[PATCH] target/loongarch: Put cpucfg operation before CSR register

[Bibo Mao]

On Loongarch, cpucfg is register for cpu feature, some other registers
depend on cpucfg feature such as perf CSR registers. Here put cpucfg
read/write operations before CSR register, so that KVM knows how many
perf CSR registers are valid from pre-set cpucfg feature information.

Signed-off-by: Bibo Mao 
---
 target/loongarch/kvm/kvm.c | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/target/loongarch/kvm/kvm.c b/target/loongarch/kvm/kvm.c
index 8224d94333..bc75552d0f 100644
--- a/target/loongarch/kvm/kvm.c
+++ b/target/loongarch/kvm/kvm.c
@@ -587,22 +587,22 @@ int kvm_arch_get_registers(CPUState *cs)
 return ret;
 }
 
-ret = kvm_loongarch_get_csr(cs);
+ret = kvm_loongarch_get_cpucfg(cs);
 if (ret) {
 return ret;
 }
 
-ret = kvm_loongarch_get_regs_fp(cs);
+ret = kvm_loongarch_get_csr(cs);
 if (ret) {
 return ret;
 }
 
-ret = kvm_loongarch_get_mpstate(cs);
+ret = kvm_loongarch_get_regs_fp(cs);
 if (ret) {
 return ret;
 }
 
-ret = kvm_loongarch_get_cpucfg(cs);
+ret = kvm_loongarch_get_mpstate(cs);
 return ret;
 }
 
@@ -615,22 +615,22 @@ int kvm_arch_put_registers(CPUState *cs, int level)
 return ret;
 }
 
-ret = kvm_loongarch_put_csr(cs, level);
+ret = kvm_loongarch_put_cpucfg(cs);
 if (ret) {
 return ret;
 }
 
-ret = kvm_loongarch_put_regs_fp(cs);
+ret = kvm_loongarch_put_csr(cs, level);
 if (ret) {
 return ret;
 }
 
-ret = kvm_loongarch_put_mpstate(cs);
+ret = kvm_loongarch_put_regs_fp(cs);
 if (ret) {
 return ret;
 }
 
-ret = kvm_loongarch_put_cpucfg(cs);
+ret = kvm_loongarch_put_mpstate(cs);
 return ret;
 }
 

base-commit: a118c4aff4087eafb68f7132b233ad548cf16376
-- 
2.39.3

Re: [PULL 0/1] target/sparc late fix

[M Bazz]

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/9.0
for any user-visible changes.


The 9.0 Changelog was never updated. Could someone with the permissions
please add the following to the SPARC section:

sparc32: Fixed a longstanding softmmu bug that caused kernel panics
when the UserTxt ASI was accessed. 


Appreciated,
-- Bazz


-- PMM

Re: [PATCH v4 1/1] hw/arm/sbsa-ref: Enable CPU cluster on ARM sbsa machine

[xiongyining1...@phytium.com.cn]

xiongyining1...@phytium.com.cn
 
From: Richard Henderson
Date: 2024-04-27 00:06
To: Xiong Yining; qemu-arm; qemu-devel
CC: rad; peter.maydell; quic_llindhol; marcin.juszkiewicz
Subject: Re: [PATCH v4 1/1] hw/arm/sbsa-ref: Enable CPU cluster on ARM sbsa 
machine
On 4/26/24 00:35, Xiong Yining wrote:
> From: xiongyining1480 
> 
> Enable CPU cluster support on SbsaQemu platform, so that users can
> specify a 4-level CPU hierarchy sockets/clusters/cores/threads. And
> this topology can be passed to the firmware through DT cpu-map.
> 
> Signed-off-by: Xiong Yining 
> tested-by: Marcin Juszkiewicz 
> ---
>   docs/system/arm/sbsa.rst |  4 
>   hw/arm/sbsa-ref.c| 37 -
>   2 files changed, 40 insertions(+), 1 deletion(-)
 
> Isn't this basically what MPIDR_EL1 is supposed to indicate?
> We do not yet implement all of that in QEMU, but should.
 
> Why does the same info need to be replicated in devicetree?
 
sbsa uses PPTT to indicate the cpu topology, and OS use the ACPI to get 
hardware infomation. We add the related information in devicetree, and TF-A 
parses devicetree
and extract data form it , so EDK2 can gather data form TF-A to create PPTT 
tables via SMC calls. 

Now the PPTT tables created by EDK2 lose some detailed information, so the cpu 
topology OS identified cannot align with the qemu configure. We hope to add the 
topology 
information in device tree, so EKD2 can create more detailed PPTT tables.
 
> r~

Re: [PATCH v7 06/17] hw/loongarch: Init efi_boot_memmap table

[maobibo]

On 2024/4/26 下午5:15, Song Gao wrote:

Message test is also missing there :(


Signed-off-by: Song Gao 
Message-Id: <20240307164835.300412-7-gaos...@loongson.cn>
---
  include/hw/loongarch/boot.h | 27 +
  include/hw/loongarch/virt.h | 10 ++
  hw/loongarch/boot.c | 40 +
  hw/loongarch/virt.c | 11 ++
  4 files changed, 79 insertions(+), 9 deletions(-)

diff --git a/include/hw/loongarch/boot.h b/include/hw/loongarch/boot.h
index cf0e4d4f91..76622af2e2 100644
--- a/include/hw/loongarch/boot.h
+++ b/include/hw/loongarch/boot.h
@@ -21,6 +21,15 @@ typedef struct {
  uint8_t b[16];
  } efi_guid_t QEMU_ALIGNED(8);
  
+#define EFI_GUID(a, b, c, d...) (efi_guid_t){ {\

+(a) & 0xff, ((a) >> 8) & 0xff, ((a) >> 16) & 0xff, ((a) >> 24) & 0xff, 
\
+(b) & 0xff, ((b) >> 8) & 0xff, 
\
+(c) & 0xff, ((c) >> 8) & 0xff, d } }
+
+#define LINUX_EFI_BOOT_MEMMAP_GUID \
+EFI_GUID(0x800f683f, 0xd08b, 0x423a,  0xa2, 0x93, \
+ 0x96, 0x5c, 0x3c, 0x6f, 0xe2, 0xb4)
+
  struct efi_config_table {
  efi_guid_t guid;
  uint64_t *ptr;
@@ -56,6 +65,24 @@ struct efi_system_table {
  struct efi_configuration_table *tables;
  };
  
+typedef struct {

+uint32_t type;
+uint32_t pad;
+uint64_t phys_addr;
+uint64_t virt_addr;
+uint64_t num_pages;
+uint64_t attribute;
+} efi_memory_desc_t;
+
+struct efi_boot_memmap {
+uint64_t map_size;
+uint64_t desc_size;
+uint32_t desc_ver;
+uint64_t map_key;
+uint64_t buff_size;
+efi_memory_desc_t map[32];
+};
+
  struct loongarch_boot_info {
  uint64_t ram_size;
  const char *kernel_filename;
diff --git a/include/hw/loongarch/virt.h b/include/hw/loongarch/virt.h
index d7a074d69f..8a9fe4053d 100644
--- a/include/hw/loongarch/virt.h
+++ b/include/hw/loongarch/virt.h
@@ -35,6 +35,16 @@
  
  #define COMMAND_LINE_SIZE   512
  
+extern struct memmap_entry *memmap_table;

+extern unsigned memmap_entries;
+
+struct memmap_entry {
+uint64_t address;
+uint64_t length;
+uint32_t type;
+uint32_t reserved;
+};
+
  struct LoongArchMachineState {
  /*< private >*/
  MachineState parent_obj;
diff --git a/hw/loongarch/boot.c b/hw/loongarch/boot.c
index 46a241a04c..18aae3434d 100644
--- a/hw/loongarch/boot.c
+++ b/hw/loongarch/boot.c
@@ -63,8 +63,41 @@ static const unsigned int slave_boot_code[] = {
  0x4c20,   /* jirl   $zero, $ra,0   */
  };
  
+static inline void *guidcpy(void *dst, const void *src)

+{
+return memcpy(dst, src, sizeof(efi_guid_t));
+}
+
+static void init_efi_boot_memmap(struct efi_system_table *systab,
+ void *p, void *start)
+{
+unsigned i;
+struct efi_boot_memmap *boot_memmap = p;
+efi_guid_t tbl_guid = LINUX_EFI_BOOT_MEMMAP_GUID;
+
+/* efi_configuration_table 1 */
+guidcpy(>tables[0].guid, _guid);
+systab->tables[0].table = (struct efi_configuration_table *)(p - start);
+systab->nr_tables = 1;
+
+boot_memmap->desc_size = sizeof(efi_memory_desc_t);
+boot_memmap->desc_ver = 1;
+boot_memmap->map_size = 0;
+
+efi_memory_desc_t *map = p + sizeof(struct efi_boot_memmap);
+for (i = 0; i < memmap_entries; i++) {
+map = (void *)boot_memmap + sizeof(*map);
+map[i].type = memmap_table[i].type;
+map[i].phys_addr = ROUND_UP(memmap_table[i].address, 64 * KiB);
+map[i].num_pages = ROUND_DOWN(memmap_table[i].address +
+memmap_table[i].length - map[i].phys_addr, 64 * KiB);
+p += sizeof(efi_memory_desc_t);
+}
+}


Do you verify that memory size of VM is the same with qemu command line 
setting? I am ok if the test result is the same.


Reviewed-by: Bibo Mao 

+
  static void init_systab(struct loongarch_boot_info *info, void *p, void 
*start)
  {
+void *bp_tables_start;
  struct efi_system_table *systab = p;
  
  info->a2 = (uint64_t)p - (uint64_t)start;

@@ -80,6 +113,13 @@ static void init_systab(struct loongarch_boot_info *info, 
void *p, void *start)
  p += ROUND_UP(sizeof(struct efi_system_table), 64 * KiB);
  
  systab->tables = p;

+bp_tables_start = p;
+
+init_efi_boot_memmap(systab, p, start);
+p += ROUND_UP(sizeof(struct efi_boot_memmap) +
+  sizeof(efi_memory_desc_t) * memmap_entries, 64 * KiB);
+
+systab->tables = (struct efi_configuration_table *)(bp_tables_start - 
start);
  }
  
  static void init_cmdline(struct loongarch_boot_info *info, void *p, void *start)

diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index bfb88aedab..708aa8bc60 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -378,15 +378,8 @@ static void virt_powerdown_req(Notifier *notifier, void 
*opaque)
  acpi_send_event(s->acpi_ged, ACPI_POWER_DOWN_STATUS);
  }
  
-struct memmap_entry {

Re: [PATCH v7 03/17] hw/loongarch: Add slave cpu boot_code

[maobibo]

On 2024/4/26 下午5:15, Song Gao wrote:

Message text is missing here :(


Signed-off-by: Song Gao 
Message-Id: <20240307164835.300412-4-gaos...@loongson.cn>

It is strange that there is "Message-Id:" string. Is it required here?

The others look good to me, especially when bootrom for AP is put at 
BIOS flash area.


Regards
Bibo Mao


---
  hw/loongarch/boot.c | 62 -
  1 file changed, 61 insertions(+), 1 deletion(-)

diff --git a/hw/loongarch/boot.c b/hw/loongarch/boot.c
index a9522d6912..d1a8434127 100644
--- a/hw/loongarch/boot.c
+++ b/hw/loongarch/boot.c
@@ -15,6 +15,54 @@
  #include "sysemu/reset.h"
  #include "sysemu/qtest.h"
  
+static const unsigned int slave_boot_code[] = {

+  /* Configure reset ebase.*/
+0x0400302c,   /* csrwr  $t0, LOONGARCH_CSR_EENTRY  */
+
+  /* Disable interrupt.*/
+0x0380100c,   /* ori$t0, $zero,0x4 */
+0x04000180,   /* csrxchg$zero, $t0, LOONGARCH_CSR_CRMD */
+
+  /* Clear mailbox.*/
+0x142d,   /* lu12i.w$t1, 1(0x1)*/
+0x038081ad,   /* ori$t1, $t1, CORE_BUF_20  */
+0x06481da0,   /* iocsrwr.d  $zero, $t1 */
+
+  /* Enable IPI interrupt. */
+0x142c,   /* lu12i.w$t0, 1(0x1)*/
+0x0400118c,   /* csrxchg$t0, $t0, LOONGARCH_CSR_ECFG   */
+0x02fffc0c,   /* addi.d $t0, $r0,-1(0xfff) */
+0x142d,   /* lu12i.w$t1, 1(0x1)*/
+0x038011ad,   /* ori$t1, $t1, CORE_EN_OFF  */
+0x064819ac,   /* iocsrwr.w  $t0, $t1   */
+0x142d,   /* lu12i.w$t1, 1(0x1)*/
+0x038081ad,   /* ori$t1, $t1, CORE_BUF_20  */
+
+  /* Wait for wakeup  <.L11>:  */
+0x06488000,   /* idle   0x0*/
+0x0340,   /* andi   $zero, $zero, 0x0  */
+0x064809ac,   /* iocsrrd.w  $t0, $t1   */
+0x43fff59f,   /* beqz   $t0, -12(0x74) # 48 <.L11> */
+
+  /* Read and clear IPI interrupt. */
+0x142d,   /* lu12i.w$t1, 1(0x1)*/
+0x064809ac,   /* iocsrrd.w  $t0, $t1   */
+0x142d,   /* lu12i.w$t1, 1(0x1)*/
+0x038031ad,   /* ori$t1, $t1, CORE_CLEAR_OFF   */
+0x064819ac,   /* iocsrwr.w  $t0, $t1   */
+
+  /* Disable  IPI interrupt.   */
+0x142c,   /* lu12i.w$t0, 1(0x1)*/
+0x04001180,   /* csrxchg$zero, $t0, LOONGARCH_CSR_ECFG */
+
+  /* Read mail buf and jump to specified entry */
+0x142d,   /* lu12i.w$t1, 1(0x1)*/
+0x038081ad,   /* ori$t1, $t1, CORE_BUF_20  */
+0x06480dac,   /* iocsrrd.d  $t0, $t1   */
+0x00150181,   /* move   $ra, $t0   */
+0x4c20,   /* jirl   $zero, $ra,0   */
+};
+
  static uint64_t cpu_loongarch_virt_to_phys(void *opaque, uint64_t addr)
  {
  return addr & MAKE_64BIT_MASK(0, TARGET_PHYS_ADDR_SPACE_BITS);
@@ -126,11 +174,23 @@ static void loongarch_direct_kernel_boot(struct 
loongarch_boot_info *info)
  }
  }
  
+/* Load slave boot code at pflash0 . */

+void *boot_code = g_malloc0(VIRT_FLASH0_SIZE);
+memcpy(boot_code, _boot_code, sizeof(slave_boot_code));
+rom_add_blob_fixed("boot_code", boot_code, VIRT_FLASH0_SIZE, 
VIRT_FLASH0_BASE);
+
  CPU_FOREACH(cs) {
  lacpu = LOONGARCH_CPU(cs);
  lacpu->env.load_elf = true;
-lacpu->env.elf_address = kernel_addr;
+if (cs == first_cpu) {
+lacpu->env.elf_address = kernel_addr;
+} else {
+lacpu->env.elf_address = VIRT_FLASH0_BASE;
+}
+lacpu->env.boot_info = info;
  }
+
+g_free(boot_code);
  }
  
  void loongarch_load_kernel(MachineState *ms, struct loongarch_boot_info *info)

Re: [PATCH v2 1/1] target/riscv/kvm: fix timebase-frequency when using KVM acceleration

[Michael Tokarev]

27.04.2024 18:17, Andrew Jones :

I wrote instructions [2] for how to cross-compile without a full 
environment/container once. It might be better for quick, local testing.

[2] 
https://lore.kernel.org/qemu-riscv/20230726120706.335340-2-ajo...@ventanamicro.com/


I just extracted a few packages from debian riscv64 (like libglib & deps)
in a separate dir and pointed various tools (pkgconf, gcc -I, gcc -L) to
that dir.



49c211ffca00fdf7c is also needed.  So it's 3 so far, still not compile-
tested.  Anything else?


Those 3, the first of the series [1], are good. Not sure why it's still not 
compiling.


Yes, I picked up these 3 I mentioned, in addition to the problematic one
which is part of 8.2.3.  Once I had the build environment, I tried compiling
it, and it builds fine.  I wrote it is not compile-TESTED, not as it fails
to compile.

Also, I tried to build qemu on a real riscv64 hardware (on a debian porterbox),
-- it built fine (with the 3 mentioned changes applied) and is now running
tests, but it looks like it will be fine too.


[1] https://lists.gnu.org/archive/html/qemu-devel/2023-12/msg01132.html


So yes, I'm picking these additional 3 from this set, - the ones which
I already mentioned.

Thanks,

/mjt


--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

[RFC PATCH 09/14] exec/cpu: Restrict user-specific page definitions

[Philippe Mathieu-Daudé]

User-specific PAGE definitions shouldn't be used on system emulation.

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/exec/page-prot-common.h | 8 
 1 file changed, 8 insertions(+)

diff --git a/include/exec/page-prot-common.h b/include/exec/page-prot-common.h
index 2722ded724..b1fce45c15 100644
--- a/include/exec/page-prot-common.h
+++ b/include/exec/page-prot-common.h
@@ -17,16 +17,22 @@
 /*
  * Original state of the write flag (used when tracking self-modifying code)
  */
+#if defined(CONFIG_USER_ONLY)
 #define PAGE_WRITE_ORG 0x0010
+#endif
 /*
  * Invalidate the TLB entry immediately, helpful for s390x
  * Low-Address-Protection. Used with PAGE_WRITE in tlb_set_page_with_attrs()
  */
 #define PAGE_WRITE_INV 0x0020
 /* For use with page_set_flags: page is being replaced; target_data cleared. */
+#if defined(CONFIG_USER_ONLY)
 #define PAGE_RESET 0x0040
+#endif
 /* For linux-user, indicates that the page is MAP_ANON. */
+#if defined(CONFIG_USER_ONLY)
 #define PAGE_ANON  0x0080
+#endif
 
 /* Target-specific bits that will be used via page_get_flags().  */
 #define PAGE_TARGET_1  0x0200
@@ -36,6 +42,8 @@
  * For linux-user, indicates that the page is mapped with the same semantics
  * in both guest and host.
  */
+#if defined(CONFIG_USER_ONLY)
 #define PAGE_PASSTHROUGH 0x0800
+#endif
 
 #endif
-- 
2.41.0

[PATCH 06/14] exec/cpu: Remove obsolete PAGE_RESERVED definition

[Philippe Mathieu-Daudé]

We stopped using the PAGE_RESERVED definition in commit
50d25c8aec ("accel/tcg: Drop PAGE_RESERVED for CONFIG_BSD").
This completes commit 2e9a5713f0 ("Remove PAGE_RESERVED").

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/exec/cpu-all.h | 4 
 1 file changed, 4 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index eaa59a5cc1..5ea8c4d3ef 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -157,10 +157,6 @@ extern const TargetPageBits target_page;
 
 #define TARGET_PAGE_ALIGN(addr) ROUND_UP((addr), TARGET_PAGE_SIZE)
 
-#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
-/* FIXME: Code that sets/uses this is broken and needs to go away.  */
-#define PAGE_RESERVED  0x0100
-#endif
 /*
  * For linux-user, indicates that the page is mapped with the same semantics
  * in both guest and host.
-- 
2.41.0

[PATCH 14/14] accel/tcg: Access tcg_cflags with getter / setter

[Philippe Mathieu-Daudé]

Access the CPUState::tcg_cflags via tcg_cflags_has() and
tcg_cflags_set() helpers.

Mechanical change using the following Coccinelle spatch script:

  @@
  expression cpu;
  expression flags;
  @@
  - cpu->tcg_cflags & flags
  + tcg_cflags_has(cpu, flags)

  @@
  expression cpu;
  expression flags;
  @@
  - (tcg_cflags_has(cpu, flags))
  + tcg_cflags_has(cpu, flags)

  @@
  expression cpu;
  expression flags;
  @@
  - cpu->tcg_cflags |= flags;
  + tcg_cflags_set(cpu, flags);

Then manually moving the declarations, and adding both
tcg_cflags_has() and tcg_cflags_set() definitions.

Signed-off-by: Philippe Mathieu-Daudé 
---
 accel/tcg/internal-common.h |  3 ++-
 include/exec/cpu-common.h   |  7 +++
 include/exec/exec-all.h |  3 ---
 accel/tcg/cpu-exec.c| 10 ++
 accel/tcg/tcg-accel-ops.c   |  2 +-
 linux-user/mmap.c   |  8 
 linux-user/syscall.c|  4 ++--
 target/arm/cpu.c|  2 +-
 target/avr/cpu.c|  2 +-
 target/hexagon/cpu.c|  2 +-
 target/hppa/cpu.c   |  2 +-
 target/i386/cpu.c   |  2 +-
 target/i386/helper.c|  2 +-
 target/loongarch/cpu.c  |  2 +-
 target/microblaze/cpu.c |  2 +-
 target/mips/tcg/exception.c |  2 +-
 target/mips/tcg/sysemu/special_helper.c |  2 +-
 target/openrisc/cpu.c   |  2 +-
 target/riscv/tcg/tcg-cpu.c  |  4 ++--
 target/rx/cpu.c |  2 +-
 target/sh4/cpu.c|  4 ++--
 target/sparc/cpu.c  |  2 +-
 target/tricore/cpu.c|  2 +-
 23 files changed, 44 insertions(+), 29 deletions(-)

diff --git a/accel/tcg/internal-common.h b/accel/tcg/internal-common.h
index edefd0dcb7..ead53cb8a5 100644
--- a/accel/tcg/internal-common.h
+++ b/accel/tcg/internal-common.h
@@ -9,6 +9,7 @@
 #ifndef ACCEL_TCG_INTERNAL_COMMON_H
 #define ACCEL_TCG_INTERNAL_COMMON_H
 
+#include "exec/cpu-common.h"
 #include "exec/translation-block.h"
 
 extern int64_t max_delay;
@@ -20,7 +21,7 @@ extern int64_t max_advance;
  */
 static inline bool cpu_in_serial_context(CPUState *cs)
 {
-return !(cs->tcg_cflags & CF_PARALLEL) || cpu_in_exclusive_context(cs);
+return !tcg_cflags_has(cs, CF_PARALLEL) || cpu_in_exclusive_context(cs);
 }
 
 #endif
diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
index ced0b1c886..a9a6c694ee 100644
--- a/include/exec/cpu-common.h
+++ b/include/exec/cpu-common.h
@@ -178,6 +178,13 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
 void list_cpus(void);
 
 #ifdef CONFIG_TCG
+
+bool tcg_cflags_has(CPUState *cpu, uint32_t flags);
+void tcg_cflags_set(CPUState *cpu, uint32_t flags);
+
+/* current cflags for hashing/comparison */
+uint32_t curr_cflags(CPUState *cpu);
+
 /**
  * cpu_unwind_state_data:
  * @cpu: the cpu context
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 4c5e470581..2cd7b8f61b 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -510,9 +510,6 @@ static inline void tb_set_page_addr1(TranslationBlock *tb,
 #endif
 }
 
-/* current cflags for hashing/comparison */
-uint32_t curr_cflags(CPUState *cpu);
-
 /* TranslationBlock invalidate API */
 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr);
 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t last);
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 0329c6423e..c2f18ac633 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -147,6 +147,16 @@ static void init_delay_params(SyncClocks *sc, const 
CPUState *cpu)
 }
 #endif /* CONFIG USER ONLY */
 
+bool tcg_cflags_has(CPUState *cpu, uint32_t flags)
+{
+return cpu->tcg_cflags & flags;
+}
+
+void tcg_cflags_set(CPUState *cpu, uint32_t flags)
+{
+cpu->tcg_cflags |= flags;
+}
+
 uint32_t curr_cflags(CPUState *cpu)
 {
 uint32_t cflags = cpu->tcg_cflags;
diff --git a/accel/tcg/tcg-accel-ops.c b/accel/tcg/tcg-accel-ops.c
index be99105ac5..7ac5f0c974 100644
--- a/accel/tcg/tcg-accel-ops.c
+++ b/accel/tcg/tcg-accel-ops.c
@@ -62,7 +62,7 @@ void tcg_cpu_init_cflags(CPUState *cpu, bool parallel)
 
 cflags |= parallel ? CF_PARALLEL : 0;
 cflags |= icount_enabled() ? CF_USE_ICOUNT : 0;
-cpu->tcg_cflags |= cflags;
+tcg_cflags_set(cpu, cflags);
 }
 
 void tcg_cpu_destroy(CPUState *cpu)
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index ecde6b8812..5d50ad442f 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -960,8 +960,8 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int 
target_prot,
  */
 if (ret != -1 && (flags & MAP_TYPE) != MAP_PRIVATE) {
 CPUState *cpu = thread_cpu;
-if (!(cpu->tcg_cflags & CF_PARALLEL)) {
-cpu->tcg_cflags |= CF_PARALLEL;
+if 

[PATCH 07/14] exec/cpu: Remove duplicated PAGE_PASSTHROUGH definition

[Philippe Mathieu-Daudé]

Missed in commit 58771921af ("include/exec: Move PAGE_* macros
to common header"), PAGE_PASSTHROUGH ended being defined twice.

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/exec/cpu-all.h | 6 --
 1 file changed, 6 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 5ea8c4d3ef..8c3ad7153d 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -157,12 +157,6 @@ extern const TargetPageBits target_page;
 
 #define TARGET_PAGE_ALIGN(addr) ROUND_UP((addr), TARGET_PAGE_SIZE)
 
-/*
- * For linux-user, indicates that the page is mapped with the same semantics
- * in both guest and host.
- */
-#define PAGE_PASSTHROUGH 0x0800
-
 #if defined(CONFIG_USER_ONLY)
 void page_dump(FILE *f);
 
-- 
2.41.0

[PATCH 11/14] accel/tcg: Use cpu_loop_exit_requested() in cpu_loop_exec_tb()

[Philippe Mathieu-Daudé]

Do not open-code cpu_loop_exit_requested().

Signed-off-by: Philippe Mathieu-Daudé 
---
 accel/tcg/cpu-exec.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 225e5fbd3e..0329c6423e 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -900,8 +900,6 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, 
TranslationBlock *tb,
 vaddr pc, TranslationBlock **last_tb,
 int *tb_exit)
 {
-int32_t insns_left;
-
 trace_exec_tb(tb, pc);
 tb = cpu_tb_exec(cpu, tb, tb_exit);
 if (*tb_exit != TB_EXIT_REQUESTED) {
@@ -910,8 +908,7 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, 
TranslationBlock *tb,
 }
 
 *last_tb = NULL;
-insns_left = qatomic_read(>neg.icount_decr.u32);
-if (insns_left < 0) {
+if (cpu_loop_exit_requested(cpu)) {
 /* Something asked us to stop executing chained TBs; just
  * continue round the main loop. Whatever requested the exit
  * will also have set something else (eg exit_request or
@@ -925,6 +922,8 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, 
TranslationBlock *tb,
 /* Instruction counter expired.  */
 assert(icount_enabled());
 #ifndef CONFIG_USER_ONLY
+int32_t insns_left;
+
 /* Ensure global icount has gone forward */
 icount_update(cpu);
 /* Refill decrementer and continue execution.  */
-- 
2.41.0

[PATCH 12/14] accel/tcg: Remove pointless initialization of cflags_next_tb

[Philippe Mathieu-Daudé]

cflags_next_tb is always re-initialized in the CPU Reset()
handler in cpu_common_reset_hold(), no need to initialize
it in cpu_common_initfn().

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/core/cpu-common.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index a72d48d9e1..c4175cc4b9 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -255,7 +255,6 @@ static void cpu_common_initfn(Object *obj)
 /* the default value is changed by qemu_init_vcpu() for system-mode */
 cpu->nr_cores = 1;
 cpu->nr_threads = 1;
-cpu->cflags_next_tb = -1;
 
 qemu_mutex_init(>work_mutex);
 qemu_lockcnt_init(>in_ioctl_lock);
-- 
2.41.0

[PATCH 03/14] plugins/api: Only include 'exec/ram_addr.h' with system emulation

[Philippe Mathieu-Daudé]

"exec/ram_addr.h" shouldn't be used with user emulation.

Signed-off-by: Philippe Mathieu-Daudé 
---
 plugins/api.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/api.c b/plugins/api.c
index 8fa5a600ac..eaee344d8e 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -42,10 +42,10 @@
 #include "tcg/tcg.h"
 #include "exec/exec-all.h"
 #include "exec/gdbstub.h"
-#include "exec/ram_addr.h"
 #include "disas/disas.h"
 #include "plugin.h"
 #ifndef CONFIG_USER_ONLY
+#include "exec/ram_addr.h"
 #include "qemu/plugin-memory.h"
 #include "hw/boards.h"
 #else
-- 
2.41.0

[PATCH 08/14] exec/cpu: Extract page-protection definitions to page-prot-common.h

[Philippe Mathieu-Daudé]

Extract page-protection definitions from "exec/cpu-all.h"
to "exec/page-prot-common.h".

The list of files requiring the new header was generated
using:

$ git grep -wE \
  'PAGE_(READ|WRITE|EXEC|BITS|VALID|ANON|RESERVED|TARGET_.|PASSTHROUGH)'

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: Nicholas Piggin 
---
 bsd-user/bsd-mem.h   |  1 +
 bsd-user/qemu.h  |  1 +
 include/exec/cpu-all.h   |  1 +
 include/exec/cpu-common.h| 31 +
 include/exec/page-prot-common.h  | 41 
 include/semihosting/uaccess.h|  1 +
 target/arm/cpu.h |  1 +
 target/ppc/internal.h|  1 +
 target/ppc/mmu-radix64.h |  2 ++
 accel/tcg/cputlb.c   |  1 +
 accel/tcg/tb-maint.c |  1 +
 accel/tcg/user-exec.c|  1 +
 bsd-user/mmap.c  |  1 +
 bsd-user/signal.c|  1 +
 cpu-target.c |  1 +
 hw/ppc/ppc440_bamboo.c   |  1 +
 hw/ppc/sam460ex.c|  1 +
 hw/ppc/virtex_ml507.c|  1 +
 linux-user/arm/cpu_loop.c|  1 +
 linux-user/elfload.c |  1 +
 linux-user/mmap.c|  1 +
 linux-user/signal.c  |  1 +
 linux-user/syscall.c |  1 +
 system/physmem.c |  1 +
 target/alpha/helper.c|  1 +
 target/arm/ptw.c |  1 +
 target/arm/tcg/m_helper.c|  1 +
 target/arm/tcg/mte_helper.c  |  1 +
 target/arm/tcg/sve_helper.c  |  1 +
 target/avr/helper.c  |  1 +
 target/cris/mmu.c|  1 +
 target/hppa/mem_helper.c |  1 +
 target/hppa/translate.c  |  1 +
 target/i386/tcg/sysemu/excp_helper.c |  1 +
 target/loongarch/tcg/tlb_helper.c|  1 +
 target/m68k/helper.c |  1 +
 target/microblaze/helper.c   |  1 +
 target/microblaze/mmu.c  |  1 +
 target/mips/sysemu/physaddr.c|  1 +
 target/mips/tcg/sysemu/tlb_helper.c  |  1 +
 target/openrisc/mmu.c|  1 +
 target/ppc/mmu-hash32.c  |  1 +
 target/ppc/mmu-hash64.c  |  1 +
 target/ppc/mmu-radix64.c |  1 +
 target/ppc/mmu_common.c  |  1 +
 target/ppc/mmu_helper.c  |  1 +
 target/riscv/cpu_helper.c|  1 +
 target/riscv/pmp.c   |  1 +
 target/riscv/vector_helper.c |  1 +
 target/rx/cpu.c  |  1 +
 target/s390x/mmu_helper.c|  1 +
 target/s390x/tcg/mem_helper.c|  1 +
 target/sh4/helper.c  |  1 +
 target/sparc/ldst_helper.c   |  1 +
 target/sparc/mmu_helper.c|  1 +
 target/tricore/helper.c  |  1 +
 target/xtensa/mmu_helper.c   |  1 +
 target/xtensa/op_helper.c|  1 +
 58 files changed, 99 insertions(+), 30 deletions(-)
 create mode 100644 include/exec/page-prot-common.h

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index 21d9bab889..f95472bcab 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -56,6 +56,7 @@
 #include 
 
 #include "qemu-bsd.h"
+#include "exec/page-prot-common.h"
 
 extern struct bsd_shm_regions bsd_shm_regions[];
 extern abi_ulong target_brk;
diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
index 8629f0dcde..4631a3e23b 100644
--- a/bsd-user/qemu.h
+++ b/bsd-user/qemu.h
@@ -34,6 +34,7 @@ extern char **environ;
 #include "target_os_signal.h"
 #include "target.h"
 #include "exec/gdbstub.h"
+#include "exec/page-prot-common.h"
 #include "qemu/clang-tsa.h"
 
 #include "qemu-os.h"
diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 8c3ad7153d..563827b8ec 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -19,6 +19,7 @@
 #ifndef CPU_ALL_H
 #define CPU_ALL_H
 
+#include "exec/page-prot-common.h"
 #include "exec/cpu-common.h"
 #include "exec/memory.h"
 #include "exec/tswap.h"
diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
index 8812ba744d..ced0b1c886 100644
--- a/include/exec/cpu-common.h
+++ b/include/exec/cpu-common.h
@@ -14,6 +14,7 @@
 #endif
 #include "hw/core/cpu.h"
 #include "tcg/debug-assert.h"
+#include "exec/page-prot-common.h"
 
 #define EXCP_INTERRUPT  0x1 /* async interruption */
 #define EXCP_HLT0x10001 /* hlt instruction reached */
@@ -208,36 +209,6 @@ G_NORETURN void cpu_loop_exit_atomic(CPUState *cpu, 
uintptr_t pc);
 G_NORETURN void cpu_loop_exit(CPUState *cpu);
 G_NORETURN void cpu_loop_exit_restore(CPUState *cpu, uintptr_t pc);
 
-/* same as PROT_xxx */
-#define PAGE_READ  0x0001
-#define PAGE_WRITE 0x0002
-#define PAGE_EXEC  0x0004
-#define PAGE_BITS  (PAGE_READ | PAGE_WRITE | PAGE_EXEC)
-#define PAGE_VALID 0x0008
-/*
- * Original state of the write flag (used when tracking self-modifying code)
- */
-#define PAGE_WRITE_ORG 0x0010

[PATCH 10/14] exec/user: Restrict 'syscall-trace.h' to user emulation

[Philippe Mathieu-Daudé]

System emulation shouldn't use "user/syscall-trace.h".

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/user/syscall-trace.h | 4 
 1 file changed, 4 insertions(+)

diff --git a/include/user/syscall-trace.h b/include/user/syscall-trace.h
index b48b2b2d0a..6926434d9a 100644
--- a/include/user/syscall-trace.h
+++ b/include/user/syscall-trace.h
@@ -10,6 +10,10 @@
 #ifndef SYSCALL_TRACE_H
 #define SYSCALL_TRACE_H
 
+#ifndef CONFIG_USER_ONLY
+#error Cannot include this header from system emulation
+#endif
+
 #include "exec/user/abitypes.h"
 #include "gdbstub/user.h"
 #include "qemu/plugin.h"
-- 
2.41.0

[PATCH 04/14] exec: Include missing license in 'exec/cpu-common.h'

[Philippe Mathieu-Daudé]

Commit 1ad2134f91 ("Hardware convenience library") extracted
"cpu-common.h" from "cpu-all.h", which uses the LGPL-2.1+ license.

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/exec/cpu-common.h | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
index 6d5318895a..8812ba744d 100644
--- a/include/exec/cpu-common.h
+++ b/include/exec/cpu-common.h
@@ -1,8 +1,13 @@
+/*
+ * CPU interfaces that are target independent.
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * SPDX-License-Identifier: LGPL-2.1+
+ */
 #ifndef CPU_COMMON_H
 #define CPU_COMMON_H
 
-/* CPU interfaces that are target independent.  */
-
 #include "exec/vaddr.h"
 #ifndef CONFIG_USER_ONLY
 #include "exec/hwaddr.h"
-- 
2.41.0

[PATCH 13/14] accel/tcg: Reset TCG specific fields in tcg_cpu_reset_hold()

[Philippe Mathieu-Daudé]

Rather than resetting TCG specific fields in the common
cpu_common_reset_hold(), do it in tcg_cpu_reset_hold().

Signed-off-by: Philippe Mathieu-Daudé 
---
 accel/tcg/tcg-accel-ops.c | 3 +++
 hw/core/cpu-common.c  | 2 --
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/accel/tcg/tcg-accel-ops.c b/accel/tcg/tcg-accel-ops.c
index 2c7b0cc09e..be99105ac5 100644
--- a/accel/tcg/tcg-accel-ops.c
+++ b/accel/tcg/tcg-accel-ops.c
@@ -85,6 +85,9 @@ static void tcg_cpu_reset_hold(CPUState *cpu)
 tcg_flush_jmp_cache(cpu);
 
 tlb_flush(cpu);
+
+qatomic_set(>neg.icount_decr.u32, 0);
+cpu->neg.can_do_io = true;
 }
 
 /* mask must never be zero, except for A20 change call */
diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index c4175cc4b9..9b3efba82f 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -127,8 +127,6 @@ static void cpu_common_reset_hold(Object *obj, ResetType 
type)
 cpu->halted = cpu->start_powered_off;
 cpu->mem_io_pc = 0;
 cpu->icount_extra = 0;
-qatomic_set(>neg.icount_decr.u32, 0);
-cpu->neg.can_do_io = true;
 cpu->exception_index = -1;
 cpu->crash_occurred = false;
 cpu->cflags_next_tb = -1;
-- 
2.41.0

[PATCH 01/14] target/i386: Simplify get_memio_eip()

[Philippe Mathieu-Daudé]

The single call to get_memio_eip(), in cpu_report_tpr_access(),
is protected by a check on tcg_enabled(). Since the call only
exists when CONFIG_TCG is defined, we can slightly simplify.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/i386/helper.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/target/i386/helper.c b/target/i386/helper.c
index 23ccb23a5b..a3e70a630a 100644
--- a/target/i386/helper.c
+++ b/target/i386/helper.c
@@ -512,9 +512,9 @@ void cpu_x86_inject_mce(Monitor *mon, X86CPU *cpu, int bank,
 }
 }
 
+#ifdef CONFIG_TCG
 static inline target_ulong get_memio_eip(CPUX86State *env)
 {
-#ifdef CONFIG_TCG
 uint64_t data[TARGET_INSN_START_WORDS];
 CPUState *cs = env_cpu(env);
 
@@ -528,10 +528,8 @@ static inline target_ulong get_memio_eip(CPUX86State *env)
 } else {
 return data[0] - env->segs[R_CS].base;
 }
-#else
-qemu_build_not_reached();
-#endif
 }
+#endif
 
 void cpu_report_tpr_access(CPUX86State *env, TPRAccess access)
 {
-- 
2.41.0

[PATCH 00/14] exec: Rework around CPUState user fields

[Philippe Mathieu-Daudé]

Hi,

First batch of patches (I expect them to be non
controversial) related to extracting user specific
fields from CPUState.

Regards,

Phil.

Philippe Mathieu-Daudé (14):
  target/i386: Simplify get_memio_eip()
  plugins: Update stale comment
  plugins/api: Only include 'exec/ram_addr.h' with system emulation
  exec: Include missing license in 'exec/cpu-common.h'
  exec/cpu: Indent TARGET_PAGE_foo definitions
  exec/cpu: Remove obsolete PAGE_RESERVED definition
  exec/cpu: Remove duplicated PAGE_PASSTHROUGH definition
  exec/cpu: Extract page-protection definitions to page-prot-common.h
  RFC exec/cpu: Restrict user-specific page definitions
  exec/user: Restrict 'syscall-trace.h' to user emulation
  accel/tcg: Use cpu_loop_exit_requested() in cpu_loop_exec_tb()
  accel/tcg: Remove pointless initialization of cflags_next_tb
  accel/tcg: Reset TCG specific fields in tcg_cpu_reset_hold()
  accel/tcg: Access tcg_cflags with getter / setter

 accel/tcg/internal-common.h |  3 +-
 bsd-user/bsd-mem.h  |  1 +
 bsd-user/qemu.h |  1 +
 include/exec/cpu-all.h  | 36 +++---
 include/exec/cpu-common.h   | 47 
 include/exec/exec-all.h |  3 --
 include/exec/page-prot-common.h | 49 +
 include/semihosting/uaccess.h   |  1 +
 include/user/syscall-trace.h|  4 ++
 target/arm/cpu.h|  1 +
 target/ppc/internal.h   |  1 +
 target/ppc/mmu-radix64.h|  2 +
 accel/tcg/cpu-exec.c| 17 +++--
 accel/tcg/cputlb.c  |  1 +
 accel/tcg/tb-maint.c|  1 +
 accel/tcg/tcg-accel-ops.c   |  5 ++-
 accel/tcg/user-exec.c   |  1 +
 bsd-user/mmap.c |  1 +
 bsd-user/signal.c   |  1 +
 cpu-target.c|  1 +
 hw/core/cpu-common.c|  3 --
 hw/ppc/ppc440_bamboo.c  |  1 +
 hw/ppc/sam460ex.c   |  1 +
 hw/ppc/virtex_ml507.c   |  1 +
 linux-user/arm/cpu_loop.c   |  1 +
 linux-user/elfload.c|  1 +
 linux-user/mmap.c   |  9 +++--
 linux-user/signal.c |  1 +
 linux-user/syscall.c|  5 ++-
 plugins/api.c   |  2 +-
 plugins/core.c  |  2 +-
 system/physmem.c|  1 +
 target/alpha/helper.c   |  1 +
 target/arm/cpu.c|  2 +-
 target/arm/ptw.c|  1 +
 target/arm/tcg/m_helper.c   |  1 +
 target/arm/tcg/mte_helper.c |  1 +
 target/arm/tcg/sve_helper.c |  1 +
 target/avr/cpu.c|  2 +-
 target/avr/helper.c |  1 +
 target/cris/mmu.c   |  1 +
 target/hexagon/cpu.c|  2 +-
 target/hppa/cpu.c   |  2 +-
 target/hppa/mem_helper.c|  1 +
 target/hppa/translate.c |  1 +
 target/i386/cpu.c   |  2 +-
 target/i386/helper.c|  8 ++--
 target/i386/tcg/sysemu/excp_helper.c|  1 +
 target/loongarch/cpu.c  |  2 +-
 target/loongarch/tcg/tlb_helper.c   |  1 +
 target/m68k/helper.c|  1 +
 target/microblaze/cpu.c |  2 +-
 target/microblaze/helper.c  |  1 +
 target/microblaze/mmu.c |  1 +
 target/mips/sysemu/physaddr.c   |  1 +
 target/mips/tcg/exception.c |  2 +-
 target/mips/tcg/sysemu/special_helper.c |  2 +-
 target/mips/tcg/sysemu/tlb_helper.c |  1 +
 target/openrisc/cpu.c   |  2 +-
 target/openrisc/mmu.c   |  1 +
 target/ppc/mmu-hash32.c |  1 +
 target/ppc/mmu-hash64.c |  1 +
 target/ppc/mmu-radix64.c|  1 +
 target/ppc/mmu_common.c |  1 +
 target/ppc/mmu_helper.c |  1 +
 target/riscv/cpu_helper.c   |  1 +
 target/riscv/pmp.c  |  1 +
 target/riscv/tcg/tcg-cpu.c  |  4 +-
 target/riscv/vector_helper.c|  1 +
 target/rx/cpu.c |  3 +-
 target/s390x/mmu_helper.c   |  1 +
 target/s390x/tcg/mem_helper.c   |  1 +
 target/sh4/cpu.c|  4 +-
 target/sh4/helper.c |  1 +
 target/sparc/cpu.c  |  2 +-
 target/sparc/ldst_helper.c  |  1 +
 target/sparc/mmu_helper.c   |  1 +
 target/tricore/cpu.c|  2 +-
 target/tricore/helper.c |  1 +
 target/xtensa/mmu_helper.c  |  1 +
 target/xtensa/op_helper.c   |  1 +
 81 files changed, 185 insertions(+), 96 

[PATCH 05/14] exec/cpu: Indent TARGET_PAGE_foo definitions

[Philippe Mathieu-Daudé]

The TARGET_PAGE_foo definitions are defined with multiple
level of #ifdef'ry. Indent it a bit for clarity.

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/exec/cpu-all.h | 25 +
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index e75ec13cd0..eaa59a5cc1 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -139,19 +139,20 @@ static inline void stl_phys_notdirty(AddressSpace *as, 
hwaddr addr, uint32_t val
 #ifdef TARGET_PAGE_BITS_VARY
 # include "exec/page-vary.h"
 extern const TargetPageBits target_page;
-#ifdef CONFIG_DEBUG_TCG
-#define TARGET_PAGE_BITS   ({ assert(target_page.decided); target_page.bits; })
-#define TARGET_PAGE_MASK   ({ assert(target_page.decided); \
-  (target_long)target_page.mask; })
+# ifdef CONFIG_DEBUG_TCG
+#  define TARGET_PAGE_BITS   ({ assert(target_page.decided); \
+target_page.bits; })
+#  define TARGET_PAGE_MASK   ({ assert(target_page.decided); \
+(target_long)target_page.mask; })
+# else
+#  define TARGET_PAGE_BITS   target_page.bits
+#  define TARGET_PAGE_MASK   ((target_long)target_page.mask)
+# endif
+# define TARGET_PAGE_SIZE(-(int)TARGET_PAGE_MASK)
 #else
-#define TARGET_PAGE_BITS   target_page.bits
-#define TARGET_PAGE_MASK   ((target_long)target_page.mask)
-#endif
-#define TARGET_PAGE_SIZE   (-(int)TARGET_PAGE_MASK)
-#else
-#define TARGET_PAGE_BITS_MIN TARGET_PAGE_BITS
-#define TARGET_PAGE_SIZE   (1 << TARGET_PAGE_BITS)
-#define TARGET_PAGE_MASK   ((target_long)-1 << TARGET_PAGE_BITS)
+# define TARGET_PAGE_BITS_MIN TARGET_PAGE_BITS
+# define TARGET_PAGE_SIZE(1 << TARGET_PAGE_BITS)
+# define TARGET_PAGE_MASK((target_long)-1 << TARGET_PAGE_BITS)
 #endif
 
 #define TARGET_PAGE_ALIGN(addr) ROUND_UP((addr), TARGET_PAGE_SIZE)
-- 
2.41.0

[PATCH 02/14] plugins: Update stale comment

[Philippe Mathieu-Daudé]

"plugin_mask" was renamed as "event_mask" in commit c006147122
("plugins: create CPUPluginState and migrate plugin_mask").

Signed-off-by: Philippe Mathieu-Daudé 
---
 plugins/core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/core.c b/plugins/core.c
index 11ca20e626..09c98382f5 100644
--- a/plugins/core.c
+++ b/plugins/core.c
@@ -373,7 +373,7 @@ void qemu_plugin_tb_trans_cb(CPUState *cpu, struct 
qemu_plugin_tb *tb)
 struct qemu_plugin_cb *cb, *next;
 enum qemu_plugin_event ev = QEMU_PLUGIN_EV_VCPU_TB_TRANS;
 
-/* no plugin_mask check here; caller should have checked */
+/* no plugin_state->event_mask check here; caller should have checked */
 
 QLIST_FOREACH_SAFE_RCU(cb, _lists[ev], entry, next) {
 qemu_plugin_vcpu_tb_trans_cb_t func = cb->f.vcpu_tb_trans;
-- 
2.41.0

Re: [PATCH v2 1/1] target/riscv/kvm: fix timebase-frequency when using KVM acceleration

[Andrew Jones]

On April 27, 2024 9:24:04 AM GMT+02:00, Michael Tokarev  wrote:
>27.04.2024 09:59, Michael Tokarev wrote:
>> 27.04.2024 09:23, Andrew Jones wrote:
>...
>>> It's possible to cross-compile qemu, so it'd be good to add that to the CI 
>>> for riscv until we can add native compiling.
>> 
>> Yes, definitely.  Qemu is already being cross-compiled on all "other"
>> architectures during CI.  But it is also being *run*, not just compiled.
>> And this is what's broken on riscv64 for almost a year now, and this
>> job has been disabled.  Instead, the *run* part of this job needs to
>> be disabled, but *build* part should be kept.
>
>Aha. I was wrong. And I was there before too, for sure, - just forgot
>about it. In order to be cross-compiled, the cross-build environment
>needs to have target -dev libraries, not only the cross-compiler.
>And this is where debian riscv64 port is failing.
>
>So no, it is not currently possible to cross-compile qemu at least
>on debian without building whole cross-environment with all libraries
>and other necessary stuff.
>
>I'll try to use debian riscv64 porterbox to at least verify the new
>set of patches we'll pick here to fix this breakage, at least compiles
>on riscv64 :)

I wrote instructions [2] for how to cross-compile without a full 
environment/container once. It might be better for quick, local testing.

[2] 
https://lore.kernel.org/qemu-riscv/20230726120706.335340-2-ajo...@ventanamicro.com/

>
>> 10f86d1b845087d1 isn't sufficient, since it relies on 450bd6618fda3d
>> "target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64".  In the same series
>> there also was 49c211ffca00fdf7c "target/riscv/kvm: change KVM_REG_RISCV_FP_F
>> to u32" - is it also needed?
>
>49c211ffca00fdf7c is also needed.  So it's 3 so far, still not compile-
>tested.  Anything else?

Those 3, the first of the series [1], are good. Not sure why it's still not 
compiling.

[1] https://lists.gnu.org/archive/html/qemu-devel/2023-12/msg01132.html

drew

Re: [PATCH] Hexagon: add PC alignment check and exception

[Richard Henderson]

On 4/26/24 11:15, Matheus Tavares Bernardino wrote:

The Hexagon Programmer's Reference Manual says that the exception 0x1e
should be raised upon an unaligned program counter. Let's implement that
and also add tests for both the most common case as well as packets with
multiple change-of-flow instructions.

Signed-off-by: Matheus Tavares Bernardino 
---
  target/hexagon/cpu_bits.h  |  1 +
  target/hexagon/translate.h |  2 ++
  target/hexagon/genptr.c| 21 -
  target/hexagon/translate.c |  2 +-
  tests/tcg/hexagon/Makefile.target  | 13 +
  tests/tcg/hexagon/unaligned_pc.S   | 10 ++
  tests/tcg/hexagon/unaligned_pc_multi_cof.S | 13 +
  7 files changed, 56 insertions(+), 6 deletions(-)
  create mode 100644 tests/tcg/hexagon/unaligned_pc.S
  create mode 100644 tests/tcg/hexagon/unaligned_pc_multi_cof.S

diff --git a/target/hexagon/cpu_bits.h b/target/hexagon/cpu_bits.h
index 96fef71729..d6900c8bda 100644
--- a/target/hexagon/cpu_bits.h
+++ b/target/hexagon/cpu_bits.h
@@ -23,6 +23,7 @@
  #define HEX_EXCP_FETCH_NO_UPAGE  0x012
  #define HEX_EXCP_INVALID_PACKET  0x015
  #define HEX_EXCP_INVALID_OPCODE  0x015
+#define HEX_EXCP_PC_NOT_ALIGNED  0x01e
  #define HEX_EXCP_PRIV_NO_UREAD   0x024
  #define HEX_EXCP_PRIV_NO_UWRITE  0x025
  
diff --git a/target/hexagon/translate.h b/target/hexagon/translate.h

index 4dd59c6726..daf11eb584 100644
--- a/target/hexagon/translate.h
+++ b/target/hexagon/translate.h
@@ -75,6 +75,8 @@ typedef struct DisasContext {
  TCGv dczero_addr;
  } DisasContext;
  
+void gen_exception_end_tb(DisasContext *ctx, int excp);

+
  static inline void ctx_log_pred_write(DisasContext *ctx, int pnum)
  {
  if (!test_bit(pnum, ctx->pregs_written)) {
diff --git a/target/hexagon/genptr.c b/target/hexagon/genptr.c
index dbae6c570a..c96edd9379 100644
--- a/target/hexagon/genptr.c
+++ b/target/hexagon/genptr.c
@@ -473,6 +473,7 @@ static void gen_write_new_pc_addr(DisasContext *ctx, TCGv 
addr,
TCGCond cond, TCGv pred)
  {
  TCGLabel *pred_false = NULL;
+TCGLabel *branch_taken = NULL;
  if (cond != TCG_COND_ALWAYS) {
  pred_false = gen_new_label();
  tcg_gen_brcondi_tl(cond, pred, 0, pred_false);
@@ -480,12 +481,22 @@ static void gen_write_new_pc_addr(DisasContext *ctx, TCGv 
addr,
  
  if (ctx->pkt->pkt_has_multi_cof) {

  /* If there are multiple branches in a packet, ignore the second one 
*/
-tcg_gen_movcond_tl(TCG_COND_NE, hex_gpr[HEX_REG_PC],
-   ctx->branch_taken, tcg_constant_tl(0),
-   hex_gpr[HEX_REG_PC], addr);
+branch_taken = gen_new_label();
+tcg_gen_brcondi_tl(TCG_COND_NE, ctx->branch_taken, 0, branch_taken);
  tcg_gen_movi_tl(ctx->branch_taken, 1);
-} else {
-tcg_gen_mov_tl(hex_gpr[HEX_REG_PC], addr);
+}
+
+TCGLabel *pc_aligned = gen_new_label();
+TCGv pc_remainder = tcg_temp_new();
+tcg_gen_andi_tl(pc_remainder, addr, PCALIGN_MASK);
+tcg_gen_brcondi_tl(TCG_COND_EQ, pc_remainder, 0, pc_aligned);
+gen_exception_end_tb(ctx, HEX_EXCP_PC_NOT_ALIGNED);
+gen_set_label(pc_aligned);
+
+tcg_gen_mov_tl(hex_gpr[HEX_REG_PC], addr);


I am suspicious that the exception is raised without the pc being assigned.
How does the exception handler see the incorrect value?

Also, this is a perfect place to use the new TCG_COND_TSTEQ condition, eliminating the 
separate andi step and the variable.



r~

Re: [PULL 00/38] Exec / accelerators patches

[Richard Henderson]

On 4/26/24 12:41, Philippe Mathieu-Daudé wrote:

The following changes since commit a118c4aff4087eafb68f7132b233ad548cf16376:

   Merge tag 'hw-misc-20240425' ofhttps://github.com/philmd/qemu  into staging 
(2024-04-25 09:43:29 -0700)

are available in the Git repository at:

   https://github.com/philmd/qemu.git  tags/accel-20240426

for you to fetch changes up to 671558d290ffb93752d3245e7c5604b04b6dcdf2:

   plugins: Include missing 'qemu/bitmap.h' header (2024-04-26 21:36:19 +0200)

Selfish PR, painfully tested commit by commit.

Accelerators patches

A lot of trivial cleanups and simplifications (moving methods around,
adding/removing #include statements). Most notable changes:

- Rename NEED_CPU_H -> COMPILING_PER_TARGET
- Rename few template headers using the '.h.inc' suffix
- Extract some definitions / declarations into their own header:
   - accel/tcg/user-retaddr.h (helper_retaddr)
   - include/exec/abi_ptr.h (abi_ptr)
   - include/exec/breakpoint.h (CPUBreakpoint, CPUWatchpoint)
   - include/exec/mmu-access-type.h (MMUAccessType)
   - include/user/tswap-target.h (tswapl, bswaptls)


Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/9.1 as 
appropriate.


r~

[PATCH v1] mc146818rtc: add a way to generate RTC interrupts via QMP

[Daniil Tatianin]

This can be used to force-synchronize the time in guest after a long
stop-cont pause, which can be useful for serverless-type workload.

Also add a comment to highlight the fact that this (and one other QMP
command) only works for the MC146818 RTC controller.

Signed-off-by: Daniil Tatianin 
---

Changes since v0:
- Rename to rtc-inject-irq to match other similar API
- Add a comment to highlight that this only works for the I386 RTC

---
 hw/rtc/mc146818rtc.c | 20 
 include/hw/rtc/mc146818rtc.h |  1 +
 qapi/misc-target.json| 16 
 3 files changed, 37 insertions(+)

diff --git a/hw/rtc/mc146818rtc.c b/hw/rtc/mc146818rtc.c
index f4c1869232..8501b55cbd 100644
--- a/hw/rtc/mc146818rtc.c
+++ b/hw/rtc/mc146818rtc.c
@@ -107,6 +107,11 @@ static void rtc_coalesced_timer_update(MC146818RtcState *s)
 static QLIST_HEAD(, MC146818RtcState) rtc_devices =
 QLIST_HEAD_INITIALIZER(rtc_devices);
 
+/*
+ * NOTE:
+ * The two QMP functions below are _only_ implemented for the MC146818.
+ * All other RTC devices ignore this.
+ */
 void qmp_rtc_reset_reinjection(Error **errp)
 {
 MC146818RtcState *s;
@@ -116,6 +121,21 @@ void qmp_rtc_reset_reinjection(Error **errp)
 }
 }
 
+void qmp_rtc_inject_irq(Error **errp)
+{
+MC146818RtcState *s;
+
+/*
+ * See:
+ * https://www.kernel.org/doc/Documentation/virtual/kvm/timekeeping.txt
+ */
+QLIST_FOREACH(s, _devices, link) {
+s->cmos_data[RTC_REG_B] |= REG_B_UIE;
+s->cmos_data[RTC_REG_C] |= REG_C_IRQF | REG_C_UF;
+qemu_irq_raise(s->irq);
+}
+}
+
 static bool rtc_policy_slew_deliver_irq(MC146818RtcState *s)
 {
 kvm_reset_irq_delivered();
diff --git a/include/hw/rtc/mc146818rtc.h b/include/hw/rtc/mc146818rtc.h
index 97cec0b3e8..6cd9761d80 100644
--- a/include/hw/rtc/mc146818rtc.h
+++ b/include/hw/rtc/mc146818rtc.h
@@ -56,5 +56,6 @@ MC146818RtcState *mc146818_rtc_init(ISABus *bus, int 
base_year,
 void mc146818rtc_set_cmos_data(MC146818RtcState *s, int addr, int val);
 int mc146818rtc_get_cmos_data(MC146818RtcState *s, int addr);
 void qmp_rtc_reset_reinjection(Error **errp);
+void qmp_rtc_inject_irq(Error **errp);
 
 #endif /* HW_RTC_MC146818RTC_H */
diff --git a/qapi/misc-target.json b/qapi/misc-target.json
index 4e0a6492a9..d84a5d07a2 100644
--- a/qapi/misc-target.json
+++ b/qapi/misc-target.json
@@ -19,6 +19,22 @@
 { 'command': 'rtc-reset-reinjection',
   'if': 'TARGET_I386' }
 
+##
+# @rtc-inject-irq:
+#
+# Inject an RTC interrupt.
+#
+# Since: 9.1
+#
+# Example:
+#
+# -> { "execute": "rtc-inject-irq" }
+# <- { "return": {} }
+#
+##
+{ 'command': 'rtc-inject-irq',
+  'if': 'TARGET_I386' }
+
 ##
 # @SevState:
 #
-- 
2.34.1

Re: [PATCH v9 10/11] virtio-gpu: Support Venus context

[Akihiko Odaki]

On 2024/04/26 0:45, Dmitry Osipenko wrote:

From: Antonio Caggiano 

Request Venus when initializing VirGL and if vulkan=true flag is set for
virtio-gpu device.


Naming it vulkan is a bit confusing as there is also GFXSTREAM_VULKAN 
capset though virgl does not support it. I think you can just name it venus.

Re: [PATCH v9 11/11] migration/virtio: Add virtio-gpu section

[Akihiko Odaki]

On 2024/04/26 0:45, Dmitry Osipenko wrote:

Document virtio-gpu migration specifics.

Suggested-by: Akihiko Odaki 
Signed-off-by: Dmitry Osipenko 
---
  docs/devel/migration/virtio.rst | 7 +++
  1 file changed, 7 insertions(+)

diff --git a/docs/devel/migration/virtio.rst b/docs/devel/migration/virtio.rst
index 611a18b82151..67f5fcfed196 100644
--- a/docs/devel/migration/virtio.rst
+++ b/docs/devel/migration/virtio.rst
@@ -113,3 +113,10 @@ virtio_load() returned (like e.g. code depending on 
features).
  Any extension of the state being migrated should be done in subsections
  added to the core for compatibility reasons. If transport or device specific
  state is added, core needs to invoke a callback from the new subsection.
+
+VirtIO-GPU migration
+
+VirtIO-GPU doesn't adhere to a common virtio migration scheme. It doesn't
+support save/loading of virtio device state, instead it uses generic device
+migration management on top of the virtio core to save/load GPU state.
+Migration of virgl and rutabaga states not supported.


Sorry for confusion, but I didn't mean to add a subsection to the 
documentation. I intended to refer to a terminology of migration data 
structure named subsection, which is documented at: 
docs/devel/migration/main.rst


A device-specific information is not worth to describe here.

Re: [PATCH v2 1/1] target/riscv/kvm: fix timebase-frequency when using KVM acceleration

[Michael Tokarev]

27.04.2024 09:59, Michael Tokarev wrote:

27.04.2024 09:23, Andrew Jones wrote:

...

It's possible to cross-compile qemu, so it'd be good to add that to the CI for 
riscv until we can add native compiling.


Yes, definitely.  Qemu is already being cross-compiled on all "other"
architectures during CI.  But it is also being *run*, not just compiled.
And this is what's broken on riscv64 for almost a year now, and this
job has been disabled.  Instead, the *run* part of this job needs to
be disabled, but *build* part should be kept.


Aha. I was wrong. And I was there before too, for sure, - just forgot
about it. In order to be cross-compiled, the cross-build environment
needs to have target -dev libraries, not only the cross-compiler.
And this is where debian riscv64 port is failing.

So no, it is not currently possible to cross-compile qemu at least
on debian without building whole cross-environment with all libraries
and other necessary stuff.

I'll try to use debian riscv64 porterbox to at least verify the new
set of patches we'll pick here to fix this breakage, at least compiles
on riscv64 :)


10f86d1b845087d1 isn't sufficient, since it relies on 450bd6618fda3d
"target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64".  In the same series
there also was 49c211ffca00fdf7c "target/riscv/kvm: change KVM_REG_RISCV_FP_F
to u32" - is it also needed?


49c211ffca00fdf7c is also needed.  So it's 3 so far, still not compile-
tested.  Anything else?

/mjt

Re: [PATCH v9 09/11] virtio-gpu: Register capsets dynamically

[Akihiko Odaki]

On 2024/04/26 0:45, Dmitry Osipenko wrote:

From: Pierre-Eric Pelloux-Prayer 

virtio_gpu_virgl_get_num_capsets will return "num_capsets", but we can't
assume that capset_index 1 is always VIRGL2 once we'll support more capsets,
like Venus and DRM capsets. Register capsets dynamically to avoid that problem.

Signed-off-by: Pierre-Eric Pelloux-Prayer 
Signed-off-by: Dmitry Osipenko 
---
  hw/display/virtio-gpu-virgl.c  | 34 +++---
  include/hw/virtio/virtio-gpu.h |  2 ++
  2 files changed, 25 insertions(+), 11 deletions(-)

diff --git a/hw/display/virtio-gpu-virgl.c b/hw/display/virtio-gpu-virgl.c
index de788df155bf..9aa1fd78f1e1 100644
--- a/hw/display/virtio-gpu-virgl.c
+++ b/hw/display/virtio-gpu-virgl.c
@@ -597,19 +597,13 @@ static void virgl_cmd_get_capset_info(VirtIOGPU *g,
  VIRTIO_GPU_FILL_CMD(info);
  
  memset(, 0, sizeof(resp));

-if (info.capset_index == 0) {
-resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL;
-virgl_renderer_get_cap_set(resp.capset_id,
-   _max_version,
-   _max_size);
-} else if (info.capset_index == 1) {
-resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL2;
+
+if (info.capset_index < g->capset_ids->len) {
+resp.capset_id = g_array_index(g->capset_ids, uint32_t,
+   info.capset_index);
  virgl_renderer_get_cap_set(resp.capset_id,
 _max_version,
 _max_size);
-} else {
-resp.capset_max_version = 0;
-resp.capset_max_size = 0;
  }
  resp.hdr.type = VIRTIO_GPU_RESP_OK_CAPSET_INFO;
  virtio_gpu_ctrl_response(g, cmd, , sizeof(resp));
@@ -1159,12 +1153,30 @@ int virtio_gpu_virgl_init(VirtIOGPU *g)
  return 0;
  }
  
+static void virtio_gpu_virgl_add_capset(VirtIOGPU *g, uint32_t capset_id)

+{
+g_array_append_val(g->capset_ids, capset_id);
+}
+
  int virtio_gpu_virgl_get_num_capsets(VirtIOGPU *g)
  {
  uint32_t capset2_max_ver, capset2_max_size;
+
+if (g->capset_ids) {


Move capset_ids initialization to virtio_gpu_virgl_init() to save this 
conditional. capset_ids also needs to be freed when the device gets 
unrealized.

Re: [PATCH v9 08/11] virtio-gpu: Resource UUID

[Akihiko Odaki]

On 2024/04/26 0:45, Dmitry Osipenko wrote:

From: Antonio Caggiano 

Enable resource UUID feature and implement command resource assign UUID.
UUID feature availability is mandatory for Vulkan Venus context.

UUID is intended for sharing dmabufs between virtio devices on host. Qemu
doesn't have second virtio device for sharing, thus a simple stub UUID
implementation is enough. More complete implementation using global UUID
resource table might become interesting for a multi-gpu cases.


This message needs to be updated to clarify that a VM can have a second 
virtio-gpu device but this implementation does not support sharing 
between two virtio-gpu devices.

Re: [PATCH v2 1/1] target/riscv/kvm: fix timebase-frequency when using KVM acceleration

[Michael Tokarev]

27.04.2024 09:23, Andrew Jones wrote:

On April 27, 2024 1:44:42 AM GMT+02:00, Michael Tokarev  wrote:

14.03.2024 09:15, Yong-Xuan Wang:

The timebase-frequency of guest OS should be the same with host
machine. The timebase-frequency value in DTS should be got from
hypervisor when using KVM acceleration.


This change ended up in stable-8.2 (v8.2.3).  Interestingly, this thing
compiled not even once, or else it would be obvious it fails to compile.
Somehow I was too used to CI, forgetting that we don't have riscv *host*
in CI (and I don't have one locally either).  So 8.2.3 is broken on
riscv64 *host*.


It's possible to cross-compile qemu, so it'd be good to add that to the CI for 
riscv until we can add native compiling.


Yes, definitely.  Qemu is already being cross-compiled on all "other"
architectures during CI.  But it is also being *run*, not just compiled.
And this is what's broken on riscv64 for almost a year now, and this
job has been disabled.  Instead, the *run* part of this job needs to
be disabled, but *build* part should be kept.


In 8.2, KVM_RISCV_GET_TIMER macro accepts 4 arguments, because it does
not have 10f86d1b845087d1 "target/riscv/kvm: change timer regs size to u64".

What do you think, should I revert this change for stable-8.2, or pick
10f86d1b845087d1 too, or change this commit (fix timebase-frequency) to
provide the missing argument for this macro?


Changing the timer regs to u64 is an rv32 fix, so it's reasonable to also pick 
it up. I suggest we keep this patch one way or another, though.


Okay, so I need help choosing which patches to pick.

10f86d1b845087d1 isn't sufficient, since it relies on 450bd6618fda3d
"target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64".  In the same series
there also was 49c211ffca00fdf7c "target/riscv/kvm: change KVM_REG_RISCV_FP_F
to u32" - is it also needed?

Please tell me the set of things I need for stable-8.2 here.  I'd
love to makes 8.2.4 release really soon, to fix this breakage.

Also, right now I don't know how to even compile-test it.  So meanwhile I'll
try to fix that and push this change to qemu master (to re-enable riscv64
CI job but only build part of it).  I don't have riscv hardware handy :)

Thanks,

/mjt

Re: [PATCH v9 07/11] virtio-gpu: Handle resource blob commands

[Akihiko Odaki]

On 2024/04/26 0:45, Dmitry Osipenko wrote:

From: Antonio Caggiano 

Support BLOB resources creation, mapping and unmapping by calling the
new stable virglrenderer 0.10 interface. Only enabled when available and
via the blob config. E.g. -device virtio-vga-gl,blob=true

Signed-off-by: Antonio Caggiano 
Signed-off-by: Xenia Ragiadakou 
Signed-off-by: Huang Rui 
Signed-off-by: Dmitry Osipenko 
---
  hw/display/virtio-gpu-virgl.c | 268 ++
  hw/display/virtio-gpu.c   |   4 +-
  2 files changed, 271 insertions(+), 1 deletion(-)

diff --git a/hw/display/virtio-gpu-virgl.c b/hw/display/virtio-gpu-virgl.c
index 0feaa9f2c52e..73d4acbf1777 100644
--- a/hw/display/virtio-gpu-virgl.c
+++ b/hw/display/virtio-gpu-virgl.c
@@ -26,6 +26,8 @@
  
  struct virtio_gpu_virgl_resource {

  struct virtio_gpu_simple_resource base;
+bool async_unmap_in_progress;


Why is this flag needed?


+MemoryRegion *mr;
  };
  
  static struct virtio_gpu_virgl_resource *

@@ -49,6 +51,120 @@ virgl_get_egl_display(G_GNUC_UNUSED void *cookie)
  }
  #endif
  
+#ifdef HAVE_VIRGL_RESOURCE_BLOB

+struct virtio_gpu_virgl_hostmem_region {
+MemoryRegion mr;
+struct VirtIOGPU *g;
+struct virtio_gpu_virgl_resource *res;
+};
+
+static void virtio_gpu_virgl_resume_cmdq(void *opaque)
+{
+VirtIOGPU *g = opaque;
+
+virtio_gpu_process_cmdq(g);
+}
+
+static void virtio_gpu_virgl_hostmem_region_free(void *obj)
+{
+MemoryRegion *mr = MEMORY_REGION(obj);
+struct virtio_gpu_virgl_hostmem_region *vmr;
+VirtIOGPUBase *b;
+
+vmr = container_of(mr, struct virtio_gpu_virgl_hostmem_region, mr);
+vmr->res->async_unmap_in_progress = false;
+
+b = VIRTIO_GPU_BASE(vmr->g);
+b->renderer_blocked--;
+
+/*
+ * memory_region_unref() may be executed from RCU thread context, while
+ * virglrenderer works only on the main-loop thread that's holding GL
+ * context.
+ */
+aio_bh_schedule_oneshot(qemu_get_aio_context(),
+virtio_gpu_virgl_resume_cmdq, vmr->g);


Use aio_bh_new() and qemu_bh_schedule() instead to save one-time bottom 
half allocation.



+g_free(vmr);
+}
+
+static int
+virtio_gpu_virgl_map_resource_blob(VirtIOGPU *g,
+   struct virtio_gpu_virgl_resource *res,
+   uint64_t offset)
+{
+struct virtio_gpu_virgl_hostmem_region *vmr;
+VirtIOGPUBase *b = VIRTIO_GPU_BASE(g);
+MemoryRegion *mr;
+uint64_t size;
+void *data;
+int ret;
+
+if (!virtio_gpu_hostmem_enabled(b->conf)) {
+qemu_log_mask(LOG_GUEST_ERROR, "%s: hostmem disabled\n", __func__);
+return -EOPNOTSUPP; > +}
+
+ret = virgl_renderer_resource_map(res->base.resource_id, , );
+if (ret) {
+qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map virgl resource\n",
+  __func__);


Print strerror(-ret) here instead as printing strerror(EOPNOTSUPP) helps 
little when !virtio_gpu_hostmem_enabled(b->conf).



+return -ret;
+}
+
+vmr = g_new0(struct virtio_gpu_virgl_hostmem_region, 1);
+vmr->res = res;
+vmr->g = g;
+
+mr = >mr;
+memory_region_init_ram_ptr(mr, OBJECT(mr), "blob", size, data);
+memory_region_add_subregion(>hostmem, offset, mr);
+memory_region_set_enabled(mr, true);
+
+/*
+ * Potentially, MR could outlive the resource if MR's reference is held
+ * outside of virtio-gpu. In order to prevent unmapping resource while
+ * MR is alive, and thus, making the data pointer invalid, we will block
+ * virtio-gpu command processing until MR is fully unreferenced and
+ * released.
+ */
+OBJECT(mr)->free = virtio_gpu_virgl_hostmem_region_free;
+
+res->mr = mr;
+
+return 0;
+}
+
+static bool
+virtio_gpu_virgl_unmap_resource_blob(VirtIOGPU *g,
+ struct virtio_gpu_virgl_resource *res)
+{
+VirtIOGPUBase *b = VIRTIO_GPU_BASE(g);
+
+if (!res->async_unmap_in_progress && res->mr) {
+/* memory region owns self res->mr object and frees it by itself */
+MemoryRegion *mr = res->mr;
+res->mr = NULL;
+
+res->async_unmap_in_progress = true;
+
+/* render will be unblocked when MR is freed */
+b->renderer_blocked++;
+
+memory_region_set_enabled(mr, false);
+memory_region_del_subregion(>hostmem, mr);
+object_unparent(OBJECT(mr));
+}
+
+if (res->async_unmap_in_progress) {
+return false;
+}
+
+virgl_renderer_resource_unmap(res->base.resource_id);
+
+return true;
+}
+#endif /* HAVE_VIRGL_RESOURCE_BLOB */
+
  static void virgl_cmd_create_resource_2d(VirtIOGPU *g,
   struct virtio_gpu_ctrl_command *cmd)
  {
@@ -162,6 +278,14 @@ static void virgl_cmd_resource_unref(VirtIOGPU *g,
  return;
  }
  
+if (res->mr || cmd->suspended) {

+bool unmapped = 

Re: [PATCH v2 1/1] target/riscv/kvm: fix timebase-frequency when using KVM acceleration

[Andrew Jones]

On April 27, 2024 1:44:42 AM GMT+02:00, Michael Tokarev  wrote:
>14.03.2024 09:15, Yong-Xuan Wang:
>> The timebase-frequency of guest OS should be the same with host
>> machine. The timebase-frequency value in DTS should be got from
>> hypervisor when using KVM acceleration.
>
>This change ended up in stable-8.2 (v8.2.3).  Interestingly, this thing
>compiled not even once, or else it would be obvious it fails to compile.
>Somehow I was too used to CI, forgetting that we don't have riscv *host*
>in CI (and I don't have one locally either).  So 8.2.3 is broken on
>riscv64 *host*.

It's possible to cross-compile qemu, so it'd be good to add that to the CI for 
riscv until we can add native compiling.

>
>In 8.2, KVM_RISCV_GET_TIMER macro accepts 4 arguments, because it does
>not have 10f86d1b845087d1 "target/riscv/kvm: change timer regs size to u64".
>
>What do you think, should I revert this change for stable-8.2, or pick
>10f86d1b845087d1 too, or change this commit (fix timebase-frequency) to
>provide the missing argument for this macro?

Changing the timer regs to u64 is an rv32 fix, so it's reasonable to also pick 
it up. I suggest we keep this patch one way or another, though.

Thanks,
drew

>
>Thanks,
>
>/mjt
>
>
>> Reviewed-by: Andrew Jones 
>> Signed-off-by: Yong-Xuan Wang 
>> 
>> ---
>> Changelog
>> v2:
>> - update the function definition
>> - restructure if-else statement
>> ---
>>   hw/riscv/virt.c  | 2 ++
>>   target/riscv/kvm/kvm-cpu.c   | 9 +
>>   target/riscv/kvm/kvm_riscv.h | 1 +
>>   3 files changed, 12 insertions(+)
>> 
>> diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
>> index a094af97c32a..533b17799581 100644
>> --- a/hw/riscv/virt.c
>> +++ b/hw/riscv/virt.c
>> @@ -711,6 +711,8 @@ static void create_fdt_sockets(RISCVVirtState *s, const 
>> MemMapEntry *memmap,
>> qemu_fdt_add_subnode(ms->fdt, "/cpus");
>>   qemu_fdt_setprop_cell(ms->fdt, "/cpus", "timebase-frequency",
>> +  kvm_enabled() ?
>> +  kvm_riscv_get_timebase_frequency(first_cpu) :
>> RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ);
>>   qemu_fdt_setprop_cell(ms->fdt, "/cpus", "#size-cells", 0x0);
>>   qemu_fdt_setprop_cell(ms->fdt, "/cpus", "#address-cells", 0x1);
>> diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
>> index c7afdb1e81b7..bbb115eaa867 100644
>> --- a/target/riscv/kvm/kvm-cpu.c
>> +++ b/target/riscv/kvm/kvm-cpu.c
>> @@ -739,6 +739,15 @@ static void kvm_riscv_put_regs_timer(CPUState *cs)
>>   env->kvm_timer_dirty = false;
>>   }
>>   +uint64_t kvm_riscv_get_timebase_frequency(CPUState *cs)
>> +{
>> +uint64_t reg;
>> +
>> +KVM_RISCV_GET_TIMER(cs, frequency, reg);
>> +
>> +return reg;
>> +}
>> +
>>   static int kvm_riscv_get_regs_vector(CPUState *cs)
>>   {
>>   RISCVCPU *cpu = RISCV_CPU(cs);
>> diff --git a/target/riscv/kvm/kvm_riscv.h b/target/riscv/kvm/kvm_riscv.h
>> index 4bd98fddc776..58518988681d 100644
>> --- a/target/riscv/kvm/kvm_riscv.h
>> +++ b/target/riscv/kvm/kvm_riscv.h
>> @@ -28,5 +28,6 @@ void kvm_riscv_aia_create(MachineState *machine, uint64_t 
>> group_shift,
>>   void riscv_kvm_aplic_request(void *opaque, int irq, int level);
>>   int kvm_riscv_sync_mpstate_to_kvm(RISCVCPU *cpu, int state);
>>   void riscv_kvm_cpu_finalize_features(RISCVCPU *cpu, Error **errp);
>> +uint64_t kvm_riscv_get_timebase_frequency(CPUState *cs);
>> #endif
>