Re: [PATCH] target/riscv: fix inverted checks for ext_zb[abcs]

[Alistair Francis]

On Tue, Mar 1, 2022 at 11:28 AM Vineet Gupta  wrote:
>
> Hi Alistair,
>
> On 2/3/22 16:59, Alistair Francis wrote:
> > On Fri, Feb 4, 2022 at 1:42 AM Philipp Tomsich  
> > wrote:
> >>
> >> While changing to the use of cfg_ptr, the conditions for REQUIRE_ZB[ABCS]
> >> inadvertently became inverted and slipped through the initial testing 
> >> (which
> >> used RV64GC_XVentanaCondOps as a target).
> >> This fixes the regression.
> >>
> >> Tested against SPEC2017 w/ GCC 12 (prerelease) for RV64GC_zba_zbb_zbc_zbs.
> >>
> >> Fixes: 718143c126 ("target/riscv: add a MAINTAINERS entry for 
> >> XVentanaCondOps")
> >>
> >> Signed-off-by: Philipp Tomsich 
> >
> > Reviewed-by: Alistair Francis 
> >
> >>
> >> ---
> >> We may want to squash this onto the affected commit, if it hasn't made
> >> it beyond the next-tree, yet.
> >
> > Yeah, agreed. I'll squash it in
> >
> > Alistair
>
> Has this already been committed upstream. I was running into weird issue
> related to bitmanip and seems this was missing in my local tree.
>
> Also the "Fixes: " entry in changelog doesn't seem OK; the issue seems
> to have been introduced in f2a32bec8f0da99 ("target/riscv: access cfg
> structure through DisasContext")

Thanks, I have fixed the fixes tag and the indentation, I'll try and
send a PR this week or early next week.

Alistair

>
> Thx,
> -Vineet
>
> >
> >>
> >>   target/riscv/insn_trans/trans_rvb.c.inc | 8 
> >>   1 file changed, 4 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/target/riscv/insn_trans/trans_rvb.c.inc 
> >> b/target/riscv/insn_trans/trans_rvb.c.inc
> >> index f9bd3b7ec4..e3c6b459d6 100644
> >> --- a/target/riscv/insn_trans/trans_rvb.c.inc
> >> +++ b/target/riscv/insn_trans/trans_rvb.c.inc
> >> @@ -19,25 +19,25 @@
> >>*/
> >>
> >>   #define REQUIRE_ZBA(ctx) do {\
> >> -if (ctx->cfg_ptr->ext_zba) { \
> >> +if (!ctx->cfg_ptr->ext_zba) { \
> >>   return false;\
> >>   }\
> >>   } while (0)
> >>
> >>   #define REQUIRE_ZBB(ctx) do {\
> >> -if (ctx->cfg_ptr->ext_zbb) { \
> >> +if (!ctx->cfg_ptr->ext_zbb) { \
> >>   return false;\
> >>   }\
> >>   } while (0)
> >>
> >>   #define REQUIRE_ZBC(ctx) do {\
> >> -if (ctx->cfg_ptr->ext_zbc) { \
> >> +if (!ctx->cfg_ptr->ext_zbc) { \
> >>   return false;\
> >>   }\
> >>   } while (0)
> >>
> >>   #define REQUIRE_ZBS(ctx) do {\
> >> -if (ctx->cfg_ptr->ext_zbs) { \
> >> +if (!ctx->cfg_ptr->ext_zbs) { \
> >>   return false;\
> >>   }\
> >>   } while (0)
> >> --
> >> 2.34.1
> >>
> >>
> >
> >
>

Re: [PATCH v2 3/3] q35: compat: keep hotplugged PCIe device broken after migration for 6.2 and older machine types

[Igor Mammedov]

On Tue, 1 Mar 2022 10:20:06 -0500
"Michael S. Tsirkin"  wrote:

> On Tue, Mar 01, 2022 at 10:12:00AM -0500, Igor Mammedov wrote:
> > Q35 switched to ACPI PCI hotplug by default in since 6.1
> > machine type and migration worked as expected (with BARs
> > on target being the same as on source)
> > 
> > However native PCIe fixes [1] merged in 6.2 time, regressed
> > migration part, resulting in disabled BARs on target. The
> > issue affects pc-q35-6.2 and pc-q35-6.1 machine types (and
> > older if qemu-6.2 binary is used on source with manually
> > enabled ACPI PCI hotplug).
> > 
> > Introduce x-pcihp-disable-pcie-slot-power-on-fixup compat
> > property to keep 6.2 and older machine types in broken state
> > when ACPI PCI hotplug is enabled to make sure that guest does
> > see the same PCIe device and slot on src & dst.
> > 
> > 1)
> > Fixes: d5daff7d312 (pcie: implement slot power control for pcie root ports)
> > Signed-off-by: Igor Mammedov   
> 
> I am not sure why we need this one. What's the scenario that's broken
> otherwise?

Probably none (but I won't bet on it) beside user confusion where device
sometimes works and sometimes don't for 6.1-6.2 machine types depending
on whether source runs qemu-6.2 or not.
Guest also will observe PCI_EXP_SLTCTL_PCC flip depending on source QEMU
version, but it shouldn't use it anyways since slot is under control of
ACPI CPI hotplug module.

Feel free to drop this patch if you think it's overkill.

> 
> 
> > ---
> >  include/hw/acpi/pcihp.h |  1 +
> >  hw/acpi/ich9.c  | 20 
> >  hw/acpi/pcihp.c | 11 +++
> >  hw/core/machine.c   |  4 +++-
> >  4 files changed, 31 insertions(+), 5 deletions(-)
> > 
> > diff --git a/include/hw/acpi/pcihp.h b/include/hw/acpi/pcihp.h
> > index af1a169fc3..2436151678 100644
> > --- a/include/hw/acpi/pcihp.h
> > +++ b/include/hw/acpi/pcihp.h
> > @@ -52,6 +52,7 @@ typedef struct AcpiPciHpState {
> >  bool legacy_piix;
> >  uint16_t io_base;
> >  uint16_t io_len;
> > +bool disable_pcie_slot_power_on_fixup;
> >  } AcpiPciHpState;
> >  
> >  void acpi_pcihp_init(Object *owner, AcpiPciHpState *, PCIBus *root,
> > diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
> > index bd9bbade70..e3bffdef71 100644
> > --- a/hw/acpi/ich9.c
> > +++ b/hw/acpi/ich9.c
> > @@ -430,6 +430,23 @@ static void ich9_pm_set_keep_pci_slot_hpc(Object *obj, 
> > bool value, Error **errp)
> >  s->pm.keep_pci_slot_hpc = value;
> >  }
> >  
> > +static bool ich9_pm_get_disable_pcie_slot_power_on_fixup(Object *obj,
> > + Error **errp)
> > +{
> > +ICH9LPCState *s = ICH9_LPC_DEVICE(obj);
> > +
> > +return s->pm.acpi_pci_hotplug.disable_pcie_slot_power_on_fixup;
> > +}
> > +
> > +static void ich9_pm_set_disable_pcie_slot_power_on_fixup(Object *obj,
> > + bool value,
> > + Error **errp)
> > +{
> > +ICH9LPCState *s = ICH9_LPC_DEVICE(obj);
> > +
> > +s->pm.acpi_pci_hotplug.disable_pcie_slot_power_on_fixup = value;
> > +}
> > +
> >  void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm)
> >  {
> >  static const uint32_t gpe0_len = ICH9_PMIO_GPE0_LEN;
> > @@ -469,6 +486,9 @@ void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs 
> > *pm)
> >  object_property_add_bool(obj, "x-keep-pci-slot-hpc",
> >   ich9_pm_get_keep_pci_slot_hpc,
> >   ich9_pm_set_keep_pci_slot_hpc);
> > +object_property_add_bool(obj, 
> > "x-pcihp-disable-pcie-slot-power-on-fixup",
> > + ich9_pm_get_disable_pcie_slot_power_on_fixup,
> > + ich9_pm_set_disable_pcie_slot_power_on_fixup);
> >  }
> >  
> >  void ich9_pm_device_pre_plug_cb(HotplugHandler *hotplug_dev, DeviceState 
> > *dev,
> > diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
> > index 6351bd3424..4c06caf4a9 100644
> > --- a/hw/acpi/pcihp.c
> > +++ b/hw/acpi/pcihp.c
> > @@ -369,10 +369,13 @@ void acpi_pcihp_device_plug_cb(HotplugHandler 
> > *hotplug_dev, AcpiPciHpState *s,
> >  }
> >  
> >  bus = pci_get_bus(pdev);
> > -bridge = pci_bridge_get_device(bus);
> > -if (object_dynamic_cast(OBJECT(bridge), TYPE_PCIE_ROOT_PORT) ||
> > -object_dynamic_cast(OBJECT(bridge), TYPE_XIO3130_DOWNSTREAM)) {
> > -pcie_cap_slot_enable_power(bridge);
> > +/* compat knob to preserve pci_config as in 6.2 & older when pcihp in 
> > use */
> > +if (s->disable_pcie_slot_power_on_fixup == false) {
> > +bridge = pci_bridge_get_device(bus);
> > +if (object_dynamic_cast(OBJECT(bridge), TYPE_PCIE_ROOT_PORT) ||
> > +object_dynamic_cast(OBJECT(bridge), TYPE_XIO3130_DOWNSTREAM)) {
> > +pcie_cap_slot_enable_power(bridge);
> > +}
> >  }
> >  
> >  bsel = acpi_pcihp_get_bsel(bus);
> > diff --git a/hw/core/machine.c 

Re: propagating vmgenid outward and upward

[Michael S. Tsirkin]

On Wed, Mar 02, 2022 at 02:42:37AM -0500, Michael S. Tsirkin wrote:
> On Tue, Mar 01, 2022 at 07:37:06PM +0100, Jason A. Donenfeld wrote:
> > Hi Michael,
> > 
> > On Tue, Mar 1, 2022 at 6:17 PM Michael S. Tsirkin  wrote:
> > > Hmm okay, so it's a performance optimization... some batching then? Do
> > > you really need to worry about every packet? Every 64 packets not
> > > enough?  Packets are after all queued at NICs etc, and VM fork can
> > > happen after they leave wireguard ...
> > 
> > Unfortunately, yes, this is an "every packet" sort of thing -- if the
> > race is to be avoided in a meaningful way. It's really extra bad:
> > ChaCha20 and AES-CTR work by xoring a secret stream of bytes with
> > plaintext to produce a ciphertext. If you use that same secret stream
> > and xor it with a second plaintext and transmit that too, an attacker
> > can combine the two different ciphertexts to learn things about the
> > original plaintext.
> 
> So what about the point about packets queued then? You don't fish
> packets out of qdisc queues, do you?

Oh pls ignore it, I think I got it. Resending same packet is not
a problem, producing a new one is.

> > But, anyway, it seems like the race is here to stay given what we have
> > _currently_ available with the virtual hardware. That's why I'm
> > focused on trying to get something going that's the least bad with
> > what we've currently got, which is racy by design. How vitally
> > important is it to have something that doesn't race in the far future?
> > I don't know, really. It seems plausible that that ACPI notifier
> > triggers so early that nothing else really even has a chance, so the
> > race concern is purely theoretical. But I haven't tried to measure
> > that so I'm not sure.
> > 
> > Jason


So how about measuring the performance impact of reading the 16 byte
vmgenid then? This could be a performance option, too - some people
might want extra security, some might not care.  And I feel if linux
DTRT and reads the 16 bytes then hypervisor vendors will be motivated to
improve and add a 4 byte unique one. As long as linux is interrupt
driven there's no motivation for change.

-- 
MST

Re: propagating vmgenid outward and upward

[Michael S. Tsirkin]

On Tue, Mar 01, 2022 at 07:37:06PM +0100, Jason A. Donenfeld wrote:
> Hi Michael,
> 
> On Tue, Mar 1, 2022 at 6:17 PM Michael S. Tsirkin  wrote:
> > Hmm okay, so it's a performance optimization... some batching then? Do
> > you really need to worry about every packet? Every 64 packets not
> > enough?  Packets are after all queued at NICs etc, and VM fork can
> > happen after they leave wireguard ...
> 
> Unfortunately, yes, this is an "every packet" sort of thing -- if the
> race is to be avoided in a meaningful way. It's really extra bad:
> ChaCha20 and AES-CTR work by xoring a secret stream of bytes with
> plaintext to produce a ciphertext. If you use that same secret stream
> and xor it with a second plaintext and transmit that too, an attacker
> can combine the two different ciphertexts to learn things about the
> original plaintext.

So what about the point about packets queued then? You don't fish
packets out of qdisc queues, do you?

> But, anyway, it seems like the race is here to stay given what we have
> _currently_ available with the virtual hardware. That's why I'm
> focused on trying to get something going that's the least bad with
> what we've currently got, which is racy by design. How vitally
> important is it to have something that doesn't race in the far future?
> I don't know, really. It seems plausible that that ACPI notifier
> triggers so early that nothing else really even has a chance, so the
> race concern is purely theoretical. But I haven't tried to measure
> that so I'm not sure.
> 
> Jason

Re: [PATCH v6 27/43] hw/cxl/host: Add support for CXL Fixed Memory Windows.

[Markus Armbruster]

Jonathan Cameron via  writes:

> From: Jonathan Cameron 
>
> The concept of these is introduced in [1] in terms of the
> description the CEDT ACPI table. The principal is more general.
> Unlike once traffic hits the CXL root bridges, the host system
> memory address routing is implementation defined and effectively
> static once observable by standard / generic system software.
> Each CXL Fixed Memory Windows (CFMW) is a region of PA space
> which has fixed system dependent routing configured so that
> accesses can be routed to the CXL devices below a set of target
> root bridges. The accesses may be interleaved across multiple
> root bridges.
>
> For QEMU we could have fully specified these regions in terms
> of a base PA + size, but as the absolute address does not matter
> it is simpler to let individual platforms place the memory regions.
>
> ExampleS:
> -cxl-fixed-memory-window targets=cxl.0,size=128G
> -cxl-fixed-memory-window targets=cxl.1,size=128G
> -cxl-fixed-memory-window 
> targets=cxl0,targets=cxl.1,size=256G,interleave-granularity=2k
>
> Specifies
> * 2x 128G regions not interleaved across root bridges, one for each of
>   the root bridges with ids cxl.0 and cxl.1
> * 256G region interleaved across root bridges with ids cxl.0 and cxl.1
> with a 2k interleave granularity.
>
> When system software enumerates the devices below a given root bridge
> it can then decide which CFMW to use. If non interleave is desired
> (or possible) it can use the appropriate CFMW for the root bridge in
> question.  If there are suitable devices to interleave across the
> two root bridges then it may use the 3rd CFMS.
>
> A number of other designs were considered but the following constraints
> made it hard to adapt existing QEMU approaches to this particular problem.
> 1) The size must be known before a specific architecture / board brings
>up it's PA memory map.  We need to set up an appropriate region.
> 2) Using links to the host bridges provides a clean command line interface
>but these links cannot be established until command line devices have
>been added.
>
> Hence the two step process used here of first establishing the size,
> interleave-ways and granularity + caching the ids of the host bridges
> and then, once available finding the actual host bridges so they can
> be used later to support interleave decoding.
>
> [1] CXL 2.0 ECN: CEDT CFMWS & QTG DSM (computeexpresslink.org / 
> specifications)
>
> Signed-off-by: Jonathan Cameron 

[...]

> diff --git a/hw/cxl/cxl-host.c b/hw/cxl/cxl-host.c
> new file mode 100644
> index 00..9f303e6d8e
> --- /dev/null
> +++ b/hw/cxl/cxl-host.c

[...]

> +QemuOptsList qemu_cxl_fixed_window_opts = {
> +.name = "cxl-fixed-memory-window",
> +.implied_opt_name = "type",
> +.head = QTAILQ_HEAD_INITIALIZER(qemu_cxl_fixed_window_opts.head),
> +.desc = { { 0 } }
> +};
> +

[...]

> +static int parse_cxl_fixed_memory_window(void *opaque, QemuOpts *opts,
> + Error **errp)
> +{
> +CXLFixedMemoryWindowOptions *object = NULL;
> +MachineState *ms = MACHINE(opaque);
> +Error *err = NULL;
> +Visitor *v = opts_visitor_new(opts);
> +
> +visit_type_CXLFixedMemoryWindowOptions(v, NULL, , errp);
> +visit_free(v);
> +if (!object) {
> +return -1;
> +}
> +
> +set_cxl_fixed_memory_window_options(ms, object, );
> +
> +qapi_free_CXLFixedMemoryWindowOptions(object);
> +if (err) {
> +error_propagate(errp, err);
> +return -1;
> +}
> +
> +return 0;
> +}
> +
> +void parse_cxl_fixed_memory_window_opts(MachineState *ms)
> +{
> +qemu_opts_foreach(qemu_find_opts("cxl-fixed-memory-window"),
> +  parse_cxl_fixed_memory_window, ms, _fatal);
> +}

[...]

> diff --git a/qapi/machine.json b/qapi/machine.json
> index 42fc68403d..0998a9128d 100644
> --- a/qapi/machine.json
> +++ b/qapi/machine.json
> @@ -504,6 +504,21 @@
> 'dst': 'uint16',
> 'val': 'uint8' }}
>  
> +##
> +# @CXLFixedMemoryWindowOptions:
> +#
> +# Create a CXL Fixed Memory Window (for OptsVisitor)
> +#
> +# @targets: Target root bridge IDs

Missing: @size, @targets.

> +#
> +# Since X.X //fixme

Well, "fix me, please".

> +##
> +{ 'struct': 'CXLFixedMemoryWindowOptions',
> +  'data': {
> +  'size': 'size',
> +  '*interleave-granularity': 'size',
> +  'targets': ['str'] }}
> +
>  ##
>  # @X86CPURegister32:
>  #

[...]

> diff --git a/qemu-options.hx b/qemu-options.hx
> index ba3ae6a42a..b4d2cc6f48 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -467,6 +467,43 @@ SRST
>  -numa 
> hmat-cache,node-id=1,size=10K,level=1,associativity=direct,policy=write-back,line=8
>  ERST
>  
> +DEF("cxl-fixed-memory-window", HAS_ARG, QEMU_OPTION_cxl_fixed_memory_window,
> +"-cxl-fixed-memory-window 
> targets=firsttarget,targets=secondtarget,size=size[,interleave-granularity=granularity]\n",
> +QEMU_ARCH_ALL)
> +SRST
> +``-cxl-fixed-memory-window 

Re: [PATCH 20/20] tests: Add postcopy preempt test

[Peter Xu]

On Tue, Mar 01, 2022 at 05:00:15PM +, Dr. David Alan Gilbert wrote:
> > That's tricky, and we could have done something better.. E.g., we could
> > pass in the MigrateStart** into test_migrate_start() so it can clear it
> > when free, that's not silent use-after-free but crashing, which is better
> > in this case.
> > 
> > I feel lucky I tried..
> 
> It could at least do with a comment on test_migrate_start?

I've added one more patch there at the end of v2 for this:

[PATCH v2 25/25] tests: Pass in MigrateStart** into test_migrate_start()

Although it's at the end of the series, it can still be cleanly applied to
current master branch, too.

Thanks,

-- 
Peter Xu

Re: [PATCH v4 2/3] hw/acpi: add indication for i8042 in IA-PC boot flags of the FADT table

[Ani Sinha]

On Wed, Mar 2, 2022 at 12:50 AM Liav Albani  wrote:
>
>
> On 3/1/22 11:52, Ani Sinha wrote:
> >
> > On Tue, 1 Mar 2022, Igor Mammedov wrote:
> >
> >> On Mon, 28 Feb 2022 22:17:32 +0200
> >> Liav Albani  wrote:
> >>
> >>> This can allow the guest OS to determine more easily if i8042 controller
> >>> is present in the system or not, so it doesn't need to do probing of the
> >>> controller, but just initialize it immediately, before enumerating the
> >>> ACPI AML namespace.
> >>>
> >>> This change only applies to the x86/q35 machine type, as it uses FACP
> >>> ACPI table with revision higher than 1, which should implement at least
> >>> ACPI 2.0 features within the table, hence it can also set the IA-PC boot
> >>> flags register according to the ACPI 2.0 specification.
> >>>
> >>> Signed-off-by: Liav Albani 
> >>> ---
> >>>   hw/acpi/aml-build.c | 11 ++-
> >>>   hw/i386/acpi-build.c|  9 +
> >>>   hw/i386/acpi-microvm.c  |  9 +
> >> commit message says it's q35 specific, so wy it touched microvm anc piix4?
> > Igor is correct. Although I see that currently there are no 8042 devices
> > for microvms, maybe we should be conservative and add the code to detect
> > the device anyway. In that case, the change could affect microvms too when
> > such devices get added in the future.
> >
> >
> > echo -e "info qtree\r\nquit\r\n" | ./qemu-system-x86_64 -machine microvm
> > -monitor stdio 2>/dev/null | grep 8042
> >
> > 
>
> What about this?
>
> echo -e "info qtree\r\nquit\r\n" | qemu-system-x86_64 -machine microvm
> -device i8042 -monitor stdio 2>/dev/null | grep 8042
>
> Or this?
>
> echo -e "info mtree\r\nquit\r\n" | qemu-system-x86_64 -machine microvm
> -device i8042 -monitor stdio 2>/dev/null | grep 8042

On both occasions you are explicitly adding the device.

Re: [PATCH v4 2/3] hw/acpi: add indication for i8042 in IA-PC boot flags of the FADT table

[Ani Sinha]

On Wed, Mar 2, 2022 at 12:41 AM Liav Albani  wrote:
>
>
> On 3/1/22 13:19, Michael S. Tsirkin wrote:
> > On Tue, Mar 01, 2022 at 09:43:54AM +0100, Igor Mammedov wrote:
> >> On Mon, 28 Feb 2022 22:17:32 +0200
> >> Liav Albani  wrote:
> >>
> >>> This can allow the guest OS to determine more easily if i8042 controller
> >>> is present in the system or not, so it doesn't need to do probing of the
> >>> controller, but just initialize it immediately, before enumerating the
> >>> ACPI AML namespace.
> >>>
> >>> This change only applies to the x86/q35 machine type, as it uses FACP
> >>> ACPI table with revision higher than 1, which should implement at least
> >>> ACPI 2.0 features within the table, hence it can also set the IA-PC boot
> >>> flags register according to the ACPI 2.0 specification.
> >>>
> >>> Signed-off-by: Liav Albani 
> >>> ---
> >>>   hw/acpi/aml-build.c | 11 ++-
> >>>   hw/i386/acpi-build.c|  9 +
> >>>   hw/i386/acpi-microvm.c  |  9 +
> >> commit message says it's q35 specific, so wy it touched microvm anc piix4?
> >>
> This affect only q35 machine type for now, but what happens if the
> MicroVM ACPI FACP table is updated to use a revision that supports IA-PC
> boot flags?

microvm FACP table uses version 5. See function acpi_build_microvm().
It supports that flag already. What Igor was trying to say (and he can
correct me if I am wrong) is that lets address microvm when the need
arises, unless we already envision today that we would need IA-PC boot
flag update even for microvms in the near future. In other words, lets
not touch microvms if we do not have to, at present.

Re: [PATCH v4 3/3] tests/acpi: i386: update FACP table differences

[Ani Sinha]

On Wed, Mar 2, 2022 at 12:43 AM Liav Albani  wrote:
>
>
> On 3/1/22 13:21, Michael S. Tsirkin wrote:
> > On Tue, Mar 01, 2022 at 08:29:57AM +0530, Ani Sinha wrote:
> >>
> >> On Mon, 28 Feb 2022, Liav Albani wrote:
> >>
> >>> After changing the IAPC boot flags register to indicate support of i8042
> >>> in the machine chipset to help the guest OS to determine its existence
> >>> "faster", we need to have the updated FACP ACPI binary images in tree.
> >>>
> >>> @@ -1,32 +1,32 @@
> >>>   /*
> >>>* Intel ACPI Component Architecture
> >>>* AML/ASL+ Disassembler version 20211217 (64-bit version)
> >>>* Copyright (c) 2000 - 2021 Intel Corporation
> >>>*
> >>> - * Disassembly of tests/data/acpi/q35/FACP, Wed Feb 23 22:37:39 2022
> >>> + * Disassembly of /tmp/aml-BBFBI1, Wed Feb 23 22:37:39 2022
> > cut this out pls
> I see, this is indeed not very useful...
> >>>*
> >>>* ACPI Data Table [FACP]
> >>>*
> >>>* Format: [HexOffset DecimalOffset ByteLength]  FieldName : FieldValue 
> >>> (in hex)
> >>>*/
> >>>
> >>>   [000h    4]Signature : "FACP"[Fixed ACPI 
> >>> Description Table (FADT)]
> >>>   [004h 0004   4] Table Length : 00F4
> >>>   [008h 0008   1] Revision : 03
> >>> -[009h 0009   1] Checksum : B9
> >>> +[009h 0009   1] Checksum : B7
> > and this
> >
> >>>   [00Ah 0010   6]   Oem ID : "BOCHS "
> >>>   [010h 0016   8] Oem Table ID : "BXPC"
> >>>   [018h 0024   4] Oem Revision : 0001
> >>>   [01Ch 0028   4]  Asl Compiler ID : "BXPC"
> >>>   [020h 0032   4]Asl Compiler Revision : 0001
> >>>
> >>>   [024h 0036   4] FACS Address : 
> >>>   [028h 0040   4] DSDT Address : 
> >>>   [02Ch 0044   1]Model : 01
> >>>   [02Dh 0045   1]   PM Profile : 00 [Unspecified]
> >>>   [02Eh 0046   2]SCI Interrupt : 0009
> >>>   [030h 0048   4] SMI Command Port : 00B2
> >>>   [034h 0052   1]ACPI Enable Value : 02
> >>>   [035h 0053   1]   ACPI Disable Value : 03
> >>>   [036h 0054   1]   S4BIOS Command : 00
> >>>   [037h 0055   1]  P-State Control : 00
> >>> @@ -42,35 +42,35 @@
> >>>   [059h 0089   1] PM1 Control Block Length : 02
> >>>   [05Ah 0090   1] PM2 Control Block Length : 00
> >>>   [05Bh 0091   1]PM Timer Block Length : 04
> >>>   [05Ch 0092   1]GPE0 Block Length : 10
> >>>   [05Dh 0093   1]GPE1 Block Length : 00
> >>>   [05Eh 0094   1] GPE1 Base Offset : 00
> >>>   [05Fh 0095   1] _CST Support : 00
> >>>   [060h 0096   2]   C2 Latency : 0FFF
> >>>   [062h 0098   2]   C3 Latency : 0FFF
> >>>   [064h 0100   2]   CPU Cache Size : 
> >>>   [066h 0102   2]   Cache Flush Stride : 
> >>>   [068h 0104   1]Duty Cycle Offset : 00
> >>>   [069h 0105   1] Duty Cycle Width : 00
> >>>   [06Ah 0106   1]  RTC Day Alarm Index : 00
> >>>   [06Bh 0107   1]RTC Month Alarm Index : 00
> >>>   [06Ch 0108   1]RTC Century Index : 32
> >>> -[06Dh 0109   2]   Boot Flags (decoded below) : 
> >>> +[06Dh 0109   2]   Boot Flags (decoded below) : 0002
> >>>  Legacy Devices Supported (V2) : 0
> >>> -8042 Present on ports 60/64 (V2) : 0
> >>> +8042 Present on ports 60/64 (V2) : 1
> >>>   VGA Not Present (V4) : 0
> >>> MSI Not Supported (V4) : 0
> >>>   PCIe ASPM Not Supported (V4) : 0
> >>>  CMOS RTC Not Present (V5) : 0
> >
> > leaving just this
> >
> It will be fixed in version 5.
> >>>   [06Fh 0111   1] Reserved : 00
> >>>   [070h 0112   4]Flags (decoded below) : 84A5
> >>> WBINVD instruction is operational (V1) : 1
> >>> WBINVD flushes all caches (V1) : 0
> >>>   All CPUs support C1 (V1) : 1
> >>> C2 works on MP system (V1) : 0
> >>>   Control Method Power Button (V1) : 0
> >>>   Control Method Sleep Button (V1) : 1
> >>>   RTC wake not in fixed reg space (V1) : 0
> >>>   RTC can wake system from S4 (V1) : 1
> >>>   32-bit PM Timer (V1) : 0
> >>> Docking Supported (V1) : 0
> >>> @@ -148,32 +148,32 @@
> >>>   [0DCh 0220   1] Space ID : 01 [SystemIO]
> >>>   [0DDh 0221   1]Bit Width : 80
> >>>   [0DEh 0222   1]   Bit Offset : 00
> >>>   [0DFh 0223   1] Encoded Access Width : 00 [Undefined/Legacy]
> >>>   [0E0h 0224   8]  Address : 0620
> >>>
> >>>   [0E8h 0232  12]   GPE1 

Re: [PATCH RESEND 2/2] hw/riscv/sifive_u: Resolve redundant property accessors

[Alistair Francis]

On Wed, Mar 2, 2022 at 8:57 AM Bernhard Beschow  wrote:
>
> The QOM API already provides accessors for uint32 values, so reuse them.
>
> Signed-off-by: Bernhard Beschow 
> Reviewed-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/riscv/sifive_u.c | 24 
>  1 file changed, 4 insertions(+), 20 deletions(-)
>
> diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
> index 7fbc7dea42..747eb4ee89 100644
> --- a/hw/riscv/sifive_u.c
> +++ b/hw/riscv/sifive_u.c
> @@ -713,36 +713,20 @@ static void sifive_u_machine_set_start_in_flash(Object 
> *obj, bool value, Error *
>  s->start_in_flash = value;
>  }
>
> -static void sifive_u_machine_get_uint32_prop(Object *obj, Visitor *v,
> - const char *name, void *opaque,
> - Error **errp)
> -{
> -visit_type_uint32(v, name, (uint32_t *)opaque, errp);
> -}
> -
> -static void sifive_u_machine_set_uint32_prop(Object *obj, Visitor *v,
> - const char *name, void *opaque,
> - Error **errp)
> -{
> -visit_type_uint32(v, name, (uint32_t *)opaque, errp);
> -}
> -
>  static void sifive_u_machine_instance_init(Object *obj)
>  {
>  SiFiveUState *s = RISCV_U_MACHINE(obj);
>
>  s->start_in_flash = false;
>  s->msel = 0;
> -object_property_add(obj, "msel", "uint32",
> -sifive_u_machine_get_uint32_prop,
> -sifive_u_machine_set_uint32_prop, NULL, >msel);
> +object_property_add_uint32_ptr(obj, "msel", >msel,
> +   OBJ_PROP_FLAG_READWRITE);
>  object_property_set_description(obj, "msel",
>  "Mode Select (MSEL[3:0]) pin state");
>
>  s->serial = OTP_SERIAL;
> -object_property_add(obj, "serial", "uint32",
> -sifive_u_machine_get_uint32_prop,
> -sifive_u_machine_set_uint32_prop, NULL, >serial);
> +object_property_add_uint32_ptr(obj, "serial", >serial,
> +   OBJ_PROP_FLAG_READWRITE);
>  object_property_set_description(obj, "serial", "Board serial number");
>  }
>
> --
> 2.35.1
>
>

[ANNOUNCE] SeaBIOS 1.16.0

[Kevin O'Connor]

The 1.16.0 version of SeaBIOS has now been released.  For more
information on the release, please see:

https://seabios.org/Releases


New in this release:

* SMBIOS v3.0 support on QEMU
* Several bug fixes and code cleanups.


For information on obtaining SeaBIOS, please see:

https://seabios.org/Download


= git shortlog -n rel-1.15.0..rel-1.16.0 =

Eduardo Habkost (19):
  biostables: copy_fseg_table() function
  util.h: Delete unused get_smbios_entry_point() prototype
  smbios: Rename code specific for SMBIOS 2.1 entry points
  smbios: Generic smbios_next() function
  smbios: smbios_get_tables() function
  smbios: Use smbios_get_tables()/smbios_next() at display_uuid()
  smbios: smbios_major_version()/smbios_minor_version() helpers
  tpm: Use smbios_get_tables()
  csm: Don't check SMBios21Addr before calling copy_smbios_21()
  smbios: Make SMBios21Addr variable static
  smbios: Use smbios_next() at smbios_romfile_setup()
  smbios: Extract SMBIOS table building code to separate function
  smbios: Make smbios_build_tables() more generic
  smbios: smbios_21_setup_entry_point() function
  smbios: Make some smbios_build_tables() arguments optional
  smbios: Make smbios_build_tables() ready for 64-bit tables
  smbios: copy_smbios_30() function
  smbios: Support SMBIOS 3.0 entry point at copy_table()
  smbios: Support SMBIOS 3.0 entry point at smbios_romfile_setup()

Kevin O'Connor (13):
  vgasrc: Don't use VAR16 in header files to fix gcc warning
  memmap: Fix gcc out-of-bounds warning
  readserial: Improve Python3 compatibility
  scripts: Remove python23compat.py
  smm: Suppress gcc array-bounds warnings
  nvme: Rework nvme_io_readwrite() to return -1 on error
  nvme: Add nvme_bounce_xfer() helper function
  nvme: Convert nvme_build_prpl() to nvme_prpl_xfer()
  nvme: Pass prp1 and prp2 directly to nvme_io_xfer()
  nvme: Build the page list in the existing dma buffer
  nvme: Only allocate one dma bounce buffer for all nvme drives
  sercon: Fix missing GET_LOW() to access rx_bytes
  docs: Note v1.16.0 release

Andy Pei (3):
  virtio-blk: add feature VIRTIO_BLK_F_SIZE_MAX and VIRTIO_BLK_F_SEG_MAX
  virtio-blk: abstract a function named virtio_blk_op_one_segment to handle 
r/w request
  virtio-blk: split large IO according to size_max

Igor Mammedov (2):
  pci: reserve resources for pcie-pci-bridge to fix regressed hotplug on q35
  pci: let firmware reserve IO for pcie-pci-bridge

Florian Larysch (1):
  nvme: fix LBA format data structure

Gerd Hoffmann (1):
  svgamodes: add standard 4k modes

Jan Beulich via SeaBIOS (1):
  nvme: avoid use-after-free in nvme_controller_enable()

RE: [PATCH 3/3] whpx: Added support for breakpoints and stepping

[Ivan Shcherbakov]

Hi Alex,

Is there anything I could do to get the WHPX debugging support accepted into 
QEMU? Would the proposed callback AccelOpsClass work for you, or would you 
prefer another approach?

Best,
Ivan

-Original Message-
From: Qemu-devel  On Behalf Of 
Ivan Shcherbakov
Sent: Monday, February 28, 2022 6:09 PM
To: 'Alex Bennée' 
Cc: 'Peter Maydell' ; m...@redhat.com; 
qemu-devel@nongnu.org; arm...@redhat.com; 'Paolo Bonzini' 
Subject: RE: [PATCH 3/3] whpx: Added support for breakpoints and stepping

Hi Alex,

Thanks for getting back to me. It is definitely the latter case (i.e. it is 
possible to change it while the target is stopped at a breakpoint before 
resuming any VCPUs).
vm_state_notify() does look like it's intended for this type of notifications, 
but unfortunately, it doesn't make a distinction between stepping and running 
normally.
Below is the relevant code from gdbstub.c:

>static int gdb_continue_partial(char *newstates) {
>int flag = 0;
>
>/* Various corner cases omitted for brevity  */
>if (vm_prepare_start()) {
>return 0;
>}
>CPU_FOREACH(cpu) {
>switch (newstates[cpu->cpu_index]) {
>case 's':
>trace_gdbstub_op_stepping(cpu->cpu_index);
>cpu_single_step(cpu, gdbserver_state.sstep_flags);
>cpu_resume(cpu);
>flag = 1;
>break;
>case 'c':
>trace_gdbstub_op_continue_cpu(cpu->cpu_index);
>cpu_resume(cpu);
>flag = 1;
>break;
>default:
>res = -1;
>break;
>}
>}
>}

Also:

>int vm_prepare_start(void)
>{
>runstate_set(RUN_STATE_RUNNING);
>vm_state_notify(1, RUN_STATE_RUNNING);
>return 0;
>}

and:

>void vm_state_notify(bool running, RunState state);

So, currently, vm_prepare_start() has no way of distinguishing between 
single-stepping and normal running unless gdb_continue_partial() scans the 
'newstates' array before calling it, and passes some extra argument to 
vm_prepare_start(), indicating whether a step request was present anywhere in 
the array.

I couldn't find any existing run state that would match single-stepping, and 
adding another run state looks like a very non-trivial change that can easily 
backfire. Adding another argument to vm_state_notify() could be easier, but I 
am still afraid it could break some other part of QEMU, so I thought adding a 
new member to AccelOpsClass would be a safer bet. But again, if you think 
another way to do it is better, I am very open to it.

Best regards,
Ivan

-Original Message-
From: Alex Bennée 
Sent: Monday, February 28, 2022 2:28 AM
To: Ivan Shcherbakov 
Cc: 'Peter Maydell' ; 'Paolo Bonzini' 
; qemu-devel@nongnu.org; arm...@redhat.com; m...@redhat.com
Subject: Re: [PATCH 3/3] whpx: Added support for breakpoints and stepping

Is the limitation that whpx_set_exception_exit_bitmap needs to be set before 
any vCPU can be run or that it cannot be set if any vCPUs are currently running?
If it is the later wouldn't adding a hook into the vm_change_state_head 
callbacks be enough?

[PATCH v3 7/9] hw/sensor: add Intersil ISL69260 device model

[Titus Rwantare]

Signed-off-by: Titus Rwantare 
Reviewed-by: Hao Wu 
---
 MAINTAINERS  |   3 +
 hw/arm/Kconfig   |   1 +
 hw/sensor/Kconfig|   5 +
 hw/sensor/isl_pmbus_vr.c | 211 +
 hw/sensor/meson.build|   1 +
 include/hw/sensor/isl_pmbus_vr.h |  50 
 tests/qtest/isl_pmbus_vr-test.c  | 394 +++
 tests/qtest/meson.build  |   1 +
 8 files changed, 666 insertions(+)
 create mode 100644 hw/sensor/isl_pmbus_vr.c
 create mode 100644 include/hw/sensor/isl_pmbus_vr.h
 create mode 100644 tests/qtest/isl_pmbus_vr-test.c

diff --git a/MAINTAINERS b/MAINTAINERS
index 3601984b5d..364a844045 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3140,10 +3140,13 @@ M: Titus Rwantare 
 S: Maintained
 F: hw/i2c/pmbus_device.c
 F: hw/sensor/adm1272.c
+F: hw/sensor/isl_pmbus_vr.c
 F: hw/sensor/max34451.c
 F: include/hw/i2c/pmbus_device.h
+F: include/hw/sensor/isl_pmbus_vr.h
 F: tests/qtest/adm1272-test.c
 F: tests/qtest/max34451-test.c
+F: tests/qtest/isl_pmbus_vr-test.c
 
 Firmware schema specifications
 M: Philippe Mathieu-Daudé 
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index 6945330030..97f3b38019 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -400,6 +400,7 @@ config NPCM7XX
 select SMBUS
 select AT24C  # EEPROM
 select MAX34451
+select ISL_PMBUS_VR
 select PL310  # cache controller
 select PMBUS
 select SERIAL
diff --git a/hw/sensor/Kconfig b/hw/sensor/Kconfig
index 215944decc..a834d2f814 100644
--- a/hw/sensor/Kconfig
+++ b/hw/sensor/Kconfig
@@ -30,3 +30,8 @@ config LSM303DLHC_MAG
 bool
 depends on I2C
 default y if I2C_DEVICES
+
+config ISL_PMBUS_VR
+bool
+depends on I2C
+
diff --git a/hw/sensor/isl_pmbus_vr.c b/hw/sensor/isl_pmbus_vr.c
new file mode 100644
index 00..b3d24e40ab
--- /dev/null
+++ b/hw/sensor/isl_pmbus_vr.c
@@ -0,0 +1,211 @@
+/*
+ * PMBus device for Renesas Digital Multiphase Voltage Regulators
+ *
+ * Copyright 2021 Google LLC
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sensor/isl_pmbus_vr.h"
+#include "hw/qdev-properties.h"
+#include "qapi/visitor.h"
+#include "qemu/log.h"
+#include "qemu/module.h"
+
+static uint8_t isl_pmbus_vr_read_byte(PMBusDevice *pmdev)
+{
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: reading from unsupported register: 0x%02x\n",
+  __func__, pmdev->code);
+return 0xFF;
+}
+
+static int isl_pmbus_vr_write_data(PMBusDevice *pmdev, const uint8_t *buf,
+  uint8_t len)
+{
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: write to unsupported register: 0x%02x\n",
+  __func__, pmdev->code);
+return 0xFF;
+}
+
+/* TODO: Implement coefficients support in pmbus_device.c for qmp */
+static void isl_pmbus_vr_get(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+visit_type_uint16(v, name, (uint16_t *)opaque, errp);
+}
+
+static void isl_pmbus_vr_set(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+PMBusDevice *pmdev = PMBUS_DEVICE(obj);
+uint16_t *internal = opaque;
+uint16_t value;
+if (!visit_type_uint16(v, name, , errp)) {
+return;
+}
+
+*internal = value;
+pmbus_check_limits(pmdev);
+}
+
+static void isl_pmbus_vr_exit_reset(Object *obj)
+{
+PMBusDevice *pmdev = PMBUS_DEVICE(obj);
+
+pmdev->page = 0;
+pmdev->capability = ISL_CAPABILITY_DEFAULT;
+for (int i = 0; i < pmdev->num_pages; i++) {
+pmdev->pages[i].operation = ISL_OPERATION_DEFAULT;
+pmdev->pages[i].on_off_config = ISL_ON_OFF_CONFIG_DEFAULT;
+pmdev->pages[i].vout_mode = ISL_VOUT_MODE_DEFAULT;
+pmdev->pages[i].vout_command = ISL_VOUT_COMMAND_DEFAULT;
+pmdev->pages[i].vout_max = ISL_VOUT_MAX_DEFAULT;
+pmdev->pages[i].vout_margin_high = ISL_VOUT_MARGIN_HIGH_DEFAULT;
+pmdev->pages[i].vout_margin_low = ISL_VOUT_MARGIN_LOW_DEFAULT;
+pmdev->pages[i].vout_transition_rate = 
ISL_VOUT_TRANSITION_RATE_DEFAULT;
+pmdev->pages[i].vout_ov_fault_limit = ISL_VOUT_OV_FAULT_LIMIT_DEFAULT;
+pmdev->pages[i].ot_fault_limit = ISL_OT_FAULT_LIMIT_DEFAULT;
+pmdev->pages[i].ot_warn_limit = ISL_OT_WARN_LIMIT_DEFAULT;
+pmdev->pages[i].vin_ov_warn_limit = ISL_VIN_OV_WARN_LIMIT_DEFAULT;
+pmdev->pages[i].vin_uv_warn_limit = ISL_VIN_UV_WARN_LIMIT_DEFAULT;
+pmdev->pages[i].iin_oc_fault_limit = ISL_IIN_OC_FAULT_LIMIT_DEFAULT;
+pmdev->pages[i].ton_delay = ISL_TON_DELAY_DEFAULT;
+pmdev->pages[i].ton_rise = ISL_TON_RISE_DEFAULT;
+pmdev->pages[i].toff_fall = ISL_TOFF_FALL_DEFAULT;
+pmdev->pages[i].revision = ISL_REVISION_DEFAULT;
+
+pmdev->pages[i].read_vout = ISL_READ_VOUT_DEFAULT;
+pmdev->pages[i].read_iout = 

[PATCH v3 5/9] hw/i2c: pmbus: update MAINTAINERS

[Titus Rwantare]

add self to MAINTAINERS for the PMBus subsystem and related sensors,
and set PMBus as maintained.

Signed-off-by: Titus Rwantare 
---
 MAINTAINERS | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index fa8adc2618..3601984b5d 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3135,6 +3135,16 @@ F: include/hw/i2c/smbus_master.h
 F: include/hw/i2c/smbus_slave.h
 F: include/hw/i2c/smbus_eeprom.h
 
+PMBus
+M: Titus Rwantare 
+S: Maintained
+F: hw/i2c/pmbus_device.c
+F: hw/sensor/adm1272.c
+F: hw/sensor/max34451.c
+F: include/hw/i2c/pmbus_device.h
+F: tests/qtest/adm1272-test.c
+F: tests/qtest/max34451-test.c
+
 Firmware schema specifications
 M: Philippe Mathieu-Daudé 
 R: Daniel P. Berrange 
-- 
2.35.1.616.g0bdcbb4464-goog

[PATCH v3 0/9] This patch series contains updates to PMBus in QEMU along with some PMBus device models for Renesas regulators. I have also added myself to MAINTAINERS as this code is in use daily, whe

[Titus Rwantare]

v2:
  - split PMBus commit with updates into individual fixes
  - renamed isl_pmbus[.ch] adding _vr for voltage regulators

v3:
  - split uint refactor commit and removed commit renaming files
  - rename rolled into preceding commits
  - update commit description for uint refactoring change

Shengtan Mao (1):
  hw/i2c: Added linear mode translation for pmbus devices

Titus Rwantare (8):
  hw/i2c: pmbus: add registers
  hw/i2c: pmbus: guard against out of range accesses
  hw/i2c: pmbus: add PEC unsupported warning
  hw/i2c: pmbus: refactor uint handling
  hw/i2c: pmbus: update MAINTAINERS
  hw/sensor: add Intersil ISL69260 device model
  hw/sensor: add Renesas raa229004 PMBus device
  hw/sensor: add Renesas raa228000 device

 MAINTAINERS  |  13 +
 hw/arm/Kconfig   |   1 +
 hw/i2c/pmbus_device.c| 106 ++-
 hw/sensor/Kconfig|   5 +
 hw/sensor/isl_pmbus_vr.c | 279 ++
 hw/sensor/meson.build|   1 +
 include/hw/i2c/pmbus_device.h|  23 +-
 include/hw/sensor/isl_pmbus_vr.h |  52 
 tests/qtest/isl_pmbus_vr-test.c  | 474 +++
 tests/qtest/meson.build  |   1 +
 10 files changed, 944 insertions(+), 11 deletions(-)
 create mode 100644 hw/sensor/isl_pmbus_vr.c
 create mode 100644 include/hw/sensor/isl_pmbus_vr.h
 create mode 100644 tests/qtest/isl_pmbus_vr-test.c

-- 
2.35.1.616.g0bdcbb4464-goog

[PATCH v3 9/9] hw/sensor: add Renesas raa228000 device

[Titus Rwantare]

Signed-off-by: Titus Rwantare 
Reviewed-by: Hao Wu 
---
 hw/sensor/isl_pmbus_vr.c | 50 
 include/hw/sensor/isl_pmbus_vr.h |  1 +
 tests/qtest/isl_pmbus_vr-test.c  | 78 ++--
 3 files changed, 126 insertions(+), 3 deletions(-)

diff --git a/hw/sensor/isl_pmbus_vr.c b/hw/sensor/isl_pmbus_vr.c
index e260faeac3..df7c003ea6 100644
--- a/hw/sensor/isl_pmbus_vr.c
+++ b/hw/sensor/isl_pmbus_vr.c
@@ -89,6 +89,24 @@ static void isl_pmbus_vr_exit_reset(Object *obj)
 }
 }
 
+/* The raa228000 uses different direct mode coefficents from most isl devices 
*/
+static void raa228000_exit_reset(Object *obj)
+{
+isl_pmbus_vr_exit_reset(obj);
+
+PMBusDevice *pmdev = PMBUS_DEVICE(obj);
+
+pmdev->pages[0].read_vout = 0;
+pmdev->pages[0].read_iout = 0;
+pmdev->pages[0].read_pout = 0;
+pmdev->pages[0].read_vin = 0;
+pmdev->pages[0].read_iin = 0;
+pmdev->pages[0].read_pin = 0;
+pmdev->pages[0].read_temperature_1 = 0;
+pmdev->pages[0].read_temperature_2 = 0;
+pmdev->pages[0].read_temperature_3 = 0;
+}
+
 static void isl_pmbus_vr_add_props(Object *obj, uint64_t *flags, uint8_t pages)
 {
 PMBusDevice *pmdev = PMBUS_DEVICE(obj);
@@ -177,6 +195,20 @@ static void raa22xx_init(Object *obj)
 isl_pmbus_vr_add_props(obj, flags, 2);
 }
 
+static void raa228000_init(Object *obj)
+{
+PMBusDevice *pmdev = PMBUS_DEVICE(obj);
+uint64_t flags[1];
+
+flags[0] = PB_HAS_VIN | PB_HAS_VOUT | PB_HAS_VOUT_MODE |
+   PB_HAS_VOUT_RATING | PB_HAS_VOUT_MARGIN | PB_HAS_IIN |
+   PB_HAS_IOUT | PB_HAS_PIN | PB_HAS_POUT | PB_HAS_TEMPERATURE |
+   PB_HAS_TEMP2 | PB_HAS_TEMP3 | PB_HAS_STATUS_MFR_SPECIFIC;
+
+pmbus_page_config(pmdev, 0, flags[0]);
+isl_pmbus_vr_add_props(obj, flags, 1);
+}
+
 static void isl_pmbus_vr_class_init(ObjectClass *klass, void *data,
 uint8_t pages)
 {
@@ -195,6 +227,15 @@ static void isl69260_class_init(ObjectClass *klass, void 
*data)
 isl_pmbus_vr_class_init(klass, data, 2);
 }
 
+static void raa228000_class_init(ObjectClass *klass, void *data)
+{
+ResettableClass *rc = RESETTABLE_CLASS(klass);
+DeviceClass *dc = DEVICE_CLASS(klass);
+dc->desc = "Renesas 228000 Digital Multiphase Voltage Regulator";
+rc->phases.exit = raa228000_exit_reset;
+isl_pmbus_vr_class_init(klass, data, 1);
+}
+
 static void raa229004_class_init(ObjectClass *klass, void *data)
 {
 ResettableClass *rc = RESETTABLE_CLASS(klass);
@@ -220,9 +261,18 @@ static const TypeInfo raa229004_info = {
 .class_init = raa229004_class_init,
 };
 
+static const TypeInfo raa228000_info = {
+.name = TYPE_RAA228000,
+.parent = TYPE_PMBUS_DEVICE,
+.instance_size = sizeof(ISLState),
+.instance_init = raa228000_init,
+.class_init = raa228000_class_init,
+};
+
 static void isl_pmbus_vr_register_types(void)
 {
 type_register_static(_info);
+type_register_static(_info);
 type_register_static(_info);
 }
 
diff --git a/include/hw/sensor/isl_pmbus_vr.h b/include/hw/sensor/isl_pmbus_vr.h
index 233916f70a..3e47ff7e48 100644
--- a/include/hw/sensor/isl_pmbus_vr.h
+++ b/include/hw/sensor/isl_pmbus_vr.h
@@ -13,6 +13,7 @@
 #include "qom/object.h"
 
 #define TYPE_ISL69260   "isl69260"
+#define TYPE_RAA228000  "raa228000"
 #define TYPE_RAA229004  "raa229004"
 
 struct ISLState {
diff --git a/tests/qtest/isl_pmbus_vr-test.c b/tests/qtest/isl_pmbus_vr-test.c
index a33dfb6135..5553ea410a 100644
--- a/tests/qtest/isl_pmbus_vr-test.c
+++ b/tests/qtest/isl_pmbus_vr-test.c
@@ -150,6 +150,70 @@ static void test_defaults(void *obj, void *data, 
QGuestAllocator *alloc)
 g_assert_cmphex(i2c_value, ==, ISL_REVISION_DEFAULT);
 }
 
+static void raa228000_test_defaults(void *obj, void *data,
+QGuestAllocator *alloc)
+{
+uint16_t value, i2c_value;
+QI2CDevice *i2cdev = (QI2CDevice *)obj;
+
+value = qmp_isl_pmbus_vr_get(TEST_ID, "vout[0]");
+g_assert_cmpuint(value, ==, 0);
+
+i2c_value = isl_pmbus_vr_i2c_get16(i2cdev, PMBUS_READ_IOUT);
+g_assert_cmpuint(i2c_value, ==, 0);
+
+value = qmp_isl_pmbus_vr_get(TEST_ID, "pout[0]");
+g_assert_cmpuint(value, ==, 0);
+
+i2c_value = i2c_get8(i2cdev, PMBUS_CAPABILITY);
+g_assert_cmphex(i2c_value, ==, ISL_CAPABILITY_DEFAULT);
+
+i2c_value = i2c_get8(i2cdev, PMBUS_OPERATION);
+g_assert_cmphex(i2c_value, ==, ISL_OPERATION_DEFAULT);
+
+i2c_value = i2c_get8(i2cdev, PMBUS_ON_OFF_CONFIG);
+g_assert_cmphex(i2c_value, ==, ISL_ON_OFF_CONFIG_DEFAULT);
+
+i2c_value = i2c_get8(i2cdev, PMBUS_VOUT_MODE);
+g_assert_cmphex(i2c_value, ==, ISL_VOUT_MODE_DEFAULT);
+
+i2c_value = isl_pmbus_vr_i2c_get16(i2cdev, PMBUS_VOUT_COMMAND);
+g_assert_cmphex(i2c_value, ==, ISL_VOUT_COMMAND_DEFAULT);
+
+i2c_value = isl_pmbus_vr_i2c_get16(i2cdev, PMBUS_VOUT_MAX);
+g_assert_cmphex(i2c_value, ==, ISL_VOUT_MAX_DEFAULT);
+
+i2c_value 

[PATCH v3 2/9] hw/i2c: pmbus: guard against out of range accesses

[Titus Rwantare]

Signed-off-by: Titus Rwantare 
---
 hw/i2c/pmbus_device.c | 41 -
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/hw/i2c/pmbus_device.c b/hw/i2c/pmbus_device.c
index 07a45c99f9..93c746bab3 100644
--- a/hw/i2c/pmbus_device.c
+++ b/hw/i2c/pmbus_device.c
@@ -243,18 +243,47 @@ void pmbus_check_limits(PMBusDevice *pmdev)
 }
 }
 
+/* assert the status_cml error upon receipt of malformed command */
+static void pmbus_cml_error(PMBusDevice *pmdev)
+{
+for (int i = 0; i < pmdev->num_pages; i++) {
+pmdev->pages[i].status_word |= PMBUS_STATUS_CML;
+pmdev->pages[i].status_cml |= PB_CML_FAULT_INVALID_CMD;
+}
+}
+
 static uint8_t pmbus_receive_byte(SMBusDevice *smd)
 {
 PMBusDevice *pmdev = PMBUS_DEVICE(smd);
 PMBusDeviceClass *pmdc = PMBUS_DEVICE_GET_CLASS(pmdev);
 uint8_t ret = 0xFF;
-uint8_t index = pmdev->page;
+uint8_t index;
 
 if (pmdev->out_buf_len != 0) {
 ret = pmbus_out_buf_pop(pmdev);
 return ret;
 }
 
+/*
+ * Reading from all pages will return the value from page 0,
+ * this is unspecified behaviour in general.
+ */
+if (pmdev->page == PB_ALL_PAGES) {
+index = 0;
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: tried to read from all pages\n",
+  __func__);
+pmbus_cml_error(pmdev);
+} else if (pmdev->page > pmdev->num_pages - 1) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: page %d is out of range\n",
+  __func__, pmdev->page);
+pmbus_cml_error(pmdev);
+return -1;
+} else {
+index = pmdev->page;
+}
+
 switch (pmdev->code) {
 case PMBUS_PAGE:
 pmbus_send8(pmdev, pmdev->page);
@@ -1038,6 +1067,7 @@ static int pmbus_write_data(SMBusDevice *smd, uint8_t 
*buf, uint8_t len)
 pmdev->page = pmbus_receive8(pmdev);
 return 0;
 }
+
 /* loop through all the pages when 0xFF is received */
 if (pmdev->page == PB_ALL_PAGES) {
 for (int i = 0; i < pmdev->num_pages; i++) {
@@ -1048,6 +1078,15 @@ static int pmbus_write_data(SMBusDevice *smd, uint8_t 
*buf, uint8_t len)
 return 0;
 }
 
+if (pmdev->page > pmdev->num_pages - 1) {
+qemu_log_mask(LOG_GUEST_ERROR,
+"%s: page %u is out of range\n",
+__func__, pmdev->page);
+pmdev->page = 0; /* undefined behaviour - reset to page 0 */
+pmbus_cml_error(pmdev);
+return -1;
+}
+
 index = pmdev->page;
 
 switch (pmdev->code) {
-- 
2.35.1.616.g0bdcbb4464-goog

[PATCH v3 4/9] hw/i2c: pmbus: refactor uint handling

[Titus Rwantare]

This change cleans up the inputs to pmbus_receive uint, the length of
received data is contained in PMBusDevice state and doesn't need to be
passed around.

Signed-off-by: Titus Rwantare 
---
 hw/i2c/pmbus_device.c | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/hw/i2c/pmbus_device.c b/hw/i2c/pmbus_device.c
index 6eeb0731d7..3beb02afad 100644
--- a/hw/i2c/pmbus_device.c
+++ b/hw/i2c/pmbus_device.c
@@ -89,16 +89,16 @@ void pmbus_send_string(PMBusDevice *pmdev, const char *data)
 }
 
 
-static uint64_t pmbus_receive_uint(const uint8_t *buf, uint8_t len)
+static uint64_t pmbus_receive_uint(PMBusDevice *pmdev)
 {
 uint64_t ret = 0;
 
 /* Exclude command code from return value */
-buf++;
-len--;
+pmdev->in_buf++;
+pmdev->in_buf_len--;
 
-for (int i = len - 1; i >= 0; i--) {
-ret = ret << 8 | buf[i];
+for (int i = pmdev->in_buf_len - 1; i >= 0; i--) {
+ret = ret << 8 | pmdev->in_buf[i];
 }
 return ret;
 }
@@ -110,7 +110,7 @@ uint8_t pmbus_receive8(PMBusDevice *pmdev)
   "%s: length mismatch. Expected 1 byte, got %d bytes\n",
   __func__, pmdev->in_buf_len - 1);
 }
-return pmbus_receive_uint(pmdev->in_buf, pmdev->in_buf_len);
+return pmbus_receive_uint(pmdev);
 }
 
 uint16_t pmbus_receive16(PMBusDevice *pmdev)
@@ -120,7 +120,7 @@ uint16_t pmbus_receive16(PMBusDevice *pmdev)
   "%s: length mismatch. Expected 2 bytes, got %d bytes\n",
   __func__, pmdev->in_buf_len - 1);
 }
-return pmbus_receive_uint(pmdev->in_buf, pmdev->in_buf_len);
+return pmbus_receive_uint(pmdev);
 }
 
 uint32_t pmbus_receive32(PMBusDevice *pmdev)
@@ -130,7 +130,7 @@ uint32_t pmbus_receive32(PMBusDevice *pmdev)
   "%s: length mismatch. Expected 4 bytes, got %d bytes\n",
   __func__, pmdev->in_buf_len - 1);
 }
-return pmbus_receive_uint(pmdev->in_buf, pmdev->in_buf_len);
+return pmbus_receive_uint(pmdev);
 }
 
 uint64_t pmbus_receive64(PMBusDevice *pmdev)
@@ -140,7 +140,7 @@ uint64_t pmbus_receive64(PMBusDevice *pmdev)
   "%s: length mismatch. Expected 8 bytes, got %d bytes\n",
   __func__, pmdev->in_buf_len - 1);
 }
-return pmbus_receive_uint(pmdev->in_buf, pmdev->in_buf_len);
+return pmbus_receive_uint(pmdev);
 }
 
 static uint8_t pmbus_out_buf_pop(PMBusDevice *pmdev)
-- 
2.35.1.616.g0bdcbb4464-goog

[PATCH v3 3/9] hw/i2c: pmbus: add PEC unsupported warning

[Titus Rwantare]

Signed-off-by: Titus Rwantare 
---
 hw/i2c/pmbus_device.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/hw/i2c/pmbus_device.c b/hw/i2c/pmbus_device.c
index 93c746bab3..6eeb0731d7 100644
--- a/hw/i2c/pmbus_device.c
+++ b/hw/i2c/pmbus_device.c
@@ -307,6 +307,11 @@ static uint8_t pmbus_receive_byte(SMBusDevice *smd)
 
 case PMBUS_CAPABILITY:
 pmbus_send8(pmdev, pmdev->capability);
+if (pmdev->capability & BIT(7)) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: PEC is enabled but not yet supported.\n",
+  __func__);
+}
 break;
 
 case PMBUS_VOUT_MODE: /* R/W byte */
-- 
2.35.1.616.g0bdcbb4464-goog

[PATCH v3 8/9] hw/sensor: add Renesas raa229004 PMBus device

[Titus Rwantare]

The Renesas RAA229004 is a PMBus Multiphase Voltage Regulator

Signed-off-by: Titus Rwantare 
Reviewed-by: Hao Wu 
---
 hw/sensor/isl_pmbus_vr.c | 18 ++
 include/hw/sensor/isl_pmbus_vr.h |  1 +
 tests/qtest/isl_pmbus_vr-test.c  |  8 
 3 files changed, 27 insertions(+)

diff --git a/hw/sensor/isl_pmbus_vr.c b/hw/sensor/isl_pmbus_vr.c
index b3d24e40ab..e260faeac3 100644
--- a/hw/sensor/isl_pmbus_vr.c
+++ b/hw/sensor/isl_pmbus_vr.c
@@ -195,6 +195,15 @@ static void isl69260_class_init(ObjectClass *klass, void 
*data)
 isl_pmbus_vr_class_init(klass, data, 2);
 }
 
+static void raa229004_class_init(ObjectClass *klass, void *data)
+{
+ResettableClass *rc = RESETTABLE_CLASS(klass);
+DeviceClass *dc = DEVICE_CLASS(klass);
+dc->desc = "Renesas 229004 Digital Multiphase Voltage Regulator";
+rc->phases.exit = isl_pmbus_vr_exit_reset;
+isl_pmbus_vr_class_init(klass, data, 2);
+}
+
 static const TypeInfo isl69260_info = {
 .name = TYPE_ISL69260,
 .parent = TYPE_PMBUS_DEVICE,
@@ -203,9 +212,18 @@ static const TypeInfo isl69260_info = {
 .class_init = isl69260_class_init,
 };
 
+static const TypeInfo raa229004_info = {
+.name = TYPE_RAA229004,
+.parent = TYPE_PMBUS_DEVICE,
+.instance_size = sizeof(ISLState),
+.instance_init = raa22xx_init,
+.class_init = raa229004_class_init,
+};
+
 static void isl_pmbus_vr_register_types(void)
 {
 type_register_static(_info);
+type_register_static(_info);
 }
 
 type_init(isl_pmbus_vr_register_types)
diff --git a/include/hw/sensor/isl_pmbus_vr.h b/include/hw/sensor/isl_pmbus_vr.h
index 4e12e95efb..233916f70a 100644
--- a/include/hw/sensor/isl_pmbus_vr.h
+++ b/include/hw/sensor/isl_pmbus_vr.h
@@ -13,6 +13,7 @@
 #include "qom/object.h"
 
 #define TYPE_ISL69260   "isl69260"
+#define TYPE_RAA229004  "raa229004"
 
 struct ISLState {
 PMBusDevice parent;
diff --git a/tests/qtest/isl_pmbus_vr-test.c b/tests/qtest/isl_pmbus_vr-test.c
index f77732ae96..a33dfb6135 100644
--- a/tests/qtest/isl_pmbus_vr-test.c
+++ b/tests/qtest/isl_pmbus_vr-test.c
@@ -384,11 +384,19 @@ static void isl_pmbus_vr_register_nodes(void)
 qos_node_create_driver("isl69260", i2c_device_create);
 qos_node_consumes("isl69260", "i2c-bus", );
 
+qos_node_create_driver("raa229004", i2c_device_create);
+qos_node_consumes("raa229004", "i2c-bus", );
+
 qos_add_test("test_defaults", "isl69260", test_defaults, NULL);
 qos_add_test("test_tx_rx", "isl69260", test_tx_rx, NULL);
 qos_add_test("test_rw_regs", "isl69260", test_rw_regs, NULL);
 qos_add_test("test_pages_rw", "isl69260", test_pages_rw, NULL);
 qos_add_test("test_ro_regs", "isl69260", test_ro_regs, NULL);
 qos_add_test("test_ov_faults", "isl69260", test_voltage_faults, NULL);
+
+qos_add_test("test_tx_rx", "raa229004", test_tx_rx, NULL);
+qos_add_test("test_rw_regs", "raa229004", test_rw_regs, NULL);
+qos_add_test("test_pages_rw", "raa229004", test_pages_rw, NULL);
+qos_add_test("test_ov_faults", "raa229004", test_voltage_faults, NULL);
 }
 libqos_init(isl_pmbus_vr_register_nodes);
-- 
2.35.1.616.g0bdcbb4464-goog

[PATCH v3 6/9] hw/i2c: Added linear mode translation for pmbus devices

[Titus Rwantare]

From: Shengtan Mao 

Signed-off-by: Shengtan Mao 
Reviewed-by: Titus Rwantare 
---
 hw/i2c/pmbus_device.c | 18 ++
 include/hw/i2c/pmbus_device.h | 20 +++-
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/hw/i2c/pmbus_device.c b/hw/i2c/pmbus_device.c
index 3beb02afad..1036c41c49 100644
--- a/hw/i2c/pmbus_device.c
+++ b/hw/i2c/pmbus_device.c
@@ -28,6 +28,24 @@ uint32_t pmbus_direct_mode2data(PMBusCoefficients c, 
uint16_t value)
 return x;
 }
 
+uint16_t pmbus_data2linear_mode(uint16_t value, int exp)
+{
+/* L = D * 2^(-e) */
+if (exp < 0) {
+return value << (-exp);
+}
+return value >> exp;
+}
+
+uint16_t pmbus_linear_mode2data(uint16_t value, int exp)
+{
+/* D = L * 2^e */
+if (exp < 0) {
+return value >> (-exp);
+}
+return value << exp;
+}
+
 void pmbus_send(PMBusDevice *pmdev, const uint8_t *data, uint16_t len)
 {
 if (pmdev->out_buf_len + len > SMBUS_DATA_MAX_LEN) {
diff --git a/include/hw/i2c/pmbus_device.h b/include/hw/i2c/pmbus_device.h
index 72c0483149..9a274247ab 100644
--- a/include/hw/i2c/pmbus_device.h
+++ b/include/hw/i2c/pmbus_device.h
@@ -446,7 +446,7 @@ typedef struct PMBusCoefficients {
  *
  * Y = (m * x - b) * 10^R
  *
- * @return uint32_t
+ * @return uint16_t
  */
 uint16_t pmbus_data2direct_mode(PMBusCoefficients c, uint32_t value);
 
@@ -459,6 +459,24 @@ uint16_t pmbus_data2direct_mode(PMBusCoefficients c, 
uint32_t value);
  */
 uint32_t pmbus_direct_mode2data(PMBusCoefficients c, uint16_t value);
 
+/**
+ * Convert sensor values to linear mode format
+ *
+ * L = D * 2^(-e)
+ *
+ * @return uint16
+ */
+uint16_t pmbus_data2linear_mode(uint16_t value, int exp);
+
+/**
+ * Convert linear mode formatted data into sensor reading
+ *
+ * D = L * 2^e
+ *
+ * @return uint16
+ */
+uint16_t pmbus_linear_mode2data(uint16_t value, int exp);
+
 /**
  * @brief Send a block of data over PMBus
  * Assumes that the bytes in the block are already ordered correctly,
-- 
2.35.1.616.g0bdcbb4464-goog

[PATCH v3 1/9] hw/i2c: pmbus: add registers

[Titus Rwantare]

   - add the VOUT_MIN and STATUS_MFR registers

Signed-off-by: Titus Rwantare 
---
 hw/i2c/pmbus_device.c | 24 
 include/hw/i2c/pmbus_device.h |  3 +++
 2 files changed, 27 insertions(+)

diff --git a/hw/i2c/pmbus_device.c b/hw/i2c/pmbus_device.c
index 24f8f522d9..07a45c99f9 100644
--- a/hw/i2c/pmbus_device.c
+++ b/hw/i2c/pmbus_device.c
@@ -368,6 +368,14 @@ static uint8_t pmbus_receive_byte(SMBusDevice *smd)
 }
 break;
 
+case PMBUS_VOUT_MIN:/* R/W word */
+if (pmdev->pages[index].page_flags & PB_HAS_VOUT_RATING) {
+pmbus_send16(pmdev, pmdev->pages[index].vout_min);
+} else {
+goto passthough;
+}
+break;
+
 /* TODO: implement coefficients support */
 
 case PMBUS_POUT_MAX:  /* R/W word */
@@ -708,6 +716,10 @@ static uint8_t pmbus_receive_byte(SMBusDevice *smd)
 pmbus_send8(pmdev, pmdev->pages[index].status_other);
 break;
 
+case PMBUS_STATUS_MFR_SPECIFIC:   /* R/W byte */
+pmbus_send8(pmdev, pmdev->pages[index].status_mfr_specific);
+break;
+
 case PMBUS_READ_EIN:  /* Read-Only block 5 bytes */
 if (pmdev->pages[index].page_flags & PB_HAS_EIN) {
 pmbus_send(pmdev, pmdev->pages[index].read_ein, 5);
@@ -1149,6 +1161,14 @@ static int pmbus_write_data(SMBusDevice *smd, uint8_t 
*buf, uint8_t len)
 }
 break;
 
+case PMBUS_VOUT_MIN:  /* R/W word */
+if (pmdev->pages[index].page_flags & PB_HAS_VOUT_RATING) {
+pmdev->pages[index].vout_min = pmbus_receive16(pmdev);
+} else {
+goto passthrough;
+}
+break;
+
 case PMBUS_POUT_MAX:  /* R/W word */
 if (pmdev->pages[index].page_flags & PB_HAS_VOUT) {
 pmdev->pages[index].pout_max = pmbus_receive16(pmdev);
@@ -1482,6 +1502,10 @@ static int pmbus_write_data(SMBusDevice *smd, uint8_t 
*buf, uint8_t len)
 pmdev->pages[index].status_other = pmbus_receive8(pmdev);
 break;
 
+case PMBUS_STATUS_MFR_SPECIFIC:/* R/W byte */
+pmdev->pages[index].status_mfr_specific = pmbus_receive8(pmdev);
+break;
+
 case PMBUS_PAGE_PLUS_READ:/* Block Read-only */
 case PMBUS_CAPABILITY:/* Read-Only byte */
 case PMBUS_COEFFICIENTS:  /* Read-only block 5 bytes */
diff --git a/include/hw/i2c/pmbus_device.h b/include/hw/i2c/pmbus_device.h
index 62bd38c83f..72c0483149 100644
--- a/include/hw/i2c/pmbus_device.h
+++ b/include/hw/i2c/pmbus_device.h
@@ -43,6 +43,7 @@ enum pmbus_registers {
 PMBUS_VOUT_DROOP= 0x28, /* R/W word */
 PMBUS_VOUT_SCALE_LOOP   = 0x29, /* R/W word */
 PMBUS_VOUT_SCALE_MONITOR= 0x2A, /* R/W word */
+PMBUS_VOUT_MIN  = 0x2B, /* R/W word */
 PMBUS_COEFFICIENTS  = 0x30, /* Read-only block 5 bytes */
 PMBUS_POUT_MAX  = 0x31, /* R/W word */
 PMBUS_MAX_DUTY  = 0x32, /* R/W word */
@@ -255,6 +256,7 @@ OBJECT_DECLARE_TYPE(PMBusDevice, PMBusDeviceClass,
 #define PB_HAS_TEMP3   BIT_ULL(42)
 #define PB_HAS_TEMP_RATING BIT_ULL(43)
 #define PB_HAS_MFR_INFOBIT_ULL(50)
+#define PB_HAS_STATUS_MFR_SPECIFIC BIT_ULL(51)
 
 struct PMBusDeviceClass {
 SMBusDeviceClass parent_class;
@@ -295,6 +297,7 @@ typedef struct PMBusPage {
 uint16_t vout_droop;   /* R/W word */
 uint16_t vout_scale_loop;  /* R/W word */
 uint16_t vout_scale_monitor;   /* R/W word */
+uint16_t vout_min; /* R/W word */
 uint8_t coefficients[5];   /* Read-only block 5 bytes */
 uint16_t pout_max; /* R/W word */
 uint16_t max_duty; /* R/W word */
-- 
2.35.1.616.g0bdcbb4464-goog

Re: [PATCH v2 00/25] migration: Postcopy Preemption

[Peter Xu]

On Tue, Mar 01, 2022 at 06:05:50PM +, Daniel P. Berrangé wrote:
> On Tue, Mar 01, 2022 at 06:55:00PM +0800, Peter Xu wrote:
> > On Tue, Mar 01, 2022 at 10:27:10AM +, Daniel P. Berrangé wrote:
> > So what I'm curious is why TLS is getting quite some attentions in the past
> > few years but I didn't even see any selftests included in migration-test on
> > tls.  That's something I wanted to look into, maybe even before adding the
> > preempt+tls support. But maybe I just missed something, as I didn't use tls
> > a lot in the past.
> 
> I'm going to send some patches for adding TLS to migration-test

That's great.  Please feel free to copy me, I can probably work the
preempt+tls upon, thanks.

-- 
Peter Xu

Re: [PATCH v2 00/25] migration: Postcopy Preemption

[Peter Xu]

On Tue, Mar 01, 2022 at 04:51:09PM +, Dr. David Alan Gilbert wrote:
> Hmm, I think it's worth getting TLS working before putting the full
> series in, because it might impact the way you wire the channels up -
> it's going to take some care; but lets see which parts we can/should
> take.

IMHO it should be mostly transparent to the whole user interface and the
rest of the features, thanks to the well-abstracted qio channel layer, so
most code does not really need to worry about what kind of channel it is.
But sure, we don't need to rush.  Thanks,

-- 
Peter Xu

Re: [PATCH qemu 0/7] Many improvements to HVF memory-related codes

[Yan-Jie Wang]

Sorry, I made a mistake.
The last line in the function, hvf_find_free_slot, introduced in this
commit "hvf: simplify data structures and codes of memory related
functions" should be "return NULL;"

static hvf_slot *hvf_find_free_slot(void)
{
hvf_slot *slot;
int x;
for (x = 0; x < HVF_NUM_SLOTS; x++) {
slot = [x];
if (!slot->size) {
return slot;
}
}

return NULL;   // < This line is changed
}

I will submit a new version of the patch series after I go home.

Re: [PATCH v7 12/14] target/riscv: rvk: add CSR support for Zkr

[Weiwei Li]

在 2022/3/1 下午11:59, Richard Henderson 写道:

On 2/28/22 16:27, Weiwei Li wrote:


在 2022/3/1 上午9:44, Weiwei Li 写道:


在 2022/3/1 上午4:11, Richard Henderson 写道:

On 2/28/22 04:48, Weiwei Li wrote:

+/* Crypto Extension */
+static RISCVException rmw_seed(CPURISCVState *env, int csrno,
+  target_ulong *ret_value,
+  target_ulong new_value, 
target_ulong write_mask)

+{
+    if (!write_mask) {
+    return RISCV_EXCP_ILLEGAL_INST;
+    }


This is incorrect.  The error should only be with a write-mask of 
the actual x0 register, not another register which happens to 
contain 0.  There is in fact no way to diagnose exactly what you 
want here, which IIRC has an existing fixme comment somewhere.
Yeah. write_mask is also used in riscv_csrrw_check to check whether 
the read-only csr is written. We cannot distinguish x0 and reg which 
contains 0  here without changing total progress of csr read/write.


I seems misunderstand the code for csr read/write:  write_mask will 
be set zero only for read-only operation (CSRRS/CSRRC with rs1=x0 or 
CSRRSI/CSRRCI with uimm=0) via do_csrr --> helper_csrr -> riscv_csrrw 
call-chain.


The write_mask for do_csrw and do_csrrw will not be zero.

As said in the spec :

"TheseedCSR must be accessed with a read-write instruction. A 
read-only instruction such asCSRRS/CSRRC
withrs1=x0orCSRRSI/CSRRCIwithuimm=0will raise an illegal instruction 
exception. "


So it's suitable to check write_mask here.


Consider CSRRS with rs1=x31.  In that case mask will be the value in 
x31.  Even if the value is 0, this is still considered a read-write 
instruction.
Yeah. I lost this kind of case . So this is a bug. Maybe we can add a 
new parameter like  'write' to helper_csrrw to indicate that write 
operation should be done.



r~

Re: [PATCH v2 4/9] hw/i2c: pmbus: refactor uint handling and update MAINTAINERS

[Corey Minyard]

On Tue, Mar 01, 2022 at 04:23:02PM -0800, Titus Rwantare wrote:
> Signed-off-by: Titus Rwantare 
> ---
>  MAINTAINERS   | 10 ++
>  hw/i2c/pmbus_device.c | 18 +-
>  2 files changed, 19 insertions(+), 9 deletions(-)

This makes sense, but can you split it into two patches and give a bit
more explaination about the uint handling.  Usually patches without
explaination are frowned upon, even if it's kind of obvious.

-corey

> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index fa8adc2618..3601984b5d 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -3135,6 +3135,16 @@ F: include/hw/i2c/smbus_master.h
>  F: include/hw/i2c/smbus_slave.h
>  F: include/hw/i2c/smbus_eeprom.h
>  
> +PMBus
> +M: Titus Rwantare 
> +S: Maintained
> +F: hw/i2c/pmbus_device.c
> +F: hw/sensor/adm1272.c
> +F: hw/sensor/max34451.c
> +F: include/hw/i2c/pmbus_device.h
> +F: tests/qtest/adm1272-test.c
> +F: tests/qtest/max34451-test.c
> +
>  Firmware schema specifications
>  M: Philippe Mathieu-Daudé 
>  R: Daniel P. Berrange 
> diff --git a/hw/i2c/pmbus_device.c b/hw/i2c/pmbus_device.c
> index 6eeb0731d7..3beb02afad 100644
> --- a/hw/i2c/pmbus_device.c
> +++ b/hw/i2c/pmbus_device.c
> @@ -89,16 +89,16 @@ void pmbus_send_string(PMBusDevice *pmdev, const char 
> *data)
>  }
>  
>  
> -static uint64_t pmbus_receive_uint(const uint8_t *buf, uint8_t len)
> +static uint64_t pmbus_receive_uint(PMBusDevice *pmdev)
>  {
>  uint64_t ret = 0;
>  
>  /* Exclude command code from return value */
> -buf++;
> -len--;
> +pmdev->in_buf++;
> +pmdev->in_buf_len--;
>  
> -for (int i = len - 1; i >= 0; i--) {
> -ret = ret << 8 | buf[i];
> +for (int i = pmdev->in_buf_len - 1; i >= 0; i--) {
> +ret = ret << 8 | pmdev->in_buf[i];
>  }
>  return ret;
>  }
> @@ -110,7 +110,7 @@ uint8_t pmbus_receive8(PMBusDevice *pmdev)
>"%s: length mismatch. Expected 1 byte, got %d bytes\n",
>__func__, pmdev->in_buf_len - 1);
>  }
> -return pmbus_receive_uint(pmdev->in_buf, pmdev->in_buf_len);
> +return pmbus_receive_uint(pmdev);
>  }
>  
>  uint16_t pmbus_receive16(PMBusDevice *pmdev)
> @@ -120,7 +120,7 @@ uint16_t pmbus_receive16(PMBusDevice *pmdev)
>"%s: length mismatch. Expected 2 bytes, got %d 
> bytes\n",
>__func__, pmdev->in_buf_len - 1);
>  }
> -return pmbus_receive_uint(pmdev->in_buf, pmdev->in_buf_len);
> +return pmbus_receive_uint(pmdev);
>  }
>  
>  uint32_t pmbus_receive32(PMBusDevice *pmdev)
> @@ -130,7 +130,7 @@ uint32_t pmbus_receive32(PMBusDevice *pmdev)
>"%s: length mismatch. Expected 4 bytes, got %d 
> bytes\n",
>__func__, pmdev->in_buf_len - 1);
>  }
> -return pmbus_receive_uint(pmdev->in_buf, pmdev->in_buf_len);
> +return pmbus_receive_uint(pmdev);
>  }
>  
>  uint64_t pmbus_receive64(PMBusDevice *pmdev)
> @@ -140,7 +140,7 @@ uint64_t pmbus_receive64(PMBusDevice *pmdev)
>"%s: length mismatch. Expected 8 bytes, got %d 
> bytes\n",
>__func__, pmdev->in_buf_len - 1);
>  }
> -return pmbus_receive_uint(pmdev->in_buf, pmdev->in_buf_len);
> +return pmbus_receive_uint(pmdev);
>  }
>  
>  static uint8_t pmbus_out_buf_pop(PMBusDevice *pmdev)
> -- 
> 2.35.1.616.g0bdcbb4464-goog
> 

Re: [PATCH v2 9/9] hw/sensor: rename isl_pmbus to isl_pmbus_vr

[Titus Rwantare]

The rename is from feedback in v1 by Peter. I did this in a separate
patch as it's easier to merge, compared to editing the 4 commits
affected by this.

Titus

On Tue, 1 Mar 2022 at 16:43, Corey Minyard  wrote:
>
> On Tue, Mar 01, 2022 at 04:23:07PM -0800, Titus Rwantare wrote:
> > Signed-off-by: Titus Rwantare 
>
> Two things:
>
> * Why do you want to rename this?
>
> * This patch doesn't really add anything, it just renames things in a
>   previous patch.  Can it be folded in to the patch that added these
>   fields?
>
> -corey
>
> > ---
> >  MAINTAINERS   |   6 +-
> >  hw/arm/Kconfig|   2 +-
> >  hw/sensor/Kconfig |   2 +-
> >  hw/sensor/{isl_pmbus.c => isl_pmbus_vr.c} |  77 ++---
> >  hw/sensor/meson.build |   2 +-
> >  .../hw/sensor/{isl_pmbus.h => isl_pmbus_vr.h} |   4 +-
> >  .../{isl_pmbus-test.c => isl_pmbus_vr-test.c} | 263 +-
> >  tests/qtest/meson.build   |   2 +-
> >  8 files changed, 180 insertions(+), 178 deletions(-)
> >  rename hw/sensor/{isl_pmbus.c => isl_pmbus_vr.c} (80%)
> >  rename include/hw/sensor/{isl_pmbus.h => isl_pmbus_vr.h} (96%)
> >  rename tests/qtest/{isl_pmbus-test.c => isl_pmbus_vr-test.c} (55%)
> >
> > diff --git a/MAINTAINERS b/MAINTAINERS
> > index 3df8e938e0..364a844045 100644
> > --- a/MAINTAINERS
> > +++ b/MAINTAINERS
> > @@ -3140,13 +3140,13 @@ M: Titus Rwantare 
> >  S: Maintained
> >  F: hw/i2c/pmbus_device.c
> >  F: hw/sensor/adm1272.c
> > -F: hw/sensor/isl_pmbus.c
> > +F: hw/sensor/isl_pmbus_vr.c
> >  F: hw/sensor/max34451.c
> >  F: include/hw/i2c/pmbus_device.h
> > -F: include/hw/sensor/isl_pmbus.h
> > +F: include/hw/sensor/isl_pmbus_vr.h
> >  F: tests/qtest/adm1272-test.c
> >  F: tests/qtest/max34451-test.c
> > -F: tests/qtest/isl_pmbus-test.c
> > +F: tests/qtest/isl_pmbus_vr-test.c
> >
> >  Firmware schema specifications
> >  M: Philippe Mathieu-Daudé 
> > diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
> > index 8047ad6378..97f3b38019 100644
> > --- a/hw/arm/Kconfig
> > +++ b/hw/arm/Kconfig
> > @@ -400,7 +400,7 @@ config NPCM7XX
> >  select SMBUS
> >  select AT24C  # EEPROM
> >  select MAX34451
> > -select ISL_PMBUS
> > +select ISL_PMBUS_VR
> >  select PL310  # cache controller
> >  select PMBUS
> >  select SERIAL
> > diff --git a/hw/sensor/Kconfig b/hw/sensor/Kconfig
> > index 70fb335789..a834d2f814 100644
> > --- a/hw/sensor/Kconfig
> > +++ b/hw/sensor/Kconfig
> > @@ -31,7 +31,7 @@ config LSM303DLHC_MAG
> >  depends on I2C
> >  default y if I2C_DEVICES
> >
> > -config ISL_PMBUS
> > +config ISL_PMBUS_VR
> >  bool
> >  depends on I2C
> >
> > diff --git a/hw/sensor/isl_pmbus.c b/hw/sensor/isl_pmbus_vr.c
> > similarity index 80%
> > rename from hw/sensor/isl_pmbus.c
> > rename to hw/sensor/isl_pmbus_vr.c
> > index e3b42b119e..df7c003ea6 100644
> > --- a/hw/sensor/isl_pmbus.c
> > +++ b/hw/sensor/isl_pmbus_vr.c
> > @@ -7,13 +7,13 @@
> >   */
> >
> >  #include "qemu/osdep.h"
> > -#include "hw/sensor/isl_pmbus.h"
> > +#include "hw/sensor/isl_pmbus_vr.h"
> >  #include "hw/qdev-properties.h"
> >  #include "qapi/visitor.h"
> >  #include "qemu/log.h"
> >  #include "qemu/module.h"
> >
> > -static uint8_t isl_pmbus_read_byte(PMBusDevice *pmdev)
> > +static uint8_t isl_pmbus_vr_read_byte(PMBusDevice *pmdev)
> >  {
> >  qemu_log_mask(LOG_GUEST_ERROR,
> >"%s: reading from unsupported register: 0x%02x\n",
> > @@ -21,7 +21,7 @@ static uint8_t isl_pmbus_read_byte(PMBusDevice *pmdev)
> >  return 0xFF;
> >  }
> >
> > -static int isl_pmbus_write_data(PMBusDevice *pmdev, const uint8_t *buf,
> > +static int isl_pmbus_vr_write_data(PMBusDevice *pmdev, const uint8_t *buf,
> >uint8_t len)
> >  {
> >  qemu_log_mask(LOG_GUEST_ERROR,
> > @@ -31,13 +31,13 @@ static int isl_pmbus_write_data(PMBusDevice *pmdev, 
> > const uint8_t *buf,
> >  }
> >
> >  /* TODO: Implement coefficients support in pmbus_device.c for qmp */
> > -static void isl_pmbus_get(Object *obj, Visitor *v, const char *name,
> > +static void isl_pmbus_vr_get(Object *obj, Visitor *v, const char *name,
> >   void *opaque, Error **errp)
> >  {
> >  visit_type_uint16(v, name, (uint16_t *)opaque, errp);
> >  }
> >
> > -static void isl_pmbus_set(Object *obj, Visitor *v, const char *name,
> > +static void isl_pmbus_vr_set(Object *obj, Visitor *v, const char *name,
> >   void *opaque, Error **errp)
> >  {
> >  PMBusDevice *pmdev = PMBUS_DEVICE(obj);
> > @@ -51,7 +51,7 @@ static void isl_pmbus_set(Object *obj, Visitor *v, const 
> > char *name,
> >  pmbus_check_limits(pmdev);
> >  }
> >
> > -static void isl_pmbus_exit_reset(Object *obj)
> > +static void isl_pmbus_vr_exit_reset(Object *obj)
> >  {
> >  PMBusDevice *pmdev = PMBUS_DEVICE(obj);
> >
> > @@ -92,7 +92,7 @@ static void 

[PATCH v2 9/9] hw/sensor: rename isl_pmbus to isl_pmbus_vr

[Titus Rwantare]

Signed-off-by: Titus Rwantare 
---
 MAINTAINERS   |   6 +-
 hw/arm/Kconfig|   2 +-
 hw/sensor/Kconfig |   2 +-
 hw/sensor/{isl_pmbus.c => isl_pmbus_vr.c} |  77 ++---
 hw/sensor/meson.build |   2 +-
 .../hw/sensor/{isl_pmbus.h => isl_pmbus_vr.h} |   4 +-
 .../{isl_pmbus-test.c => isl_pmbus_vr-test.c} | 263 +-
 tests/qtest/meson.build   |   2 +-
 8 files changed, 180 insertions(+), 178 deletions(-)
 rename hw/sensor/{isl_pmbus.c => isl_pmbus_vr.c} (80%)
 rename include/hw/sensor/{isl_pmbus.h => isl_pmbus_vr.h} (96%)
 rename tests/qtest/{isl_pmbus-test.c => isl_pmbus_vr-test.c} (55%)

diff --git a/MAINTAINERS b/MAINTAINERS
index 3df8e938e0..364a844045 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3140,13 +3140,13 @@ M: Titus Rwantare 
 S: Maintained
 F: hw/i2c/pmbus_device.c
 F: hw/sensor/adm1272.c
-F: hw/sensor/isl_pmbus.c
+F: hw/sensor/isl_pmbus_vr.c
 F: hw/sensor/max34451.c
 F: include/hw/i2c/pmbus_device.h
-F: include/hw/sensor/isl_pmbus.h
+F: include/hw/sensor/isl_pmbus_vr.h
 F: tests/qtest/adm1272-test.c
 F: tests/qtest/max34451-test.c
-F: tests/qtest/isl_pmbus-test.c
+F: tests/qtest/isl_pmbus_vr-test.c
 
 Firmware schema specifications
 M: Philippe Mathieu-Daudé 
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index 8047ad6378..97f3b38019 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -400,7 +400,7 @@ config NPCM7XX
 select SMBUS
 select AT24C  # EEPROM
 select MAX34451
-select ISL_PMBUS
+select ISL_PMBUS_VR
 select PL310  # cache controller
 select PMBUS
 select SERIAL
diff --git a/hw/sensor/Kconfig b/hw/sensor/Kconfig
index 70fb335789..a834d2f814 100644
--- a/hw/sensor/Kconfig
+++ b/hw/sensor/Kconfig
@@ -31,7 +31,7 @@ config LSM303DLHC_MAG
 depends on I2C
 default y if I2C_DEVICES
 
-config ISL_PMBUS
+config ISL_PMBUS_VR
 bool
 depends on I2C
 
diff --git a/hw/sensor/isl_pmbus.c b/hw/sensor/isl_pmbus_vr.c
similarity index 80%
rename from hw/sensor/isl_pmbus.c
rename to hw/sensor/isl_pmbus_vr.c
index e3b42b119e..df7c003ea6 100644
--- a/hw/sensor/isl_pmbus.c
+++ b/hw/sensor/isl_pmbus_vr.c
@@ -7,13 +7,13 @@
  */
 
 #include "qemu/osdep.h"
-#include "hw/sensor/isl_pmbus.h"
+#include "hw/sensor/isl_pmbus_vr.h"
 #include "hw/qdev-properties.h"
 #include "qapi/visitor.h"
 #include "qemu/log.h"
 #include "qemu/module.h"
 
-static uint8_t isl_pmbus_read_byte(PMBusDevice *pmdev)
+static uint8_t isl_pmbus_vr_read_byte(PMBusDevice *pmdev)
 {
 qemu_log_mask(LOG_GUEST_ERROR,
   "%s: reading from unsupported register: 0x%02x\n",
@@ -21,7 +21,7 @@ static uint8_t isl_pmbus_read_byte(PMBusDevice *pmdev)
 return 0xFF;
 }
 
-static int isl_pmbus_write_data(PMBusDevice *pmdev, const uint8_t *buf,
+static int isl_pmbus_vr_write_data(PMBusDevice *pmdev, const uint8_t *buf,
   uint8_t len)
 {
 qemu_log_mask(LOG_GUEST_ERROR,
@@ -31,13 +31,13 @@ static int isl_pmbus_write_data(PMBusDevice *pmdev, const 
uint8_t *buf,
 }
 
 /* TODO: Implement coefficients support in pmbus_device.c for qmp */
-static void isl_pmbus_get(Object *obj, Visitor *v, const char *name,
+static void isl_pmbus_vr_get(Object *obj, Visitor *v, const char *name,
  void *opaque, Error **errp)
 {
 visit_type_uint16(v, name, (uint16_t *)opaque, errp);
 }
 
-static void isl_pmbus_set(Object *obj, Visitor *v, const char *name,
+static void isl_pmbus_vr_set(Object *obj, Visitor *v, const char *name,
  void *opaque, Error **errp)
 {
 PMBusDevice *pmdev = PMBUS_DEVICE(obj);
@@ -51,7 +51,7 @@ static void isl_pmbus_set(Object *obj, Visitor *v, const char 
*name,
 pmbus_check_limits(pmdev);
 }
 
-static void isl_pmbus_exit_reset(Object *obj)
+static void isl_pmbus_vr_exit_reset(Object *obj)
 {
 PMBusDevice *pmdev = PMBUS_DEVICE(obj);
 
@@ -92,7 +92,7 @@ static void isl_pmbus_exit_reset(Object *obj)
 /* The raa228000 uses different direct mode coefficents from most isl devices 
*/
 static void raa228000_exit_reset(Object *obj)
 {
-isl_pmbus_exit_reset(obj);
+isl_pmbus_vr_exit_reset(obj);
 
 PMBusDevice *pmdev = PMBUS_DEVICE(obj);
 
@@ -107,70 +107,70 @@ static void raa228000_exit_reset(Object *obj)
 pmdev->pages[0].read_temperature_3 = 0;
 }
 
-static void isl_pmbus_add_props(Object *obj, uint64_t *flags, uint8_t pages)
+static void isl_pmbus_vr_add_props(Object *obj, uint64_t *flags, uint8_t pages)
 {
 PMBusDevice *pmdev = PMBUS_DEVICE(obj);
 for (int i = 0; i < pages; i++) {
 if (flags[i] & PB_HAS_VIN) {
 object_property_add(obj, "vin[*]", "uint16",
-isl_pmbus_get,
-isl_pmbus_set,
+isl_pmbus_vr_get,
+isl_pmbus_vr_set,
 NULL, 

Re: [PATCH v2 9/9] hw/sensor: rename isl_pmbus to isl_pmbus_vr

[Corey Minyard]

On Tue, Mar 01, 2022 at 04:23:07PM -0800, Titus Rwantare wrote:
> Signed-off-by: Titus Rwantare 

Two things:

* Why do you want to rename this?

* This patch doesn't really add anything, it just renames things in a
  previous patch.  Can it be folded in to the patch that added these
  fields?

-corey

> ---
>  MAINTAINERS   |   6 +-
>  hw/arm/Kconfig|   2 +-
>  hw/sensor/Kconfig |   2 +-
>  hw/sensor/{isl_pmbus.c => isl_pmbus_vr.c} |  77 ++---
>  hw/sensor/meson.build |   2 +-
>  .../hw/sensor/{isl_pmbus.h => isl_pmbus_vr.h} |   4 +-
>  .../{isl_pmbus-test.c => isl_pmbus_vr-test.c} | 263 +-
>  tests/qtest/meson.build   |   2 +-
>  8 files changed, 180 insertions(+), 178 deletions(-)
>  rename hw/sensor/{isl_pmbus.c => isl_pmbus_vr.c} (80%)
>  rename include/hw/sensor/{isl_pmbus.h => isl_pmbus_vr.h} (96%)
>  rename tests/qtest/{isl_pmbus-test.c => isl_pmbus_vr-test.c} (55%)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 3df8e938e0..364a844045 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -3140,13 +3140,13 @@ M: Titus Rwantare 
>  S: Maintained
>  F: hw/i2c/pmbus_device.c
>  F: hw/sensor/adm1272.c
> -F: hw/sensor/isl_pmbus.c
> +F: hw/sensor/isl_pmbus_vr.c
>  F: hw/sensor/max34451.c
>  F: include/hw/i2c/pmbus_device.h
> -F: include/hw/sensor/isl_pmbus.h
> +F: include/hw/sensor/isl_pmbus_vr.h
>  F: tests/qtest/adm1272-test.c
>  F: tests/qtest/max34451-test.c
> -F: tests/qtest/isl_pmbus-test.c
> +F: tests/qtest/isl_pmbus_vr-test.c
>  
>  Firmware schema specifications
>  M: Philippe Mathieu-Daudé 
> diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
> index 8047ad6378..97f3b38019 100644
> --- a/hw/arm/Kconfig
> +++ b/hw/arm/Kconfig
> @@ -400,7 +400,7 @@ config NPCM7XX
>  select SMBUS
>  select AT24C  # EEPROM
>  select MAX34451
> -select ISL_PMBUS
> +select ISL_PMBUS_VR
>  select PL310  # cache controller
>  select PMBUS
>  select SERIAL
> diff --git a/hw/sensor/Kconfig b/hw/sensor/Kconfig
> index 70fb335789..a834d2f814 100644
> --- a/hw/sensor/Kconfig
> +++ b/hw/sensor/Kconfig
> @@ -31,7 +31,7 @@ config LSM303DLHC_MAG
>  depends on I2C
>  default y if I2C_DEVICES
>  
> -config ISL_PMBUS
> +config ISL_PMBUS_VR
>  bool
>  depends on I2C
>  
> diff --git a/hw/sensor/isl_pmbus.c b/hw/sensor/isl_pmbus_vr.c
> similarity index 80%
> rename from hw/sensor/isl_pmbus.c
> rename to hw/sensor/isl_pmbus_vr.c
> index e3b42b119e..df7c003ea6 100644
> --- a/hw/sensor/isl_pmbus.c
> +++ b/hw/sensor/isl_pmbus_vr.c
> @@ -7,13 +7,13 @@
>   */
>  
>  #include "qemu/osdep.h"
> -#include "hw/sensor/isl_pmbus.h"
> +#include "hw/sensor/isl_pmbus_vr.h"
>  #include "hw/qdev-properties.h"
>  #include "qapi/visitor.h"
>  #include "qemu/log.h"
>  #include "qemu/module.h"
>  
> -static uint8_t isl_pmbus_read_byte(PMBusDevice *pmdev)
> +static uint8_t isl_pmbus_vr_read_byte(PMBusDevice *pmdev)
>  {
>  qemu_log_mask(LOG_GUEST_ERROR,
>"%s: reading from unsupported register: 0x%02x\n",
> @@ -21,7 +21,7 @@ static uint8_t isl_pmbus_read_byte(PMBusDevice *pmdev)
>  return 0xFF;
>  }
>  
> -static int isl_pmbus_write_data(PMBusDevice *pmdev, const uint8_t *buf,
> +static int isl_pmbus_vr_write_data(PMBusDevice *pmdev, const uint8_t *buf,
>uint8_t len)
>  {
>  qemu_log_mask(LOG_GUEST_ERROR,
> @@ -31,13 +31,13 @@ static int isl_pmbus_write_data(PMBusDevice *pmdev, const 
> uint8_t *buf,
>  }
>  
>  /* TODO: Implement coefficients support in pmbus_device.c for qmp */
> -static void isl_pmbus_get(Object *obj, Visitor *v, const char *name,
> +static void isl_pmbus_vr_get(Object *obj, Visitor *v, const char *name,
>   void *opaque, Error **errp)
>  {
>  visit_type_uint16(v, name, (uint16_t *)opaque, errp);
>  }
>  
> -static void isl_pmbus_set(Object *obj, Visitor *v, const char *name,
> +static void isl_pmbus_vr_set(Object *obj, Visitor *v, const char *name,
>   void *opaque, Error **errp)
>  {
>  PMBusDevice *pmdev = PMBUS_DEVICE(obj);
> @@ -51,7 +51,7 @@ static void isl_pmbus_set(Object *obj, Visitor *v, const 
> char *name,
>  pmbus_check_limits(pmdev);
>  }
>  
> -static void isl_pmbus_exit_reset(Object *obj)
> +static void isl_pmbus_vr_exit_reset(Object *obj)
>  {
>  PMBusDevice *pmdev = PMBUS_DEVICE(obj);
>  
> @@ -92,7 +92,7 @@ static void isl_pmbus_exit_reset(Object *obj)
>  /* The raa228000 uses different direct mode coefficents from most isl 
> devices */
>  static void raa228000_exit_reset(Object *obj)
>  {
> -isl_pmbus_exit_reset(obj);
> +isl_pmbus_vr_exit_reset(obj);
>  
>  PMBusDevice *pmdev = PMBUS_DEVICE(obj);
>  
> @@ -107,70 +107,70 @@ static void raa228000_exit_reset(Object *obj)
>  pmdev->pages[0].read_temperature_3 = 0;
>  }
>  
> -static void 

[PATCH v2 0/9] Fixups for PMBus and new sensors

[Titus Rwantare]

This patch series contains updates to PMBus in QEMU along with some PMBus
device models for Renesas regulators.
I have also added myself to MAINTAINERS as this code is in use daily,
where I am responsible for it.

v2:
  - split PMBus commit with updates into individual fixes
  - renamed isl_pmbus[.ch] adding _vr for voltage regulators

Shengtan Mao (1):
  hw/i2c: Added linear mode translation for pmbus devices

Titus Rwantare (8):
  hw/i2c: pmbus: add registers
  hw/i2c: pmbus: guard against out of range accesses
  hw/i2c: pmbus: add PEC unsupported warning
  hw/i2c: pmbus: refactor uint handling and update MAINTAINERS
  hw/sensor: add Intersil ISL69260 device model
  hw/sensor: add Renesas raa229004 PMBus device
  hw/sensor: add Renesas raa228000 device
  hw/sensor: rename isl_pmbus to isl_pmbus_vr

 MAINTAINERS  |  13 +
 hw/arm/Kconfig   |   1 +
 hw/i2c/pmbus_device.c| 106 ++-
 hw/sensor/Kconfig|   5 +
 hw/sensor/isl_pmbus_vr.c | 279 ++
 hw/sensor/meson.build|   1 +
 include/hw/i2c/pmbus_device.h|  23 +-
 include/hw/sensor/isl_pmbus_vr.h |  52 
 tests/qtest/isl_pmbus_vr-test.c  | 474 +++
 tests/qtest/meson.build  |   1 +
 10 files changed, 944 insertions(+), 11 deletions(-)
 create mode 100644 hw/sensor/isl_pmbus_vr.c
 create mode 100644 include/hw/sensor/isl_pmbus_vr.h
 create mode 100644 tests/qtest/isl_pmbus_vr-test.c

-- 
2.35.1.616.g0bdcbb4464-goog

[PATCH v2 7/9] hw/sensor: add Renesas raa229004 PMBus device

[Titus Rwantare]

The Renesas RAA229004 is a PMBus Multiphase Voltage Regulator

Signed-off-by: Titus Rwantare 
Reviewed-by: Hao Wu 
---
 hw/sensor/isl_pmbus.c | 18 ++
 include/hw/sensor/isl_pmbus.h |  1 +
 tests/qtest/isl_pmbus-test.c  |  8 
 3 files changed, 27 insertions(+)

diff --git a/hw/sensor/isl_pmbus.c b/hw/sensor/isl_pmbus.c
index 8cc7220a57..4ff848f663 100644
--- a/hw/sensor/isl_pmbus.c
+++ b/hw/sensor/isl_pmbus.c
@@ -194,6 +194,15 @@ static void isl69260_class_init(ObjectClass *klass, void 
*data)
 isl_pmbus_class_init(klass, data, 2);
 }
 
+static void raa229004_class_init(ObjectClass *klass, void *data)
+{
+ResettableClass *rc = RESETTABLE_CLASS(klass);
+DeviceClass *dc = DEVICE_CLASS(klass);
+dc->desc = "Renesas 229004 Digital Multiphase Voltage Regulator";
+rc->phases.exit = isl_pmbus_exit_reset;
+isl_pmbus_class_init(klass, data, 2);
+}
+
 static const TypeInfo isl69260_info = {
 .name = TYPE_ISL69260,
 .parent = TYPE_PMBUS_DEVICE,
@@ -202,9 +211,18 @@ static const TypeInfo isl69260_info = {
 .class_init = isl69260_class_init,
 };
 
+static const TypeInfo raa229004_info = {
+.name = TYPE_RAA229004,
+.parent = TYPE_PMBUS_DEVICE,
+.instance_size = sizeof(ISLState),
+.instance_init = raa22xx_init,
+.class_init = raa229004_class_init,
+};
+
 static void isl_pmbus_register_types(void)
 {
 type_register_static(_info);
+type_register_static(_info);
 }
 
 type_init(isl_pmbus_register_types)
diff --git a/include/hw/sensor/isl_pmbus.h b/include/hw/sensor/isl_pmbus.h
index 8115aaa698..a947fd3903 100644
--- a/include/hw/sensor/isl_pmbus.h
+++ b/include/hw/sensor/isl_pmbus.h
@@ -13,6 +13,7 @@
 #include "qom/object.h"
 
 #define TYPE_ISL69260   "isl69260"
+#define TYPE_RAA229004  "raa229004"
 
 struct ISLState {
 PMBusDevice parent;
diff --git a/tests/qtest/isl_pmbus-test.c b/tests/qtest/isl_pmbus-test.c
index 59fa67f110..80d6c24ec7 100644
--- a/tests/qtest/isl_pmbus-test.c
+++ b/tests/qtest/isl_pmbus-test.c
@@ -383,11 +383,19 @@ static void isl_pmbus_register_nodes(void)
 qos_node_create_driver("isl69260", i2c_device_create);
 qos_node_consumes("isl69260", "i2c-bus", );
 
+qos_node_create_driver("raa229004", i2c_device_create);
+qos_node_consumes("raa229004", "i2c-bus", );
+
 qos_add_test("test_defaults", "isl69260", test_defaults, NULL);
 qos_add_test("test_tx_rx", "isl69260", test_tx_rx, NULL);
 qos_add_test("test_rw_regs", "isl69260", test_rw_regs, NULL);
 qos_add_test("test_pages_rw", "isl69260", test_pages_rw, NULL);
 qos_add_test("test_ro_regs", "isl69260", test_ro_regs, NULL);
 qos_add_test("test_ov_faults", "isl69260", test_voltage_faults, NULL);
+
+qos_add_test("test_tx_rx", "raa229004", test_tx_rx, NULL);
+qos_add_test("test_rw_regs", "raa229004", test_rw_regs, NULL);
+qos_add_test("test_pages_rw", "raa229004", test_pages_rw, NULL);
+qos_add_test("test_ov_faults", "raa229004", test_voltage_faults, NULL);
 }
 libqos_init(isl_pmbus_register_nodes);
-- 
2.35.1.616.g0bdcbb4464-goog

[PATCH v2 6/9] hw/sensor: add Intersil ISL69260 device model

[Titus Rwantare]

Signed-off-by: Titus Rwantare 
Reviewed-by: Hao Wu 
---
 MAINTAINERS   |   3 +
 hw/arm/Kconfig|   1 +
 hw/sensor/Kconfig |   5 +
 hw/sensor/isl_pmbus.c | 210 ++
 hw/sensor/meson.build |   1 +
 include/hw/sensor/isl_pmbus.h |  50 +
 tests/qtest/isl_pmbus-test.c  | 393 ++
 tests/qtest/meson.build   |   1 +
 8 files changed, 664 insertions(+)
 create mode 100644 hw/sensor/isl_pmbus.c
 create mode 100644 include/hw/sensor/isl_pmbus.h
 create mode 100644 tests/qtest/isl_pmbus-test.c

diff --git a/MAINTAINERS b/MAINTAINERS
index 3601984b5d..3df8e938e0 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3140,10 +3140,13 @@ M: Titus Rwantare 
 S: Maintained
 F: hw/i2c/pmbus_device.c
 F: hw/sensor/adm1272.c
+F: hw/sensor/isl_pmbus.c
 F: hw/sensor/max34451.c
 F: include/hw/i2c/pmbus_device.h
+F: include/hw/sensor/isl_pmbus.h
 F: tests/qtest/adm1272-test.c
 F: tests/qtest/max34451-test.c
+F: tests/qtest/isl_pmbus-test.c
 
 Firmware schema specifications
 M: Philippe Mathieu-Daudé 
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index 6945330030..8047ad6378 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -400,6 +400,7 @@ config NPCM7XX
 select SMBUS
 select AT24C  # EEPROM
 select MAX34451
+select ISL_PMBUS
 select PL310  # cache controller
 select PMBUS
 select SERIAL
diff --git a/hw/sensor/Kconfig b/hw/sensor/Kconfig
index 215944decc..70fb335789 100644
--- a/hw/sensor/Kconfig
+++ b/hw/sensor/Kconfig
@@ -30,3 +30,8 @@ config LSM303DLHC_MAG
 bool
 depends on I2C
 default y if I2C_DEVICES
+
+config ISL_PMBUS
+bool
+depends on I2C
+
diff --git a/hw/sensor/isl_pmbus.c b/hw/sensor/isl_pmbus.c
new file mode 100644
index 00..8cc7220a57
--- /dev/null
+++ b/hw/sensor/isl_pmbus.c
@@ -0,0 +1,210 @@
+/*
+ * PMBus device for Renesas Digital Multiphase Voltage Regulators
+ *
+ * Copyright 2021 Google LLC
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sensor/isl_pmbus.h"
+#include "hw/qdev-properties.h"
+#include "qapi/visitor.h"
+#include "qemu/log.h"
+#include "qemu/module.h"
+
+static uint8_t isl_pmbus_read_byte(PMBusDevice *pmdev)
+{
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: reading from unsupported register: 0x%02x\n",
+  __func__, pmdev->code);
+return 0xFF;
+}
+
+static int isl_pmbus_write_data(PMBusDevice *pmdev, const uint8_t *buf,
+  uint8_t len)
+{
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: write to unsupported register: 0x%02x\n",
+  __func__, pmdev->code);
+return 0xFF;
+}
+
+/* TODO: Implement coefficients support in pmbus_device.c for qmp */
+static void isl_pmbus_get(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+visit_type_uint16(v, name, (uint16_t *)opaque, errp);
+}
+
+static void isl_pmbus_set(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+PMBusDevice *pmdev = PMBUS_DEVICE(obj);
+uint16_t *internal = opaque;
+uint16_t value;
+if (!visit_type_uint16(v, name, , errp)) {
+return;
+}
+
+*internal = value;
+pmbus_check_limits(pmdev);
+}
+
+static void isl_pmbus_exit_reset(Object *obj)
+{
+PMBusDevice *pmdev = PMBUS_DEVICE(obj);
+
+pmdev->page = 0;
+pmdev->capability = ISL_CAPABILITY_DEFAULT;
+for (int i = 0; i < pmdev->num_pages; i++) {
+pmdev->pages[i].operation = ISL_OPERATION_DEFAULT;
+pmdev->pages[i].on_off_config = ISL_ON_OFF_CONFIG_DEFAULT;
+pmdev->pages[i].vout_mode = ISL_VOUT_MODE_DEFAULT;
+pmdev->pages[i].vout_command = ISL_VOUT_COMMAND_DEFAULT;
+pmdev->pages[i].vout_max = ISL_VOUT_MAX_DEFAULT;
+pmdev->pages[i].vout_margin_high = ISL_VOUT_MARGIN_HIGH_DEFAULT;
+pmdev->pages[i].vout_margin_low = ISL_VOUT_MARGIN_LOW_DEFAULT;
+pmdev->pages[i].vout_transition_rate = 
ISL_VOUT_TRANSITION_RATE_DEFAULT;
+pmdev->pages[i].vout_ov_fault_limit = ISL_VOUT_OV_FAULT_LIMIT_DEFAULT;
+pmdev->pages[i].ot_fault_limit = ISL_OT_FAULT_LIMIT_DEFAULT;
+pmdev->pages[i].ot_warn_limit = ISL_OT_WARN_LIMIT_DEFAULT;
+pmdev->pages[i].vin_ov_warn_limit = ISL_VIN_OV_WARN_LIMIT_DEFAULT;
+pmdev->pages[i].vin_uv_warn_limit = ISL_VIN_UV_WARN_LIMIT_DEFAULT;
+pmdev->pages[i].iin_oc_fault_limit = ISL_IIN_OC_FAULT_LIMIT_DEFAULT;
+pmdev->pages[i].ton_delay = ISL_TON_DELAY_DEFAULT;
+pmdev->pages[i].ton_rise = ISL_TON_RISE_DEFAULT;
+pmdev->pages[i].toff_fall = ISL_TOFF_FALL_DEFAULT;
+pmdev->pages[i].revision = ISL_REVISION_DEFAULT;
+
+pmdev->pages[i].read_vout = ISL_READ_VOUT_DEFAULT;
+pmdev->pages[i].read_iout = ISL_READ_IOUT_DEFAULT;
+pmdev->pages[i].read_pout = ISL_READ_POUT_DEFAULT;
+ 

[PATCH v2 8/9] hw/sensor: add Renesas raa228000 device

[Titus Rwantare]

Signed-off-by: Titus Rwantare 
Reviewed-by: Hao Wu 
---
 hw/sensor/isl_pmbus.c | 50 ++
 include/hw/sensor/isl_pmbus.h |  1 +
 tests/qtest/isl_pmbus-test.c  | 78 +--
 3 files changed, 126 insertions(+), 3 deletions(-)

diff --git a/hw/sensor/isl_pmbus.c b/hw/sensor/isl_pmbus.c
index 4ff848f663..e3b42b119e 100644
--- a/hw/sensor/isl_pmbus.c
+++ b/hw/sensor/isl_pmbus.c
@@ -89,6 +89,24 @@ static void isl_pmbus_exit_reset(Object *obj)
 }
 }
 
+/* The raa228000 uses different direct mode coefficents from most isl devices 
*/
+static void raa228000_exit_reset(Object *obj)
+{
+isl_pmbus_exit_reset(obj);
+
+PMBusDevice *pmdev = PMBUS_DEVICE(obj);
+
+pmdev->pages[0].read_vout = 0;
+pmdev->pages[0].read_iout = 0;
+pmdev->pages[0].read_pout = 0;
+pmdev->pages[0].read_vin = 0;
+pmdev->pages[0].read_iin = 0;
+pmdev->pages[0].read_pin = 0;
+pmdev->pages[0].read_temperature_1 = 0;
+pmdev->pages[0].read_temperature_2 = 0;
+pmdev->pages[0].read_temperature_3 = 0;
+}
+
 static void isl_pmbus_add_props(Object *obj, uint64_t *flags, uint8_t pages)
 {
 PMBusDevice *pmdev = PMBUS_DEVICE(obj);
@@ -177,6 +195,20 @@ static void raa22xx_init(Object *obj)
 isl_pmbus_add_props(obj, flags, 2);
 }
 
+static void raa228000_init(Object *obj)
+{
+PMBusDevice *pmdev = PMBUS_DEVICE(obj);
+uint64_t flags[1];
+
+flags[0] = PB_HAS_VIN | PB_HAS_VOUT | PB_HAS_VOUT_MODE |
+   PB_HAS_VOUT_RATING | PB_HAS_VOUT_MARGIN | PB_HAS_IIN |
+   PB_HAS_IOUT | PB_HAS_PIN | PB_HAS_POUT | PB_HAS_TEMPERATURE |
+   PB_HAS_TEMP2 | PB_HAS_TEMP3 | PB_HAS_STATUS_MFR_SPECIFIC;
+
+pmbus_page_config(pmdev, 0, flags[0]);
+isl_pmbus_add_props(obj, flags, 1);
+}
+
 static void isl_pmbus_class_init(ObjectClass *klass, void *data, uint8_t pages)
 {
 PMBusDeviceClass *k = PMBUS_DEVICE_CLASS(klass);
@@ -194,6 +226,15 @@ static void isl69260_class_init(ObjectClass *klass, void 
*data)
 isl_pmbus_class_init(klass, data, 2);
 }
 
+static void raa228000_class_init(ObjectClass *klass, void *data)
+{
+ResettableClass *rc = RESETTABLE_CLASS(klass);
+DeviceClass *dc = DEVICE_CLASS(klass);
+dc->desc = "Renesas 228000 Digital Multiphase Voltage Regulator";
+rc->phases.exit = raa228000_exit_reset;
+isl_pmbus_class_init(klass, data, 1);
+}
+
 static void raa229004_class_init(ObjectClass *klass, void *data)
 {
 ResettableClass *rc = RESETTABLE_CLASS(klass);
@@ -219,9 +260,18 @@ static const TypeInfo raa229004_info = {
 .class_init = raa229004_class_init,
 };
 
+static const TypeInfo raa228000_info = {
+.name = TYPE_RAA228000,
+.parent = TYPE_PMBUS_DEVICE,
+.instance_size = sizeof(ISLState),
+.instance_init = raa228000_init,
+.class_init = raa228000_class_init,
+};
+
 static void isl_pmbus_register_types(void)
 {
 type_register_static(_info);
+type_register_static(_info);
 type_register_static(_info);
 }
 
diff --git a/include/hw/sensor/isl_pmbus.h b/include/hw/sensor/isl_pmbus.h
index a947fd3903..7ead1dc4a2 100644
--- a/include/hw/sensor/isl_pmbus.h
+++ b/include/hw/sensor/isl_pmbus.h
@@ -13,6 +13,7 @@
 #include "qom/object.h"
 
 #define TYPE_ISL69260   "isl69260"
+#define TYPE_RAA228000  "raa228000"
 #define TYPE_RAA229004  "raa229004"
 
 struct ISLState {
diff --git a/tests/qtest/isl_pmbus-test.c b/tests/qtest/isl_pmbus-test.c
index 80d6c24ec7..ea62cd4e07 100644
--- a/tests/qtest/isl_pmbus-test.c
+++ b/tests/qtest/isl_pmbus-test.c
@@ -149,6 +149,70 @@ static void test_defaults(void *obj, void *data, 
QGuestAllocator *alloc)
 g_assert_cmphex(i2c_value, ==, ISL_REVISION_DEFAULT);
 }
 
+static void raa228000_test_defaults(void *obj, void *data,
+QGuestAllocator *alloc)
+{
+uint16_t value, i2c_value;
+QI2CDevice *i2cdev = (QI2CDevice *)obj;
+
+value = qmp_isl_pmbus_get(TEST_ID, "vout[0]");
+g_assert_cmpuint(value, ==, 0);
+
+i2c_value = isl_pmbus_i2c_get16(i2cdev, PMBUS_READ_IOUT);
+g_assert_cmpuint(i2c_value, ==, 0);
+
+value = qmp_isl_pmbus_get(TEST_ID, "pout[0]");
+g_assert_cmpuint(value, ==, 0);
+
+i2c_value = i2c_get8(i2cdev, PMBUS_CAPABILITY);
+g_assert_cmphex(i2c_value, ==, ISL_CAPABILITY_DEFAULT);
+
+i2c_value = i2c_get8(i2cdev, PMBUS_OPERATION);
+g_assert_cmphex(i2c_value, ==, ISL_OPERATION_DEFAULT);
+
+i2c_value = i2c_get8(i2cdev, PMBUS_ON_OFF_CONFIG);
+g_assert_cmphex(i2c_value, ==, ISL_ON_OFF_CONFIG_DEFAULT);
+
+i2c_value = i2c_get8(i2cdev, PMBUS_VOUT_MODE);
+g_assert_cmphex(i2c_value, ==, ISL_VOUT_MODE_DEFAULT);
+
+i2c_value = isl_pmbus_i2c_get16(i2cdev, PMBUS_VOUT_COMMAND);
+g_assert_cmphex(i2c_value, ==, ISL_VOUT_COMMAND_DEFAULT);
+
+i2c_value = isl_pmbus_i2c_get16(i2cdev, PMBUS_VOUT_MAX);
+g_assert_cmphex(i2c_value, ==, ISL_VOUT_MAX_DEFAULT);
+
+i2c_value = isl_pmbus_i2c_get16(i2cdev, PMBUS_VOUT_MARGIN_HIGH);
+

[PATCH v2 2/9] hw/i2c: pmbus: guard against out of range accesses

[Titus Rwantare]

Signed-off-by: Titus Rwantare 
---
 hw/i2c/pmbus_device.c | 41 -
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/hw/i2c/pmbus_device.c b/hw/i2c/pmbus_device.c
index 07a45c99f9..93c746bab3 100644
--- a/hw/i2c/pmbus_device.c
+++ b/hw/i2c/pmbus_device.c
@@ -243,18 +243,47 @@ void pmbus_check_limits(PMBusDevice *pmdev)
 }
 }
 
+/* assert the status_cml error upon receipt of malformed command */
+static void pmbus_cml_error(PMBusDevice *pmdev)
+{
+for (int i = 0; i < pmdev->num_pages; i++) {
+pmdev->pages[i].status_word |= PMBUS_STATUS_CML;
+pmdev->pages[i].status_cml |= PB_CML_FAULT_INVALID_CMD;
+}
+}
+
 static uint8_t pmbus_receive_byte(SMBusDevice *smd)
 {
 PMBusDevice *pmdev = PMBUS_DEVICE(smd);
 PMBusDeviceClass *pmdc = PMBUS_DEVICE_GET_CLASS(pmdev);
 uint8_t ret = 0xFF;
-uint8_t index = pmdev->page;
+uint8_t index;
 
 if (pmdev->out_buf_len != 0) {
 ret = pmbus_out_buf_pop(pmdev);
 return ret;
 }
 
+/*
+ * Reading from all pages will return the value from page 0,
+ * this is unspecified behaviour in general.
+ */
+if (pmdev->page == PB_ALL_PAGES) {
+index = 0;
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: tried to read from all pages\n",
+  __func__);
+pmbus_cml_error(pmdev);
+} else if (pmdev->page > pmdev->num_pages - 1) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: page %d is out of range\n",
+  __func__, pmdev->page);
+pmbus_cml_error(pmdev);
+return -1;
+} else {
+index = pmdev->page;
+}
+
 switch (pmdev->code) {
 case PMBUS_PAGE:
 pmbus_send8(pmdev, pmdev->page);
@@ -1038,6 +1067,7 @@ static int pmbus_write_data(SMBusDevice *smd, uint8_t 
*buf, uint8_t len)
 pmdev->page = pmbus_receive8(pmdev);
 return 0;
 }
+
 /* loop through all the pages when 0xFF is received */
 if (pmdev->page == PB_ALL_PAGES) {
 for (int i = 0; i < pmdev->num_pages; i++) {
@@ -1048,6 +1078,15 @@ static int pmbus_write_data(SMBusDevice *smd, uint8_t 
*buf, uint8_t len)
 return 0;
 }
 
+if (pmdev->page > pmdev->num_pages - 1) {
+qemu_log_mask(LOG_GUEST_ERROR,
+"%s: page %u is out of range\n",
+__func__, pmdev->page);
+pmdev->page = 0; /* undefined behaviour - reset to page 0 */
+pmbus_cml_error(pmdev);
+return -1;
+}
+
 index = pmdev->page;
 
 switch (pmdev->code) {
-- 
2.35.1.616.g0bdcbb4464-goog

[PATCH v2 5/9] hw/i2c: Added linear mode translation for pmbus devices

[Titus Rwantare]

From: Shengtan Mao 

Signed-off-by: Shengtan Mao 
Reviewed-by: Titus Rwantare 
---
 hw/i2c/pmbus_device.c | 18 ++
 include/hw/i2c/pmbus_device.h | 20 +++-
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/hw/i2c/pmbus_device.c b/hw/i2c/pmbus_device.c
index 3beb02afad..1036c41c49 100644
--- a/hw/i2c/pmbus_device.c
+++ b/hw/i2c/pmbus_device.c
@@ -28,6 +28,24 @@ uint32_t pmbus_direct_mode2data(PMBusCoefficients c, 
uint16_t value)
 return x;
 }
 
+uint16_t pmbus_data2linear_mode(uint16_t value, int exp)
+{
+/* L = D * 2^(-e) */
+if (exp < 0) {
+return value << (-exp);
+}
+return value >> exp;
+}
+
+uint16_t pmbus_linear_mode2data(uint16_t value, int exp)
+{
+/* D = L * 2^e */
+if (exp < 0) {
+return value >> (-exp);
+}
+return value << exp;
+}
+
 void pmbus_send(PMBusDevice *pmdev, const uint8_t *data, uint16_t len)
 {
 if (pmdev->out_buf_len + len > SMBUS_DATA_MAX_LEN) {
diff --git a/include/hw/i2c/pmbus_device.h b/include/hw/i2c/pmbus_device.h
index 72c0483149..9a274247ab 100644
--- a/include/hw/i2c/pmbus_device.h
+++ b/include/hw/i2c/pmbus_device.h
@@ -446,7 +446,7 @@ typedef struct PMBusCoefficients {
  *
  * Y = (m * x - b) * 10^R
  *
- * @return uint32_t
+ * @return uint16_t
  */
 uint16_t pmbus_data2direct_mode(PMBusCoefficients c, uint32_t value);
 
@@ -459,6 +459,24 @@ uint16_t pmbus_data2direct_mode(PMBusCoefficients c, 
uint32_t value);
  */
 uint32_t pmbus_direct_mode2data(PMBusCoefficients c, uint16_t value);
 
+/**
+ * Convert sensor values to linear mode format
+ *
+ * L = D * 2^(-e)
+ *
+ * @return uint16
+ */
+uint16_t pmbus_data2linear_mode(uint16_t value, int exp);
+
+/**
+ * Convert linear mode formatted data into sensor reading
+ *
+ * D = L * 2^e
+ *
+ * @return uint16
+ */
+uint16_t pmbus_linear_mode2data(uint16_t value, int exp);
+
 /**
  * @brief Send a block of data over PMBus
  * Assumes that the bytes in the block are already ordered correctly,
-- 
2.35.1.616.g0bdcbb4464-goog

[PATCH v2 4/9] hw/i2c: pmbus: refactor uint handling and update MAINTAINERS

[Titus Rwantare]

Signed-off-by: Titus Rwantare 
---
 MAINTAINERS   | 10 ++
 hw/i2c/pmbus_device.c | 18 +-
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index fa8adc2618..3601984b5d 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3135,6 +3135,16 @@ F: include/hw/i2c/smbus_master.h
 F: include/hw/i2c/smbus_slave.h
 F: include/hw/i2c/smbus_eeprom.h
 
+PMBus
+M: Titus Rwantare 
+S: Maintained
+F: hw/i2c/pmbus_device.c
+F: hw/sensor/adm1272.c
+F: hw/sensor/max34451.c
+F: include/hw/i2c/pmbus_device.h
+F: tests/qtest/adm1272-test.c
+F: tests/qtest/max34451-test.c
+
 Firmware schema specifications
 M: Philippe Mathieu-Daudé 
 R: Daniel P. Berrange 
diff --git a/hw/i2c/pmbus_device.c b/hw/i2c/pmbus_device.c
index 6eeb0731d7..3beb02afad 100644
--- a/hw/i2c/pmbus_device.c
+++ b/hw/i2c/pmbus_device.c
@@ -89,16 +89,16 @@ void pmbus_send_string(PMBusDevice *pmdev, const char *data)
 }
 
 
-static uint64_t pmbus_receive_uint(const uint8_t *buf, uint8_t len)
+static uint64_t pmbus_receive_uint(PMBusDevice *pmdev)
 {
 uint64_t ret = 0;
 
 /* Exclude command code from return value */
-buf++;
-len--;
+pmdev->in_buf++;
+pmdev->in_buf_len--;
 
-for (int i = len - 1; i >= 0; i--) {
-ret = ret << 8 | buf[i];
+for (int i = pmdev->in_buf_len - 1; i >= 0; i--) {
+ret = ret << 8 | pmdev->in_buf[i];
 }
 return ret;
 }
@@ -110,7 +110,7 @@ uint8_t pmbus_receive8(PMBusDevice *pmdev)
   "%s: length mismatch. Expected 1 byte, got %d bytes\n",
   __func__, pmdev->in_buf_len - 1);
 }
-return pmbus_receive_uint(pmdev->in_buf, pmdev->in_buf_len);
+return pmbus_receive_uint(pmdev);
 }
 
 uint16_t pmbus_receive16(PMBusDevice *pmdev)
@@ -120,7 +120,7 @@ uint16_t pmbus_receive16(PMBusDevice *pmdev)
   "%s: length mismatch. Expected 2 bytes, got %d bytes\n",
   __func__, pmdev->in_buf_len - 1);
 }
-return pmbus_receive_uint(pmdev->in_buf, pmdev->in_buf_len);
+return pmbus_receive_uint(pmdev);
 }
 
 uint32_t pmbus_receive32(PMBusDevice *pmdev)
@@ -130,7 +130,7 @@ uint32_t pmbus_receive32(PMBusDevice *pmdev)
   "%s: length mismatch. Expected 4 bytes, got %d bytes\n",
   __func__, pmdev->in_buf_len - 1);
 }
-return pmbus_receive_uint(pmdev->in_buf, pmdev->in_buf_len);
+return pmbus_receive_uint(pmdev);
 }
 
 uint64_t pmbus_receive64(PMBusDevice *pmdev)
@@ -140,7 +140,7 @@ uint64_t pmbus_receive64(PMBusDevice *pmdev)
   "%s: length mismatch. Expected 8 bytes, got %d bytes\n",
   __func__, pmdev->in_buf_len - 1);
 }
-return pmbus_receive_uint(pmdev->in_buf, pmdev->in_buf_len);
+return pmbus_receive_uint(pmdev);
 }
 
 static uint8_t pmbus_out_buf_pop(PMBusDevice *pmdev)
-- 
2.35.1.616.g0bdcbb4464-goog

[PATCH v2 3/9] hw/i2c: pmbus: add PEC unsupported warning

[Titus Rwantare]

Signed-off-by: Titus Rwantare 
---
 hw/i2c/pmbus_device.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/hw/i2c/pmbus_device.c b/hw/i2c/pmbus_device.c
index 93c746bab3..6eeb0731d7 100644
--- a/hw/i2c/pmbus_device.c
+++ b/hw/i2c/pmbus_device.c
@@ -307,6 +307,11 @@ static uint8_t pmbus_receive_byte(SMBusDevice *smd)
 
 case PMBUS_CAPABILITY:
 pmbus_send8(pmdev, pmdev->capability);
+if (pmdev->capability & BIT(7)) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: PEC is enabled but not yet supported.\n",
+  __func__);
+}
 break;
 
 case PMBUS_VOUT_MODE: /* R/W byte */
-- 
2.35.1.616.g0bdcbb4464-goog

[PATCH v2 1/9] hw/i2c: pmbus: add registers

[Titus Rwantare]

   - add the VOUT_MIN and STATUS_MFR registers

Signed-off-by: Titus Rwantare 
---
 hw/i2c/pmbus_device.c | 24 
 include/hw/i2c/pmbus_device.h |  3 +++
 2 files changed, 27 insertions(+)

diff --git a/hw/i2c/pmbus_device.c b/hw/i2c/pmbus_device.c
index 24f8f522d9..07a45c99f9 100644
--- a/hw/i2c/pmbus_device.c
+++ b/hw/i2c/pmbus_device.c
@@ -368,6 +368,14 @@ static uint8_t pmbus_receive_byte(SMBusDevice *smd)
 }
 break;
 
+case PMBUS_VOUT_MIN:/* R/W word */
+if (pmdev->pages[index].page_flags & PB_HAS_VOUT_RATING) {
+pmbus_send16(pmdev, pmdev->pages[index].vout_min);
+} else {
+goto passthough;
+}
+break;
+
 /* TODO: implement coefficients support */
 
 case PMBUS_POUT_MAX:  /* R/W word */
@@ -708,6 +716,10 @@ static uint8_t pmbus_receive_byte(SMBusDevice *smd)
 pmbus_send8(pmdev, pmdev->pages[index].status_other);
 break;
 
+case PMBUS_STATUS_MFR_SPECIFIC:   /* R/W byte */
+pmbus_send8(pmdev, pmdev->pages[index].status_mfr_specific);
+break;
+
 case PMBUS_READ_EIN:  /* Read-Only block 5 bytes */
 if (pmdev->pages[index].page_flags & PB_HAS_EIN) {
 pmbus_send(pmdev, pmdev->pages[index].read_ein, 5);
@@ -1149,6 +1161,14 @@ static int pmbus_write_data(SMBusDevice *smd, uint8_t 
*buf, uint8_t len)
 }
 break;
 
+case PMBUS_VOUT_MIN:  /* R/W word */
+if (pmdev->pages[index].page_flags & PB_HAS_VOUT_RATING) {
+pmdev->pages[index].vout_min = pmbus_receive16(pmdev);
+} else {
+goto passthrough;
+}
+break;
+
 case PMBUS_POUT_MAX:  /* R/W word */
 if (pmdev->pages[index].page_flags & PB_HAS_VOUT) {
 pmdev->pages[index].pout_max = pmbus_receive16(pmdev);
@@ -1482,6 +1502,10 @@ static int pmbus_write_data(SMBusDevice *smd, uint8_t 
*buf, uint8_t len)
 pmdev->pages[index].status_other = pmbus_receive8(pmdev);
 break;
 
+case PMBUS_STATUS_MFR_SPECIFIC:/* R/W byte */
+pmdev->pages[index].status_mfr_specific = pmbus_receive8(pmdev);
+break;
+
 case PMBUS_PAGE_PLUS_READ:/* Block Read-only */
 case PMBUS_CAPABILITY:/* Read-Only byte */
 case PMBUS_COEFFICIENTS:  /* Read-only block 5 bytes */
diff --git a/include/hw/i2c/pmbus_device.h b/include/hw/i2c/pmbus_device.h
index 62bd38c83f..72c0483149 100644
--- a/include/hw/i2c/pmbus_device.h
+++ b/include/hw/i2c/pmbus_device.h
@@ -43,6 +43,7 @@ enum pmbus_registers {
 PMBUS_VOUT_DROOP= 0x28, /* R/W word */
 PMBUS_VOUT_SCALE_LOOP   = 0x29, /* R/W word */
 PMBUS_VOUT_SCALE_MONITOR= 0x2A, /* R/W word */
+PMBUS_VOUT_MIN  = 0x2B, /* R/W word */
 PMBUS_COEFFICIENTS  = 0x30, /* Read-only block 5 bytes */
 PMBUS_POUT_MAX  = 0x31, /* R/W word */
 PMBUS_MAX_DUTY  = 0x32, /* R/W word */
@@ -255,6 +256,7 @@ OBJECT_DECLARE_TYPE(PMBusDevice, PMBusDeviceClass,
 #define PB_HAS_TEMP3   BIT_ULL(42)
 #define PB_HAS_TEMP_RATING BIT_ULL(43)
 #define PB_HAS_MFR_INFOBIT_ULL(50)
+#define PB_HAS_STATUS_MFR_SPECIFIC BIT_ULL(51)
 
 struct PMBusDeviceClass {
 SMBusDeviceClass parent_class;
@@ -295,6 +297,7 @@ typedef struct PMBusPage {
 uint16_t vout_droop;   /* R/W word */
 uint16_t vout_scale_loop;  /* R/W word */
 uint16_t vout_scale_monitor;   /* R/W word */
+uint16_t vout_min; /* R/W word */
 uint8_t coefficients[5];   /* Read-only block 5 bytes */
 uint16_t pout_max; /* R/W word */
 uint16_t max_duty; /* R/W word */
-- 
2.35.1.616.g0bdcbb4464-goog

Re: [PATCH v3 10/15] audio: restore mixing-engine playback buffer size

[Akihiko Odaki]

Reviewed-by: Akihiko Odaki 

On 2022/03/02 4:13, Volker Rümelin wrote:

Commit ff095e5231 "audio: api for mixeng code free backends"
introduced another FIFO for the audio subsystem with exactly the
same size as the mixing-engine FIFO. Most audio backends use
this generic FIFO. The generic FIFO used together with the
mixing-engine FIFO doubles the audio FIFO size, because that's
just two independent FIFOs connected together in series.

For audio playback this nearly doubles the playback latency.

This patch restores the effective mixing-engine playback buffer
size to a pre v4.2.0 size by only accepting the amount of
samples for the mixing-engine queue which the downstream queue
accepts.

Signed-off-by: Volker Rümelin 
---
  audio/alsaaudio.c |  1 +
  audio/audio.c | 69 +++
  audio/audio_int.h |  7 -
  audio/coreaudio.c |  3 +++
  audio/jackaudio.c |  1 +
  audio/noaudio.c   |  1 +
  audio/ossaudio.c  | 12 +
  audio/sdlaudio.c  |  3 +++
  audio/wavaudio.c  |  1 +
  9 files changed, 80 insertions(+), 18 deletions(-)

diff --git a/audio/alsaaudio.c b/audio/alsaaudio.c
index 2b9789e647..b04716a6cc 100644
--- a/audio/alsaaudio.c
+++ b/audio/alsaaudio.c
@@ -916,6 +916,7 @@ static struct audio_pcm_ops alsa_pcm_ops = {
  .init_out = alsa_init_out,
  .fini_out = alsa_fini_out,
  .write= alsa_write,
+.buffer_get_free = audio_generic_buffer_get_free,
  .run_buffer_out = audio_generic_run_buffer_out,
  .enable_out = alsa_enable_out,
  
diff --git a/audio/audio.c b/audio/audio.c

index c420a8bd1c..a88572e713 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -663,6 +663,12 @@ static size_t audio_pcm_hw_get_live_out (HWVoiceOut *hw, 
int *nb_live)
  return 0;
  }
  
+static size_t audio_pcm_hw_get_free(HWVoiceOut *hw)

+{
+return (hw->pcm_ops->buffer_get_free ? hw->pcm_ops->buffer_get_free(hw) :
+INT_MAX) / hw->info.bytes_per_frame;
+}
+
  static void audio_pcm_hw_clip_out(HWVoiceOut *hw, void *pcm_buf, size_t len)
  {
  size_t clipped = 0;
@@ -687,7 +693,8 @@ static void audio_pcm_hw_clip_out(HWVoiceOut *hw, void 
*pcm_buf, size_t len)
   */
  static size_t audio_pcm_sw_write(SWVoiceOut *sw, void *buf, size_t size)
  {
-size_t hwsamples, samples, isamp, osamp, wpos, live, dead, left, swlim, 
blck;
+size_t hwsamples, samples, isamp, osamp, wpos, live, dead, left, blck;
+size_t hw_free;
  size_t ret = 0, pos = 0, total = 0;
  
  if (!sw) {

@@ -710,27 +717,28 @@ static size_t audio_pcm_sw_write(SWVoiceOut *sw, void 
*buf, size_t size)
  }
  
  wpos = (sw->hw->mix_buf->pos + live) % hwsamples;

-samples = size / sw->info.bytes_per_frame;
  
  dead = hwsamples - live;

-swlim = ((int64_t) dead << 32) / sw->ratio;
-swlim = MIN (swlim, samples);
-if (swlim) {
-sw->conv (sw->buf, buf, swlim);
+hw_free = audio_pcm_hw_get_free(sw->hw);
+hw_free = hw_free > live ? hw_free - live : 0;
+samples = ((int64_t)MIN(dead, hw_free) << 32) / sw->ratio;
+samples = MIN(samples, size / sw->info.bytes_per_frame);
+if (samples) {
+sw->conv(sw->buf, buf, samples);
  
  if (!sw->hw->pcm_ops->volume_out) {

-mixeng_volume (sw->buf, swlim, >vol);
+mixeng_volume(sw->buf, samples, >vol);
  }
  }
  
-while (swlim) {

+while (samples) {
  dead = hwsamples - live;
  left = hwsamples - wpos;
  blck = MIN (dead, left);
  if (!blck) {
  break;
  }
-isamp = swlim;
+isamp = samples;
  osamp = blck;
  st_rate_flow_mix (
  sw->rate,
@@ -740,7 +748,7 @@ static size_t audio_pcm_sw_write(SWVoiceOut *sw, void *buf, 
size_t size)
  
  );
  ret += isamp;
-swlim -= isamp;
+samples -= isamp;
  pos += isamp;
  live += osamp;
  wpos = (wpos + osamp) % hwsamples;
@@ -1002,6 +1010,11 @@ static size_t audio_get_avail (SWVoiceIn *sw)
  return (((int64_t) live << 32) / sw->ratio) * sw->info.bytes_per_frame;
  }
  
+static size_t audio_sw_bytes_free(SWVoiceOut *sw, size_t free)

+{
+return (((int64_t)free << 32) / sw->ratio) * sw->info.bytes_per_frame;
+}
+
  static size_t audio_get_free(SWVoiceOut *sw)
  {
  size_t live, dead;
@@ -1021,13 +1034,11 @@ static size_t audio_get_free(SWVoiceOut *sw)
  dead = sw->hw->mix_buf->size - live;
  
  #ifdef DEBUG_OUT

-dolog ("%s: get_free live %zu dead %zu ret %" PRId64 "\n",
-   SW_NAME (sw),
-   live, dead, (((int64_t) dead << 32) / sw->ratio) *
-   sw->info.bytes_per_frame);
+dolog("%s: get_free live %zu dead %zu sw_bytes %zu\n",
+  SW_NAME(sw), live, dead, audio_sw_bytes_free(sw, dead));
  #endif
  
-return (((int64_t) dead << 32) / sw->ratio) * sw->info.bytes_per_frame;

+return dead;
  }
  
  static void audio_capture_mix_and_clear(HWVoiceOut *hw, size_t 

Re: [PATCH v3 01/15] audio: replace open-coded buffer arithmetic

[Akihiko Odaki]

Reviewed-by: Akihiko Odaki 

On 2022/03/02 4:12, Volker Rümelin wrote:

Replace open-coded buffer arithmetic with the new function
audio_ring_posb(). That's the position in backward direction
of a given point at a given distance.

Signed-off-by: Volker Rümelin 
---
  audio/audio.c | 25 +++--
  audio/audio_int.h | 13 +
  audio/coreaudio.c | 10 --
  audio/sdlaudio.c  | 11 +--
  4 files changed, 29 insertions(+), 30 deletions(-)

diff --git a/audio/audio.c b/audio/audio.c
index dc28685d22..e7a139e289 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -574,19 +574,13 @@ static size_t audio_pcm_sw_get_rpos_in(SWVoiceIn *sw)
  {
  HWVoiceIn *hw = sw->hw;
  ssize_t live = hw->total_samples_captured - sw->total_hw_samples_acquired;
-ssize_t rpos;
  
  if (audio_bug(__func__, live < 0 || live > hw->conv_buf->size)) {

  dolog("live=%zu hw->conv_buf->size=%zu\n", live, hw->conv_buf->size);
  return 0;
  }
  
-rpos = hw->conv_buf->pos - live;

-if (rpos >= 0) {
-return rpos;
-} else {
-return hw->conv_buf->size + rpos;
-}
+return audio_ring_posb(hw->conv_buf->pos, live, hw->conv_buf->size);
  }
  
  static size_t audio_pcm_sw_read(SWVoiceIn *sw, void *buf, size_t size)

@@ -1394,12 +1388,10 @@ void audio_generic_run_buffer_in(HWVoiceIn *hw)
  
  void *audio_generic_get_buffer_in(HWVoiceIn *hw, size_t *size)

  {
-ssize_t start = (ssize_t)hw->pos_emul - hw->pending_emul;
+size_t start;
  
-if (start < 0) {

-start += hw->size_emul;
-}
-assert(start >= 0 && start < hw->size_emul);
+start = audio_ring_posb(hw->pos_emul, hw->pending_emul, hw->size_emul);
+assert(start < hw->size_emul);
  
  *size = MIN(*size, hw->pending_emul);

  *size = MIN(*size, hw->size_emul - start);
@@ -1415,13 +1407,10 @@ void audio_generic_put_buffer_in(HWVoiceIn *hw, void 
*buf, size_t size)
  void audio_generic_run_buffer_out(HWVoiceOut *hw)
  {
  while (hw->pending_emul) {
-size_t write_len, written;
-ssize_t start = ((ssize_t) hw->pos_emul) - hw->pending_emul;
+size_t write_len, written, start;
  
-if (start < 0) {

-start += hw->size_emul;
-}
-assert(start >= 0 && start < hw->size_emul);
+start = audio_ring_posb(hw->pos_emul, hw->pending_emul, hw->size_emul);
+assert(start < hw->size_emul);
  
  write_len = MIN(hw->pending_emul, hw->size_emul - start);
  
diff --git a/audio/audio_int.h b/audio/audio_int.h

index 428a091d05..71be162271 100644
--- a/audio/audio_int.h
+++ b/audio/audio_int.h
@@ -266,6 +266,19 @@ static inline size_t audio_ring_dist(size_t dst, size_t 
src, size_t len)
  return (dst >= src) ? (dst - src) : (len - src + dst);
  }
  
+/**

+ * audio_ring_posb() - returns new position in ringbuffer in backward
+ * direction at given distance
+ *
+ * @pos: current position in ringbuffer
+ * @dist: distance in ringbuffer to walk in reverse direction
+ * @len: size of ringbuffer
+ */
+static inline size_t audio_ring_posb(size_t pos, size_t dist, size_t len)
+{
+return pos >= dist ? pos - dist : len - dist + pos;
+}
+
  #define dolog(fmt, ...) AUD_log(AUDIO_CAP, fmt, ## __VA_ARGS__)
  
  #ifdef DEBUG

diff --git a/audio/coreaudio.c b/audio/coreaudio.c
index d8a21d3e50..1fdd1d4b14 100644
--- a/audio/coreaudio.c
+++ b/audio/coreaudio.c
@@ -333,12 +333,10 @@ static OSStatus audioDeviceIOProc(
  
  len = frameCount * hw->info.bytes_per_frame;

  while (len) {
-size_t write_len;
-ssize_t start = ((ssize_t) hw->pos_emul) - hw->pending_emul;
-if (start < 0) {
-start += hw->size_emul;
-}
-assert(start >= 0 && start < hw->size_emul);
+size_t write_len, start;
+
+start = audio_ring_posb(hw->pos_emul, hw->pending_emul, hw->size_emul);
+assert(start < hw->size_emul);
  
  write_len = MIN(MIN(hw->pending_emul, len),

  hw->size_emul - start);
diff --git a/audio/sdlaudio.c b/audio/sdlaudio.c
index c68c62a3e4..d6f3aa1a9a 100644
--- a/audio/sdlaudio.c
+++ b/audio/sdlaudio.c
@@ -224,12 +224,11 @@ static void sdl_callback_out(void *opaque, Uint8 *buf, 
int len)
  /* dolog("callback_out: len=%d avail=%zu\n", len, hw->pending_emul); 
*/
  
  while (hw->pending_emul && len) {

-size_t write_len;
-ssize_t start = (ssize_t)hw->pos_emul - hw->pending_emul;
-if (start < 0) {
-start += hw->size_emul;
-}
-assert(start >= 0 && start < hw->size_emul);
+size_t write_len, start;
+
+start = audio_ring_posb(hw->pos_emul, hw->pending_emul,
+hw->size_emul);
+assert(start < hw->size_emul);
  
  write_len = MIN(MIN(hw->pending_emul, len),

  hw->size_emul - start)

Re: propagating vmgenid outward and upward

[Jason A. Donenfeld]

On Tue, Mar 1, 2022 at 8:41 PM Greg KH  wrote:
>
> On Tue, Mar 01, 2022 at 07:24:11PM +0100, Jason A. Donenfeld wrote:
> > Hi Greg,
> >
> > On Tue, Mar 1, 2022 at 7:01 PM Greg KH  wrote:
> > > A notifier block like this makes sense, but why tie onto the PM_ stuff?
> > > This isn't power management issues, it's a system-wide change that I am
> > > sure others will want to know about that doesn't reflect any power
> > > changes.
> > >
> > > As much as I hate adding new notifiers in the kernel, that might be all
> > > you need here.
> >
> > You might indeed be right. I guess I was thinking that "resuming from
> > suspend" and "resuming from a VM fork" are kind of the same thing.
> > There _is_ a certain kind of similarity between the two. I was hoping
> > if the similarity was a strong enough one, maybe it'd make sense to do
> > them together rather than adding another notifier. But I suppose you
> > disagree, and it sounds like Rafael might too --
> > .
>
> Hey, nice, we agree!  :)

It is now done and posted here:
https://lore.kernel.org/lkml/20220301231038.530897-1-ja...@zx2c4.com/

Jason

[PATCH RESEND 2/2] hw/riscv/sifive_u: Resolve redundant property accessors

[Bernhard Beschow]

The QOM API already provides accessors for uint32 values, so reuse them.

Signed-off-by: Bernhard Beschow 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/riscv/sifive_u.c | 24 
 1 file changed, 4 insertions(+), 20 deletions(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 7fbc7dea42..747eb4ee89 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -713,36 +713,20 @@ static void sifive_u_machine_set_start_in_flash(Object 
*obj, bool value, Error *
 s->start_in_flash = value;
 }
 
-static void sifive_u_machine_get_uint32_prop(Object *obj, Visitor *v,
- const char *name, void *opaque,
- Error **errp)
-{
-visit_type_uint32(v, name, (uint32_t *)opaque, errp);
-}
-
-static void sifive_u_machine_set_uint32_prop(Object *obj, Visitor *v,
- const char *name, void *opaque,
- Error **errp)
-{
-visit_type_uint32(v, name, (uint32_t *)opaque, errp);
-}
-
 static void sifive_u_machine_instance_init(Object *obj)
 {
 SiFiveUState *s = RISCV_U_MACHINE(obj);
 
 s->start_in_flash = false;
 s->msel = 0;
-object_property_add(obj, "msel", "uint32",
-sifive_u_machine_get_uint32_prop,
-sifive_u_machine_set_uint32_prop, NULL, >msel);
+object_property_add_uint32_ptr(obj, "msel", >msel,
+   OBJ_PROP_FLAG_READWRITE);
 object_property_set_description(obj, "msel",
 "Mode Select (MSEL[3:0]) pin state");
 
 s->serial = OTP_SERIAL;
-object_property_add(obj, "serial", "uint32",
-sifive_u_machine_get_uint32_prop,
-sifive_u_machine_set_uint32_prop, NULL, >serial);
+object_property_add_uint32_ptr(obj, "serial", >serial,
+   OBJ_PROP_FLAG_READWRITE);
 object_property_set_description(obj, "serial", "Board serial number");
 }
 
-- 
2.35.1

[PATCH RESEND 1/2] hw/vfio/pci-quirks: Resolve redundant property getters

[Bernhard Beschow]

The QOM API already provides getters for uint64 and uint32 values, so reuse
them.

Signed-off-by: Bernhard Beschow 
Reviewed-by: Alistair Francis 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/vfio/pci-quirks.c | 34 +-
 1 file changed, 9 insertions(+), 25 deletions(-)

diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c
index 0cf69a8c6d..f0147a050a 100644
--- a/hw/vfio/pci-quirks.c
+++ b/hw/vfio/pci-quirks.c
@@ -1565,22 +1565,6 @@ static int vfio_add_nv_gpudirect_cap(VFIOPCIDevice 
*vdev, Error **errp)
 return 0;
 }
 
-static void vfio_pci_nvlink2_get_tgt(Object *obj, Visitor *v,
- const char *name,
- void *opaque, Error **errp)
-{
-uint64_t tgt = (uintptr_t) opaque;
-visit_type_uint64(v, name, , errp);
-}
-
-static void vfio_pci_nvlink2_get_link_speed(Object *obj, Visitor *v,
- const char *name,
- void *opaque, Error **errp)
-{
-uint32_t link_speed = (uint32_t)(uintptr_t) opaque;
-visit_type_uint32(v, name, _speed, errp);
-}
-
 int vfio_pci_nvidia_v100_ram_init(VFIOPCIDevice *vdev, Error **errp)
 {
 int ret;
@@ -1618,9 +1602,9 @@ int vfio_pci_nvidia_v100_ram_init(VFIOPCIDevice *vdev, 
Error **errp)
nv2reg->size, p);
 QLIST_INSERT_HEAD(>bars[0].quirks, quirk, next);
 
-object_property_add(OBJECT(vdev), "nvlink2-tgt", "uint64",
-vfio_pci_nvlink2_get_tgt, NULL, NULL,
-(void *) (uintptr_t) cap->tgt);
+object_property_add_uint64_ptr(OBJECT(vdev), "nvlink2-tgt",
+   (uint64_t *) >tgt,
+   OBJ_PROP_FLAG_READ);
 trace_vfio_pci_nvidia_gpu_setup_quirk(vdev->vbasedev.name, cap->tgt,
   nv2reg->size);
 free_exit:
@@ -1679,15 +1663,15 @@ int vfio_pci_nvlink2_init(VFIOPCIDevice *vdev, Error 
**errp)
 QLIST_INSERT_HEAD(>bars[0].quirks, quirk, next);
 }
 
-object_property_add(OBJECT(vdev), "nvlink2-tgt", "uint64",
-vfio_pci_nvlink2_get_tgt, NULL, NULL,
-(void *) (uintptr_t) captgt->tgt);
+object_property_add_uint64_ptr(OBJECT(vdev), "nvlink2-tgt",
+   (uint64_t *) >tgt,
+   OBJ_PROP_FLAG_READ);
 trace_vfio_pci_nvlink2_setup_quirk_ssatgt(vdev->vbasedev.name, captgt->tgt,
   atsdreg->size);
 
-object_property_add(OBJECT(vdev), "nvlink2-link-speed", "uint32",
-vfio_pci_nvlink2_get_link_speed, NULL, NULL,
-(void *) (uintptr_t) capspeed->link_speed);
+object_property_add_uint32_ptr(OBJECT(vdev), "nvlink2-link-speed",
+   >link_speed,
+   OBJ_PROP_FLAG_READ);
 trace_vfio_pci_nvlink2_setup_quirk_lnkspd(vdev->vbasedev.name,
   capspeed->link_speed);
 free_exit:
-- 
2.35.1

[PATCH RESEND 0/2] Resolve some redundant property accessors

[Bernhard Beschow]

No changes. Just also CC'ed to qemu-trivial.

The QOM API already provides appropriate accessors, so reuse them.

Testing done:

  :$ make check
  Ok: 570
  Expected Fail:  0
  Fail:   0
  Unexpected Pass:0
  Skipped:178
  Timeout:0


Bernhard Beschow (2):
  hw/vfio/pci-quirks: Resolve redundant property getters
  hw/riscv/sifive_u: Resolve redundant property accessors

 hw/riscv/sifive_u.c  | 24 
 hw/vfio/pci-quirks.c | 34 +-
 2 files changed, 13 insertions(+), 45 deletions(-)

-- 
2.35.1

Re: [PATCH RESEND] virtio/virtio-balloon: Prefer Object* over void* parameter

[Bernhard Beschow]

Am 1. März 2022 22:23:00 UTC schrieb Bernhard Beschow :
>*opaque is an alias to *obj. Using the ladder makes the code consistent with
>with other devices, e.g. accel/kvm/kvm-all and accel/tcg/tcg-all. It also
>makes the cast more typesafe.
>
>Signed-off-by: Bernhard Beschow 
>Reviewed-by: David Hildenbrand 
>---
> hw/virtio/virtio-balloon.c | 10 +-
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
>diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
>index e6c1b0aa46..163d244eb4 100644
>--- a/hw/virtio/virtio-balloon.c
>+++ b/hw/virtio/virtio-balloon.c
>@@ -242,7 +242,7 @@ static void balloon_stats_get_all(Object *obj, Visitor *v, 
>const char *name,
>   void *opaque, Error **errp)
> {
> Error *err = NULL;
>-VirtIOBalloon *s = opaque;
>+VirtIOBalloon *s = VIRTIO_BALLOON(obj);
> int i;
> 
> if (!visit_start_struct(v, name, NULL, 0, )) {
>@@ -277,7 +277,7 @@ static void balloon_stats_get_poll_interval(Object *obj, 
>Visitor *v,
> const char *name, void *opaque,
> Error **errp)
> {
>-VirtIOBalloon *s = opaque;
>+VirtIOBalloon *s = VIRTIO_BALLOON(obj);
> visit_type_int(v, name, >stats_poll_interval, errp);
> }
> 
>@@ -285,7 +285,7 @@ static void balloon_stats_set_poll_interval(Object *obj, 
>Visitor *v,
> const char *name, void *opaque,
> Error **errp)
> {
>-VirtIOBalloon *s = opaque;
>+VirtIOBalloon *s = VIRTIO_BALLOON(obj);
> int64_t value;
> 
> if (!visit_type_int(v, name, , errp)) {
>@@ -1015,12 +1015,12 @@ static void virtio_balloon_instance_init(Object *obj)
> s->free_page_hint_notify.notify = virtio_balloon_free_page_hint_notify;
> 
> object_property_add(obj, "guest-stats", "guest statistics",
>-balloon_stats_get_all, NULL, NULL, s);
>+balloon_stats_get_all, NULL, NULL, NULL);
> 
> object_property_add(obj, "guest-stats-polling-interval", "int",
> balloon_stats_get_poll_interval,
> balloon_stats_set_poll_interval,
>-NULL, s);
>+NULL, NULL);
> }
> 
> static const VMStateDescription vmstate_virtio_balloon = {

No changes. Just also CC'ed to qemu-trivial.

Re: [PATCH v4 15/18] target/arm: Advertise all page sizes for -cpu max

[Peter Maydell]

On Tue, 1 Mar 2022 at 22:00, Richard Henderson
 wrote:
>
> We support 16k pages, but do not advertize that in ID_AA64MMFR0.
>
> The value 0 in the TGRAN*_2 fields indicates that stage2 lookups defer
> to the same support as stage1 lookups.  This setting is deprecated, so
> indicate support for all stage2 page sizes directly.
>
> Signed-off-by: Richard Henderson 
> ---
>  target/arm/cpu64.c | 4 
>  1 file changed, 4 insertions(+)
>
> diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
> index d88662cef6..2fdc16bf18 100644
> --- a/target/arm/cpu64.c
> +++ b/target/arm/cpu64.c
> @@ -796,6 +796,10 @@ static void aarch64_max_initfn(Object *obj)
>
>  t = cpu->isar.id_aa64mmfr0;
>  t = FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 6); /* FEAT_LPA: 52 bits */
> +t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN16, 1);   /* 16k pages supported */
> +t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN16_2, 2); /* 16k stage2 supported */
> +t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN64_2, 2); /* 64k stage2 supported */
> +t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN4_2, 2);  /*  4k stage2 supported */
>  cpu->isar.id_aa64mmfr0 = t;
>
>  t = cpu->isar.id_aa64mmfr1;

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [PATCH 03/17] target/ppc: Move 40x CPUs code to their own file

[BALATON Zoltan]

On Tue, 1 Mar 2022, Fabiano Rosas wrote:

Affects the 405 CPU.

This moves init_proc, init_excp and register_*sprs functions that are
related to the 40x CPUs (currently only 405) into a separate file.

Signed-off-by: Fabiano Rosas 
---
target/ppc/cpu_40x.c   | 263 +
target/ppc/cpu_init.c  | 250 ---
target/ppc/meson.build |   1 +
3 files changed, 264 insertions(+), 250 deletions(-)
create mode 100644 target/ppc/cpu_40x.c

diff --git a/target/ppc/cpu_40x.c b/target/ppc/cpu_40x.c
new file mode 100644
index 00..4ed2cbc305
--- /dev/null
+++ b/target/ppc/cpu_40x.c
@@ -0,0 +1,263 @@
+/*
+ * CPU initialization for PowerPC 40x CPUs
+ *
+ *  Copyright IBM Corp. 2022


I think you can't replace the copyright when moving code. You have to 
retain the original header and maybe you can add your own if you change or 
rewrite it. You can only drop old copyright it you've completely replaced 
the content.


Regards,
BALATON Zoltan


+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/ppc/ppc.h"
+#include "cpu.h"
+#include "spr_common.h"
+
+/* SPR shared between PowerPC 40x implementations */
+static void register_40x_sprs(CPUPPCState *env)
+{
+/* Cache */
+/* not emulated, as QEMU do not emulate caches */
+spr_register(env, SPR_40x_DCCR, "DCCR",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_generic, _write_generic,
+ 0x);
+/* not emulated, as QEMU do not emulate caches */
+spr_register(env, SPR_40x_ICCR, "ICCR",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_generic, _write_generic,
+ 0x);
+/* not emulated, as QEMU do not emulate caches */
+spr_register(env, SPR_BOOKE_ICDBDR, "ICDBDR",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_generic, SPR_NOACCESS,
+ 0x);
+/* Exception */
+spr_register(env, SPR_40x_DEAR, "DEAR",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_generic, _write_generic,
+ 0x);
+spr_register(env, SPR_40x_ESR, "ESR",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_generic, _write_generic,
+ 0x);
+spr_register(env, SPR_40x_EVPR, "EVPR",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_generic, _write_excp_prefix,
+ 0x);
+spr_register(env, SPR_40x_SRR2, "SRR2",
+ _read_generic, _write_generic,
+ _read_generic, _write_generic,
+ 0x);
+spr_register(env, SPR_40x_SRR3, "SRR3",
+ _read_generic, _write_generic,
+ _read_generic, _write_generic,
+ 0x);
+/* Timers */
+spr_register(env, SPR_40x_PIT, "PIT",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_40x_pit, _write_40x_pit,
+ 0x);
+spr_register(env, SPR_40x_TCR, "TCR",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_generic, _write_40x_tcr,
+ 0x);
+spr_register(env, SPR_40x_TSR, "TSR",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_generic, _write_40x_tsr,
+ 0x);
+}
+
+/* SPR specific to PowerPC 405 implementation */
+static void register_405_sprs(CPUPPCState *env)
+{
+/* MMU */
+spr_register(env, SPR_40x_PID, "PID",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_generic, _write_40x_pid,
+ 0x);
+spr_register(env, SPR_4xx_CCR0, "CCR0",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_generic, _write_generic,
+ 0x0070);
+/* Debug interface */
+spr_register(env, SPR_40x_DBCR0, "DBCR0",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_generic, _write_40x_dbcr0,
+ 0x);
+
+spr_register(env, SPR_405_DBCR1, "DBCR1",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_generic, _write_generic,
+ 0x);
+
+spr_register(env, SPR_40x_DBSR, "DBSR",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_generic, _write_clear,
+ /* Last reset was system reset */
+ 0x0300);
+
+spr_register(env, SPR_40x_DAC1, "DAC1",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_generic, _write_generic,
+ 0x);
+spr_register(env, SPR_40x_DAC2, "DAC2",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_generic, _write_generic,
+ 0x);
+
+spr_register(env, SPR_405_DVC1, "DVC1",
+ SPR_NOACCESS, SPR_NOACCESS,
+ _read_generic, 

Re: [PATCH v2 00/22] isa: Resolve unneeded IRQ attributes from ISADevice

[Bernhard Beschow]

Am 1. März 2022 12:04:24 UTC schrieb "Philippe Mathieu-Daudé" 
:
>On 27/2/22 23:40, Philippe Mathieu-Daudé wrote:
>> On 22/2/22 20:34, Bernhard Beschow wrote:
>>> v2:
>>> The newly QOM'ified devices now report an error to the user in their 
>>> realize
>>> functions if the configured IRQ number is greater than 15.
>>>
>>> v1:
>>> The IRQ attributes of ISADevice are hardcoded to support up to two 
>>> IRQs per
>>> device which creates an artificial limit. By not having the attributes 
>>> in the
>>> first place, this limitation can be avoided altogether.
>>>
>>> The IRQ attributes are mostly used for printing ('info qtree') and 
>>> there is one
>>> user, hw/ppc/pnv, to use the attributes directly. As it turns out, the 
>>> printing
>>> is redundant if the IRQ numbers are exposed as QOM properties and 
>>> hw/ppc/pnv
>>> can be easily ported away.
>>>
>>> The patch series is structured as follows: Patch 1-3 QOM'ify the last 
>>> devices
>>> which rely on printing their IRQ numbers via the ISADevice attributes. 
>>> Patch
>>> 4 and 5 remove the last users of the ISADevice attributes such that 
>>> they can be
>>> removed in patch 6. The remainder of the patch series is cleanup.
>>>
>>> Patch 6 turns isa_init_irq() into a trivial wrapper for isa_get_irq(). 
>>> That is,
>>> the former function becomes redundant. All users are therefore 
>>> converted to use
>>> isa_get_irq() directly. Finally, the last patch removes the now unused
>>> isa_init_irq().
>>>
>>>
>>> Bernhard Beschow (22):
>>>    hw/rtc/mc146818rtc: QOM'ify IRQ number
>>>    hw/rtc/m48t59-isa: QOM'ify IRQ number
>>>    hw/input/pckbd: QOM'ify IRQ numbers
>>>    hw/isa/isa-bus: Remove isabus_dev_print()
>>>    hw/ppc/pnv: Determine ns16550's IRQ number from QOM property
>>>    isa: Drop unused attributes from ISADevice
>>>    hw/audio/cs4231a: Disuse isa_init_irq()
>>>    hw/audio/gus: Disuse isa_init_irq()
>>>    hw/audio/sb16: Disuse isa_init_irq()
>>>    hw/block/fdc-isa: Disuse isa_init_irq()
>>>    hw/char/parallel: Disuse isa_init_irq()
>>>    hw/char/serial-isa: Disuse isa_init_irq()
>>>    hw/ide/isa: Disuse isa_init_irq()
>>>    hw/input/pckbd: Disuse isa_init_irq()
>>>    hw/ipmi/isa_ipmi_bt: Disuse isa_init_irq()
>>>    hw/ipmi/isa_ipmi_kcs: Disuse isa_init_irq()
>>>    hw/isa/piix4: Disuse isa_init_irq()
>>>    hw/net/ne2000-isa: Disuse isa_init_irq()
>>>    hw/rtc/m48t59-isa: Disuse isa_init_irq()
>>>    hw/tpm/tpm_tis_isa: Disuse isa_init_irq()
>>>    hw/isa/isa-bus: Disuse isa_init_irq()
>>>    isa: Remove unused isa_init_irq()
>> 
>> Series:
>> Tested-by: Philippe Mathieu-Daudé 
>
>If you can address the few comments, I'll queue the v3 via the
>MIPS tree.

[X] Done

Thank you!

Bernhard
>
>Thanks,
>
>Phil.

[PATCH RESEND] virtio/virtio-balloon: Prefer Object* over void* parameter

[Bernhard Beschow]

*opaque is an alias to *obj. Using the ladder makes the code consistent with
with other devices, e.g. accel/kvm/kvm-all and accel/tcg/tcg-all. It also
makes the cast more typesafe.

Signed-off-by: Bernhard Beschow 
Reviewed-by: David Hildenbrand 
---
 hw/virtio/virtio-balloon.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index e6c1b0aa46..163d244eb4 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -242,7 +242,7 @@ static void balloon_stats_get_all(Object *obj, Visitor *v, 
const char *name,
   void *opaque, Error **errp)
 {
 Error *err = NULL;
-VirtIOBalloon *s = opaque;
+VirtIOBalloon *s = VIRTIO_BALLOON(obj);
 int i;
 
 if (!visit_start_struct(v, name, NULL, 0, )) {
@@ -277,7 +277,7 @@ static void balloon_stats_get_poll_interval(Object *obj, 
Visitor *v,
 const char *name, void *opaque,
 Error **errp)
 {
-VirtIOBalloon *s = opaque;
+VirtIOBalloon *s = VIRTIO_BALLOON(obj);
 visit_type_int(v, name, >stats_poll_interval, errp);
 }
 
@@ -285,7 +285,7 @@ static void balloon_stats_set_poll_interval(Object *obj, 
Visitor *v,
 const char *name, void *opaque,
 Error **errp)
 {
-VirtIOBalloon *s = opaque;
+VirtIOBalloon *s = VIRTIO_BALLOON(obj);
 int64_t value;
 
 if (!visit_type_int(v, name, , errp)) {
@@ -1015,12 +1015,12 @@ static void virtio_balloon_instance_init(Object *obj)
 s->free_page_hint_notify.notify = virtio_balloon_free_page_hint_notify;
 
 object_property_add(obj, "guest-stats", "guest statistics",
-balloon_stats_get_all, NULL, NULL, s);
+balloon_stats_get_all, NULL, NULL, NULL);
 
 object_property_add(obj, "guest-stats-polling-interval", "int",
 balloon_stats_get_poll_interval,
 balloon_stats_set_poll_interval,
-NULL, s);
+NULL, NULL);
 }
 
 static const VMStateDescription vmstate_virtio_balloon = {
-- 
2.35.1

[PATCH v3 6/7] isa: Drop unused attributes from ISADevice

[Bernhard Beschow]

Now that the last users of ISADevice::isairq[] have been resolved during the
previous commits, it can be removed for good.

Signed-off-by: Bernhard Beschow 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/isa/isa-bus.c | 13 -
 include/hw/isa/isa.h |  2 --
 2 files changed, 15 deletions(-)

diff --git a/hw/isa/isa-bus.c b/hw/isa/isa-bus.c
index af5add6a26..c64a14120b 100644
--- a/hw/isa/isa-bus.c
+++ b/hw/isa/isa-bus.c
@@ -87,11 +87,7 @@ qemu_irq isa_get_irq(ISADevice *dev, unsigned isairq)
 
 void isa_init_irq(ISADevice *dev, qemu_irq *p, unsigned isairq)
 {
-assert(dev->nirqs < ARRAY_SIZE(dev->isairq));
-assert(isairq < ISA_NUM_IRQS);
-dev->isairq[dev->nirqs] = isairq;
 *p = isa_get_irq(dev, isairq);
-dev->nirqs++;
 }
 
 void isa_connect_gpio_out(ISADevice *isadev, int gpioirq, unsigned isairq)
@@ -150,14 +146,6 @@ int isa_register_portio_list(ISADevice *dev,
 return 0;
 }
 
-static void isa_device_init(Object *obj)
-{
-ISADevice *dev = ISA_DEVICE(obj);
-
-dev->isairq[0] = -1;
-dev->isairq[1] = -1;
-}
-
 ISADevice *isa_new(const char *name)
 {
 return ISA_DEVICE(qdev_new(name));
@@ -244,7 +232,6 @@ static const TypeInfo isa_device_type_info = {
 .name = TYPE_ISA_DEVICE,
 .parent = TYPE_DEVICE,
 .instance_size = sizeof(ISADevice),
-.instance_init = isa_device_init,
 .abstract = true,
 .class_size = sizeof(ISADeviceClass),
 .class_init = isa_device_class_init,
diff --git a/include/hw/isa/isa.h b/include/hw/isa/isa.h
index d4417b34b6..d80cab5b79 100644
--- a/include/hw/isa/isa.h
+++ b/include/hw/isa/isa.h
@@ -83,8 +83,6 @@ struct ISADevice {
 DeviceState parent_obj;
 /*< public >*/
 
-int8_t isairq[2];  /* -1 = unassigned */
-int nirqs;
 int ioport_id;
 };
 
-- 
2.35.1

[PATCH v3 4/7] hw/isa/isa-bus: Remove isabus_dev_print()

[Bernhard Beschow]

All isabus_dev_print() did was to print up to two IRQ numbers per
device. This is redundant if the IRQ numbers are present as QOM
properties (see e.g. the modified tests/qemu-iotests/172.out).

Now that the last devices relying on isabus_dev_print() had their IRQ
numbers QOM'ified, the contribution of this function ultimately became
redundant. Remove it.

Signed-off-by: Bernhard Beschow 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/isa/isa-bus.c   | 16 
 tests/qemu-iotests/172.out | 26 --
 2 files changed, 42 deletions(-)

diff --git a/hw/isa/isa-bus.c b/hw/isa/isa-bus.c
index 6c31398dda..af5add6a26 100644
--- a/hw/isa/isa-bus.c
+++ b/hw/isa/isa-bus.c
@@ -21,21 +21,18 @@
 #include "qemu/error-report.h"
 #include "qemu/module.h"
 #include "qapi/error.h"
-#include "monitor/monitor.h"
 #include "hw/sysbus.h"
 #include "sysemu/sysemu.h"
 #include "hw/isa/isa.h"
 
 static ISABus *isabus;
 
-static void isabus_dev_print(Monitor *mon, DeviceState *dev, int indent);
 static char *isabus_get_fw_dev_path(DeviceState *dev);
 
 static void isa_bus_class_init(ObjectClass *klass, void *data)
 {
 BusClass *k = BUS_CLASS(klass);
 
-k->print_dev = isabus_dev_print;
 k->get_fw_dev_path = isabus_get_fw_dev_path;
 }
 
@@ -222,19 +219,6 @@ void isa_build_aml(ISABus *bus, Aml *scope)
 }
 }
 
-static void isabus_dev_print(Monitor *mon, DeviceState *dev, int indent)
-{
-ISADevice *d = ISA_DEVICE(dev);
-
-if (d->isairq[1] != -1) {
-monitor_printf(mon, "%*sisa irqs %d,%d\n", indent, "",
-   d->isairq[0], d->isairq[1]);
-} else if (d->isairq[0] != -1) {
-monitor_printf(mon, "%*sisa irq %d\n", indent, "",
-   d->isairq[0]);
-}
-}
-
 static void isabus_bridge_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
diff --git a/tests/qemu-iotests/172.out b/tests/qemu-iotests/172.out
index 4cf4d536b4..9479b92185 100644
--- a/tests/qemu-iotests/172.out
+++ b/tests/qemu-iotests/172.out
@@ -15,7 +15,6 @@ Testing:
 fdtypeA = "auto"
 fdtypeB = "auto"
 fallback = "288"
-isa irq 6
 bus: floppy-bus.0
   type floppy-bus
   dev: floppy, id ""
@@ -43,7 +42,6 @@ Testing: -fda TEST_DIR/t.qcow2
 fdtypeA = "auto"
 fdtypeB = "auto"
 fallback = "288"
-isa irq 6
 bus: floppy-bus.0
   type floppy-bus
   dev: floppy, id ""
@@ -81,7 +79,6 @@ Testing: -fdb TEST_DIR/t.qcow2
 fdtypeA = "auto"
 fdtypeB = "auto"
 fallback = "288"
-isa irq 6
 bus: floppy-bus.0
   type floppy-bus
   dev: floppy, id ""
@@ -135,7 +132,6 @@ Testing: -fda TEST_DIR/t.qcow2 -fdb TEST_DIR/t.qcow2.2
 fdtypeA = "auto"
 fdtypeB = "auto"
 fallback = "288"
-isa irq 6
 bus: floppy-bus.0
   type floppy-bus
   dev: floppy, id ""
@@ -190,7 +186,6 @@ Testing: -fdb
 fdtypeA = "auto"
 fdtypeB = "auto"
 fallback = "288"
-isa irq 6
 bus: floppy-bus.0
   type floppy-bus
   dev: floppy, id ""
@@ -230,7 +225,6 @@ Testing: -drive if=floppy,file=TEST_DIR/t.qcow2
 fdtypeA = "auto"
 fdtypeB = "auto"
 fallback = "288"
-isa irq 6
 bus: floppy-bus.0
   type floppy-bus
   dev: floppy, id ""
@@ -268,7 +262,6 @@ Testing: -drive if=floppy,file=TEST_DIR/t.qcow2,index=1
 fdtypeA = "auto"
 fdtypeB = "auto"
 fallback = "288"
-isa irq 6
 bus: floppy-bus.0
   type floppy-bus
   dev: floppy, id ""
@@ -322,7 +315,6 @@ Testing: -drive if=floppy,file=TEST_DIR/t.qcow2 -drive 
if=floppy,file=TEST_DIR/t
 fdtypeA = "auto"
 fdtypeB = "auto"
 fallback = "288"
-isa irq 6
 bus: floppy-bus.0
   type floppy-bus
   dev: floppy, id ""
@@ -380,7 +372,6 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -device 
floppy,drive=none0
 fdtypeA = "auto"
 fdtypeB = "auto"
 fallback = "288"
-isa irq 6
 bus: floppy-bus.0
   type floppy-bus
   dev: floppy, id ""
@@ -418,7 +409,6 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -device 
floppy,drive=none0,unit=1
 fdtypeA = "auto"
 fdtypeB = "auto"
 fallback = "288"
-isa irq 6
 bus: floppy-bus.0
   type floppy-bus
   dev: floppy, id ""
@@ -456,7 +446,6 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive 
if=none,file=TEST_DIR/t.qco
 fdtypeA = "auto"
 fdtypeB = "auto"
 

[PATCH v3 7/7] isa: Inline and remove one-line isa_init_irq()

[Bernhard Beschow]

isa_init_irq() has become a trivial one-line wrapper for isa_get_irq().
It can therefore be removed.

Signed-off-by: Bernhard Beschow 
Reviewed-by: Stefan Berger  (tpm_tis_isa)
Acked-by: Corey Minyard  (isa_ipmi_bt,
isa_ipmi_kcs)
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/audio/cs4231a.c | 2 +-
 hw/audio/gus.c | 2 +-
 hw/audio/sb16.c| 2 +-
 hw/block/fdc-isa.c | 2 +-
 hw/char/parallel.c | 2 +-
 hw/char/serial-isa.c   | 2 +-
 hw/ide/isa.c   | 2 +-
 hw/input/pckbd.c   | 4 ++--
 hw/ipmi/isa_ipmi_bt.c  | 2 +-
 hw/ipmi/isa_ipmi_kcs.c | 2 +-
 hw/isa/isa-bus.c   | 8 +---
 hw/isa/piix4.c | 2 +-
 hw/net/ne2000-isa.c| 2 +-
 hw/rtc/m48t59-isa.c| 2 +-
 hw/tpm/tpm_tis_isa.c   | 2 +-
 include/hw/isa/isa.h   | 1 -
 16 files changed, 16 insertions(+), 23 deletions(-)

diff --git a/hw/audio/cs4231a.c b/hw/audio/cs4231a.c
index 7d60ce6f0e..0723e39430 100644
--- a/hw/audio/cs4231a.c
+++ b/hw/audio/cs4231a.c
@@ -677,7 +677,7 @@ static void cs4231a_realizefn (DeviceState *dev, Error 
**errp)
 return;
 }
 
-isa_init_irq(d, >pic, s->irq);
+s->pic = isa_get_irq(d, s->irq);
 k = ISADMA_GET_CLASS(s->isa_dma);
 k->register_channel(s->isa_dma, s->dma, cs_dma_read, s);
 
diff --git a/hw/audio/gus.c b/hw/audio/gus.c
index e8719ee117..42f010b671 100644
--- a/hw/audio/gus.c
+++ b/hw/audio/gus.c
@@ -282,7 +282,7 @@ static void gus_realizefn (DeviceState *dev, Error **errp)
 s->emu.himemaddr = s->himem;
 s->emu.gusdatapos = s->emu.himemaddr + 1024 * 1024 + 32;
 s->emu.opaque = s;
-isa_init_irq (d, >pic, s->emu.gusirq);
+s->pic = isa_get_irq(d, s->emu.gusirq);
 
 AUD_set_active_out (s->voice, 1);
 }
diff --git a/hw/audio/sb16.c b/hw/audio/sb16.c
index 60f1f75e3a..2215386ddb 100644
--- a/hw/audio/sb16.c
+++ b/hw/audio/sb16.c
@@ -1408,7 +1408,7 @@ static void sb16_realizefn (DeviceState *dev, Error 
**errp)
 return;
 }
 
-isa_init_irq (isadev, >pic, s->irq);
+s->pic = isa_get_irq(isadev, s->irq);
 
 s->mixer_regs[0x80] = magic_of_irq (s->irq);
 s->mixer_regs[0x81] = (1 << s->dma) | (1 << s->hdma);
diff --git a/hw/block/fdc-isa.c b/hw/block/fdc-isa.c
index ab663dce93..fa20450747 100644
--- a/hw/block/fdc-isa.c
+++ b/hw/block/fdc-isa.c
@@ -94,7 +94,7 @@ static void isabus_fdc_realize(DeviceState *dev, Error **errp)
  isa->iobase, fdc_portio_list, fdctrl,
  "fdc");
 
-isa_init_irq(isadev, >irq, isa->irq);
+fdctrl->irq = isa_get_irq(isadev, isa->irq);
 fdctrl->dma_chann = isa->dma;
 if (fdctrl->dma_chann != -1) {
 IsaDmaClass *k;
diff --git a/hw/char/parallel.c b/hw/char/parallel.c
index b45e67bfbb..adb9bd9be3 100644
--- a/hw/char/parallel.c
+++ b/hw/char/parallel.c
@@ -553,7 +553,7 @@ static void parallel_isa_realizefn(DeviceState *dev, Error 
**errp)
 index++;
 
 base = isa->iobase;
-isa_init_irq(isadev, >irq, isa->isairq);
+s->irq = isa_get_irq(isadev, isa->isairq);
 qemu_register_reset(parallel_reset, s);
 
 qemu_chr_fe_set_handlers(>chr, parallel_can_receive, NULL,
diff --git a/hw/char/serial-isa.c b/hw/char/serial-isa.c
index 1b8b303079..7a7ed239cd 100644
--- a/hw/char/serial-isa.c
+++ b/hw/char/serial-isa.c
@@ -75,7 +75,7 @@ static void serial_isa_realizefn(DeviceState *dev, Error 
**errp)
 }
 index++;
 
-isa_init_irq(isadev, >irq, isa->isairq);
+s->irq = isa_get_irq(isadev, isa->isairq);
 qdev_realize(DEVICE(s), NULL, errp);
 qdev_set_legacy_instance_id(dev, isa->iobase, 3);
 
diff --git a/hw/ide/isa.c b/hw/ide/isa.c
index 24bbde24c2..8bedbd13f1 100644
--- a/hw/ide/isa.c
+++ b/hw/ide/isa.c
@@ -75,7 +75,7 @@ static void isa_ide_realizefn(DeviceState *dev, Error **errp)
 
 ide_bus_init(>bus, sizeof(s->bus), dev, 0, 2);
 ide_init_ioport(>bus, isadev, s->iobase, s->iobase2);
-isa_init_irq(isadev, >irq, s->isairq);
+s->irq = isa_get_irq(isadev, s->isairq);
 ide_init2(>bus, s->irq);
 vmstate_register(VMSTATE_IF(dev), 0, _ide_isa, s);
 ide_register_restart_cb(>bus);
diff --git a/hw/input/pckbd.c b/hw/input/pckbd.c
index eb77e12f6f..1773db0d25 100644
--- a/hw/input/pckbd.c
+++ b/hw/input/pckbd.c
@@ -749,8 +749,8 @@ static void i8042_realizefn(DeviceState *dev, Error **errp)
 return;
 }
 
-isa_init_irq(isadev, >irq_kbd, isa_s->kbd_irq);
-isa_init_irq(isadev, >irq_mouse, isa_s->mouse_irq);
+s->irq_kbd = isa_get_irq(isadev, isa_s->kbd_irq);
+s->irq_mouse = isa_get_irq(isadev, isa_s->mouse_irq);
 
 isa_register_ioport(isadev, isa_s->io + 0, 0x60);
 isa_register_ioport(isadev, isa_s->io + 1, 0x64);
diff --git a/hw/ipmi/isa_ipmi_bt.c b/hw/ipmi/isa_ipmi_bt.c
index 02625eb94e..88aa734e9e 100644
--- a/hw/ipmi/isa_ipmi_bt.c
+++ b/hw/ipmi/isa_ipmi_bt.c
@@ -92,7 +92,7 @@ static void isa_ipmi_bt_realize(DeviceState *dev, Error 
**errp)
 }
 
 if (iib->isairq > 0) {
-isa_init_irq(isadev, >irq, iib->isairq);
+  

[PATCH vRESEND] virtio/virtio-balloon: Prefer Object* over void* parameter

[Bernhard Beschow]

*opaque is an alias to *obj. Using the ladder makes the code consistent with
with other devices, e.g. accel/kvm/kvm-all and accel/tcg/tcg-all. It also
makes the cast more typesafe.

Signed-off-by: Bernhard Beschow 
Reviewed-by: David Hildenbrand 
---
 hw/virtio/virtio-balloon.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index e6c1b0aa46..163d244eb4 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -242,7 +242,7 @@ static void balloon_stats_get_all(Object *obj, Visitor *v, 
const char *name,
   void *opaque, Error **errp)
 {
 Error *err = NULL;
-VirtIOBalloon *s = opaque;
+VirtIOBalloon *s = VIRTIO_BALLOON(obj);
 int i;
 
 if (!visit_start_struct(v, name, NULL, 0, )) {
@@ -277,7 +277,7 @@ static void balloon_stats_get_poll_interval(Object *obj, 
Visitor *v,
 const char *name, void *opaque,
 Error **errp)
 {
-VirtIOBalloon *s = opaque;
+VirtIOBalloon *s = VIRTIO_BALLOON(obj);
 visit_type_int(v, name, >stats_poll_interval, errp);
 }
 
@@ -285,7 +285,7 @@ static void balloon_stats_set_poll_interval(Object *obj, 
Visitor *v,
 const char *name, void *opaque,
 Error **errp)
 {
-VirtIOBalloon *s = opaque;
+VirtIOBalloon *s = VIRTIO_BALLOON(obj);
 int64_t value;
 
 if (!visit_type_int(v, name, , errp)) {
@@ -1015,12 +1015,12 @@ static void virtio_balloon_instance_init(Object *obj)
 s->free_page_hint_notify.notify = virtio_balloon_free_page_hint_notify;
 
 object_property_add(obj, "guest-stats", "guest statistics",
-balloon_stats_get_all, NULL, NULL, s);
+balloon_stats_get_all, NULL, NULL, NULL);
 
 object_property_add(obj, "guest-stats-polling-interval", "int",
 balloon_stats_get_poll_interval,
 balloon_stats_set_poll_interval,
-NULL, s);
+NULL, NULL);
 }
 
 static const VMStateDescription vmstate_virtio_balloon = {
-- 
2.35.1

Re: [PATCH v3] tests/tcg/s390x: Cleanup of mie3 tests.

[Richard Henderson]

On 3/1/22 11:43, David Miller wrote:

Adds clobbers and merges remaining separate asm statements.

v2 -> v3:
* Removed all direct memory references in mie3-sel.c

v1 -> v2:
* Corrected side in rebase conflict, removing older code.

Signed-off-by: David Miller
---
  tests/tcg/s390x/mie3-compl.c | 18 -
  tests/tcg/s390x/mie3-mvcrl.c | 12 
  tests/tcg/s390x/mie3-sel.c   | 38 
  3 files changed, 38 insertions(+), 30 deletions(-)


Reviewed-by: Richard Henderson 


r~

PS: Those versioning comments should be after a --- line, so that standard tooling removes 
them.

[PATCH v3 0/7] isa: Resolve unneeded IRQ attributes from ISADevice

[Bernhard Beschow]

v3:
* Use DEFINE_PROP_UINT8 / uint8_t for new IRQ properties. (Philippe)
* Use "%u" format when printing maximum allowed IRQ number in error messages.
  (Philippe)
* Use object_property_get_uint() in pnv.c. (Philippe)
* Squash cleanup patches (7-22) into
  "Inline and remove one-line isa_init_irq()" (Philippe)
* Mention in the commit message of patch 1 that mc146818rtc has its IRQ number
  now displayed in the human monitor. Since the IRQ numbers of the other
  "QOM'ified" devices were already displayed I've only adapted this commit
  message. (Philippe)

v2:
* The newly QOM'ified devices now report an error to the user in their realize
  functions if the configured IRQ number is greater than 15. (PMM)

v1:
The IRQ attributes of ISADevice are hardcoded to support up to two IRQs per
device which creates an artificial limit. By not having the attributes in the
first place, this limitation can be avoided altogether.

The IRQ attributes are mostly used for printing ('info qtree') and there is one
user, hw/ppc/pnv, to use the attributes directly. As it turns out, the printing
is redundant if the IRQ numbers are exposed as QOM properties and hw/ppc/pnv
can be easily ported away.

The patch series is structured as follows: Patch 1-3 QOM'ify the last devices
which rely on printing their IRQ numbers via the ISADevice attributes. Patch
4 and 5 remove the last users of the ISADevice attributes such that they can be
removed in patch 6. The remainder of the patch series is cleanup.

Patch 6 turns isa_init_irq() into a trivial wrapper for isa_get_irq(). That is,
the former function becomes redundant. All users are therefore converted to use
isa_get_irq() directly. Finally, the last patch removes the now unused
isa_init_irq().


Bernhard Beschow (7):
  hw/rtc/mc146818rtc: QOM'ify IRQ number
  hw/rtc/m48t59-isa: QOM'ify IRQ number
  hw/input/pckbd: QOM'ify IRQ numbers
  hw/isa/isa-bus: Remove isabus_dev_print()
  hw/ppc/pnv: Determine ns16550's IRQ number from QOM property
  isa: Drop unused attributes from ISADevice
  isa: Inline and remove one-line isa_init_irq()

 hw/audio/cs4231a.c   |  2 +-
 hw/audio/gus.c   |  2 +-
 hw/audio/sb16.c  |  2 +-
 hw/block/fdc-isa.c   |  2 +-
 hw/char/parallel.c   |  2 +-
 hw/char/serial-isa.c |  2 +-
 hw/ide/isa.c |  2 +-
 hw/input/pckbd.c | 26 +
 hw/ipmi/isa_ipmi_bt.c|  2 +-
 hw/ipmi/isa_ipmi_kcs.c   |  2 +-
 hw/isa/isa-bus.c | 37 +---
 hw/isa/piix4.c   |  2 +-
 hw/net/ne2000-isa.c  |  2 +-
 hw/ppc/pnv.c |  5 -
 hw/rtc/m48t59-isa.c  |  9 -
 hw/rtc/mc146818rtc.c | 13 +++--
 hw/tpm/tpm_tis_isa.c |  2 +-
 include/hw/isa/isa.h |  3 ---
 include/hw/rtc/mc146818rtc.h |  1 +
 tests/qemu-iotests/172.out   | 26 -
 20 files changed, 59 insertions(+), 85 deletions(-)

-- 
2.35.1

[PATCH v3 1/7] hw/rtc/mc146818rtc: QOM'ify IRQ number

[Bernhard Beschow]

Exposing the IRQ number as a QOM property not only allows it to be
configurable but also to be displayed in HMP:

Before:

(qemu) info qtree
   ...
  dev: mc146818rtc, id ""
gpio-out "" 1
base_year = 0 (0x0)
lost_tick_policy = "discard"

After:

  dev: mc146818rtc, id ""
gpio-out "" 1
base_year = 0 (0x0)
irq = 8 (0x8)
lost_tick_policy = "discard"

The reason the IRQ number didn's show up before is that this device does not
call isa_init_irq().

Signed-off-by: Bernhard Beschow 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/isa/piix4.c   |  2 +-
 hw/rtc/mc146818rtc.c | 13 +++--
 include/hw/rtc/mc146818rtc.h |  1 +
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 0fe7b69bc4..cb291d121c 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -197,7 +197,7 @@ static void piix4_realize(PCIDevice *dev, Error **errp)
 if (!qdev_realize(DEVICE(>rtc), BUS(isa_bus), errp)) {
 return;
 }
-isa_init_irq(ISA_DEVICE(>rtc), >rtc.irq, RTC_ISA_IRQ);
+isa_init_irq(ISA_DEVICE(>rtc), >rtc.irq, s->rtc.isairq);
 
 piix4_dev = dev;
 }
diff --git a/hw/rtc/mc146818rtc.c b/hw/rtc/mc146818rtc.c
index ac9a60c90e..f235c2ddbe 100644
--- a/hw/rtc/mc146818rtc.c
+++ b/hw/rtc/mc146818rtc.c
@@ -912,6 +912,11 @@ static void rtc_realizefn(DeviceState *dev, Error **errp)
 s->base_year = 0;
 }
 
+if (s->isairq >= ISA_NUM_IRQS) {
+error_setg(errp, "Maximum value for \"irq\" is: %u", ISA_NUM_IRQS - 1);
+return;
+}
+
 rtc_set_date_from_host(isadev);
 
 switch (s->lost_tick_policy) {
@@ -957,15 +962,17 @@ ISADevice *mc146818_rtc_init(ISABus *bus, int base_year, 
qemu_irq intercept_irq)
 {
 DeviceState *dev;
 ISADevice *isadev;
+RTCState *s;
 
 isadev = isa_new(TYPE_MC146818_RTC);
 dev = DEVICE(isadev);
+s = MC146818_RTC(isadev);
 qdev_prop_set_int32(dev, "base_year", base_year);
 isa_realize_and_unref(isadev, bus, _fatal);
 if (intercept_irq) {
 qdev_connect_gpio_out(dev, 0, intercept_irq);
 } else {
-isa_connect_gpio_out(isadev, 0, RTC_ISA_IRQ);
+isa_connect_gpio_out(isadev, 0, s->isairq);
 }
 
 object_property_add_alias(qdev_get_machine(), "rtc-time", OBJECT(isadev),
@@ -976,6 +983,7 @@ ISADevice *mc146818_rtc_init(ISABus *bus, int base_year, 
qemu_irq intercept_irq)
 
 static Property mc146818rtc_properties[] = {
 DEFINE_PROP_INT32("base_year", RTCState, base_year, 1980),
+DEFINE_PROP_UINT8("irq", RTCState, isairq, RTC_ISA_IRQ),
 DEFINE_PROP_LOSTTICKPOLICY("lost_tick_policy", RTCState,
lost_tick_policy, LOST_TICK_POLICY_DISCARD),
 DEFINE_PROP_END_OF_LIST(),
@@ -1011,6 +1019,7 @@ static void rtc_reset_hold(Object *obj)
 
 static void rtc_build_aml(ISADevice *isadev, Aml *scope)
 {
+RTCState *s = MC146818_RTC(isadev);
 Aml *dev;
 Aml *crs;
 
@@ -1021,7 +1030,7 @@ static void rtc_build_aml(ISADevice *isadev, Aml *scope)
 crs = aml_resource_template();
 aml_append(crs, aml_io(AML_DECODE16, RTC_ISA_BASE, RTC_ISA_BASE,
0x01, 0x08));
-aml_append(crs, aml_irq_no_flags(RTC_ISA_IRQ));
+aml_append(crs, aml_irq_no_flags(s->isairq));
 
 dev = aml_device("RTC");
 aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0B00")));
diff --git a/include/hw/rtc/mc146818rtc.h b/include/hw/rtc/mc146818rtc.h
index 5b45b22924..deef93f89a 100644
--- a/include/hw/rtc/mc146818rtc.h
+++ b/include/hw/rtc/mc146818rtc.h
@@ -25,6 +25,7 @@ struct RTCState {
 MemoryRegion coalesced_io;
 uint8_t cmos_data[128];
 uint8_t cmos_index;
+uint8_t isairq;
 int32_t base_year;
 uint64_t base_rtc;
 uint64_t last_update;
-- 
2.35.1

[PATCH v4 18/18] hw/arm/virt: Disable LPA2 for -machine virt-6.2

[Richard Henderson]

There is a Linux kernel bug present until v5.12 that prevents
booting with FEAT_LPA2 enabled.  As a workaround for TCG,
disable this feature for machine versions prior to 7.0.

Cc: Daniel P. Berrangé 
Signed-off-by: Richard Henderson 
---
 include/hw/arm/virt.h | 1 +
 hw/arm/virt.c | 7 +++
 2 files changed, 8 insertions(+)

diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index c1ea17d0de..7e76ee2619 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -132,6 +132,7 @@ struct VirtMachineClass {
 bool no_secure_gpio;
 /* Machines < 6.2 have no support for describing cpu topology to guest */
 bool no_cpu_topology;
+bool no_tcg_lpa2;
 };
 
 struct VirtMachineState {
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 46bf7ceddf..46a42502bc 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -2102,6 +2102,10 @@ static void machvirt_init(MachineState *machine)
 object_property_set_bool(cpuobj, "pmu", false, NULL);
 }
 
+if (vmc->no_tcg_lpa2 && object_property_find(cpuobj, "lpa2")) {
+object_property_set_bool(cpuobj, "lpa2", false, NULL);
+}
+
 if (object_property_find(cpuobj, "reset-cbar")) {
 object_property_set_int(cpuobj, "reset-cbar",
 vms->memmap[VIRT_CPUPERIPHS].base,
@@ -3020,8 +3024,11 @@ DEFINE_VIRT_MACHINE_AS_LATEST(7, 0)
 
 static void virt_machine_6_2_options(MachineClass *mc)
 {
+VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc));
+
 virt_machine_7_0_options(mc);
 compat_props_add(mc->compat_props, hw_compat_6_2, hw_compat_6_2_len);
+vmc->no_tcg_lpa2 = true;
 }
 DEFINE_VIRT_MACHINE(6, 2)
 
-- 
2.25.1

[PATCH v4 17/18] target/arm: Provide cpu property for controling FEAT_LPA2

[Richard Henderson]

There is a Linux kernel bug present until v5.12 that prevents
booting with FEAT_LPA2 enabled.  As a workaround for TCG, allow
the feature to be disabled from -cpu max.

Since this kernel bug is present in the Fedora 31 image that
we test in avocado, disable lpa2 on the command-line.

Signed-off-by: Richard Henderson 
---
 target/arm/cpu.h|  5 -
 target/arm/cpu.c|  6 ++
 target/arm/cpu64.c  | 24 
 tests/avocado/boot_linux.py |  2 ++
 4 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 24d9fff170..4aa70ceca1 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -204,10 +204,12 @@ typedef struct {
 # define ARM_MAX_VQ16
 void arm_cpu_sve_finalize(ARMCPU *cpu, Error **errp);
 void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp);
+void arm_cpu_lpa2_finalize(ARMCPU *cpu, Error **errp);
 #else
 # define ARM_MAX_VQ1
 static inline void arm_cpu_sve_finalize(ARMCPU *cpu, Error **errp) { }
 static inline void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp) { }
+static inline void arm_cpu_lpa2_finalize(ARMCPU *cpu, Error **errp) { }
 #endif
 
 typedef struct ARMVectorReg {
@@ -975,10 +977,11 @@ struct ARMCPU {
 
 /*
  * Intermediate values used during property parsing.
- * Once finalized, the values should be read from ID_AA64ISAR1.
+ * Once finalized, the values should be read from ID_AA64*.
  */
 bool prop_pauth;
 bool prop_pauth_impdef;
+bool prop_lpa2;
 
 /* DCZ blocksize, in log_2(words), ie low 4 bits of DCZID_EL0 */
 uint32_t dcz_blocksize;
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index e251f0df4b..e2747e7d86 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1391,6 +1391,12 @@ void arm_cpu_finalize_features(ARMCPU *cpu, Error **errp)
 error_propagate(errp, local_err);
 return;
 }
+
+arm_cpu_lpa2_finalize(cpu, _err);
+if (local_err != NULL) {
+error_propagate(errp, local_err);
+return;
+}
 }
 
 if (kvm_enabled()) {
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 2fdc16bf18..eb44c05822 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -688,6 +688,29 @@ void aarch64_add_pauth_properties(Object *obj)
 }
 }
 
+static Property arm_cpu_lpa2_property =
+DEFINE_PROP_BOOL("lpa2", ARMCPU, prop_lpa2, true);
+
+void arm_cpu_lpa2_finalize(ARMCPU *cpu, Error **errp)
+{
+uint64_t t;
+
+/*
+ * We only install the property for tcg -cpu max; this is the
+ * only situation in which the cpu field can be true.
+ */
+if (!cpu->prop_lpa2) {
+return;
+}
+
+t = cpu->isar.id_aa64mmfr0;
+t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN16, 2);   /* 16k pages w/ LPA2 */
+t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN4, 1);/*  4k pages w/ LPA2 */
+t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN16_2, 3); /* 16k stage2 w/ LPA2 */
+t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN4_2, 3);  /*  4k stage2 w/ LPA2 */
+cpu->isar.id_aa64mmfr0 = t;
+}
+
 static void aarch64_host_initfn(Object *obj)
 {
 #if defined(CONFIG_KVM)
@@ -897,6 +920,7 @@ static void aarch64_max_initfn(Object *obj)
 aarch64_add_sve_properties(obj);
 object_property_add(obj, "sve-max-vq", "uint32", cpu_max_get_sve_max_vq,
 cpu_max_set_sve_max_vq, NULL, NULL);
+qdev_property_add_static(DEVICE(obj), _cpu_lpa2_property);
 }
 
 static void aarch64_a64fx_initfn(Object *obj)
diff --git a/tests/avocado/boot_linux.py b/tests/avocado/boot_linux.py
index ab19146d1e..ee584d2fdf 100644
--- a/tests/avocado/boot_linux.py
+++ b/tests/avocado/boot_linux.py
@@ -79,6 +79,7 @@ def test_virt_tcg_gicv2(self):
 """
 self.require_accelerator("tcg")
 self.vm.add_args("-accel", "tcg")
+self.vm.add_args("-cpu", "max,lpa2=off")
 self.vm.add_args("-machine", "virt,gic-version=2")
 self.add_common_args()
 self.launch_and_wait(set_up_ssh_connection=False)
@@ -91,6 +92,7 @@ def test_virt_tcg_gicv3(self):
 """
 self.require_accelerator("tcg")
 self.vm.add_args("-accel", "tcg")
+self.vm.add_args("-cpu", "max,lpa2=off")
 self.vm.add_args("-machine", "virt,gic-version=3")
 self.add_common_args()
 self.launch_and_wait(set_up_ssh_connection=False)
-- 
2.25.1

[PATCH v3 3/7] hw/input/pckbd: QOM'ify IRQ numbers

[Bernhard Beschow]

Exposing the IRQ numbers as QOM properties not only allows them to be
configurable but also to be printed by standard QOM mechanisms. This
allows isabus_dev_print() to be retired eventually.

Signed-off-by: Bernhard Beschow 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/pckbd.c | 26 ++
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/hw/input/pckbd.c b/hw/input/pckbd.c
index baba62f357..eb77e12f6f 100644
--- a/hw/input/pckbd.c
+++ b/hw/input/pckbd.c
@@ -26,6 +26,7 @@
 #include "qemu/error-report.h"
 #include "qemu/log.h"
 #include "qemu/timer.h"
+#include "qapi/error.h"
 #include "hw/isa/isa.h"
 #include "migration/vmstate.h"
 #include "hw/acpi/aml-build.h"
@@ -671,6 +672,8 @@ struct ISAKBDState {
 KBDState kbd;
 bool kbd_throttle;
 MemoryRegion io[2];
+uint8_t kbd_irq;
+uint8_t mouse_irq;
 };
 
 void i8042_isa_mouse_fake_event(ISAKBDState *isa)
@@ -734,8 +737,20 @@ static void i8042_realizefn(DeviceState *dev, Error **errp)
 ISAKBDState *isa_s = I8042(dev);
 KBDState *s = _s->kbd;
 
-isa_init_irq(isadev, >irq_kbd, 1);
-isa_init_irq(isadev, >irq_mouse, 12);
+if (isa_s->kbd_irq >= ISA_NUM_IRQS) {
+error_setg(errp, "Maximum value for \"kbd-irq\" is: %u",
+   ISA_NUM_IRQS - 1);
+return;
+}
+
+if (isa_s->mouse_irq >= ISA_NUM_IRQS) {
+error_setg(errp, "Maximum value for \"mouse-irq\" is: %u",
+   ISA_NUM_IRQS - 1);
+return;
+}
+
+isa_init_irq(isadev, >irq_kbd, isa_s->kbd_irq);
+isa_init_irq(isadev, >irq_mouse, isa_s->mouse_irq);
 
 isa_register_ioport(isadev, isa_s->io + 0, 0x60);
 isa_register_ioport(isadev, isa_s->io + 1, 0x64);
@@ -754,6 +769,7 @@ static void i8042_realizefn(DeviceState *dev, Error **errp)
 
 static void i8042_build_aml(ISADevice *isadev, Aml *scope)
 {
+ISAKBDState *isa_s = I8042(isadev);
 Aml *kbd;
 Aml *mou;
 Aml *crs;
@@ -761,7 +777,7 @@ static void i8042_build_aml(ISADevice *isadev, Aml *scope)
 crs = aml_resource_template();
 aml_append(crs, aml_io(AML_DECODE16, 0x0060, 0x0060, 0x01, 0x01));
 aml_append(crs, aml_io(AML_DECODE16, 0x0064, 0x0064, 0x01, 0x01));
-aml_append(crs, aml_irq_no_flags(1));
+aml_append(crs, aml_irq_no_flags(isa_s->kbd_irq));
 
 kbd = aml_device("KBD");
 aml_append(kbd, aml_name_decl("_HID", aml_eisaid("PNP0303")));
@@ -769,7 +785,7 @@ static void i8042_build_aml(ISADevice *isadev, Aml *scope)
 aml_append(kbd, aml_name_decl("_CRS", crs));
 
 crs = aml_resource_template();
-aml_append(crs, aml_irq_no_flags(12));
+aml_append(crs, aml_irq_no_flags(isa_s->mouse_irq));
 
 mou = aml_device("MOU");
 aml_append(mou, aml_name_decl("_HID", aml_eisaid("PNP0F13")));
@@ -783,6 +799,8 @@ static void i8042_build_aml(ISADevice *isadev, Aml *scope)
 static Property i8042_properties[] = {
 DEFINE_PROP_BOOL("extended-state", ISAKBDState, kbd.extended_state, true),
 DEFINE_PROP_BOOL("kbd-throttle", ISAKBDState, kbd_throttle, false),
+DEFINE_PROP_UINT8("kbd-irq", ISAKBDState, kbd_irq, 1),
+DEFINE_PROP_UINT8("mouse-irq", ISAKBDState, mouse_irq, 12),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
2.35.1

Re: [PATCH v4 0/7] malta: Fix PCI IRQ levels to be preserved during migration, cleanup

[Bernhard Beschow]

Am 17. Februar 2022 10:19:17 UTC schrieb Bernhard Beschow :
>Tested with [1]:
>
>  qemu-system-mipsel -M malta -kernel vmlinux-3.2.0-4-4kc-malta -hda \
>  debian_wheezy_mipsel_standard.qcow2 -append "root=/dev/sda1 console=tty0"
>
>It was possible to log in as root and `poweroff` the machine.
>
>[1] https://people.debian.org/~aurel32/qemu/mips/
>
>
>v4:
>  As suggested by BALATON Zoltan, gt64120_register() is now resolved by
>sysbus_create_simple() etc. This also fixes the nitpick pointed out by
>Philippe.
>
>v3:
>  The migration bug now gets fixed in gt64xxx_pci before any cleanup. As
>suggested by PMM the patch is based on commit e735b55a8c11.
>  The code movement patch now moves the already fixed code. I might be a bit
>too conservative here by removing Philippe's Reviewed-By tag.
>  As suggested by BALATON Zoltan, the redundant i8259[] attribute is now
>resolved immediately after the code movement. As a side effect, it also
>removes moved code which doesn't adhere to the coding style (local loop
>variable).
>  To address BALATON Zoltan's comment and to reduce the number of required
>Reviewed-By's, only piix4_set_irq() is modified to expect own DeviceState
>paremeter. Up to v2, all remaining set_irq() functions were changed this
>way.
>  The patch resolving piix4's singleton variable got split into two patches:
>One which resolves the singleton variable and one which replaces magic
>constants. The split patches should be more comprehensible.
>  Suggested by BALATON Zoltan, I took a chance to resolve gt64120_register(),
>a method akin to the legacy init functions we're trying to get rid of.
>
>v2:
>  isa/piix4: Fix PCI IRQ levels to be preserved in VMState
>  isa/piix4: Resolve redundant i8259[] attribute
>
>Bernhard Beschow (7):
>  hw/mips/gt64xxx_pci: Fix PCI IRQ levels to be preserved during
>migration
>  malta: Move PCI interrupt handling from gt64xxx_pci to piix4
>  hw/isa/piix4: Resolve redundant i8259[] attribute
>  hw/isa/piix4: Pass PIIX4State as opaque parameter for piix4_set_irq()
>  hw/isa/piix4: Resolve global instance variable
>  hw/isa/piix4: Replace some magic IRQ constants
>  hw/mips/gt64xxx_pci: Resolve gt64120_register()
>
> hw/isa/piix4.c| 54 +--
> hw/mips/gt64xxx_pci.c | 80 +++
> hw/mips/malta.c   |  7 +--
> include/hw/mips/mips.h|  3 --
> include/hw/southbridge/piix.h |  2 -
> 5 files changed, 59 insertions(+), 87 deletions(-)
>

@Phil: Would you also queue this series in your MIPS tree?

Best regards,
Bernhard

[PATCH v3 2/7] hw/rtc/m48t59-isa: QOM'ify IRQ number

[Bernhard Beschow]

Exposing the IRQ number as a QOM property not only allows it to be
configurable but also to be printed by standard QOM mechanisms. This allows
isabus_dev_print() to be retired eventually.

Signed-off-by: Bernhard Beschow 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/rtc/m48t59-isa.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/hw/rtc/m48t59-isa.c b/hw/rtc/m48t59-isa.c
index dc21fb10a5..e9086eada4 100644
--- a/hw/rtc/m48t59-isa.c
+++ b/hw/rtc/m48t59-isa.c
@@ -42,6 +42,7 @@ struct M48txxISAState {
 ISADevice parent_obj;
 M48t59State state;
 uint32_t io_base;
+uint8_t isairq;
 MemoryRegion io;
 };
 
@@ -79,6 +80,7 @@ static void m48txx_isa_toggle_lock(Nvram *obj, int lock)
 static Property m48t59_isa_properties[] = {
 DEFINE_PROP_INT32("base-year", M48txxISAState, state.base_year, 0),
 DEFINE_PROP_UINT32("iobase", M48txxISAState, io_base, 0x74),
+DEFINE_PROP_UINT8("irq", M48txxISAState, isairq, 8),
 DEFINE_PROP_END_OF_LIST(),
 };
 
@@ -97,9 +99,14 @@ static void m48t59_isa_realize(DeviceState *dev, Error 
**errp)
 M48txxISAState *d = M48TXX_ISA(dev);
 M48t59State *s = >state;
 
+if (d->isairq >= ISA_NUM_IRQS) {
+error_setg(errp, "Maximum value for \"irq\" is: %u", ISA_NUM_IRQS - 1);
+return;
+}
+
 s->model = u->info.model;
 s->size = u->info.size;
-isa_init_irq(isadev, >IRQ, 8);
+isa_init_irq(isadev, >IRQ, d->isairq);
 m48t59_realize_common(s, errp);
 memory_region_init_io(>io, OBJECT(dev), _io_ops, s, "m48t59", 4);
 if (d->io_base != 0) {
-- 
2.35.1

[PATCH v4 14/18] target/arm: Validate tlbi TG matches translation granule in use

[Richard Henderson]

For FEAT_LPA2, we will need other ARMVAParameters, which themselves
depend on the translation granule in use.  We might as well validate
that the given TG matches; the architecture "does not require that
the instruction invalidates any entries" if this is not true.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/helper.c | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index e455397fb5..3a7f5cf6f0 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4520,12 +4520,16 @@ static TLBIRange tlbi_aa64_get_range(CPUARMState *env, 
ARMMMUIdx mmuidx,
  uint64_t value)
 {
 unsigned int page_size_granule, page_shift, num, scale, exponent;
+/* Extract one bit to represent the va selector in use. */
+uint64_t select = sextract64(value, 36, 1);
+ARMVAParameters param = aa64_va_parameters(env, select, mmuidx, true);
 TLBIRange ret = { };
 
 page_size_granule = extract64(value, 46, 2);
 
-if (page_size_granule == 0) {
-qemu_log_mask(LOG_GUEST_ERROR, "Invalid page size granule %d\n",
+/* The granule encoded in value must match the granule in use. */
+if (page_size_granule != (param.using64k ? 3 : param.using16k ? 2 : 1)) {
+qemu_log_mask(LOG_GUEST_ERROR, "Invalid tlbi page size granule %d\n",
   page_size_granule);
 return ret;
 }
@@ -4537,7 +4541,7 @@ static TLBIRange tlbi_aa64_get_range(CPUARMState *env, 
ARMMMUIdx mmuidx,
 
 ret.length = (num + 1) << (exponent + page_shift);
 
-if (regime_has_2_ranges(mmuidx)) {
+if (param.select) {
 ret.base = sextract64(value, 0, 37);
 } else {
 ret.base = extract64(value, 0, 37);
-- 
2.25.1

[PATCH v4 15/18] target/arm: Advertise all page sizes for -cpu max

[Richard Henderson]

We support 16k pages, but do not advertize that in ID_AA64MMFR0.

The value 0 in the TGRAN*_2 fields indicates that stage2 lookups defer
to the same support as stage1 lookups.  This setting is deprecated, so
indicate support for all stage2 page sizes directly.

Signed-off-by: Richard Henderson 
---
 target/arm/cpu64.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index d88662cef6..2fdc16bf18 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -796,6 +796,10 @@ static void aarch64_max_initfn(Object *obj)
 
 t = cpu->isar.id_aa64mmfr0;
 t = FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 6); /* FEAT_LPA: 52 bits */
+t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN16, 1);   /* 16k pages supported */
+t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN16_2, 2); /* 16k stage2 supported */
+t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN64_2, 2); /* 64k stage2 supported */
+t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN4_2, 2);  /*  4k stage2 supported */
 cpu->isar.id_aa64mmfr0 = t;
 
 t = cpu->isar.id_aa64mmfr1;
-- 
2.25.1

[PATCH v3 5/7] hw/ppc/pnv: Determine ns16550's IRQ number from QOM property

[Bernhard Beschow]

Determine the IRQ number in the same way as for pnv_dt_ipmi_bt(). This
resolves one usage of ISADevice::isairq[] which allows it to be removed
eventually.

Signed-off-by: Bernhard Beschow 
Reviewed-by: Cédric Le Goater 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/ppc/pnv.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 837146a2fb..441bf958ca 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -380,9 +380,12 @@ static void pnv_dt_serial(ISADevice *d, void *fdt, int 
lpc_off)
 cpu_to_be32(io_base),
 cpu_to_be32(8)
 };
+uint32_t irq;
 char *name;
 int node;
 
+irq = object_property_get_uint(OBJECT(d), "irq", _fatal);
+
 name = g_strdup_printf("%s@i%x", qdev_fw_name(DEVICE(d)), io_base);
 node = fdt_add_subnode(fdt, lpc_off, name);
 _FDT(node);
@@ -394,7 +397,7 @@ static void pnv_dt_serial(ISADevice *d, void *fdt, int 
lpc_off)
 
 _FDT((fdt_setprop_cell(fdt, node, "clock-frequency", 1843200)));
 _FDT((fdt_setprop_cell(fdt, node, "current-speed", 115200)));
-_FDT((fdt_setprop_cell(fdt, node, "interrupts", d->isairq[0])));
+_FDT((fdt_setprop_cell(fdt, node, "interrupts", irq)));
 _FDT((fdt_setprop_cell(fdt, node, "interrupt-parent",
fdt_get_phandle(fdt, lpc_off;
 
-- 
2.35.1

[PATCH v4 08/18] target/arm: Prepare DBGBVR and DBGWVR for FEAT_LVA

[Richard Henderson]

The original A.a revision of the AArch64 ARM required that we
force-extend the addresses in these registers from 49 bits.
This language has been loosened via a combination of IMPLEMENTATION
DEFINED and CONSTRAINTED UNPREDICTABLE to allow consideration of
the entire aligned address.

This means that we do not have to consider whether or not FEAT_LVA
is enabled, and decide from which bit an address might need to be
extended.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/helper.c | 32 
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index c002100979..2eff30d18c 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6423,11 +6423,18 @@ static void dbgwvr_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 ARMCPU *cpu = env_archcpu(env);
 int i = ri->crm;
 
-/* Bits [63:49] are hardwired to the value of bit [48]; that is, the
- * register reads and behaves as if values written are sign extended.
+/*
  * Bits [1:0] are RES0.
+ *
+ * It is IMPLEMENTATION DEFINED whether [63:49] ([63:53] with FEAT_LVA)
+ * are hardwired to the value of bit [48] ([52] with FEAT_LVA), or if
+ * they contain the value written.  It is CONSTRAINED UNPREDICTABLE
+ * whether the RESS bits are ignored when comparing an address.
+ *
+ * Therefore we are allowed to compare the entire register, which lets
+ * us avoid considering whether or not FEAT_LVA is actually enabled.
  */
-value = sextract64(value, 0, 49) & ~3ULL;
+value &= ~3ULL;
 
 raw_write(env, ri, value);
 hw_watchpoint_update(cpu, i);
@@ -6473,10 +6480,19 @@ void hw_breakpoint_update(ARMCPU *cpu, int n)
 case 0: /* unlinked address match */
 case 1: /* linked address match */
 {
-/* Bits [63:49] are hardwired to the value of bit [48]; that is,
- * we behave as if the register was sign extended. Bits [1:0] are
- * RES0. The BAS field is used to allow setting breakpoints on 16
- * bit wide instructions; it is CONSTRAINED UNPREDICTABLE whether
+/*
+ * Bits [1:0] are RES0.
+ *
+ * It is IMPLEMENTATION DEFINED whether bits [63:49]
+ * ([63:53] for FEAT_LVA) are hardwired to a copy of the sign bit
+ * of the VA field ([48] or [52] for FEAT_LVA), or whether the
+ * value is read as written.  It is CONSTRAINED UNPREDICTABLE
+ * whether the RESS bits are ignored when comparing an address.
+ * Therefore we are allowed to compare the entire register, which
+ * lets us avoid considering whether FEAT_LVA is actually enabled.
+ *
+ * The BAS field is used to allow setting breakpoints on 16-bit
+ * wide instructions; it is CONSTRAINED UNPREDICTABLE whether
  * a bp will fire if the addresses covered by the bp and the addresses
  * covered by the insn overlap but the insn doesn't start at the
  * start of the bp address range. We choose to require the insn and
@@ -6489,7 +6505,7 @@ void hw_breakpoint_update(ARMCPU *cpu, int n)
  * See also figure D2-3 in the v8 ARM ARM (DDI0487A.c).
  */
 int bas = extract64(bcr, 5, 4);
-addr = sextract64(bvr, 0, 49) & ~3ULL;
+addr = bvr & ~3ULL;
 if (bas == 0) {
 return;
 }
-- 
2.25.1

[PATCH v4 12/18] target/arm: Introduce tlbi_aa64_get_range

[Richard Henderson]

Merge tlbi_aa64_range_get_length and tlbi_aa64_range_get_base,
returning a structure containing both results.  Pass in the
ARMMMUIdx, rather than the digested two_ranges boolean.

This is in preparation for FEAT_LPA2, where the interpretation
of 'value' depends on the effective value of DS for the regime.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/helper.c | 58 +++--
 1 file changed, 24 insertions(+), 34 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 950f56599e..31c2a716f2 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4511,70 +4511,60 @@ static void tlbi_aa64_vae3is_write(CPUARMState *env, 
const ARMCPRegInfo *ri,
 }
 
 #ifdef TARGET_AARCH64
-static uint64_t tlbi_aa64_range_get_length(CPUARMState *env,
-   uint64_t value)
-{
-unsigned int page_shift;
-unsigned int page_size_granule;
-uint64_t num;
-uint64_t scale;
-uint64_t exponent;
+typedef struct {
+uint64_t base;
 uint64_t length;
+} TLBIRange;
+
+static TLBIRange tlbi_aa64_get_range(CPUARMState *env, ARMMMUIdx mmuidx,
+ uint64_t value)
+{
+unsigned int page_size_granule, page_shift, num, scale, exponent;
+TLBIRange ret = { };
 
-num = extract64(value, 39, 5);
-scale = extract64(value, 44, 2);
 page_size_granule = extract64(value, 46, 2);
 
 if (page_size_granule == 0) {
 qemu_log_mask(LOG_GUEST_ERROR, "Invalid page size granule %d\n",
   page_size_granule);
-return 0;
+return ret;
 }
 
 page_shift = (page_size_granule - 1) * 2 + 12;
-
+num = extract64(value, 39, 5);
+scale = extract64(value, 44, 2);
 exponent = (5 * scale) + 1;
-length = (num + 1) << (exponent + page_shift);
 
-return length;
-}
+ret.length = (num + 1) << (exponent + page_shift);
 
-static uint64_t tlbi_aa64_range_get_base(CPUARMState *env, uint64_t value,
-bool two_ranges)
-{
-/* TODO: ARMv8.7 FEAT_LPA2 */
-uint64_t pageaddr;
-
-if (two_ranges) {
-pageaddr = sextract64(value, 0, 37) << TARGET_PAGE_BITS;
+if (regime_has_2_ranges(mmuidx)) {
+ret.base = sextract64(value, 0, 37) << TARGET_PAGE_BITS;
 } else {
-pageaddr = extract64(value, 0, 37) << TARGET_PAGE_BITS;
+ret.base = extract64(value, 0, 37) << TARGET_PAGE_BITS;
 }
 
-return pageaddr;
+return ret;
 }
 
 static void do_rvae_write(CPUARMState *env, uint64_t value,
   int idxmap, bool synced)
 {
 ARMMMUIdx one_idx = ARM_MMU_IDX_A | ctz32(idxmap);
-bool two_ranges = regime_has_2_ranges(one_idx);
-uint64_t baseaddr, length;
+TLBIRange range;
 int bits;
 
-baseaddr = tlbi_aa64_range_get_base(env, value, two_ranges);
-length = tlbi_aa64_range_get_length(env, value);
-bits = tlbbits_for_regime(env, one_idx, baseaddr);
+range = tlbi_aa64_get_range(env, one_idx, value);
+bits = tlbbits_for_regime(env, one_idx, range.base);
 
 if (synced) {
 tlb_flush_range_by_mmuidx_all_cpus_synced(env_cpu(env),
-  baseaddr,
-  length,
+  range.base,
+  range.length,
   idxmap,
   bits);
 } else {
-tlb_flush_range_by_mmuidx(env_cpu(env), baseaddr,
-  length, idxmap, bits);
+tlb_flush_range_by_mmuidx(env_cpu(env), range.base,
+  range.length, idxmap, bits);
 }
 }
 
-- 
2.25.1

[PATCH v4 03/18] target/arm: Fault on invalid TCR_ELx.TxSZ

[Richard Henderson]

Without FEAT_LVA, the behaviour of programming an invalid value
is IMPLEMENTATION DEFINED.  With FEAT_LVA, programming an invalid
minimum value requires a Translation fault.

It is most self-consistent to choose to generate the fault always.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
v2: Continue to bound in aa64_va_parameters, so that PAuth gets
something it can use, but provide a flag for get_phys_addr_lpae
to raise a fault.
---
 target/arm/internals.h |  1 +
 target/arm/helper.c| 32 
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index 3f05748ea4..ef6c25d8cb 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1055,6 +1055,7 @@ typedef struct ARMVAParameters {
 bool hpd: 1;
 bool using16k   : 1;
 bool using64k   : 1;
+bool tsz_oob: 1;  /* tsz has been clamped to legal range */
 } ARMVAParameters;
 
 ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 7bf50fdd76..dd4d95bda2 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11190,8 +11190,8 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
ARMMMUIdx mmu_idx, bool data)
 {
 uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
-bool epd, hpd, using16k, using64k;
-int select, tsz, tbi, max_tsz;
+bool epd, hpd, using16k, using64k, tsz_oob;
+int select, tsz, tbi, max_tsz, min_tsz;
 
 if (!regime_has_2_ranges(mmu_idx)) {
 select = 0;
@@ -11232,9 +11232,17 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
 } else {
 max_tsz = 39;
 }
+min_tsz = 16;  /* TODO: ARMv8.2-LVA  */
 
-tsz = MIN(tsz, max_tsz);
-tsz = MAX(tsz, 16);  /* TODO: ARMv8.2-LVA  */
+if (tsz > max_tsz) {
+tsz = max_tsz;
+tsz_oob = true;
+} else if (tsz < min_tsz) {
+tsz = min_tsz;
+tsz_oob = true;
+} else {
+tsz_oob = false;
+}
 
 /* Present TBI as a composite with TBID.  */
 tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
@@ -11251,6 +11259,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
 .hpd = hpd,
 .using16k = using16k,
 .using64k = using64k,
+.tsz_oob = tsz_oob,
 };
 }
 
@@ -11374,6 +11383,21 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 param = aa64_va_parameters(env, address, mmu_idx,
access_type != MMU_INST_FETCH);
 level = 0;
+
+/*
+ * If TxSZ is programmed to a value larger than the maximum,
+ * or smaller than the effective minimum, it is IMPLEMENTATION
+ * DEFINED whether we behave as if the field were programmed
+ * within bounds, or if a level 0 Translation fault is generated.
+ *
+ * With FEAT_LVA, fault on less than minimum becomes required,
+ * so our choice is to always raise the fault.
+ */
+if (param.tsz_oob) {
+fault_type = ARMFault_Translation;
+goto do_fault;
+}
+
 addrsize = 64 - 8 * param.tbi;
 inputsize = 64 - param.tsz;
 } else {
-- 
2.25.1

[PATCH v4 09/18] target/arm: Implement FEAT_LVA

[Richard Henderson]

This feature is relatively small, as it applies only to
64k pages and thus requires no additional changes to the
table descriptor walking algorithm, only a change to the
minimum TSZ (which is the inverse of the maximum virtual
address space size).

Note that this feature widens VBAR_ELx, but we already
treat the register as being 64 bits wide.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 docs/system/arm/emulation.rst | 1 +
 target/arm/cpu-param.h| 2 +-
 target/arm/cpu.h  | 5 +
 target/arm/cpu64.c| 1 +
 target/arm/helper.c   | 9 -
 5 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index 144dc491d9..f3eabddfb5 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -27,6 +27,7 @@ the following architecture extensions:
 - FEAT_LRCPC (Load-acquire RCpc instructions)
 - FEAT_LRCPC2 (Load-acquire RCpc instructions v2)
 - FEAT_LSE (Large System Extensions)
+- FEAT_LVA (Large Virtual Address space)
 - FEAT_MTE (Memory Tagging Extension)
 - FEAT_MTE2 (Memory Tagging Extension)
 - FEAT_MTE3 (MTE Asymmetric Fault Handling)
diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index 7f38d33b8e..5f9c288b1a 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -11,7 +11,7 @@
 #ifdef TARGET_AARCH64
 # define TARGET_LONG_BITS 64
 # define TARGET_PHYS_ADDR_SPACE_BITS  48
-# define TARGET_VIRT_ADDR_SPACE_BITS  48
+# define TARGET_VIRT_ADDR_SPACE_BITS  52
 #else
 # define TARGET_LONG_BITS 32
 # define TARGET_PHYS_ADDR_SPACE_BITS  40
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index c6a4d50e82..c52d56f669 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -4289,6 +4289,11 @@ static inline bool isar_feature_aa64_ccidx(const 
ARMISARegisters *id)
 return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, CCIDX) != 0;
 }
 
+static inline bool isar_feature_aa64_lva(const ARMISARegisters *id)
+{
+return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, VARANGE) != 0;
+}
+
 static inline bool isar_feature_aa64_tts2uxn(const ARMISARegisters *id)
 {
 return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, XNX) != 0;
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 1171ab16b9..1de31ffb40 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -811,6 +811,7 @@ static void aarch64_max_initfn(Object *obj)
 t = FIELD_DP64(t, ID_AA64MMFR2, UAO, 1);
 t = FIELD_DP64(t, ID_AA64MMFR2, CNP, 1); /* TTCNP */
 t = FIELD_DP64(t, ID_AA64MMFR2, ST, 1); /* TTST */
+t = FIELD_DP64(t, ID_AA64MMFR2, VARANGE, 1); /* FEAT_LVA */
 cpu->isar.id_aa64mmfr2 = t;
 
 t = cpu->isar.id_aa64zfr0;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 2eff30d18c..28b4347213 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11271,7 +11271,14 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
 } else {
 max_tsz = 39;
 }
-min_tsz = 16;  /* TODO: ARMv8.2-LVA  */
+
+min_tsz = 16;
+if (using64k) {
+if (cpu_isar_feature(aa64_lva, env_archcpu(env))) {
+min_tsz = 12;
+}
+}
+/* TODO: FEAT_LPA2 */
 
 if (tsz > max_tsz) {
 tsz = max_tsz;
-- 
2.25.1

[PATCH v4 16/18] target/arm: Implement FEAT_LPA2

[Richard Henderson]

This feature widens physical addresses (and intermediate physical
addresses for 2-stage translation) from 48 to 52 bits, when using
4k or 16k pages.

This introduces the DS bit to TCR_ELx, which is RES0 unless the
page size is enabled and supports LPA2, resulting in the effective
value of DS for a given table walk.  The DS bit changes the format
of the page table descriptor slightly, moving the PS field out to
TCR so that all pages have the same sharability and repurposing
those bits of the page table descriptor for the highest bits of
the output address.

Do not yet enable FEAT_LPA2; we need extra plumbing to avoid
tickling an old kernel bug.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
v2: Check DS in tlbi_aa64_get_range.
Check TGRAN4_2 and TGRAN16_2.
v4: Do not enable the feature yet.
---
 docs/system/arm/emulation.rst |   1 +
 target/arm/cpu.h  |  22 
 target/arm/internals.h|   2 +
 target/arm/helper.c   | 102 +-
 4 files changed, 112 insertions(+), 15 deletions(-)

diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index 0053ddce20..520fd39071 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -25,6 +25,7 @@ the following architecture extensions:
 - FEAT_JSCVT (JavaScript conversion instructions)
 - FEAT_LOR (Limited ordering regions)
 - FEAT_LPA (Large Physical Address space)
+- FEAT_LPA2 (Large Physical and virtual Address space v2)
 - FEAT_LRCPC (Load-acquire RCpc instructions)
 - FEAT_LRCPC2 (Load-acquire RCpc instructions v2)
 - FEAT_LSE (Large System Extensions)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index c52d56f669..24d9fff170 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -4284,6 +4284,28 @@ static inline bool isar_feature_aa64_i8mm(const 
ARMISARegisters *id)
 return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, I8MM) != 0;
 }
 
+static inline bool isar_feature_aa64_tgran4_lpa2(const ARMISARegisters *id)
+{
+return FIELD_SEX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN4) >= 1;
+}
+
+static inline bool isar_feature_aa64_tgran4_2_lpa2(const ARMISARegisters *id)
+{
+unsigned t = FIELD_EX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN4_2);
+return t >= 3 || (t == 0 && isar_feature_aa64_tgran4_lpa2(id));
+}
+
+static inline bool isar_feature_aa64_tgran16_lpa2(const ARMISARegisters *id)
+{
+return FIELD_EX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN16) >= 2;
+}
+
+static inline bool isar_feature_aa64_tgran16_2_lpa2(const ARMISARegisters *id)
+{
+unsigned t = FIELD_EX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN16_2);
+return t >= 3 || (t == 0 && isar_feature_aa64_tgran16_lpa2(id));
+}
+
 static inline bool isar_feature_aa64_ccidx(const ARMISARegisters *id)
 {
 return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, CCIDX) != 0;
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 00af41d792..a34be2e459 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1056,6 +1056,7 @@ static inline uint32_t aarch64_pstate_valid_mask(const 
ARMISARegisters *id)
 typedef struct ARMVAParameters {
 unsigned tsz: 8;
 unsigned ps : 3;
+unsigned sh : 2;
 unsigned select : 1;
 bool tbi: 1;
 bool epd: 1;
@@ -1063,6 +1064,7 @@ typedef struct ARMVAParameters {
 bool using16k   : 1;
 bool using64k   : 1;
 bool tsz_oob: 1;  /* tsz has been clamped to legal range */
+bool ds : 1;
 } ARMVAParameters;
 
 ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 3a7f5cf6f0..088956eecf 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4546,6 +4546,14 @@ static TLBIRange tlbi_aa64_get_range(CPUARMState *env, 
ARMMMUIdx mmuidx,
 } else {
 ret.base = extract64(value, 0, 37);
 }
+if (param.ds) {
+/*
+ * With DS=1, BaseADDR is always shifted 16 so that it is able
+ * to address all 52 va bits.  The input address is perforce
+ * aligned on a 64k boundary regardless of translation granule.
+ */
+page_shift = 16;
+}
 ret.base <<= page_shift;
 
 return ret;
@@ -11081,8 +11089,13 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool 
is_aa64, int level,
 const int grainsize = stride + 3;
 int startsizecheck;
 
-/* Negative levels are never allowed.  */
-if (level < 0) {
+/*
+ * Negative levels are usually not allowed...
+ * Except for FEAT_LPA2, 4k page table, 52-bit address space, which
+ * begins with level -1.  Note that previous feature tests will have
+ * eliminated this combination if it is not enabled.
+ */
+if (level < (inputsize == 52 && stride == 9 ? -1 : 0)) {
 return false;
 }
 
@@ -11223,8 +11236,9 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
ARMMMUIdx mmu_idx, bool data)
 {
   

[PATCH v4 13/18] target/arm: Fix TLBIRange.base for 16k and 64k pages

[Richard Henderson]

The shift of the BaseADDR field depends on the translation
granule in use.

Fixes: 84940ed8255 ("target/arm: Add support for FEAT_TLBIRANGE")
Reported-by: Peter Maydell 
Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/helper.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 31c2a716f2..e455397fb5 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4538,10 +4538,11 @@ static TLBIRange tlbi_aa64_get_range(CPUARMState *env, 
ARMMMUIdx mmuidx,
 ret.length = (num + 1) << (exponent + page_shift);
 
 if (regime_has_2_ranges(mmuidx)) {
-ret.base = sextract64(value, 0, 37) << TARGET_PAGE_BITS;
+ret.base = sextract64(value, 0, 37);
 } else {
-ret.base = extract64(value, 0, 37) << TARGET_PAGE_BITS;
+ret.base = extract64(value, 0, 37);
 }
+ret.base <<= page_shift;
 
 return ret;
 }
-- 
2.25.1

[PATCH v4 04/18] target/arm: Move arm_pamax out of line

[Richard Henderson]

We will shortly share parts of this function with other portions
of address translation.

Reviewed-by: Peter Maydell 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/arm/internals.h | 19 +--
 target/arm/helper.c| 22 ++
 2 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index ef6c25d8cb..fefd1fb8d8 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -243,24 +243,7 @@ static inline void update_spsel(CPUARMState *env, uint32_t 
imm)
  * Returns the implementation defined bit-width of physical addresses.
  * The ARMv8 reference manuals refer to this as PAMax().
  */
-static inline unsigned int arm_pamax(ARMCPU *cpu)
-{
-static const unsigned int pamax_map[] = {
-[0] = 32,
-[1] = 36,
-[2] = 40,
-[3] = 42,
-[4] = 44,
-[5] = 48,
-};
-unsigned int parange =
-FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE);
-
-/* id_aa64mmfr0 is a read-only register so values outside of the
- * supported mappings can be considered an implementation error.  */
-assert(parange < ARRAY_SIZE(pamax_map));
-return pamax_map[parange];
-}
+unsigned int arm_pamax(ARMCPU *cpu);
 
 /* Return true if extended addresses are enabled.
  * This is always the case if our translation regime is 64 bit,
diff --git a/target/arm/helper.c b/target/arm/helper.c
index dd4d95bda2..71e575f352 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11152,6 +11152,28 @@ static uint8_t convert_stage2_attrs(CPUARMState *env, 
uint8_t s2attrs)
 }
 #endif /* !CONFIG_USER_ONLY */
 
+/* The cpu-specific constant value of PAMax; also used by hw/arm/virt. */
+unsigned int arm_pamax(ARMCPU *cpu)
+{
+static const unsigned int pamax_map[] = {
+[0] = 32,
+[1] = 36,
+[2] = 40,
+[3] = 42,
+[4] = 44,
+[5] = 48,
+};
+unsigned int parange =
+FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE);
+
+/*
+ * id_aa64mmfr0 is a read-only register so values outside of the
+ * supported mappings can be considered an implementation error.
+ */
+assert(parange < ARRAY_SIZE(pamax_map));
+return pamax_map[parange];
+}
+
 static int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx)
 {
 if (regime_has_2_ranges(mmu_idx)) {
-- 
2.25.1

[PATCH v4 07/18] target/arm: Honor TCR_ELx.{I}PS

[Richard Henderson]

This field controls the output (intermediate) physical address size
of the translation process.  V8 requires to raise an AddressSize
fault if the page tables are programmed incorrectly, such that any
intermediate descriptor address, or the final translated address,
is out of range.

Add a PS field to ARMVAParameters, and properly compute outputsize
in get_phys_addr_lpae.  Test the descaddr as extracted from TTBR
and from page table entries.

Restrict descaddrmask so that we won't raise the fault for v7.

Reviewed-by: Peter Maydell 
Reviewed-by: Alex Bennée 
Signed-off-by: Richard Henderson 
---
 target/arm/internals.h |  1 +
 target/arm/helper.c| 72 --
 2 files changed, 57 insertions(+), 16 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index fefd1fb8d8..3d3d41ba2b 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1032,6 +1032,7 @@ static inline uint32_t aarch64_pstate_valid_mask(const 
ARMISARegisters *id)
  */
 typedef struct ARMVAParameters {
 unsigned tsz: 8;
+unsigned ps : 3;
 unsigned select : 1;
 bool tbi: 1;
 bool epd: 1;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 675aec4bf3..c002100979 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11149,17 +11149,19 @@ static uint8_t convert_stage2_attrs(CPUARMState *env, 
uint8_t s2attrs)
 }
 #endif /* !CONFIG_USER_ONLY */
 
+/* This mapping is common between ID_AA64MMFR0.PARANGE and TCR_ELx.{I}PS. */
+static const uint8_t pamax_map[] = {
+[0] = 32,
+[1] = 36,
+[2] = 40,
+[3] = 42,
+[4] = 44,
+[5] = 48,
+};
+
 /* The cpu-specific constant value of PAMax; also used by hw/arm/virt. */
 unsigned int arm_pamax(ARMCPU *cpu)
 {
-static const unsigned int pamax_map[] = {
-[0] = 32,
-[1] = 36,
-[2] = 40,
-[3] = 42,
-[4] = 44,
-[5] = 48,
-};
 unsigned int parange =
 FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE);
 
@@ -11210,7 +11212,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
 {
 uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
 bool epd, hpd, using16k, using64k, tsz_oob;
-int select, tsz, tbi, max_tsz, min_tsz;
+int select, tsz, tbi, max_tsz, min_tsz, ps;
 
 if (!regime_has_2_ranges(mmu_idx)) {
 select = 0;
@@ -11224,6 +11226,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
 hpd = extract32(tcr, 24, 1);
 }
 epd = false;
+ps = extract32(tcr, 16, 3);
 } else {
 /*
  * Bit 55 is always between the two regions, and is canonical for
@@ -11244,6 +11247,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
 epd = extract32(tcr, 23, 1);
 hpd = extract64(tcr, 42, 1);
 }
+ps = extract64(tcr, 32, 3);
 }
 
 if (cpu_isar_feature(aa64_st, env_archcpu(env))) {
@@ -11272,6 +11276,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
 
 return (ARMVAParameters) {
 .tsz = tsz,
+.ps = ps,
 .select = select,
 .tbi = tbi,
 .epd = epd,
@@ -11399,6 +11404,8 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 
 /* TODO: This code does not support shareability levels. */
 if (aarch64) {
+int ps;
+
 param = aa64_va_parameters(env, address, mmu_idx,
access_type != MMU_INST_FETCH);
 level = 0;
@@ -11419,7 +11426,16 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 
 addrsize = 64 - 8 * param.tbi;
 inputsize = 64 - param.tsz;
-outputsize = arm_pamax(cpu);
+
+/*
+ * Bound PS by PARANGE to find the effective output address size.
+ * ID_AA64MMFR0 is a read-only register so values outside of the
+ * supported mappings can be considered an implementation error.
+ */
+ps = FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE);
+ps = MIN(ps, param.ps);
+assert(ps < ARRAY_SIZE(pamax_map));
+outputsize = pamax_map[ps];
 } else {
 param = aa32_va_parameters(env, address, mmu_idx);
 level = 1;
@@ -11523,19 +11539,38 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 
 /* Now we can extract the actual base address from the TTBR */
 descaddr = extract64(ttbr, 0, 48);
+
+/*
+ * If the base address is out of range, raise AddressSizeFault.
+ * In the pseudocode, this is !IsZero(baseregister<47:outputsize>),
+ * but we've just cleared the bits above 47, so simplify the test.
+ */
+if (descaddr >> outputsize) {
+level = 0;
+fault_type = ARMFault_AddressSize;
+goto do_fault;
+}
+
 /*
  * We rely on this masking to clear the RES0 bits at the bottom of the TTBR
  * and also 

[PATCH v4 10/18] target/arm: Implement FEAT_LPA

[Richard Henderson]

This feature widens physical addresses (and intermediate physical
addresses for 2-stage translation) from 48 to 52 bits, when using
64k pages.  The only thing left at this point is to handle the
extra bits in the TTBR and in the table descriptors.

Note that PAR_EL1 and HPFAR_EL2 are nominally extended, but we don't
mask out the high bits when writing to those registers, so no changes
are required there.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 docs/system/arm/emulation.rst |  1 +
 target/arm/cpu-param.h|  2 +-
 target/arm/cpu64.c|  2 +-
 target/arm/helper.c   | 19 ---
 4 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index f3eabddfb5..0053ddce20 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -24,6 +24,7 @@ the following architecture extensions:
 - FEAT_I8MM (AArch64 Int8 matrix multiplication instructions)
 - FEAT_JSCVT (JavaScript conversion instructions)
 - FEAT_LOR (Limited ordering regions)
+- FEAT_LPA (Large Physical Address space)
 - FEAT_LRCPC (Load-acquire RCpc instructions)
 - FEAT_LRCPC2 (Load-acquire RCpc instructions v2)
 - FEAT_LSE (Large System Extensions)
diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index 5f9c288b1a..b59d505761 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -10,7 +10,7 @@
 
 #ifdef TARGET_AARCH64
 # define TARGET_LONG_BITS 64
-# define TARGET_PHYS_ADDR_SPACE_BITS  48
+# define TARGET_PHYS_ADDR_SPACE_BITS  52
 # define TARGET_VIRT_ADDR_SPACE_BITS  52
 #else
 # define TARGET_LONG_BITS 32
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 1de31ffb40..d88662cef6 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -795,7 +795,7 @@ static void aarch64_max_initfn(Object *obj)
 cpu->isar.id_aa64pfr1 = t;
 
 t = cpu->isar.id_aa64mmfr0;
-t = FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 5); /* PARange: 48 bits */
+t = FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 6); /* FEAT_LPA: 52 bits */
 cpu->isar.id_aa64mmfr0 = t;
 
 t = cpu->isar.id_aa64mmfr1;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 28b4347213..950f56599e 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11173,6 +11173,7 @@ static const uint8_t pamax_map[] = {
 [3] = 42,
 [4] = 44,
 [5] = 48,
+[6] = 52,
 };
 
 /* The cpu-specific constant value of PAMax; also used by hw/arm/virt. */
@@ -11564,11 +11565,15 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 descaddr = extract64(ttbr, 0, 48);
 
 /*
- * If the base address is out of range, raise AddressSizeFault.
+ * For FEAT_LPA and PS=6, bits [51:48] of descaddr are in [5:2] of TTBR.
+ *
+ * Otherwise, if the base address is out of range, raise AddressSizeFault.
  * In the pseudocode, this is !IsZero(baseregister<47:outputsize>),
  * but we've just cleared the bits above 47, so simplify the test.
  */
-if (descaddr >> outputsize) {
+if (outputsize > 48) {
+descaddr |= extract64(ttbr, 2, 4) << 48;
+} else if (descaddr >> outputsize) {
 level = 0;
 fault_type = ARMFault_AddressSize;
 goto do_fault;
@@ -11620,7 +11625,15 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 }
 
 descaddr = descriptor & descaddrmask;
-if (descaddr >> outputsize) {
+
+/*
+ * For FEAT_LPA and PS=6, bits [51:48] of descaddr are in [15:12]
+ * of descriptor.  Otherwise, if descaddr is out of range, raise
+ * AddressSizeFault.
+ */
+if (outputsize > 48) {
+descaddr |= extract64(descriptor, 12, 4) << 48;
+} else if (descaddr >> outputsize) {
 fault_type = ARMFault_AddressSize;
 goto do_fault;
 }
-- 
2.25.1

[PATCH v4 11/18] target/arm: Extend arm_fi_to_lfsc to level -1

[Richard Henderson]

With FEAT_LPA2, rather than introducing translation level 4,
we introduce level -1, below the current level 0.  Extend
arm_fi_to_lfsc to handle these faults.

Assert that this new translation level does not leak into
fault types for which it is not defined, which allows some
masking of fi->level to be removed.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/internals.h | 35 +--
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index 3d3d41ba2b..00af41d792 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -462,28 +462,51 @@ static inline uint32_t arm_fi_to_lfsc(ARMMMUFaultInfo *fi)
 case ARMFault_None:
 return 0;
 case ARMFault_AddressSize:
-fsc = fi->level & 3;
+assert(fi->level >= -1 && fi->level <= 3);
+if (fi->level < 0) {
+fsc = 0b101001;
+} else {
+fsc = fi->level;
+}
 break;
 case ARMFault_AccessFlag:
-fsc = (fi->level & 3) | (0x2 << 2);
+assert(fi->level >= 0 && fi->level <= 3);
+fsc = 0b001000 | fi->level;
 break;
 case ARMFault_Permission:
-fsc = (fi->level & 3) | (0x3 << 2);
+assert(fi->level >= 0 && fi->level <= 3);
+fsc = 0b001100 | fi->level;
 break;
 case ARMFault_Translation:
-fsc = (fi->level & 3) | (0x1 << 2);
+assert(fi->level >= -1 && fi->level <= 3);
+if (fi->level < 0) {
+fsc = 0b101011;
+} else {
+fsc = 0b000100 | fi->level;
+}
 break;
 case ARMFault_SyncExternal:
 fsc = 0x10 | (fi->ea << 12);
 break;
 case ARMFault_SyncExternalOnWalk:
-fsc = (fi->level & 3) | (0x5 << 2) | (fi->ea << 12);
+assert(fi->level >= -1 && fi->level <= 3);
+if (fi->level < 0) {
+fsc = 0b010011;
+} else {
+fsc = 0b010100 | fi->level;
+}
+fsc |= fi->ea << 12;
 break;
 case ARMFault_SyncParity:
 fsc = 0x18;
 break;
 case ARMFault_SyncParityOnWalk:
-fsc = (fi->level & 3) | (0x7 << 2);
+assert(fi->level >= -1 && fi->level <= 3);
+if (fi->level < 0) {
+fsc = 0b011011;
+} else {
+fsc = 0b011100 | fi->level;
+}
 break;
 case ARMFault_AsyncParity:
 fsc = 0x19;
-- 
2.25.1

[PATCH v4 06/18] target/arm: Use MAKE_64BIT_MASK to compute indexmask

[Richard Henderson]

The macro is a bit more readable than the inlined computation.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/arm/helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 431b0c1405..675aec4bf3 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11518,8 +11518,8 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 level = startlevel;
 }
 
-indexmask_grainsize = (1ULL << (stride + 3)) - 1;
-indexmask = (1ULL << (inputsize - (stride * (4 - level - 1;
+indexmask_grainsize = MAKE_64BIT_MASK(0, stride + 3);
+indexmask = MAKE_64BIT_MASK(0, inputsize - (stride * (4 - level)));
 
 /* Now we can extract the actual base address from the TTBR */
 descaddr = extract64(ttbr, 0, 48);
-- 
2.25.1

[PATCH v4 00/18] target/arm: Implement LVA, LPA, LPA2 features

[Richard Henderson]

Changes for v4:
  * Add cpu property for lpa2.
  * Disable that property for -machine virt-6.2 and previous.

Changes for v3:
  * Update emulation.rst.
  * Split out separate update to ID_AA64MMFR0.
  * Hack for avocado.


r~


Richard Henderson (18):
  hw/registerfields: Add FIELD_SEX and FIELD_SDP
  target/arm: Set TCR_EL1.TSZ for user-only
  target/arm: Fault on invalid TCR_ELx.TxSZ
  target/arm: Move arm_pamax out of line
  target/arm: Pass outputsize down to check_s2_mmu_setup
  target/arm: Use MAKE_64BIT_MASK to compute indexmask
  target/arm: Honor TCR_ELx.{I}PS
  target/arm: Prepare DBGBVR and DBGWVR for FEAT_LVA
  target/arm: Implement FEAT_LVA
  target/arm: Implement FEAT_LPA
  target/arm: Extend arm_fi_to_lfsc to level -1
  target/arm: Introduce tlbi_aa64_get_range
  target/arm: Fix TLBIRange.base for 16k and 64k pages
  target/arm: Validate tlbi TG matches translation granule in use
  target/arm: Advertise all page sizes for -cpu max
  target/arm: Implement FEAT_LPA2
  target/arm: Provide cpu property for controling FEAT_LPA2
  hw/arm/virt: Disable LPA2 for -machine virt-6.2

 docs/system/arm/emulation.rst |   3 +
 include/hw/arm/virt.h |   1 +
 include/hw/registerfields.h   |  48 -
 target/arm/cpu-param.h|   4 +-
 target/arm/cpu.h  |  32 +++-
 target/arm/internals.h|  58 +++---
 hw/arm/virt.c |   7 +
 target/arm/cpu.c  |   9 +-
 target/arm/cpu64.c|  31 +++-
 target/arm/helper.c   | 332 ++
 tests/avocado/boot_linux.py   |   2 +
 11 files changed, 425 insertions(+), 102 deletions(-)

-- 
2.25.1

[PATCH v4 05/18] target/arm: Pass outputsize down to check_s2_mmu_setup

[Richard Henderson]

Pass down the width of the output address from translation.
For now this is still just PAMax, but a subsequent patch will
compute the correct value from TCR_ELx.{I}PS.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/helper.c | 21 ++---
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 71e575f352..431b0c1405 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11065,7 +11065,7 @@ do_fault:
  * false otherwise.
  */
 static bool check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, int level,
-   int inputsize, int stride)
+   int inputsize, int stride, int outputsize)
 {
 const int grainsize = stride + 3;
 int startsizecheck;
@@ -11081,22 +11081,19 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool 
is_aa64, int level,
 }
 
 if (is_aa64) {
-CPUARMState *env = >env;
-unsigned int pamax = arm_pamax(cpu);
-
 switch (stride) {
 case 13: /* 64KB Pages.  */
-if (level == 0 || (level == 1 && pamax <= 42)) {
+if (level == 0 || (level == 1 && outputsize <= 42)) {
 return false;
 }
 break;
 case 11: /* 16KB Pages.  */
-if (level == 0 || (level == 1 && pamax <= 40)) {
+if (level == 0 || (level == 1 && outputsize <= 40)) {
 return false;
 }
 break;
 case 9: /* 4KB Pages.  */
-if (level == 0 && pamax <= 42) {
+if (level == 0 && outputsize <= 42) {
 return false;
 }
 break;
@@ -11105,8 +11102,8 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool 
is_aa64, int level,
 }
 
 /* Inputsize checks.  */
-if (inputsize > pamax &&
-(arm_el_is_aa64(env, 1) || inputsize > 40)) {
+if (inputsize > outputsize &&
+(arm_el_is_aa64(>env, 1) || inputsize > 40)) {
 /* This is CONSTRAINED UNPREDICTABLE and we choose to fault.  */
 return false;
 }
@@ -11392,7 +11389,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 target_ulong page_size;
 uint32_t attrs;
 int32_t stride;
-int addrsize, inputsize;
+int addrsize, inputsize, outputsize;
 TCR *tcr = regime_tcr(env, mmu_idx);
 int ap, ns, xn, pxn;
 uint32_t el = regime_el(env, mmu_idx);
@@ -11422,11 +11419,13 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 
 addrsize = 64 - 8 * param.tbi;
 inputsize = 64 - param.tsz;
+outputsize = arm_pamax(cpu);
 } else {
 param = aa32_va_parameters(env, address, mmu_idx);
 level = 1;
 addrsize = (mmu_idx == ARMMMUIdx_Stage2 ? 40 : 32);
 inputsize = addrsize - param.tsz;
+outputsize = 40;
 }
 
 /*
@@ -11511,7 +11510,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 
 /* Check that the starting level is valid. */
 ok = check_s2_mmu_setup(cpu, aarch64, startlevel,
-inputsize, stride);
+inputsize, stride, outputsize);
 if (!ok) {
 fault_type = ARMFault_Translation;
 goto do_fault;
-- 
2.25.1

[PATCH v4 02/18] target/arm: Set TCR_EL1.TSZ for user-only

[Richard Henderson]

Set this as the kernel would, to 48 bits, to keep the computation
of the address space correct for PAuth.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/cpu.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index c085dc10ee..e251f0df4b 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -206,10 +206,11 @@ static void arm_cpu_reset(DeviceState *dev)
 aarch64_sve_zcr_get_valid_len(cpu, cpu->sve_default_vq - 1);
 }
 /*
+ * Enable 48-bit address space (TODO: take reserved_va into account).
  * Enable TBI0 but not TBI1.
  * Note that this must match useronly_clean_ptr.
  */
-env->cp15.tcr_el[1].raw_tcr = (1ULL << 37);
+env->cp15.tcr_el[1].raw_tcr = 5 | (1ULL << 37);
 
 /* Enable MTE */
 if (cpu_isar_feature(aa64_mte, cpu)) {
-- 
2.25.1

Re: [PATCH] 9pfs: move qemu_dirent_dup() from osdep -> 9p-util

[Peter Maydell]

On Tue, 1 Mar 2022 at 20:47, Christian Schoenebeck
 wrote:
>
> Function qemu_dirent_dup() is currently only used by 9pfs server, so move
> it from project global header osdep.h to 9pfs specific header 9p-util.h.
>
> Link: 
> https://lore.kernel.org/qemu-devel/CAFEAcA_=haunomkd2wursvaaha5mrk22a1ohklwudjk7v6k...@mail.gmail.com/
> Based-on: <20220227223522.91937-12-wwco...@gmail.com>
> Signed-off-by: Christian Schoenebeck 
> ---
>  hw/9pfs/9p-util.h| 30 ++
>  include/qemu/osdep.h | 13 -
>  util/osdep.c | 21 -
>  3 files changed, 30 insertions(+), 34 deletions(-)
>
> diff --git a/hw/9pfs/9p-util.h b/hw/9pfs/9p-util.h
> index 1f74d37558..8b92614e6c 100644
> --- a/hw/9pfs/9p-util.h
> +++ b/hw/9pfs/9p-util.h
> @@ -112,6 +112,36 @@ static inline off_t qemu_dirent_off(struct dirent *dent)
>  #endif
>  }
>
> +/**
> + * Duplicate directory entry @dent.
> + *
> + * It is highly recommended to use this function instead of open coding
> + * duplication of @c dirent objects, because the actual @c struct @c dirent
> + * size may be bigger or shorter than @c sizeof(struct dirent) and correct
> + * handling is platform specific (see gitlab issue #841).
> + *
> + * @dent - original directory entry to be duplicated
> + * @returns duplicated directory entry which should be freed with g_free()
> + */

Reviewed-by: Peter Maydell 

since it's just code movement, but those "@c"s look a bit weird:
are they really valid kerneldoc comment markup?

thanks
-- PMM

[PATCH v4 01/18] hw/registerfields: Add FIELD_SEX and FIELD_SDP

[Richard Henderson]

Add new macros to manipulate signed fields within the register.

Reviewed-by: Philippe Mathieu-Daudé 
Suggested-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 include/hw/registerfields.h | 48 -
 1 file changed, 47 insertions(+), 1 deletion(-)

diff --git a/include/hw/registerfields.h b/include/hw/registerfields.h
index f2a3c9c41f..3a88e135d0 100644
--- a/include/hw/registerfields.h
+++ b/include/hw/registerfields.h
@@ -59,6 +59,19 @@
 extract64((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
   R_ ## reg ## _ ## field ## _LENGTH)
 
+#define FIELD_SEX8(storage, reg, field)   \
+sextract8((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH)
+#define FIELD_SEX16(storage, reg, field)  \
+sextract16((storage), R_ ## reg ## _ ## field ## _SHIFT,  \
+   R_ ## reg ## _ ## field ## _LENGTH)
+#define FIELD_SEX32(storage, reg, field)  \
+sextract32((storage), R_ ## reg ## _ ## field ## _SHIFT,  \
+   R_ ## reg ## _ ## field ## _LENGTH)
+#define FIELD_SEX64(storage, reg, field)  \
+sextract64((storage), R_ ## reg ## _ ## field ## _SHIFT,  \
+   R_ ## reg ## _ ## field ## _LENGTH)
+
 /* Extract a field from an array of registers */
 #define ARRAY_FIELD_EX32(regs, reg, field)\
 FIELD_EX32((regs)[R_ ## reg], reg, field)
@@ -95,7 +108,40 @@
 _d; })
 #define FIELD_DP64(storage, reg, field, val) ({   \
 struct {  \
-uint64_t v:R_ ## reg ## _ ## field ## _LENGTH;\
+uint64_t v:R_ ## reg ## _ ## field ## _LENGTH;\
+} _v = { .v = val };  \
+uint64_t _d;  \
+_d = deposit64((storage), R_ ## reg ## _ ## field ## _SHIFT,  \
+  R_ ## reg ## _ ## field ## _LENGTH, _v.v);  \
+_d; })
+
+#define FIELD_SDP8(storage, reg, field, val) ({   \
+struct {  \
+signed int v:R_ ## reg ## _ ## field ## _LENGTH;  \
+} _v = { .v = val };  \
+uint8_t _d;   \
+_d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,  \
+  R_ ## reg ## _ ## field ## _LENGTH, _v.v);  \
+_d; })
+#define FIELD_SDP16(storage, reg, field, val) ({  \
+struct {  \
+signed int v:R_ ## reg ## _ ## field ## _LENGTH;  \
+} _v = { .v = val };  \
+uint16_t _d;  \
+_d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,  \
+  R_ ## reg ## _ ## field ## _LENGTH, _v.v);  \
+_d; })
+#define FIELD_SDP32(storage, reg, field, val) ({  \
+struct {  \
+signed int v:R_ ## reg ## _ ## field ## _LENGTH;  \
+} _v = { .v = val };  \
+uint32_t _d;  \
+_d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,  \
+  R_ ## reg ## _ ## field ## _LENGTH, _v.v);  \
+_d; })
+#define FIELD_SDP64(storage, reg, field, val) ({  \
+struct {  \
+int64_t v:R_ ## reg ## _ ## field ## _LENGTH; \
 } _v = { .v = val };  \
 uint64_t _d;  \
 _d = deposit64((storage), R_ ## reg ## _ ## field ## _SHIFT,  \
-- 
2.25.1

[PATCH v3] tests/tcg/s390x: Cleanup of mie3 tests.

[David Miller]

Adds clobbers and merges remaining separate asm statements.

v2 -> v3:
* Removed all direct memory references in mie3-sel.c

v1 -> v2:
* Corrected side in rebase conflict, removing older code.

Signed-off-by: David Miller 
---
 tests/tcg/s390x/mie3-compl.c | 18 -
 tests/tcg/s390x/mie3-mvcrl.c | 12 
 tests/tcg/s390x/mie3-sel.c   | 38 
 3 files changed, 38 insertions(+), 30 deletions(-)

diff --git a/tests/tcg/s390x/mie3-compl.c b/tests/tcg/s390x/mie3-compl.c
index 35649f3b02..938938df9e 100644
--- a/tests/tcg/s390x/mie3-compl.c
+++ b/tests/tcg/s390x/mie3-compl.c
@@ -1,13 +1,20 @@
 #include 
 
+
 #define FbinOp(S, ASM) uint64_t S(uint64_t a, uint64_t b) \
-{ \
-uint64_t res = 0; \
-asm ("llihf %[res],801\n" ASM \
- : [res]"="(res) : [a]"r"(a), [b]"r"(b) : "cc"); \
-return res; \
+{   \
+uint64_t res = 0;   \
+asm volatile (  \
+"llihf %[res],801\n"\
+ASM \
+: [res] "=" (res)  \
+: [a] "r" (a)   \
+, [b] "r" (b)   \
+);  \
+return res; \
 }
 
+
 /* AND WITH COMPLEMENT */
 FbinOp(_ncrk,  ".insn rrf, 0xB9F5, %[res], %[b], %[a], 0\n")
 FbinOp(_ncgrk, ".insn rrf, 0xB9E5, %[res], %[b], %[a], 0\n")
@@ -28,6 +35,7 @@ FbinOp(_nogrk, ".insn rrf, 0xB966, %[res], %[b], %[a], 
0\n")
 FbinOp(_ocrk,  ".insn rrf, 0xB975, %[res], %[b], %[a], 0\n")
 FbinOp(_ocgrk, ".insn rrf, 0xB965, %[res], %[b], %[a], 0\n")
 
+
 int main(int argc, char *argv[])
 {
 if (_ncrk(0xFF88, 0xAA11)  != 0x03210011ull ||
diff --git a/tests/tcg/s390x/mie3-mvcrl.c b/tests/tcg/s390x/mie3-mvcrl.c
index 57b08e48d0..f749dad9c2 100644
--- a/tests/tcg/s390x/mie3-mvcrl.c
+++ b/tests/tcg/s390x/mie3-mvcrl.c
@@ -1,15 +1,17 @@
 #include 
 #include 
 
+
 static inline void mvcrl_8(const char *dst, const char *src)
 {
 asm volatile (
-"llill %%r0, 8\n"
-".insn sse, 0xE50A, 0(%[dst]), 0(%[src])"
-: : [dst] "d" (dst), [src] "d" (src)
-: "memory");
+"llill %%r0, 8\n"
+".insn sse, 0xE50A, 0(%[dst]), 0(%[src])"
+: : [dst] "d" (dst), [src] "d" (src)
+: "r0", "memory");
 }
 
+
 int main(int argc, char *argv[])
 {
 const char *alpha = "abcdefghijklmnop";
@@ -25,3 +27,5 @@ int main(int argc, char *argv[])
 
 return strncmp(alpha, tstr, 16ul);
 }
+
+
diff --git a/tests/tcg/s390x/mie3-sel.c b/tests/tcg/s390x/mie3-sel.c
index b0c5c9857d..4f54d37eeb 100644
--- a/tests/tcg/s390x/mie3-sel.c
+++ b/tests/tcg/s390x/mie3-sel.c
@@ -1,32 +1,27 @@
 #include 
 
+
 #define Fi3(S, ASM) uint64_t S(uint64_t a, uint64_t b, uint64_t c) \
-{\
-uint64_t res = 0;\
-asm (\
- "lg %%r2, %[a]\n"   \
- "lg %%r3, %[b]\n"   \
- "lg %%r0, %[c]\n"   \
- "ltgr %%r0, %%r0\n" \
- ASM \
- "stg %%r0, %[res] " \
- : [res] "=m" (res)  \
- : [a] "m" (a),  \
-   [b] "m" (b),  \
-   [c] "m" (c)   \
- : "r0", "r2",   \
-   "r3", "r4"\
-);   \
-return res;  \
+{   \
+asm volatile (  \
+"ltgr %[c], %[c]\n" \
+ASM \
+: [c] "+r" (c)  \
+: [a]  "r" (a)  \
+, [b]  "r" (b)  \
+);  \
+return c;   \
 }
 
-Fi3 (_selre, ".insn rrf, 0xB9F0, %%r0, %%r3, %%r2, 8\n")
-Fi3 (_selgrz,".insn rrf, 0xB9E3, %%r0, %%r3, %%r2, 8\n")
-Fi3 (_selfhrnz,  ".insn rrf, 0xB9C0, %%r0, %%r3, %%r2, 7\n")
+Fi3 (_selre, ".insn rrf, 0xB9F0, %[c], %[b], %[a], 8\n")
+Fi3 (_selgrz,".insn rrf, 0xB9E3, %[c], %[b], %[a], 8\n")
+Fi3 (_selfhrnz,  ".insn rrf, 0xB9C0, %[c], %[b], %[a], 7\n")
+
 
 int main(int argc, char *argv[])
 {
 uint64_t a = ~0, b = ~0, c = ~0;
+
 a =_selre(0x06660066ull, 0x06660006ull, a);
 b =   _selgrz(0xF00D0005ull, 0xF00D0055ull, b);
 c = _selfhrnz(0x04320044ull, 0x06540004ull, c);
@@ -34,5 +29,6 @@ int main(int argc, char *argv[])
 return (int) (
 (0x0066ull != a) ||
 (0xF00D0005ull != b) ||
-(0x0654ull != c));
+(0x0654ull != c) );
 }
+
-- 
2.34.1

Re: [PATCH v2] tests/tcg/s390x: Cleanup of mie3 tests.

[Richard Henderson]

On 3/1/22 10:22, David Miller wrote:

However the constraint must be wrong there.
Sorry about split message.

On Tue, Mar 1, 2022 at 3:21 PM David Miller > wrote:


I used


#define Fi3(S, ASM) uint64_t S(uint64_t a, uint64_t b, uint64_t c) \
{   \
 uint64_t res= 0; \
asm volatile (  \
 "ltgr %[c], %[c]\n" \
 ASM \
 "stg %[c], %[res] " \
 : [res]"=" (res) \
 : [a]"r" (a), \
   [b]"r" (b), \
   [c]"r" (c)   \
); \
 return res; \
}




The final stg is wrong and unnecessary.


r~

[PATCH 1/3] block/copy-before-write: refactor option parsing

[Vladimir Sementsov-Ogievskiy]

We are going to add one more option of enum type. Let's refactor option
parsing so that we can simply work with BlockdevOptionsCbw object.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 block/copy-before-write.c | 66 ---
 1 file changed, 40 insertions(+), 26 deletions(-)

diff --git a/block/copy-before-write.c b/block/copy-before-write.c
index 0b6d26605c..56aa7577c3 100644
--- a/block/copy-before-write.c
+++ b/block/copy-before-write.c
@@ -24,6 +24,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qapi/qmp/qjson.h"
 
 #include "sysemu/block-backend.h"
 #include "qemu/cutils.h"
@@ -328,46 +329,49 @@ static void cbw_child_perm(BlockDriverState *bs, 
BdrvChild *c,
 }
 }
 
-static bool cbw_parse_bitmap_option(QDict *options, BdrvDirtyBitmap **bitmap,
-Error **errp)
+static BlockdevOptionsCbw *cbw_parse_options(QDict *options, Error **errp)
 {
-QDict *bitmap_qdict = NULL;
-BlockDirtyBitmap *bmp_param = NULL;
+QDict *cbw_qdict = NULL;
+BlockdevOptionsCbw *opts = NULL;
 Visitor *v = NULL;
-bool ret = false;
 
-*bitmap = NULL;
+cbw_qdict = qdict_clone_shallow(options);
 
-qdict_extract_subqdict(options, _qdict, "bitmap.");
-if (!qdict_size(bitmap_qdict)) {
-ret = true;
-goto out;
-}
+/*
+ * Delete BlockdevOptions base fields, that are not part of
+ * BlockdevOptionsCbw.
+ */
+qdict_del(cbw_qdict, "driver");
+qdict_del(cbw_qdict, "node-name");
+qdict_del(cbw_qdict, "discard");
+qdict_del(cbw_qdict, "cache");
+qdict_extract_subqdict(cbw_qdict, NULL, "cache.");
+qdict_del(cbw_qdict, "read-only");
+qdict_del(cbw_qdict, "auto-read-only");
+qdict_del(cbw_qdict, "force-share");
+qdict_del(cbw_qdict, "detect-zeroes");
 
-v = qobject_input_visitor_new_flat_confused(bitmap_qdict, errp);
+v = qobject_input_visitor_new_flat_confused(cbw_qdict, errp);
 if (!v) {
 goto out;
 }
 
-visit_type_BlockDirtyBitmap(v, NULL, _param, errp);
-if (!bmp_param) {
+visit_type_BlockdevOptionsCbw(v, NULL, , errp);
+if (!opts) {
 goto out;
 }
 
-*bitmap = block_dirty_bitmap_lookup(bmp_param->node, bmp_param->name, NULL,
-errp);
-if (!*bitmap) {
-goto out;
-}
-
-ret = true;
+/*
+ * Delete options which we are going to parse through BlockdevOptionsCbw
+ * object for original options.
+ */
+qdict_extract_subqdict(options, NULL, "bitmap");
 
 out:
-qapi_free_BlockDirtyBitmap(bmp_param);
 visit_free(v);
-qobject_unref(bitmap_qdict);
+qobject_unref(cbw_qdict);
 
-return ret;
+return opts;
 }
 
 static int cbw_open(BlockDriverState *bs, QDict *options, int flags,
@@ -376,6 +380,12 @@ static int cbw_open(BlockDriverState *bs, QDict *options, 
int flags,
 BDRVCopyBeforeWriteState *s = bs->opaque;
 BdrvDirtyBitmap *bitmap = NULL;
 int64_t cluster_size;
+g_autoptr(BlockdevOptionsCbw) opts = NULL;
+
+opts = cbw_parse_options(options, errp);
+if (!opts) {
+return -EINVAL;
+}
 
 bs->file = bdrv_open_child(NULL, options, "file", bs, _of_bds,
BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY,
@@ -390,8 +400,12 @@ static int cbw_open(BlockDriverState *bs, QDict *options, 
int flags,
 return -EINVAL;
 }
 
-if (!cbw_parse_bitmap_option(options, , errp)) {
-return -EINVAL;
+if (opts->has_bitmap) {
+bitmap = block_dirty_bitmap_lookup(opts->bitmap->node,
+   opts->bitmap->name, NULL, errp);
+if (!bitmap) {
+return -EINVAL;
+}
 }
 
 bs->total_sectors = bs->file->bs->total_sectors;
-- 
2.31.1

[PATCH 3/3] iotests: add copy-before-write: on-cbw-error tests

[Vladimir Sementsov-Ogievskiy]

Add tests for new option of copy-before-write filter: on-cbw-error.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 tests/qemu-iotests/tests/copy-before-write| 128 ++
 .../qemu-iotests/tests/copy-before-write.out  |   5 +
 2 files changed, 133 insertions(+)
 create mode 100755 tests/qemu-iotests/tests/copy-before-write
 create mode 100644 tests/qemu-iotests/tests/copy-before-write.out

diff --git a/tests/qemu-iotests/tests/copy-before-write 
b/tests/qemu-iotests/tests/copy-before-write
new file mode 100755
index 00..a32608f597
--- /dev/null
+++ b/tests/qemu-iotests/tests/copy-before-write
@@ -0,0 +1,128 @@
+#!/usr/bin/env python3
+# group: auto backup
+#
+# Copyright (c) 2022 Virtuozzo International GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import os
+import re
+
+import iotests
+from iotests import qemu_img_create, qemu_io
+
+
+temp_img = os.path.join(iotests.test_dir, 'temp')
+source_img = os.path.join(iotests.test_dir, 'source')
+size = '1M'
+
+
+class TestCbwError(iotests.QMPTestCase):
+def tearDown(self):
+self.vm.shutdown()
+os.remove(temp_img)
+os.remove(source_img)
+
+def setUp(self):
+qemu_img_create('-f', iotests.imgfmt, source_img, size)
+qemu_img_create('-f', iotests.imgfmt, temp_img, size)
+qemu_io('-c', 'write 0 1M', source_img)
+
+self.vm = iotests.VM()
+self.vm.launch()
+
+def do_cbw_error(self, on_cbw_error):
+result = self.vm.qmp('blockdev-add', {
+'node-name': 'cbw',
+'driver': 'copy-before-write',
+'on-cbw-error': on_cbw_error,
+'file': {
+'driver': iotests.imgfmt,
+'file': {
+'driver': 'file',
+'filename': source_img,
+}
+},
+'target': {
+'driver': iotests.imgfmt,
+'file': {
+'driver': 'blkdebug',
+'image': {
+'driver': 'file',
+'filename': temp_img
+},
+'inject-error': [
+{
+'event': 'write_aio',
+'errno': 5,
+'immediately': False,
+'once': True
+}
+]
+}
+}
+})
+self.assert_qmp(result, 'return', {})
+
+result = self.vm.qmp('blockdev-add', {
+'node-name': 'access',
+'driver': 'snapshot-access',
+'file': 'cbw'
+})
+self.assert_qmp(result, 'return', {})
+
+result = self.vm.hmp_qemu_io('cbw', 'write 0 1M')
+self.assert_qmp(result, 'return', '')
+
+result = self.vm.hmp_qemu_io('access', 'read 0 1M')
+self.assert_qmp(result, 'return', '')
+
+self.vm.shutdown()
+log = self.vm.get_log()
+log = re.sub(r'^\[I \d+\.\d+\] OPENED\n', '', log)
+log = re.sub(r'\[I \+\d+\.\d+\] CLOSED\n?$', '', log)
+log = iotests.filter_qemu_io(log)
+return log
+
+def test_break_snapshot_on_cbw_error(self):
+"""break-snapshot behavior:
+Guest write succeed, but further snapshot-read fails, as snapshot is
+broken.
+"""
+log = self.do_cbw_error('break-snapshot')
+
+self.assertEqual(log, """\
+wrote 1048576/1048576 bytes at offset 0
+1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+read failed: Permission denied
+""")
+
+def test_break_guest_write_on_cbw_error(self):
+"""break-guest-write behavior:
+Guest write fails, but snapshot-access continues working and further
+snapshot-read succeeds.
+"""
+log = self.do_cbw_error('break-guest-write')
+
+self.assertEqual(log, """\
+write failed: Input/output error
+read 1048576/1048576 bytes at offset 0
+1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+""")
+
+
+if __name__ == '__main__':
+iotests.main(supported_fmts=['qcow2'],
+ supported_protocols=['file'])
diff --git a/tests/qemu-iotests/tests/copy-before-write.out 
b/tests/qemu-iotests/tests/copy-before-write.out
new file mode 100644
index 00..fbc63e62f8
--- /dev/null
+++ 

[PATCH 0/3] block: copy-before-write: on-cbw-error behavior

[Vladimir Sementsov-Ogievskiy]

Hi all!

Here is a new option for copy-before-write filter, to alter its behavior
on copy-before-write operation failure.

Based-on: <20220228113927.1852146-1-vsement...@virtuozzo.com>
   ([PATCH v5 00/16] Make image fleecing more usable)

Vladimir Sementsov-Ogievskiy (3):
  block/copy-before-write: refactor option parsing
  block/copy-before-write: add on-cbw-error open parameter
  iotests: add copy-before-write: on-cbw-error tests

 qapi/block-core.json  |  27 +++-
 block/copy-before-write.c | 123 -
 tests/qemu-iotests/tests/copy-before-write| 128 ++
 .../qemu-iotests/tests/copy-before-write.out  |   5 +
 4 files changed, 248 insertions(+), 35 deletions(-)
 create mode 100755 tests/qemu-iotests/tests/copy-before-write
 create mode 100644 tests/qemu-iotests/tests/copy-before-write.out

-- 
2.31.1

[PATCH 2/3] block/copy-before-write: add on-cbw-error open parameter

[Vladimir Sementsov-Ogievskiy]

Currently, behavior on copy-before-write operation failure is simple:
report error to the guest.

Let's implement alternative behavior: break the whole copy-before-write
process (and corresponding backup job or NBD client) but keep guest
working. It's needed if we consider guest stability as more important.

The realisation is simple: on copy-before-write failure we immediately
continue guest write operation and set s->snapshot_ret variable which
will lead to all further and in-flight snapshot-API requests failure.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 qapi/block-core.json  | 27 ++-
 block/copy-before-write.c | 57 +--
 2 files changed, 75 insertions(+), 9 deletions(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index f13b5ff942..e5206272aa 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -4159,6 +4159,27 @@
   'base': 'BlockdevOptionsGenericFormat',
   'data': { '*bottom': 'str' } }
 
+##
+# @OnCbwError:
+#
+# An enumeration of possible behaviors for copy-before-write operation
+# failures.
+#
+# @break-guest-write: report the error to the guest. This way the state
+# of copy-before-write process is kept OK and
+# copy-before-write filter continues to work normally.
+#
+# @break-snapshot: continue guest write. Since this, the snapshot state
+#  provided by copy-before-write filter becomes broken.
+#  So, all in-flight and all further snapshot-access
+#  operations (through snapshot-access block driver)
+#  will fail.
+#
+# Since: 7.0
+##
+{ 'enum': 'OnCbwError',
+  'data': [ 'break-guest-write', 'break-snapshot' ] }
+
 ##
 # @BlockdevOptionsCbw:
 #
@@ -4180,11 +4201,15 @@
 #  modifications (or removing) of specified bitmap doesn't
 #  influence the filter. (Since 7.0)
 #
+# @on-cbw-error: Behavior on failure of copy-before-write operation.
+#Default is @break-guest-write. (Since 7.0)
+#
 # Since: 6.2
 ##
 { 'struct': 'BlockdevOptionsCbw',
   'base': 'BlockdevOptionsGenericFormat',
-  'data': { 'target': 'BlockdevRef', '*bitmap': 'BlockDirtyBitmap' } }
+  'data': { 'target': 'BlockdevRef', '*bitmap': 'BlockDirtyBitmap',
+'*on-cbw-error': 'OnCbwError' } }
 
 ##
 # @BlockdevOptions:
diff --git a/block/copy-before-write.c b/block/copy-before-write.c
index 56aa7577c3..e89cc9799c 100644
--- a/block/copy-before-write.c
+++ b/block/copy-before-write.c
@@ -41,6 +41,7 @@
 typedef struct BDRVCopyBeforeWriteState {
 BlockCopyState *bcs;
 BdrvChild *target;
+OnCbwError on_cbw_error;
 
 /*
  * @lock: protects access to @access_bitmap, @done_bitmap and
@@ -65,6 +66,14 @@ typedef struct BDRVCopyBeforeWriteState {
  * node. These areas must not be rewritten by guest.
  */
 BlockReqList frozen_read_reqs;
+
+/*
+ * @snapshot_error is normally zero. But on first copy-before-write failure
+ * when @on_cbw_error == ON_CBW_ERROR_BREAK_SNAPSHOT, @snapshot_error takes
+ * value of this error (<0). After that all in-flight and further
+ * snaoshot-API requests will fail with that error.
+ */
+int snapshot_error;
 } BDRVCopyBeforeWriteState;
 
 static coroutine_fn int cbw_co_preadv(
@@ -99,11 +108,25 @@ static coroutine_fn int 
cbw_do_copy_before_write(BlockDriverState *bs,
 end = QEMU_ALIGN_UP(offset + bytes, cluster_size);
 
 ret = block_copy(s->bcs, off, end - off, true);
-if (ret < 0) {
+if (ret < 0 && s->on_cbw_error == ON_CBW_ERROR_BREAK_GUEST_WRITE) {
 return ret;
 }
 
 WITH_QEMU_LOCK_GUARD(>lock) {
+if (ret < 0) {
+assert(s->on_cbw_error == ON_CBW_ERROR_BREAK_SNAPSHOT);
+if (!s->snapshot_error) {
+s->snapshot_error = ret;
+}
+/*
+ * No need to wait for s->frozen_read_reqs: they will fail anyway,
+ * as s->snapshot_error is set.
+ *
+ * We return 0, as error is handled. Guest operation should be
+ * continued.
+ */
+return 0;
+}
 bdrv_set_dirty_bitmap(s->done_bitmap, off, end - off);
 reqlist_wait_all(>frozen_read_reqs, off, end - off, >lock);
 }
@@ -176,6 +199,11 @@ static BlockReq *cbw_snapshot_read_lock(BlockDriverState 
*bs,
 
 QEMU_LOCK_GUARD(>lock);
 
+if (s->snapshot_error) {
+g_free(req);
+return NULL;
+}
+
 if (bdrv_dirty_bitmap_next_zero(s->access_bitmap, offset, bytes) != -1) {
 g_free(req);
 return NULL;
@@ -198,19 +226,26 @@ static BlockReq *cbw_snapshot_read_lock(BlockDriverState 
*bs,
 return req;
 }
 
-static void cbw_snapshot_read_unlock(BlockDriverState *bs, BlockReq *req)
+static int cbw_snapshot_read_unlock(BlockDriverState *bs, BlockReq *req)
 {
 BDRVCopyBeforeWriteState *s = bs->opaque;
 
 if (req->offset == -1 && req->bytes == -1) 

[PATCH] 9pfs: move qemu_dirent_dup() from osdep -> 9p-util

[Christian Schoenebeck]

Function qemu_dirent_dup() is currently only used by 9pfs server, so move
it from project global header osdep.h to 9pfs specific header 9p-util.h.

Link: 
https://lore.kernel.org/qemu-devel/CAFEAcA_=haunomkd2wursvaaha5mrk22a1ohklwudjk7v6k...@mail.gmail.com/
Based-on: <20220227223522.91937-12-wwco...@gmail.com>
Signed-off-by: Christian Schoenebeck 
---
 hw/9pfs/9p-util.h| 30 ++
 include/qemu/osdep.h | 13 -
 util/osdep.c | 21 -
 3 files changed, 30 insertions(+), 34 deletions(-)

diff --git a/hw/9pfs/9p-util.h b/hw/9pfs/9p-util.h
index 1f74d37558..8b92614e6c 100644
--- a/hw/9pfs/9p-util.h
+++ b/hw/9pfs/9p-util.h
@@ -112,6 +112,36 @@ static inline off_t qemu_dirent_off(struct dirent *dent)
 #endif
 }
 
+/**
+ * Duplicate directory entry @dent.
+ *
+ * It is highly recommended to use this function instead of open coding
+ * duplication of @c dirent objects, because the actual @c struct @c dirent
+ * size may be bigger or shorter than @c sizeof(struct dirent) and correct
+ * handling is platform specific (see gitlab issue #841).
+ *
+ * @dent - original directory entry to be duplicated
+ * @returns duplicated directory entry which should be freed with g_free()
+ */
+static inline struct dirent *qemu_dirent_dup(struct dirent *dent)
+{
+size_t sz = 0;
+#if defined _DIRENT_HAVE_D_RECLEN
+/* Avoid use of strlen() if platform supports d_reclen. */
+sz = dent->d_reclen;
+#endif
+/*
+ * Test sz for zero even if d_reclen is available
+ * because some drivers may set d_reclen to zero.
+ */
+if (sz == 0) {
+/* Fallback to the most portable way. */
+sz = offsetof(struct dirent, d_name) +
+  strlen(dent->d_name) + 1;
+}
+return g_memdup(dent, sz);
+}
+
 /*
  * As long as mknodat is not available on macOS, this workaround
  * using pthread_fchdir_np is needed. qemu_mknodat is defined in
diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index 7bcce3bceb..650ba1aa50 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -673,19 +673,6 @@ static inline int platform_does_not_support_system(const 
char *command)
 }
 #endif /* !HAVE_SYSTEM_FUNCTION */
 
-/**
- * Duplicate directory entry @dent.
- *
- * It is highly recommended to use this function instead of open coding
- * duplication of @c dirent objects, because the actual @c struct @c dirent
- * size may be bigger or shorter than @c sizeof(struct dirent) and correct
- * handling is platform specific (see gitlab issue #841).
- *
- * @dent - original directory entry to be duplicated
- * @returns duplicated directory entry which should be freed with g_free()
- */
-struct dirent *qemu_dirent_dup(struct dirent *dent);
-
 #ifdef __cplusplus
 }
 #endif
diff --git a/util/osdep.c b/util/osdep.c
index 723cdcb004..7c4deda6fe 100644
--- a/util/osdep.c
+++ b/util/osdep.c
@@ -33,7 +33,6 @@
 extern int madvise(char *, size_t, int);
 #endif
 
-#include 
 #include "qemu-common.h"
 #include "qemu/cutils.h"
 #include "qemu/sockets.h"
@@ -619,23 +618,3 @@ writev(int fd, const struct iovec *iov, int iov_cnt)
 return readv_writev(fd, iov, iov_cnt, true);
 }
 #endif
-
-struct dirent *
-qemu_dirent_dup(struct dirent *dent)
-{
-size_t sz = 0;
-#if defined _DIRENT_HAVE_D_RECLEN
-/* Avoid use of strlen() if platform supports d_reclen. */
-sz = dent->d_reclen;
-#endif
-/*
- * Test sz for zero even if d_reclen is available
- * because some drivers may set d_reclen to zero.
- */
-if (sz == 0) {
-/* Fallback to the most portable way. */
-sz = offsetof(struct dirent, d_name) +
-  strlen(dent->d_name) + 1;
-}
-return g_memdup(dent, sz);
-}
-- 
2.30.2

Re: [PATCH v2] tests/tcg/s390x: Cleanup of mie3 tests.

[David Miller]

However the constraint must be wrong there.
Sorry about split message.

On Tue, Mar 1, 2022 at 3:21 PM David Miller  wrote:

> I used
>
>
> #define Fi3(S, ASM) uint64_t S(uint64_t a, uint64_t b, uint64_t c) \
> {   \
> uint64_t res = 0;   \
> asm volatile (  \
> "ltgr %[c], %[c]\n" \
> ASM \
> "stg %[c], %[res] " \
> : [res] "=" (res) \
> : [a] "r" (a),  \
>   [b] "r" (b),  \
>   [c] "r" (c)   \
> );  \
> return res; \
> }
>
>
>

Re: [PATCH v2] tests/tcg/s390x: Cleanup of mie3 tests.

[David Miller]

I used


#define Fi3(S, ASM) uint64_t S(uint64_t a, uint64_t b, uint64_t c) \
{   \
uint64_t res = 0;   \
asm volatile (  \
"ltgr %[c], %[c]\n" \
ASM \
"stg %[c], %[res] " \
: [res] "=" (res) \
: [a] "r" (a),  \
  [b] "r" (b),  \
  [c] "r" (c)   \
);  \
return res; \
}

Re: [PATCH v2] tests/tcg/s390x: Cleanup of mie3 tests.

[Richard Henderson]

On 3/1/22 09:59, David Miller wrote:

+{   \
+uint64_t res = 0;   \
+asm volatile (  \
+"lg %%r0, %[c]\n"   \
+"ltgr %%r0, %%r0\n" \
+ASM \
+"stg %%r0, %[res] " \
+: [res] "=m" (res)  \
+: [a] "r" (a),  \
+  [b] "r" (b),  \
+  [c] "m" (c)   \
+: "r0", "memory"\
+);  \


I don't understand why you're still going through memory.

r~

Re: [PATCH v9 00/11] 9p: Add support for darwin

[Will Cohen]

On Tue, Mar 1, 2022 at 2:25 PM Christian Schoenebeck 
wrote:

> On Sonntag, 27. Februar 2022 23:35:11 CET Will Cohen wrote:
> > This is a followup to
> > https://lists.gnu.org/archive/html/qemu-devel/2022-02/msg04391.html,
> adding
> > 9p server support for Darwin.
> >
> > Since v8, the following changes have been made:
> >
> > Patch 4/11 (9p: darwin: Handle struct dirent differences)
> > - Declare qemu_dirent_off as static to prevent linker error
> > - Move qemu_dirent_off above the end-of-file endif to fix compilation
> >
> > Patch 9/11 (9p: darwin: Implement compatibility for mknodat)
> > - Fix line over 90 characters formatting error
> > - Move qemu_mknodat back from osdep to 9p-util and adjust patch notes
> > accordingly
> >
> > Patch 11/11 (9p: darwin: meson: Allow VirtFS on Darwin)
> > - Rebase to master
> >
> > With these changes, this patch set builds and passes 9p synth tests on
> both
> > linux and darwin.
> >
> > Keno Fischer (10):
> >   9p: linux: Fix a couple Linux assumptions
> >   9p: Rename 9p-util -> 9p-util-linux
> >   9p: darwin: Handle struct stat(fs) differences
> >   9p: darwin: Handle struct dirent differences
> >   9p: darwin: Ignore O_{NOATIME, DIRECT}
> >   9p: darwin: Move XATTR_SIZE_MAX->P9_XATTR_SIZE_MAX
> >   9p: darwin: *xattr_nofollow implementations
> >   9p: darwin: Compatibility for f/l*xattr
> >   9p: darwin: Implement compatibility for mknodat
> >   9p: darwin: meson: Allow VirtFS on Darwin
> >
> > Will Cohen (1):
> >   9p: darwin: Adjust assumption on virtio-9p-test
> >
> >  fsdev/file-op-9p.h |  9 ++-
> >  fsdev/meson.build  |  1 +
> >  hw/9pfs/9p-local.c | 27 +--
> >  hw/9pfs/9p-proxy.c | 38 +-
> >  hw/9pfs/9p-synth.c |  6 ++
> >  hw/9pfs/9p-util-darwin.c   | 97 ++
> >  hw/9pfs/{9p-util.c => 9p-util-linux.c} |  8 ++-
> >  hw/9pfs/9p-util.h  | 46 
> >  hw/9pfs/9p.c   | 42 +--
> >  hw/9pfs/9p.h   | 18 +
> >  hw/9pfs/codir.c|  4 +-
> >  hw/9pfs/meson.build|  3 +-
> >  include/qemu/xattr.h   |  4 +-
> >  meson.build| 13 ++--
> >  tests/qtest/virtio-9p-test.c   |  2 +-
> >  15 files changed, 292 insertions(+), 26 deletions(-)
> >  create mode 100644 hw/9pfs/9p-util-darwin.c
> >  rename hw/9pfs/{9p-util.c => 9p-util-linux.c} (90%)
>
> Queued on 9p.next:
> https://github.com/cschoenebeck/qemu/commits/9p.next
>
> Thanks!
>
>
This is very exciting. Many, many thanks for helping guide this through the
process!


> Best regards,
> Christian Schoenebeck
>
>
>

Re: [PATCH] tests/tcg/s390x: Cleanup of mie3 tests.

[David Miller]

Please disregard,  v2 sent.

On Tue, Mar 1, 2022 at 2:15 PM David Miller  wrote:

> Adds clobbers and merges remaining separate asm statements.
>
> Signed-off-by: David Miller 
> ---
>  tests/tcg/s390x/mie3-compl.c | 42 +++-
>  tests/tcg/s390x/mie3-mvcrl.c | 12 +++
>  tests/tcg/s390x/mie3-sel.c   | 40 ++
>  3 files changed, 57 insertions(+), 37 deletions(-)
>
> diff --git a/tests/tcg/s390x/mie3-compl.c b/tests/tcg/s390x/mie3-compl.c
> index 35649f3b02..85b23a9b7a 100644
> --- a/tests/tcg/s390x/mie3-compl.c
> +++ b/tests/tcg/s390x/mie3-compl.c
> @@ -1,32 +1,44 @@
>  #include 
>
> +
>  #define FbinOp(S, ASM) uint64_t S(uint64_t a, uint64_t b) \
> -{ \
> -uint64_t res = 0; \
> -asm ("llihf %[res],801\n" ASM \
> - : [res]"="(res) : [a]"r"(a), [b]"r"(b) : "cc"); \
> -return res; \
> +{   \
> +uint64_t res = 0;   \
> +asm volatile (  \
> +"llihf %%r0,801\n"  \
> +"lg %%r2, %[a]\n"   \
> +"lg %%r3, %[b]\n"   \
> +ASM \
> +"stg %%r0, %[res] " \
> +: [res] "=m" (res)  \
> +: [a] "m" (a)   \
> +, [b] "m" (b)   \
> +: "r0", "r2", "r3"  \
> +);  \
> +return res; \
>  }
>
> +
>  /* AND WITH COMPLEMENT */
> -FbinOp(_ncrk,  ".insn rrf, 0xB9F5, %[res], %[b], %[a], 0\n")
> -FbinOp(_ncgrk, ".insn rrf, 0xB9E5, %[res], %[b], %[a], 0\n")
> +FbinOp(_ncrk,  ".insn rrf, 0xB9F5, %%r0, %%r3, %%r2, 0\n")
> +FbinOp(_ncgrk, ".insn rrf, 0xB9E5, %%r0, %%r3, %%r2, 0\n")
>
>  /* NAND */
> -FbinOp(_nnrk,  ".insn rrf, 0xB974, %[res], %[b], %[a], 0\n")
> -FbinOp(_nngrk, ".insn rrf, 0xB964, %[res], %[b], %[a], 0\n")
> +FbinOp(_nnrk,  ".insn rrf, 0xB974, %%r0, %%r3, %%r2, 0\n")
> +FbinOp(_nngrk, ".insn rrf, 0xB964, %%r0, %%r3, %%r2, 0\n")
>
>  /* NOT XOR */
> -FbinOp(_nxrk,  ".insn rrf, 0xB977, %[res], %[b], %[a], 0\n")
> -FbinOp(_nxgrk, ".insn rrf, 0xB967, %[res], %[b], %[a], 0\n")
> +FbinOp(_nxrk,  ".insn rrf, 0xB977, %%r0, %%r3, %%r2, 0\n")
> +FbinOp(_nxgrk, ".insn rrf, 0xB967, %%r0, %%r3, %%r2, 0\n")
>
>  /* NOR */
> -FbinOp(_nork,  ".insn rrf, 0xB976, %[res], %[b], %[a], 0\n")
> -FbinOp(_nogrk, ".insn rrf, 0xB966, %[res], %[b], %[a], 0\n")
> +FbinOp(_nork,  ".insn rrf, 0xB976, %%r0, %%r3, %%r2, 0\n")
> +FbinOp(_nogrk, ".insn rrf, 0xB966, %%r0, %%r3, %%r2, 0\n")
>
>  /* OR WITH COMPLEMENT */
> -FbinOp(_ocrk,  ".insn rrf, 0xB975, %[res], %[b], %[a], 0\n")
> -FbinOp(_ocgrk, ".insn rrf, 0xB965, %[res], %[b], %[a], 0\n")
> +FbinOp(_ocrk,  ".insn rrf, 0xB975, %%r0, %%r3, %%r2, 0\n")
> +FbinOp(_ocgrk, ".insn rrf, 0xB965, %%r0, %%r3, %%r2, 0\n")
> +
>
>  int main(int argc, char *argv[])
>  {
> diff --git a/tests/tcg/s390x/mie3-mvcrl.c b/tests/tcg/s390x/mie3-mvcrl.c
> index 57b08e48d0..f749dad9c2 100644
> --- a/tests/tcg/s390x/mie3-mvcrl.c
> +++ b/tests/tcg/s390x/mie3-mvcrl.c
> @@ -1,15 +1,17 @@
>  #include 
>  #include 
>
> +
>  static inline void mvcrl_8(const char *dst, const char *src)
>  {
>  asm volatile (
> -"llill %%r0, 8\n"
> -".insn sse, 0xE50A, 0(%[dst]), 0(%[src])"
> -: : [dst] "d" (dst), [src] "d" (src)
> -: "memory");
> +"llill %%r0, 8\n"
> +".insn sse, 0xE50A, 0(%[dst]), 0(%[src])"
> +: : [dst] "d" (dst), [src] "d" (src)
> +: "r0", "memory");
>  }
>
> +
>  int main(int argc, char *argv[])
>  {
>  const char *alpha = "abcdefghijklmnop";
> @@ -25,3 +27,5 @@ int main(int argc, char *argv[])
>
>  return strncmp(alpha, tstr, 16ul);
>  }
> +
> +
> diff --git a/tests/tcg/s390x/mie3-sel.c b/tests/tcg/s390x/mie3-sel.c
> index b0c5c9857d..98cf4d40f5 100644
> --- a/tests/tcg/s390x/mie3-sel.c
> +++ b/tests/tcg/s390x/mie3-sel.c
> @@ -1,29 +1,32 @@
>  #include 
>
> +
>  #define Fi3(S, ASM) uint64_t S(uint64_t a, uint64_t b, uint64_t c) \
> -{\
> -uint64_t res = 0;\
> -asm (\
> - "lg %%r2, %[a]\n"   \
> - "lg %%r3, %[b]\n"   \
> - "lg %%r0, %[c]\n"   \
> - "ltgr %%r0, %%r0\n" \
> - ASM \
> - "stg %%r0, %[res] " \
> - : [res] "=m" (res)  \
> - : [a] "m" (a),  \
> -   [b] "m" (b),  \
> -   [c] "m" (c)   \
> - : "r0", "r2",   \
> -   "r3", "r4"\
> -);   \
> -return res;  \
> +{   \
> +uint64_t res = 0;   \
> +asm volatile (  \
> +"lg %%r2, %[a]\n"   \
> +"lg %%r3, %[b]\n"   \
> +"lg %%r0, %[c]\n"   \
> +"ltgr %%r0, %%r0\n" \
> +ASM \
> +"stg %%r0, %[res] " \
> +: [res] "=m" (res)  \
> +: [a] "m" (a),  \
> +  [b] "m" (b),  \
> +  [c] "m" (c)   \
> +: "r0", "r2",   \
> +  "r3", "r4"\
> +);  \
> +return res;

[PATCH v2] tests/tcg/s390x: Cleanup of mie3 tests.

[David Miller]

Adds clobbers and merges remaining separate asm statements.

v1 -> v2:
* Corrected side in rebase conflict, removing older code.


Signed-off-by: David Miller 
---
 tests/tcg/s390x/mie3-compl.c | 18 +++-
 tests/tcg/s390x/mie3-mvcrl.c | 12 +++
 tests/tcg/s390x/mie3-sel.c   | 41 ++--
 3 files changed, 41 insertions(+), 30 deletions(-)

diff --git a/tests/tcg/s390x/mie3-compl.c b/tests/tcg/s390x/mie3-compl.c
index 35649f3b02..938938df9e 100644
--- a/tests/tcg/s390x/mie3-compl.c
+++ b/tests/tcg/s390x/mie3-compl.c
@@ -1,13 +1,20 @@
 #include 
 
+
 #define FbinOp(S, ASM) uint64_t S(uint64_t a, uint64_t b) \
-{ \
-uint64_t res = 0; \
-asm ("llihf %[res],801\n" ASM \
- : [res]"="(res) : [a]"r"(a), [b]"r"(b) : "cc"); \
-return res; \
+{   \
+uint64_t res = 0;   \
+asm volatile (  \
+"llihf %[res],801\n"\
+ASM \
+: [res] "=" (res)  \
+: [a] "r" (a)   \
+, [b] "r" (b)   \
+);  \
+return res; \
 }
 
+
 /* AND WITH COMPLEMENT */
 FbinOp(_ncrk,  ".insn rrf, 0xB9F5, %[res], %[b], %[a], 0\n")
 FbinOp(_ncgrk, ".insn rrf, 0xB9E5, %[res], %[b], %[a], 0\n")
@@ -28,6 +35,7 @@ FbinOp(_nogrk, ".insn rrf, 0xB966, %[res], %[b], %[a], 
0\n")
 FbinOp(_ocrk,  ".insn rrf, 0xB975, %[res], %[b], %[a], 0\n")
 FbinOp(_ocgrk, ".insn rrf, 0xB965, %[res], %[b], %[a], 0\n")
 
+
 int main(int argc, char *argv[])
 {
 if (_ncrk(0xFF88, 0xAA11)  != 0x03210011ull ||
diff --git a/tests/tcg/s390x/mie3-mvcrl.c b/tests/tcg/s390x/mie3-mvcrl.c
index 57b08e48d0..f749dad9c2 100644
--- a/tests/tcg/s390x/mie3-mvcrl.c
+++ b/tests/tcg/s390x/mie3-mvcrl.c
@@ -1,15 +1,17 @@
 #include 
 #include 
 
+
 static inline void mvcrl_8(const char *dst, const char *src)
 {
 asm volatile (
-"llill %%r0, 8\n"
-".insn sse, 0xE50A, 0(%[dst]), 0(%[src])"
-: : [dst] "d" (dst), [src] "d" (src)
-: "memory");
+"llill %%r0, 8\n"
+".insn sse, 0xE50A, 0(%[dst]), 0(%[src])"
+: : [dst] "d" (dst), [src] "d" (src)
+: "r0", "memory");
 }
 
+
 int main(int argc, char *argv[])
 {
 const char *alpha = "abcdefghijklmnop";
@@ -25,3 +27,5 @@ int main(int argc, char *argv[])
 
 return strncmp(alpha, tstr, 16ul);
 }
+
+
diff --git a/tests/tcg/s390x/mie3-sel.c b/tests/tcg/s390x/mie3-sel.c
index b0c5c9857d..ca6043251b 100644
--- a/tests/tcg/s390x/mie3-sel.c
+++ b/tests/tcg/s390x/mie3-sel.c
@@ -1,28 +1,26 @@
 #include 
 
 #define Fi3(S, ASM) uint64_t S(uint64_t a, uint64_t b, uint64_t c) \
-{\
-uint64_t res = 0;\
-asm (\
- "lg %%r2, %[a]\n"   \
- "lg %%r3, %[b]\n"   \
- "lg %%r0, %[c]\n"   \
- "ltgr %%r0, %%r0\n" \
- ASM \
- "stg %%r0, %[res] " \
- : [res] "=m" (res)  \
- : [a] "m" (a),  \
-   [b] "m" (b),  \
-   [c] "m" (c)   \
- : "r0", "r2",   \
-   "r3", "r4"\
-);   \
-return res;  \
+{   \
+uint64_t res = 0;   \
+asm volatile (  \
+"lg %%r0, %[c]\n"   \
+"ltgr %%r0, %%r0\n" \
+ASM \
+"stg %%r0, %[res] " \
+: [res] "=m" (res)  \
+: [a] "r" (a),  \
+  [b] "r" (b),  \
+  [c] "m" (c)   \
+: "r0", "memory"\
+);  \
+return res; \
 }
 
-Fi3 (_selre, ".insn rrf, 0xB9F0, %%r0, %%r3, %%r2, 8\n")
-Fi3 (_selgrz,".insn rrf, 0xB9E3, %%r0, %%r3, %%r2, 8\n")
-Fi3 (_selfhrnz,  ".insn rrf, 0xB9C0, %%r0, %%r3, %%r2, 7\n")
+Fi3 (_selre, ".insn rrf, 0xB9F0, %%r0, %[b], %[a], 8\n")
+Fi3 (_selgrz,".insn rrf, 0xB9E3, %%r0, %[b], %[a], 8\n")
+Fi3 (_selfhrnz,  ".insn rrf, 0xB9C0, %%r0, %[b], %[a], 7\n")
+
 
 int main(int argc, char *argv[])
 {
@@ -34,5 +32,6 @@ int main(int argc, char *argv[])
 return (int) (
 (0x0066ull != a) ||
 (0xF00D0005ull != b) ||
-(0x0654ull != c));
+(0x0654ull != c) );
 }
+
-- 
2.34.1

Re: propagating vmgenid outward and upward

[Greg KH]

On Tue, Mar 01, 2022 at 07:24:11PM +0100, Jason A. Donenfeld wrote:
> Hi Greg,
> 
> On Tue, Mar 1, 2022 at 7:01 PM Greg KH  wrote:
> > A notifier block like this makes sense, but why tie onto the PM_ stuff?
> > This isn't power management issues, it's a system-wide change that I am
> > sure others will want to know about that doesn't reflect any power
> > changes.
> >
> > As much as I hate adding new notifiers in the kernel, that might be all
> > you need here.
> 
> You might indeed be right. I guess I was thinking that "resuming from
> suspend" and "resuming from a VM fork" are kind of the same thing.
> There _is_ a certain kind of similarity between the two. I was hoping
> if the similarity was a strong enough one, maybe it'd make sense to do
> them together rather than adding another notifier. But I suppose you
> disagree, and it sounds like Rafael might too --
> .

Hey, nice, we agree!  :)

> Code-wise for me with WireGuard it's of course appealing to treat them
> the same, since it's like a one line change, but if I need to add a
> new notifier call there, it's not the end of the world.

I know there are other places in the kernel that would like to be
notified when they have been moved to another machine so that they can
do things like determine if the CPU functionality has changed (or not),
and perhaps do other types of device reconfiguration.  Right now the
kernel does not have any way of knowing this, so it makes sense that if
the platform (i.e. ACPI here) has a way of creating such a event, it
should and then we can start tieing in other subsystems to use it
as-needed.

thanks,

greg k-h

[PATCH] deprecation: x86 default machine types

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

Declare the intent to require a machine type to be specified on x86
system emulation.

Signed-off-by: Dr. David Alan Gilbert 
---
 docs/about/deprecated.rst | 8 
 1 file changed, 8 insertions(+)

diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 85773db631..143c60d105 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -324,6 +324,14 @@ machine is hardly emulated at all (e.g. neither the LCD 
nor the USB part had
 been implemented), so there is not much value added by this board. Use the
 ``ref405ep`` machine instead.
 
+x86 default machine type
+
+
+x86 currently defaults to the ```pc``` machine type which is based on the very
+old ```i440fx``` chipset.  This default will be removed and the user will be
+required to specify a machine type explicitly using -M; users are encouraged to
+switch to the not quite as old ```q35``` machine types.
+
 Backend options
 ---
 
-- 
2.35.1

Re: [PATCH v4 2/3] hw/acpi: add indication for i8042 in IA-PC boot flags of the FADT table

[Liav Albani]

On 3/1/22 11:52, Ani Sinha wrote:


On Tue, 1 Mar 2022, Igor Mammedov wrote:


On Mon, 28 Feb 2022 22:17:32 +0200
Liav Albani  wrote:


This can allow the guest OS to determine more easily if i8042 controller
is present in the system or not, so it doesn't need to do probing of the
controller, but just initialize it immediately, before enumerating the
ACPI AML namespace.

This change only applies to the x86/q35 machine type, as it uses FACP
ACPI table with revision higher than 1, which should implement at least
ACPI 2.0 features within the table, hence it can also set the IA-PC boot
flags register according to the ACPI 2.0 specification.

Signed-off-by: Liav Albani 
---
  hw/acpi/aml-build.c | 11 ++-
  hw/i386/acpi-build.c|  9 +
  hw/i386/acpi-microvm.c  |  9 +

commit message says it's q35 specific, so wy it touched microvm anc piix4?

Igor is correct. Although I see that currently there are no 8042 devices
for microvms, maybe we should be conservative and add the code to detect
the device anyway. In that case, the change could affect microvms too when
such devices get added in the future.


echo -e "info qtree\r\nquit\r\n" | ./qemu-system-x86_64 -machine microvm
-monitor stdio 2>/dev/null | grep 8042




What about this?

echo -e "info qtree\r\nquit\r\n" | qemu-system-x86_64 -machine microvm 
-device i8042 -monitor stdio 2>/dev/null | grep 8042


Or this?

echo -e "info mtree\r\nquit\r\n" | qemu-system-x86_64 -machine microvm 
-device i8042 -monitor stdio 2>/dev/null | grep 8042

[PATCH v3 13/15] ossaudio: reduce effective playback buffer size

[Volker Rümelin]

Return the free buffer size for the mmapped case in function
oss_buffer_get_free() to reduce the effective playback buffer
size. All intermediate audio playback buffers become temporary
buffers.

Signed-off-by: Volker Rümelin 
---
 audio/ossaudio.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/audio/ossaudio.c b/audio/ossaudio.c
index 1bd6800840..da9c23 100644
--- a/audio/ossaudio.c
+++ b/audio/ossaudio.c
@@ -394,7 +394,7 @@ static size_t oss_buffer_get_free(HWVoiceOut *hw)
 OSSVoiceOut *oss = (OSSVoiceOut *)hw;
 
 if (oss->mmapped) {
-return INT_MAX;
+return oss_get_available_bytes(oss);
 } else {
 return audio_generic_buffer_get_free(hw);
 }
@@ -402,9 +402,10 @@ static size_t oss_buffer_get_free(HWVoiceOut *hw)
 
 static void *oss_get_buffer_out(HWVoiceOut *hw, size_t *size)
 {
-OSSVoiceOut *oss = (OSSVoiceOut *) hw;
+OSSVoiceOut *oss = (OSSVoiceOut *)hw;
+
 if (oss->mmapped) {
-*size = MIN(oss_get_available_bytes(oss), hw->size_emul - 
hw->pos_emul);
+*size = hw->size_emul - hw->pos_emul;
 return hw->buf_emul + hw->pos_emul;
 } else {
 return audio_generic_get_buffer_out(hw, size);
-- 
2.34.1

Re: [PULL 0/3] tcg patch queue

[Peter Maydell]

On Mon, 28 Feb 2022 at 18:09, Richard Henderson
 wrote:
>
> The following changes since commit 00483d386901173e84c7965f9f0d678791a75e01:
>
>   Merge remote-tracking branch 'remotes/shorne/tags/or1k-pull-request' into 
> staging (2022-02-28 11:27:16 +)
>
> are available in the Git repository at:
>
>   https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20220228
>
> for you to fetch changes up to 2ccf40f00e3f29d85d4ff48a9a98870059002290:
>
>   tcg/tci: Use tcg_out_ldst in tcg_out_st (2022-02-28 08:04:10 -1000)
>
> 
> Fix typecode generation for tcg helpers
> Fix single stepping into interrupt handlers
> Fix out-of-range offsets for stores in TCI
>
> 


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/7.0
for any user-visible changes.

-- PMM

Re: [PATCH v9 00/11] 9p: Add support for darwin

[Christian Schoenebeck]

On Sonntag, 27. Februar 2022 23:35:11 CET Will Cohen wrote:
> This is a followup to
> https://lists.gnu.org/archive/html/qemu-devel/2022-02/msg04391.html, adding
> 9p server support for Darwin.
> 
> Since v8, the following changes have been made:
> 
> Patch 4/11 (9p: darwin: Handle struct dirent differences)
> - Declare qemu_dirent_off as static to prevent linker error
> - Move qemu_dirent_off above the end-of-file endif to fix compilation
> 
> Patch 9/11 (9p: darwin: Implement compatibility for mknodat)
> - Fix line over 90 characters formatting error
> - Move qemu_mknodat back from osdep to 9p-util and adjust patch notes
> accordingly
> 
> Patch 11/11 (9p: darwin: meson: Allow VirtFS on Darwin)
> - Rebase to master
> 
> With these changes, this patch set builds and passes 9p synth tests on both
> linux and darwin.
> 
> Keno Fischer (10):
>   9p: linux: Fix a couple Linux assumptions
>   9p: Rename 9p-util -> 9p-util-linux
>   9p: darwin: Handle struct stat(fs) differences
>   9p: darwin: Handle struct dirent differences
>   9p: darwin: Ignore O_{NOATIME, DIRECT}
>   9p: darwin: Move XATTR_SIZE_MAX->P9_XATTR_SIZE_MAX
>   9p: darwin: *xattr_nofollow implementations
>   9p: darwin: Compatibility for f/l*xattr
>   9p: darwin: Implement compatibility for mknodat
>   9p: darwin: meson: Allow VirtFS on Darwin
> 
> Will Cohen (1):
>   9p: darwin: Adjust assumption on virtio-9p-test
> 
>  fsdev/file-op-9p.h |  9 ++-
>  fsdev/meson.build  |  1 +
>  hw/9pfs/9p-local.c | 27 +--
>  hw/9pfs/9p-proxy.c | 38 +-
>  hw/9pfs/9p-synth.c |  6 ++
>  hw/9pfs/9p-util-darwin.c   | 97 ++
>  hw/9pfs/{9p-util.c => 9p-util-linux.c} |  8 ++-
>  hw/9pfs/9p-util.h  | 46 
>  hw/9pfs/9p.c   | 42 +--
>  hw/9pfs/9p.h   | 18 +
>  hw/9pfs/codir.c|  4 +-
>  hw/9pfs/meson.build|  3 +-
>  include/qemu/xattr.h   |  4 +-
>  meson.build| 13 ++--
>  tests/qtest/virtio-9p-test.c   |  2 +-
>  15 files changed, 292 insertions(+), 26 deletions(-)
>  create mode 100644 hw/9pfs/9p-util-darwin.c
>  rename hw/9pfs/{9p-util.c => 9p-util-linux.c} (90%)

Queued on 9p.next:
https://github.com/cschoenebeck/qemu/commits/9p.next

Thanks!

Best regards,
Christian Schoenebeck