help   = "show profiling information",
 .cmd_info_hrt = qmp_x_query_profile,
 },
+#endif
 
 SRST
   ``info profile``
-- 
2.30.2

[PULL 09/31] tests/docker: auto-generate fedora.docker with lcitool

[Alex Bennée]

From: Daniel P. Berrangé 

This commit is best examined using the "-b" option to diff.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrangé 
Signed-off-by: Alex Bennée 
Message-Id: <20211215141949.3512719-10-berra...@redhat.com>
Message-Id: <20220105135009.1584676-10-alex.ben...@linaro.org>

diff --git a/tests/docker/dockerfiles/fedora.docker 
b/tests/docker/dockerfiles/fedora.docker
index 855aefaac5..6784878b56 100644
--- a/tests/docker/dockerfiles/fedora.docker
+++ b/tests/docker/dockerfiles/fedora.docker
@@ -1,118 +1,148 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile fedora-35 qemu
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
 FROM registry.fedoraproject.org/fedora:35
 
-# Please keep this list sorted alphabetically
-ENV PACKAGES \
-SDL2-devel \
-SDL2_image-devel \
-alsa-lib-devel \
-bc \
-brlapi-devel \
-bzip2 \
-bzip2-devel \
-ca-certificates \
-capstone-devel \
-ccache \
-clang \
-ctags \
-cyrus-sasl-devel \
-daxctl-devel \
-dbus-daemon \
-device-mapper-multipath-devel \
-diffutils \
-findutils \
-gcc \
-gcc-c++ \
-gcovr \
-genisoimage \
-gettext \
-git \
-glib2-devel \
-glibc-langpack-en \
-glibc-static \
-glusterfs-api-devel \
-gnutls-devel \
-gtk3-devel \
-hostname \
-jemalloc-devel \
-libaio-devel \
-libasan \
-libattr-devel \
-libbpf-devel \
-libcacard-devel \
-libcap-ng-devel \
-libcurl-devel \
-libdrm-devel \
-libepoxy-devel \
-libfdt-devel \
-libffi-devel \
-libgcrypt-devel \
-libiscsi-devel \
-libjpeg-devel \
-libnfs-devel \
-libpmem-devel \
-libpng-devel \
-librbd-devel \
-libseccomp-devel \
-libselinux-devel \
-libslirp-devel \
-libssh-devel \
-libtasn1-devel \
-libubsan \
-libudev-devel \
-liburing-devel \
-libusbx-devel \
-libxml2-devel \
-libzstd-devel \
-llvm \
-lttng-ust-devel \
-lzo-devel \
-make \
-mesa-libgbm-devel \
-meson \
-ncurses-devel \
-nettle-devel \
-ninja-build \
-nmap-ncat \
-numactl-devel \
-openssh-clients \
-pam-devel \
-perl-Test-Harness \
-perl-base \
-pixman-devel \
-pkgconfig \
-pulseaudio-libs-devel \
-python3 \
-python3-PyYAML \
-python3-numpy \
-python3-opencv \
-python3-pillow \
-python3-pip \
-python3-sphinx \
-python3-sphinx_rtd_theme \
-python3-virtualenv \
-rdma-core-devel \
-rpm \
-sed \
-snappy-devel \
-sparse \
-spice-protocol \
-spice-server-devel \
-systemd-devel \
-systemtap-sdt-devel \
-tar \
-tesseract \
-tesseract-langpack-eng \
-texinfo \
-usbredir-devel \
-util-linux \
-virglrenderer-devel \
-vte291-devel \
-which \
-xen-devel \
-xfsprogs-devel \
-zlib-devel
-ENV QEMU_CONFIGURE_OPTS --python=/usr/bin/python3
+RUN dnf install -y nosync && \
+echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+chmod +x /usr/bin/nosync && \
+nosync dnf update -y && \
+nosync dnf install -y \
+SDL2-devel \
+SDL2_image-devel \
+alsa-lib-devel \
+bash \
+bc \
+brlapi-devel \
+bzip2 \
+bzip2-devel \
+ca-certificates \
+capstone-devel \
+ccache \
+clang \
+ctags \
+cyrus-sasl-devel \
+daxctl-devel \
+dbus-daemon \
+device-mapper-multipath-devel \
+diffutils \
+findutils \
+gcc \
+gcc-c++ \
+gcovr \
+genisoimage \
+gettext \
+git \
+glib2-devel \
+glib2-static \
+glibc-langpack-en \
+glibc-static \
+glusterfs-api-devel \
+gnutls-devel \
+gtk3-devel \
+hostname \
+jemalloc-devel \
+libaio-devel \
+libasan \
+libattr-devel \
+libbpf-devel \
+libcacard-devel \
+libcap-ng-devel \
+libcurl-devel \
+libdrm-devel \
+libepoxy-devel \
+libfdt-devel \
+libffi-devel \
+libgcrypt-devel \
+libiscsi-devel \
+libjpeg-devel \
+libnfs-devel \
+libpmem-devel \
+libpng-devel \
+librbd-devel \
+libseccomp-devel \
+libselinux-devel \
+libslirp-devel \
+libssh-devel \
+libtasn1-devel \
+libubsan \
+libudev-devel \
+liburing-devel \
+libusbx-devel \
+libxml2-devel \
+libzstd-devel \
+llvm \
+lttng-ust-devel \
+lzo-devel \
+make \
+mesa-libgbm-devel \
+meson \
+ncurses-devel \
+nettle-devel \
+ 

[PULL 28/31] test/tcg/ppc64le: Add float reference files

[Alex Bennée]

From: Richard Henderson 

Generated on Power9, PowerNV 9006-22P.

Signed-off-by: Richard Henderson 
Signed-off-by: Alex Bennée 
Message-Id: <20211224035541.2159966-3-richard.hender...@linaro.org>
Message-Id: <20220105135009.1584676-30-alex.ben...@linaro.org>

diff --git a/tests/tcg/ppc64le/float_convs.ref 
b/tests/tcg/ppc64le/float_convs.ref
new file mode 100644
index 00..6e6f636834
--- /dev/null
+++ b/tests/tcg/ppc64le/float_convs.ref
@@ -0,0 +1,748 @@
+### Rounding to nearest
+from single: f32(-nan:0xffa0)
+  to double: f64(-nan:0x00fff4) (OK)
+   to int32: -2147483648 (INVALID)
+   to int64: -9223372036854775808 (INVALID)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from single: f32(-nan:0xffc0)
+  to double: f64(-nan:0x00fff8) (OK)
+   to int32: -2147483648 (INVALID)
+   to int64: -9223372036854775808 (INVALID)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from single: f32(-inf:0xff80)
+  to double: f64(-inf:0x00fff0) (OK)
+   to int32: -2147483648 (INVALID)
+   to int64: -9223372036854775808 (INVALID)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from single: f32(-0x1.fe00p+127:0xff7f)
+  to double: f64(-0x1.fe00p+127:0x00c7efe000) (OK)
+   to int32: -2147483648 (INVALID)
+   to int64: -9223372036854775808 (INVALID)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from single: f32(-0x1.1874b200p+103:0xf30c3a59)
+  to double: f64(-0x1.1874b200p+103:0x00c661874b2000) (OK)
+   to int32: -2147483648 (INVALID)
+   to int64: -9223372036854775808 (INVALID)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from single: f32(-0x1.c0bab600p+99:0xf1605d5b)
+  to double: f64(-0x1.c0bab600p+99:0x00c62c0bab6000) (OK)
+   to int32: -2147483648 (INVALID)
+   to int64: -9223372036854775808 (INVALID)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from single: f32(-0x1.31f75000p-40:0xab98fba8)
+  to double: f64(-0x1.31f75000p-40:0x00bd731f75) (OK)
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INEXACT )
+  to uint64: 0 (INEXACT )
+from single: f32(-0x1.50544400p-66:0x9ea82a22)
+  to double: f64(-0x1.50544400p-66:0x00bbd505444000) (OK)
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INEXACT )
+  to uint64: 0 (INEXACT )
+from single: f32(-0x1.p-126:0x8080)
+  to double: f64(-0x1.p-126:0x00b810) (OK)
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INEXACT )
+  to uint64: 0 (INEXACT )
+from single: f32(0x0.p+0:00)
+  to double: f64(0x0.p+0:) (OK)
+   to int32: 0 (OK)
+   to int64: 0 (OK)
+  to uint32: 0 (OK)
+  to uint64: 0 (OK)
+from single: f32(0x1.p-126:0x0080)
+  to double: f64(0x1.p-126:0x003810) (OK)
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INEXACT )
+  to uint64: 0 (INEXACT )
+from single: f32(0x1.p-25:0x3300)
+  to double: f64(0x1.p-25:0x003e60) (OK)
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INEXACT )
+  to uint64: 0 (INEXACT )
+from single: f32(0x1.e600p-25:0x3373)
+  to double: f64(0x1.e600p-25:0x003e6e6000) (OK)
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INEXACT )
+  to uint64: 0 (INEXACT )
+from single: f32(0x1.ff801a00p-15:0x387fc00d)
+  to double: f64(0x1.ff801a00p-15:0x003f0ff801a000) (OK)
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INEXACT )
+  to uint64: 0 (INEXACT )
+from single: f32(0x1.0c00p-14:0x3886)
+  to double: f64(0x1.0c00p-14:0x003f10c000) (OK)
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INEXACT )
+  to uint64: 0 (INEXACT )
+from single: f32(0x1.p+0:0x3f80)
+  to double: f64(0x1.p+0:0x003ff0) (OK)
+   to int32: 1 (OK)
+   to int64: 1 (OK)
+  to uint32: 1 (OK)
+  to uint64: 1 (OK)
+from single: f32(0x1.0040p+0:0x3f802000)
+  to double: f64(0x1.0040p+0:0x003ff00400) (OK)
+   to int32: 1 (INEXACT )
+   to int64: 1 (INEXACT )
+  to uint32: 1 (INEXACT )
+  to uint64: 1 (INEXACT )
+from single: f32(0x1.p+1:0x4000)
+  to double: f64(0x1.p+1:0x004000) (OK)
+   to int32: 2 (OK)
+   to int64: 2 (OK)
+  to uint32: 2 (OK)
+  to uint64: 2 (OK)
+from single: f32(0x1.5bf0a800p+1:0x402df854)
+  to double: f64(0x1.5bf0a800p+1:0x004005bf0a8000) (OK)
+   to int32: 2 (INEXACT )
+   to int64: 2 (INEXACT )
+  to uint32: 2 (INEXACT )
+  to uint64

[PATCH 1/2] hw/virtio: add boilerplate for vhost-user-gpio device

[Viresh Kumar]

This creates the QEMU side of the vhost-user-gpio device which connects
to the remote daemon. It is based of vhost-user-i2c code.

Signed-off-by: Viresh Kumar 
---
 hw/virtio/Kconfig   |   5 +
 hw/virtio/meson.build   |   1 +
 hw/virtio/vhost-user-gpio.c | 343 
 include/hw/virtio/vhost-user-gpio.h |  35 +++
 4 files changed, 384 insertions(+)
 create mode 100644 hw/virtio/vhost-user-gpio.c
 create mode 100644 include/hw/virtio/vhost-user-gpio.h

diff --git a/hw/virtio/Kconfig b/hw/virtio/Kconfig
index c144d42f9bd0..b16a63609530 100644
--- a/hw/virtio/Kconfig
+++ b/hw/virtio/Kconfig
@@ -59,6 +59,11 @@ config VIRTIO_MEM
 depends on VIRTIO_MEM_SUPPORTED
 select MEM_DEVICE
 
+config VHOST_USER_GPIO
+bool
+default y
+depends on VIRTIO && VHOST_USER
+
 config VHOST_USER_I2C
 bool
 default y
diff --git a/hw/virtio/meson.build b/hw/virtio/meson.build
index 521f7d64a86a..c7e67adff337 100644
--- a/hw/virtio/meson.build
+++ b/hw/virtio/meson.build
@@ -29,6 +29,7 @@ virtio_ss.add(when: 'CONFIG_VHOST_USER_I2C', if_true: 
files('vhost-user-i2c.c'))
 virtio_ss.add(when: ['CONFIG_VIRTIO_PCI', 'CONFIG_VHOST_USER_I2C'], if_true: 
files('vhost-user-i2c-pci.c'))
 virtio_ss.add(when: 'CONFIG_VHOST_USER_RNG', if_true: 
files('vhost-user-rng.c'))
 virtio_ss.add(when: ['CONFIG_VHOST_USER_RNG', 'CONFIG_VIRTIO_PCI'], if_true: 
files('vhost-user-rng-pci.c'))
+virtio_ss.add(when: 'CONFIG_VHOST_USER_GPIO', if_true: 
files('vhost-user-gpio.c'))
 
 virtio_pci_ss = ss.source_set()
 virtio_pci_ss.add(when: 'CONFIG_VHOST_VSOCK', if_true: 
files('vhost-vsock-pci.c'))
diff --git a/hw/virtio/vhost-user-gpio.c b/hw/virtio/vhost-user-gpio.c
new file mode 100644
index ..c5f67c0104a9
--- /dev/null
+++ b/hw/virtio/vhost-user-gpio.c
@@ -0,0 +1,343 @@
+/*
+ * Vhost-user GPIO virtio device
+ *
+ * Copyright (c) 2022 Viresh Kumar 
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "hw/qdev-properties.h"
+#include "hw/virtio/virtio-bus.h"
+#include "hw/virtio/vhost-user-gpio.h"
+#include "qemu/error-report.h"
+#include "standard-headers/linux/virtio_ids.h"
+
+static const int feature_bits[] = {
+VIRTIO_GPIO_F_IRQ
+};
+
+static void vu_gpio_get_config(VirtIODevice *vdev, uint8_t *config)
+{
+VHostUserGPIO *gpio = VHOST_USER_GPIO(vdev);
+
+memcpy(config, &gpio->config, sizeof(gpio->config));
+}
+
+static int vu_gpio_config_notifier(struct vhost_dev *dev)
+{
+VHostUserGPIO *gpio = VHOST_USER_GPIO(dev->vdev);
+
+memcpy(dev->vdev->config, &gpio->config, sizeof(gpio->config));
+virtio_notify_config(dev->vdev);
+
+return 0;
+}
+
+const VhostDevConfigOps gpio_ops = {
+.vhost_dev_config_notifier = vu_gpio_config_notifier,
+};
+
+static int vu_gpio_start(VirtIODevice *vdev)
+{
+BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(vdev)));
+VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
+VHostUserGPIO *gpio = VHOST_USER_GPIO(vdev);
+int ret, i;
+
+if (!k->set_guest_notifiers) {
+error_report("binding does not support guest notifiers");
+return -ENOSYS;
+}
+
+ret = vhost_dev_enable_notifiers(&gpio->vhost_dev, vdev);
+if (ret < 0) {
+error_report("Error enabling host notifiers: %d", ret);
+return ret;
+}
+
+ret = k->set_guest_notifiers(qbus->parent, gpio->vhost_dev.nvqs, true);
+if (ret < 0) {
+error_report("Error binding guest notifier: %d", ret);
+goto err_host_notifiers;
+}
+
+gpio->vhost_dev.acked_features = vdev->guest_features;
+
+ret = vhost_dev_start(&gpio->vhost_dev, vdev);
+if (ret < 0) {
+error_report("Error starting vhost-user-gpio: %d", ret);
+goto err_guest_notifiers;
+}
+
+/*
+ * guest_notifier_mask/pending not used yet, so just unmask
+ * everything here. virtio-pci will do the right thing by
+ * enabling/disabling irqfd.
+ */
+for (i = 0; i < gpio->vhost_dev.nvqs; i++) {
+vhost_virtqueue_mask(&gpio->vhost_dev, vdev, i, false);
+}
+
+return 0;
+
+err_guest_notifiers:
+k->set_guest_notifiers(qbus->parent, gpio->vhost_dev.nvqs, false);
+err_host_notifiers:
+vhost_dev_disable_notifiers(&gpio->vhost_dev, vdev);
+
+return ret;
+}
+
+static void vu_gpio_stop(VirtIODevice *vdev)
+{
+VHostUserGPIO *gpio = VHOST_USER_GPIO(vdev);
+BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(vdev)));
+VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
+int ret;
+
+if (!k->set_guest_notifiers) {
+return;
+}
+
+vhost_dev_stop(&gpio->vhost_dev, vdev);
+
+ret = k->set_guest_notifiers(qbus->parent, gpio->vhost_dev.nvqs, false);
+if (ret < 0) {
+error_report("vhost guest notifier cleanup failed: %d", ret);
+return;
+}
+
+vhost_dev_disable_notifiers(&gpio->vhost_dev, vdev);
+}
+
+static void vu_gpio_set_status(VirtIODevice *vdev, uint8_t status)

[PULL 25/31] linux-user/elfload: add extra logging for hole finding

[Alex Bennée]

The various approaches to finding memory holes are quite complicated
to follow especially at a distance. Improve the logging so we can see
exactly what method found the space for the guest memory.

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Warner Losh 
Message-Id: <20220105135009.1584676-26-alex.ben...@linaro.org>

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 329b2375ef..8ef0626eb0 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -2267,6 +2267,9 @@ static void pgb_have_guest_base(const char *image_name, 
abi_ulong guest_loaddr,
 if (test != addr) {
 pgb_fail_in_use(image_name);
 }
+qemu_log_mask(CPU_LOG_PAGE,
+  "%s: base @ %p for " TARGET_ABI_FMT_ld " bytes\n",
+  __func__, addr, guest_hiaddr - guest_loaddr);
 }
 
 /**
@@ -2309,6 +2312,9 @@ static uintptr_t pgd_find_hole_fallback(uintptr_t 
guest_size, uintptr_t brk,
 if (mmap_start != MAP_FAILED) {
 munmap(mmap_start, guest_size);
 if (mmap_start == (void *) align_start) {
+qemu_log_mask(CPU_LOG_PAGE,
+  "%s: base @ %p for %" PRIdPTR" bytes\n",
+  __func__, mmap_start + offset, guest_size);
 return (uintptr_t) mmap_start + offset;
 }
 }
@@ -2388,6 +2394,12 @@ static uintptr_t pgb_find_hole(uintptr_t guest_loaddr, 
uintptr_t guest_size,
 }
 free_self_maps(maps);
 
+if (ret != -1) {
+qemu_log_mask(CPU_LOG_PAGE, "%s: base @ %" PRIxPTR
+  " for %" PRIuPTR " bytes\n",
+  __func__, ret, guest_size);
+}
+
 return ret;
 }
 
@@ -2439,6 +2451,9 @@ static void pgb_static(const char *image_name, abi_ulong 
orig_loaddr,
 }
 
 guest_base = addr;
+
+qemu_log_mask(CPU_LOG_PAGE, "%s: base @ %"PRIxPTR" for %" PRIuPTR" 
bytes\n",
+  __func__, addr, hiaddr - loaddr);
 }
 
 static void pgb_dynamic(const char *image_name, long align)
@@ -2495,6 +2510,9 @@ static void pgb_reserved_va(const char *image_name, 
abi_ulong guest_loaddr,
  "using -R option)", reserved_va, test, strerror(errno));
 exit(EXIT_FAILURE);
 }
+
+qemu_log_mask(CPU_LOG_PAGE, "%s: base @ %p for %lu bytes\n",
+  __func__, addr, reserved_va);
 }
 
 void probe_guest_base(const char *image_name, abi_ulong guest_loaddr,
-- 
2.30.2

Re: Looking for advise on debugging a non-boot kernel on qemu-system-sh4

[John Paul Adrian Glaubitz]

Hi Zoltan!

On 10/26/21 00:40, BALATON Zoltan wrote:
> On Tue, 26 Oct 2021, John Paul Adrian Glaubitz wrote:
>> Hi Zoltan!
>>
>> On 10/23/21 15:22, BALATON Zoltan wrote:
 You either need to strip the kernel with "strip vmlinux" or use the image 
 from arch/sh/
 boot/zImage.
>>>
>>> I've actually used that kernel but looked at the wrong uncompressed size, 
>>> it's indeed just
>>> 9.2MB when stripped so that should work. I was trying to debug further and 
>>> found two problems:
>>>
>>> Commit abb0cd93494 (accel/tcg: Split out log_cpu_exec) seems to have broken 
>>> -singlestep -d in_asm,cpu
>>> output with sh after a delay slot. Since that commit I get:
>>> (...)
>>> This seems to take a wrong turn at the delayed branch and somehow ends up 
>>> at 0x8c800964 instead of
>>> 0x8c801528 but I'm not sure where to look firther why. I'm cc-ing Richard 
>>> for both the -d cpu and
>>> this hoping he has some more insight.
>>
>> Shall we open a bug report?
> 
> Well, we don't know yet what to put in the bug report apart from there is 
> some bug somewhere. That's
> not too useful. I now understand that the -d output is not showing already 
> translated TBs (I knew this
> but most of the time with -singlestep it gives good results anyway) but here 
> it runs the loops without
> further output then we only see the first loop iteration and the end result. 
> So the problem is not that
> it goes to 0x8c800964 as I think that's part of the loop for decompressing 
> the kernel but it seems
> something is overwriting 0x8c800964 while it still expects to run code from 
> there but I don't know what
> and why. One way to find could be to disassemble the kernel code and compare 
> that with the -d output and
> check every instruction manually but that takes a lot of time or if you have 
> a cross debugger you could
> try attaching that to QEMU and try to debug it that way but I don't have that 
> either. Any other idea how
> to find out what is happening?

Robert Święcki (CC'ed) found out that disabling tracing support makes Debian's 
kernel bootable [1].

Not sure if this is a kernel bug or a QEMU bug then. Does QEMU have any support 
for kernel tracing?

Adrian

> [1] https://marc.info/?l=linux-sh&m=164193147916418&w=2

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Re: [PATCH] target/ppc: Add extra float instructions to POWER5P processors

[Cédric Le Goater]

On 1/10/22 17:19, Cédric Le Goater wrote:

ISA v2.03 introduced Floating Round to Integer instructions : frin,
friz, frip, and frim. Add them to POWER5+.

The PPC_FLOAT_EXT flag also includes the fre (Floating Reciprocal
Estimate) instruction which was introduced in ISA v2.0x. The
architecture document says its optional and that might the reason why
it has been kept under the PPC_FLOAT_EXT. This means 970 CPUs can not
use it under QEMU.

Signed-off-by: Cédric Le Goater 



Applied to ppc7.0.

Thanks,

C.

[PULL 23/31] docs/devel: update C standard to C11

[Alex Bennée]

Since 8a9d3d5640 (configure: Use -std=gnu11) we have allowed C11 code
so lets reflect that in the style guide.

Signed-off-by: Alex Bennée 
Reviewed-by: Daniel P. Berrangé 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20220105135009.1584676-24-alex.ben...@linaro.org>

diff --git a/docs/devel/style.rst b/docs/devel/style.rst
index 9c5c0fffd9..4f770002a7 100644
--- a/docs/devel/style.rst
+++ b/docs/devel/style.rst
@@ -483,11 +483,11 @@ of arguments.
 C standard, implementation defined and undefined behaviors
 ==
 
-C code in QEMU should be written to the C99 language specification. A copy
-of the final version of the C99 standard with corrigenda TC1, TC2, and TC3
-included, formatted as a draft, can be downloaded from:
+C code in QEMU should be written to the C11 language specification. A
+copy of the final version of the C11 standard formatted as a draft,
+can be downloaded from:
 
-``_
+``_
 
 The C language specification defines regions of undefined behavior and
 implementation defined behavior (to give compiler authors enough leeway to
-- 
2.30.2