[PATCH v2 15/23] bsd-user: Implement mlock(2), munlock(2), mlockall(2), munlockall(2), minherit(2)

[Karim Taha]

From: Stacey Son 

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 

Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-mem.h| 37 +++
 bsd-user/freebsd/os-syscall.c | 20 +++
 2 files changed, 57 insertions(+)

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index 5e885823a7..16c22593bf 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -99,4 +99,41 @@ static inline abi_long do_bsd_msync(abi_long addr, abi_long 
len, abi_long flags)
 return get_errno(msync(g2h_untagged(addr), len, flags));
 }
 
+/* mlock(2) */
+static inline abi_long do_bsd_mlock(abi_long arg1, abi_long arg2)
+{
+if (!guest_range_valid_untagged(arg1, arg2)) {
+return -TARGET_EINVAL;
+}
+return get_errno(mlock(g2h_untagged(arg1), arg2));
+}
+
+/* munlock(2) */
+static inline abi_long do_bsd_munlock(abi_long arg1, abi_long arg2)
+{
+if (!guest_range_valid_untagged(arg1, arg2)) {
+return -TARGET_EINVAL;
+}
+return get_errno(munlock(g2h_untagged(arg1), arg2));
+}
+
+/* mlockall(2) */
+static inline abi_long do_bsd_mlockall(abi_long arg1)
+{
+return get_errno(mlockall(arg1));
+}
+
+/* munlockall(2) */
+static inline abi_long do_bsd_munlockall(void)
+{
+return get_errno(munlockall());
+}
+
+/* minherit(2) */
+static inline abi_long do_bsd_minherit(abi_long addr, abi_long len,
+abi_long inherit)
+{
+return get_errno(minherit(g2h_untagged(addr), len, inherit));
+}
+
 #endif /* BSD_USER_BSD_MEM_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 859492dee7..6eaa705cd3 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -503,6 +503,26 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_msync(arg1, arg2, arg3);
 break;
 
+case TARGET_FREEBSD_NR_mlock: /* mlock(2) */
+ret = do_bsd_mlock(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_munlock: /* munlock(2) */
+ret = do_bsd_munlock(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_mlockall: /* mlockall(2) */
+ret = do_bsd_mlockall(arg1);
+break;
+
+case TARGET_FREEBSD_NR_munlockall: /* munlockall(2) */
+ret = do_bsd_munlockall();
+break;
+
+case TARGET_FREEBSD_NR_minherit: /* minherit(2) */
+ret = do_bsd_minherit(arg1, arg2, arg3);
+break;
+
 #if defined(__FreeBSD_version) && __FreeBSD_version >= 1300048
 case TARGET_FREEBSD_NR_shm_open2: /* shm_open2(2) */
 ret = do_freebsd_shm_open2(arg1, arg2, arg3, arg4, arg5);
-- 
2.42.0

[PATCH v2 07/23] bsd-user: Add bsd-mem.c to meson.build

[Karim Taha]

Signed-off-by: Karim Taha 

Reviewed-by: Richard Henderson 
Reviewed-by: Warner Losh 
---
 bsd-user/bsd-mem.c   | 0
 bsd-user/meson.build | 1 +
 2 files changed, 1 insertion(+)
 create mode 100644 bsd-user/bsd-mem.c

diff --git a/bsd-user/bsd-mem.c b/bsd-user/bsd-mem.c
new file mode 100644
index 00..e69de29bb2
diff --git a/bsd-user/meson.build b/bsd-user/meson.build
index 5243122fc5..6ee68fdfe7 100644
--- a/bsd-user/meson.build
+++ b/bsd-user/meson.build
@@ -7,6 +7,7 @@ bsd_user_ss = ss.source_set()
 common_user_inc += include_directories('include')
 
 bsd_user_ss.add(files(
+  'bsd-mem.c',
   'bsdload.c',
   'elfload.c',
   'main.c',
-- 
2.42.0

[PATCH v2 12/23] bsd-user: Implement mmap(2) and munmap(2)

[Karim Taha]

From: Stacey Son 

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
Reviewed-by: Warner Losh 
Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-mem.h| 20 
 bsd-user/freebsd/os-syscall.c |  9 +
 2 files changed, 29 insertions(+)

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index d865e0807d..76b504f70c 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -61,4 +61,24 @@ extern struct bsd_shm_regions bsd_shm_regions[];
 extern abi_ulong target_brk;
 extern abi_ulong initial_target_brk;
 
+/* mmap(2) */
+static inline abi_long do_bsd_mmap(void *cpu_env, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5, abi_long arg6, abi_long arg7,
+abi_long arg8)
+{
+if (regpairs_aligned(cpu_env) != 0) {
+arg6 = arg7;
+arg7 = arg8;
+}
+return get_errno(target_mmap(arg1, arg2, arg3,
+ target_to_host_bitmask(arg4, mmap_flags_tbl),
+ arg5, target_arg64(arg6, arg7)));
+}
+
+/* munmap(2) */
+static inline abi_long do_bsd_munmap(abi_long arg1, abi_long arg2)
+{
+return get_errno(target_munmap(arg1, arg2));
+}
+
 #endif /* BSD_USER_BSD_MEM_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 7e2a395e0f..d88f62319b 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -486,6 +486,15 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 /*
  * Memory management system calls.
  */
+case TARGET_FREEBSD_NR_mmap: /* mmap(2) */
+ret = do_bsd_mmap(cpu_env, arg1, arg2, arg3, arg4, arg5, arg6, arg7,
+  arg8);
+break;
+
+case TARGET_FREEBSD_NR_munmap: /* munmap(2) */
+ret = do_bsd_munmap(arg1, arg2);
+break;
+
 #if defined(__FreeBSD_version) && __FreeBSD_version >= 1300048
 case TARGET_FREEBSD_NR_shm_open2: /* shm_open2(2) */
 ret = do_freebsd_shm_open2(arg1, arg2, arg3, arg4, arg5);
-- 
2.42.0

[PATCH v2 18/23] bsd-user: Implement do_obreak function

[Karim Taha]

From: Stacey Son 

Match linux-user, by manually applying the following commits, in order:

d28b3c90cfad1a7e211ae2bce36ecb9071086129   linux-user: Make sure initial brk(0) 
is page-aligned
15ad98536ad9410fb32ddf1ff09389b677643faa   linux-user: Fix qemu brk() to not 
zero bytes on current page
dfe49864afb06e7e452a4366051697bc4fcfc1a5   linux-user: Prohibit brk() to to 
shrink below initial heap address
eac78a4b0b7da4de2c0a297f4d528ca9cc6256a3   linux-user: Fix signed math overflow 
in brk() syscall
c6cc059eca18d9f6e4e26bb8b6d1135ddb35d81a   linux-user: Do not call get_errno() 
in do_brk()
e69e032d1a8ee8d754ca119009a3c2c997f8bb30   linux-user: Use MAP_FIXED_NOREPLACE 
for do_brk()
cb9d5d1fda0bc2312fc0c779b4ea1d7bf826f31f   linux-user: Do nothing if too small 
brk is specified
2aea137a425a87b930a33590177b04368fd7cc12   linux-user: Do not align brk with 
host page size

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
---
 bsd-user/bsd-mem.h| 45 +++
 bsd-user/freebsd/os-syscall.c |  7 ++
 2 files changed, 52 insertions(+)

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index 1dabbe36e6..563f82996b 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -211,4 +211,49 @@ static inline abi_long do_bsd_mincore(abi_ulong 
target_addr, abi_ulong len,
 return ret;
 }
 
+/* do_brk() must return target values and target errnos. */
+static inline abi_long do_obreak(abi_ulong brk_val)
+{
+abi_long mapped_addr;
+abi_ulong new_brk;
+abi_ulong old_brk;
+
+/* brk pointers are always untagged */
+
+/* do not allow to shrink below initial brk value */
+if (brk_val < initial_target_brk) {
+ return target_brk;
+}
+
+new_brk = TARGET_PAGE_ALIGN(brk_val);
+old_brk = TARGET_PAGE_ALIGN(target_brk);
+
+/* new and old target_brk might be on the same page */
+if (new_brk == old_brk) {
+target_brk = brk_val;
+return target_brk;
+}
+
+/* Release heap if necesary */
+if (new_brk < old_brk) {
+target_munmap(new_brk, old_brk - new_brk);
+
+target_brk = brk_val;
+return target_brk;
+}
+
+mapped_addr = target_mmap(old_brk, new_brk - old_brk,
+  PROT_READ | PROT_WRITE,
+  MAP_FIXED | MAP_EXCL | MAP_ANON | MAP_PRIVATE,
+  -1, 0);
+
+if (mapped_addr == old_brk) {
+target_brk = brk_val;
+return target_brk;
+}
+
+/* For everything else, return the previous break. */
+return target_brk;
+}
+
 #endif /* BSD_USER_BSD_MEM_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 8d1cf3b35c..8dd29fddde 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -543,6 +543,13 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 break;
 #endif
 
+/*
+ * Misc
+ */
+case TARGET_FREEBSD_NR_break:
+ret = do_obreak(arg1);
+break;
+
 /*
  * sys{ctl, arch, call}
  */
-- 
2.42.0

[PATCH v2 13/23] bsd-user: Implement mprotect(2)

[Karim Taha]

From: Stacey Son 

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 

Reviewed-by: Richard Henderson 
Reviewed-by: Warner Losh 
---
 bsd-user/bsd-mem.h| 7 +++
 bsd-user/freebsd/os-syscall.c | 4 
 2 files changed, 11 insertions(+)

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index 76b504f70c..0f9e4a1d4b 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -81,4 +81,11 @@ static inline abi_long do_bsd_munmap(abi_long arg1, abi_long 
arg2)
 return get_errno(target_munmap(arg1, arg2));
 }
 
+/* mprotect(2) */
+static inline abi_long do_bsd_mprotect(abi_long arg1, abi_long arg2,
+abi_long arg3)
+{
+return get_errno(target_mprotect(arg1, arg2, arg3));
+}
+
 #endif /* BSD_USER_BSD_MEM_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index d88f62319b..127805e079 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -495,6 +495,10 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_munmap(arg1, arg2);
 break;
 
+case TARGET_FREEBSD_NR_mprotect: /* mprotect(2) */
+ret = do_bsd_mprotect(arg1, arg2, arg3);
+break;
+
 #if defined(__FreeBSD_version) && __FreeBSD_version >= 1300048
 case TARGET_FREEBSD_NR_shm_open2: /* shm_open2(2) */
 ret = do_freebsd_shm_open2(arg1, arg2, arg3, arg4, arg5);
-- 
2.42.0

[PATCH v2 21/23] bsd-user: Implement shmctl(2)

[Karim Taha]

From: Stacey Son 

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 

Reviewed-by: Warner Losh 
---
 bsd-user/bsd-mem.h| 33 +
 bsd-user/freebsd/os-syscall.c |  4 
 2 files changed, 37 insertions(+)

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index 27d4e7f079..dd506b8a15 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -304,4 +304,37 @@ static inline abi_long do_bsd_shmget(abi_long arg1, 
abi_ulong arg2,
 return get_errno(shmget(arg1, arg2, arg3));
 }
 
+/* shmctl(2) */
+static inline abi_long do_bsd_shmctl(abi_long shmid, abi_long cmd,
+abi_ulong buff)
+{
+struct shmid_ds dsarg;
+abi_long ret = -TARGET_EINVAL;
+
+cmd &= 0xff;
+
+switch (cmd) {
+case IPC_STAT:
+case IPC_SET:
+if (target_to_host_shmid_ds(, buff)) {
+return -TARGET_EFAULT;
+}
+ret = get_errno(shmctl(shmid, cmd, ));
+if (host_to_target_shmid_ds(buff, )) {
+return -TARGET_EFAULT;
+}
+break;
+
+case IPC_RMID:
+ret = get_errno(shmctl(shmid, cmd, NULL));
+break;
+
+default:
+ret = -TARGET_EINVAL;
+break;
+}
+
+return ret;
+}
+
 #endif /* BSD_USER_BSD_MEM_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 52cca2300f..35f94f51fc 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -555,6 +555,10 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_shmget(arg1, arg2, arg3);
 break;
 
+case TARGET_FREEBSD_NR_shmctl: /* shmctl(2) */
+ret = do_bsd_shmctl(arg1, arg2, arg3);
+break;
+
 /*
  * Misc
  */
-- 
2.42.0

[PATCH v2 02/23] bsd-user: Implement struct target_shmid_ds

[Karim Taha]

From: Stacey Son 

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 

Reviewed-by: Richard Henderson 
Reviewed-by: Warner Losh 
---
 bsd-user/syscall_defs.h | 20 
 1 file changed, 20 insertions(+)

diff --git a/bsd-user/syscall_defs.h b/bsd-user/syscall_defs.h
index 39a9bc8ed7..074df7bdd6 100644
--- a/bsd-user/syscall_defs.h
+++ b/bsd-user/syscall_defs.h
@@ -72,6 +72,26 @@ struct target_ipc_perm {
 #define TARGET_IPC_SET  1   /* set options */
 #define TARGET_IPC_STAT 2   /* get options */
 
+/*
+ * sys/shm.h
+ */
+struct target_shmid_ds {
+struct  target_ipc_perm shm_perm; /* peration permission structure */
+abi_ulong   shm_segsz;  /* size of segment in bytes */
+int32_t shm_lpid;   /* process ID of last shared memory op */
+int32_t shm_cpid;   /* process ID of creator */
+int32_t shm_nattch; /* number of current attaches */
+target_time_t shm_atime;  /* time of last shmat() */
+target_time_t shm_dtime;  /* time of last shmdt() */
+target_time_t shm_ctime;  /* time of last change by shmctl() */
+};
+
+#define N_BSD_SHM_REGIONS   32
+struct bsd_shm_regions {
+abi_long start;
+abi_long size;
+};
+
 /*
  *  sys/mman.h
  */
-- 
2.42.0

[PATCH v2 14/23] bsd-user: Implement msync(2)

[Karim Taha]

From: Stacey Son 

Co-authored-by: Kyle Evans 

Signed-off-by: Stacey Son 
Signed-off-by: Kyle Evans 
Signed-off-by: Karim Taha 

Reviewed-by: Warner Losh 
Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-mem.h| 11 +++
 bsd-user/freebsd/os-syscall.c |  4 
 2 files changed, 15 insertions(+)

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index 0f9e4a1d4b..5e885823a7 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -88,4 +88,15 @@ static inline abi_long do_bsd_mprotect(abi_long arg1, 
abi_long arg2,
 return get_errno(target_mprotect(arg1, arg2, arg3));
 }
 
+/* msync(2) */
+static inline abi_long do_bsd_msync(abi_long addr, abi_long len, abi_long 
flags)
+{
+if (!guest_range_valid_untagged(addr, len)) {
+/* It seems odd, but POSIX wants this to be ENOMEM */
+return -TARGET_ENOMEM;
+}
+
+return get_errno(msync(g2h_untagged(addr), len, flags));
+}
+
 #endif /* BSD_USER_BSD_MEM_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 127805e079..859492dee7 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -499,6 +499,10 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_mprotect(arg1, arg2, arg3);
 break;
 
+case TARGET_FREEBSD_NR_msync: /* msync(2) */
+ret = do_bsd_msync(arg1, arg2, arg3);
+break;
+
 #if defined(__FreeBSD_version) && __FreeBSD_version >= 1300048
 case TARGET_FREEBSD_NR_shm_open2: /* shm_open2(2) */
 ret = do_freebsd_shm_open2(arg1, arg2, arg3, arg4, arg5);
-- 
2.42.0

[PATCH v2 11/23] bsd-user: Introduce bsd-mem.h to the source tree

[Karim Taha]

From: Stacey Son 

Preserve the copyright notice and help with the 'Author' info for
subsequent changes to the file.

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 

Reviewed-by: Warner Losh 
Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-mem.h| 64 +++
 bsd-user/freebsd/os-syscall.c |  1 +
 2 files changed, 65 insertions(+)
 create mode 100644 bsd-user/bsd-mem.h

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
new file mode 100644
index 00..d865e0807d
--- /dev/null
+++ b/bsd-user/bsd-mem.h
@@ -0,0 +1,64 @@
+/*
+ *  memory management system call shims and definitions
+ *
+ *  Copyright (c) 2013-15 Stacey D. Son
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+/*
+ * Copyright (c) 1982, 1986, 1993
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ * 4. Neither the name of the University nor the names of its contributors
+ *may be used to endorse or promote products derived from this software
+ *without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef BSD_USER_BSD_MEM_H
+#define BSD_USER_BSD_MEM_H
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "qemu-bsd.h"
+
+extern struct bsd_shm_regions bsd_shm_regions[];
+extern abi_ulong target_brk;
+extern abi_ulong initial_target_brk;
+
+#endif /* BSD_USER_BSD_MEM_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index c0a22eb746..7e2a395e0f 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -35,6 +35,7 @@
 
 /* BSD independent syscall shims */
 #include "bsd-file.h"
+#include "bsd-mem.h"
 #include "bsd-proc.h"
 
 /* *BSD dependent syscall shims */
-- 
2.42.0

[PATCH v2 03/23] bsd-user: Declarations for ipc_perm and shmid_ds conversion functions

[Karim Taha]

From: Stacey Son 

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 

Reviewed-by: Richard Henderson 
Reviewed-by: Warner Losh 
---
 bsd-user/qemu-bsd.h | 45 +
 1 file changed, 45 insertions(+)
 create mode 100644 bsd-user/qemu-bsd.h

diff --git a/bsd-user/qemu-bsd.h b/bsd-user/qemu-bsd.h
new file mode 100644
index 00..46572ece7d
--- /dev/null
+++ b/bsd-user/qemu-bsd.h
@@ -0,0 +1,45 @@
+/*
+ *  BSD conversion extern declarations
+ *
+ *  Copyright (c) 2013 Stacey D. Son
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef QEMU_BSD_H
+#define QEMU_BSD_H
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/* bsd-mem.c */
+void target_to_host_ipc_perm__locked(struct ipc_perm *host_ip,
+struct target_ipc_perm *target_ip);
+void host_to_target_ipc_perm__locked(struct target_ipc_perm *target_ip,
+struct ipc_perm *host_ip);
+abi_long target_to_host_shmid_ds(struct shmid_ds *host_sd,
+abi_ulong target_addr);
+abi_long host_to_target_shmid_ds(abi_ulong target_addr,
+struct shmid_ds *host_sd);
+
+#endif /* QEMU_BSD_H */
-- 
2.42.0

[PATCH v2 01/23] bsd-user: Implement struct target_ipc_perm

[Karim Taha]

From: Stacey Son 

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 

Reviewed-by: Richard Henderson 
Reviewed-by: Warner Losh 
---
 bsd-user/syscall_defs.h | 17 +
 1 file changed, 17 insertions(+)

diff --git a/bsd-user/syscall_defs.h b/bsd-user/syscall_defs.h
index e4825f2662..39a9bc8ed7 100644
--- a/bsd-user/syscall_defs.h
+++ b/bsd-user/syscall_defs.h
@@ -55,6 +55,23 @@ struct target_iovec {
 abi_long iov_len;   /* Number of bytes */
 };
 
+/*
+ * sys/ipc.h
+ */
+struct target_ipc_perm {
+uint32_tcuid;   /* creator user id */
+uint32_tcgid;   /* creator group id */
+uint32_tuid;/* user id */
+uint32_tgid;/* group id */
+uint16_tmode;   /* r/w permission */
+uint16_tseq;/* sequence # */
+abi_longkey;/* user specified msg/sem/shm key */
+};
+
+#define TARGET_IPC_RMID 0   /* remove identifier */
+#define TARGET_IPC_SET  1   /* set options */
+#define TARGET_IPC_STAT 2   /* get options */
+
 /*
  *  sys/mman.h
  */
-- 
2.42.0

[PATCH v2 10/23] bsd-user: Implement shmid_ds conversion between host and target.

[Karim Taha]

From: Stacey Son 

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
---
 bsd-user/bsd-mem.c | 43 +++
 1 file changed, 43 insertions(+)

diff --git a/bsd-user/bsd-mem.c b/bsd-user/bsd-mem.c
index 46cda8eb5c..eea499a727 100644
--- a/bsd-user/bsd-mem.c
+++ b/bsd-user/bsd-mem.c
@@ -43,6 +43,28 @@ void target_to_host_ipc_perm__locked(struct ipc_perm 
*host_ip,
 __get_user(host_ip->key,  _ip->key);
 }
 
+abi_long target_to_host_shmid_ds(struct shmid_ds *host_sd,
+ abi_ulong target_addr)
+{
+struct target_shmid_ds *target_sd;
+
+if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1)) {
+return -TARGET_EFAULT;
+}
+
+target_to_host_ipc_perm__locked(&(host_sd->shm_perm), 
&(target_sd->shm_perm));
+__get_user(host_sd->shm_segsz,  _sd->shm_segsz);
+__get_user(host_sd->shm_lpid,   _sd->shm_lpid);
+__get_user(host_sd->shm_cpid,   _sd->shm_cpid);
+__get_user(host_sd->shm_nattch, _sd->shm_nattch);
+__get_user(host_sd->shm_atime,  _sd->shm_atime);
+__get_user(host_sd->shm_dtime,  _sd->shm_dtime);
+__get_user(host_sd->shm_ctime,  _sd->shm_ctime);
+unlock_user_struct(target_sd, target_addr, 0);
+
+return 0;
+}
+
 void host_to_target_ipc_perm__locked(struct target_ipc_perm *target_ip,
  struct ipc_perm *host_ip)
 {
@@ -55,3 +77,24 @@ void host_to_target_ipc_perm__locked(struct target_ipc_perm 
*target_ip,
 __put_user(host_ip->key,  _ip->key);
 }
 
+abi_long host_to_target_shmid_ds(abi_ulong target_addr,
+ struct shmid_ds *host_sd)
+{
+struct target_shmid_ds *target_sd;
+
+if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0)) {
+return -TARGET_EFAULT;
+}
+
+host_to_target_ipc_perm__locked(&(target_sd->shm_perm), 
&(host_sd->shm_perm));
+__put_user(host_sd->shm_segsz,  _sd->shm_segsz);
+__put_user(host_sd->shm_lpid,   _sd->shm_lpid);
+__put_user(host_sd->shm_cpid,   _sd->shm_cpid);
+__put_user(host_sd->shm_nattch, _sd->shm_nattch);
+__put_user(host_sd->shm_atime,  _sd->shm_atime);
+__put_user(host_sd->shm_dtime,  _sd->shm_dtime);
+__put_user(host_sd->shm_ctime,  _sd->shm_ctime);
+unlock_user_struct(target_sd, target_addr, 1);
+
+return 0;
+}
-- 
2.42.0

[PATCH v2 17/23] bsd-user: Implement mincore(2)

[Karim Taha]

From: Stacey Son 

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
---
 bsd-user/bsd-mem.h| 22 ++
 bsd-user/freebsd/os-syscall.c |  4 
 2 files changed, 26 insertions(+)

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index 0e16051418..1dabbe36e6 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -189,4 +189,26 @@ static inline abi_long do_bsd_minherit(abi_long addr, 
abi_long len,
 return get_errno(minherit(g2h_untagged(addr), len, inherit));
 }
 
+/* mincore(2) */
+static inline abi_long do_bsd_mincore(abi_ulong target_addr, abi_ulong len,
+abi_ulong target_vec)
+{
+abi_long ret;
+void *p;
+abi_ulong vec_len = DIV_ROUND_UP(len,TARGET_PAGE_SIZE);
+
+if (!guest_range_valid_untagged(target_addr,len) || 
!page_check_range(target_addr, len, PAGE_VALID)) {
+return -TARGET_EFAULT;
+}
+
+p = lock_user(VERIFY_WRITE, target_vec, vec_len, 0);
+if (p == NULL) {
+return -TARGET_EFAULT;
+}
+ret = get_errno(mincore(g2h_untagged(target_addr), len, p));
+unlock_user(p, target_vec, 0);
+
+return ret;
+}
+
 #endif /* BSD_USER_BSD_MEM_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index f5d60cf902..8d1cf3b35c 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -527,6 +527,10 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_minherit(arg1, arg2, arg3);
 break;
 
+case TARGET_FREEBSD_NR_mincore: /* mincore(2) */
+ret = do_bsd_mincore(arg1, arg2, arg3);
+break;
+
 #if defined(__FreeBSD_version) && __FreeBSD_version >= 1300048
 case TARGET_FREEBSD_NR_shm_open2: /* shm_open2(2) */
 ret = do_freebsd_shm_open2(arg1, arg2, arg3, arg4, arg5);
-- 
2.42.0

[PATCH v2 22/23] bsd-user: Implement shmat(2) and shmdt(2)

[Karim Taha]

From: Stacey Son 

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
---
 bsd-user/bsd-mem.h| 76 +++
 bsd-user/freebsd/os-syscall.c |  8 
 2 files changed, 84 insertions(+)

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index dd506b8a15..c01b009326 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -337,4 +337,80 @@ static inline abi_long do_bsd_shmctl(abi_long shmid, 
abi_long cmd,
 return ret;
 }
 
+/* shmat(2) */
+static inline abi_long do_bsd_shmat(int shmid, abi_ulong shmaddr, int shmflg)
+{
+abi_ulong raddr;
+abi_long ret;
+void *host_raddr;
+struct shmid_ds shm_info;
+int i;
+
+/* Find out the length of the shared memory segment. */
+ret = get_errno(shmctl(shmid, IPC_STAT, _info));
+if (is_error(ret)) {
+/* Can't get the length */
+return ret;
+}
+
+if (!guest_range_valid_untagged(shmaddr, shm_info.shm_segsz)) {
+return -TARGET_EINVAL;
+}
+
+mmap_lock();
+
+if (shmaddr) {
+host_raddr = shmat(shmid, (void *)g2h_untagged(shmaddr), shmflg);
+} else {
+abi_ulong mmap_start;
+
+mmap_start = mmap_find_vma(0, shm_info.shm_segsz);
+
+if (mmap_start == -1) {
+errno = ENOMEM;
+host_raddr = (void *)-1;
+} else {
+host_raddr = shmat(shmid, g2h_untagged(mmap_start),
+shmflg | SHM_REMAP);
+}
+}
+
+if (host_raddr == (void *)-1) {
+mmap_unlock();
+return get_errno((long)host_raddr);
+}
+raddr = h2g((unsigned long)host_raddr);
+
+page_set_flags(raddr, raddr + shm_info.shm_segsz,
+PAGE_VALID | PAGE_READ | ((shmflg & SHM_RDONLY) ? 0 : PAGE_WRITE));
+
+for (i = 0; i < N_BSD_SHM_REGIONS; i++) {
+if (bsd_shm_regions[i].start == 0) {
+bsd_shm_regions[i].start = raddr;
+bsd_shm_regions[i].size = shm_info.shm_segsz;
+break;
+}
+}
+
+mmap_unlock();
+return raddr;
+}
+
+/* shmdt(2) */
+static inline abi_long do_bsd_shmdt(abi_ulong shmaddr)
+{
+int i;
+
+for (i = 0; i < N_BSD_SHM_REGIONS; ++i) {
+if (bsd_shm_regions[i].start == shmaddr) {
+bsd_shm_regions[i].start = 0;
+page_set_flags(shmaddr,
+shmaddr + bsd_shm_regions[i].size, 0);
+break;
+}
+}
+
+return get_errno(shmdt(g2h_untagged(shmaddr)));
+}
+
 #endif /* BSD_USER_BSD_MEM_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 35f94f51fc..fe0968773e 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -559,6 +559,14 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_shmctl(arg1, arg2, arg3);
 break;
 
+case TARGET_FREEBSD_NR_shmat: /* shmat(2) */
+ret = do_bsd_shmat(arg1, arg2, arg3);
+break;
+
+case TARGET_FREEBSD_NR_shmdt: /* shmdt(2) */
+ret = do_bsd_shmdt(arg1);
+break;
+
 /*
  * Misc
  */
-- 
2.42.0

[PATCH v2 16/23] bsd-user: Implment madvise(2) to match the linux-user implementation.

[Karim Taha]

Signed-off-by: Signed-off-by: Karim Taha 
---
 bsd-user/bsd-mem.h| 53 +++
 bsd-user/freebsd/os-syscall.c |  4 +++
 bsd-user/syscall_defs.h   |  2 ++
 3 files changed, 59 insertions(+)

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index 16c22593bf..0e16051418 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -129,6 +129,59 @@ static inline abi_long do_bsd_munlockall(void)
 return get_errno(munlockall());
 }
 
+/* madvise(2) */
+static inline abi_long do_bsd_madvise(abi_long arg1, abi_long arg2,
+abi_long arg3)
+{
+abi_ulong len;
+int ret = 0;
+abi_long start = arg1;
+abi_long len_in = arg2;
+abi_long advice = arg3;
+
+if (start & ~TARGET_PAGE_MASK) {
+return -TARGET_EINVAL;
+}
+if (len_in == 0) {
+return 0;
+}
+len = TARGET_PAGE_ALIGN(len_in);
+if (len == 0 || !guest_range_valid_untagged(start, len)) {
+return -TARGET_EINVAL;
+}
+
+/*
+ * Most advice values are hints, so ignoring and returning success is ok.
+ *
+ * However, some advice values such as MADV_DONTNEED, are not hints and
+ * need to be emulated.
+ *
+ * A straight passthrough for those may not be safe because qemu sometimes
+ * turns private file-backed mappings into anonymous mappings.
+ * If all guest pages have PAGE_PASSTHROUGH set, mappings have the
+ * same semantics for the host as for the guest.
+ *
+ * MADV_DONTNEED is passed through, if possible.
+ * If passthrough isn't possible, we nevertheless (wrongly!) return
+ * success, which is broken but some userspace programs fail to work
+ * otherwise. Completely implementing such emulation is quite complicated
+ * though.
+ */
+mmap_lock();
+switch (advice) {
+case MADV_DONTNEED:
+if (page_check_range(start, len, PAGE_PASSTHROUGH)) {
+ret = get_errno(madvise(g2h_untagged(start), len, advice));
+if ((advice == MADV_DONTNEED) && (ret == 0)) {
+page_reset_target_data(start, start + len - 1);
+}
+}
+}
+mmap_unlock();
+
+return ret;
+}
+
 /* minherit(2) */
 static inline abi_long do_bsd_minherit(abi_long addr, abi_long len,
 abi_long inherit)
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 6eaa705cd3..f5d60cf902 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -519,6 +519,10 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_munlockall();
 break;
 
+case TARGET_FREEBSD_NR_madvise: /* madvise(2) */
+ret = do_bsd_madvise(arg1, arg2, arg3);
+break;
+
 case TARGET_FREEBSD_NR_minherit: /* minherit(2) */
 ret = do_bsd_minherit(arg1, arg2, arg3);
 break;
diff --git a/bsd-user/syscall_defs.h b/bsd-user/syscall_defs.h
index 074df7bdd6..76f4856009 100644
--- a/bsd-user/syscall_defs.h
+++ b/bsd-user/syscall_defs.h
@@ -95,6 +95,8 @@ struct bsd_shm_regions {
 /*
  *  sys/mman.h
  */
+#define TARGET_MADV_DONTNEED4   /* dont need these pages */
+
 #define TARGET_FREEBSD_MAP_RESERVED0080 0x0080  /* previously misimplemented */
 /* MAP_INHERIT */
 #define TARGET_FREEBSD_MAP_RESERVED0100 0x0100  /* previously unimplemented */
-- 
2.42.0

[PATCH v2 23/23] bsd-user: Add stubs for vadvise(), sbrk() and sstk()

[Karim Taha]

From: Warner Losh 

The above system calls are not supported by qemu.

Signed-off-by: Warner Losh 
Signed-off-by: Karim Taha 
---
 bsd-user/bsd-mem.h| 18 ++
 bsd-user/freebsd/os-syscall.c | 12 
 2 files changed, 30 insertions(+)

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index c01b009326..aea8d65f15 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -413,4 +413,22 @@ static inline abi_long do_bsd_shmdt(abi_ulong shmaddr)
 return get_errno(shmdt(g2h_untagged(shmaddr)));
 }
 
+static inline abi_long do_bsd_vadvise(void)
+{
+/* See sys_ovadvise() in vm_unix.c */
+return -TARGET_EINVAL;
+}
+
+static inline abi_long do_bsd_sbrk(void)
+{
+/* see sys_sbrk() in vm_mmap.c */
+return -TARGET_EOPNOTSUPP;
+}
+
+static inline abi_long do_bsd_sstk(void)
+{
+/* see sys_sstk() in vm_mmap.c */
+return -TARGET_EOPNOTSUPP;
+}
+
 #endif /* BSD_USER_BSD_MEM_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index fe0968773e..9647249e90 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -567,6 +567,18 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_shmdt(arg1);
 break;
 
+case TARGET_FREEBSD_NR_freebsd11_vadvise:
+ret = do_bsd_vadvise();
+break;
+
+case TARGET_FREEBSD_NR_sbrk:
+ret = do_bsd_sbrk();
+break;
+
+case TARGET_FREEBSD_NR_sstk:
+ret = do_bsd_sstk();
+break;
+
 /*
  * Misc
  */
-- 
2.42.0

[PATCH v2 00/23] bsd-user: Implement mmap related system calls for FreeBSD.

[Karim Taha]

Upstream the implementation of the following mmap system calls, from the
qemu-bsd-user fork:
   mmap(2), munmap(2),
   mprotect(2),
   msync(2),
   mlock(2), munlock(2), mlockall(2), munlockall(2), mincore(2),
   madvise(2),
   minherit(2),
   shm_open(2),shm_open2(2), shm_rename2(2), shm_unlink(2), shmget(2), 
shmctl(2), shmat(2),
   shmdt(2)
   brk(2)

Karim Taha (2):
  bsd-user: Add bsd-mem.c to meson.build
  bsd-user: Implment madvise(2) to match the linux-user implementation.

Kyle Evans (2):
  bsd-user: Implement shm_open2(2) system call
  bsd-user: Implement shm_rename(2) system call

Stacey Son (18):
  bsd-user: Implement struct target_ipc_perm
  bsd-user: Implement struct target_shmid_ds
  bsd-user: Declarations for ipc_perm and shmid_ds conversion functions
  bsd-user: Introduce freebsd/os-misc.h to the source tree
  bsd-user: Implement target_set_brk function in bsd-mem.c instead of
os-syscall.c
  bsd-user: Implement ipc_perm conversion between host and target.
  bsd-user: Implement shmid_ds conversion between host and target.
  bsd-user: Introduce bsd-mem.h to the source tree
  bsd-user: Implement mmap(2) and munmap(2)
  bsd-user: Implement mprotect(2)
  bsd-user: Implement msync(2)
  bsd-user: Implement mlock(2), munlock(2), mlockall(2), munlockall(2),
minherit(2)
  bsd-user: Implement mincore(2)
  bsd-user: Implement do_obreak function
  bsd-user: Implement shm_open(2)
  bsd-user: Implement shm_unlink(2) and shmget(2)
  bsd-user: Implement shmctl(2)
  bsd-user: Implement shmat(2) and shmdt(2)

Warner Losh (1):
  bsd-user: Add stubs for vadvise(), sbrk() and sstk()

 bsd-user/bsd-mem.c| 100 
 bsd-user/bsd-mem.h| 434 ++
 bsd-user/freebsd/os-misc.h|  94 
 bsd-user/freebsd/os-syscall.c | 112 -
 bsd-user/meson.build  |   1 +
 bsd-user/qemu-bsd.h   |  45 
 bsd-user/syscall_defs.h   |  39 +++
 7 files changed, 821 insertions(+), 4 deletions(-)
 create mode 100644 bsd-user/bsd-mem.c
 create mode 100644 bsd-user/bsd-mem.h
 create mode 100644 bsd-user/freebsd/os-misc.h
 create mode 100644 bsd-user/qemu-bsd.h

-- 
2.42.0

[PATCH v2 08/23] bsd-user: Implement target_set_brk function in bsd-mem.c instead of os-syscall.c

[Karim Taha]

From: Stacey Son 

The definitions and variables names matches the corresponding ones in
linux-user/syscall.c, for making later implementation of do_obreak easier

Co-authored-by: Mikaël Urankar 
Signed-off-by: Mikaël Urankar 
Signed-off-by: Karim Taha 

Reviewed-by: Warner Losh 
Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-mem.c| 32 
 bsd-user/freebsd/os-syscall.c |  4 
 2 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/bsd-user/bsd-mem.c b/bsd-user/bsd-mem.c
index e69de29bb2..8834ab2e58 100644
--- a/bsd-user/bsd-mem.c
+++ b/bsd-user/bsd-mem.c
@@ -0,0 +1,32 @@
+/*
+ *  memory management system conversion routines
+ *
+ *  Copyright (c) 2013 Stacey D. Son
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "qemu-bsd.h"
+
+struct bsd_shm_regions bsd_shm_regions[N_BSD_SHM_REGIONS];
+
+abi_ulong target_brk;
+abi_ulong initial_target_brk;
+
+void target_set_brk(abi_ulong new_brk)
+{
+target_brk = TARGET_PAGE_ALIGN(new_brk);
+initial_target_brk = target_brk;
+}
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 2920370ad2..c0a22eb746 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -59,10 +59,6 @@ safe_syscall3(ssize_t, writev, int, fd, const struct iovec 
*, iov, int, iovcnt);
 safe_syscall4(ssize_t, pwritev, int, fd, const struct iovec *, iov, int, 
iovcnt,
 off_t, offset);
 
-void target_set_brk(abi_ulong new_brk)
-{
-}
-
 /*
  * errno conversion.
  */
-- 
2.42.0

[PATCH v2 09/23] bsd-user: Implement ipc_perm conversion between host and target.

[Karim Taha]

From: Stacey Son 

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 

Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-mem.c | 25 +
 1 file changed, 25 insertions(+)

diff --git a/bsd-user/bsd-mem.c b/bsd-user/bsd-mem.c
index 8834ab2e58..46cda8eb5c 100644
--- a/bsd-user/bsd-mem.c
+++ b/bsd-user/bsd-mem.c
@@ -30,3 +30,28 @@ void target_set_brk(abi_ulong new_brk)
 target_brk = TARGET_PAGE_ALIGN(new_brk);
 initial_target_brk = target_brk;
 }
+
+void target_to_host_ipc_perm__locked(struct ipc_perm *host_ip,
+ struct target_ipc_perm *target_ip)
+{
+__get_user(host_ip->cuid, _ip->cuid);
+__get_user(host_ip->cgid, _ip->cgid);
+__get_user(host_ip->uid,  _ip->uid);
+__get_user(host_ip->gid,  _ip->gid);
+__get_user(host_ip->mode, _ip->mode);
+__get_user(host_ip->seq,  _ip->seq);
+__get_user(host_ip->key,  _ip->key);
+}
+
+void host_to_target_ipc_perm__locked(struct target_ipc_perm *target_ip,
+ struct ipc_perm *host_ip)
+{
+__put_user(host_ip->cuid, _ip->cuid);
+__put_user(host_ip->cgid, _ip->cgid);
+__put_user(host_ip->uid,  _ip->uid);
+__put_user(host_ip->gid,  _ip->gid);
+__put_user(host_ip->mode, _ip->mode);
+__put_user(host_ip->seq,  _ip->seq);
+__put_user(host_ip->key,  _ip->key);
+}
+
-- 
2.42.0

[PATCH v2 04/23] bsd-user: Introduce freebsd/os-misc.h to the source tree

[Karim Taha]

From: Stacey Son 

To preserve the copyright notice and help with the 'Author' info for
subsequent changes to the file.

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 

Reviewed-by: Richard Henderson 
Reviewed-by: Warner Losh 
---
 bsd-user/freebsd/os-misc.h | 28 
 1 file changed, 28 insertions(+)
 create mode 100644 bsd-user/freebsd/os-misc.h

diff --git a/bsd-user/freebsd/os-misc.h b/bsd-user/freebsd/os-misc.h
new file mode 100644
index 00..8436ccb2f7
--- /dev/null
+++ b/bsd-user/freebsd/os-misc.h
@@ -0,0 +1,28 @@
+/*
+ *  miscellaneous FreeBSD system call shims
+ *
+ *  Copyright (c) 2013-14 Stacey D. Son
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef OS_MISC_H
+#define OS_MISC_H
+
+#include 
+#include 
+#include 
+
+
+#endif /* OS_MISC_H */
-- 
2.42.0

[PATCH v2 06/23] bsd-user: Implement shm_rename(2) system call

[Karim Taha]

From: Kyle Evans 

Signed-off-by: Kyle Evans 
Signed-off-by: Karim Taha 

Reviewed-by: Richard Henderson 
Reviewed-by: Warner Losh 
---
 bsd-user/freebsd/os-misc.h| 24 
 bsd-user/freebsd/os-syscall.c |  6 ++
 2 files changed, 30 insertions(+)

diff --git a/bsd-user/freebsd/os-misc.h b/bsd-user/freebsd/os-misc.h
index 6b424b7078..67e450fe7c 100644
--- a/bsd-user/freebsd/os-misc.h
+++ b/bsd-user/freebsd/os-misc.h
@@ -66,5 +66,29 @@ static inline abi_long do_freebsd_shm_open2(abi_ulong 
pathptr, abi_ulong flags,
 }
 #endif /* __FreeBSD_version >= 1300048 */
 
+#if defined(__FreeBSD_version) && __FreeBSD_version >= 1300049
+/* shm_rename(2) */
+static inline abi_long do_freebsd_shm_rename(abi_ulong fromptr, abi_ulong 
toptr,
+abi_ulong flags)
+{
+int ret;
+void *ufrom, *uto;
+
+ufrom = lock_user_string(fromptr);
+if (ufrom == NULL) {
+return -TARGET_EFAULT;
+}
+uto = lock_user_string(toptr);
+if (uto == NULL) {
+unlock_user(ufrom, fromptr, 0);
+return -TARGET_EFAULT;
+}
+ret = get_errno(shm_rename(ufrom, uto, flags));
+unlock_user(ufrom, fromptr, 0);
+unlock_user(uto, toptr, 0);
+
+return ret;
+}
+#endif /* __FreeBSD_version >= 1300049 */
 
 #endif /* OS_MISC_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index b4311db578..2920370ad2 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -495,6 +495,12 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 break;
 #endif
 
+#if defined(__FreeBSD_version) && __FreeBSD_version >= 1300049
+case TARGET_FREEBSD_NR_shm_rename: /* shm_rename(2) */
+ret = do_freebsd_shm_rename(arg1, arg2, arg3);
+break;
+#endif
+
 /*
  * sys{ctl, arch, call}
  */
-- 
2.42.0

[PATCH v2 19/23] bsd-user: Implement shm_open(2)

[Karim Taha]

From: Stacey Son 

Co-authored-by: Kyle Evans 

Signed-off-by: Stacey Son 
Signed-off-by: Kyle Evans 
Signed-off-by: Karim Taha 
---
 bsd-user/bsd-mem.h| 25 +
 bsd-user/freebsd/os-syscall.c |  4 
 2 files changed, 29 insertions(+)

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index 563f82996b..a48f919ff2 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -256,4 +256,29 @@ static inline abi_long do_obreak(abi_ulong brk_val)
 return target_brk;
 }
 
+/* shm_open(2) */
+static inline abi_long do_bsd_shm_open(abi_ulong arg1, abi_long arg2,
+abi_long arg3)
+{
+int ret;
+void *p;
+
+if (arg1 == (uintptr_t)SHM_ANON) {
+p = SHM_ANON;
+} else {
+p = lock_user_string(arg1);
+if (p == NULL) {
+return -TARGET_EFAULT;
+}
+}
+ret = get_errno(shm_open(p, target_to_host_bitmask(arg2, fcntl_flags_tbl),
+ arg3));
+
+if (p != SHM_ANON) {
+unlock_user(p, arg1, 0);
+}
+
+return ret;
+}
+
 #endif /* BSD_USER_BSD_MEM_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 8dd29fddde..7404b0aa72 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -531,6 +531,10 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_mincore(arg1, arg2, arg3);
 break;
 
+case TARGET_FREEBSD_NR_freebsd12_shm_open: /* shm_open(2) */
+ret = do_bsd_shm_open(arg1, arg2, arg3);
+break;
+
 #if defined(__FreeBSD_version) && __FreeBSD_version >= 1300048
 case TARGET_FREEBSD_NR_shm_open2: /* shm_open2(2) */
 ret = do_freebsd_shm_open2(arg1, arg2, arg3, arg4, arg5);
-- 
2.42.0

[PATCH v2 20/23] bsd-user: Implement shm_unlink(2) and shmget(2)

[Karim Taha]

From: Stacey Son 

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 

Reviewed-by: Warner Losh 
Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-mem.h| 23 +++
 bsd-user/freebsd/os-syscall.c |  8 
 2 files changed, 31 insertions(+)

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index a48f919ff2..27d4e7f079 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -281,4 +281,27 @@ static inline abi_long do_bsd_shm_open(abi_ulong arg1, 
abi_long arg2,
 return ret;
 }
 
+/* shm_unlink(2) */
+static inline abi_long do_bsd_shm_unlink(abi_ulong arg1)
+{
+int ret;
+void *p;
+
+p = lock_user_string(arg1);
+if (p == NULL) {
+return -TARGET_EFAULT;
+}
+ret = get_errno(shm_unlink(p)); /* XXX path(p)? */
+unlock_user(p, arg1, 0);
+
+return ret;
+}
+
+/* shmget(2) */
+static inline abi_long do_bsd_shmget(abi_long arg1, abi_ulong arg2,
+abi_long arg3)
+{
+return get_errno(shmget(arg1, arg2, arg3));
+}
+
 #endif /* BSD_USER_BSD_MEM_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 7404b0aa72..52cca2300f 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -547,6 +547,14 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 break;
 #endif
 
+case TARGET_FREEBSD_NR_shm_unlink: /* shm_unlink(2) */
+ret = do_bsd_shm_unlink(arg1);
+break;
+
+case TARGET_FREEBSD_NR_shmget: /* shmget(2) */
+ret = do_bsd_shmget(arg1, arg2, arg3);
+break;
+
 /*
  * Misc
  */
-- 
2.42.0

[PATCH v2 05/23] bsd-user: Implement shm_open2(2) system call

[Karim Taha]

From: Kyle Evans 

Signed-off-by: Kyle Evans 
Signed-off-by: Karim Taha 
---
 bsd-user/freebsd/os-misc.h| 42 +++
 bsd-user/freebsd/os-syscall.c | 13 +++
 2 files changed, 55 insertions(+)

diff --git a/bsd-user/freebsd/os-misc.h b/bsd-user/freebsd/os-misc.h
index 8436ccb2f7..6b424b7078 100644
--- a/bsd-user/freebsd/os-misc.h
+++ b/bsd-user/freebsd/os-misc.h
@@ -24,5 +24,47 @@
 #include 
 #include 
 
+int shm_open2(const char *path, int flags, mode_t mode, int shmflags,
+const char *);
+
+#if defined(__FreeBSD_version) && __FreeBSD_version >= 1300048
+/* shm_open2(2) */
+static inline abi_long do_freebsd_shm_open2(abi_ulong pathptr, abi_ulong flags,
+abi_long mode, abi_ulong shmflags, abi_ulong nameptr)
+{
+int ret;
+void *uname, *upath;
+
+if (pathptr == (uintptr_t)SHM_ANON) {
+upath = SHM_ANON;
+} else {
+upath = lock_user_string(pathptr);
+if (upath == NULL) {
+return -TARGET_EFAULT;
+}
+}
+
+uname = NULL;
+if (nameptr != 0) {
+uname = lock_user_string(nameptr);
+if (uname == NULL) {
+unlock_user(upath, pathptr, 0);
+return -TARGET_EFAULT;
+}
+}
+ret = get_errno(shm_open2(upath,
+target_to_host_bitmask(flags, fcntl_flags_tbl), mode,
+target_to_host_bitmask(shmflags, shmflag_flags_tbl), uname));
+
+if (upath != SHM_ANON) {
+unlock_user(upath, pathptr, 0);
+}
+if (uname != NULL) {
+unlock_user(uname, nameptr, 0);
+}
+return ret;
+}
+#endif /* __FreeBSD_version >= 1300048 */
+
 
 #endif /* OS_MISC_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 2224a280ea..b4311db578 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -33,9 +33,13 @@
 #include "signal-common.h"
 #include "user/syscall-trace.h"
 
+/* BSD independent syscall shims */
 #include "bsd-file.h"
 #include "bsd-proc.h"
 
+/* *BSD dependent syscall shims */
+#include "os-misc.h"
+
 /* I/O */
 safe_syscall3(int, open, const char *, path, int, flags, mode_t, mode);
 safe_syscall4(int, openat, int, fd, const char *, path, int, flags, mode_t,
@@ -482,6 +486,15 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_undelete(arg1);
 break;
 
+/*
+ * Memory management system calls.
+ */
+#if defined(__FreeBSD_version) && __FreeBSD_version >= 1300048
+case TARGET_FREEBSD_NR_shm_open2: /* shm_open2(2) */
+ret = do_freebsd_shm_open2(arg1, arg2, arg3, arg4, arg5);
+break;
+#endif
+
 /*
  * sys{ctl, arch, call}
  */
-- 
2.42.0

Re: [PATCH 20/22] Implement shmctl(2)

[Karim Taha]

Richard Henderson  wrote:

> On 8/19/23 02:48, Karim Taha wrote:
>> +switch (cmd) {
>> +case IPC_STAT:
>> +case IPC_SET:
>> +if (target_to_host_shmid_ds(, buff)) {
>> +return -TARGET_EFAULT;
>> +}
>> +ret = get_errno(shmctl(shmid, cmd, ));
>> +if (host_to_target_shmid_ds(buff, )) {
>> +return -TARGET_EFAULT;
>> +}
>> +break;
>
> IPC_STAT treats buff as output, IPC_SET treats buff as input,
> so these cases can't be combined.
>
>
> r~

I think they can be combined:
1- we marshal the struct `buff` from target to host
2- call `shmctl`
3- marshal the results back.

--
Karim Taha

Re: [RESEND] qemu/timer: Add host ticks function for RISC-V

[Atish Patra]

On Fri, Sep 8, 2023 at 3:29 AM Paolo Bonzini  wrote:
>
> Queued, thanks.
>

I didn't realize it was already queued. Gmail threads failed me this time.
@Paolo Bonzini : Can you please drop this one as this will break as
soon as the host riscv system
has the latest kernel ? I have provided more details in the original thread.

https://lists.gnu.org/archive/html/qemu-devel/2023-09/msg01941.html

> Paolo
>
>


-- 
Regards,
Atish

Re: [PATCH v3 8/8] hw/fsi: Documentation and testing

[Ninad Palsule]

Hello Cedric,

On 8/30/23 02:13, Cédric Le Goater wrote:

On 8/30/23 09:05, Thomas Huth wrote:

On 30/08/2023 04.26, Ninad Palsule wrote:

Added FSI document
Added basic qtests for FSI model.
Added MAINITAINER for FSI
Replaced some qemu logs to traces.


Sorry, that's not how we rework patch series in the QEMU development 
process. Please squash the log traces changes into the patches that 
introduced the original code, and please put the MAINTAINERS update, 
documentation and qtests into separate patches.


yes. This is true for some Kconfig changes also. On that topic, please
make sure FSI is compiled only when ASPEED_SOC is selected. It could be
useful for the PPC PowerNV machines one day but the models are not
available yet.


Fixed the Kconfig rework and make sure that FSI is selected only with 
ASPEED_SOC.



Thanks for the review.

~Ninad



I will try to go through the series this week. Wait a bit for the v4.

Thanks,

C.

Re: [RESEND] qemu/timer: Add host ticks function for RISC-V

[Atish Patra]

On Thu, Sep 7, 2023 at 8:33 PM LIU Zhiwei  wrote:
>
> From: LIU Zhiwei 
>
> Signed-off-by: LIU Zhiwei 
> ---
>  include/qemu/timer.h | 19 +++
>  1 file changed, 19 insertions(+)
>
> diff --git a/include/qemu/timer.h b/include/qemu/timer.h
> index 9a91cb1248..105767c195 100644
> --- a/include/qemu/timer.h
> +++ b/include/qemu/timer.h
> @@ -979,6 +979,25 @@ static inline int64_t cpu_get_host_ticks(void)
>  return cur - ofs;
>  }
>
> +#elif defined(__riscv) && defined(__riscv_xlen) && __riscv_xlen == 32
> +static inline int64_t cpu_get_host_ticks(void)
> +{
> +uint32_t lo, hi;
> +asm volatile("RDCYCLE %0\n\t"
> + "RDCYCLEH %1"
> + : "=r"(lo), "=r"(hi));
> +return lo | (uint64_t)hi << 32;
> +}
> +
> +#elif defined(__riscv) && defined(__riscv_xlen) && __riscv_xlen > 32
> +static inline int64_t cpu_get_host_ticks(void)
> +{
> +int64_t val;
> +
> +asm volatile("RDCYCLE %0" : "=r"(val));
> +return val;
> +}
> +

rdcycle won't be accessible from the user space directly in the
future. rdcycle will be accessible via perf similar to other
architectures from the next kernel release [1].

rdtime must be used to compute the host ticks if the host is a riscv.
This is the equivalent of rdtsc in x86.

[1] 
https://lore.kernel.org/lkml/CAP-5=fVcMg7TL6W_jH61PW6dYMobuTs13d4JDuTAx=mxj+p...@mail.gmail.com/T/#md852c28f4070212973b796c232ecd37dc1c6cb2b

>  #else
>  /* The host CPU doesn't have an easily accessible cycle counter.
> Just return a monotonically increasing value.  This will be
> --
> 2.17.1
>
>


-- 
Regards,
Atish

[PATCH v4 06/10] hw/fsi: Aspeed APB2OPB interface

[Ninad Palsule]

This is a part of patchset where IBM's Flexible Service Interface is
introduced.

An APB-to-OPB bridge enabling access to the OPB from the ARM core in
the AST2600. Hardware limitations prevent the OPB from being directly
mapped into APB, so all accesses are indirect through the bridge.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
---
v2:
- Incorporated review comments by Joel
v3:
- Incorporated review comments by Thomas Huth
v4:
  - Compile FSI with ASPEED_SOC only.
---
 hw/arm/Kconfig  |   1 +
 hw/fsi/Kconfig  |  20 +-
 hw/fsi/aspeed-apb2opb.c | 352 
 hw/fsi/meson.build  |   9 +-
 hw/fsi/trace-events |   3 +-
 hw/fsi/trace.h  |   1 +
 include/hw/fsi/aspeed-apb2opb.h |  33 +++
 meson.build |   1 +
 8 files changed, 407 insertions(+), 13 deletions(-)
 create mode 100644 hw/fsi/aspeed-apb2opb.c
 create mode 100644 hw/fsi/trace.h
 create mode 100644 include/hw/fsi/aspeed-apb2opb.h

diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index 7e68348440..d963de74c9 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -555,6 +555,7 @@ config ASPEED_SOC
 select LED
 select PMBUS
 select MAX31785
+select FSI_APB2OPB_ASPEED
 
 config MPS2
 bool
diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
index 560ce536db..6bbcb8f6ca 100644
--- a/hw/fsi/Kconfig
+++ b/hw/fsi/Kconfig
@@ -1,19 +1,23 @@
-config OPB
+config FSI_APB2OPB_ASPEED
 bool
-select CFAM
+select FSI_OPB
 
-config CFAM
+config FSI_OPB
+bool
+select FSI_CFAM
+
+config FSI_CFAM
 bool
 select FSI
-select SCRATCHPAD
-select LBUS
+select FSI_SCRATCHPAD
+select FSI_LBUS
 
 config FSI
 bool
 
-config SCRATCHPAD
+config FSI_SCRATCHPAD
 bool
-select LBUS
+select FSI_LBUS
 
-config LBUS
+config FSI_LBUS
 bool
diff --git a/hw/fsi/aspeed-apb2opb.c b/hw/fsi/aspeed-apb2opb.c
new file mode 100644
index 00..88eabd8a73
--- /dev/null
+++ b/hw/fsi/aspeed-apb2opb.c
@@ -0,0 +1,352 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * ASPEED APB-OPB FSI interface
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "qom/object.h"
+#include "qapi/error.h"
+#include "trace.h"
+
+#include "hw/fsi/aspeed-apb2opb.h"
+#include "hw/qdev-core.h"
+
+#define TO_REG(x) (x >> 2)
+#define GENMASK(t, b) (((1ULL << ((t) + 1)) - 1) & ~((1ULL << (b)) - 1))
+
+#define APB2OPB_VERSIONTO_REG(0x00)
+#define   APB2OPB_VERSION_VER  GENMASK(7, 0)
+
+#define APB2OPB_TRIGGERTO_REG(0x04)
+#define   APB2OPB_TRIGGER_EN   BIT(0)
+
+#define APB2OPB_CONTROLTO_REG(0x08)
+#define   APB2OPB_CONTROL_OFF  GENMASK(31, 13)
+
+#define APB2OPB_OPB2FSITO_REG(0x0c)
+#define   APB2OPB_OPB2FSI_OFF  GENMASK(31, 22)
+
+#define APB2OPB_OPB0_SEL   TO_REG(0x10)
+#define APB2OPB_OPB1_SEL   TO_REG(0x28)
+#define   APB2OPB_OPB_SEL_EN   BIT(0)
+
+#define APB2OPB_OPB0_MODE  TO_REG(0x14)
+#define APB2OPB_OPB1_MODE  TO_REG(0x2c)
+#define   APB2OPB_OPB_MODE_RD  BIT(0)
+
+#define APB2OPB_OPB0_XFER  TO_REG(0x18)
+#define APB2OPB_OPB1_XFER  TO_REG(0x30)
+#define   APB2OPB_OPB_XFER_FULLBIT(1)
+#define   APB2OPB_OPB_XFER_HALFBIT(0)
+
+#define APB2OPB_OPB0_ADDR  TO_REG(0x1c)
+#define APB2OPB_OPB0_WRITE_DATATO_REG(0x20)
+
+#define APB2OPB_OPB1_DMA_ENTO_REG(0x24)
+#define APB2OPB_OPB1_DMA_EN_3  BIT(3)
+#define APB2OPB_OPB1_DMA_EN_2  BIT(2)
+#define APB2OPB_OPB1_DMA_EN_1  BIT(1)
+#define APB2OPB_OPB1_DMA_EN_0  BIT(0)
+
+#define APB2OPB_OPB1_ADDR  TO_REG(0x34)
+#define APB2OPB_OPB1_WRITE_DATA  TO_REG(0x38)
+
+#define APB2OPB_OPB_CLKTO_REG(0x3c)
+#define   APB2OPB_OPB_CLK_SYNC BIT(0)
+
+#define APB2OPB_IRQ_CLEAR  TO_REG(0x40)
+#define   APB2OPB_IRQ_CLEAR_EN BIT(0)
+
+#define APB2OPB_IRQ_MASK   TO_REG(0x44)
+#define   APB2OPB_IRQ_MASK_OPB1_TX_ACK BIT(17)
+#define   APB2OPB_IRQ_MASK_OPB0_TX_ACK BIT(16)
+#define   APB2OPB_IRQ_MASK_CH3_TCONT   BIT(15)
+#define   APB2OPB_IRQ_MASK_CH2_TCONT   BIT(14)
+#define   APB2OPB_IRQ_MASK_CH1_TCONT   BIT(13)
+#define   APB2OPB_IRQ_MASK_CH0_TCONT   BIT(12)
+#define   APB2OPB_IRQ_MASK_CH3_FIFO_EMPTY  BIT(11)
+#define   APB2OPB_IRQ_MASK_CH2_FIFO_EMPTY  BIT(10)
+#define   APB2OPB_IRQ_MASK_CH1_FIFO_EMPTY  BIT(9)
+#define   APB2OPB_IRQ_MASK_CH0_FIFO_EMPTY  BIT(8)
+#define   APB2OPB_IRQ_MASK_CH3_FIFO_FULL   BIT(7)
+#define   APB2OPB_IRQ_MASK_CH2_FIFO_FULL   BIT(6)
+#define   APB2OPB_IRQ_MASK_CH1_FIFO_FULL   BIT(5)
+#define   

[PATCH v4 07/10] hw/arm: Hook up FSI module in AST2600

[Ninad Palsule]

This patchset introduces IBM's Flexible Service Interface(FSI).

Time for some fun with inter-processor buses. FSI allows a service
processor access to the internal buses of a host POWER processor to
perform configuration or debugging.

FSI has long existed in POWER processes and so comes with some baggage,
including how it has been integrated into the ASPEED SoC.

Working backwards from the POWER processor, the fundamental pieces of
interest for the implementation are:

1. The Common FRU Access Macro (CFAM), an address space containing
   various "engines" that drive accesses on buses internal and external
   to the POWER chip. Examples include the SBEFIFO and I2C masters. The
   engines hang off of an internal Local Bus (LBUS) which is described
   by the CFAM configuration block.

2. The FSI slave: The slave is the terminal point of the FSI bus for
   FSI symbols addressed to it. Slaves can be cascaded off of one
   another. The slave's configuration registers appear in address space
   of the CFAM to which it is attached.

3. The FSI master: A controller in the platform service processor (e.g.
   BMC) driving CFAM engine accesses into the POWER chip. At the
   hardware level FSI is a bit-based protocol supporting synchronous and
   DMA-driven accesses of engines in a CFAM.

4. The On-Chip Peripheral Bus (OPB): A low-speed bus typically found in
   POWER processors. This now makes an appearance in the ASPEED SoC due
   to tight integration of the FSI master IP with the OPB, mainly the
   existence of an MMIO-mapping of the CFAM address straight onto a
   sub-region of the OPB address space.

5. An APB-to-OPB bridge enabling access to the OPB from the ARM core in
   the AST2600. Hardware limitations prevent the OPB from being directly
   mapped into APB, so all accesses are indirect through the bridge.

The implementation appears as following in the qemu device tree:

(qemu) info qtree
bus: main-system-bus
  type System
  ...
  dev: aspeed.apb2opb, id ""
gpio-out "sysbus-irq" 1
mmio 1e79b000/1000
bus: opb.1
  type opb
  dev: fsi.master, id ""
bus: fsi.bus.1
  type fsi.bus
  dev: cfam.config, id ""
  dev: cfam, id ""
bus: lbus.1
  type lbus
  dev: scratchpad, id ""
address = 0 (0x0)
bus: opb.0
  type opb
  dev: fsi.master, id ""
bus: fsi.bus.0
  type fsi.bus
  dev: cfam.config, id ""
  dev: cfam, id ""
bus: lbus.0
  type lbus
  dev: scratchpad, id ""
address = 0 (0x0)

The LBUS is modelled to maintain the qdev bus hierarchy and to take
advantage of the object model to automatically generate the CFAM
configuration block. The configuration block presents engines in the
order they are attached to the CFAM's LBUS. Engine implementations
should subclass the LBusDevice and set the 'config' member of
LBusDeviceClass to match the engine's type.

CFAM designs offer a lot of flexibility, for instance it is possible for
a CFAM to be simultaneously driven from multiple FSI links. The modeling
is not so complete; it's assumed that each CFAM is attached to a single
FSI slave (as a consequence the CFAM subclasses the FSI slave).

As for FSI, its symbols and wire-protocol are not modelled at all. This
is not necessary to get FSI off the ground thanks to the mapping of the
CFAM address space onto the OPB address space - the models follow this
directly and map the CFAM memory region into the OPB's memory region.
Future work includes supporting more advanced accesses that drive the
FSI master directly rather than indirectly via the CFAM mapping, which
will require implementing the FSI state machine and methods for each of
the FSI symbols on the slave. Further down the track we can also look at
supporting the bitbanged SoftFSI drivers in Linux by extending the FSI
slave model to resolve sequences of GPIO IRQs into FSI symbols, and
calling the associated symbol method on the slave to map the access onto
the CFAM.

Testing:
Tested by reading cfam config address 0 on rainier machine type.

root@p10bmc:~# pdbg -a getcfam 0x0
p0: 0x0 = 0xc0022d15

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
---
 hw/arm/aspeed_ast2600.c | 19 +++
 include/hw/arm/aspeed_soc.h |  4 
 2 files changed, 23 insertions(+)

diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c
index a8b3a8065a..010c9cee8a 100644
--- a/hw/arm/aspeed_ast2600.c
+++ b/hw/arm/aspeed_ast2600.c
@@ -75,6 +75,8 @@ static const hwaddr aspeed_soc_ast2600_memmap[] = {
 [ASPEED_DEV_UART12]= 0x1E790600,
 [ASPEED_DEV_UART13]= 0x1E790700,
 [ASPEED_DEV_VUART] = 0x1E787000,
+[ASPEED_DEV_FSI1]  = 0x1E79B000,
+[ASPEED_DEV_FSI2]  

[PATCH v4 05/10] hw/fsi: IBM's On-chip Peripheral Bus

[Ninad Palsule]

This is a part of patchset where IBM's Flexible Service Interface is
introduced.

The On-Chip Peripheral Bus (OPB): A low-speed bus typically found in
POWER processors. This now makes an appearance in the ASPEED SoC due
to tight integration of the FSI master IP with the OPB, mainly the
existence of an MMIO-mapping of the CFAM address straight onto a
sub-region of the OPB address space.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
Reviewed-by: Joel Stanley 
---
v2:
- Incorporated review comment by Joel.
---
 hw/fsi/Kconfig   |   4 +
 hw/fsi/fsi-master.c  |   6 +-
 hw/fsi/meson.build   |   1 +
 hw/fsi/opb.c | 194 +++
 include/hw/fsi/opb.h |  43 ++
 5 files changed, 244 insertions(+), 4 deletions(-)
 create mode 100644 hw/fsi/opb.c
 create mode 100644 include/hw/fsi/opb.h

diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
index 087980be22..560ce536db 100644
--- a/hw/fsi/Kconfig
+++ b/hw/fsi/Kconfig
@@ -1,3 +1,7 @@
+config OPB
+bool
+select CFAM
+
 config CFAM
 bool
 select FSI
diff --git a/hw/fsi/fsi-master.c b/hw/fsi/fsi-master.c
index fe1693539a..46103f84e9 100644
--- a/hw/fsi/fsi-master.c
+++ b/hw/fsi/fsi-master.c
@@ -7,14 +7,12 @@
 
 #include "qemu/osdep.h"
 
+#include "qemu/bitops.h"
 #include "qapi/error.h"
-
 #include "qemu/log.h"
 
-#include "hw/fsi/bits.h"
 #include "hw/fsi/fsi-master.h"
-
-#define TYPE_OP_BUS "opb"
+#include "hw/fsi/opb.h"
 
 #define TO_REG(x)   ((x) >> 2)
 
diff --git a/hw/fsi/meson.build b/hw/fsi/meson.build
index ca80d11cb9..cab645f4ea 100644
--- a/hw/fsi/meson.build
+++ b/hw/fsi/meson.build
@@ -2,3 +2,4 @@ system_ss.add(when: 'CONFIG_LBUS', if_true: files('lbus.c'))
 system_ss.add(when: 'CONFIG_SCRATCHPAD', if_true: files('engine-scratchpad.c'))
 system_ss.add(when: 'CONFIG_CFAM', if_true: files('cfam.c'))
 system_ss.add(when: 'CONFIG_FSI', if_true: 
files('fsi.c','fsi-master.c','fsi-slave.c'))
+system_ss.add(when: 'CONFIG_OPB', if_true: files('opb.c'))
diff --git a/hw/fsi/opb.c b/hw/fsi/opb.c
new file mode 100644
index 00..ac7693c001
--- /dev/null
+++ b/hw/fsi/opb.c
@@ -0,0 +1,194 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM On-chip Peripheral Bus
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qemu/log.h"
+
+#include "hw/fsi/opb.h"
+
+static MemTxResult opb_read(OPBus *opb, hwaddr addr, void *data, size_t len)
+{
+return address_space_read(>as, addr, MEMTXATTRS_UNSPECIFIED, data,
+  len);
+}
+
+uint8_t opb_read8(OPBus *opb, hwaddr addr)
+{
+MemTxResult tx;
+uint8_t data;
+
+tx = opb_read(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+
+return data;
+}
+
+uint16_t opb_read16(OPBus *opb, hwaddr addr)
+{
+MemTxResult tx;
+uint16_t data;
+
+tx = opb_read(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+
+return data;
+}
+
+uint32_t opb_read32(OPBus *opb, hwaddr addr)
+{
+MemTxResult tx;
+uint32_t data;
+
+tx = opb_read(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+
+return data;
+}
+
+static MemTxResult opb_write(OPBus *opb, hwaddr addr, void *data, size_t len)
+{
+return address_space_write(>as, addr, MEMTXATTRS_UNSPECIFIED, data,
+   len);
+}
+
+void opb_write8(OPBus *opb, hwaddr addr, uint8_t data)
+{
+MemTxResult tx;
+
+tx = opb_write(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+}
+
+void opb_write16(OPBus *opb, hwaddr addr, uint16_t data)
+{
+MemTxResult tx;
+
+tx = opb_write(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+}
+
+void opb_write32(OPBus *opb, hwaddr addr, uint32_t data)
+{
+MemTxResult tx;
+
+tx = opb_write(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+}
+
+void opb_fsi_master_address(OPBus *opb, hwaddr addr)
+{
+memory_region_transaction_begin();
+memory_region_set_address(>fsi.iomem, addr);
+memory_region_transaction_commit();
+}
+
+void opb_opb2fsi_address(OPBus *opb, hwaddr addr)
+{
+memory_region_transaction_begin();
+memory_region_set_address(>fsi.opb2fsi, addr);
+memory_region_transaction_commit();
+}
+
+static uint64_t opb_unimplemented_read(void *opaque, hwaddr addr, unsigned 
size)
+{
+qemu_log_mask(LOG_UNIMP, "%s: read @0x%" HWADDR_PRIx " size=%d\n",
+  __func__, addr, size);
+
+return 0;
+}
+
+static void opb_unimplemented_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned size)
+{
+qemu_log_mask(LOG_UNIMP, "%s: write @0x%" HWADDR_PRIx " size=%d "
+  "value=%"PRIx64"\n", __func__, addr, size, data);
+}
+
+static const struct MemoryRegionOps 

[PATCH v4 09/10] hw/fsi: Added FSI documentation

[Ninad Palsule]

Documentation for IBM FSI model.

Signed-off-by: Ninad Palsule 
---
v4:
  - Added separate commit for documentation
---
 docs/specs/fsi.rst | 141 +
 1 file changed, 141 insertions(+)
 create mode 100644 docs/specs/fsi.rst

diff --git a/docs/specs/fsi.rst b/docs/specs/fsi.rst
new file mode 100644
index 00..73b082afe1
--- /dev/null
+++ b/docs/specs/fsi.rst
@@ -0,0 +1,141 @@
+==
+IBM's Flexible Service Interface (FSI)
+==
+
+The QEMU FSI emulation implements hardware interfaces between ASPEED SOC, FSI
+master/slave and the end engine.
+
+FSI is a point-to-point two wire interface which is capable of supporting
+distances of up to 4 meters. FSI interfaces have been used successfully for
+many years in IBM servers to attach IBM Flexible Support Processors(FSP) to
+CPUs and IBM ASICs.
+
+FSI allows a service processor access to the internal buses of a host POWER
+processor to perform configuration or debugging. FSI has long existed in POWER
+processes and so comes with some baggage, including how it has been integrated
+into the ASPEED SoC.
+
+Working backwards from the POWER processor, the fundamental pieces of interest
+for the implementation are:
+
+1. The Common FRU Access Macro (CFAM), an address space containing various
+   "engines" that drive accesses on buses internal and external to the POWER
+   chip. Examples include the SBEFIFO and I2C masters. The engines hang off of
+   an internal Local Bus (LBUS) which is described by the CFAM configuration
+   block.
+
+2. The FSI slave: The slave is the terminal point of the FSI bus for FSI
+   symbols addressed to it. Slaves can be cascaded off of one another. The
+   slave's configuration registers appear in address space of the CFAM to
+   which it is attached.
+
+3. The FSI master: A controller in the platform service processor (e.g. BMC)
+   driving CFAM engine accesses into the POWER chip. At the hardware level
+   FSI is a bit-based protocol supporting synchronous and DMA-driven accesses
+   of engines in a CFAM.
+
+4. The On-Chip Peripheral Bus (OPB): A low-speed bus typically found in POWER
+   processors. This now makes an appearance in the ASPEED SoC due to tight
+   integration of the FSI master IP with the OPB, mainly the existence of an
+   MMIO-mapping of the CFAM address straight onto a sub-region of the OPB
+   address space.
+
+5. An APB-to-OPB bridge enabling access to the OPB from the ARM core in the
+   AST2600. Hardware limitations prevent the OPB from being directly mapped
+   into APB, so all accesses are indirect through the bridge.
+
+The LBUS is modelled to maintain the qdev bus hierarchy and to take advantages
+of the object model to automatically generate the CFAM configuration block.
+The configuration block presents engines in the order they are attached to the
+CFAM's LBUS. Engine implementations should subclass the LBusDevice and set the
+'config' member of LBusDeviceClass to match the engine's type.
+
+CFAM designs offer a lot of flexibility, for instance it is possible for a
+CFAM to be simultaneously driven from multiple FSI links. The modeling is not
+so complete; it's assumed that each CFAM is attached to a single FSI slave (as
+a consequence the CFAM subclasses the FSI slave).
+
+As for FSI, its symbols and wire-protocol are not modelled at all. This is not
+necessary to get FSI off the ground thanks to the mapping of the CFAM address
+space onto the OPB address space - the models follow this directly and map the
+CFAM memory region into the OPB's memory region.
+
+QEMU files related to FSI interface:
+ - ``hw/fsi/aspeed-apb2opb.c``
+ - ``include/hw/fsi/aspeed-apb2opb.h``
+ - ``hw/fsi/opb.c``
+ - ``include/hw/fsi/opb.h``
+ - ``hw/fsi/fsi.c``
+ - ``include/hw/fsi/fsi.h``
+ - ``hw/fsi/fsi-master.c``
+ - ``include/hw/fsi/fsi-master.h``
+ - ``hw/fsi/fsi-slave.c``
+ - ``include/hw/fsi/fsi-slave.h``
+ - ``hw/fsi/cfam.c``
+ - ``include/hw/fsi/cfam.h``
+ - ``hw/fsi/engine-scratchpad.c``
+ - ``include/hw/fsi/engine-scratchpad.h``
+ - ``include/hw/fsi/lbus.h``
+
+The following commands start the rainier machine with built-in FSI model.
+There are no model specific arguments.
+
+.. code-block:: console
+
+  qemu-system-arm -M rainier-bmc -nographic \
+  -kernel fitImage-linux.bin \
+  -dtb aspeed-bmc-ibm-rainier.dtb \
+  -initrd obmc-phosphor-initramfs.rootfs.cpio.xz \
+  -drive file=obmc-phosphor-image.rootfs.wic.qcow2,if=sd,index=2 \
+  -append "rootwait console=ttyS4,115200n8 root=PARTLABEL=rofs-a"
+
+The implementation appears as following in the qemu device tree:
+
+.. code-block:: console
+
+  (qemu) info qtree
+  bus: main-system-bus
+type System
+...
+dev: aspeed.apb2opb, id ""
+  gpio-out "sysbus-irq" 1
+  mmio 1e79b000/1000
+  bus: opb.1
+type opb
+dev: fsi.master, id ""
+  bus: fsi.bus.1
+type fsi.bus
+dev: 

[PATCH v4 01/10] hw/fsi: Introduce IBM's Local bus

[Ninad Palsule]

This is a part of patchset where IBM's Flexible Service Interface is
introduced.

The LBUS is modelled to maintain the qdev bus hierarchy and to take
advantage of the object model to automatically generate the CFAM
configuration block. The configuration block presents engines in the
order they are attached to the CFAM's LBUS. Engine implementations
should subclass the LBusDevice and set the 'config' member of
LBusDeviceClass to match the engine's type.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
---
v2:
- Incorporated Joel's review comments.
---
 hw/Kconfig|  1 +
 hw/fsi/Kconfig|  2 +
 hw/fsi/lbus.c | 94 +++
 hw/fsi/meson.build|  1 +
 hw/meson.build|  1 +
 include/hw/fsi/lbus.h | 48 ++
 include/qemu/bitops.h |  6 +++
 7 files changed, 153 insertions(+)
 create mode 100644 hw/fsi/Kconfig
 create mode 100644 hw/fsi/lbus.c
 create mode 100644 hw/fsi/meson.build
 create mode 100644 include/hw/fsi/lbus.h

diff --git a/hw/Kconfig b/hw/Kconfig
index ba62ff6417..2ccb73add5 100644
--- a/hw/Kconfig
+++ b/hw/Kconfig
@@ -9,6 +9,7 @@ source core/Kconfig
 source cxl/Kconfig
 source display/Kconfig
 source dma/Kconfig
+source fsi/Kconfig
 source gpio/Kconfig
 source hyperv/Kconfig
 source i2c/Kconfig
diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
new file mode 100644
index 00..687449e14e
--- /dev/null
+++ b/hw/fsi/Kconfig
@@ -0,0 +1,2 @@
+config LBUS
+bool
diff --git a/hw/fsi/lbus.c b/hw/fsi/lbus.c
new file mode 100644
index 00..afb26ef7ea
--- /dev/null
+++ b/hw/fsi/lbus.c
@@ -0,0 +1,94 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM Local bus where FSI slaves are connected
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qemu/log.h"
+
+#include "hw/fsi/lbus.h"
+
+#include "hw/qdev-properties.h"
+
+static void lbus_realize(BusState *bus, Error **errp)
+{
+LBusNode *node;
+LBus *lbus = LBUS(bus);
+
+memory_region_init(>mr, OBJECT(lbus), TYPE_LBUS,
+   (2 * 1024 * 1024) - 0x400);
+
+QLIST_FOREACH(node, >devices, next) {
+memory_region_add_subregion(>mr, node->ldev->address,
+>ldev->iomem);
+}
+}
+
+static void lbus_init(Object *o)
+{
+}
+
+static void lbus_class_init(ObjectClass *klass, void *data)
+{
+BusClass *k = BUS_CLASS(klass);
+k->realize = lbus_realize;
+}
+
+static const TypeInfo lbus_info = {
+.name = TYPE_LBUS,
+.parent = TYPE_BUS,
+.instance_init = lbus_init,
+.instance_size = sizeof(LBus),
+.class_init = lbus_class_init,
+};
+
+static Property lbus_device_props[] = {
+DEFINE_PROP_UINT32("address", LBusDevice, address, 0),
+DEFINE_PROP_END_OF_LIST(),
+};
+
+DeviceState *lbus_create_device(LBus *bus, const char *type, uint32_t addr)
+{
+DeviceState *dev;
+LBusNode *node;
+
+dev = qdev_new(type);
+qdev_prop_set_uint8(dev, "address", addr);
+qdev_realize_and_unref(dev, >bus, _fatal);
+
+/* Move to post_load */
+node = g_malloc(sizeof(struct LBusNode));
+node->ldev = LBUS_DEVICE(dev);
+QLIST_INSERT_HEAD(>devices, node, next);
+
+return dev;
+}
+
+static void lbus_device_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->bus_type = TYPE_LBUS;
+device_class_set_props(dc, lbus_device_props);
+}
+
+static const TypeInfo lbus_device_type_info = {
+.name = TYPE_LBUS_DEVICE,
+.parent = TYPE_DEVICE,
+.instance_size = sizeof(LBusDevice),
+.abstract = true,
+.class_init = lbus_device_class_init,
+.class_size = sizeof(LBusDeviceClass),
+};
+
+static void lbus_register_types(void)
+{
+type_register_static(_info);
+type_register_static(_device_type_info);
+}
+
+type_init(lbus_register_types);
diff --git a/hw/fsi/meson.build b/hw/fsi/meson.build
new file mode 100644
index 00..e1007d5fea
--- /dev/null
+++ b/hw/fsi/meson.build
@@ -0,0 +1 @@
+system_ss.add(when: 'CONFIG_LBUS', if_true: files('lbus.c'))
diff --git a/hw/meson.build b/hw/meson.build
index c7ac7d3d75..6c71ee9cfa 100644
--- a/hw/meson.build
+++ b/hw/meson.build
@@ -43,6 +43,7 @@ subdir('virtio')
 subdir('watchdog')
 subdir('xen')
 subdir('xenpv')
+subdir('fsi')
 
 subdir('alpha')
 subdir('arm')
diff --git a/include/hw/fsi/lbus.h b/include/hw/fsi/lbus.h
new file mode 100644
index 00..fafc065178
--- /dev/null
+++ b/include/hw/fsi/lbus.h
@@ -0,0 +1,48 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM Local bus and connected device structures.
+ */
+#ifndef FSI_LBUS_H
+#define FSI_LBUS_H
+
+#include "exec/memory.h"
+#include "hw/qdev-core.h"
+
+#define TYPE_LBUS_DEVICE "lbus.device"
+OBJECT_DECLARE_TYPE(LBusDevice, LBusDeviceClass, LBUS_DEVICE)
+
+typedef struct LBusDevice {
+DeviceState parent;
+
+MemoryRegion iomem;
+

Re: [PATCH v3 8/8] hw/fsi: Documentation and testing

[Ninad Palsule]

Hello Thomas,

On 8/30/23 02:05, Thomas Huth wrote:

On 30/08/2023 04.26, Ninad Palsule wrote:

Added FSI document
Added basic qtests for FSI model.
Added MAINITAINER for FSI
Replaced some qemu logs to traces.


Sorry, that's not how we rework patch series in the QEMU development 
process. Please squash the log traces changes into the patches that 
introduced the original code, and please put the MAINTAINERS update, 
documentation and qtests into separate patches.


Fix the rework issue and added separate patches for MAINTAINER, doc and 
qtests.


Thanks for the review.

~Ninad





 Thanks,
  Thomas

[PATCH v4 08/10] hw/fsi: Added qtest

[Ninad Palsule]

Added basic qtests for FSI model.

Signed-off-by: Ninad Palsule 
---
v3:
 - Added new qtest as per Cedric's comment.
V4:
 - Remove MAINTAINER and documentation changes from this commit
---
 tests/qtest/fsi-test.c  | 210 
 tests/qtest/meson.build |   2 +
 2 files changed, 212 insertions(+)
 create mode 100644 tests/qtest/fsi-test.c

diff --git a/tests/qtest/fsi-test.c b/tests/qtest/fsi-test.c
new file mode 100644
index 00..30bb7475c7
--- /dev/null
+++ b/tests/qtest/fsi-test.c
@@ -0,0 +1,210 @@
+/*
+ * QTest testcases for IBM's Flexible Service Interface (FSI)
+ *
+ * Copyright (c) 2023 IBM Corporation
+ *
+ * Authors:
+ *   Ninad Palsule 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include 
+
+#include "qemu/module.h"
+#include "libqtest-single.h"
+
+/* Registers from ast2600 specifications */
+#define ASPEED_FSI_ENGINER_TRIGGER   0x04
+#define ASPEED_FSI_OPB0_BUS_SELECT   0x10
+#define ASPEED_FSI_OPB1_BUS_SELECT   0x28
+#define ASPEED_FSI_OPB0_RW_DIRECTION 0x14
+#define ASPEED_FSI_OPB1_RW_DIRECTION 0x2c
+#define ASPEED_FSI_OPB0_XFER_SIZE0x18
+#define ASPEED_FSI_OPB1_XFER_SIZE0x30
+#define ASPEED_FSI_OPB0_BUS_ADDR 0x1c
+#define ASPEED_FSI_OPB1_BUS_ADDR 0x34
+#define ASPEED_FSI_INTRRUPT_CLEAR0x40
+#define ASPEED_FSI_INTRRUPT_STATUS   0x48
+#define ASPEED_FSI_OPB0_BUS_STATUS   0x80
+#define ASPEED_FSI_OPB1_BUS_STATUS   0x8c
+#define ASPEED_FSI_OPB0_READ_DATA0x84
+#define ASPEED_FSI_OPB1_READ_DATA0x90
+
+/*
+ * FSI Base addresses from the ast2600 specifications.
+ */
+#define AST2600_OPB_FSI0_BASE_ADDR 0x1e79b000
+#define AST2600_OPB_FSI1_BASE_ADDR 0x1e79b100
+
+static uint32_t aspeed_fsi_base_addr;
+
+static uint32_t aspeed_fsi_readl(QTestState *s, uint32_t reg)
+{
+return qtest_readl(s, aspeed_fsi_base_addr + reg);
+}
+
+static void aspeed_fsi_writel(QTestState *s, uint32_t reg, uint32_t val)
+{
+qtest_writel(s, aspeed_fsi_base_addr + reg, val);
+}
+
+/* Setup base address and select register */
+static void test_fsi_setup(QTestState *s, uint32_t base_addr)
+{
+uint32_t curval;
+
+/* Set the base select register */
+if (base_addr == AST2600_OPB_FSI0_BASE_ADDR) {
+aspeed_fsi_base_addr = base_addr;
+
+/* Unselect FSI1 */
+aspeed_fsi_writel(s, ASPEED_FSI_OPB1_BUS_SELECT, 0x0);
+curval = aspeed_fsi_readl(s, ASPEED_FSI_OPB1_BUS_SELECT);
+g_assert_cmpuint(curval, ==, 0x0);
+
+/* Select FSI0 */
+aspeed_fsi_writel(s, ASPEED_FSI_OPB0_BUS_SELECT, 0x1);
+curval = aspeed_fsi_readl(s, ASPEED_FSI_OPB0_BUS_SELECT);
+g_assert_cmpuint(curval, ==, 0x1);
+} else if (base_addr == AST2600_OPB_FSI1_BASE_ADDR) {
+aspeed_fsi_base_addr = base_addr;
+
+/* Unselect FSI0 */
+aspeed_fsi_writel(s, ASPEED_FSI_OPB0_BUS_SELECT, 0x0);
+curval = aspeed_fsi_readl(s, ASPEED_FSI_OPB0_BUS_SELECT);
+g_assert_cmpuint(curval, ==, 0x0);
+
+/* Select FSI1 */
+aspeed_fsi_writel(s, ASPEED_FSI_OPB1_BUS_SELECT, 0x1);
+curval = aspeed_fsi_readl(s, ASPEED_FSI_OPB1_BUS_SELECT);
+g_assert_cmpuint(curval, ==, 0x1);
+} else {
+g_assert_not_reached();
+}
+}
+
+static void test_fsi_reg_change(QTestState *s, uint32_t reg, uint32_t newval)
+{
+uint32_t base;
+uint32_t curval;
+
+base = aspeed_fsi_readl(s, reg);
+aspeed_fsi_writel(s, reg, newval);
+curval = aspeed_fsi_readl(s, reg);
+g_assert_cmpuint(curval, ==, newval);
+aspeed_fsi_writel(s, reg, base);
+curval = aspeed_fsi_readl(s, reg);
+g_assert_cmpuint(curval, ==, base);
+}
+
+static void test_fsi0_master_regs(const void *data)
+{
+QTestState *s = (QTestState *)data;
+
+test_fsi_setup(s, AST2600_OPB_FSI0_BASE_ADDR);
+
+test_fsi_reg_change(s, ASPEED_FSI_OPB0_RW_DIRECTION, 0xF3F4F514);
+test_fsi_reg_change(s, ASPEED_FSI_OPB0_XFER_SIZE, 0xF3F4F518);
+test_fsi_reg_change(s, ASPEED_FSI_OPB0_BUS_ADDR, 0xF3F4F51c);
+test_fsi_reg_change(s, ASPEED_FSI_INTRRUPT_CLEAR, 0xF3F4F540);
+test_fsi_reg_change(s, ASPEED_FSI_INTRRUPT_STATUS, 0xF3F4F548);
+test_fsi_reg_change(s, ASPEED_FSI_OPB0_BUS_STATUS, 0xF3F4F580);
+test_fsi_reg_change(s, ASPEED_FSI_OPB0_READ_DATA, 0xF3F4F584);
+}
+
+static void test_fsi1_master_regs(const void *data)
+{
+QTestState *s = (QTestState *)data;
+
+test_fsi_setup(s, AST2600_OPB_FSI1_BASE_ADDR);
+
+test_fsi_reg_change(s, ASPEED_FSI_OPB1_RW_DIRECTION, 0xF3F4F514);
+test_fsi_reg_change(s, ASPEED_FSI_OPB1_XFER_SIZE, 0xF3F4F518);
+test_fsi_reg_change(s, ASPEED_FSI_OPB1_BUS_ADDR, 0xF3F4F51c);
+test_fsi_reg_change(s, ASPEED_FSI_INTRRUPT_CLEAR, 0xF3F4F540);
+test_fsi_reg_change(s, ASPEED_FSI_INTRRUPT_STATUS, 0xF3F4F548);
+test_fsi_reg_change(s, ASPEED_FSI_OPB1_BUS_STATUS, 0xF3F4F580);
+test_fsi_reg_change(s, 

[PATCH v4 00/10] Introduce model for IBM's FSI

[Ninad Palsule]

Hello,

Please review the patch-set version 4.
I have incorporated review comments from Cedric and Thomas.

Ninad Palsule (10):
  hw/fsi: Introduce IBM's Local bus
  hw/fsi: Introduce IBM's scratchpad
  hw/fsi: Introduce IBM's cfam,fsi-slave
  hw/fsi: Introduce IBM's FSI
  hw/fsi: IBM's On-chip Peripheral Bus
  hw/fsi: Aspeed APB2OPB interface
  hw/arm: Hook up FSI module in AST2600
  hw/fsi: Added qtest
  hw/fsi: Added FSI documentation
  hw/fsi: Update MAINTAINER list

 MAINTAINERS|  22 ++
 docs/specs/fsi.rst | 141 
 hw/Kconfig |   1 +
 hw/arm/Kconfig |   1 +
 hw/arm/aspeed_ast2600.c|  19 ++
 hw/fsi/Kconfig |  23 ++
 hw/fsi/aspeed-apb2opb.c| 352 +
 hw/fsi/cfam.c  | 239 
 hw/fsi/engine-scratchpad.c | 100 
 hw/fsi/fsi-master.c| 201 
 hw/fsi/fsi-slave.c | 109 +
 hw/fsi/fsi.c   |  54 +
 hw/fsi/lbus.c  |  94 
 hw/fsi/meson.build |   6 +
 hw/fsi/opb.c   | 194 
 hw/fsi/trace-events|   6 +
 hw/fsi/trace.h |   1 +
 hw/meson.build |   1 +
 include/hw/arm/aspeed_soc.h|   4 +
 include/hw/fsi/aspeed-apb2opb.h|  33 +++
 include/hw/fsi/cfam.h  |  61 +
 include/hw/fsi/engine-scratchpad.h |  33 +++
 include/hw/fsi/fsi-master.h|  30 +++
 include/hw/fsi/fsi-slave.h |  29 +++
 include/hw/fsi/fsi.h   |  31 +++
 include/hw/fsi/lbus.h  |  48 
 include/hw/fsi/opb.h   |  43 
 include/qemu/bitops.h  |   6 +
 meson.build|   1 +
 tests/qtest/fsi-test.c | 210 +
 tests/qtest/meson.build|   2 +
 31 files changed, 2095 insertions(+)
 create mode 100644 docs/specs/fsi.rst
 create mode 100644 hw/fsi/Kconfig
 create mode 100644 hw/fsi/aspeed-apb2opb.c
 create mode 100644 hw/fsi/cfam.c
 create mode 100644 hw/fsi/engine-scratchpad.c
 create mode 100644 hw/fsi/fsi-master.c
 create mode 100644 hw/fsi/fsi-slave.c
 create mode 100644 hw/fsi/fsi.c
 create mode 100644 hw/fsi/lbus.c
 create mode 100644 hw/fsi/meson.build
 create mode 100644 hw/fsi/opb.c
 create mode 100644 hw/fsi/trace-events
 create mode 100644 hw/fsi/trace.h
 create mode 100644 include/hw/fsi/aspeed-apb2opb.h
 create mode 100644 include/hw/fsi/cfam.h
 create mode 100644 include/hw/fsi/engine-scratchpad.h
 create mode 100644 include/hw/fsi/fsi-master.h
 create mode 100644 include/hw/fsi/fsi-slave.h
 create mode 100644 include/hw/fsi/fsi.h
 create mode 100644 include/hw/fsi/lbus.h
 create mode 100644 include/hw/fsi/opb.h
 create mode 100644 tests/qtest/fsi-test.c

-- 
2.39.2

[PATCH v4 04/10] hw/fsi: Introduce IBM's FSI

[Ninad Palsule]

This is a part of patchset where IBM's Flexible Service Interface is
introduced.

This commit models the FSI bus. CFAM is hanging out of FSI bus. The bus
is model such a way that it is embeded inside the FSI master which is a
bus controller.

The FSI master: A controller in the platform service processor (e.g.
BMC) driving CFAM engine accesses into the POWER chip. At the
hardware level FSI is a bit-based protocol supporting synchronous and
DMA-driven accesses of engines in a CFAM.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
Reviewed-by: Joel Stanley 
---
v2:
- Incorporated review comments by Joel
---
 hw/fsi/cfam.c   |   3 +-
 hw/fsi/fsi-master.c | 203 
 hw/fsi/fsi.c|  54 ++
 hw/fsi/meson.build  |   2 +-
 include/hw/fsi/cfam.h   |   8 +-
 include/hw/fsi/fsi-master.h |  30 ++
 include/hw/fsi/fsi-slave.h  |   4 +-
 include/hw/fsi/fsi.h|  31 ++
 8 files changed, 327 insertions(+), 8 deletions(-)
 create mode 100644 hw/fsi/fsi-master.c
 create mode 100644 hw/fsi/fsi.c
 create mode 100644 include/hw/fsi/fsi-master.h
 create mode 100644 include/hw/fsi/fsi.h

diff --git a/hw/fsi/cfam.c b/hw/fsi/cfam.c
index 9a9e65d33f..414dcebe63 100644
--- a/hw/fsi/cfam.c
+++ b/hw/fsi/cfam.c
@@ -7,12 +7,13 @@
 
 #include "qemu/osdep.h"
 
+#include "qemu/bitops.h"
 #include "qapi/error.h"
 #include "qemu/log.h"
 #include "trace.h"
 
-#include "hw/fsi/bits.h"
 #include "hw/fsi/cfam.h"
+#include "hw/fsi/fsi.h"
 #include "hw/fsi/engine-scratchpad.h"
 
 #include "hw/qdev-properties.h"
diff --git a/hw/fsi/fsi-master.c b/hw/fsi/fsi-master.c
new file mode 100644
index 00..fe1693539a
--- /dev/null
+++ b/hw/fsi/fsi-master.c
@@ -0,0 +1,203 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM Flexible Service Interface master
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+
+#include "qemu/log.h"
+
+#include "hw/fsi/bits.h"
+#include "hw/fsi/fsi-master.h"
+
+#define TYPE_OP_BUS "opb"
+
+#define TO_REG(x)   ((x) >> 2)
+
+#define FSI_MMODE   TO_REG(0x000)
+#define   FSI_MMODE_IPOLL_DMA_ENBE_BIT(0)
+#define   FSI_MMODE_HW_ERROR_RECOVERY_ENBE_BIT(1)
+#define   FSI_MMODE_RELATIVE_ADDRESS_EN BE_BIT(2)
+#define   FSI_MMODE_PARITY_CHECK_EN BE_BIT(3)
+#define   FSI_MMODE_CLOCK_DIVIDER_0 BE_GENMASK(4, 13)
+#define   FSI_MMODE_CLOCK_DIVIDER_1 BE_GENMASK(14, 23)
+#define   FSI_MMODE_DEBUG_ENBE_BIT(24)
+
+#define FSI_MDELAY  TO_REG(0x004)
+#define   FSI_MDELAY_ECHO_0 BE_GENMASK(0, 3)
+#define   FSI_MDELAY_SEND_0 BE_GENMASK(4, 7)
+#define   FSI_MDELAY_ECHO_1 BE_GENMASK(8, 11)
+#define   FSI_MDELAY_SEND_1 BE_GENMASK(12, 15)
+
+#define FSI_MENP0   TO_REG(0x010)
+#define FSI_MENP32  TO_REG(0x014)
+#define FSI_MSENP0  TO_REG(0x018)
+#define FSI_MLEVP0  TO_REG(0x018)
+#define FSI_MSENP32 TO_REG(0x01c)
+#define FSI_MLEVP32 TO_REG(0x01c)
+#define FSI_MCENP0  TO_REG(0x020)
+#define FSI_MREFP0  TO_REG(0x020)
+#define FSI_MCENP32 TO_REG(0x024)
+#define FSI_MREFP32 TO_REG(0x024)
+
+#define FSI_MAEBTO_REG(0x070)
+#define   FSI_MAEB_ANY_CPU_ERRORBE_BIT(0)
+#define   FSI_MAEB_ANY_DMA_ERRORBE_GENMASK(1, 16)
+#define   FSI_MAEB_ANY_PARITY_ERROR BE_BIT(17)
+
+#define FSI_MVERTO_REG(0x074)
+#define   FSI_MVER_VERSION  BE_GENMASK(0, 7)
+#define   FSI_MVER_BRIDGES  BE_GENMASK(8, 15)
+#define   FSI_MVER_PORTSBE_GENMASK(16, 23)
+
+#define FSI_MRESP0  TO_REG(0x0d0)
+#define   FSI_MRESP0_RESET_PORT_GENERAL BE_BIT(0)
+#define   FSI_MRESP0_RESET_PORT_ERROR   BE_BIT(1)
+#define   FSI_MRESP0_RESET_ALL_BRIDGES_GENERAL  BE_BIT(2)
+#define   FSI_MRESP0_RESET_ALL_PORTS_GENERALBE_BIT(3)
+#define   FSI_MRESP0_RESET_MASTER   BE_BIT(4)
+#define   FSI_MRESP0_RESET_PARITY_ERROR_LATCH   BE_BIT(5)
+
+#define FSI_MRESB0  TO_REG(0x1d0)
+#define   FSI_MRESB0_RESET_GENERAL  BE_BIT(0)
+#define   FSI_MRESB0_RESET_ERRORBE_BIT(1)
+#define   FSI_MRESB0_SET_DMA_SUSPENDBE_BIT(5)
+#define   FSI_MRESB0_CLEAR_DMA_SUSPEND  BE_BIT(6)
+#define   FSI_MRESB0_SET_DELAY_MEASURE  BE_BIT(7)
+
+#define FSI_MECTRL  TO_REG(0x2e0)
+#define  

[PATCH v4 10/10] hw/fsi: Update MAINTAINER list

[Ninad Palsule]

Added maintainer for IBM FSI model

Signed-off-by: Ninad Palsule 
---
V4:
  - Added separate commit for MAINTAINER change.
---
 MAINTAINERS | 22 ++
 1 file changed, 22 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 6111b6b4d9..285f3a3bc9 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3395,6 +3395,28 @@ F: tests/qtest/adm1272-test.c
 F: tests/qtest/max34451-test.c
 F: tests/qtest/isl_pmbus_vr-test.c
 
+FSI
+M: Ninad Palsule 
+S: Maintained
+F: hw/fsi/aspeed-apb2opb.c
+F: hw/fsi/cfam.c
+F: hw/fsi/fsi.c
+F: hw/fsi/fsi-slave.c
+F: hw/fsi/opb.c
+F: hw/fsi/engine-scratchpad.c
+F: hw/fsi/fsi-master.c
+F: hw/fsi/lbus.c
+F: include/hw/fsi/aspeed-apb2opb.h
+F: include/hw/fsi/cfam.h
+F: include/hw/fsi/fsi.h
+F: include/hw/fsi/fsi-slave.h
+F: include/hw/fsi/opb.h
+F: include/hw/fsi/engine-scratchpad.h
+F: include/hw/fsi/fsi-master.h
+F: include/hw/fsi/lbus.h
+F: docs/specs/fsi.rst
+F: tests/qtest/fsi-test.c
+
 Firmware schema specifications
 M: Philippe Mathieu-Daudé 
 R: Daniel P. Berrange 
-- 
2.39.2

[PATCH v4 03/10] hw/fsi: Introduce IBM's cfam,fsi-slave

[Ninad Palsule]

This is a part of patchset where IBM's Flexible Service Interface is
introduced.

The Common FRU Access Macro (CFAM), an address space containing
various "engines" that drive accesses on busses internal and external
to the POWER chip. Examples include the SBEFIFO and I2C masters. The
engines hang off of an internal Local Bus (LBUS) which is described
by the CFAM configuration block.

The FSI slave: The slave is the terminal point of the FSI bus for
FSI symbols addressed to it. Slaves can be cascaded off of one
another. The slave's configuration registers appear in address space
of the CFAM to which it is attached.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
---
v2:
- Incorporated Joel's review comments.
v3:
- Incorporated Thomas Huth's review comments.
---
 hw/fsi/Kconfig |   9 ++
 hw/fsi/cfam.c  | 238 +
 hw/fsi/fsi-slave.c | 109 +
 hw/fsi/meson.build |   2 +
 hw/fsi/trace-events|   5 +
 include/hw/fsi/cfam.h  |  61 ++
 include/hw/fsi/fsi-slave.h |  29 +
 7 files changed, 453 insertions(+)
 create mode 100644 hw/fsi/cfam.c
 create mode 100644 hw/fsi/fsi-slave.c
 create mode 100644 hw/fsi/trace-events
 create mode 100644 include/hw/fsi/cfam.h
 create mode 100644 include/hw/fsi/fsi-slave.h

diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
index 2a9c49f2c9..087980be22 100644
--- a/hw/fsi/Kconfig
+++ b/hw/fsi/Kconfig
@@ -1,3 +1,12 @@
+config CFAM
+bool
+select FSI
+select SCRATCHPAD
+select LBUS
+
+config FSI
+bool
+
 config SCRATCHPAD
 bool
 select LBUS
diff --git a/hw/fsi/cfam.c b/hw/fsi/cfam.c
new file mode 100644
index 00..9a9e65d33f
--- /dev/null
+++ b/hw/fsi/cfam.c
@@ -0,0 +1,238 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM Common FRU Access Macro
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qemu/log.h"
+#include "trace.h"
+
+#include "hw/fsi/bits.h"
+#include "hw/fsi/cfam.h"
+#include "hw/fsi/engine-scratchpad.h"
+
+#include "hw/qdev-properties.h"
+
+#define TO_REG(x)  ((x) >> 2)
+
+#define CFAM_ENGINE_CONFIG  TO_REG(0x04)
+
+#define CFAM_CONFIG_CHIP_IDTO_REG(0x00)
+#define CFAM_CONFIG_CHIP_ID_P9 0xc0022d15
+#define   CFAM_CONFIG_CHIP_ID_BREAK0xc0de
+
+static uint64_t cfam_config_read(void *opaque, hwaddr addr, unsigned size)
+{
+CFAMConfig *config;
+CFAMState *cfam;
+LBusNode *node;
+int i;
+
+config = CFAM_CONFIG(opaque);
+cfam = container_of(config, CFAMState, config);
+
+trace_cfam_config_read(addr, size);
+
+assert(size == 4);
+assert(!(addr & 3));
+
+switch (addr) {
+case 0x00:
+return CFAM_CONFIG_CHIP_ID_P9;
+case 0x04:
+return ENGINE_CONFIG_NEXT
+| 0x0001/* slots */
+| 0x1000/* version */
+| ENGINE_CONFIG_TYPE_PEEK   /* type */
+| 0x000c;   /* crc */
+case 0x08:
+return ENGINE_CONFIG_NEXT
+| 0x0001/* slots */
+| 0x5000/* version */
+| ENGINE_CONFIG_TYPE_FSI/* type */
+| 0x000a;   /* crc */
+break;
+default:
+/* FIXME: Improve this */
+i = 0xc;
+QLIST_FOREACH(node, >lbus.devices, next) {
+if (i == addr) {
+return LBUS_DEVICE_GET_CLASS(node->ldev)->config;
+}
+i += size;
+}
+
+if (i == addr) {
+return 0;
+}
+
+/*
+ * As per FSI specification, This is a magic value at address 0 of
+ * given FSI port. This causes FSI master to send BREAK command for
+ * initialization and recovery.
+ */
+return 0xc0de;
+}
+}
+
+static void cfam_config_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned size)
+{
+CFAMConfig *s = CFAM_CONFIG(opaque);
+
+trace_cfam_config_write(addr, size, data);
+
+assert(size == 4);
+assert(!(addr & 3));
+
+switch (TO_REG(addr)) {
+case CFAM_CONFIG_CHIP_ID:
+case CFAM_CONFIG_CHIP_ID + 4:
+if (data == CFAM_CONFIG_CHIP_ID_BREAK) {
+bus_cold_reset(qdev_get_parent_bus(DEVICE(s)));
+}
+break;
+default:
+qemu_log_mask(LOG_GUEST_ERROR, "%s: Not implemented: 0x%"
+  HWADDR_PRIx" for %u\n",
+  __func__, addr, size);
+}
+}
+
+static const struct MemoryRegionOps cfam_config_ops = {
+.read = cfam_config_read,
+.write = cfam_config_write,
+.endianness = DEVICE_BIG_ENDIAN,
+};
+
+static void cfam_config_realize(DeviceState *dev, Error **errp)
+{
+CFAMConfig *s = CFAM_CONFIG(dev);
+
+

[PATCH v4 02/10] hw/fsi: Introduce IBM's scratchpad

[Ninad Palsule]

This is a part of patchset where IBM's Flexible Service Interface is
introduced.

The LBUS device is embeded inside the scratchpad. The scratchpad
provides a non-functional registers. There is a 1-1 relation between
scratchpad and LBUS devices. Each LBUS device has 1K memory mapped in
the LBUS.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
---
v2:
- Incorporated Joel's review comments.
---
 hw/fsi/Kconfig |   4 ++
 hw/fsi/engine-scratchpad.c | 100 +
 hw/fsi/meson.build |   1 +
 include/hw/fsi/engine-scratchpad.h |  33 ++
 4 files changed, 138 insertions(+)
 create mode 100644 hw/fsi/engine-scratchpad.c
 create mode 100644 include/hw/fsi/engine-scratchpad.h

diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
index 687449e14e..2a9c49f2c9 100644
--- a/hw/fsi/Kconfig
+++ b/hw/fsi/Kconfig
@@ -1,2 +1,6 @@
+config SCRATCHPAD
+bool
+select LBUS
+
 config LBUS
 bool
diff --git a/hw/fsi/engine-scratchpad.c b/hw/fsi/engine-scratchpad.c
new file mode 100644
index 00..15a8f8cc66
--- /dev/null
+++ b/hw/fsi/engine-scratchpad.c
@@ -0,0 +1,100 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM scratchpad engine
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qemu/log.h"
+
+#include "hw/fsi/engine-scratchpad.h"
+
+static uint64_t scratchpad_read(void *opaque, hwaddr addr, unsigned size)
+{
+ScratchPad *s = SCRATCHPAD(opaque);
+
+qemu_log_mask(LOG_UNIMP, "%s: read @0x%" HWADDR_PRIx " size=%d\n",
+  __func__, addr, size);
+
+if (addr) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: Out of bounds read: 0x%"HWADDR_PRIx" for %u\n",
+  __func__, addr, size);
+return 0;
+}
+
+return s->reg;
+}
+
+static void scratchpad_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned size)
+{
+ScratchPad *s = SCRATCHPAD(opaque);
+
+qemu_log_mask(LOG_UNIMP, "%s: write @0x%" HWADDR_PRIx " size=%d "
+  "value=%"PRIx64"\n", __func__, addr, size, data);
+
+if (addr) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: Out of bounds write: 0x%"HWADDR_PRIx" for %u\n",
+  __func__, addr, size);
+return;
+}
+
+s->reg = data;
+}
+
+static const struct MemoryRegionOps scratchpad_ops = {
+.read = scratchpad_read,
+.write = scratchpad_write,
+.endianness = DEVICE_BIG_ENDIAN,
+};
+
+static void scratchpad_realize(DeviceState *dev, Error **errp)
+{
+LBusDevice *ldev = LBUS_DEVICE(dev);
+
+memory_region_init_io(>iomem, OBJECT(ldev), _ops,
+  ldev, TYPE_SCRATCHPAD, 0x400);
+}
+
+static void scratchpad_reset(DeviceState *dev)
+{
+ScratchPad *s = SCRATCHPAD(dev);
+
+s->reg = 0;
+}
+
+static void scratchpad_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+LBusDeviceClass *ldc = LBUS_DEVICE_CLASS(klass);
+
+dc->realize = scratchpad_realize;
+dc->reset = scratchpad_reset;
+
+ldc->config =
+  ENGINE_CONFIG_NEXT/* valid */
+| 0x0001/* slots */
+| 0x1000/* version */
+| ENGINE_CONFIG_TYPE_SCRATCHPAD /* type */
+| 0x0007;   /* crc */
+}
+
+static const TypeInfo scratchpad_info = {
+.name = TYPE_SCRATCHPAD,
+.parent = TYPE_LBUS_DEVICE,
+.instance_size = sizeof(ScratchPad),
+.class_init = scratchpad_class_init,
+.class_size = sizeof(LBusDeviceClass),
+};
+
+static void scratchpad_register_types(void)
+{
+type_register_static(_info);
+}
+
+type_init(scratchpad_register_types);
diff --git a/hw/fsi/meson.build b/hw/fsi/meson.build
index e1007d5fea..f90e09ddab 100644
--- a/hw/fsi/meson.build
+++ b/hw/fsi/meson.build
@@ -1 +1,2 @@
 system_ss.add(when: 'CONFIG_LBUS', if_true: files('lbus.c'))
+system_ss.add(when: 'CONFIG_SCRATCHPAD', if_true: files('engine-scratchpad.c'))
diff --git a/include/hw/fsi/engine-scratchpad.h 
b/include/hw/fsi/engine-scratchpad.h
new file mode 100644
index 00..63bf89ac5a
--- /dev/null
+++ b/include/hw/fsi/engine-scratchpad.h
@@ -0,0 +1,33 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM scratchpad engne
+ */
+#ifndef FSI_ENGINE_SCRATCHPAD_H
+#define FSI_ENGINE_SCRATCHPAD_H
+
+#include "qemu/bitops.h"
+
+#include "hw/fsi/lbus.h"
+
+#define ENGINE_CONFIG_NEXT  BE_BIT(0)
+#define ENGINE_CONFIG_VPD   BE_BIT(1)
+#define ENGINE_CONFIG_SLOTS BE_GENMASK(8, 15)
+#define ENGINE_CONFIG_VERSION   BE_GENMASK(16, 19)
+#define ENGINE_CONFIG_TYPE  BE_GENMASK(20, 27)
+#define   ENGINE_CONFIG_TYPE_PEEK   (0x02 << 4)
+#define   ENGINE_CONFIG_TYPE_FSI(0x03 << 4)
+#define   

Re: [PATCH v3 0/6] vfio/migration: Block VFIO migration with postcopy and background snapshot

[Peter Xu]

On Thu, Sep 07, 2023 at 11:07:10AM +0200, Cédric Le Goater wrote:
> [ ... ]
> 
> > Applied to vfio-next.
> 
> On that topic I am preparing a PR.
> 
> Juan, Peter, Leonardo, is it ok for you if these migration changes
> go through the VFIO tree ?

All good here.

Thanks,

-- 
Peter Xu

[PATCH] meson: Fix targetos match for illumos and Solaris.

[Jonathan Perkin]

qemu 8.1.0 breaks on illumos platforms due to _XOPEN_SOURCE and others 
no longer being set correctly, leading to breakage such as:


  
https://us-central.manta.mnx.io/pkgsrc/public/reports/trunk/tools/20230908.1404/qemu-8.1.0/build.log

This is a result of meson conversion which incorrectly matches against 
'solaris' instead of 'sunos' for uname.


First time submitting a patch here, hope I did it correctly.  Thanks.

Signed-off-by: Jonathan Perkin 
---
 meson.build | 4 ++--
 net/meson.build | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meson.build b/meson.build
index 0e31bdfabf..5150a74831 100644
--- a/meson.build
+++ b/meson.build
@@ -226,7 +226,7 @@ if targetos == 'darwin'
   if compiler.get_id() == 'gcc'
 qemu_common_flags += '-DOS_OBJECT_USE_OBJC=0'
   endif
-elif targetos == 'solaris'
+elif targetos == 'sunos'
   # needed for CMSG_ macros in sys/socket.h
   qemu_common_flags += '-D_XOPEN_SOURCE=600'
   # needed for TIOCWIN* defines in termios.h
@@ -2048,7 +2048,7 @@ have_slirp_smbd = get_option('slirp_smbd') \
 if have_slirp_smbd
   smbd_path = get_option('smbd')
   if smbd_path == ''
-smbd_path = (targetos == 'solaris' ? '/usr/sfw/sbin/smbd' : 
'/usr/sbin/smbd')
+smbd_path = (targetos == 'sunos' ? '/usr/sfw/sbin/smbd' : '/usr/sbin/smbd')
   endif
   config_host_data.set_quoted('CONFIG_SMBD_COMMAND', smbd_path)
 endif
diff --git a/net/meson.build b/net/meson.build
index d2d70634e5..51caa42c9d 100644
--- a/net/meson.build
+++ b/net/meson.build
@@ -47,7 +47,7 @@ elif targetos == 'linux'
   system_ss.add(files('tap.c', 'tap-linux.c'))
 elif targetos in bsd_oses
   system_ss.add(files('tap.c', 'tap-bsd.c'))
-elif targetos == 'solaris'
+elif targetos == 'sunos'
   system_ss.add(files('tap.c', 'tap-solaris.c'))
 else
   system_ss.add(files('tap.c', 'tap-stub.c'))
--
2.42.0

Re: [PATCH 04/14] target/arm: Implement FEAT_MOPS enable bits

[Richard Henderson]

On 9/7/23 09:03, Peter Maydell wrote:

FEAT_MOPS defines a handful of new enable bits:
  * HCRX_EL2.MSCEn, SCTLR_EL1.MSCEn, SCTLR_EL2.MSCen:
define whether the new insns should UNDEF or not
  * HCRX_EL2.MCE2: defines whether memops exceptions from
EL1 should be taken to EL1 or EL2

Since we don't sanitise what bits can be written for the SCTLR
registers, we only need to handle the new bits in HCRX_EL2, and
define SCTLR_MSCEN for the new SCTLR bit value.

The precedence of "HCRX bits acts as 0 if SCR_EL3.HXEn is 0" versus
"bit acts as 1 if EL2 disabled" is not clear from the register
definition text, but it is clear in the CheckMOPSEnabled()
pseudocode(), so we follow that.  We'll have to check whether other
bits we need to implement in future follow the same logic or not.

Signed-off-by: Peter Maydell
---
  target/arm/cpu.h|  6 ++
  target/arm/helper.c | 28 +---
  2 files changed, 27 insertions(+), 7 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 08/14] target/arm: Implement MTE tag-checking functions for FEAT_MOPS

[Richard Henderson]

On 9/7/23 09:03, Peter Maydell wrote:

The FEAT_MOPS instructions need a couple of helper routines that
check for MTE tag failures:
  * mte_mops_probe() checks whether there is going to be a tag
error in the next up-to-a-page worth of data
  * mte_check_fail() is an existing function to record the fact
of a tag failure, which we need to make global so we can
call it from helper-a64.c

Signed-off-by: Peter Maydell
---
  target/arm/internals.h  | 28 +++
  target/arm/tcg/mte_helper.c | 54 +++--
  2 files changed, 80 insertions(+), 2 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 07/14] target/arm: New function allocation_tag_mem_probe()

[Richard Henderson]

On 9/7/23 09:03, Peter Maydell wrote:

@@ -198,6 +215,14 @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int 
ptr_mmu_idx,
  return memory_region_get_ram_ptr(mr) + xlat;
  #endif
  }
+static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,


Missed spacing.

Otherwise,
Reviewed-by: Richard Henderson 

r~

Re: [PATCH 06/14] target/arm: Define syndrome function for MOPS exceptions

[Richard Henderson]

On 9/7/23 09:03, Peter Maydell wrote:

The FEAT_MOPS memory operations can raise a Memory Copy or Memory Set
exception if a copy or set instruction is executed when the CPU
register state is not correct for that instruction. Define the
usual syn_* function that constructs the syndrome register value
for these exceptions.

Signed-off-by: Peter Maydell
---
  target/arm/syndrome.h | 12 
  1 file changed, 12 insertions(+)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 05/14] target/arm: Pass unpriv bool to get_a64_user_mem_index()

[Richard Henderson]

On 9/7/23 09:03, Peter Maydell wrote:

In every place that we call the get_a64_user_mem_index() function
we do it like this:
  memidx = a->unpriv ? get_a64_user_mem_index(s) : get_mem_index(s);
Refactor so the caller passes in the bool that says whether they
want the 'unpriv' or 'normal' mem_index rather than having to
do the ?: themselves.

Signed-off-by: Peter Maydell
---
I'm about to add another use of this function which would
otherwise also end up doing this same ?: expression...
---
  target/arm/tcg/translate-a64.c | 20 ++--
  1 file changed, 14 insertions(+), 6 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PULL 24/51] meson: compile bundled device trees

[BALATON Zoltan]

On Fri, 8 Sep 2023, Michael Tokarev wrote:

08.09.2023 22:21, BALATON Zoltan:
I was about to ask, since when but probably nobody knows then. AFAIR I had 
no such errors for the canyonlands one when I've added it but that was 
quite some years ago and things in dtc for example could have changed so it 
now gives these warnings.


I think it can be said based on debian build logs. Lemme see..

https://buildd.debian.org/status/logs.php?pkg=qemu=all

The first log entry there is from 2018-12-12, for qemu 3.1, dtc 1.4.7.
It has:

dtc -o b/qemu/pc-bios/bamboo.dtb pc-bios/bamboo.dts
b/qemu/pc-bios/bamboo.dtb: Warning (unit_address_vs_reg): /memory: node has a 
reg or ranges property, but no unit name
b/qemu/pc-bios/bamboo.dtb: Warning (unit_address_vs_reg): /plb/opb: node has 
a reg or ranges property, but no unit name
b/qemu/pc-bios/bamboo.dtb: Warning (chosen_node_stdout_path): 
/chosen:linux,stdout-path: Use 'stdout-path' instead
b/qemu/pc-bios/bamboo.dtb: Warning (interrupts_property): /plb/opb: Missing 
interrupt-parent
b/qemu/pc-bios/bamboo.dtb: Warning (interrupts_property): /plb/opb/ebc: 
Missing interrupt-parent



OK so bamboo was likely always like that. Sam460ex (aka canyonlands which 
is the devel board it is based on) was added in February 2018 so that was 
OK back then but later dtc versions may have become pickier somewhere 
between 1.4.7 and 1.6.0.



next it was moved to one of the subpackages, and moved back to
arch-independent package in 6.2 (2022-01-09, dtc 1.6.0), which has:

dtc -o b/misc/bamboo.dtb pc-bios/bamboo.dts
pc-bios/bamboo.dts:45.9-48.4: Warning (unit_address_vs_reg): /memory: node 
has a reg or ranges property, but no unit name
pc-bios/bamboo.dts:87.13-154.5: Warning (unit_address_vs_reg): /plb/opb: node 
has a reg or ranges property, but no unit name
pc-bios/bamboo.dts:198.3-50: Warning (chosen_node_stdout_path): 
/chosen:linux,stdout-path: Use 'stdout-path' instead
pc-bios/bamboo.dts:87.13-154.5: Warning (interrupts_property): /plb/opb: 
Missing interrupt-parent
pc-bios/bamboo.dts:100.14-108.6: Warning (interrupts_property): /plb/opb/ebc: 
Missing interrupt-parent

dtc -o b/misc/canyonlands.dtb pc-bios/canyonlands.dts
pc-bios/canyonlands.dts:47.9-50.4: Warning (unit_address_vs_reg): /memory: 
node has a reg or ranges property, but no unit name
pc-bios/canyonlands.dts:210.13-429.5: Warning (unit_address_vs_reg): 
/plb/opb: node has a reg or ranges property, but no unit name
pc-bios/canyonlands.dts:464.26-504.5: Warning (pci_bridge): 
/plb/pciex@d: node name is not "pci" or "pcie"
pc-bios/canyonlands.dts:506.26-546.5: Warning (pci_bridge): 
/plb/pciex@d2000: node name is not "pci" or "pcie"


Linux has this in arch/powerpc/boot/dts/canyonlands.dts and at least had a 
change of the pciex names to pcie that should fix some of these but if the 
u-boot still uses older names then could updating this result in different 
results between using -kernel and without that? I don't know how guests 
use the dtb so can't tell what to do but keeping it consistent with the 
older u-boot this board has seems like a safer option.


Regards,
BALATON Zoltan

b/misc/canyonlands.dtb: Warning (unit_address_format): Failed prerequisite 
'pci_bridge'
b/misc/canyonlands.dtb: Warning (pci_device_reg): Failed prerequisite 
'pci_bridge'
b/misc/canyonlands.dtb: Warning (pci_device_bus_num): Failed prerequisite 
'pci_bridge'
pc-bios/canyonlands.dts:268.14-289.7: Warning (avoid_unnecessary_addr_size): 
/plb/opb/ebc/ndfc@3,0: unnecessary #address-cells/#size-cells without 
"ranges" or child "reg" property


FWIW.

/mjt

Re: [PATCH 02/14] target/arm: Don't skip MTE checks for LDRT/STRT at EL0

[Richard Henderson]

On 9/7/23 09:03, Peter Maydell wrote:

The LDRT/STRT "unprivileged load/store" instructions behave like
normal ones if executed at EL0. We handle this correctly for
the load/store semantics, but get the MTE checking wrong.

We always look at s->mte_active[is_unpriv] to see whether we should
be doing MTE checks, but in hflags.c when we set the TB flags that
will be used to fill the mte_active[] array we only set the
MTE0_ACTIVE bit if UNPRIV is true (i.e.  we are not at EL0).

This means that a LDRT at EL0 will see s->mte_active[1] as 0,
and will not do MTE checks even when MTE is enabled.

To avoid the translate-time code having to do an explicit check on
s->unpriv to see if it is OK to index into the mte_active[] array,
duplicate MTE_ACTIVE into MTE0_ACTIVE when UNPRIV is false.

(This isn't a very serious bug because generally nobody executes
LDRT/STRT at EL0, because they have no use there.)

Cc:qemu-sta...@nongnu.org
Signed-off-by: Peter Maydell
---
  target/arm/tcg/hflags.c | 9 +
  1 file changed, 9 insertions(+)


Reviewed-by: Richard Henderson 

r~

Re: [PULL 24/51] meson: compile bundled device trees

[Michael Tokarev]

08.09.2023 22:21, BALATON Zoltan:
..
I was about to ask, since when but probably nobody knows then. AFAIR I had no such errors for the canyonlands one when I've added it but that was 
quite some years ago and things in dtc for example could have changed so it now gives these warnings.


I think it can be said based on debian build logs. Lemme see..

https://buildd.debian.org/status/logs.php?pkg=qemu=all

The first log entry there is from 2018-12-12, for qemu 3.1, dtc 1.4.7.
It has:

dtc -o b/qemu/pc-bios/bamboo.dtb pc-bios/bamboo.dts
b/qemu/pc-bios/bamboo.dtb: Warning (unit_address_vs_reg): /memory: node has a 
reg or ranges property, but no unit name
b/qemu/pc-bios/bamboo.dtb: Warning (unit_address_vs_reg): /plb/opb: node has a 
reg or ranges property, but no unit name
b/qemu/pc-bios/bamboo.dtb: Warning (chosen_node_stdout_path): 
/chosen:linux,stdout-path: Use 'stdout-path' instead
b/qemu/pc-bios/bamboo.dtb: Warning (interrupts_property): /plb/opb: Missing 
interrupt-parent
b/qemu/pc-bios/bamboo.dtb: Warning (interrupts_property): /plb/opb/ebc: Missing 
interrupt-parent

next it was moved to one of the subpackages, and moved back to
arch-independent package in 6.2 (2022-01-09, dtc 1.6.0), which has:

dtc -o b/misc/bamboo.dtb pc-bios/bamboo.dts
pc-bios/bamboo.dts:45.9-48.4: Warning (unit_address_vs_reg): /memory: node has 
a reg or ranges property, but no unit name
pc-bios/bamboo.dts:87.13-154.5: Warning (unit_address_vs_reg): /plb/opb: node 
has a reg or ranges property, but no unit name
pc-bios/bamboo.dts:198.3-50: Warning (chosen_node_stdout_path): 
/chosen:linux,stdout-path: Use 'stdout-path' instead
pc-bios/bamboo.dts:87.13-154.5: Warning (interrupts_property): /plb/opb: 
Missing interrupt-parent
pc-bios/bamboo.dts:100.14-108.6: Warning (interrupts_property): /plb/opb/ebc: 
Missing interrupt-parent
dtc -o b/misc/canyonlands.dtb pc-bios/canyonlands.dts
pc-bios/canyonlands.dts:47.9-50.4: Warning (unit_address_vs_reg): /memory: node 
has a reg or ranges property, but no unit name
pc-bios/canyonlands.dts:210.13-429.5: Warning (unit_address_vs_reg): /plb/opb: 
node has a reg or ranges property, but no unit name
pc-bios/canyonlands.dts:464.26-504.5: Warning (pci_bridge): /plb/pciex@d: node name is not 
"pci" or "pcie"
pc-bios/canyonlands.dts:506.26-546.5: Warning (pci_bridge): /plb/pciex@d2000: node name is not 
"pci" or "pcie"
b/misc/canyonlands.dtb: Warning (unit_address_format): Failed prerequisite 
'pci_bridge'
b/misc/canyonlands.dtb: Warning (pci_device_reg): Failed prerequisite 
'pci_bridge'
b/misc/canyonlands.dtb: Warning (pci_device_bus_num): Failed prerequisite 
'pci_bridge'
pc-bios/canyonlands.dts:268.14-289.7: Warning (avoid_unnecessary_addr_size): /plb/opb/ebc/ndfc@3,0: unnecessary #address-cells/#size-cells without 
"ranges" or child "reg" property


FWIW.

/mjt

Re: [PULL 00/51] Build system, i386 changes for 2023-09-07

[Paolo Bonzini]

On Fri, Sep 8, 2023 at 7:28 PM Kevin Wolf  wrote:
> Maybe the calls aren't eliminated because --enable-debug implies -O0?

My experience is that it will still fold simple dead code like "0 &&
foo()" or even "if (0) { ... }", but maybe it's a GCC vs. clang
difference. Philippe, I take it that you are looking at it?

Paolo

> Kevin
>
> > > What are your ./configure command options?
> >
> > '/home/kwolf/source/qemu/configure' '--cc=clang' 
> > '--target-list=x86_64-linux-user,x86_64-softmmu,arm-softmmu,aarch64-softmmu'
> >  '--enable-debug' '--cxx=clang++' '--disable-blkio'
> >
> > Kevin
> >
> > > >/usr/bin/ld: libqemu-x86_64-linux-user.fa.p/target_i386_cpu.c.o: in 
> > > > function `x86_cpu_filter_features':
> > > >/home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:7158: 
> > > > undefined reference to `kvm_arch_get_supported_cpuid'
> > > >/usr/bin/ld: 
> > > > /home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:7159: 
> > > > undefined reference to `kvm_arch_get_supported_cpuid'
> > > >/usr/bin/ld: 
> > > > /home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:7160: 
> > > > undefined reference to `kvm_arch_get_supported_cpuid'
> > > >/usr/bin/ld: 
> > > > /home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:7161: 
> > > > undefined reference to `kvm_arch_get_supported_cpuid'
> > > >/usr/bin/ld: 
> > > > libqemu-x86_64-linux-user.fa.p/target_i386_cpu.c.o:/home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:7162:
> > > >  more undefined references to `kvm_arch_get_supported_cpuid' follow
> > > >clang-15: error: linker command failed with exit code 1 (use -v to 
> > > > see invocation)
> > > >
> > > > In case it makes a difference, I'm using clang on F37.
> > > >
> > > > Kevin
> > >
>

Re: [PULL 24/51] meson: compile bundled device trees

[BALATON Zoltan]

On Fri, 8 Sep 2023, Michael Tokarev wrote:

08.09.2023 19:27, Philippe Mathieu-Daudé:

On 7/9/23 14:59, Paolo Bonzini wrote:

If dtc is available, compile the .dts files in the pc-bios directory
instead of using the precompiled binaries.

Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
  pc-bios/Makefile    | 19 ---
  pc-bios/meson.build | 25 +
  2 files changed, 21 insertions(+), 23 deletions(-)
  delete mode 100644 pc-bios/Makefile


FWIW I'm getting:

[50/1419] Generating pc-bios/bamboo.dts with a custom command
../../pc-bios/bamboo.dts:45.9-48.4: Warning (unit_address_vs_reg): /memory: 
node has a reg or ranges property, but no unit name
../../pc-bios/bamboo.dts:87.13-154.5: Warning (unit_address_vs_reg): 
/plb/opb: node has a reg or ranges property, but no unit name
../../pc-bios/bamboo.dts:198.3-50: Warning (chosen_node_stdout_path): 
/chosen:linux,stdout-path: Use 'stdout-path' instead
../../pc-bios/bamboo.dts:87.13-154.5: Warning (interrupts_property): 
/plb/opb: Missing interrupt-parent
../../pc-bios/bamboo.dts:100.14-108.6: Warning (interrupts_property): 
/plb/opb/ebc: Missing interrupt-parent

[51/1419] Generating pc-bios/canyonlands.dts with a custom command
../../pc-bios/canyonlands.dts:47.9-50.4: Warning (unit_address_vs_reg): 
/memory: node has a reg or ranges property, but no unit name
../../pc-bios/canyonlands.dts:210.13-429.5: Warning (unit_address_vs_reg): 
/plb/opb: node has a reg or ranges property, but no unit name
../../pc-bios/canyonlands.dts:464.26-504.5: Warning (pci_bridge): 
/plb/pciex@d: node name is not "pci" or "pcie"
../../pc-bios/canyonlands.dts:506.26-546.5: Warning (pci_bridge): 
/plb/pciex@d2000: node name is not "pci" or "pcie"
pc-bios/canyonlands.dtb: Warning (unit_address_format): Failed prerequisite 
'pci_bridge'
pc-bios/canyonlands.dtb: Warning (pci_device_reg): Failed prerequisite 
'pci_bridge'
pc-bios/canyonlands.dtb: Warning (pci_device_bus_num): Failed prerequisite 
'pci_bridge'
../../pc-bios/canyonlands.dts:268.14-289.7: Warning 
(avoid_unnecessary_addr_size): /plb/opb/ebc/ndfc@3,0: unnecessary 
#address-cells/#size-cells without "ranges", "dma-ranges" or child "reg" 
property


This smells like something which has been here forever and no one noticed
because the compile only happens when updating these files, ie, almost
never.

So, "don't blame the messenger" :)


I was about to ask, since when but probably nobody knows then. AFAIR I had 
no such errors for the canyonlands one when I've added it but that was 
quite some years ago and things in dtc for example could have changed so 
it now gives these warnings.


The dts files come from Linux so maybe it's fixed there but not sure if 
updating these would generate different dtb that the guests might not like 
as both these machines and guests running on them are quite old. So maybe 
it's safer to ignore the warnings? On the other hand, maybe this dtb is 
only used when booting Linux with -kernel, otherwise the u-boot firmware 
will generate it so updating it may not affect most guests anyway. I think 
Guenter Roeck (cc'd) used this for testing Linux kernels so maybe he has 
some more info or insight. This may not help much but that's all I can add 
to this.


Regards,
BALATON Zoltan

RE: [PATCH 1/3] hw/misc: Introduce AMD/Xilix Versal TRNG device

[Ho, Tong]

Hi Peter,

Your recommendation is noted.  Thanks for your valuable input.  I will present 
V2 with better alignment.

Regards,
Tong Ho

-Original Message-
From: Peter Maydell  
Sent: Friday, September 8, 2023 11:35 AM
To: Ho, Tong 
Cc: Richard Henderson ; qemu-...@nongnu.org; 
qemu-devel@nongnu.org; alist...@alistair23.me; edgar.igles...@gmail.com
Subject: Re: [PATCH 1/3] hw/misc: Introduce AMD/Xilix Versal TRNG device

On Fri, 8 Sept 2023 at 18:56, Ho, Tong  wrote:
>
> Hi Peter,
>
> The Versal TRNG device is required to support both TRNG mode and PRNG 
> mode, and target/guest software selects and changes the mode at will during 
> runtime.
>
> I do agree that, in the TRNG mode, the model using qemu_guest_getrandom() 
> will work without any issues.
>
> When software selects the PRNG mode, the Versal TRNG device is 
> expected to output a reproducible and deterministic sequence of values for a 
> given seed.  This is part of the hardware spec.
>
> I fail to see how qemu_guest_getrandom() can be used to model such 
> requirement correctly.

If the hardware documents a specific RNG that it must use, then yes, we should 
model that, and the comments need to make it clear that we're modelling a very 
specific thing, not merely "here is an arbitrary PRNG".

-- PMM

Re: [RFC Patch 4/5] hw/display: Allwinner A10 LCDC emulation

[Strahinja Jankovic]

Hi Philippe,

Thank you for your comment.



On Wed, Sep 6, 2023 at 7:03 AM Philippe Mathieu-Daudé 
wrote:

> +Gerd & Marc-André for the ui/fb parts.
>
> On 5/9/23 22:14, Strahinja Jankovic wrote:
> > This patch adds support for Allwinner A10 LCD controller.
> > Current emulation supports only RGB32 colorspace and interacts with
> > DEBE0 to obtain framebuffer address and screen size.
> >
> > Signed-off-by: Strahinja Jankovic 
> > ---
> >   hw/arm/allwinner-a10.c  |  10 +
> >   hw/display/allwinner-a10-lcdc.c | 275 
> >   hw/display/meson.build  |   1 +
> >   hw/display/trace-events |   5 +
> >   include/hw/arm/allwinner-a10.h  |   2 +
> >   include/hw/display/allwinner-a10-lcdc.h |  77 +++
> >   6 files changed, 370 insertions(+)
> >   create mode 100644 hw/display/allwinner-a10-lcdc.c
> >   create mode 100644 include/hw/display/allwinner-a10-lcdc.h
> >
> > diff --git a/hw/arm/allwinner-a10.c b/hw/arm/allwinner-a10.c
> > index 624e95af46..f93bc5266d 100644
> > --- a/hw/arm/allwinner-a10.c
> > +++ b/hw/arm/allwinner-a10.c
> > @@ -41,6 +41,7 @@
> >   #define AW_A10_WDT_BASE 0x01c20c90
> >   #define AW_A10_RTC_BASE 0x01c20d00
> >   #define AW_A10_I2C0_BASE0x01c2ac00
> > +#define AW_A10_LCDC0_BASE   0x01c0c000
> >   #define AW_A10_HDMI_BASE0x01c16000
> >   #define AW_A10_GPU_BASE 0x01c4
> >   #define AW_A10_DE_BE0_BASE  0x01e6
> > @@ -101,6 +102,8 @@ static void aw_a10_init(Object *obj)
> >
> >   object_initialize_child(obj, "hdmi", >hdmi, TYPE_AW_A10_HDMI);
> >
> > +object_initialize_child(obj, "lcd0", >lcd0, TYPE_AW_A10_LCDC);
> > +
> >   object_initialize_child(obj, "de_be0", >de_be0,
> TYPE_AW_A10_DEBE);
> >
> >   object_initialize_child(obj, "mali400", >gpu, TYPE_AW_GPU);
> > @@ -230,6 +233,13 @@ static void aw_a10_realize(DeviceState *dev, Error
> **errp)
> >   sysbus_realize(SYS_BUS_DEVICE(>de_be0), _fatal);
> >   sysbus_mmio_map(SYS_BUS_DEVICE(>de_be0), 0, AW_A10_DE_BE0_BASE);
> >
> > +/* LCD Controller */
> > +object_property_set_link(OBJECT(>lcd0), "debe",
> > + OBJECT(>de_be0), _fatal);
>
> IIUC you have LCDC polling DEBE for size update then invalidate,
> shouldn't be the opposite, LCDC linked to DEBE and DEBE call the
> LCDC invalidate handler on resize?
>

I think I understand what you meant. In this case, it was easier to do it
this way, since this way only LCDC needs to store a pointer to DEBE, there
is no need for storing the pointer the other way around as well.
Also the update function should be called frequently, so that should not
affect the performance.

If there is another way to implement this behavior, I am open to changing
this implementation.

Best regards,
Strahinja



> > +sysbus_realize(SYS_BUS_DEVICE(>lcd0), _fatal);
> > +sysbus_mmio_map(SYS_BUS_DEVICE(>lcd0), 0, AW_A10_LCDC0_BASE);
> > +sysbus_connect_irq(SYS_BUS_DEVICE(>lcd0), 0,
> qdev_get_gpio_in(dev, 44));
> > +
> >   /* MALI GPU */
> >   sysbus_realize(SYS_BUS_DEVICE(>gpu), _fatal);
> >   sysbus_mmio_map(SYS_BUS_DEVICE(>gpu), 0, AW_A10_GPU_BASE);
> > diff --git a/hw/display/allwinner-a10-lcdc.c
> b/hw/display/allwinner-a10-lcdc.c
> > new file mode 100644
> > index 00..8367ac32be
> > --- /dev/null
> > +++ b/hw/display/allwinner-a10-lcdc.c
> > @@ -0,0 +1,275 @@
> > +/*
> > + * Allwinner A10 LCD Control Module emulation
> > + *
> > + * Copyright (C) 2023 Strahinja Jankovic <
> strahinja.p.janko...@gmail.com>
> > + *
> > + * This program is free software: you can redistribute it and/or modify
> > + * it under the terms of the GNU General Public License as published by
> > + * the Free Software Foundation, either version 2 of the License, or
> > + * (at your option) any later version.
> > + *
> > + * This program is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + * GNU General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU General Public License
> > + * along with this program.  If not, see  >.
> > + */
> > +
> > +#include "qemu/osdep.h"
> > +#include "qemu/units.h"
> > +#include "hw/sysbus.h"
> > +#include "migration/vmstate.h"
> > +#include "qemu/log.h"
> > +#include "hw/qdev-properties.h"
> > +#include "qemu/module.h"
> > +#include "hw/display/allwinner-a10-lcdc.h"
> > +#include "hw/irq.h"
> > +#include "ui/pixel_ops.h"
> > +#include "trace.h"
> > +#include "sysemu/dma.h"
> > +#include "framebuffer.h"
> > +
> > +/* LCDC register offsets */
> > +enum {
> > +REG_TCON_GCTL   = 0x, /* TCON Global control register */
> > +REG_TCON_GINT0  = 0x0004, /* TCON Global interrupt register 0 */
> > +};
> > +
> > +/* TCON_GCTL register fields */
> > +#define 

Re: [PATCH 1/3] hw/misc: Introduce AMD/Xilix Versal TRNG device

[Peter Maydell]

On Fri, 8 Sept 2023 at 18:56, Ho, Tong  wrote:
>
> Hi Peter,
>
> The Versal TRNG device is required to support both TRNG mode and PRNG mode, 
> and target/guest
> software selects and changes the mode at will during runtime.
>
> I do agree that, in the TRNG mode, the model using qemu_guest_getrandom() 
> will work without any issues.
>
> When software selects the PRNG mode, the Versal TRNG device is expected to 
> output a reproducible
> and deterministic sequence of values for a given seed.  This is part of the 
> hardware spec.
>
> I fail to see how qemu_guest_getrandom() can be used to model such 
> requirement correctly.

If the hardware documents a specific RNG that it must use,
then yes, we should model that, and the comments need
to make it clear that we're modelling a very specific
thing, not merely "here is an arbitrary PRNG".

-- PMM

Re: [PATCH v22 16/20] tests/avocado: s390x cpu topology entitlement tests

[Nina Schoetterl-Glausch]

On Thu, 2023-09-07 at 11:05 +0200, Thomas Huth wrote:
> On 01/09/2023 17.58, Nina Schoetterl-Glausch wrote:
> > From: Pierre Morel 
> > 
> > Test changes in the entitlement from both a guest and a host point of
> > view, depending on the polarization.
> > 
> > Signed-off-by: Pierre Morel 
> > Co-developed-by: Nina Schoetterl-Glausch 
> > Signed-off-by: Nina Schoetterl-Glausch 
> > ---
> >   tests/avocado/s390_topology.py | 55 ++
> >   1 file changed, 55 insertions(+)
> > 
> > diff --git a/tests/avocado/s390_topology.py b/tests/avocado/s390_topology.py
> > index d7ee36cb89..733093723a 100644
> > --- a/tests/avocado/s390_topology.py
> > +++ b/tests/avocado/s390_topology.py
> > @@ -243,3 +243,58 @@ def test_polarization(self):
> >   res = self.vm.qmp('query-s390x-cpu-polarization')
> >   self.assertEqual(res['return']['polarization'], 'horizontal')
> >   self.check_topology(0, 0, 0, 0, 'medium', False)
> > +
> > +
> > +def check_polarization(self, polarization):
> > +"""
> > +We need the polarization change to get stabilized in kernel
> > +before we check it through the sysfs.
> > +"""
> > +exec_command_and_wait_for_pattern(self,
> > +""" sleep 1 ;
> > +/bin/cat /sys/devices/system/cpu/cpu0/polarization """,
> > +polarization)
> 
> Using "sleep" in a function that is called multiple times will blow up the 
> testing time quite a bit ... could this be done in a different way instead, 
> e.g. by polling the sysfs file for the right value, or maybe there is 
> something in the "dmesg" output that could be used as a reference?

Nothing in dmesg.
This works:

def check_polarization(self, polarization):
#We need to wait for the change to have been propagated to the kernel
exec_command_and_wait_for_pattern(self,
"\n".join([
"timeout 1 sh -c 'while true",
'do',
'syspath="/sys/devices/system/cpu/cpu0/polarization"',
'polarization="$(cat "$syspath")" || exit',
   f'if [ "$polarization" = "{polarization}" ]; then',
'exit 0',
'fi',
'sleep 0.01',
#searched for strings mustn't show up in command, '' to obfuscate
"done' && echo succ''ess || echo fail''ure",
]),
"success", "failure")

> 
>   Thomas
> 
> 

[RFC v1 3/8] target/riscv: Add new bits in CSRs for Zjpm 0.6.1

[Alexey Baturo]

Signed-off-by: Alexey Baturo 
---
 target/riscv/cpu_bits.h |  6 ++
 target/riscv/csr.c  |  8 
 target/riscv/pmp.c  |  5 +
 target/riscv/pmp.h  | 12 +++-
 4 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 87a741fe66..238f7a13f4 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -714,6 +714,8 @@ typedef enum RISCVException {
 #define MENVCFG_CBIE   (3UL << 4)
 #define MENVCFG_CBCFE  BIT(6)
 #define MENVCFG_CBZE   BIT(7)
+#define MENVCFG_SPMEN  BIT(8)
+#define MENVCFG_SPMENSELF  BIT(9)
 #define MENVCFG_HADE   (1ULL << 61)
 #define MENVCFG_PBMTE  (1ULL << 62)
 #define MENVCFG_STCE   (1ULL << 63)
@@ -727,11 +729,15 @@ typedef enum RISCVException {
 #define SENVCFG_CBIE   MENVCFG_CBIE
 #define SENVCFG_CBCFE  MENVCFG_CBCFE
 #define SENVCFG_CBZE   MENVCFG_CBZE
+#define SENVCFG_UPMEN  MENVCFG_SPMEN
+#define SENVCFG_UPMENSELF  MENVCFG_SPMENSELF
 
 #define HENVCFG_FIOM   MENVCFG_FIOM
 #define HENVCFG_CBIE   MENVCFG_CBIE
 #define HENVCFG_CBCFE  MENVCFG_CBCFE
 #define HENVCFG_CBZE   MENVCFG_CBZE
+#define HENVCFG_HPMEN  MENVCFG_SPMEN
+#define HENVCFG_HPMENSELF  MENVCFG_SPMENSELF
 #define HENVCFG_HADE   MENVCFG_HADE
 #define HENVCFG_PBMTE  MENVCFG_PBMTE
 #define HENVCFG_STCE   MENVCFG_STCE
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index a08285e55d..c7e59168d2 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -1942,6 +1942,10 @@ static RISCVException write_menvcfg(CPURISCVState *env, 
int csrno,
 (cfg->ext_sstc ? MENVCFG_STCE : 0) |
 (cfg->ext_svadu ? MENVCFG_HADE : 0);
 }
+if (riscv_cpu_cfg(env)->ext_smnjpm) {
+/* for zjpm v0.6.1 MENVCFG_SPMENSELF should be always 0 */
+mask |= MENVCFG_SPMEN;
+}
 env->menvcfg = (env->menvcfg & ~mask) | (val & mask);
 
 return RISCV_EXCP_NONE;
@@ -1993,6 +1997,10 @@ static RISCVException write_senvcfg(CPURISCVState *env, 
int csrno,
 return ret;
 }
 
+if (riscv_cpu_cfg(env)->ext_ssnjpm) {
+/* for zjpm v0.6.1 SENVCFG_UPMENSELF should be always 0 */
+mask |= SENVCFG_UPMEN;
+}
 env->senvcfg = (env->senvcfg & ~mask) | (val & mask);
 return RISCV_EXCP_NONE;
 }
diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 9d8db493e6..0db49173ef 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -580,6 +580,11 @@ void mseccfg_csr_write(CPURISCVState *env, target_ulong 
val)
 val &= ~(MSECCFG_MMWP | MSECCFG_MML | MSECCFG_RLB);
 }
 
+if (riscv_cpu_cfg(env)->ext_smmjpm) {
+/* for zjpm v0.6.1 MSECCFG_MPMENSELF should be always 0 */
+val &= ~MSECCFG_MPMENSELF;
+}
+
 env->mseccfg = val;
 }
 
diff --git a/target/riscv/pmp.h b/target/riscv/pmp.h
index cf5c99f8e6..e4a58c9974 100644
--- a/target/riscv/pmp.h
+++ b/target/riscv/pmp.h
@@ -39,11 +39,13 @@ typedef enum {
 } pmp_am_t;
 
 typedef enum {
-MSECCFG_MML   = 1 << 0,
-MSECCFG_MMWP  = 1 << 1,
-MSECCFG_RLB   = 1 << 2,
-MSECCFG_USEED = 1 << 8,
-MSECCFG_SSEED = 1 << 9
+MSECCFG_MML   = 1 << 0,
+MSECCFG_MMWP  = 1 << 1,
+MSECCFG_RLB   = 1 << 2,
+MSECCFG_USEED = 1 << 8,
+MSECCFG_SSEED = 1 << 9,
+MSECCFG_MPMEN = 1 << 10,
+MSECCFG_MPMENSELF = 1 << 11
 } mseccfg_field_t;
 
 typedef struct {
-- 
2.34.1

[RFC v1 6/8] target/riscv: Add functions to calculate current N masked bits for pointer masking

[Alexey Baturo]

Signed-off-by: Alexey Baturo 
---
 target/riscv/cpu.h|  6 ++--
 target/riscv/cpu_helper.c | 58 +++
 2 files changed, 62 insertions(+), 2 deletions(-)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 17d0088cb4..c87c4f26a2 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -91,11 +91,9 @@ typedef enum {
 /* Enum holds maximum for N bits to be ignored depending on privilege level */
 typedef enum {
 PM_BARE_N_BITS = 16,
-PM_SV32_N_BITS = 0,
 PM_SV39_N_BITS = 25,
 PM_SV48_N_BITS = 16,
 PM_SV57_N_BITS = 7,
-PM_SV64_N_BITS = 0,
 } RISCVZjpmMaxNBits;
 
 #define MMU_USER_IDX 3
@@ -633,6 +631,10 @@ static inline uint32_t vext_get_vlmax(RISCVCPU *cpu, 
target_ulong vtype)
 void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc,
   uint64_t *cs_base, uint32_t *pflags);
 
+void riscv_cpu_update_mask(CPURISCVState *env);
+RISCVZjpmMaxNBits riscv_cpu_pm_get_n_bits(int satp_mode, int priv_mode);
+bool riscv_cpu_pm_check_applicable(CPURISCVState *env, int priv_mode);
+
 RISCVException riscv_csrrw(CPURISCVState *env, int csrno,
target_ulong *ret_value,
target_ulong new_value, target_ulong write_mask);
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index b3871b0a28..6e68b2fc27 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -144,6 +144,64 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc,
 *pflags = flags;
 }
 
+/*
+ * Curernt Zjpm v0.6.1 spec doesn't strictly specify the exact value of N bits.
+ * It allows it to be dependent on both translation mode and priv level.
+ * For now let's ignore priv mode and always return max available value.
+ */
+RISCVZjpmMaxNBits riscv_cpu_pm_get_n_bits(int satp_mode, int priv_mode)
+{
+switch (satp_mode) {
+case VM_1_10_MBARE:
+return PM_BARE_N_BITS;
+case VM_1_10_SV39:
+return PM_SV39_N_BITS;
+case VM_1_10_SV48:
+return PM_SV48_N_BITS;
+case VM_1_10_SV57:
+return PM_SV57_N_BITS;
+default:
+g_assert_not_reached();
+}
+}
+
+/* For current priv level check if pointer masking should be applied */
+bool riscv_cpu_pm_check_applicable(CPURISCVState *env, int priv_mode)
+{
+/* checks if appropriate extension is present and enable bit is set */
+switch (priv_mode) {
+case PRV_M:
+return riscv_cpu_cfg(env)->ext_smmjpm && env->mseccfg & MSECCFG_MPMEN;
+case PRV_S:
+return riscv_cpu_cfg(env)->ext_smnjpm && env->menvcfg & MENVCFG_SPMEN;
+case PRV_U:
+return riscv_cpu_cfg(env)->ext_ssnjpm && env->senvcfg & SENVCFG_UPMEN;
+default:
+g_assert_not_reached();
+}
+g_assert_not_reached();
+return false;
+}
+
+void riscv_cpu_update_mask(CPURISCVState *env)
+{
+#ifndef CONFIG_USER_ONLY
+int priv_mode = cpu_address_mode(env);
+int satp_mode = 0;
+if (riscv_cpu_mxl(env) == MXL_RV32) {
+satp_mode = get_field(env->satp, SATP32_MODE);
+} else {
+satp_mode = get_field(env->satp, SATP64_MODE);
+}
+RISCVZjpmMaxNBits n_bits = riscv_cpu_pm_get_n_bits(satp_mode, priv_mode);
+/* in bare mode address is not sign extended */
+env->pm_signext = (satp_mode != VM_1_10_MBARE);
+/* if pointer masking is applicable set env variable */
+bool applicable = riscv_cpu_pm_check_applicable(env, priv_mode);
+env->pm_n_bits = applicable ? n_bits : 0;
+#endif
+}
+
 #ifndef CONFIG_USER_ONLY
 
 /*
-- 
2.34.1

[RFC v1 0/8] RISC-V Pointer Masking update to Zjpm v0.6.1

[Alexey Baturo]

Hi all,

This series of patches intends to update RISC-V Pointer Masking implementation
to the latest Zjpm v0.6.1 version.
The Pointer Masking functionality is simplified compared to previous version
of spec.
The changes have been tested with handwritten assembly tests and LLVM HWASAN
test suite.

Thanks

Alexey Baturo (8):
  target/riscv: Remove obsolete pointer masking extension code
  target/riscv: Add new S{sn,mn,m}jpm extensions as part of Zjpm v0.6.1
  target/riscv: Add new bits in CSRs for Zjpm 0.6.1
  Add enum with maximum ignored bits depending on privilege level for
Zjpm v0.6.1
  target/riscv: Add pointer masking tb flags
  target/riscv: Add functions to calculate current N masked bits for
pointer masking
  target/riscv: Update address modify functions to take into account
pointer masking
  target/riscv: enable updates for  pointer masking variables and thus
enable pointer masking extension

 target/riscv/cpu.c   |  18 +-
 target/riscv/cpu.h   |  35 ++--
 target/riscv/cpu_bits.h  |  88 +
 target/riscv/cpu_cfg.h   |   3 +
 target/riscv/cpu_helper.c|  99 ++-
 target/riscv/csr.c   | 336 ++-
 target/riscv/machine.c   |  14 +-
 target/riscv/pmp.c   |   6 +
 target/riscv/pmp.h   |  12 +-
 target/riscv/translate.c |  50 +++---
 target/riscv/vector_helper.c |   9 +-
 11 files changed, 152 insertions(+), 518 deletions(-)

-- 
2.34.1

[RFC v1 2/8] target/riscv: Add new S{sn, mn, m}jpm extensions as part of Zjpm v0.6.1

[Alexey Baturo]

Signed-off-by: Alexey Baturo 
---
 target/riscv/cpu.c | 7 +++
 target/riscv/cpu_cfg.h | 3 +++
 target/riscv/machine.c | 6 --
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index f937820976..af8f16b94f 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -137,6 +137,9 @@ static const struct isa_ext_data isa_edata_arr[] = {
 ISA_EXT_DATA_ENTRY(svinval, PRIV_VERSION_1_12_0, ext_svinval),
 ISA_EXT_DATA_ENTRY(svnapot, PRIV_VERSION_1_12_0, ext_svnapot),
 ISA_EXT_DATA_ENTRY(svpbmt, PRIV_VERSION_1_12_0, ext_svpbmt),
+ISA_EXT_DATA_ENTRY(ssnjpm, PRIV_VERSION_1_12_0, ext_ssnjpm),
+ISA_EXT_DATA_ENTRY(smnjpm, PRIV_VERSION_1_12_0, ext_smnjpm),
+ISA_EXT_DATA_ENTRY(smmjpm, PRIV_VERSION_1_12_0, ext_smmjpm),
 ISA_EXT_DATA_ENTRY(xtheadba, PRIV_VERSION_1_11_0, ext_xtheadba),
 ISA_EXT_DATA_ENTRY(xtheadbb, PRIV_VERSION_1_11_0, ext_xtheadbb),
 ISA_EXT_DATA_ENTRY(xtheadbs, PRIV_VERSION_1_11_0, ext_xtheadbs),
@@ -1796,6 +1799,10 @@ static Property riscv_cpu_extensions[] = {
 DEFINE_PROP_UINT16("cboz_blocksize", RISCVCPU, cfg.cboz_blocksize, 64),
 
 DEFINE_PROP_BOOL("zmmul", RISCVCPU, cfg.ext_zmmul, false),
+/* Zjpm v0.6.1 extensions */
+DEFINE_PROP_BOOL("ssnjpm", RISCVCPU, cfg.ext_ssnjpm, false),
+DEFINE_PROP_BOOL("smnjpm", RISCVCPU, cfg.ext_smnjpm, false),
+DEFINE_PROP_BOOL("smmjpm", RISCVCPU, cfg.ext_smmjpm, false),
 
 DEFINE_PROP_BOOL("zca", RISCVCPU, cfg.ext_zca, false),
 DEFINE_PROP_BOOL("zcb", RISCVCPU, cfg.ext_zcb, false),
diff --git a/target/riscv/cpu_cfg.h b/target/riscv/cpu_cfg.h
index 2bd9510ba3..9e9eb7cd1d 100644
--- a/target/riscv/cpu_cfg.h
+++ b/target/riscv/cpu_cfg.h
@@ -93,6 +93,9 @@ struct RISCVCPUConfig {
 bool ext_smaia;
 bool ext_ssaia;
 bool ext_sscofpmf;
+bool ext_ssnjpm;
+bool ext_smnjpm;
+bool ext_smmjpm;
 bool rvv_ta_all_1s;
 bool rvv_ma_all_1s;
 
diff --git a/target/riscv/machine.c b/target/riscv/machine.c
index 8b1a109275..d50ff5421f 100644
--- a/target/riscv/machine.c
+++ b/target/riscv/machine.c
@@ -150,9 +150,8 @@ static const VMStateDescription vmstate_vector = {
 static bool pointermasking_needed(void *opaque)
 {
 RISCVCPU *cpu = opaque;
-CPURISCVState *env = >env;
 
-return riscv_has_ext(env, RVJ);
+return cpu->cfg.ext_ssnjpm || cpu->cfg.ext_smnjpm || cpu->cfg.ext_smmjpm;
 }
 
 static const VMStateDescription vmstate_pointermasking = {
@@ -161,6 +160,9 @@ static const VMStateDescription vmstate_pointermasking = {
 .minimum_version_id = 1,
 .needed = pointermasking_needed,
 .fields = (VMStateField[]) {
+VMSTATE_UINTTL(env.mseccfg, RISCVCPU),
+VMSTATE_UINTTL(env.senvcfg, RISCVCPU),
+VMSTATE_UINTTL(env.menvcfg, RISCVCPU),
 VMSTATE_END_OF_LIST()
 }
 };
-- 
2.34.1

[RFC v1 7/8] target/riscv: Update address modify functions to take into account pointer masking

[Alexey Baturo]

Signed-off-by: Alexey Baturo 
---
 target/riscv/translate.c | 21 +++--
 target/riscv/vector_helper.c |  7 +++
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 3434ba58b6..4aa0e2b9e1 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -581,7 +581,15 @@ static TCGv get_address(DisasContext *ctx, int rs1, int 
imm)
 TCGv src1 = get_gpr(ctx, rs1, EXT_NONE);
 
 tcg_gen_addi_tl(addr, src1, imm);
-if (get_address_xl(ctx) == MXL_RV32) {
+if (ctx->pm_enabled) {
+tcg_gen_shl_tl(addr, addr, pm_n_bits);
+/* sign extend address by first non-masked bit otherwise zero extend */
+if (ctx->pm_signext) {
+tcg_gen_sar_tl(addr, addr, pm_n_bits);
+} else {
+tcg_gen_shr_tl(addr, addr, pm_n_bits);
+}
+} else if (get_address_xl(ctx) == MXL_RV32) {
 tcg_gen_ext32u_tl(addr, addr);
 }
 
@@ -595,7 +603,16 @@ static TCGv get_address_indexed(DisasContext *ctx, int 
rs1, TCGv offs)
 TCGv src1 = get_gpr(ctx, rs1, EXT_NONE);
 
 tcg_gen_add_tl(addr, src1, offs);
-if (get_xl(ctx) == MXL_RV32) {
+/* sign extend address by first non-masked bit */
+if (ctx->pm_enabled) {
+tcg_gen_shl_tl(addr, addr, pm_n_bits);
+/* sign extend address by first non-masked bit otherwise zero extend */
+if (ctx->pm_signext) {
+tcg_gen_sar_tl(addr, addr, pm_n_bits);
+} else {
+tcg_gen_shr_tl(addr, addr, pm_n_bits);
+}
+} else if (get_xl(ctx) == MXL_RV32) {
 tcg_gen_ext32u_tl(addr, addr);
 }
 return addr;
diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c
index af07e1067d..d3ddc2fd41 100644
--- a/target/riscv/vector_helper.c
+++ b/target/riscv/vector_helper.c
@@ -169,6 +169,13 @@ static inline uint32_t vext_get_total_elems(CPURISCVState 
*env, uint32_t desc,
 
 static inline target_ulong adjust_addr(CPURISCVState *env, target_ulong addr)
 {
+addr = addr << env->pm_n_bits;
+/* sign/zero extend masked address by N-1 bit */
+if (env->pm_signext) {
+addr = (target_long)addr >> env->pm_n_bits;
+} else {
+addr = addr >> env->pm_n_bits;
+}
 return addr;
 }
 
-- 
2.34.1

[RFC v1 5/8] target/riscv: Add pointer masking tb flags

[Alexey Baturo]

Signed-off-by: Alexey Baturo 
---
 target/riscv/cpu.h| 19 +--
 target/riscv/cpu_helper.c |  4 
 target/riscv/translate.c  | 10 ++
 3 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 25fe60476b..17d0088cb4 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -356,6 +356,10 @@ struct CPUArchState {
 target_ulong senvcfg;
 uint64_t henvcfg;
 #endif
+/* current number of masked top bits by pointer masking */
+target_ulong pm_n_bits;
+/* if pointer masking should do sign extension */
+bool pm_signext;
 
 /* Fields from here on are preserved across CPU reset. */
 QEMUTimer *stimer; /* Internal timer for S-mode interrupt */
@@ -492,14 +496,17 @@ FIELD(TB_FLAGS, VILL, 14, 1)
 FIELD(TB_FLAGS, VSTART_EQ_ZERO, 15, 1)
 /* The combination of MXL/SXL/UXL that applies to the current cpu mode. */
 FIELD(TB_FLAGS, XL, 16, 2)
-FIELD(TB_FLAGS, VTA, 18, 1)
-FIELD(TB_FLAGS, VMA, 19, 1)
+/* If pointer masking should be applied and address sign extended */
+FIELD(TB_FLAGS, PM_ENABLED, 18, 1)
+FIELD(TB_FLAGS, PM_SIGNEXTEND, 19, 1)
+FIELD(TB_FLAGS, VTA, 20, 1)
+FIELD(TB_FLAGS, VMA, 21, 1)
 /* Native debug itrigger */
-FIELD(TB_FLAGS, ITRIGGER, 20, 1)
+FIELD(TB_FLAGS, ITRIGGER, 22, 1)
 /* Virtual mode enabled */
-FIELD(TB_FLAGS, VIRT_ENABLED, 21, 1)
-FIELD(TB_FLAGS, PRIV, 22, 2)
-FIELD(TB_FLAGS, AXL, 24, 2)
+FIELD(TB_FLAGS, VIRT_ENABLED, 23, 1)
+FIELD(TB_FLAGS, PRIV, 24, 2)
+FIELD(TB_FLAGS, AXL, 25, 2)
 
 #ifdef TARGET_RISCV32
 #define riscv_cpu_mxl(env)  ((void)(env), MXL_RV32)
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 57859314e3..b3871b0a28 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -136,6 +136,10 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc,
 flags = FIELD_DP32(flags, TB_FLAGS, VS, vs);
 flags = FIELD_DP32(flags, TB_FLAGS, XL, env->xl);
 flags = FIELD_DP32(flags, TB_FLAGS, AXL, cpu_address_xl(env));
+if (env->pm_n_bits != 0) {
+flags = FIELD_DP32(flags, TB_FLAGS, PM_ENABLED, 1);
+}
+flags = FIELD_DP32(flags, TB_FLAGS, PM_SIGNEXTEND, env->pm_signext);
 
 *pflags = flags;
 }
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index ce47904590..3434ba58b6 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -42,6 +42,8 @@ static TCGv cpu_gpr[32], cpu_gprh[32], cpu_pc, cpu_vl, 
cpu_vstart;
 static TCGv_i64 cpu_fpr[32]; /* assume F and D extensions */
 static TCGv load_res;
 static TCGv load_val;
+/* number of top masked address bits by pointer masking extension */
+static TCGv pm_n_bits;
 
 /*
  * If an operation is being performed on less than TARGET_LONG_BITS,
@@ -103,6 +105,9 @@ typedef struct DisasContext {
 bool vl_eq_vlmax;
 CPUState *cs;
 TCGv zero;
+/* pointer masking extension */
+bool pm_enabled;
+bool pm_signext;
 /* Use icount trigger for native debug */
 bool itrigger;
 /* FRM is known to contain a valid value. */
@@ -1175,6 +1180,8 @@ static void riscv_tr_init_disas_context(DisasContextBase 
*dcbase, CPUState *cs)
 ctx->xl = FIELD_EX32(tb_flags, TB_FLAGS, XL);
 ctx->address_xl = FIELD_EX32(tb_flags, TB_FLAGS, AXL);
 ctx->cs = cs;
+ctx->pm_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_ENABLED);
+ctx->pm_signext = FIELD_EX32(tb_flags, TB_FLAGS, PM_SIGNEXTEND);
 ctx->itrigger = FIELD_EX32(tb_flags, TB_FLAGS, ITRIGGER);
 ctx->zero = tcg_constant_tl(0);
 ctx->virt_inst_excp = false;
@@ -1306,4 +1313,7 @@ void riscv_translate_init(void)
  "load_res");
 load_val = tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, load_val),
  "load_val");
+/* Assign var with number of pointer masking masked bits to tcg global */
+pm_n_bits = tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, pm_n_bits),
+   "pmbits");
 }
-- 
2.34.1

[RFC v1 1/8] target/riscv: Remove obsolete pointer masking extension code

[Alexey Baturo]

Signed-off-by: Alexey Baturo 
---
 target/riscv/cpu.c   |  12 --
 target/riscv/cpu.h   |  30 +---
 target/riscv/cpu_bits.h  |  82 -
 target/riscv/cpu_helper.c|  52 --
 target/riscv/csr.c   | 326 ---
 target/riscv/machine.c   |   9 -
 target/riscv/translate.c |  27 +--
 target/riscv/vector_helper.c |   2 +-
 8 files changed, 9 insertions(+), 531 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 6b93b04453..f937820976 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -673,13 +673,6 @@ static void riscv_cpu_dump_state(CPUState *cs, FILE *f, 
int flags)
 CSR_MSCRATCH,
 CSR_SSCRATCH,
 CSR_SATP,
-CSR_MMTE,
-CSR_UPMBASE,
-CSR_UPMMASK,
-CSR_SPMBASE,
-CSR_SPMMASK,
-CSR_MPMBASE,
-CSR_MPMMASK,
 };
 
 for (int i = 0; i < ARRAY_SIZE(dump_csrs); ++i) {
@@ -893,11 +886,8 @@ static void riscv_cpu_reset_hold(Object *obj)
 }
 i++;
 }
-/* mmte is supposed to have pm.current hardwired to 1 */
-env->mmte |= (EXT_STATUS_INITIAL | MMTE_M_PM_CURRENT);
 #endif
 env->xl = riscv_cpu_mxl(env);
-riscv_cpu_update_mask(env);
 cs->exception_index = RISCV_EXCP_NONE;
 env->load_res = -1;
 set_default_nan_mode(1, >fp_status);
@@ -1666,7 +1656,6 @@ static const MISAExtInfo misa_ext_info_arr[] = {
 MISA_EXT_INFO(RVS, "s", "Supervisor-level instructions"),
 MISA_EXT_INFO(RVU, "u", "User-level instructions"),
 MISA_EXT_INFO(RVH, "h", "Hypervisor"),
-MISA_EXT_INFO(RVJ, "x-j", "Dynamic translated languages"),
 MISA_EXT_INFO(RVV, "v", "Vector operations"),
 MISA_EXT_INFO(RVG, "g", "General purpose (IMAFD_Zicsr_Zifencei)"),
 };
@@ -1718,7 +1707,6 @@ static RISCVCPUMisaExtConfig misa_ext_cfgs[] = {
 MISA_CFG(RVS, true),
 MISA_CFG(RVU, true),
 MISA_CFG(RVH, true),
-MISA_CFG(RVJ, false),
 MISA_CFG(RVV, false),
 MISA_CFG(RVG, false),
 };
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 6ea22e0eea..62dabfa207 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -338,17 +338,6 @@ struct CPUArchState {
 /* True if in debugger mode.  */
 bool debugger;
 
-/*
- * CSRs for PointerMasking extension
- */
-target_ulong mmte;
-target_ulong mpmmask;
-target_ulong mpmbase;
-target_ulong spmmask;
-target_ulong spmbase;
-target_ulong upmmask;
-target_ulong upmbase;
-
 /* CSRs for execution enviornment configuration */
 uint64_t menvcfg;
 uint64_t mstateen[SMSTATEEN_MAX_COUNT];
@@ -357,8 +346,6 @@ struct CPUArchState {
 target_ulong senvcfg;
 uint64_t henvcfg;
 #endif
-target_ulong cur_pmmask;
-target_ulong cur_pmbase;
 
 /* Fields from here on are preserved across CPU reset. */
 QEMUTimer *stimer; /* Internal timer for S-mode interrupt */
@@ -495,17 +482,14 @@ FIELD(TB_FLAGS, VILL, 14, 1)
 FIELD(TB_FLAGS, VSTART_EQ_ZERO, 15, 1)
 /* The combination of MXL/SXL/UXL that applies to the current cpu mode. */
 FIELD(TB_FLAGS, XL, 16, 2)
-/* If PointerMasking should be applied */
-FIELD(TB_FLAGS, PM_MASK_ENABLED, 18, 1)
-FIELD(TB_FLAGS, PM_BASE_ENABLED, 19, 1)
-FIELD(TB_FLAGS, VTA, 20, 1)
-FIELD(TB_FLAGS, VMA, 21, 1)
+FIELD(TB_FLAGS, VTA, 18, 1)
+FIELD(TB_FLAGS, VMA, 19, 1)
 /* Native debug itrigger */
-FIELD(TB_FLAGS, ITRIGGER, 22, 1)
+FIELD(TB_FLAGS, ITRIGGER, 20, 1)
 /* Virtual mode enabled */
-FIELD(TB_FLAGS, VIRT_ENABLED, 23, 1)
-FIELD(TB_FLAGS, PRIV, 24, 2)
-FIELD(TB_FLAGS, AXL, 26, 2)
+FIELD(TB_FLAGS, VIRT_ENABLED, 21, 1)
+FIELD(TB_FLAGS, PRIV, 22, 2)
+FIELD(TB_FLAGS, AXL, 24, 2)
 
 #ifdef TARGET_RISCV32
 #define riscv_cpu_mxl(env)  ((void)(env), MXL_RV32)
@@ -632,8 +616,6 @@ static inline uint32_t vext_get_vlmax(RISCVCPU *cpu, 
target_ulong vtype)
 void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc,
   uint64_t *cs_base, uint32_t *pflags);
 
-void riscv_cpu_update_mask(CPURISCVState *env);
-
 RISCVException riscv_csrrw(CPURISCVState *env, int csrno,
target_ulong *ret_value,
target_ulong new_value, target_ulong write_mask);
diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 59f0ffd9e1..87a741fe66 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -491,37 +491,6 @@
 #define CSR_MHPMCOUNTER30H  0xb9e
 #define CSR_MHPMCOUNTER31H  0xb9f
 
-/*
- * User PointerMasking registers
- * NB: actual CSR numbers might be changed in future
- */
-#define CSR_UMTE0x4c0
-#define CSR_UPMMASK 0x4c1
-#define CSR_UPMBASE 0x4c2
-
-/*
- * Machine PointerMasking registers
- * NB: actual CSR numbers might be changed in future
- */
-#define CSR_MMTE0x3c0
-#define CSR_MPMMASK 0x3c1
-#define CSR_MPMBASE 0x3c2
-
-/*
- * Supervisor PointerMaster registers
- * NB: actual CSR 

[RFC v1 8/8] target/riscv: enable updates for pointer masking variables and thus enable pointer masking extension

[Alexey Baturo]

Signed-off-by: Alexey Baturo 
---
 target/riscv/cpu.c| 1 +
 target/riscv/cpu_helper.c | 1 +
 target/riscv/csr.c| 4 
 target/riscv/machine.c| 1 +
 target/riscv/pmp.c| 1 +
 5 files changed, 8 insertions(+)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index af8f16b94f..928d4b5f5c 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -891,6 +891,7 @@ static void riscv_cpu_reset_hold(Object *obj)
 }
 #endif
 env->xl = riscv_cpu_mxl(env);
+riscv_cpu_update_mask(env);
 cs->exception_index = RISCV_EXCP_NONE;
 env->load_res = -1;
 set_default_nan_mode(1, >fp_status);
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 6e68b2fc27..6cc1df4fcb 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -689,6 +689,7 @@ void riscv_cpu_set_mode(CPURISCVState *env, target_ulong 
newpriv)
 /* tlb_flush is unnecessary as mode is contained in mmu_idx */
 env->priv = newpriv;
 env->xl = cpu_recompute_xl(env);
+riscv_cpu_update_mask(env);
 
 /*
  * Clear the load reservation - otherwise a reservation placed in one
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index c7e59168d2..7fe0d83877 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -1321,6 +1321,7 @@ static RISCVException write_mstatus(CPURISCVState *env, 
int csrno,
 env->xl = cpu_recompute_xl(env);
 }
 
+riscv_cpu_update_mask(env);
 return RISCV_EXCP_NONE;
 }
 
@@ -1948,6 +1949,7 @@ static RISCVException write_menvcfg(CPURISCVState *env, 
int csrno,
 }
 env->menvcfg = (env->menvcfg & ~mask) | (val & mask);
 
+riscv_cpu_update_mask(env);
 return RISCV_EXCP_NONE;
 }
 
@@ -2002,6 +2004,8 @@ static RISCVException write_senvcfg(CPURISCVState *env, 
int csrno,
 mask |= SENVCFG_UPMEN;
 }
 env->senvcfg = (env->senvcfg & ~mask) | (val & mask);
+
+riscv_cpu_update_mask(env);
 return RISCV_EXCP_NONE;
 }
 
diff --git a/target/riscv/machine.c b/target/riscv/machine.c
index d50ff5421f..e63a9fc95f 100644
--- a/target/riscv/machine.c
+++ b/target/riscv/machine.c
@@ -258,6 +258,7 @@ static int riscv_cpu_post_load(void *opaque, int version_id)
 CPURISCVState *env = >env;
 
 env->xl = cpu_recompute_xl(env);
+riscv_cpu_update_mask(env);
 return 0;
 }
 
diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 0db49173ef..5ca536bac0 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -586,6 +586,7 @@ void mseccfg_csr_write(CPURISCVState *env, target_ulong val)
 }
 
 env->mseccfg = val;
+riscv_cpu_update_mask(env);
 }
 
 /*
-- 
2.34.1

[RFC v1 4/8] Add enum with maximum ignored bits depending on privilege level for Zjpm v0.6.1

[Alexey Baturo]

Signed-off-by: Alexey Baturo 
---
 target/riscv/cpu.h | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 62dabfa207..25fe60476b 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -88,6 +88,16 @@ typedef enum {
 EXT_STATUS_DIRTY,
 } RISCVExtStatus;
 
+/* Enum holds maximum for N bits to be ignored depending on privilege level */
+typedef enum {
+PM_BARE_N_BITS = 16,
+PM_SV32_N_BITS = 0,
+PM_SV39_N_BITS = 25,
+PM_SV48_N_BITS = 16,
+PM_SV57_N_BITS = 7,
+PM_SV64_N_BITS = 0,
+} RISCVZjpmMaxNBits;
+
 #define MMU_USER_IDX 3
 
 #define MAX_RISCV_PMPS (16)
-- 
2.34.1

RE: [PATCH 1/3] hw/misc: Introduce AMD/Xilix Versal TRNG device

[Ho, Tong]

Hi Peter,

The Versal TRNG device is required to support both TRNG mode and PRNG mode, and 
target/guest
software selects and changes the mode at will during runtime.

I do agree that, in the TRNG mode, the model using qemu_guest_getrandom() will 
work without any issues.

When software selects the PRNG mode, the Versal TRNG device is expected to 
output a reproducible
and deterministic sequence of values for a given seed.  This is part of the 
hardware spec.

I fail to see how qemu_guest_getrandom() can be used to model such requirement 
correctly.

Regards,
Tong Ho

-Original Message-
From: Peter Maydell  
Sent: Friday, September 8, 2023 6:50 AM
To: Ho, Tong 
Cc: Richard Henderson ; qemu-...@nongnu.org; 
qemu-devel@nongnu.org; alist...@alistair23.me; edgar.igles...@gmail.com
Subject: Re: [PATCH 1/3] hw/misc: Introduce AMD/Xilix Versal TRNG device

On Fri, 1 Sept 2023 at 05:16, Ho, Tong  wrote:
>
> Hi Richard,
>
> Thanks for your input.
>
> I have questions regarding using qemu/guest-random.h for QEMU device models.
>
> Using qemu/guest-random.h, how can this TRNG model ensure its 
> independence from other uses of the same qemu_guest_getrandom() and 
> qemu_guest_random_seed_*()?
>
> By "other uses", I mean components and/or devices using qemu/guest-random.h 
> but unrelated to this Xilinx Versal TRNG device.
>
> By "independent", I mean the Xilinx Versal TRNG device is:
>
> 1. Not impacted by other uses that may or may not need to set the 
> '-seed' option, and
>
> 2. Not impacting other uses just because a Xilinx Versal machine user decides 
> to use deterministic mode *only" for this TRNG device.
>
> Also, I am at a loss in how unrelated QEMU devices can remain independent 
> when:
>
> 3. qemu/guest-random.h uses '__thread' variable for GRand context, but
>
> 4. QEMU devices run mostly as co-routines and not as separate threads.

You shouldn't need to care about any of this. Just assume you can get decent 
quality random numbers from qemu_guest_getrandom() or 
qemu_guest_getrandom_nofail(). The -seed option is for the entire simulation, 
not specific to individual RNG devices.

> I suppose the Versal TRNG implementation could use g_rand_*() 
> directly, having a GRand object in the device state and seeding through 
> g_rand_set_seed_array().

Don't do something non-standard. Write this RNG device the same way we do all 
other RNG devices in QEMU.

thanks
-- PMM

Re: [PATCH v6 06/17] nbd/server: Support a request payload

[Eric Blake]

On Wed, Sep 06, 2023 at 12:52:22PM -0500, Eric Blake wrote:
> On Tue, Sep 05, 2023 at 05:36:15PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> > On 29.08.23 20:58, Eric Blake wrote:
> > > Upcoming additions to support NBD 64-bit effect lengths allow for the
> > > possibility to distinguish between payload length (capped at 32M) and
> > > effect length (64 bits, although we generally assume 63 bits because
> > > of off_t limitations).  Without that extension, only the NBD_CMD_WRITE
> > > request has a payload; but with the extension, it makes sense to allow
> > > at least NBD_CMD_BLOCK_STATUS to have both a payload and effect length
> > > in a future patch (where the payload is a limited-size struct that in
> > > turn gives the real effect length as well as a subset of known ids for
> > > which status is requested).  Other future NBD commands may also have a
> > > request payload, so the 64-bit extension introduces a new
> > > NBD_CMD_FLAG_PAYLOAD_LEN that distinguishes between whether the header
> > > length is a payload length or an effect length, rather than
> > > hard-coding the decision based on the command; although a client
> > > should never send a command with a payload without the negotiation
> > > phase proving such extension is available, we are now able to
> > > gracefully fail unexpected client payloads while keeping the
> > > connection alive.  Note that we do not support the payload version of
> > > BLOCK_STATUS yet.
> > > 
> > > Signed-off-by: Eric Blake 
> > > ---
> > > 
> > > v5: retitled from v4 13/24, rewrite on top of previous patch's switch
> > > statement [Vladimir]
> > > 
> > > v4: less indentation on several 'if's [Vladimir]
> > > ---
> > >   nbd/server.c | 33 -
> > >   nbd/trace-events |  1 +
> > >   2 files changed, 29 insertions(+), 5 deletions(-)
> > > 
> > > diff --git a/nbd/server.c b/nbd/server.c
> > > index dd3ab59224c..adcfcdeacb7 100644
> > > --- a/nbd/server.c
> > > +++ b/nbd/server.c
> > > @@ -2334,7 +2334,8 @@ static int coroutine_fn 
> > > nbd_co_receive_request(NBDRequestData *req,
> > >  Error **errp)
> > >   {
> > >   NBDClient *client = req->client;
> > > -bool check_length = false;
> > > +bool extended_with_payload;
> > > +bool check_length;
> > >   bool check_rofs = false;
> > >   bool allocate_buffer = false;
> > >   unsigned payload_len = 0;
> > > @@ -2350,6 +2351,9 @@ static int coroutine_fn 
> > > nbd_co_receive_request(NBDRequestData *req,
> > > 
> > >   trace_nbd_co_receive_request_decode_type(request->cookie, 
> > > request->type,
> > >
> > > nbd_cmd_lookup(request->type));
> > > +check_length = extended_with_payload = client->mode >= 
> > > NBD_MODE_EXTENDED &&
> > > +request->flags & NBD_CMD_FLAG_PAYLOAD_LEN;
> > > +
> > >   switch (request->type) {
> > >   case NBD_CMD_DISC:
> > >   /* Special case: we're going to disconnect without a reply,
> > > @@ -2366,6 +2370,14 @@ static int coroutine_fn 
> > > nbd_co_receive_request(NBDRequestData *req,
> > >   break;
> > > 
> > >   case NBD_CMD_WRITE:
> > > +if (client->mode >= NBD_MODE_EXTENDED) {
> > > +if (!extended_with_payload) {
> > > +/* The client is noncompliant. Trace it, but proceed. */
> > > +
> > > trace_nbd_co_receive_ext_payload_compliance(request->from,
> > > +
> > > request->len);
> > > +}
> > > +valid_flags |= NBD_CMD_FLAG_PAYLOAD_LEN;
> > > +}
> > >   payload_len = request->len;
> > >   check_length = true;
> > >   allocate_buffer = true;
> > > @@ -2407,6 +2419,15 @@ static int coroutine_fn 
> > > nbd_co_receive_request(NBDRequestData *req,
> > 
> > more context:
> > 
> > /* Payload and buffer handling. */
> > if (!payload_len) {
> > req->complete = true;
> 
> At this point, payload_len is equal to 0 for all but NBD_CMD_WRITE.  [1]
> 
> > }
> > if (check_length && request->len > NBD_MAX_BUFFER_SIZE) {
> > /* READ, WRITE, CACHE */
> > error_setg(errp, "len (%" PRIu64 ") is larger than max len (%u)",
> >request->len, NBD_MAX_BUFFER_SIZE);
> > return -EINVAL;
> > }
> > 
> > 
> > > +if (extended_with_payload && !allocate_buffer) {
> > 
> > it's correct but strange, as allocate_buffer is (READ or WRITE), and READ 
> > is totally unrelated here.
> 
> Oh, you do have a point.  If a client mistakenly passes the
> extended_with_payload flag on NBD_CMD_READ, we end up skipping this
> code which tries to parse off that payload, meaning we could be out of
> sync for reacting to the next command; if the client is particularly
> malicious, they could send payload that resembles another valid
> command.  Checking specifically for !WRITE rather than for
> 

Re: [PATCH 11/11] qdev: Rework array properties based on list visitor

[Kevin Wolf]

Am 08.09.2023 um 17:18 hat Peter Maydell geschrieben:
> On Fri, 8 Sept 2023 at 15:37, Kevin Wolf  wrote:
> >
> > Until now, array properties are actually implemented with a hack that
> > uses multiple properties on the QOM level: a static "foo-len" property
> > and after it is set, dynamically created "foo[i]" properties.
> >
> > In external interfaces (-device on the command line and device_add in
> > QMP), this interface was broken by commit f3558b1b ('qdev: Base object
> > creation on QDict rather than QemuOpts') because QDicts are unordered
> > and therefore it could happen that QEMU tried to set the indexed
> > properties before setting the length, which fails and effectively makes
> > array properties inaccessible. In particular, this affects the 'ports'
> > property of the 'rocker' device.
> >
> > This patch reworks the external interface so that instead of using a
> > separate top-level property for the length and for each element, we use
> > a single true array property that accepts a list value. In the external
> > interfaces, this is naturally expressed as a JSON list and makes array
> > properties accessible again.
> >
> > Creating an array property on the command line without using JSON format
> > is currently not possible. This could be fixed by switching from
> > QemuOpts to a keyval parser, which however requires consideration of the
> > compatibility implications.
> 
> Could we have a specific example in the commit message of:
> 
> The old (currently broken) syntax for setting the ports
> property on the rocker device is:
>  -device rocker,len-ports=2,ports[0]=dev0,ports[1]=dev1
> The new syntax that works as of this commit is:
>  [whatever]
> 
> ?

Sure, that's a good idea.

> I would expect most users have no idea what the JSON list
> syntax is.

To fill in your "[whatever]", it's something like this:

-device '{"driver":"rocker","ports":["dev0","dev1"]}'

If we can eventually get -device converted to the keyval parser instead
of QemuOpts, the non-JSON syntax will look like this:

-device rocker,ports.0=dev0,ports.1=dev1

But I assume we'll have to solve some compatibility problems with other
devices before this can be done.

Kevin

Re: [PULL 00/51] Build system, i386 changes for 2023-09-07

[Kevin Wolf]

Am 08.09.2023 um 19:16 hat Kevin Wolf geschrieben:
> Am 08.09.2023 um 18:11 hat Philippe Mathieu-Daudé geschrieben:
> > Hi Kevin,
> > 
> > On 8/9/23 17:01, Kevin Wolf wrote:
> > > Am 07.09.2023 um 17:44 hat Stefan Hajnoczi geschrieben:
> > > > Applied, thanks.
> > > > 
> > > > Please update the changelog at https://wiki.qemu.org/ChangeLog/8.2 for 
> > > > any user-visible changes.
> > > 
> > > Something in this has broken the build for me, it seems to be the
> > > linux-user binary that doesn't link any more:
> > > 
> > >/usr/bin/ld: libqemu-x86_64-linux-user.fa.p/target_i386_cpu.c.o: in 
> > > function `cpu_x86_cpuid':
> > >/home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:6180: 
> > > undefined reference to `kvm_arch_get_supported_cpuid'
> > 
> > My patches. I can not reproduce so far,
> 
> Hm, ok. I can try to bisect it further then.

Right, the commit message is obviously related, so you probably knew
this already... :-)

commit 3adce820cf9c454b49cabf52b829001ecb98500e
Author: Philippe Mathieu-Daudé 
Date:   Mon Sep 4 14:43:17 2023 +0200

target/i386: Remove unused KVM stubs

All these functions:

 - kvm_arch_get_supported_cpuid()
 - kvm_has_smm(()
 - kvm_hyperv_expand_features()
 - kvm_set_max_apic_id()

are called after checking for kvm_enabled(), which is
false when KVM is not built. Since the compiler elides
these functions, their stubs are not used and can be
removed.

Inspired-by: Daniel Henrique Barboza 
Signed-off-by: Philippe Mathieu-Daudé 
Message-ID: <20230904124325.79040-7-phi...@linaro.org>
Signed-off-by: Paolo Bonzini 

 target/i386/kvm/kvm-stub.c | 26 --
 1 file changed, 26 deletions(-)

Maybe the calls aren't eliminated because --enable-debug implies -O0?

Kevin

> > What are your ./configure command options?
> 
> '/home/kwolf/source/qemu/configure' '--cc=clang' 
> '--target-list=x86_64-linux-user,x86_64-softmmu,arm-softmmu,aarch64-softmmu' 
> '--enable-debug' '--cxx=clang++' '--disable-blkio' 
> 
> Kevin
> 
> > >/usr/bin/ld: libqemu-x86_64-linux-user.fa.p/target_i386_cpu.c.o: in 
> > > function `x86_cpu_filter_features':
> > >/home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:7158: 
> > > undefined reference to `kvm_arch_get_supported_cpuid'
> > >/usr/bin/ld: 
> > > /home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:7159: undefined 
> > > reference to `kvm_arch_get_supported_cpuid'
> > >/usr/bin/ld: 
> > > /home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:7160: undefined 
> > > reference to `kvm_arch_get_supported_cpuid'
> > >/usr/bin/ld: 
> > > /home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:7161: undefined 
> > > reference to `kvm_arch_get_supported_cpuid'
> > >/usr/bin/ld: 
> > > libqemu-x86_64-linux-user.fa.p/target_i386_cpu.c.o:/home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:7162:
> > >  more undefined references to `kvm_arch_get_supported_cpuid' follow
> > >clang-15: error: linker command failed with exit code 1 (use -v to see 
> > > invocation)
> > > 
> > > In case it makes a difference, I'm using clang on F37.
> > > 
> > > Kevin
> > 

Re: [PULL 00/51] Build system, i386 changes for 2023-09-07

[Michael Tokarev]

08.09.2023 20:16, Kevin Wolf:

Am 08.09.2023 um 18:11 hat Philippe Mathieu-Daudé geschrieben:

Hi Kevin,

On 8/9/23 17:01, Kevin Wolf wrote:

Am 07.09.2023 um 17:44 hat Stefan Hajnoczi geschrieben:

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/8.2 for any 
user-visible changes.


Something in this has broken the build for me, it seems to be the
linux-user binary that doesn't link any more:

/usr/bin/ld: libqemu-x86_64-linux-user.fa.p/target_i386_cpu.c.o: in 
function `cpu_x86_cpuid':
/home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:6180: undefined 
reference to `kvm_arch_get_supported_cpuid'


My patches. I can not reproduce so far,


Hm, ok. I can try to bisect it further then.


case 7:
/* Structured Extended Feature Flags Enumeration Leaf */
if (count == 0) {
...
if ((*ebx & CPUID_7_0_EBX_SGX) &&
(!kvm_enabled() ||
 !(kvm_arch_get_supported_cpuid(cs->kvm_state, 0x7, 0, R_EBX) &
CPUID_7_0_EBX_SGX))) {
*ebx &= ~CPUID_7_0_EBX_SGX;
}

if ((*ecx & CPUID_7_0_ECX_SGX_LC) &&
(!(*ebx & CPUID_7_0_EBX_SGX) || !kvm_enabled() ||
 !(kvm_arch_get_supported_cpuid(cs->kvm_state, 0x7, 0, R_ECX) &
CPUID_7_0_ECX_SGX_LC))) {
*ecx &= ~CPUID_7_0_ECX_SGX_LC;
}

It is most likely patch "target/i386: Remove unused KVM stubs" which removed
kvm_arch_get_supported_cpuid().  Apparently clang isn't smart enough to 
eliminate
call to this function?

/mjt

Re: [PULL 00/51] Build system, i386 changes for 2023-09-07

[Daniel P . Berrangé]

On Fri, Sep 08, 2023 at 07:16:16PM +0200, Kevin Wolf wrote:
> Am 08.09.2023 um 18:11 hat Philippe Mathieu-Daudé geschrieben:
> > Hi Kevin,
> > 
> > On 8/9/23 17:01, Kevin Wolf wrote:
> > > Am 07.09.2023 um 17:44 hat Stefan Hajnoczi geschrieben:
> > > > Applied, thanks.
> > > > 
> > > > Please update the changelog at https://wiki.qemu.org/ChangeLog/8.2 for 
> > > > any user-visible changes.
> > > 
> > > Something in this has broken the build for me, it seems to be the
> > > linux-user binary that doesn't link any more:
> > > 
> > >/usr/bin/ld: libqemu-x86_64-linux-user.fa.p/target_i386_cpu.c.o: in 
> > > function `cpu_x86_cpuid':
> > >/home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:6180: 
> > > undefined reference to `kvm_arch_get_supported_cpuid'
> > 
> > My patches. I can not reproduce so far,

Given the missing function name, I'm assuming the problem is this commit:

[quote]
Subject: [PULL 42/51] target/i386: Remove unused KVM stubs

From: Philippe Mathieu-Daudé 

All these functions:

 - kvm_arch_get_supported_cpuid()
 - kvm_has_smm(()
 - kvm_hyperv_expand_features()
 - kvm_set_max_apic_id()

are called after checking for kvm_enabled(), which is
false when KVM is not built. Since the compiler elides
these functions, their stubs are not used and can be
removed.
[/quote]

> Hm, ok. I can try to bisect it further then.
> 
> > What are your ./configure command options?
> 
> '/home/kwolf/source/qemu/configure' '--cc=clang' 
> '--target-list=x86_64-linux-user,x86_64-softmmu,arm-softmmu,aarch64-softmmu' 
> '--enable-debug' '--cxx=clang++' '--disable-blkio' 

--enable-debug results in "-O0" being used for optimization.

I bet this stops the compiler from eliding the functions
as claimed by the commit above. IOW, we do in fact still
need these stubs.


With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu PATCH v2 7/9] hw/cxl/cxl-mailbox-utils: Add mailbox commands to support add/release dynamic capacity response

[Fan Ni]

On Fri, Sep 08, 2023 at 01:00:16PM +, J?rgen Hansen wrote:
> On 7/25/23 20:39, Fan Ni wrote:
> > From: Fan Ni 
> >
> > Per CXL spec 3.0, two mailbox commands are implemented:
> > Add Dynamic Capacity Response (Opcode 4802h) 8.2.9.8.9.3, and
> > Release Dynamic Capacity (Opcode 4803h) 8.2.9.8.9.4.
> >
> > Signed-off-by: Fan Ni 
> > ---
> >   hw/cxl/cxl-mailbox-utils.c  | 253 
> >   include/hw/cxl/cxl_device.h |   3 +-
> >   2 files changed, 255 insertions(+), 1 deletion(-)
> >
> > diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c
> > index 3d25a9697e..1e4944da95 100644
> > --- a/hw/cxl/cxl-mailbox-utils.c
> > +++ b/hw/cxl/cxl-mailbox-utils.c
> > @@ -84,6 +84,8 @@ enum {
> >   DCD_CONFIG  = 0x48, /*r3.0: 8.2.9.8.9*/
> >   #define GET_DC_CONFIG  0x0
> >   #define GET_DYN_CAP_EXT_LIST   0x1
> > +#define ADD_DYN_CAP_RSP0x2
> > +#define RELEASE_DYN_CAP0x3
> >   PHYSICAL_SWITCH = 0x51
> >   #define IDENTIFY_SWITCH_DEVICE  0x0
> >   };
> > @@ -1086,6 +1088,251 @@ static CXLRetCode 
> > cmd_dcd_get_dyn_cap_ext_list(struct cxl_cmd *cmd,
> >   return CXL_MBOX_SUCCESS;
> >   }
> >
> > +/*
> > + * Check whether the bits at addr between [nr, nr+size) are all set,
> > + * return 1 if all 1s, else return 0
> > + */
> > +static inline int test_bits(const unsigned long *addr, int nr, int size)
> > +{
> > +unsigned long res = find_next_zero_bit(addr, size + nr, nr);
> > +
> > +return (res >= nr + size) ? 1 : 0;
> > +}
> > +
> > +/*
> > + * Find dynamic capacity region id based on dpa range [dpa, dpa+len)
> > + */
> > +static uint8_t find_region_id(struct CXLType3Dev *dev, uint64_t dpa,
> > +uint64_t len)
> > +{
> > +int8_t i = dev->dc.num_regions - 1;
> > +
> > +while (i > 0 && dpa < dev->dc.regions[i].base) {
> > +i--;
> > +}
> > +
> > +if (dpa < dev->dc.regions[i].base
> > +|| dpa + len > dev->dc.regions[i].base + 
> > dev->dc.regions[i].len) {
> > +return dev->dc.num_regions;
> > +}
> > +
> > +return i;
> > +}
> > +
> > +static void insert_extent_to_extent_list(CXLDCDExtentList *list, uint64_t 
> > dpa,
> > +uint64_t len, uint8_t *tag, uint16_t shared_seq)
> > +{
> > +CXLDCD_Extent *extent;
> > +extent = g_new0(CXLDCD_Extent, 1);
> > +extent->start_dpa = dpa;
> > +extent->len = len;
> > +if (tag) {
> > +memcpy(extent->tag, tag, 0x10);
> > +} else {
> > +memset(extent->tag, 0, 0x10);
> > +}
> > +extent->shared_seq = shared_seq;
> > +
> > +QTAILQ_INSERT_TAIL(list, extent, node);
> > +}
> > +
> > +typedef struct updated_dc_extent_list_in_pl {
> > +uint32_t num_entries_updated;
> > +uint8_t rsvd[4];
> > +struct { /* r3.0: Table 8-130 */
> > +uint64_t start_dpa;
> > +uint64_t len;
> > +uint8_t rsvd[8];
> > +} QEMU_PACKED updated_entries[];
> > +} QEMU_PACKED updated_dc_extent_list_in_pl;
> > +
> > +/*
> > + * The function only check the input extent list against itself.
> > + */
> > +static CXLRetCode detect_malformed_extent_list(CXLType3Dev *dev,
> > +const updated_dc_extent_list_in_pl *in)
> > +{
> > +unsigned long *blk_bitmap;
> > +uint64_t min_block_size = dev->dc.regions[0].block_size;
> > +struct CXLDCD_Region *region = >dc.regions[0];
> > +uint32_t i;
> > +uint64_t dpa, len;
> > +uint8_t rid;
> > +CXLRetCode ret;
> > +
> > +for (i = 1; i < dev->dc.num_regions; i++) {
> > +region = >dc.regions[i];
> > +if (min_block_size > region->block_size) {
> > +min_block_size = region->block_size;
> > +}
> > +}
> > +
> > +blk_bitmap = bitmap_new((region->len + region->base
> > +- dev->dc.regions[0].base) / min_block_size);
> > +
> > +for (i = 0; i < in->num_entries_updated; i++) {
> > +dpa = in->updated_entries[i].start_dpa;
> > +len = in->updated_entries[i].len;
> > +
> > +rid = find_region_id(dev, dpa, len);
> > +if (rid == dev->dc.num_regions) {
> > +ret = CXL_MBOX_INVALID_PA;
> > +goto out;
> > +}
> > +
> > +region = >dc.regions[rid];
> > +if (dpa % region->block_size || len % region->block_size) {
> > +ret = CXL_MBOX_INVALID_EXTENT_LIST;
> > +goto out;
> > +}
>
> Hi,
>
> The bitmap uses the dc region 0 base address as the baseline, so when
> checking the dpa against the bitmap it needs to be adjusted for that
> before the bitmap checks, e.g.,
>
> +dpa -= dev->dc.regions[0].base;
>
> Thanks,
> Jorgen

Make sense. Will fix. Thanks.

Fan
>
> > +/* the dpa range already covered by some other extents in the list 
> > */
> > +if (test_bits(blk_bitmap, dpa / min_block_size, len / 
> > min_block_size)) {
> > +ret = CXL_MBOX_INVALID_EXTENT_LIST;
> > +goto out;
> > +}

Re: [PULL 24/51] meson: compile bundled device trees

[Michael Tokarev]

08.09.2023 19:27, Philippe Mathieu-Daudé:

On 7/9/23 14:59, Paolo Bonzini wrote:

If dtc is available, compile the .dts files in the pc-bios directory
instead of using the precompiled binaries.

Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
  pc-bios/Makefile    | 19 ---
  pc-bios/meson.build | 25 +
  2 files changed, 21 insertions(+), 23 deletions(-)
  delete mode 100644 pc-bios/Makefile


FWIW I'm getting:

[50/1419] Generating pc-bios/bamboo.dts with a custom command
../../pc-bios/bamboo.dts:45.9-48.4: Warning (unit_address_vs_reg): /memory: 
node has a reg or ranges property, but no unit name
../../pc-bios/bamboo.dts:87.13-154.5: Warning (unit_address_vs_reg): /plb/opb: 
node has a reg or ranges property, but no unit name
../../pc-bios/bamboo.dts:198.3-50: Warning (chosen_node_stdout_path): 
/chosen:linux,stdout-path: Use 'stdout-path' instead
../../pc-bios/bamboo.dts:87.13-154.5: Warning (interrupts_property): /plb/opb: 
Missing interrupt-parent
../../pc-bios/bamboo.dts:100.14-108.6: Warning (interrupts_property): 
/plb/opb/ebc: Missing interrupt-parent
[51/1419] Generating pc-bios/canyonlands.dts with a custom command
../../pc-bios/canyonlands.dts:47.9-50.4: Warning (unit_address_vs_reg): 
/memory: node has a reg or ranges property, but no unit name
../../pc-bios/canyonlands.dts:210.13-429.5: Warning (unit_address_vs_reg): 
/plb/opb: node has a reg or ranges property, but no unit name
../../pc-bios/canyonlands.dts:464.26-504.5: Warning (pci_bridge): /plb/pciex@d: node name 
is not "pci" or "pcie"
../../pc-bios/canyonlands.dts:506.26-546.5: Warning (pci_bridge): /plb/pciex@d2000: node name 
is not "pci" or "pcie"
pc-bios/canyonlands.dtb: Warning (unit_address_format): Failed prerequisite 
'pci_bridge'
pc-bios/canyonlands.dtb: Warning (pci_device_reg): Failed prerequisite 
'pci_bridge'
pc-bios/canyonlands.dtb: Warning (pci_device_bus_num): Failed prerequisite 
'pci_bridge'
../../pc-bios/canyonlands.dts:268.14-289.7: Warning (avoid_unnecessary_addr_size): /plb/opb/ebc/ndfc@3,0: unnecessary #address-cells/#size-cells 
without "ranges", "dma-ranges" or child "reg" property


This smells like something which has been here forever and no one noticed
because the compile only happens when updating these files, ie, almost
never.

So, "don't blame the messenger" :)

/mjt

Re: [PULL 00/51] Build system, i386 changes for 2023-09-07

[Kevin Wolf]

Am 08.09.2023 um 18:11 hat Philippe Mathieu-Daudé geschrieben:
> Hi Kevin,
> 
> On 8/9/23 17:01, Kevin Wolf wrote:
> > Am 07.09.2023 um 17:44 hat Stefan Hajnoczi geschrieben:
> > > Applied, thanks.
> > > 
> > > Please update the changelog at https://wiki.qemu.org/ChangeLog/8.2 for 
> > > any user-visible changes.
> > 
> > Something in this has broken the build for me, it seems to be the
> > linux-user binary that doesn't link any more:
> > 
> >/usr/bin/ld: libqemu-x86_64-linux-user.fa.p/target_i386_cpu.c.o: in 
> > function `cpu_x86_cpuid':
> >/home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:6180: undefined 
> > reference to `kvm_arch_get_supported_cpuid'
> 
> My patches. I can not reproduce so far,

Hm, ok. I can try to bisect it further then.

> What are your ./configure command options?

'/home/kwolf/source/qemu/configure' '--cc=clang' 
'--target-list=x86_64-linux-user,x86_64-softmmu,arm-softmmu,aarch64-softmmu' 
'--enable-debug' '--cxx=clang++' '--disable-blkio' 

Kevin

> >/usr/bin/ld: libqemu-x86_64-linux-user.fa.p/target_i386_cpu.c.o: in 
> > function `x86_cpu_filter_features':
> >/home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:7158: undefined 
> > reference to `kvm_arch_get_supported_cpuid'
> >/usr/bin/ld: 
> > /home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:7159: undefined 
> > reference to `kvm_arch_get_supported_cpuid'
> >/usr/bin/ld: 
> > /home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:7160: undefined 
> > reference to `kvm_arch_get_supported_cpuid'
> >/usr/bin/ld: 
> > /home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:7161: undefined 
> > reference to `kvm_arch_get_supported_cpuid'
> >/usr/bin/ld: 
> > libqemu-x86_64-linux-user.fa.p/target_i386_cpu.c.o:/home/kwolf/source/qemu/build-clang/../target/i386/cpu.c:7162:
> >  more undefined references to `kvm_arch_get_supported_cpuid' follow
> >clang-15: error: linker command failed with exit code 1 (use -v to see 
> > invocation)
> > 
> > In case it makes a difference, I'm using clang on F37.
> > 
> > Kevin
> 

Re: [Qemu PATCH v2 6/9] hw/mem/cxl_type3: Add DC extent list representative and get DC extent list mailbox support

[Fan Ni]

On Fri, Sep 08, 2023 at 01:12:45PM +, J?rgen Hansen wrote:
> On 7/25/23 20:39, Fan Ni wrote:
> > From: Fan Ni 
> >
> > Add dynamic capacity extent list representative to the definition of
> > CXLType3Dev and add get DC extent list mailbox command per
> > CXL.spec.3.0:.8.2.9.8.9.2.
> >
> > Signed-off-by: Fan Ni 
> > ---
> >   hw/cxl/cxl-mailbox-utils.c  | 71 +
> >   hw/mem/cxl_type3.c  |  1 +
> >   include/hw/cxl/cxl_device.h | 23 
> >   3 files changed, 95 insertions(+)
> >
> > diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c
> > index 0511b8e6f7..3d25a9697e 100644
> > --- a/hw/cxl/cxl-mailbox-utils.c
> > +++ b/hw/cxl/cxl-mailbox-utils.c
> > @@ -83,6 +83,7 @@ enum {
> >   #define CLEAR_POISON   0x2
> >   DCD_CONFIG  = 0x48, /*r3.0: 8.2.9.8.9*/
> >   #define GET_DC_CONFIG  0x0
> > +#define GET_DYN_CAP_EXT_LIST   0x1
> >   PHYSICAL_SWITCH = 0x51
> >   #define IDENTIFY_SWITCH_DEVICE  0x0
> >   };
> > @@ -1018,6 +1019,73 @@ static CXLRetCode cmd_dcd_get_dyn_cap_config(struct 
> > cxl_cmd *cmd,
> >   return CXL_MBOX_SUCCESS;
> >   }
> >
> > +/*
> > + * cxl spec 3.0: 8.2.9.8.9.2
> > + * Get Dynamic Capacity Extent List (Opcode 4810h)
> > + */
> > +static CXLRetCode cmd_dcd_get_dyn_cap_ext_list(struct cxl_cmd *cmd,
> > +CXLDeviceState *cxl_dstate,
> > +uint16_t *len)
> > +{
> > +struct get_dyn_cap_ext_list_in_pl {
> > +uint32_t extent_cnt;
> > +uint32_t start_extent_id;
> > +} QEMU_PACKED;
> > +
> > +struct get_dyn_cap_ext_list_out_pl {
> > +uint32_t count;
> > +uint32_t total_extents;
> > +uint32_t generation_num;
> > +uint8_t rsvd[4];
> > +CXLDCExtent_raw records[];
> > +} QEMU_PACKED;
> > +
> > +struct get_dyn_cap_ext_list_in_pl *in = (void *)cmd->payload;
> > +struct get_dyn_cap_ext_list_out_pl *out = (void *)cmd->payload;
> > +struct CXLType3Dev *ct3d = container_of(cxl_dstate, CXLType3Dev,
> > +cxl_dstate);
> > +uint16_t record_count = 0, i = 0, record_done = 0;
> > +CXLDCDExtentList *extent_list = >dc.extents;
> > +CXLDCD_Extent *ent;
> > +uint16_t out_pl_len;
> > +uint32_t start_extent_id = in->start_extent_id;
> > +
> > +if (start_extent_id > ct3d->dc.total_extent_count) {
> > +return CXL_MBOX_INVALID_INPUT;
> > +}
> > +
> > +record_count = MIN(in->extent_cnt,
> > +ct3d->dc.total_extent_count - start_extent_id);
> > +
> > +out_pl_len = sizeof(*out) + record_count * sizeof(out->records[0]);
> > +/* May need more processing here in the future */
> > +assert(out_pl_len <= CXL_MAILBOX_MAX_PAYLOAD_SIZE);
> > +
> > +memset(out, 0, out_pl_len);
> > +stl_le_p(>count, record_count);
> > +stl_le_p(>total_extents, ct3d->dc.total_extent_count);
> > +stl_le_p(>generation_num, ct3d->dc.ext_list_gen_seq);
> > +
> > +if (record_count > 0) {
> > +QTAILQ_FOREACH(ent, extent_list, node) {
> > +if (i++ < start_extent_id) {
> > +continue;
> > +}
> > +stq_le_p(>records[record_done].start_dpa, ent->start_dpa);
> > +stq_le_p(>records[record_done].len, ent->len);
> > +memcpy(>records[record_done].tag, ent->tag, 0x10);
> > +stw_le_p(>records[record_done].shared_seq, 
> > ent->shared_seq);
> > +record_done++;
> > +if (record_done == record_count) {
> > +break;
> > +}
> > +}
> > +}
> > +
> > +*len = out_pl_len;
> > +return CXL_MBOX_SUCCESS;
> > +}
> > +
> >   #define IMMEDIATE_CONFIG_CHANGE (1 << 1)
> >   #define IMMEDIATE_DATA_CHANGE (1 << 2)
> >   #define IMMEDIATE_POLICY_CHANGE (1 << 3)
> > @@ -1058,6 +1126,9 @@ static struct cxl_cmd cxl_cmd_set[256][256] = {
> >   cmd_media_clear_poison, 72, 0 },
> >   [DCD_CONFIG][GET_DC_CONFIG] = { "DCD_GET_DC_CONFIG",
> >   cmd_dcd_get_dyn_cap_config, 2, 0 },
> > +[DCD_CONFIG][GET_DYN_CAP_EXT_LIST] = {
> > +"DCD_GET_DYNAMIC_CAPACITY_EXTENT_LIST", 
> > cmd_dcd_get_dyn_cap_ext_list,
> > +8, 0 },
> >   };
> >
> >   static struct cxl_cmd cxl_cmd_set_sw[256][256] = {
> > diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c
> > index 76bbd9f785..f1170b8047 100644
> > --- a/hw/mem/cxl_type3.c
> > +++ b/hw/mem/cxl_type3.c
> > @@ -789,6 +789,7 @@ static int cxl_create_dc_regions(CXLType3Dev *ct3d)
> >
> >   region_base += region->len;
> >   }
> > +QTAILQ_INIT(>dc.extents);
> >
> >   return 0;
> >   }
> > diff --git a/include/hw/cxl/cxl_device.h b/include/hw/cxl/cxl_device.h
> > index 1c99b05a66..3a338b3b37 100644
> > --- a/include/hw/cxl/cxl_device.h
> > +++ b/include/hw/cxl/cxl_device.h
> > @@ -385,6 +385,25 @@ typedef QLIST_HEAD(, CXLPoison) CXLPoisonList;
> >
> >   #define DCD_MAX_REGION_NUM 8
> >
> > +typedef struct CXLDCD_Extent_raw {
> 

[PULL v2 00/15] Block layer patches

[Kevin Wolf]

The following changes since commit 13d9f6dca08a38e9258b6328f3ad61bdb8e19619:

  Merge tag 'ide-pull-request' of https://gitlab.com/jsnow/qemu into staging 
(2023-09-07 10:28:33 -0400)

are available in the Git repository at:

  https://repo.or.cz/qemu/kevin.git tags/for-upstream

for you to fetch changes up to 92e2e6a867334a990f8d29f07ca34e3162fdd6ec:

  virtio: Drop out of coroutine context in virtio_load() (2023-09-08 17:03:09 
+0200)


Block layer patches

- Optimise reqs_lock to make multiqueue actually scale
- virtio: Drop out of coroutine context in virtio_load()
- iotests: Fix reference output for some tests after recent changes
- vpc: Avoid dynamic stack allocation
- Code cleanup, improved documentation


Dmitry Frolov (1):
  vmdk: Clean up bdrv_open_child() return value check

Fabiano Rosas (2):
  block: Remove bdrv_query_block_node_info
  block: Remove unnecessary variable in bdrv_block_device_info

Fiona Ebner (1):
  iotests: adapt test output for new qemu_cleanup() behavior

Hanna Czenczek (1):
  block: Be more verbose in create fallback

Kevin Wolf (5):
  qemu-img: Update documentation for compressed images
  block/meson.build: Restore alphabetical order of files
  block: Make more BlockDriver definitions static
  vmstate: Mark VMStateInfo.get/put() coroutine_mixed_fn
  virtio: Drop out of coroutine context in virtio_load()

Michael Tokarev (1):
  qemu-img: omit errno value in error message

Peter Maydell (1):
  block/iscsi: Document why we use raw malloc()

Philippe Mathieu-Daudé (1):
  block/vpc: Avoid dynamic stack allocation

Stefan Hajnoczi (2):
  block: minimize bs->reqs_lock section in tracked_request_end()
  block: change reqs_lock to QemuMutex

 docs/tools/qemu-img.rst  | 19 +++--
 include/block/block_int-common.h |  2 +-
 include/block/qapi.h |  3 ---
 include/migration/vmstate.h  |  8 ---
 block.c  | 10 ++---
 block/copy-before-write.c|  2 +-
 block/io.c   | 30 ---
 block/iscsi.c|  1 +
 block/preallocate.c  |  2 +-
 block/qapi.c | 32 ++--
 block/snapshot-access.c  |  2 +-
 block/vmdk.c |  2 +-
 block/vpc.c  |  4 ++--
 hw/virtio/virtio.c   | 45 +++-
 qemu-img.c   |  4 ++--
 block/meson.build| 12 +--
 tests/qemu-iotests/080.out   |  6 +++---
 tests/qemu-iotests/109.out   | 24 +
 tests/qemu-iotests/112.out   |  6 +++---
 tests/qemu-iotests/185   |  2 ++
 tests/qemu-iotests/185.out   |  4 
 tests/qemu-iotests/244.out   |  2 +-
 22 files changed, 142 insertions(+), 80 deletions(-)

[PULL 12/26] hw/misc: Introduce a model of Xilinx Versal's CFU_APB

[Peter Maydell]

From: Francisco Iglesias 

Introduce a model of the software programming interface (CFU_APB) of
Xilinx Versal's Configuration Frame Unit.

Signed-off-by: Francisco Iglesias 
Reviewed-by: Peter Maydell 
Message-id: 20230831165701.2016397-3-francisco.igles...@amd.com
Signed-off-by: Peter Maydell 
---
 MAINTAINERS   |   2 +
 include/hw/misc/xlnx-versal-cfu.h | 231 ++
 hw/misc/xlnx-versal-cfu.c | 380 ++
 hw/misc/meson.build   |   1 +
 4 files changed, 614 insertions(+)
 create mode 100644 include/hw/misc/xlnx-versal-cfu.h
 create mode 100644 hw/misc/xlnx-versal-cfu.c

diff --git a/MAINTAINERS b/MAINTAINERS
index 4b9512eda93..5b01fbe065e 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1031,6 +1031,8 @@ M: Francisco Iglesias 
 S: Maintained
 F: hw/misc/xlnx-cfi-if.c
 F: include/hw/misc/xlnx-cfi-if.h
+F: hw/misc/xlnx-versal-cfu.c
+F: include/hw/misc/xlnx-versal-cfu.h
 
 STM32F100
 M: Alexandre Iooss 
diff --git a/include/hw/misc/xlnx-versal-cfu.h 
b/include/hw/misc/xlnx-versal-cfu.h
new file mode 100644
index 000..62d10caf275
--- /dev/null
+++ b/include/hw/misc/xlnx-versal-cfu.h
@@ -0,0 +1,231 @@
+/*
+ * QEMU model of the CFU Configuration Unit.
+ *
+ * Copyright (C) 2023, Advanced Micro Devices, Inc.
+ *
+ * Written by Francisco Iglesias 
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * References:
+ * [1] Versal ACAP Technical Reference Manual,
+ * 
https://www.xilinx.com/support/documentation/architecture-manuals/am011-versal-acap-trm.pdf
+ *
+ * [2] Versal ACAP Register Reference,
+ * 
https://www.xilinx.com/htmldocs/registers/am012/am012-versal-register-reference.html
+ */
+#ifndef HW_MISC_XLNX_VERSAL_CFU_APB_H
+#define HW_MISC_XLNX_VERSAL_CFU_APB_H
+
+#include "hw/sysbus.h"
+#include "hw/register.h"
+#include "hw/misc/xlnx-cfi-if.h"
+
+#define TYPE_XLNX_VERSAL_CFU_APB "xlnx,versal-cfu-apb"
+OBJECT_DECLARE_SIMPLE_TYPE(XlnxVersalCFUAPB, XLNX_VERSAL_CFU_APB)
+
+REG32(CFU_ISR, 0x0)
+FIELD(CFU_ISR, USR_GTS_EVENT, 9, 1)
+FIELD(CFU_ISR, USR_GSR_EVENT, 8, 1)
+FIELD(CFU_ISR, SLVERR, 7, 1)
+FIELD(CFU_ISR, DECOMP_ERROR, 6, 1)
+FIELD(CFU_ISR, BAD_CFI_PACKET, 5, 1)
+FIELD(CFU_ISR, AXI_ALIGN_ERROR, 4, 1)
+FIELD(CFU_ISR, CFI_ROW_ERROR, 3, 1)
+FIELD(CFU_ISR, CRC32_ERROR, 2, 1)
+FIELD(CFU_ISR, CRC8_ERROR, 1, 1)
+FIELD(CFU_ISR, SEU_ENDOFCALIB, 0, 1)
+REG32(CFU_IMR, 0x4)
+FIELD(CFU_IMR, USR_GTS_EVENT, 9, 1)
+FIELD(CFU_IMR, USR_GSR_EVENT, 8, 1)
+FIELD(CFU_IMR, SLVERR, 7, 1)
+FIELD(CFU_IMR, DECOMP_ERROR, 6, 1)
+FIELD(CFU_IMR, BAD_CFI_PACKET, 5, 1)
+FIELD(CFU_IMR, AXI_ALIGN_ERROR, 4, 1)
+FIELD(CFU_IMR, CFI_ROW_ERROR, 3, 1)
+FIELD(CFU_IMR, CRC32_ERROR, 2, 1)
+FIELD(CFU_IMR, CRC8_ERROR, 1, 1)
+FIELD(CFU_IMR, SEU_ENDOFCALIB, 0, 1)
+REG32(CFU_IER, 0x8)
+FIELD(CFU_IER, USR_GTS_EVENT, 9, 1)
+FIELD(CFU_IER, USR_GSR_EVENT, 8, 1)
+FIELD(CFU_IER, SLVERR, 7, 1)
+FIELD(CFU_IER, DECOMP_ERROR, 6, 1)
+FIELD(CFU_IER, BAD_CFI_PACKET, 5, 1)
+FIELD(CFU_IER, AXI_ALIGN_ERROR, 4, 1)
+FIELD(CFU_IER, CFI_ROW_ERROR, 3, 1)
+FIELD(CFU_IER, CRC32_ERROR, 2, 1)
+FIELD(CFU_IER, CRC8_ERROR, 1, 1)
+FIELD(CFU_IER, SEU_ENDOFCALIB, 0, 1)
+REG32(CFU_IDR, 0xc)
+FIELD(CFU_IDR, USR_GTS_EVENT, 9, 1)
+FIELD(CFU_IDR, USR_GSR_EVENT, 8, 1)
+FIELD(CFU_IDR, SLVERR, 7, 1)
+FIELD(CFU_IDR, DECOMP_ERROR, 6, 1)
+FIELD(CFU_IDR, BAD_CFI_PACKET, 5, 1)
+FIELD(CFU_IDR, AXI_ALIGN_ERROR, 4, 1)
+FIELD(CFU_IDR, CFI_ROW_ERROR, 3, 1)
+FIELD(CFU_IDR, CRC32_ERROR, 2, 1)
+FIELD(CFU_IDR, CRC8_ERROR, 1, 1)
+FIELD(CFU_IDR, SEU_ENDOFCALIB, 0, 1)
+REG32(CFU_ITR, 0x10)
+FIELD(CFU_ITR, USR_GTS_EVENT, 9, 1)
+FIELD(CFU_ITR, USR_GSR_EVENT, 8, 1)
+FIELD(CFU_ITR, SLVERR, 7, 1)
+FIELD(CFU_ITR, DECOMP_ERROR, 6, 1)
+FIELD(CFU_ITR, BAD_CFI_PACKET, 5, 1)
+FIELD(CFU_ITR, AXI_ALIGN_ERROR, 4, 1)
+FIELD(CFU_ITR, CFI_ROW_ERROR, 3, 1)
+FIELD(CFU_ITR, CRC32_ERROR, 2, 1)
+FIELD(CFU_ITR, CRC8_ERROR, 1, 1)
+FIELD(CFU_ITR, SEU_ENDOFCALIB, 0, 1)
+REG32(CFU_PROTECT, 0x14)
+FIELD(CFU_PROTECT, ACTIVE, 0, 1)
+REG32(CFU_FGCR, 0x18)
+FIELD(CFU_FGCR, GCLK_CAL, 14, 1)
+FIELD(CFU_FGCR, SC_HBC_TRIGGER, 13, 1)
+FIELD(CFU_FGCR, GLOW, 12, 1)
+FIELD(CFU_FGCR, GPWRDWN, 11, 1)
+FIELD(CFU_FGCR, GCAP, 10, 1)
+FIELD(CFU_FGCR, GSCWE, 9, 1)
+FIELD(CFU_FGCR, GHIGH_B, 8, 1)
+FIELD(CFU_FGCR, GMC_B, 7, 1)
+FIELD(CFU_FGCR, GWE, 6, 1)
+FIELD(CFU_FGCR, GRESTORE, 5, 1)
+FIELD(CFU_FGCR, GTS_CFG_B, 4, 1)
+FIELD(CFU_FGCR, GLUTMASK, 3, 1)
+FIELD(CFU_FGCR, EN_GLOBS_B, 2, 1)
+FIELD(CFU_FGCR, EOS, 1, 1)
+FIELD(CFU_FGCR, INIT_COMPLETE, 0, 1)
+REG32(CFU_CTL, 0x1c)
+FIELD(CFU_CTL, GSR_GSC, 15, 1)
+FIELD(CFU_CTL, SLVERR_EN, 14, 1)
+FIELD(CFU_CTL, CRC32_RESET, 13, 1)
+FIELD(CFU_CTL, AXI_ERROR_EN, 12, 1)
+FIELD(CFU_CTL, FLUSH_AXI, 11, 1)
+FIELD(CFU_CTL, SSI_PER_SLR_PR, 10, 

[PULL 06/26] target/arm: Implement FEAT_EPAC

[Peter Maydell]

From: Aaron Lindsay 

Signed-off-by: Aaron Lindsay 
Reviewed-by: Peter Maydell 
Reviewed-by: Richard Henderson 
Signed-off-by: Richard Henderson 
Message-id: 20230829232335.965414-7-richard.hender...@linaro.org
Message-Id: <20230609172324.982888-5-aa...@os.amperecomputing.com>
Signed-off-by: Richard Henderson 
Signed-off-by: Peter Maydell 
---
 docs/system/arm/emulation.rst |  1 +
 target/arm/tcg/cpu64.c|  2 +-
 target/arm/tcg/pauth_helper.c | 16 +++-
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index c4bc4074866..2e99888a6ae 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -28,6 +28,7 @@ the following architecture extensions:
 - FEAT_DotProd (Advanced SIMD dot product instructions)
 - FEAT_DoubleFault (Double Fault Extension)
 - FEAT_E0PD (Preventing EL0 access to halves of address maps)
+- FEAT_EPAC (Enhanced pointer authentication)
 - FEAT_ETS (Enhanced Translation Synchronization)
 - FEAT_EVT (Enhanced Virtualization Traps)
 - FEAT_FCMA (Floating-point complex number instructions)
diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c
index 4a1d9816dfb..b6a820aae74 100644
--- a/target/arm/tcg/cpu64.c
+++ b/target/arm/tcg/cpu64.c
@@ -803,7 +803,7 @@ void aarch64_max_tcg_initfn(Object *obj)
 
 t = cpu->isar.id_aa64isar1;
 t = FIELD_DP64(t, ID_AA64ISAR1, DPB, 2);  /* FEAT_DPB2 */
-t = FIELD_DP64(t, ID_AA64ISAR1, APA, PauthFeat_1);
+t = FIELD_DP64(t, ID_AA64ISAR1, APA, PauthFeat_EPAC);
 t = FIELD_DP64(t, ID_AA64ISAR1, API, 1);
 t = FIELD_DP64(t, ID_AA64ISAR1, JSCVT, 1);/* FEAT_JSCVT */
 t = FIELD_DP64(t, ID_AA64ISAR1, FCMA, 1); /* FEAT_FCMA */
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index bb03409ee55..63e1009ea74 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -326,8 +326,10 @@ static uint64_t pauth_computepac(CPUARMState *env, 
uint64_t data,
 static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier,
  ARMPACKey *key, bool data)
 {
+ARMCPU *cpu = env_archcpu(env);
 ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
 ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data, false);
+ARMPauthFeature pauth_feature = cpu_isar_feature(pauth_feature, cpu);
 uint64_t pac, ext_ptr, ext, test;
 int bot_bit, top_bit;
 
@@ -351,11 +353,15 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t 
ptr, uint64_t modifier,
  */
 test = sextract64(ptr, bot_bit, top_bit - bot_bit);
 if (test != 0 && test != -1) {
-/*
- * Note that our top_bit is one greater than the pseudocode's
- * version, hence "- 2" here.
- */
-pac ^= MAKE_64BIT_MASK(top_bit - 2, 1);
+if (pauth_feature == PauthFeat_EPAC) {
+pac = 0;
+} else {
+/*
+ * Note that our top_bit is one greater than the pseudocode's
+ * version, hence "- 2" here.
+ */
+pac ^= MAKE_64BIT_MASK(top_bit - 2, 1);
+}
 }
 
 /*
-- 
2.34.1

[PULL 13/26] hw/misc/xlnx-versal-cfu: Introduce a model of Xilinx Versal CFU_FDRO

[Peter Maydell]

From: Francisco Iglesias 

Introduce a model of Xilinx Versal's Configuration Frame Unit's data out
port (CFU_FDRO).

Signed-off-by: Francisco Iglesias 
Reviewed-by: Peter Maydell 
Message-id: 20230831165701.2016397-4-francisco.igles...@amd.com
Signed-off-by: Peter Maydell 
---
 include/hw/misc/xlnx-versal-cfu.h | 12 
 hw/misc/xlnx-versal-cfu.c | 96 +++
 2 files changed, 108 insertions(+)

diff --git a/include/hw/misc/xlnx-versal-cfu.h 
b/include/hw/misc/xlnx-versal-cfu.h
index 62d10caf275..73e9a21af4d 100644
--- a/include/hw/misc/xlnx-versal-cfu.h
+++ b/include/hw/misc/xlnx-versal-cfu.h
@@ -20,10 +20,14 @@
 #include "hw/sysbus.h"
 #include "hw/register.h"
 #include "hw/misc/xlnx-cfi-if.h"
+#include "qemu/fifo32.h"
 
 #define TYPE_XLNX_VERSAL_CFU_APB "xlnx,versal-cfu-apb"
 OBJECT_DECLARE_SIMPLE_TYPE(XlnxVersalCFUAPB, XLNX_VERSAL_CFU_APB)
 
+#define TYPE_XLNX_VERSAL_CFU_FDRO "xlnx,versal-cfu-fdro"
+OBJECT_DECLARE_SIMPLE_TYPE(XlnxVersalCFUFDRO, XLNX_VERSAL_CFU_FDRO)
+
 REG32(CFU_ISR, 0x0)
 FIELD(CFU_ISR, USR_GTS_EVENT, 9, 1)
 FIELD(CFU_ISR, USR_GSR_EVENT, 8, 1)
@@ -210,6 +214,14 @@ struct XlnxVersalCFUAPB {
 } cfg;
 };
 
+
+struct XlnxVersalCFUFDRO {
+SysBusDevice parent_obj;
+MemoryRegion iomem_fdro;
+
+Fifo32 fdro_data;
+};
+
 /**
  * This is a helper function for updating a CFI data write fifo, an array of 4
  * uint32_t and 128 bits of data that are allowed to be written through 4
diff --git a/hw/misc/xlnx-versal-cfu.c b/hw/misc/xlnx-versal-cfu.c
index b2dc6ab2111..255c1bf4b8c 100644
--- a/hw/misc/xlnx-versal-cfu.c
+++ b/hw/misc/xlnx-versal-cfu.c
@@ -264,6 +264,25 @@ static void cfu_stream_write(void *opaque, hwaddr addr, 
uint64_t value,
 }
 }
 
+static uint64_t cfu_fdro_read(void *opaque, hwaddr addr, unsigned size)
+{
+XlnxVersalCFUFDRO *s = XLNX_VERSAL_CFU_FDRO(opaque);
+uint64_t ret = 0;
+
+if (!fifo32_is_empty(>fdro_data)) {
+ret = fifo32_pop(>fdro_data);
+}
+
+return ret;
+}
+
+static void cfu_fdro_write(void *opaque, hwaddr addr, uint64_t value,
+   unsigned size)
+{
+qemu_log_mask(LOG_GUEST_ERROR, "%s: Unsupported write from addr=%"
+  HWADDR_PRIx "\n", __func__, addr);
+}
+
 static const MemoryRegionOps cfu_stream_ops = {
 .read = cfu_stream_read,
 .write = cfu_stream_write,
@@ -274,6 +293,16 @@ static const MemoryRegionOps cfu_stream_ops = {
 },
 };
 
+static const MemoryRegionOps cfu_fdro_ops = {
+.read = cfu_fdro_read,
+.write = cfu_fdro_write,
+.endianness = DEVICE_LITTLE_ENDIAN,
+.valid = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+};
+
 static void cfu_apb_init(Object *obj)
 {
 XlnxVersalCFUAPB *s = XLNX_VERSAL_CFU_APB(obj);
@@ -305,6 +334,39 @@ static void cfu_apb_init(Object *obj)
 sysbus_init_irq(sbd, >irq_cfu_imr);
 }
 
+static void cfu_fdro_init(Object *obj)
+{
+XlnxVersalCFUFDRO *s = XLNX_VERSAL_CFU_FDRO(obj);
+SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+
+memory_region_init_io(>iomem_fdro, obj, _fdro_ops, s,
+  TYPE_XLNX_VERSAL_CFU_FDRO, KEYHOLE_STREAM_4K);
+sysbus_init_mmio(sbd, >iomem_fdro);
+fifo32_create(>fdro_data, 8 * KiB / sizeof(uint32_t));
+}
+
+static void cfu_fdro_reset_enter(Object *obj, ResetType type)
+{
+XlnxVersalCFUFDRO *s = XLNX_VERSAL_CFU_FDRO(obj);
+
+fifo32_reset(>fdro_data);
+}
+
+static void cfu_fdro_cfi_transfer_packet(XlnxCfiIf *cfi_if, XlnxCfiPacket *pkt)
+{
+XlnxVersalCFUFDRO *s = XLNX_VERSAL_CFU_FDRO(cfi_if);
+
+if (fifo32_num_free(>fdro_data) >= ARRAY_SIZE(pkt->data)) {
+for (int i = 0; i < ARRAY_SIZE(pkt->data); i++) {
+fifo32_push(>fdro_data, pkt->data[i]);
+}
+} else {
+/* It is a programming error to fill the fifo. */
+qemu_log_mask(LOG_GUEST_ERROR,
+  "CFU_FDRO: CFI data dropped due to full read fifo\n");
+}
+}
+
 static Property cfu_props[] = {
 DEFINE_PROP_LINK("cframe0", XlnxVersalCFUAPB, cfg.cframe[0],
  TYPE_XLNX_CFI_IF, XlnxCfiIf *),
@@ -351,6 +413,16 @@ static const VMStateDescription vmstate_cfu_apb = {
 }
 };
 
+static const VMStateDescription vmstate_cfu_fdro = {
+.name = TYPE_XLNX_VERSAL_CFU_FDRO,
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_FIFO32(fdro_data, XlnxVersalCFUFDRO),
+VMSTATE_END_OF_LIST(),
+}
+};
+
 static void cfu_apb_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -360,6 +432,17 @@ static void cfu_apb_class_init(ObjectClass *klass, void 
*data)
 device_class_set_props(dc, cfu_props);
 }
 
+static void cfu_fdro_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+ResettableClass *rc = RESETTABLE_CLASS(klass);
+XlnxCfiIfClass *xcic = XLNX_CFI_IF_CLASS(klass);
+
+dc->vmsd = _cfu_fdro;
+

[PULL 24/26] target/arm: Implement FEAT_TIDCP1

[Peter Maydell]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Message-id: 20230831232441.66020-5-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 docs/system/arm/emulation.rst  |  1 +
 target/arm/cpu.h   |  5 +
 target/arm/helper.h|  1 +
 target/arm/tcg/cpu64.c |  1 +
 target/arm/tcg/op_helper.c | 20 
 target/arm/tcg/translate-a64.c |  5 +
 target/arm/tcg/translate.c |  6 ++
 7 files changed, 39 insertions(+)

diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index 305b36b19e7..3df936fc356 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -92,6 +92,7 @@ the following architecture extensions:
 - FEAT_SME_I16I64 (16-bit to 64-bit integer widening outer product 
instructions)
 - FEAT_SPECRES (Speculation restriction instructions)
 - FEAT_SSBS (Speculative Store Bypass Safe)
+- FEAT_TIDCP1 (EL0 use of IMPLEMENTATION DEFINED functionality)
 - FEAT_TLBIOS (TLB invalidate instructions in Outer Shareable domain)
 - FEAT_TLBIRANGE (TLB invalidate range instructions)
 - FEAT_TTCNP (Translation table Common not private translations)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 6f75ccfcef9..d1aa3da38f6 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3980,6 +3980,11 @@ static inline bool isar_feature_aa64_hcx(const 
ARMISARegisters *id)
 return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, HCX) != 0;
 }
 
+static inline bool isar_feature_aa64_tidcp1(const ARMISARegisters *id)
+{
+return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR1, TIDCP1) != 0;
+}
+
 static inline bool isar_feature_aa64_uao(const ARMISARegisters *id)
 {
 return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, UAO) != 0;
diff --git a/target/arm/helper.h b/target/arm/helper.h
index cf5c55a12b3..2b027333053 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -81,6 +81,7 @@ DEF_HELPER_FLAGS_2(check_bxj_trap, TCG_CALL_NO_WG, void, env, 
i32)
 
 DEF_HELPER_4(access_check_cp_reg, cptr, env, i32, i32, i32)
 DEF_HELPER_FLAGS_2(lookup_cp_reg, TCG_CALL_NO_RWG_SE, cptr, env, i32)
+DEF_HELPER_FLAGS_2(tidcp_el0, TCG_CALL_NO_WG, void, env, i32)
 DEF_HELPER_FLAGS_2(tidcp_el1, TCG_CALL_NO_WG, void, env, i32)
 DEF_HELPER_3(set_cp_reg, void, env, cptr, i32)
 DEF_HELPER_2(get_cp_reg, i32, env, cptr)
diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c
index 6e5192ebfc3..7264ab5ead1 100644
--- a/target/arm/tcg/cpu64.c
+++ b/target/arm/tcg/cpu64.c
@@ -1071,6 +1071,7 @@ void aarch64_max_tcg_initfn(Object *obj)
 t = FIELD_DP64(t, ID_AA64MMFR1, XNX, 1);  /* FEAT_XNX */
 t = FIELD_DP64(t, ID_AA64MMFR1, ETS, 1);  /* FEAT_ETS */
 t = FIELD_DP64(t, ID_AA64MMFR1, HCX, 1);  /* FEAT_HCX */
+t = FIELD_DP64(t, ID_AA64MMFR1, TIDCP1, 1);   /* FEAT_TIDCP1 */
 cpu->isar.id_aa64mmfr1 = t;
 
 t = cpu->isar.id_aa64mmfr2;
diff --git a/target/arm/tcg/op_helper.c b/target/arm/tcg/op_helper.c
index 9014c3ca460..403f8b09d36 100644
--- a/target/arm/tcg/op_helper.c
+++ b/target/arm/tcg/op_helper.c
@@ -777,6 +777,26 @@ void HELPER(tidcp_el1)(CPUARMState *env, uint32_t syndrome)
 }
 }
 
+/*
+ * Similarly, for FEAT_TIDCP1 at EL0.
+ * We have already checked for the presence of the feature.
+ */
+void HELPER(tidcp_el0)(CPUARMState *env, uint32_t syndrome)
+{
+/* See arm_sctlr(), but we also need the sctlr el. */
+ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, 0);
+int target_el = mmu_idx == ARMMMUIdx_E20_0 ? 2 : 1;
+
+/*
+ * The bit is not valid unless the target el is aa64, but since the
+ * bit test is simpler perform that first and check validity after.
+ */
+if ((env->cp15.sctlr_el[target_el] & SCTLR_TIDCP)
+&& arm_el_is_aa64(env, target_el)) {
+raise_exception_ra(env, EXCP_UDEF, syndrome, target_el, GETPC());
+}
+}
+
 void HELPER(set_cp_reg)(CPUARMState *env, const void *rip, uint32_t value)
 {
 const ARMCPRegInfo *ri = rip;
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index cb5c42638cc..1b6fbb61e2b 100644
--- a/target/arm/tcg/translate-a64.c
+++ b/target/arm/tcg/translate-a64.c
@@ -2163,6 +2163,11 @@ static void handle_sys(DisasContext *s, bool isread,
  */
 syndrome = syn_aa64_sysregtrap(op0, op1, op2, crn, crm, rt, isread);
 switch (s->current_el) {
+case 0:
+if (dc_isar_feature(aa64_tidcp1, s)) {
+gen_helper_tidcp_el0(cpu_env, tcg_constant_i32(syndrome));
+}
+break;
 case 1:
 gen_helper_tidcp_el1(cpu_env, tcg_constant_i32(syndrome));
 break;
diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
index 47d3bc5fd51..976b7042008 100644
--- a/target/arm/tcg/translate.c
+++ b/target/arm/tcg/translate.c
@@ -4640,6 +4640,12 @@ static void do_coproc_insn(DisasContext *s, int cpnum, 
int is64,
  * but raises the same exception, so order doesn't 

[PULL 17/26] hw/arm/xlnx-versal: Connect the CFU_APB, CFU_FDRO and CFU_SFR

[Peter Maydell]

From: Francisco Iglesias 

Connect the Configuration Frame Unit (CFU_APB, CFU_FDRO and CFU_SFR) to
the Versal machine.

Signed-off-by: Francisco Iglesias 
Acked-by: Edgar E. Iglesias 
Reviewed-by: Peter Maydell 
Message-id: 20230831165701.2016397-8-francisco.igles...@amd.com
Signed-off-by: Peter Maydell 
---
 include/hw/arm/xlnx-versal.h | 16 ++
 hw/arm/xlnx-versal.c | 42 
 2 files changed, 58 insertions(+)

diff --git a/include/hw/arm/xlnx-versal.h b/include/hw/arm/xlnx-versal.h
index 39ee31185c3..29b9c603010 100644
--- a/include/hw/arm/xlnx-versal.h
+++ b/include/hw/arm/xlnx-versal.h
@@ -32,6 +32,7 @@
 #include "hw/misc/xlnx-versal-crl.h"
 #include "hw/misc/xlnx-versal-pmc-iou-slcr.h"
 #include "hw/net/xlnx-versal-canfd.h"
+#include "hw/misc/xlnx-versal-cfu.h"
 
 #define TYPE_XLNX_VERSAL "xlnx-versal"
 OBJECT_DECLARE_SIMPLE_TYPE(Versal, XLNX_VERSAL)
@@ -117,6 +118,9 @@ struct Versal {
 XlnxEFuse efuse;
 XlnxVersalEFuseCtrl efuse_ctrl;
 XlnxVersalEFuseCache efuse_cache;
+XlnxVersalCFUAPB cfu_apb;
+XlnxVersalCFUFDRO cfu_fdro;
+XlnxVersalCFUSFR cfu_sfr;
 
 OrIRQState apb_irq_orgate;
 } pmc;
@@ -147,6 +151,7 @@ struct Versal {
 #define VERSAL_GEM1_WAKE_IRQ_0 59
 #define VERSAL_ADMA_IRQ_0  60
 #define VERSAL_XRAM_IRQ_0  79
+#define VERSAL_CFU_IRQ_0   120
 #define VERSAL_PMC_APB_IRQ 121
 #define VERSAL_OSPI_IRQ124
 #define VERSAL_SD0_IRQ_0   126
@@ -240,6 +245,17 @@ struct Versal {
 #define MM_PMC_EFUSE_CACHE  0xf125
 #define MM_PMC_EFUSE_CACHE_SIZE 0x00C00
 
+#define MM_PMC_CFU_APB  0xf12b
+#define MM_PMC_CFU_APB_SIZE 0x1
+#define MM_PMC_CFU_STREAM   0xf12c
+#define MM_PMC_CFU_STREAM_SIZE  0x1000
+#define MM_PMC_CFU_SFR  0xf12c1000
+#define MM_PMC_CFU_SFR_SIZE 0x1000
+#define MM_PMC_CFU_FDRO 0xf12c2000
+#define MM_PMC_CFU_FDRO_SIZE0x1000
+#define MM_PMC_CFU_STREAM_2 0xf1f8
+#define MM_PMC_CFU_STREAM_2_SIZE0x4
+
 #define MM_PMC_CRP  0xf126U
 #define MM_PMC_CRP_SIZE 0x1
 #define MM_PMC_RTC  0xf12a
diff --git a/hw/arm/xlnx-versal.c b/hw/arm/xlnx-versal.c
index 60bf5fe657f..3f4b4b15600 100644
--- a/hw/arm/xlnx-versal.c
+++ b/hw/arm/xlnx-versal.c
@@ -570,6 +570,47 @@ static void versal_create_ospi(Versal *s, qemu_irq *pic)
 qdev_connect_gpio_out(orgate, 0, pic[VERSAL_OSPI_IRQ]);
 }
 
+static void versal_create_cfu(Versal *s, qemu_irq *pic)
+{
+SysBusDevice *sbd;
+
+/* CFU FDRO */
+object_initialize_child(OBJECT(s), "cfu-fdro", >pmc.cfu_fdro,
+TYPE_XLNX_VERSAL_CFU_FDRO);
+sbd = SYS_BUS_DEVICE(>pmc.cfu_fdro);
+
+sysbus_realize(sbd, _fatal);
+memory_region_add_subregion(>mr_ps, MM_PMC_CFU_FDRO,
+sysbus_mmio_get_region(sbd, 0));
+
+/* CFU APB */
+object_initialize_child(OBJECT(s), "cfu-apb", >pmc.cfu_apb,
+TYPE_XLNX_VERSAL_CFU_APB);
+sbd = SYS_BUS_DEVICE(>pmc.cfu_apb);
+
+sysbus_realize(sbd, _fatal);
+memory_region_add_subregion(>mr_ps, MM_PMC_CFU_APB,
+sysbus_mmio_get_region(sbd, 0));
+memory_region_add_subregion(>mr_ps, MM_PMC_CFU_STREAM,
+sysbus_mmio_get_region(sbd, 1));
+memory_region_add_subregion(>mr_ps, MM_PMC_CFU_STREAM_2,
+sysbus_mmio_get_region(sbd, 2));
+sysbus_connect_irq(sbd, 0, pic[VERSAL_CFU_IRQ_0]);
+
+/* CFU SFR */
+object_initialize_child(OBJECT(s), "cfu-sfr", >pmc.cfu_sfr,
+TYPE_XLNX_VERSAL_CFU_SFR);
+
+sbd = SYS_BUS_DEVICE(>pmc.cfu_sfr);
+
+object_property_set_link(OBJECT(>pmc.cfu_sfr),
+"cfu", OBJECT(>pmc.cfu_apb), _abort);
+
+sysbus_realize(sbd, _fatal);
+memory_region_add_subregion(>mr_ps, MM_PMC_CFU_SFR,
+sysbus_mmio_get_region(sbd, 0));
+}
+
 static void versal_create_crl(Versal *s, qemu_irq *pic)
 {
 SysBusDevice *sbd;
@@ -763,6 +804,7 @@ static void versal_realize(DeviceState *dev, Error **errp)
 versal_create_pmc_iou_slcr(s, pic);
 versal_create_ospi(s, pic);
 versal_create_crl(s, pic);
+versal_create_cfu(s, pic);
 versal_map_ddr(s);
 versal_unimp(s);
 
-- 
2.34.1

[PULL 07/26] target/arm: Implement FEAT_Pauth2

[Peter Maydell]

From: Aaron Lindsay 

Signed-off-by: Aaron Lindsay 
Reviewed-by: Peter Maydell 
Reviewed-by: Richard Henderson 
Signed-off-by: Richard Henderson 
Message-id: 20230829232335.965414-8-richard.hender...@linaro.org
Message-Id: <20230609172324.982888-6-aa...@os.amperecomputing.com>
Signed-off-by: Richard Henderson 
Signed-off-by: Peter Maydell 
---
 docs/system/arm/emulation.rst |  1 +
 target/arm/tcg/cpu64.c|  2 +-
 target/arm/tcg/pauth_helper.c | 21 +
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index 2e99888a6ae..b5a667527b5 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -65,6 +65,7 @@ the following architecture extensions:
 - FEAT_PAN2 (AT S1E1R and AT S1E1W instruction variants affected by PSTATE.PAN)
 - FEAT_PAN3 (Support for SCTLR_ELx.EPAN)
 - FEAT_PAuth (Pointer authentication)
+- FEAT_PAuth2 (Enhacements to pointer authentication)
 - FEAT_PMULL (PMULL, PMULL2 instructions)
 - FEAT_PMUv3p1 (PMU Extensions v3.1)
 - FEAT_PMUv3p4 (PMU Extensions v3.4)
diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c
index b6a820aae74..be103702505 100644
--- a/target/arm/tcg/cpu64.c
+++ b/target/arm/tcg/cpu64.c
@@ -803,7 +803,7 @@ void aarch64_max_tcg_initfn(Object *obj)
 
 t = cpu->isar.id_aa64isar1;
 t = FIELD_DP64(t, ID_AA64ISAR1, DPB, 2);  /* FEAT_DPB2 */
-t = FIELD_DP64(t, ID_AA64ISAR1, APA, PauthFeat_EPAC);
+t = FIELD_DP64(t, ID_AA64ISAR1, APA, PauthFeat_2);
 t = FIELD_DP64(t, ID_AA64ISAR1, API, 1);
 t = FIELD_DP64(t, ID_AA64ISAR1, JSCVT, 1);/* FEAT_JSCVT */
 t = FIELD_DP64(t, ID_AA64ISAR1, FCMA, 1); /* FEAT_FCMA */
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index 63e1009ea74..b6aeb905480 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -353,7 +353,9 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t 
ptr, uint64_t modifier,
  */
 test = sextract64(ptr, bot_bit, top_bit - bot_bit);
 if (test != 0 && test != -1) {
-if (pauth_feature == PauthFeat_EPAC) {
+if (pauth_feature >= PauthFeat_2) {
+/* No action required */
+} else if (pauth_feature == PauthFeat_EPAC) {
 pac = 0;
 } else {
 /*
@@ -368,6 +370,9 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t 
ptr, uint64_t modifier,
  * Preserve the determination between upper and lower at bit 55,
  * and insert pointer authentication code.
  */
+if (pauth_feature >= PauthFeat_2) {
+pac ^= ptr;
+}
 if (param.tbi) {
 ptr &= ~MAKE_64BIT_MASK(bot_bit, 55 - bot_bit + 1);
 pac &= MAKE_64BIT_MASK(bot_bit, 54 - bot_bit + 1);
@@ -394,18 +399,26 @@ static uint64_t pauth_original_ptr(uint64_t ptr, 
ARMVAParameters param)
 static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
ARMPACKey *key, bool data, int keynumber)
 {
+ARMCPU *cpu = env_archcpu(env);
 ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
 ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data, false);
+ARMPauthFeature pauth_feature = cpu_isar_feature(pauth_feature, cpu);
 int bot_bit, top_bit;
-uint64_t pac, orig_ptr, test;
+uint64_t pac, orig_ptr, cmp_mask;
 
 orig_ptr = pauth_original_ptr(ptr, param);
 pac = pauth_computepac(env, orig_ptr, modifier, *key);
 bot_bit = 64 - param.tsz;
 top_bit = 64 - 8 * param.tbi;
 
-test = (pac ^ ptr) & ~MAKE_64BIT_MASK(55, 1);
-if (unlikely(extract64(test, bot_bit, top_bit - bot_bit))) {
+cmp_mask = MAKE_64BIT_MASK(bot_bit, top_bit - bot_bit);
+cmp_mask &= ~MAKE_64BIT_MASK(55, 1);
+
+if (pauth_feature >= PauthFeat_2) {
+return ptr ^ (pac & cmp_mask);
+}
+
+if ((pac ^ ptr) & cmp_mask) {
 int error_code = (keynumber << 1) | (keynumber ^ 1);
 if (param.tbi) {
 return deposit64(orig_ptr, 53, 2, error_code);
-- 
2.34.1

[PULL 00/26] target-arm queue

[Peter Maydell]

Hi; here's the latest arm pullreq...

-- PMM

The following changes since commit 03a3a62fbd0aa5227e978eef3c67d3978aec9e5f:

  Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging 
(2023-09-07 10:29:06 -0400)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git 
tags/pull-target-arm-20230908

for you to fetch changes up to c8f2eb5d414b788420b938f2ffdde891aa6c3ae8:

  arm/kvm: Enable support for KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE (2023-09-08 
16:41:36 +0100)


target-arm queue:
 * New CPU type: cortex-a710
 * Implement new architectural features:
- FEAT_PACQARMA3
- FEAT_EPAC
- FEAT_Pauth2
- FEAT_FPAC
- FEAT_FPACCOMBINE
- FEAT_TIDCP1
 * Xilinx Versal: Model the CFU/CFI
 * Implement RMR_ELx registers
 * Implement handling of HCR_EL2.TIDCP trap bit
 * arm/kvm: Enable support for KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE
 * hw/intc/arm_gicv3_its: Avoid maybe-uninitialized error in get_vte()
 * target/arm: Do not use gen_mte_checkN in trans_STGP
 * arm64: Restore trapless ptimer access


Aaron Lindsay (6):
  target/arm: Add ID_AA64ISAR2_EL1
  target/arm: Add feature detection for FEAT_Pauth2 and extensions
  target/arm: Implement FEAT_EPAC
  target/arm: Implement FEAT_Pauth2
  target/arm: Inform helpers whether a PAC instruction is 'combined'
  target/arm: Implement FEAT_FPAC and FEAT_FPACCOMBINE

Colton Lewis (1):
  arm64: Restore trapless ptimer access

Francisco Iglesias (8):
  hw/misc: Introduce the Xilinx CFI interface
  hw/misc: Introduce a model of Xilinx Versal's CFU_APB
  hw/misc/xlnx-versal-cfu: Introduce a model of Xilinx Versal CFU_FDRO
  hw/misc/xlnx-versal-cfu: Introduce a model of Xilinx Versal's CFU_SFR
  hw/misc: Introduce a model of Xilinx Versal's CFRAME_REG
  hw/misc: Introduce a model of Xilinx Versal's CFRAME_BCAST_REG
  hw/arm/xlnx-versal: Connect the CFU_APB, CFU_FDRO and CFU_SFR
  hw/arm/versal: Connect the CFRAME_REG and CFRAME_BCAST_REG

Philippe Mathieu-Daudé (1):
  hw/intc/arm_gicv3_its: Avoid maybe-uninitialized error in get_vte()

Richard Henderson (9):
  tests/tcg/aarch64: Adjust pauth tests for FEAT_FPAC
  target/arm: Don't change pauth features when changing algorithm
  target/arm: Implement FEAT_PACQARMA3
  target/arm: Do not use gen_mte_checkN in trans_STGP
  target/arm: Implement RMR_ELx
  target/arm: Implement cortex-a710
  target/arm: Implement HCR_EL2.TIDCP
  target/arm: Implement FEAT_TIDCP1
  target/arm: Enable SCTLR_EL1.TIDCP for user-only

Shameer Kolothum (1):
  arm/kvm: Enable support for KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE

 MAINTAINERS  |  10 +
 docs/system/arm/cpu-features.rst |  21 +-
 docs/system/arm/emulation.rst|   8 +
 docs/system/arm/virt.rst |   1 +
 include/hw/arm/xlnx-versal.h |  85 +++
 include/hw/misc/xlnx-cfi-if.h|  59 +++
 include/hw/misc/xlnx-versal-cframe-reg.h | 303 +++
 include/hw/misc/xlnx-versal-cfu.h| 258 ++
 include/sysemu/kvm_int.h |   1 +
 target/arm/cpu.h |  54 +-
 target/arm/helper.h  |   2 +
 target/arm/syndrome.h|   7 +
 target/arm/tcg/helper-a64.h  |   4 +
 tests/tcg/aarch64/pauth.h|  23 +
 accel/kvm/kvm-all.c  |   1 +
 hw/arm/virt.c|   1 +
 hw/arm/xlnx-versal.c | 155 +-
 hw/intc/arm_gicv3_its.c  |  15 +-
 hw/misc/xlnx-cfi-if.c|  34 ++
 hw/misc/xlnx-versal-cframe-reg.c | 858 +++
 hw/misc/xlnx-versal-cfu.c| 563 
 target/arm/arm-qmp-cmds.c|   2 +-
 target/arm/cpu.c |   4 +
 target/arm/cpu64.c   |  86 +++-
 target/arm/helper.c  |  68 ++-
 target/arm/hvf/hvf.c |   1 +
 target/arm/kvm.c |  61 +++
 target/arm/kvm64.c   |   3 +
 target/arm/tcg/cpu64.c   | 215 
 target/arm/tcg/op_helper.c   |  33 ++
 target/arm/tcg/pauth_helper.c| 180 +--
 target/arm/tcg/translate-a64.c   |  74 +--
 target/arm/tcg/translate.c   |  33 ++
 tests/qtest/arm-cpu-features.c   |  12 +-
 tests/tcg/aarch64/pauth-2.c  |  54 +-
 tests/tcg/aarch64/pauth-4.c  |  18 +-
 tests/tcg/aarch64/pauth-5.c  |  10 +
 hw/misc/meson.build  |   3 +
 qemu-options.hx  |  15 +
 tests/tcg/aarch64/Makefile.target|   6 +-
 40 files changed, 3184 insertions(+), 157 deletions(-)
 create mode

[PULL 11/26] hw/misc: Introduce the Xilinx CFI interface

[Peter Maydell]

From: Francisco Iglesias 

Introduce the Xilinx Configuration Frame Interface (CFI) for transmitting
CFI data packets between the Xilinx Configuration Frame Unit models
(CFU_APB, CFU_FDRO and CFU_SFR), the Xilinx CFRAME controller (CFRAME_REG)
and the Xilinx CFRAME broadcast controller (CFRAME_BCAST_REG) models (when
emulating bitstream programming and readback).

Signed-off-by: Francisco Iglesias 
Reviewed-by: Sai Pavan Boddu 
Acked-by: Edgar E. Iglesias 
Message-id: 20230831165701.2016397-2-francisco.igles...@amd.com
Signed-off-by: Peter Maydell 
---
 MAINTAINERS   |  6 
 include/hw/misc/xlnx-cfi-if.h | 59 +++
 hw/misc/xlnx-cfi-if.c | 34 
 hw/misc/meson.build   |  1 +
 4 files changed, 100 insertions(+)
 create mode 100644 include/hw/misc/xlnx-cfi-if.h
 create mode 100644 hw/misc/xlnx-cfi-if.c

diff --git a/MAINTAINERS b/MAINTAINERS
index b471973e1e1..4b9512eda93 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1026,6 +1026,12 @@ S: Maintained
 F: hw/ssi/xlnx-versal-ospi.c
 F: include/hw/ssi/xlnx-versal-ospi.h
 
+Xilinx Versal CFI
+M: Francisco Iglesias 
+S: Maintained
+F: hw/misc/xlnx-cfi-if.c
+F: include/hw/misc/xlnx-cfi-if.h
+
 STM32F100
 M: Alexandre Iooss 
 L: qemu-...@nongnu.org
diff --git a/include/hw/misc/xlnx-cfi-if.h b/include/hw/misc/xlnx-cfi-if.h
new file mode 100644
index 000..f9bd12292d4
--- /dev/null
+++ b/include/hw/misc/xlnx-cfi-if.h
@@ -0,0 +1,59 @@
+/*
+ * Xilinx CFI interface
+ *
+ * Copyright (C) 2023, Advanced Micro Devices, Inc.
+ *
+ * Written by Francisco Iglesias 
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#ifndef XLNX_CFI_IF_H
+#define XLNX_CFI_IF_H 1
+
+#include "qemu/help-texts.h"
+#include "hw/hw.h"
+#include "qom/object.h"
+
+#define TYPE_XLNX_CFI_IF "xlnx-cfi-if"
+typedef struct XlnxCfiIfClass XlnxCfiIfClass;
+DECLARE_CLASS_CHECKERS(XlnxCfiIfClass, XLNX_CFI_IF, TYPE_XLNX_CFI_IF)
+
+#define XLNX_CFI_IF(obj) \
+ INTERFACE_CHECK(XlnxCfiIf, (obj), TYPE_XLNX_CFI_IF)
+
+typedef enum {
+PACKET_TYPE_CFU = 0x52,
+PACKET_TYPE_CFRAME = 0xA1,
+} xlnx_cfi_packet_type;
+
+typedef enum {
+CFRAME_FAR = 1,
+CFRAME_SFR = 2,
+CFRAME_FDRI = 4,
+CFRAME_CMD = 6,
+} xlnx_cfi_reg_addr;
+
+typedef struct XlnxCfiPacket {
+uint8_t reg_addr;
+uint32_t data[4];
+} XlnxCfiPacket;
+
+typedef struct XlnxCfiIf {
+Object Parent;
+} XlnxCfiIf;
+
+typedef struct XlnxCfiIfClass {
+InterfaceClass parent;
+
+void (*cfi_transfer_packet)(XlnxCfiIf *cfi_if, XlnxCfiPacket *pkt);
+} XlnxCfiIfClass;
+
+/**
+ * Transfer a XlnxCfiPacket.
+ *
+ * @cfi_if: the object implementing this interface
+ * @XlnxCfiPacket: a pointer to the XlnxCfiPacket to transfer
+ */
+void xlnx_cfi_transfer_packet(XlnxCfiIf *cfi_if, XlnxCfiPacket *pkt);
+
+#endif /* XLNX_CFI_IF_H */
diff --git a/hw/misc/xlnx-cfi-if.c b/hw/misc/xlnx-cfi-if.c
new file mode 100644
index 000..c45f05c4aac
--- /dev/null
+++ b/hw/misc/xlnx-cfi-if.c
@@ -0,0 +1,34 @@
+/*
+ * Xilinx CFI interface
+ *
+ * Copyright (C) 2023, Advanced Micro Devices, Inc.
+ *
+ * Written by Francisco Iglesias 
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include "qemu/osdep.h"
+#include "hw/misc/xlnx-cfi-if.h"
+
+void xlnx_cfi_transfer_packet(XlnxCfiIf *cfi_if, XlnxCfiPacket *pkt)
+{
+XlnxCfiIfClass *xcic = XLNX_CFI_IF_GET_CLASS(cfi_if);
+
+if (xcic->cfi_transfer_packet) {
+xcic->cfi_transfer_packet(cfi_if, pkt);
+}
+}
+
+static const TypeInfo xlnx_cfi_if_info = {
+.name  = TYPE_XLNX_CFI_IF,
+.parent= TYPE_INTERFACE,
+.class_size = sizeof(XlnxCfiIfClass),
+};
+
+static void xlnx_cfi_if_register_types(void)
+{
+type_register_static(_cfi_if_info);
+}
+
+type_init(xlnx_cfi_if_register_types)
+
diff --git a/hw/misc/meson.build b/hw/misc/meson.build
index d9a370c1de2..593c7591fc8 100644
--- a/hw/misc/meson.build
+++ b/hw/misc/meson.build
@@ -98,6 +98,7 @@ specific_ss.add(when: 'CONFIG_XLNX_VERSAL', if_true: 
files('xlnx-versal-crl.c'))
 system_ss.add(when: 'CONFIG_XLNX_VERSAL', if_true: files(
   'xlnx-versal-xramc.c',
   'xlnx-versal-pmc-iou-slcr.c',
+  'xlnx-cfi-if.c',
 ))
 system_ss.add(when: 'CONFIG_STM32F2XX_SYSCFG', if_true: 
files('stm32f2xx_syscfg.c'))
 system_ss.add(when: 'CONFIG_STM32F4XX_SYSCFG', if_true: 
files('stm32f4xx_syscfg.c'))
-- 
2.34.1

[PULL 14/26] hw/misc/xlnx-versal-cfu: Introduce a model of Xilinx Versal's CFU_SFR

[Peter Maydell]

From: Francisco Iglesias 

Introduce a model of Xilinx Versal's Configuration Frame Unit's Single
Frame Read port (CFU_SFR).

Signed-off-by: Francisco Iglesias 
Reviewed-by: Peter Maydell 
Message-id: 20230831165701.2016397-5-francisco.igles...@amd.com
Signed-off-by: Peter Maydell 
---
 include/hw/misc/xlnx-versal-cfu.h | 15 ++
 hw/misc/xlnx-versal-cfu.c | 87 +++
 2 files changed, 102 insertions(+)

diff --git a/include/hw/misc/xlnx-versal-cfu.h 
b/include/hw/misc/xlnx-versal-cfu.h
index 73e9a21af4d..86fb8410538 100644
--- a/include/hw/misc/xlnx-versal-cfu.h
+++ b/include/hw/misc/xlnx-versal-cfu.h
@@ -28,6 +28,9 @@ OBJECT_DECLARE_SIMPLE_TYPE(XlnxVersalCFUAPB, 
XLNX_VERSAL_CFU_APB)
 #define TYPE_XLNX_VERSAL_CFU_FDRO "xlnx,versal-cfu-fdro"
 OBJECT_DECLARE_SIMPLE_TYPE(XlnxVersalCFUFDRO, XLNX_VERSAL_CFU_FDRO)
 
+#define TYPE_XLNX_VERSAL_CFU_SFR "xlnx,versal-cfu-sfr"
+OBJECT_DECLARE_SIMPLE_TYPE(XlnxVersalCFUSFR, XLNX_VERSAL_CFU_SFR)
+
 REG32(CFU_ISR, 0x0)
 FIELD(CFU_ISR, USR_GTS_EVENT, 9, 1)
 FIELD(CFU_ISR, USR_GSR_EVENT, 8, 1)
@@ -222,6 +225,18 @@ struct XlnxVersalCFUFDRO {
 Fifo32 fdro_data;
 };
 
+struct XlnxVersalCFUSFR {
+SysBusDevice parent_obj;
+MemoryRegion iomem_sfr;
+
+/* 128-bit wfifo. */
+uint32_t wfifo[WFIFO_SZ];
+
+struct {
+XlnxVersalCFUAPB *cfu;
+} cfg;
+};
+
 /**
  * This is a helper function for updating a CFI data write fifo, an array of 4
  * uint32_t and 128 bits of data that are allowed to be written through 4
diff --git a/hw/misc/xlnx-versal-cfu.c b/hw/misc/xlnx-versal-cfu.c
index 255c1bf4b8c..8e588ac1d83 100644
--- a/hw/misc/xlnx-versal-cfu.c
+++ b/hw/misc/xlnx-versal-cfu.c
@@ -264,6 +264,31 @@ static void cfu_stream_write(void *opaque, hwaddr addr, 
uint64_t value,
 }
 }
 
+static uint64_t cfu_sfr_read(void *opaque, hwaddr addr, unsigned size)
+{
+qemu_log_mask(LOG_GUEST_ERROR, "%s: Unsupported read from addr=%"
+  HWADDR_PRIx "\n", __func__, addr);
+return 0;
+}
+
+static void cfu_sfr_write(void *opaque, hwaddr addr, uint64_t value,
+  unsigned size)
+{
+XlnxVersalCFUSFR *s = XLNX_VERSAL_CFU_SFR(opaque);
+uint32_t wfifo[WFIFO_SZ];
+
+if (update_wfifo(addr, value, s->wfifo, wfifo)) {
+uint8_t row_addr = extract32(wfifo[0], 23, 5);
+uint32_t frame_addr = extract32(wfifo[0], 0, 23);
+XlnxCfiPacket pkt = { .reg_addr = CFRAME_SFR,
+  .data[0] = frame_addr };
+
+if (s->cfg.cfu) {
+cfu_transfer_cfi_packet(s->cfg.cfu, row_addr, );
+}
+}
+}
+
 static uint64_t cfu_fdro_read(void *opaque, hwaddr addr, unsigned size)
 {
 XlnxVersalCFUFDRO *s = XLNX_VERSAL_CFU_FDRO(opaque);
@@ -293,6 +318,16 @@ static const MemoryRegionOps cfu_stream_ops = {
 },
 };
 
+static const MemoryRegionOps cfu_sfr_ops = {
+.read = cfu_sfr_read,
+.write = cfu_sfr_write,
+.endianness = DEVICE_LITTLE_ENDIAN,
+.valid = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+};
+
 static const MemoryRegionOps cfu_fdro_ops = {
 .read = cfu_fdro_read,
 .write = cfu_fdro_write,
@@ -334,6 +369,23 @@ static void cfu_apb_init(Object *obj)
 sysbus_init_irq(sbd, >irq_cfu_imr);
 }
 
+static void cfu_sfr_init(Object *obj)
+{
+XlnxVersalCFUSFR *s = XLNX_VERSAL_CFU_SFR(obj);
+SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+
+memory_region_init_io(>iomem_sfr, obj, _sfr_ops, s,
+  TYPE_XLNX_VERSAL_CFU_SFR, KEYHOLE_STREAM_4K);
+sysbus_init_mmio(sbd, >iomem_sfr);
+}
+
+static void cfu_sfr_reset_enter(Object *obj, ResetType type)
+{
+XlnxVersalCFUSFR *s = XLNX_VERSAL_CFU_SFR(obj);
+
+memset(s->wfifo, 0, WFIFO_SZ * sizeof(uint32_t));
+}
+
 static void cfu_fdro_init(Object *obj)
 {
 XlnxVersalCFUFDRO *s = XLNX_VERSAL_CFU_FDRO(obj);
@@ -401,6 +453,12 @@ static Property cfu_props[] = {
 DEFINE_PROP_END_OF_LIST(),
 };
 
+static Property cfu_sfr_props[] = {
+DEFINE_PROP_LINK("cfu", XlnxVersalCFUSFR, cfg.cfu,
+ TYPE_XLNX_VERSAL_CFU_APB, XlnxVersalCFUAPB *),
+DEFINE_PROP_END_OF_LIST(),
+};
+
 static const VMStateDescription vmstate_cfu_apb = {
 .name = TYPE_XLNX_VERSAL_CFU_APB,
 .version_id = 1,
@@ -423,6 +481,16 @@ static const VMStateDescription vmstate_cfu_fdro = {
 }
 };
 
+static const VMStateDescription vmstate_cfu_sfr = {
+.name = TYPE_XLNX_VERSAL_CFU_SFR,
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32_ARRAY(wfifo, XlnxVersalCFUSFR, 4),
+VMSTATE_END_OF_LIST(),
+}
+};
+
 static void cfu_apb_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -443,6 +511,16 @@ static void cfu_fdro_class_init(ObjectClass *klass, void 
*data)
 rc->phases.enter = cfu_fdro_reset_enter;
 }
 
+static void cfu_sfr_class_init(ObjectClass *klass, void *data)
+{
+

[PULL 25/26] target/arm: Enable SCTLR_EL1.TIDCP for user-only

[Peter Maydell]

From: Richard Henderson 

The linux kernel detects and enables this bit.  Once trapped,
EC_SYSTEMREGISTERTRAP is treated like EC_UNCATEGORIZED, so
no changes required within linux-user/aarch64/cpu_loop.c.

Signed-off-by: Richard Henderson 
Message-id: 20230831232441.66020-6-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 0bb05854419..b9e09a702d6 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -243,6 +243,10 @@ static void arm_cpu_reset_hold(Object *obj)
   SCTLR_EnDA | SCTLR_EnDB);
 /* Trap on btype=3 for PACIxSP. */
 env->cp15.sctlr_el[1] |= SCTLR_BT0;
+/* Trap on implementation defined registers. */
+if (cpu_isar_feature(aa64_tidcp1, cpu)) {
+env->cp15.sctlr_el[1] |= SCTLR_TIDCP;
+}
 /* and to the FP/Neon instructions */
 env->cp15.cpacr_el1 = FIELD_DP64(env->cp15.cpacr_el1,
  CPACR_EL1, FPEN, 3);
-- 
2.34.1

[PULL 23/26] target/arm: Implement HCR_EL2.TIDCP

[Peter Maydell]

From: Richard Henderson 

Perform the check for EL2 enabled in the security space and the
TIDCP bit in an out-of-line helper.

Signed-off-by: Richard Henderson 
Message-id: 20230831232441.66020-4-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/helper.h|  1 +
 target/arm/tcg/op_helper.c | 13 +
 target/arm/tcg/translate-a64.c | 16 ++--
 target/arm/tcg/translate.c | 27 +++
 4 files changed, 55 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 95e32a697aa..cf5c55a12b3 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -81,6 +81,7 @@ DEF_HELPER_FLAGS_2(check_bxj_trap, TCG_CALL_NO_WG, void, env, 
i32)
 
 DEF_HELPER_4(access_check_cp_reg, cptr, env, i32, i32, i32)
 DEF_HELPER_FLAGS_2(lookup_cp_reg, TCG_CALL_NO_RWG_SE, cptr, env, i32)
+DEF_HELPER_FLAGS_2(tidcp_el1, TCG_CALL_NO_WG, void, env, i32)
 DEF_HELPER_3(set_cp_reg, void, env, cptr, i32)
 DEF_HELPER_2(get_cp_reg, i32, env, cptr)
 DEF_HELPER_3(set_cp_reg64, void, env, cptr, i64)
diff --git a/target/arm/tcg/op_helper.c b/target/arm/tcg/op_helper.c
index 3baf8004f64..9014c3ca460 100644
--- a/target/arm/tcg/op_helper.c
+++ b/target/arm/tcg/op_helper.c
@@ -764,6 +764,19 @@ const void *HELPER(lookup_cp_reg)(CPUARMState *env, 
uint32_t key)
 return ri;
 }
 
+/*
+ * Test for HCR_EL2.TIDCP at EL1.
+ * Since implementation defined registers are rare, and within QEMU
+ * most of them are no-op, do not waste HFLAGS space for this and
+ * always use a helper.
+ */
+void HELPER(tidcp_el1)(CPUARMState *env, uint32_t syndrome)
+{
+if (arm_hcr_el2_eff(env) & HCR_TIDCP) {
+raise_exception_ra(env, EXCP_UDEF, syndrome, 2, GETPC());
+}
+}
+
 void HELPER(set_cp_reg)(CPUARMState *env, const void *rip, uint32_t value)
 {
 const ARMCPRegInfo *ri = rip;
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index 7d2f8026e65..cb5c42638cc 100644
--- a/target/arm/tcg/translate-a64.c
+++ b/target/arm/tcg/translate-a64.c
@@ -2154,6 +2154,20 @@ static void handle_sys(DisasContext *s, bool isread,
 bool need_exit_tb = false;
 TCGv_ptr tcg_ri = NULL;
 TCGv_i64 tcg_rt;
+uint32_t syndrome;
+
+if (crn == 11 || crn == 15) {
+/*
+ * Check for TIDCP trap, which must take precedence over
+ * the UNDEF for "no such register" etc.
+ */
+syndrome = syn_aa64_sysregtrap(op0, op1, op2, crn, crm, rt, isread);
+switch (s->current_el) {
+case 1:
+gen_helper_tidcp_el1(cpu_env, tcg_constant_i32(syndrome));
+break;
+}
+}
 
 if (!ri) {
 /* Unknown register; this might be a guest error or a QEMU
@@ -2176,8 +2190,6 @@ static void handle_sys(DisasContext *s, bool isread,
 /* Emit code to perform further access permissions checks at
  * runtime; this may result in an exception.
  */
-uint32_t syndrome;
-
 syndrome = syn_aa64_sysregtrap(op0, op1, op2, crn, crm, rt, isread);
 gen_a64_update_pc(s, 0);
 tcg_ri = tcg_temp_new_ptr();
diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
index 38ad8dd4bdb..47d3bc5fd51 100644
--- a/target/arm/tcg/translate.c
+++ b/target/arm/tcg/translate.c
@@ -4538,6 +4538,20 @@ void gen_gvec_uaba(unsigned vece, uint32_t rd_ofs, 
uint32_t rn_ofs,
 tcg_gen_gvec_3(rd_ofs, rn_ofs, rm_ofs, opr_sz, max_sz, [vece]);
 }
 
+static bool aa32_cpreg_encoding_in_impdef_space(uint8_t crn, uint8_t crm)
+{
+static const uint16_t mask[3] = {
+0b00000111,  /* crn ==  9, crm == {c0-c2, c5-c8}   */
+0b000100010011,  /* crn == 10, crm == {c0, c1, c4, c8} */
+0b1001,  /* crn == 11, crm == {c0-c8, c15} */
+};
+
+if (crn >= 9 && crn <= 11) {
+return (mask[crn - 9] >> crm) & 1;
+}
+return false;
+}
+
 static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
int opc1, int crn, int crm, int opc2,
bool isread, int rt, int rt2)
@@ -4619,6 +4633,19 @@ static void do_coproc_insn(DisasContext *s, int cpnum, 
int is64,
 }
 }
 
+if (cpnum == 15 && aa32_cpreg_encoding_in_impdef_space(crn, crm)) {
+/*
+ * Check for TIDCP trap, which must take precedence over the UNDEF
+ * for "no such register" etc.  It shares precedence with HSTR,
+ * but raises the same exception, so order doesn't matter.
+ */
+switch (s->current_el) {
+case 1:
+gen_helper_tidcp_el1(cpu_env, tcg_constant_i32(syndrome));
+break;
+}
+}
+
 if (!ri) {
 /*
  * Unknown register; this might be a guest error or a QEMU
-- 
2.34.1

[PULL 15/26] hw/misc: Introduce a model of Xilinx Versal's CFRAME_REG

[Peter Maydell]

From: Francisco Iglesias 

Introduce a model of Xilinx Versal's Configuration Frame controller
(CFRAME_REG).

Signed-off-by: Francisco Iglesias 
Message-id: 20230831165701.2016397-6-francisco.igles...@amd.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 MAINTAINERS  |   2 +
 include/hw/misc/xlnx-versal-cframe-reg.h | 286 ++
 hw/misc/xlnx-versal-cframe-reg.c | 697 +++
 hw/misc/meson.build  |   1 +
 4 files changed, 986 insertions(+)
 create mode 100644 include/hw/misc/xlnx-versal-cframe-reg.h
 create mode 100644 hw/misc/xlnx-versal-cframe-reg.c

diff --git a/MAINTAINERS b/MAINTAINERS
index 5b01fbe065e..57c5533dcfe 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1033,6 +1033,8 @@ F: hw/misc/xlnx-cfi-if.c
 F: include/hw/misc/xlnx-cfi-if.h
 F: hw/misc/xlnx-versal-cfu.c
 F: include/hw/misc/xlnx-versal-cfu.h
+F: hw/misc/xlnx-versal-cframe-reg.c
+F: include/hw/misc/xlnx-versal-cframe-reg.h
 
 STM32F100
 M: Alexandre Iooss 
diff --git a/include/hw/misc/xlnx-versal-cframe-reg.h 
b/include/hw/misc/xlnx-versal-cframe-reg.h
new file mode 100644
index 000..f286d973bf1
--- /dev/null
+++ b/include/hw/misc/xlnx-versal-cframe-reg.h
@@ -0,0 +1,286 @@
+/*
+ * QEMU model of the Configuration Frame Control module
+ *
+ * Copyright (C) 2023, Advanced Micro Devices, Inc.
+ *
+ * Written by Francisco Iglesias 
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * References:
+ * [1] Versal ACAP Technical Reference Manual,
+ * 
https://www.xilinx.com/support/documentation/architecture-manuals/am011-versal-acap-trm.pdf
+ *
+ * [2] Versal ACAP Register Reference,
+ * 
https://www.xilinx.com/htmldocs/registers/am012/am012-versal-register-reference.html
+ */
+#ifndef HW_MISC_XLNX_VERSAL_CFRAME_REG_H
+#define HW_MISC_XLNX_VERSAL_CFRAME_REG_H
+
+#include "hw/sysbus.h"
+#include "hw/register.h"
+#include "hw/misc/xlnx-cfi-if.h"
+#include "hw/misc/xlnx-versal-cfu.h"
+#include "qemu/fifo32.h"
+
+#define TYPE_XLNX_VERSAL_CFRAME_REG "xlnx,cframe-reg"
+OBJECT_DECLARE_SIMPLE_TYPE(XlnxVersalCFrameReg, XLNX_VERSAL_CFRAME_REG)
+
+/*
+ * The registers in this module are 128 bits wide but it is ok to write
+ * and read them through 4 sequential 32 bit accesses (address[3:2] = 0,
+ * 1, 2, 3).
+ */
+REG32(CRC0, 0x0)
+FIELD(CRC, CRC, 0, 32)
+REG32(CRC1, 0x4)
+REG32(CRC2, 0x8)
+REG32(CRC3, 0xc)
+REG32(FAR0, 0x10)
+FIELD(FAR0, SEGMENT, 23, 2)
+FIELD(FAR0, BLOCKTYPE, 20, 3)
+FIELD(FAR0, FRAME_ADDR, 0, 20)
+REG32(FAR1, 0x14)
+REG32(FAR2, 0x18)
+REG32(FAR3, 0x1c)
+REG32(FAR_SFR0, 0x20)
+FIELD(FAR_SFR0, BLOCKTYPE, 20, 3)
+FIELD(FAR_SFR0, FRAME_ADDR, 0, 20)
+REG32(FAR_SFR1, 0x24)
+REG32(FAR_SFR2, 0x28)
+REG32(FAR_SFR3, 0x2c)
+REG32(FDRI0, 0x40)
+REG32(FDRI1, 0x44)
+REG32(FDRI2, 0x48)
+REG32(FDRI3, 0x4c)
+REG32(FRCNT0, 0x50)
+FIELD(FRCNT0, FRCNT, 0, 32)
+REG32(FRCNT1, 0x54)
+REG32(FRCNT2, 0x58)
+REG32(FRCNT3, 0x5c)
+REG32(CMD0, 0x60)
+FIELD(CMD0, CMD, 0, 5)
+REG32(CMD1, 0x64)
+REG32(CMD2, 0x68)
+REG32(CMD3, 0x6c)
+REG32(CR_MASK0, 0x70)
+REG32(CR_MASK1, 0x74)
+REG32(CR_MASK2, 0x78)
+REG32(CR_MASK3, 0x7c)
+REG32(CTL0, 0x80)
+FIELD(CTL, PER_FRAME_CRC, 0, 1)
+REG32(CTL1, 0x84)
+REG32(CTL2, 0x88)
+REG32(CTL3, 0x8c)
+REG32(CFRM_ISR0, 0x150)
+FIELD(CFRM_ISR0, READ_BROADCAST_ERROR, 21, 1)
+FIELD(CFRM_ISR0, CMD_MISSING_ERROR, 20, 1)
+FIELD(CFRM_ISR0, RW_ROWOFF_ERROR, 19, 1)
+FIELD(CFRM_ISR0, READ_REG_ADDR_ERROR, 18, 1)
+FIELD(CFRM_ISR0, READ_BLK_TYPE_ERROR, 17, 1)
+FIELD(CFRM_ISR0, READ_FRAME_ADDR_ERROR, 16, 1)
+FIELD(CFRM_ISR0, WRITE_REG_ADDR_ERROR, 15, 1)
+FIELD(CFRM_ISR0, WRITE_BLK_TYPE_ERROR, 13, 1)
+FIELD(CFRM_ISR0, WRITE_FRAME_ADDR_ERROR, 12, 1)
+FIELD(CFRM_ISR0, MFW_OVERRUN_ERROR, 11, 1)
+FIELD(CFRM_ISR0, FAR_FIFO_UNDERFLOW, 10, 1)
+FIELD(CFRM_ISR0, FAR_FIFO_OVERFLOW, 9, 1)
+FIELD(CFRM_ISR0, PER_FRAME_SEQ_ERROR, 8, 1)
+FIELD(CFRM_ISR0, CRC_ERROR, 7, 1)
+FIELD(CFRM_ISR0, WRITE_OVERRUN_ERROR, 6, 1)
+FIELD(CFRM_ISR0, READ_OVERRUN_ERROR, 5, 1)
+FIELD(CFRM_ISR0, CMD_INTERRUPT_ERROR, 4, 1)
+FIELD(CFRM_ISR0, WRITE_INTERRUPT_ERROR, 3, 1)
+FIELD(CFRM_ISR0, READ_INTERRUPT_ERROR, 2, 1)
+FIELD(CFRM_ISR0, SEU_CRC_ERROR, 1, 1)
+FIELD(CFRM_ISR0, SEU_ECC_ERROR, 0, 1)
+REG32(CFRM_ISR1, 0x154)
+REG32(CFRM_ISR2, 0x158)
+REG32(CFRM_ISR3, 0x15c)
+REG32(CFRM_IMR0, 0x160)
+FIELD(CFRM_IMR0, READ_BROADCAST_ERROR, 21, 1)
+FIELD(CFRM_IMR0, CMD_MISSING_ERROR, 20, 1)
+FIELD(CFRM_IMR0, RW_ROWOFF_ERROR, 19, 1)
+FIELD(CFRM_IMR0, READ_REG_ADDR_ERROR, 18, 1)
+FIELD(CFRM_IMR0, READ_BLK_TYPE_ERROR, 17, 1)
+FIELD(CFRM_IMR0, READ_FRAME_ADDR_ERROR, 16, 1)
+FIELD(CFRM_IMR0, WRITE_REG_ADDR_ERROR, 15, 1)
+FIELD(CFRM_IMR0, WRITE_BLK_TYPE_ERROR, 13, 1)
+FIELD(CFRM_IMR0, WRITE_FRAME_ADDR_ERROR, 12, 1)
+FIELD(CFRM_IMR0, MFW_OVERRUN_ERROR, 11, 1)
+FIELD(CFRM_IMR0, FAR_FIFO_UNDERFLOW, 10, 1)
+FIELD(CFRM_IMR0, 

[PULL 01/26] tests/tcg/aarch64: Adjust pauth tests for FEAT_FPAC

[Peter Maydell]

From: Richard Henderson 

With FEAT_FPAC, AUT* instructions that fail authentication
do not produce an error value but instead fault.

For pauth-2, install a signal handler and verify it gets called.

For pauth-4 and pauth-5, we are explicitly testing the error value,
so there's nothing to test with FEAT_FPAC, so exit early.
Adjust the makefile to use -cpu neoverse-v1, which has FEAT_EPAC
but not FEAT_FPAC.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20230829232335.965414-2-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 tests/tcg/aarch64/pauth.h | 23 +
 tests/tcg/aarch64/pauth-2.c   | 54 ++-
 tests/tcg/aarch64/pauth-4.c   | 18 ---
 tests/tcg/aarch64/pauth-5.c   | 10 ++
 tests/tcg/aarch64/Makefile.target |  6 +++-
 5 files changed, 98 insertions(+), 13 deletions(-)
 create mode 100644 tests/tcg/aarch64/pauth.h

diff --git a/tests/tcg/aarch64/pauth.h b/tests/tcg/aarch64/pauth.h
new file mode 100644
index 000..543b234437f
--- /dev/null
+++ b/tests/tcg/aarch64/pauth.h
@@ -0,0 +1,23 @@
+/*
+ * Helper for pauth test case
+ *
+ * Copyright (c) 2023 Linaro Ltd
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include 
+#include 
+
+static int get_pac_feature(void)
+{
+unsigned long isar1, isar2;
+
+assert(getauxval(AT_HWCAP) & HWCAP_CPUID);
+
+asm("mrs %0, id_aa64isar1_el1" : "=r"(isar1));
+asm("mrs %0, S3_0_C0_C6_2" : "=r"(isar2)); /* id_aa64isar2_el1 */
+
+return ((isar1 >> 4) & 0xf)   /* APA */
+ | ((isar1 >> 8) & 0xf)   /* API */
+ | ((isar2 >> 12) & 0xf); /* APA3 */
+}
diff --git a/tests/tcg/aarch64/pauth-2.c b/tests/tcg/aarch64/pauth-2.c
index 978652ede3a..89ffdbf1df7 100644
--- a/tests/tcg/aarch64/pauth-2.c
+++ b/tests/tcg/aarch64/pauth-2.c
@@ -1,5 +1,22 @@
 #include 
+#include 
+#include 
 #include 
+#include "pauth.h"
+
+
+static void sigill(int sig, siginfo_t *info, void *vuc)
+{
+ucontext_t *uc = vuc;
+uint64_t test;
+
+/* There is only one insn below that is allowed to fault. */
+asm volatile("adr %0, auth2_insn" : "=r"(test));
+assert(test == uc->uc_mcontext.pc);
+exit(0);
+}
+
+static int pac_feature;
 
 void do_test(uint64_t value)
 {
@@ -27,31 +44,52 @@ void do_test(uint64_t value)
  * An invalid salt usually fails authorization, but again there
  * is a chance of choosing another salt that works.
  * Iterate until we find another salt which does fail.
+ *
+ * With FEAT_FPAC, this will SIGILL instead of producing a result.
  */
 for (salt2 = salt1 + 1; ; salt2++) {
-asm volatile("autda %0, %2" : "=r"(decode) : "0"(encode), "r"(salt2));
+asm volatile("auth2_insn: autda %0, %2"
+ : "=r"(decode) : "0"(encode), "r"(salt2));
 if (decode != value) {
 break;
 }
 }
 
+assert(pac_feature < 4);  /* No FEAT_FPAC */
+
 /* The VA bits, bit 55, and the TBI bits, should be unchanged.  */
 assert(((decode ^ value) & 0xff80ull) == 0);
 
 /*
- * Bits [54:53] are an error indicator based on the key used;
- * the DA key above is keynumber 0, so error == 0b01.  Otherwise
- * bit 55 of the original is sign-extended into the rest of the auth.
+ * Without FEAT_Pauth2, bits [54:53] are an error indicator based on
+ * the key used; the DA key above is keynumber 0, so error == 0b01.
+ * Otherwise, bit 55 of the original is sign-extended into the rest
+ * of the auth.
  */
-if ((value >> 55) & 1) {
-assert(((decode >> 48) & 0xff) == 0b1011);
-} else {
-assert(((decode >> 48) & 0xff) == 0b0010);
+if (pac_feature < 3) {
+if ((value >> 55) & 1) {
+assert(((decode >> 48) & 0xff) == 0b1011);
+} else {
+assert(((decode >> 48) & 0xff) == 0b0010);
+}
 }
 }
 
 int main()
 {
+static const struct sigaction sa = {
+.sa_sigaction = sigill,
+.sa_flags = SA_SIGINFO
+};
+
+pac_feature = get_pac_feature();
+assert(pac_feature != 0);
+
+if (pac_feature >= 4) {
+/* FEAT_FPAC */
+sigaction(SIGILL, , NULL);
+}
+
 do_test(0);
 do_test(0xda004acedeadbeefull);
 return 0;
diff --git a/tests/tcg/aarch64/pauth-4.c b/tests/tcg/aarch64/pauth-4.c
index 24a639e36ca..b254f413afd 100644
--- a/tests/tcg/aarch64/pauth-4.c
+++ b/tests/tcg/aarch64/pauth-4.c
@@ -2,14 +2,24 @@
 #include 
 #include 
 #include 
+#include "pauth.h"
 
 #define TESTS 1000
 
 int main()
 {
+char base[TESTS];
 int i, count = 0;
 float perc;
-void *base = malloc(TESTS);
+int pac_feature = get_pac_feature();
+
+/*
+ * Exit if no PAuth or FEAT_FPAC, which will SIGILL on AUTIA failure
+ * rather than return an error for us to check below.
+ */
+if (pac_feature == 0 || pac_feature >= 4) {
+return 0;
+}
 
 for (i = 0; i < TESTS; 

[PULL 22/26] target/arm: Implement cortex-a710

[Peter Maydell]

From: Richard Henderson 

The cortex-a710 is a first generation ARMv9.0-A processor.

Signed-off-by: Richard Henderson 
Message-id: 20230831232441.66020-3-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 docs/system/arm/virt.rst |   1 +
 hw/arm/virt.c|   1 +
 target/arm/tcg/cpu64.c   | 212 +++
 3 files changed, 214 insertions(+)

diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
index 51cdac68410..e1697ac8f48 100644
--- a/docs/system/arm/virt.rst
+++ b/docs/system/arm/virt.rst
@@ -58,6 +58,7 @@ Supported guest CPU types:
 - ``cortex-a57`` (64-bit)
 - ``cortex-a72`` (64-bit)
 - ``cortex-a76`` (64-bit)
+- ``cortex-a710`` (64-bit)
 - ``a64fx`` (64-bit)
 - ``host`` (with KVM only)
 - ``neoverse-n1`` (64-bit)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index a13c658bbf6..8ad78b23c24 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -211,6 +211,7 @@ static const char *valid_cpus[] = {
 ARM_CPU_TYPE_NAME("cortex-a55"),
 ARM_CPU_TYPE_NAME("cortex-a72"),
 ARM_CPU_TYPE_NAME("cortex-a76"),
+ARM_CPU_TYPE_NAME("cortex-a710"),
 ARM_CPU_TYPE_NAME("a64fx"),
 ARM_CPU_TYPE_NAME("neoverse-n1"),
 ARM_CPU_TYPE_NAME("neoverse-v1"),
diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c
index ef222da57d4..6e5192ebfc3 100644
--- a/target/arm/tcg/cpu64.c
+++ b/target/arm/tcg/cpu64.c
@@ -745,6 +745,217 @@ static void aarch64_neoverse_v1_initfn(Object *obj)
 aarch64_add_sve_properties(obj);
 }
 
+static const ARMCPRegInfo cortex_a710_cp_reginfo[] = {
+{ .name = "CPUACTLR_EL1", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 0,
+  .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0,
+  .accessfn = access_actlr_w },
+{ .name = "CPUACTLR2_EL1", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 1,
+  .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0,
+  .accessfn = access_actlr_w },
+{ .name = "CPUACTLR3_EL1", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 2,
+  .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0,
+  .accessfn = access_actlr_w },
+{ .name = "CPUACTLR4_EL1", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 3,
+  .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0,
+  .accessfn = access_actlr_w },
+{ .name = "CPUECTLR_EL1", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 4,
+  .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0,
+  .accessfn = access_actlr_w },
+{ .name = "CPUECTLR2_EL1", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 5,
+  .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0,
+  .accessfn = access_actlr_w },
+{ .name = "CPUPPMCR_EL3", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 4,
+  .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = "CPUPWRCTLR_EL1", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 7,
+  .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0,
+  .accessfn = access_actlr_w },
+{ .name = "ATCR_EL1", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 7, .opc2 = 0,
+  .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = "CPUACTLR5_EL1", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 8, .opc2 = 0,
+  .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0,
+  .accessfn = access_actlr_w },
+{ .name = "CPUACTLR6_EL1", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 8, .opc2 = 1,
+  .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0,
+  .accessfn = access_actlr_w },
+{ .name = "CPUACTLR7_EL1", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 8, .opc2 = 2,
+  .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0,
+  .accessfn = access_actlr_w },
+{ .name = "ATCR_EL2", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 4, .crn = 15, .crm = 7, .opc2 = 0,
+  .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = "AVTCR_EL2", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 4, .crn = 15, .crm = 7, .opc2 = 1,
+  .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = "CPUPPMCR_EL3", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 2, .opc2 = 0,
+  .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = "CPUPPMCR2_EL3", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 2, .opc2 = 1,
+  .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = "CPUPPMCR4_EL3", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, 

[PULL 09/26] target/arm: Implement FEAT_FPAC and FEAT_FPACCOMBINE

[Peter Maydell]

From: Aaron Lindsay 

Signed-off-by: Aaron Lindsay 
Reviewed-by: Richard Henderson 
Signed-off-by: Richard Henderson 
Message-id: 20230829232335.965414-10-richard.hender...@linaro.org
Message-Id: <20230609172324.982888-8-aa...@os.amperecomputing.com>
[rth: Simplify fpac comparison, reusing cmp_mask]
Signed-off-by: Richard Henderson 
Signed-off-by: Peter Maydell 
---
 docs/system/arm/emulation.rst |  2 ++
 target/arm/syndrome.h |  7 +++
 target/arm/tcg/cpu64.c|  2 +-
 target/arm/tcg/pauth_helper.c | 18 +-
 4 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index b5a667527b5..305b36b19e7 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -35,6 +35,8 @@ the following architecture extensions:
 - FEAT_FGT (Fine-Grained Traps)
 - FEAT_FHM (Floating-point half-precision multiplication instructions)
 - FEAT_FP16 (Half-precision floating-point data processing)
+- FEAT_FPAC (Faulting on AUT* instructions)
+- FEAT_FPACCOMBINE (Faulting on combined pointer authentication instructions)
 - FEAT_FRINTTS (Floating-point to integer instructions)
 - FEAT_FlagM (Flag manipulation instructions v2)
 - FEAT_FlagM2 (Enhancements to flag manipulation instructions)
diff --git a/target/arm/syndrome.h b/target/arm/syndrome.h
index 62254d0e518..8a6b8f8162a 100644
--- a/target/arm/syndrome.h
+++ b/target/arm/syndrome.h
@@ -49,6 +49,7 @@ enum arm_exception_class {
 EC_SYSTEMREGISTERTRAP = 0x18,
 EC_SVEACCESSTRAP  = 0x19,
 EC_ERETTRAP   = 0x1a,
+EC_PACFAIL= 0x1c,
 EC_SMETRAP= 0x1d,
 EC_GPC= 0x1e,
 EC_INSNABORT  = 0x20,
@@ -232,6 +233,12 @@ static inline uint32_t syn_smetrap(SMEExceptionType etype, 
bool is_16bit)
 | (is_16bit ? 0 : ARM_EL_IL) | etype;
 }
 
+static inline uint32_t syn_pacfail(bool data, int keynumber)
+{
+int error_code = (data << 1) | keynumber;
+return (EC_PACFAIL << ARM_EL_EC_SHIFT) | ARM_EL_IL | error_code;
+}
+
 static inline uint32_t syn_pactrap(void)
 {
 return EC_PACTRAP << ARM_EL_EC_SHIFT;
diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c
index be103702505..ef222da57d4 100644
--- a/target/arm/tcg/cpu64.c
+++ b/target/arm/tcg/cpu64.c
@@ -803,7 +803,7 @@ void aarch64_max_tcg_initfn(Object *obj)
 
 t = cpu->isar.id_aa64isar1;
 t = FIELD_DP64(t, ID_AA64ISAR1, DPB, 2);  /* FEAT_DPB2 */
-t = FIELD_DP64(t, ID_AA64ISAR1, APA, PauthFeat_2);
+t = FIELD_DP64(t, ID_AA64ISAR1, APA, PauthFeat_FPACCOMBINED);
 t = FIELD_DP64(t, ID_AA64ISAR1, API, 1);
 t = FIELD_DP64(t, ID_AA64ISAR1, JSCVT, 1);/* FEAT_JSCVT */
 t = FIELD_DP64(t, ID_AA64ISAR1, FCMA, 1); /* FEAT_FCMA */
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index c05c5b30ff9..4da2962ad5b 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -396,6 +396,14 @@ static uint64_t pauth_original_ptr(uint64_t ptr, 
ARMVAParameters param)
 }
 }
 
+static G_NORETURN
+void pauth_fail_exception(CPUARMState *env, bool data,
+  int keynumber, uintptr_t ra)
+{
+raise_exception_ra(env, EXCP_UDEF, syn_pacfail(data, keynumber),
+   exception_target_el(env), ra);
+}
+
 static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
ARMPACKey *key, bool data, int keynumber,
uintptr_t ra, bool is_combined)
@@ -416,7 +424,15 @@ static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, 
uint64_t modifier,
 cmp_mask &= ~MAKE_64BIT_MASK(55, 1);
 
 if (pauth_feature >= PauthFeat_2) {
-return ptr ^ (pac & cmp_mask);
+ARMPauthFeature fault_feature =
+is_combined ? PauthFeat_FPACCOMBINED : PauthFeat_FPAC;
+uint64_t result = ptr ^ (pac & cmp_mask);
+
+if (pauth_feature >= fault_feature
+&& ((result ^ sextract64(result, 55, 1)) & cmp_mask)) {
+pauth_fail_exception(env, data, keynumber, ra);
+}
+return result;
 }
 
 if ((pac ^ ptr) & cmp_mask) {
-- 
2.34.1

[PULL 04/26] target/arm: Don't change pauth features when changing algorithm

[Peter Maydell]

From: Richard Henderson 

We have cpu properties to adjust the pauth algorithm for the
purpose of speed of emulation.  Retain the set of pauth features
supported by the cpu even as the algorithm changes.

This already affects the neoverse-v1 cpu, which has FEAT_EPAC.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20230829232335.965414-5-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/cpu64.c | 70 +++---
 target/arm/tcg/cpu64.c |  2 ++
 2 files changed, 47 insertions(+), 25 deletions(-)

diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 96158093cc6..fd584a31da7 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -473,37 +473,57 @@ void aarch64_add_sme_properties(Object *obj)
 
 void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp)
 {
-int arch_val = 0, impdef_val = 0;
-uint64_t t;
+ARMPauthFeature features = cpu_isar_feature(pauth_feature, cpu);
+uint64_t isar1;
 
-/* Exit early if PAuth is enabled, and fall through to disable it */
-if ((kvm_enabled() || hvf_enabled()) && cpu->prop_pauth) {
-if (!cpu_isar_feature(aa64_pauth, cpu)) {
-error_setg(errp, "'pauth' feature not supported by %s on this 
host",
-   kvm_enabled() ? "KVM" : "hvf");
+/*
+ * These properties enable or disable Pauth as a whole, or change
+ * the pauth algorithm, but do not change the set of features that
+ * are present.  We have saved a copy of those features above and
+ * will now place it into the field that chooses the algorithm.
+ *
+ * Begin by disabling all fields.
+ */
+isar1 = cpu->isar.id_aa64isar1;
+isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, APA, 0);
+isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, GPA, 0);
+isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, API, 0);
+isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, GPI, 0);
+
+if (kvm_enabled() || hvf_enabled()) {
+/*
+ * Exit early if PAuth is enabled and fall through to disable it.
+ * The algorithm selection properties are not present.
+ */
+if (cpu->prop_pauth) {
+if (features == 0) {
+error_setg(errp, "'pauth' feature not supported by "
+   "%s on this host", current_accel_name());
+}
+return;
+}
+} else {
+/* Pauth properties are only present when the model supports it. */
+if (features == 0) {
+assert(!cpu->prop_pauth);
+return;
 }
 
-return;
-}
-
-/* TODO: Handle HaveEnhancedPAC, HaveEnhancedPAC2, HaveFPAC. */
-if (cpu->prop_pauth) {
-if (cpu->prop_pauth_impdef) {
-impdef_val = 1;
-} else {
-arch_val = 1;
+if (cpu->prop_pauth) {
+if (cpu->prop_pauth_impdef) {
+isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, API, features);
+isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, GPI, 1);
+} else {
+isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, APA, features);
+isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, GPA, 1);
+}
+} else if (cpu->prop_pauth_impdef) {
+error_setg(errp, "cannot enable pauth-impdef without pauth");
+error_append_hint(errp, "Add pauth=on to the CPU property 
list.\n");
 }
-} else if (cpu->prop_pauth_impdef) {
-error_setg(errp, "cannot enable pauth-impdef without pauth");
-error_append_hint(errp, "Add pauth=on to the CPU property list.\n");
 }
 
-t = cpu->isar.id_aa64isar1;
-t = FIELD_DP64(t, ID_AA64ISAR1, APA, arch_val);
-t = FIELD_DP64(t, ID_AA64ISAR1, GPA, arch_val);
-t = FIELD_DP64(t, ID_AA64ISAR1, API, impdef_val);
-t = FIELD_DP64(t, ID_AA64ISAR1, GPI, impdef_val);
-cpu->isar.id_aa64isar1 = t;
+cpu->isar.id_aa64isar1 = isar1;
 }
 
 static Property arm_cpu_pauth_property =
diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c
index 0f8972950d6..4a1d9816dfb 100644
--- a/target/arm/tcg/cpu64.c
+++ b/target/arm/tcg/cpu64.c
@@ -803,6 +803,8 @@ void aarch64_max_tcg_initfn(Object *obj)
 
 t = cpu->isar.id_aa64isar1;
 t = FIELD_DP64(t, ID_AA64ISAR1, DPB, 2);  /* FEAT_DPB2 */
+t = FIELD_DP64(t, ID_AA64ISAR1, APA, PauthFeat_1);
+t = FIELD_DP64(t, ID_AA64ISAR1, API, 1);
 t = FIELD_DP64(t, ID_AA64ISAR1, JSCVT, 1);/* FEAT_JSCVT */
 t = FIELD_DP64(t, ID_AA64ISAR1, FCMA, 1); /* FEAT_FCMA */
 t = FIELD_DP64(t, ID_AA64ISAR1, LRCPC, 2);/* FEAT_LRCPC2 */
-- 
2.34.1

[PULL 26/26] arm/kvm: Enable support for KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE

[Peter Maydell]

From: Shameer Kolothum 

Now that we have Eager Page Split support added for ARM in the kernel,
enable it in Qemu. This adds,
 -eager-split-size to -accel sub-options to set the eager page split chunk size.
 -enable KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE.

The chunk size specifies how many pages to break at a time, using a
single allocation. Bigger the chunk size, more pages need to be
allocated ahead of time.

Reviewed-by: Gavin Shan 
Signed-off-by: Shameer Kolothum 
Message-id: 20230905091246.1931-1-shameerali.kolothum.th...@huawei.com
Signed-off-by: Peter Maydell 
---
 include/sysemu/kvm_int.h |  1 +
 accel/kvm/kvm-all.c  |  1 +
 target/arm/kvm.c | 61 
 qemu-options.hx  | 15 ++
 4 files changed, 78 insertions(+)

diff --git a/include/sysemu/kvm_int.h b/include/sysemu/kvm_int.h
index 511b42bde5c..a5b9122cb82 100644
--- a/include/sysemu/kvm_int.h
+++ b/include/sysemu/kvm_int.h
@@ -116,6 +116,7 @@ struct KVMState
 uint64_t kvm_dirty_ring_bytes;  /* Size of the per-vcpu dirty ring */
 uint32_t kvm_dirty_ring_size;   /* Number of dirty GFNs per ring */
 bool kvm_dirty_ring_with_bitmap;
+uint64_t kvm_eager_split_size;  /* Eager Page Splitting chunk size */
 struct KVMDirtyRingReaper reaper;
 NotifyVmexitOption notify_vmexit;
 uint32_t notify_window;
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 2ba7521695e..ff1578bb32b 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -3763,6 +3763,7 @@ static void kvm_accel_instance_init(Object *obj)
 /* KVM dirty ring is by default off */
 s->kvm_dirty_ring_size = 0;
 s->kvm_dirty_ring_with_bitmap = false;
+s->kvm_eager_split_size = 0;
 s->notify_vmexit = NOTIFY_VMEXIT_OPTION_RUN;
 s->notify_window = 0;
 s->xen_version = 0;
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 23aeb099490..b66b936a958 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -30,6 +30,7 @@
 #include "exec/address-spaces.h"
 #include "hw/boards.h"
 #include "hw/irq.h"
+#include "qapi/visitor.h"
 #include "qemu/log.h"
 
 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
@@ -287,6 +288,26 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
 }
 }
 
+if (s->kvm_eager_split_size) {
+uint32_t sizes;
+
+sizes = kvm_vm_check_extension(s, KVM_CAP_ARM_SUPPORTED_BLOCK_SIZES);
+if (!sizes) {
+s->kvm_eager_split_size = 0;
+warn_report("Eager Page Split support not available");
+} else if (!(s->kvm_eager_split_size & sizes)) {
+error_report("Eager Page Split requested chunk size not valid");
+ret = -EINVAL;
+} else {
+ret = kvm_vm_enable_cap(s, KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE, 0,
+s->kvm_eager_split_size);
+if (ret < 0) {
+error_report("Enabling of Eager Page Split failed: %s",
+ strerror(-ret));
+}
+}
+}
+
 kvm_arm_init_debug(s);
 
 return ret;
@@ -1069,6 +1090,46 @@ bool kvm_arch_cpu_check_are_resettable(void)
 return true;
 }
 
+static void kvm_arch_get_eager_split_size(Object *obj, Visitor *v,
+  const char *name, void *opaque,
+  Error **errp)
+{
+KVMState *s = KVM_STATE(obj);
+uint64_t value = s->kvm_eager_split_size;
+
+visit_type_size(v, name, , errp);
+}
+
+static void kvm_arch_set_eager_split_size(Object *obj, Visitor *v,
+  const char *name, void *opaque,
+  Error **errp)
+{
+KVMState *s = KVM_STATE(obj);
+uint64_t value;
+
+if (s->fd != -1) {
+error_setg(errp, "Unable to set early-split-size after KVM has been 
initialized");
+return;
+}
+
+if (!visit_type_size(v, name, , errp)) {
+return;
+}
+
+if (value && !is_power_of_2(value)) {
+error_setg(errp, "early-split-size must be a power of two");
+return;
+}
+
+s->kvm_eager_split_size = value;
+}
+
 void kvm_arch_accel_class_init(ObjectClass *oc)
 {
+object_class_property_add(oc, "eager-split-size", "size",
+  kvm_arch_get_eager_split_size,
+  kvm_arch_set_eager_split_size, NULL, NULL);
+
+object_class_property_set_description(oc, "eager-split-size",
+"Eager Page Split chunk size for hugepages. (default: 0, disabled)");
 }
diff --git a/qemu-options.hx b/qemu-options.hx
index 463f520c57c..93d106aa9cb 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -186,6 +186,7 @@ DEF("accel", HAS_ARG, QEMU_OPTION_accel,
 "split-wx=on|off (enable TCG split w^x mapping)\n"
 "tb-size=n (TCG translation block cache size)\n"
 "dirty-ring-size=n (KVM dirty ring GFN count, default 0)\n"
+"  

[PULL 20/26] arm64: Restore trapless ptimer access

[Peter Maydell]

From: Colton Lewis 

Due to recent KVM changes, QEMU is setting a ptimer offset resulting
in unintended trap and emulate access and a consequent performance
hit. Filter out the PTIMER_CNT register to restore trapless ptimer
access.

Quoting Andrew Jones:

Simply reading the CNT register and writing back the same value is
enough to set an offset, since the timer will have certainly moved
past whatever value was read by the time it's written.  QEMU
frequently saves and restores all registers in the get-reg-list array,
unless they've been explicitly filtered out (with Linux commit
680232a94c12, KVM_REG_ARM_PTIMER_CNT is now in the array). So, to
restore trapless ptimer accesses, we need a QEMU patch to filter out
the register.

See
https://lore.kernel.org/kvmarm/gsntttsonus5@coltonlewis-kvm.c.googlers.com/T/#m0770023762a821db2a3f0dd0a7dc6aa54e0d0da9
for additional context.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Andrew Jones 
Signed-off-by: Colton Lewis 
Reviewed-by: Richard Henderson 
Tested-by: Colton Lewis 
Message-id: 20230831190052.129045-1-coltonle...@google.com
Signed-off-by: Peter Maydell 
---
 target/arm/kvm64.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index ac440c33f9a..5e95c496bb9 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -674,6 +674,7 @@ typedef struct CPRegStateLevel {
  */
 static const CPRegStateLevel non_runtime_cpregs[] = {
 { KVM_REG_ARM_TIMER_CNT, KVM_PUT_FULL_STATE },
+{ KVM_REG_ARM_PTIMER_CNT, KVM_PUT_FULL_STATE },
 };
 
 int kvm_arm_cpreg_level(uint64_t regidx)
-- 
2.34.1

[PULL 10/26] hw/intc/arm_gicv3_its: Avoid maybe-uninitialized error in get_vte()

[Peter Maydell]

From: Philippe Mathieu-Daudé 

Fix when using GCC v11.4 (Ubuntu 11.4.0-1ubuntu1~22.04) with CFLAGS=-Og:

  [4/6] Compiling C object libcommon.fa.p/hw_intc_arm_gicv3_its.c.o
  FAILED: libcommon.fa.p/hw_intc_arm_gicv3_its.c.o
  inlined from ‘lookup_vte’ at hw/intc/arm_gicv3_its.c:453:9,
  inlined from ‘vmovp_callback’ at hw/intc/arm_gicv3_its.c:1039:14:
  hw/intc/arm_gicv3_its.c:347:9: error: ‘vte.rdbase’ may be used uninitialized 
[-Werror=maybe-uninitialized]
347 | trace_gicv3_its_vte_read(vpeid, vte->valid, vte->vptsize,
| ^
348 |  vte->vptaddr, vte->rdbase);
|  ~~
  hw/intc/arm_gicv3_its.c: In function ‘vmovp_callback’:
  hw/intc/arm_gicv3_its.c:1036:13: note: ‘vte’ declared here
   1036 | VTEntry vte;
| ^~~

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Alex Bennée 
Message-id: 20230831131348.69032-1-phi...@linaro.org
Signed-off-by: Peter Maydell 
---
 hw/intc/arm_gicv3_its.c | 15 ++-
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/hw/intc/arm_gicv3_its.c b/hw/intc/arm_gicv3_its.c
index 43dfd7a35c7..5f552b4d37f 100644
--- a/hw/intc/arm_gicv3_its.c
+++ b/hw/intc/arm_gicv3_its.c
@@ -330,23 +330,20 @@ static MemTxResult get_vte(GICv3ITSState *s, uint32_t 
vpeid, VTEntry *vte)
 if (entry_addr == -1) {
 /* No L2 table entry, i.e. no valid VTE, or a memory error */
 vte->valid = false;
-goto out;
+trace_gicv3_its_vte_read_fault(vpeid);
+return MEMTX_OK;
 }
 vteval = address_space_ldq_le(as, entry_addr, MEMTXATTRS_UNSPECIFIED, 
);
 if (res != MEMTX_OK) {
-goto out;
+trace_gicv3_its_vte_read_fault(vpeid);
+return res;
 }
 vte->valid = FIELD_EX64(vteval, VTE, VALID);
 vte->vptsize = FIELD_EX64(vteval, VTE, VPTSIZE);
 vte->vptaddr = FIELD_EX64(vteval, VTE, VPTADDR);
 vte->rdbase = FIELD_EX64(vteval, VTE, RDBASE);
-out:
-if (res != MEMTX_OK) {
-trace_gicv3_its_vte_read_fault(vpeid);
-} else {
-trace_gicv3_its_vte_read(vpeid, vte->valid, vte->vptsize,
- vte->vptaddr, vte->rdbase);
-}
+trace_gicv3_its_vte_read(vpeid, vte->valid, vte->vptsize,
+ vte->vptaddr, vte->rdbase);
 return res;
 }
 
-- 
2.34.1

[PULL 05/26] target/arm: Implement FEAT_PACQARMA3

[Peter Maydell]

From: Richard Henderson 

Implement the QARMA3 cryptographic algorithm for PAC calculation.
Implement a cpu feature to select the algorithm and document it.

Signed-off-by: Aaron Lindsay 
Reviewed-by: Peter Maydell 
Reviewed-by: Richard Henderson 
Signed-off-by: Richard Henderson 
Message-id: 20230829232335.965414-6-richard.hender...@linaro.org
Message-Id: <20230609172324.982888-4-aa...@os.amperecomputing.com>
[rth: Merge cpu feature addition from another patch.]
Signed-off-by: Richard Henderson 
Signed-off-by: Peter Maydell 
---
 docs/system/arm/cpu-features.rst | 21 -
 docs/system/arm/emulation.rst|  3 ++
 target/arm/cpu.h |  1 +
 target/arm/arm-qmp-cmds.c|  2 +-
 target/arm/cpu64.c   | 24 --
 target/arm/tcg/pauth_helper.c| 54 ++--
 tests/qtest/arm-cpu-features.c   | 12 ++-
 7 files changed, 94 insertions(+), 23 deletions(-)

diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-features.rst
index 6bb88a40c77..a5fb929243c 100644
--- a/docs/system/arm/cpu-features.rst
+++ b/docs/system/arm/cpu-features.rst
@@ -210,15 +210,20 @@ TCG VCPU Features
 TCG VCPU features are CPU features that are specific to TCG.
 Below is the list of TCG VCPU features and their descriptions.
 
-``pauth-impdef``
-  When ``FEAT_Pauth`` is enabled, either the *impdef* (Implementation
-  Defined) algorithm is enabled or the *architected* QARMA algorithm
-  is enabled.  By default the impdef algorithm is disabled, and QARMA
-  is enabled.
+``pauth``
+  Enable or disable ``FEAT_Pauth`` entirely.
 
-  The architected QARMA algorithm has good cryptographic properties,
-  but can be quite slow to emulate.  The impdef algorithm used by QEMU
-  is non-cryptographic but significantly faster.
+``pauth-impdef``
+  When ``pauth`` is enabled, select the QEMU implementation defined algorithm.
+
+``pauth-qarma3``
+  When ``pauth`` is enabled, select the architected QARMA3 algorithm.
+
+Without either ``pauth-impdef`` or ``pauth-qarma3`` enabled,
+the architected QARMA5 algorithm is used.  The architected QARMA5
+and QARMA3 algorithms have good cryptographic properties, but can
+be quite slow to emulate.  The impdef algorithm used by QEMU is
+non-cryptographic but significantly faster.
 
 SVE CPU Properties
 ==
diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index 2e6a7c8961e..c4bc4074866 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -57,6 +57,9 @@ the following architecture extensions:
 - FEAT_MTE (Memory Tagging Extension)
 - FEAT_MTE2 (Memory Tagging Extension)
 - FEAT_MTE3 (MTE Asymmetric Fault Handling)
+- FEAT_PACIMP (Pointer authentication - IMPLEMENTATION DEFINED algorithm)
+- FEAT_PACQARMA3 (Pointer authentication - QARMA3 algorithm)
+- FEAT_PACQARMA5 (Pointer authentication - QARMA5 algorithm)
 - FEAT_PAN (Privileged access never)
 - FEAT_PAN2 (AT S1E1R and AT S1E1W instruction variants affected by PSTATE.PAN)
 - FEAT_PAN3 (Support for SCTLR_ELx.EPAN)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 225a9b5af54..6f75ccfcef9 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1072,6 +1072,7 @@ struct ArchCPU {
  */
 bool prop_pauth;
 bool prop_pauth_impdef;
+bool prop_pauth_qarma3;
 bool prop_lpa2;
 
 /* DCZ blocksize, in log_2(words), ie low 4 bits of DCZID_EL0 */
diff --git a/target/arm/arm-qmp-cmds.c b/target/arm/arm-qmp-cmds.c
index c8fa5240026..b53d5efe13d 100644
--- a/target/arm/arm-qmp-cmds.c
+++ b/target/arm/arm-qmp-cmds.c
@@ -95,7 +95,7 @@ static const char *cpu_model_advertised_features[] = {
 "sve640", "sve768", "sve896", "sve1024", "sve1152", "sve1280",
 "sve1408", "sve1536", "sve1664", "sve1792", "sve1920", "sve2048",
 "kvm-no-adjvtime", "kvm-steal-time",
-"pauth", "pauth-impdef",
+"pauth", "pauth-impdef", "pauth-qarma3",
 NULL
 };
 
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index fd584a31da7..f3d87e001f9 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -474,7 +474,7 @@ void aarch64_add_sme_properties(Object *obj)
 void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp)
 {
 ARMPauthFeature features = cpu_isar_feature(pauth_feature, cpu);
-uint64_t isar1;
+uint64_t isar1, isar2;
 
 /*
  * These properties enable or disable Pauth as a whole, or change
@@ -490,6 +490,10 @@ void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp)
 isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, API, 0);
 isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, GPI, 0);
 
+isar2 = cpu->isar.id_aa64isar2;
+isar2 = FIELD_DP64(isar2, ID_AA64ISAR2, APA3, 0);
+isar2 = FIELD_DP64(isar2, ID_AA64ISAR2, GPA3, 0);
+
 if (kvm_enabled() || hvf_enabled()) {
 /*
  * Exit early if PAuth is enabled and fall through to disable it.
@@ -510,26 +514,39 @@ void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp)
 }
 
 if (cpu->prop_pauth) {
+   

[PULL 02/26] target/arm: Add ID_AA64ISAR2_EL1

[Peter Maydell]

From: Aaron Lindsay 

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Signed-off-by: Aaron Lindsay 
Signed-off-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20230829232335.965414-3-richard.hender...@linaro.org
[PMM: drop the HVF part of the patch and just comment that
 we need to do something when the register appears in that API]
Signed-off-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h | 1 +
 target/arm/helper.c  | 4 ++--
 target/arm/hvf/hvf.c | 1 +
 target/arm/kvm64.c   | 2 ++
 4 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 278cc135c23..9b76cc68c6d 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1033,6 +1033,7 @@ struct ArchCPU {
 uint32_t dbgdevid1;
 uint64_t id_aa64isar0;
 uint64_t id_aa64isar1;
+uint64_t id_aa64isar2;
 uint64_t id_aa64pfr0;
 uint64_t id_aa64pfr1;
 uint64_t id_aa64mmfr0;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index e3f5a7d2bdc..f9f7c3c39e9 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8435,11 +8435,11 @@ void register_cp_regs_for_features(ARMCPU *cpu)
   .access = PL1_R, .type = ARM_CP_CONST,
   .accessfn = access_aa64_tid3,
   .resetvalue = cpu->isar.id_aa64isar1 },
-{ .name = "ID_AA64ISAR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
+{ .name = "ID_AA64ISAR2_EL1", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 2,
   .access = PL1_R, .type = ARM_CP_CONST,
   .accessfn = access_aa64_tid3,
-  .resetvalue = 0 },
+  .resetvalue = cpu->isar.id_aa64isar2 },
 { .name = "ID_AA64ISAR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 3,
   .access = PL1_R, .type = ARM_CP_CONST,
diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index 486f90be1d2..546c0e817f4 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -847,6 +847,7 @@ static bool 
hvf_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
 { HV_SYS_REG_ID_AA64DFR1_EL1, _isar.id_aa64dfr1 },
 { HV_SYS_REG_ID_AA64ISAR0_EL1, _isar.id_aa64isar0 },
 { HV_SYS_REG_ID_AA64ISAR1_EL1, _isar.id_aa64isar1 },
+/* Add ID_AA64ISAR2_EL1 here when HVF supports it */
 { HV_SYS_REG_ID_AA64MMFR0_EL1, _isar.id_aa64mmfr0 },
 { HV_SYS_REG_ID_AA64MMFR1_EL1, _isar.id_aa64mmfr1 },
 { HV_SYS_REG_ID_AA64MMFR2_EL1, _isar.id_aa64mmfr2 },
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index 4d904a1d11b..ac440c33f9a 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -304,6 +304,8 @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
   ARM64_SYS_REG(3, 0, 0, 6, 0));
 err |= read_sys_reg64(fdarray[2], >isar.id_aa64isar1,
   ARM64_SYS_REG(3, 0, 0, 6, 1));
+err |= read_sys_reg64(fdarray[2], >isar.id_aa64isar2,
+  ARM64_SYS_REG(3, 0, 0, 6, 2));
 err |= read_sys_reg64(fdarray[2], >isar.id_aa64mmfr0,
   ARM64_SYS_REG(3, 0, 0, 7, 0));
 err |= read_sys_reg64(fdarray[2], >isar.id_aa64mmfr1,
-- 
2.34.1

[PULL 18/26] hw/arm/versal: Connect the CFRAME_REG and CFRAME_BCAST_REG

[Peter Maydell]

From: Francisco Iglesias 

Connect the Configuration Frame controller (CFRAME_REG) and the
Configuration Frame broadcast controller (CFRAME_BCAST_REG) to the
Versal machine.

Signed-off-by: Francisco Iglesias 
Reviewed-by: Peter Maydell 
Message-id: 20230831165701.2016397-9-francisco.igles...@amd.com
Signed-off-by: Peter Maydell 
---
 include/hw/arm/xlnx-versal.h |  69 +
 hw/arm/xlnx-versal.c | 113 ++-
 2 files changed, 181 insertions(+), 1 deletion(-)

diff --git a/include/hw/arm/xlnx-versal.h b/include/hw/arm/xlnx-versal.h
index 29b9c603010..7b419f88c2c 100644
--- a/include/hw/arm/xlnx-versal.h
+++ b/include/hw/arm/xlnx-versal.h
@@ -33,6 +33,7 @@
 #include "hw/misc/xlnx-versal-pmc-iou-slcr.h"
 #include "hw/net/xlnx-versal-canfd.h"
 #include "hw/misc/xlnx-versal-cfu.h"
+#include "hw/misc/xlnx-versal-cframe-reg.h"
 
 #define TYPE_XLNX_VERSAL "xlnx-versal"
 OBJECT_DECLARE_SIMPLE_TYPE(Versal, XLNX_VERSAL)
@@ -47,6 +48,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(Versal, XLNX_VERSAL)
 #define XLNX_VERSAL_NR_IRQS192
 #define XLNX_VERSAL_NR_CANFD   2
 #define XLNX_VERSAL_CANFD_REF_CLK (24 * 1000 * 1000)
+#define XLNX_VERSAL_NR_CFRAME  15
 
 struct Versal {
 /*< private >*/
@@ -121,6 +123,8 @@ struct Versal {
 XlnxVersalCFUAPB cfu_apb;
 XlnxVersalCFUFDRO cfu_fdro;
 XlnxVersalCFUSFR cfu_sfr;
+XlnxVersalCFrameReg cframe[XLNX_VERSAL_NR_CFRAME];
+XlnxVersalCFrameBcastReg cframe_bcast;
 
 OrIRQState apb_irq_orgate;
 } pmc;
@@ -256,6 +260,71 @@ struct Versal {
 #define MM_PMC_CFU_STREAM_2 0xf1f8
 #define MM_PMC_CFU_STREAM_2_SIZE0x4
 
+#define MM_PMC_CFRAME0_REG  0xf12d
+#define MM_PMC_CFRAME0_REG_SIZE 0x1000
+#define MM_PMC_CFRAME0_FDRI 0xf12d1000
+#define MM_PMC_CFRAME0_FDRI_SIZE0x1000
+#define MM_PMC_CFRAME1_REG  0xf12d2000
+#define MM_PMC_CFRAME1_REG_SIZE 0x1000
+#define MM_PMC_CFRAME1_FDRI 0xf12d3000
+#define MM_PMC_CFRAME1_FDRI_SIZE0x1000
+#define MM_PMC_CFRAME2_REG  0xf12d4000
+#define MM_PMC_CFRAME2_REG_SIZE 0x1000
+#define MM_PMC_CFRAME2_FDRI 0xf12d5000
+#define MM_PMC_CFRAME2_FDRI_SIZE0x1000
+#define MM_PMC_CFRAME3_REG  0xf12d6000
+#define MM_PMC_CFRAME3_REG_SIZE 0x1000
+#define MM_PMC_CFRAME3_FDRI 0xf12d7000
+#define MM_PMC_CFRAME3_FDRI_SIZE0x1000
+#define MM_PMC_CFRAME4_REG  0xf12d8000
+#define MM_PMC_CFRAME4_REG_SIZE 0x1000
+#define MM_PMC_CFRAME4_FDRI 0xf12d9000
+#define MM_PMC_CFRAME4_FDRI_SIZE0x1000
+#define MM_PMC_CFRAME5_REG  0xf12da000
+#define MM_PMC_CFRAME5_REG_SIZE 0x1000
+#define MM_PMC_CFRAME5_FDRI 0xf12db000
+#define MM_PMC_CFRAME5_FDRI_SIZE0x1000
+#define MM_PMC_CFRAME6_REG  0xf12dc000
+#define MM_PMC_CFRAME6_REG_SIZE 0x1000
+#define MM_PMC_CFRAME6_FDRI 0xf12dd000
+#define MM_PMC_CFRAME6_FDRI_SIZE0x1000
+#define MM_PMC_CFRAME7_REG  0xf12de000
+#define MM_PMC_CFRAME7_REG_SIZE 0x1000
+#define MM_PMC_CFRAME7_FDRI 0xf12df000
+#define MM_PMC_CFRAME7_FDRI_SIZE0x1000
+#define MM_PMC_CFRAME8_REG  0xf12e
+#define MM_PMC_CFRAME8_REG_SIZE 0x1000
+#define MM_PMC_CFRAME8_FDRI 0xf12e1000
+#define MM_PMC_CFRAME8_FDRI_SIZE0x1000
+#define MM_PMC_CFRAME9_REG  0xf12e2000
+#define MM_PMC_CFRAME9_REG_SIZE 0x1000
+#define MM_PMC_CFRAME9_FDRI 0xf12e3000
+#define MM_PMC_CFRAME9_FDRI_SIZE0x1000
+#define MM_PMC_CFRAME10_REG 0xf12e4000
+#define MM_PMC_CFRAME10_REG_SIZE0x1000
+#define MM_PMC_CFRAME10_FDRI0xf12e5000
+#define MM_PMC_CFRAME10_FDRI_SIZE   0x1000
+#define MM_PMC_CFRAME11_REG 0xf12e6000
+#define MM_PMC_CFRAME11_REG_SIZE0x1000
+#define MM_PMC_CFRAME11_FDRI0xf12e7000
+#define MM_PMC_CFRAME11_FDRI_SIZE   0x1000
+#define MM_PMC_CFRAME12_REG 0xf12e8000
+#define MM_PMC_CFRAME12_REG_SIZE0x1000
+#define MM_PMC_CFRAME12_FDRI0xf12e9000
+#define MM_PMC_CFRAME12_FDRI_SIZE   0x1000
+#define MM_PMC_CFRAME13_REG 0xf12ea000
+#define MM_PMC_CFRAME13_REG_SIZE0x1000
+#define MM_PMC_CFRAME13_FDRI0xf12eb000
+#define MM_PMC_CFRAME13_FDRI_SIZE   0x1000
+#define MM_PMC_CFRAME14_REG 0xf12ec000
+#define MM_PMC_CFRAME14_REG_SIZE0x1000
+#define MM_PMC_CFRAME14_FDRI0xf12ed000
+#define MM_PMC_CFRAME14_FDRI_SIZE   0x1000
+#define MM_PMC_CFRAME_BCAST_REG   0xf12ee000
+#define MM_PMC_CFRAME_BCAST_REG_SIZE  0x1000
+#define MM_PMC_CFRAME_BCAST_FDRI  0xf12ef000
+#define MM_PMC_CFRAME_BCAST_FDRI_SIZE 0x1000
+
 #define MM_PMC_CRP  0xf126U
 #define MM_PMC_CRP_SIZE 0x1
 #define MM_PMC_RTC  0xf12a
diff --git a/hw/arm/xlnx-versal.c b/hw/arm/xlnx-versal.c
index 3f4b4b15600..fa556d8764b 100644
--- a/hw/arm/xlnx-versal.c
+++ b/hw/arm/xlnx-versal.c
@@ -27,7 +27,7 @@
 #define XLNX_VERSAL_RCPU_TYPE 

[PULL 08/26] target/arm: Inform helpers whether a PAC instruction is 'combined'

[Peter Maydell]

From: Aaron Lindsay 

An instruction is a 'combined' Pointer Authentication instruction
if it does something in addition to PAC -- for instance, branching
to or loading an address from the authenticated pointer.

Knowing whether a PAC operation is 'combined' is needed to
implement FEAT_FPACCOMBINE.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Aaron Lindsay 
Reviewed-by: Richard Henderson 
Signed-off-by: Richard Henderson 
Message-id: 20230829232335.965414-9-richard.hender...@linaro.org
Message-Id: <20230609172324.982888-7-aa...@os.amperecomputing.com>
Signed-off-by: Richard Henderson 
Signed-off-by: Peter Maydell 
---
 target/arm/tcg/helper-a64.h|  4 ++
 target/arm/tcg/pauth_helper.c  | 71 +++---
 target/arm/tcg/translate-a64.c | 12 +++---
 3 files changed, 68 insertions(+), 19 deletions(-)

diff --git a/target/arm/tcg/helper-a64.h b/target/arm/tcg/helper-a64.h
index 3d5957c11f4..57cfd68569e 100644
--- a/target/arm/tcg/helper-a64.h
+++ b/target/arm/tcg/helper-a64.h
@@ -90,9 +90,13 @@ DEF_HELPER_FLAGS_3(pacda, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_3(pacdb, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_3(pacga, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_3(autia, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(autia_combined, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_3(autib, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(autib_combined, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_3(autda, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(autda_combined, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_3(autdb, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(autdb_combined, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_2(xpaci, TCG_CALL_NO_RWG_SE, i64, env, i64)
 DEF_HELPER_FLAGS_2(xpacd, TCG_CALL_NO_RWG_SE, i64, env, i64)
 
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index b6aeb905480..c05c5b30ff9 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -397,7 +397,8 @@ static uint64_t pauth_original_ptr(uint64_t ptr, 
ARMVAParameters param)
 }
 
 static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
-   ARMPACKey *key, bool data, int keynumber)
+   ARMPACKey *key, bool data, int keynumber,
+   uintptr_t ra, bool is_combined)
 {
 ARMCPU *cpu = env_archcpu(env);
 ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
@@ -519,44 +520,88 @@ uint64_t HELPER(pacga)(CPUARMState *env, uint64_t x, 
uint64_t y)
 return pac & 0xull;
 }
 
-uint64_t HELPER(autia)(CPUARMState *env, uint64_t x, uint64_t y)
+static uint64_t pauth_autia(CPUARMState *env, uint64_t x, uint64_t y,
+uintptr_t ra, bool is_combined)
 {
 int el = arm_current_el(env);
 if (!pauth_key_enabled(env, el, SCTLR_EnIA)) {
 return x;
 }
-pauth_check_trap(env, el, GETPC());
-return pauth_auth(env, x, y, >keys.apia, false, 0);
+pauth_check_trap(env, el, ra);
+return pauth_auth(env, x, y, >keys.apia, false, 0, ra, is_combined);
 }
 
-uint64_t HELPER(autib)(CPUARMState *env, uint64_t x, uint64_t y)
+uint64_t HELPER(autia)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autia(env, x, y, GETPC(), false);
+}
+
+uint64_t HELPER(autia_combined)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autia(env, x, y, GETPC(), true);
+}
+
+static uint64_t pauth_autib(CPUARMState *env, uint64_t x, uint64_t y,
+uintptr_t ra, bool is_combined)
 {
 int el = arm_current_el(env);
 if (!pauth_key_enabled(env, el, SCTLR_EnIB)) {
 return x;
 }
-pauth_check_trap(env, el, GETPC());
-return pauth_auth(env, x, y, >keys.apib, false, 1);
+pauth_check_trap(env, el, ra);
+return pauth_auth(env, x, y, >keys.apib, false, 1, ra, is_combined);
 }
 
-uint64_t HELPER(autda)(CPUARMState *env, uint64_t x, uint64_t y)
+uint64_t HELPER(autib)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autib(env, x, y, GETPC(), false);
+}
+
+uint64_t HELPER(autib_combined)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autib(env, x, y, GETPC(), true);
+}
+
+static uint64_t pauth_autda(CPUARMState *env, uint64_t x, uint64_t y,
+uintptr_t ra, bool is_combined)
 {
 int el = arm_current_el(env);
 if (!pauth_key_enabled(env, el, SCTLR_EnDA)) {
 return x;
 }
-pauth_check_trap(env, el, GETPC());
-return pauth_auth(env, x, y, >keys.apda, true, 0);
+pauth_check_trap(env, el, ra);
+return pauth_auth(env, x, y, >keys.apda, true, 0, ra, is_combined);
 }
 
-uint64_t HELPER(autdb)(CPUARMState *env, uint64_t x, uint64_t y)
+uint64_t HELPER(autda)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autda(env, x, y, GETPC(), false);
+}
+
+uint64_t 

[PULL 19/26] target/arm: Do not use gen_mte_checkN in trans_STGP

[Peter Maydell]

From: Richard Henderson 

STGP writes to tag memory, it does not check it.
This happened to work because we wrote tag memory first
so that the check always succeeded.

Signed-off-by: Richard Henderson 
Message-id: 20230901203103.136408-1-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/tcg/translate-a64.c | 41 +-
 1 file changed, 15 insertions(+), 26 deletions(-)

diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index c2bd96f5d43..7d2f8026e65 100644
--- a/target/arm/tcg/translate-a64.c
+++ b/target/arm/tcg/translate-a64.c
@@ -3020,37 +3020,17 @@ static bool trans_STGP(DisasContext *s, arg_ldstpair *a)
 tcg_gen_addi_i64(dirty_addr, dirty_addr, offset);
 }
 
-if (!s->ata) {
-/*
- * TODO: We could rely on the stores below, at least for
- * system mode, if we arrange to add MO_ALIGN_16.
- */
-gen_helper_stg_stub(cpu_env, dirty_addr);
-} else if (tb_cflags(s->base.tb) & CF_PARALLEL) {
-gen_helper_stg_parallel(cpu_env, dirty_addr, dirty_addr);
-} else {
-gen_helper_stg(cpu_env, dirty_addr, dirty_addr);
-}
-
-mop = finalize_memop(s, MO_64);
-clean_addr = gen_mte_checkN(s, dirty_addr, true, false, 2 << MO_64, mop);
-
+clean_addr = clean_data_tbi(s, dirty_addr);
 tcg_rt = cpu_reg(s, a->rt);
 tcg_rt2 = cpu_reg(s, a->rt2);
 
 /*
- * STGP is defined as two 8-byte memory operations and one tag operation.
- * We implement it as one single 16-byte memory operation for convenience.
- * Rebuild mop as for STP.
- * TODO: The atomicity with LSE2 is stronger than required.
- * Need a form of MO_ATOM_WITHIN16_PAIR that never requires
- * 16-byte atomicity.
+ * STGP is defined as two 8-byte memory operations, aligned to TAG_GRANULE,
+ * and one tag operation.  We implement it as one single aligned 16-byte
+ * memory operation for convenience.  Note that the alignment ensures
+ * MO_ATOM_IFALIGN_PAIR produces 8-byte atomicity for the memory store.
  */
-mop = MO_128;
-if (s->align_mem) {
-mop |= MO_ALIGN_8;
-}
-mop = finalize_memop_pair(s, mop);
+mop = finalize_memop_atom(s, MO_128 | MO_ALIGN, MO_ATOM_IFALIGN_PAIR);
 
 tmp = tcg_temp_new_i128();
 if (s->be_data == MO_LE) {
@@ -3060,6 +3040,15 @@ static bool trans_STGP(DisasContext *s, arg_ldstpair *a)
 }
 tcg_gen_qemu_st_i128(tmp, clean_addr, get_mem_index(s), mop);
 
+/* Perform the tag store, if tag access enabled. */
+if (s->ata) {
+if (tb_cflags(s->base.tb) & CF_PARALLEL) {
+gen_helper_stg_parallel(cpu_env, dirty_addr, dirty_addr);
+} else {
+gen_helper_stg(cpu_env, dirty_addr, dirty_addr);
+}
+}
+
 op_addr_ldstpair_post(s, a, dirty_addr, offset);
 return true;
 }
-- 
2.34.1