[PATCH v2 0/3] Introduce a new Write Protected pin inverted property

[Jamin Lin via]

change from v1:
1. Support RTC for AST2700.
2. Support SDHCI write protected pin inverted for AST2500 and AST2600.
3. Introduce Capabilities Register 2 for SD slot 0 and 1.
4. Support create flash devices via command line for AST1030.

change from v2:
replace wp-invert with wp-inverted and fix review issues.

Jamin Lin (3):
  hw/sd/sdhci: Fix coding style
  hw/sd/sdhci: Introduce a new Write Protected pin inverted property
  hw/arm/aspeed: Invert sdhci write protected pin for AST2600 and
AST2500 EVBs

 hw/arm/aspeed.c |  8 +
 hw/sd/sdhci.c   | 70 -
 include/hw/arm/aspeed.h |  1 +
 include/hw/sd/sdhci.h   |  5 +++
 4 files changed, 62 insertions(+), 22 deletions(-)

-- 
2.34.1

[PATCH v2 1/3] hw/sd/sdhci: Fix coding style

[Jamin Lin via]

Fix coding style issues from checkpatch.pl

Signed-off-by: Jamin Lin 
Reviewed-by: Cédric Le Goater 
---
 hw/sd/sdhci.c | 64 +--
 1 file changed, 42 insertions(+), 22 deletions(-)

diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index ed01499391..db7d547156 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -234,7 +234,7 @@ static void sdhci_raise_insertion_irq(void *opaque)
 
 if (s->norintsts & SDHC_NIS_REMOVE) {
 timer_mod(s->insert_timer,
-   qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 
SDHC_INSERTION_DELAY);
+qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + SDHC_INSERTION_DELAY);
 } else {
 s->prnsts = 0x1ff;
 if (s->norintstsen & SDHC_NISEN_INSERT) {
@@ -252,7 +252,7 @@ static void sdhci_set_inserted(DeviceState *dev, bool level)
 if ((s->norintsts & SDHC_NIS_REMOVE) && level) {
 /* Give target some time to notice card ejection */
 timer_mod(s->insert_timer,
-   qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 
SDHC_INSERTION_DELAY);
+qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + SDHC_INSERTION_DELAY);
 } else {
 if (level) {
 s->prnsts = 0x1ff;
@@ -290,9 +290,11 @@ static void sdhci_reset(SDHCIState *s)
 timer_del(s->insert_timer);
 timer_del(s->transfer_timer);
 
-/* Set all registers to 0. Capabilities/Version registers are not cleared
+/*
+ * Set all registers to 0. Capabilities/Version registers are not cleared
  * and assumed to always preserve their value, given to them during
- * initialization */
+ * initialization
+ */
 memset(&s->sdmasysad, 0, (uintptr_t)&s->capareg - 
(uintptr_t)&s->sdmasysad);
 
 /* Reset other state based on current card insertion/readonly status */
@@ -306,7 +308,8 @@ static void sdhci_reset(SDHCIState *s)
 
 static void sdhci_poweron_reset(DeviceState *dev)
 {
-/* QOM (ie power-on) reset. This is identical to reset
+/*
+ * QOM (ie power-on) reset. This is identical to reset
  * commanded via device register apart from handling of the
  * 'pending insert on powerup' quirk.
  */
@@ -446,8 +449,10 @@ static void sdhci_read_block_from_card(SDHCIState *s)
 s->prnsts &= ~SDHC_DAT_LINE_ACTIVE;
 }
 
-/* If stop at block gap request was set and it's not the last block of
- * data - generate Block Event interrupt */
+/*
+ * If stop at block gap request was set and it's not the last block of
+ * data - generate Block Event interrupt
+ */
 if (s->stopped_state == sdhc_gap_read && (s->trnmod & SDHC_TRNS_MULTI) &&
 s->blkcnt != 1){
 s->prnsts &= ~SDHC_DAT_LINE_ACTIVE;
@@ -549,8 +554,10 @@ static void sdhci_write_block_to_card(SDHCIState *s)
 sdhci_update_irq(s);
 }
 
-/* Write @size bytes of @value data to host controller @s Buffer Data Port
- * register */
+/*
+ * Write @size bytes of @value data to host controller @s Buffer Data Port
+ * register
+ */
 static void sdhci_write_dataport(SDHCIState *s, uint32_t value, unsigned size)
 {
 unsigned i;
@@ -595,9 +602,11 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
 return;
 }
 
-/* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for
+/*
+ * XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for
  * possible stop at page boundary if initial address is not page aligned,
- * allow them to work properly */
+ * allow them to work properly
+ */
 if ((s->sdmasysad % boundary_chk) == 0) {
 page_aligned = true;
 }
@@ -703,7 +712,8 @@ static void get_adma_description(SDHCIState *s, ADMADescr 
*dscr)
 dma_memory_read(s->dma_as, entry_addr, &adma2, sizeof(adma2),
 MEMTXATTRS_UNSPECIFIED);
 adma2 = le64_to_cpu(adma2);
-/* The spec does not specify endianness of descriptor table.
+/*
+ * The spec does not specify endianness of descriptor table.
  * We currently assume that it is LE.
  */
 dscr->addr = (hwaddr)extract64(adma2, 32, 32) & ~0x3ull;
@@ -978,8 +988,10 @@ static bool sdhci_can_issue_command(SDHCIState *s)
 return true;
 }
 
-/* The Buffer Data Port register must be accessed in sequential and
- * continuous manner */
+/*
+ * The Buffer Data Port register must be accessed in sequential and
+ * continuous manner
+ */
 static inline bool
 sdhci_buff_access_is_sequential(SDHCIState *s, unsigned byte_num)
 {
@@ -1207,8 +1219,10 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, 
unsigned size)
 MASKED_WRITE(s->argument, mask, value);
 break;
 case SDHC_TRNMOD:
-/* DMA can be enabled only if it is supported as indicated by
- * capabilities register */
+/*
+ * DMA can be enabled only if it is supported as indicated by
+ * capabilities register
+ */
 if (!(s->capareg &

[PATCH v2 2/3] hw/sd/sdhci: Introduce a new Write Protected pin inverted property

[Jamin Lin via]

The Write Protect pin of SDHCI model is default active low to match the SDHCI
spec. So, write enable the bit 19 should be 1 and write protected the bit 19
should be 0 at the Present State Register (0x24). However, some boards are
design Write Protected pin active high. In other words, write enable the bit 19
should be 0 and write protected the bit 19 should be 1 at the
Present State Register (0x24). To support it, introduces a new "wp-inverted"
property and set it false by default.

Signed-off-by: Jamin Lin 
---
 hw/sd/sdhci.c | 6 ++
 include/hw/sd/sdhci.h | 5 +
 2 files changed, 11 insertions(+)

diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index db7d547156..c675543873 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -275,6 +275,10 @@ static void sdhci_set_readonly(DeviceState *dev, bool 
level)
 {
 SDHCIState *s = (SDHCIState *)dev;
 
+if (s->wp_inverted) {
+level = !level;
+}
+
 if (level) {
 s->prnsts &= ~SDHC_WRITE_PROTECT;
 } else {
@@ -1551,6 +1555,8 @@ static Property sdhci_sysbus_properties[] = {
  false),
 DEFINE_PROP_LINK("dma", SDHCIState,
  dma_mr, TYPE_MEMORY_REGION, MemoryRegion *),
+DEFINE_PROP_BOOL("wp-inverted", SDHCIState,
+ wp_inverted, false),
 DEFINE_PROP_END_OF_LIST(),
 };
 
diff --git a/include/hw/sd/sdhci.h b/include/hw/sd/sdhci.h
index 6cd2822f1d..25ad9ed778 100644
--- a/include/hw/sd/sdhci.h
+++ b/include/hw/sd/sdhci.h
@@ -100,6 +100,11 @@ struct SDHCIState {
 uint8_t sd_spec_version;
 uint8_t uhs_mode;
 uint8_t vendor;/* For vendor specific functionality */
+/*
+ * Write Protect pin default active low for detecting SD card
+ * to be protected. Set wp_inverted to true inverted the signal.
+ */
+bool wp_inverted;
 };
 typedef struct SDHCIState SDHCIState;
 
-- 
2.34.1

[PATCH v2 3/3] hw/arm/aspeed: Invert sdhci write protected pin for AST2600 and AST2500 EVBs

[Jamin Lin via]

The Write Protect pin of SDHCI model is default active low to match the SDHCI
spec. So, write enable the bit 19 should be 1 and write protected the bit 19
should be 0 at the Present State Register (0x24).

According to the design of AST2500 and AST2600 EVBs, the Write Protected pin
is active high by default. To support it, introduces a new "sdhci_wp_inverted"
property in ASPEED MACHINE State and set it true for AST2500 and AST2600 EVBs
and set "wp_inverted" property true of sdhci-generic model.

Signed-off-by: Jamin Lin 
Reviewed-by: Andrew Jeffery 
---
 hw/arm/aspeed.c | 8 
 include/hw/arm/aspeed.h | 1 +
 2 files changed, 9 insertions(+)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index e447923536..b10033d536 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -403,6 +403,12 @@ static void aspeed_machine_init(MachineState *machine)
  OBJECT(get_system_memory()), &error_abort);
 object_property_set_link(OBJECT(bmc->soc), "dram",
  OBJECT(machine->ram), &error_abort);
+if (amc->sdhci_wp_inverted) {
+for (i = 0; i < bmc->soc->sdhci.num_slots; i++) {
+object_property_set_bool(OBJECT(&bmc->soc->sdhci.slots[i]),
+ "wp-inverted", true, &error_abort);
+}
+}
 if (machine->kernel_filename) {
 /*
  * When booting with a -kernel command line there is no u-boot
@@ -1308,6 +1314,7 @@ static void 
aspeed_machine_ast2500_evb_class_init(ObjectClass *oc, void *data)
 amc->fmc_model = "mx25l25635e";
 amc->spi_model = "mx25l25635f";
 amc->num_cs= 1;
+amc->sdhci_wp_inverted = true;
 amc->i2c_init  = ast2500_evb_i2c_init;
 mc->default_ram_size   = 512 * MiB;
 aspeed_machine_class_init_cpus_defaults(mc);
@@ -1409,6 +1416,7 @@ static void 
aspeed_machine_ast2600_evb_class_init(ObjectClass *oc, void *data)
 amc->num_cs= 1;
 amc->macs_mask = ASPEED_MAC0_ON | ASPEED_MAC1_ON | ASPEED_MAC2_ON |
  ASPEED_MAC3_ON;
+amc->sdhci_wp_inverted = true;
 amc->i2c_init  = ast2600_evb_i2c_init;
 mc->default_ram_size = 1 * GiB;
 aspeed_machine_class_init_cpus_defaults(mc);
diff --git a/include/hw/arm/aspeed.h b/include/hw/arm/aspeed.h
index cbeacb214c..9cae45a1c9 100644
--- a/include/hw/arm/aspeed.h
+++ b/include/hw/arm/aspeed.h
@@ -39,6 +39,7 @@ struct AspeedMachineClass {
 uint32_t macs_mask;
 void (*i2c_init)(AspeedMachineState *bmc);
 uint32_t uart_default;
+bool sdhci_wp_inverted;
 };
 
 
-- 
2.34.1

[PATCH v6 00/15] macOS PV Graphics and new vmapple machine type

[Phil Dennis-Jordan]

This patch set introduces a new ARM and macOS HVF specific machine type
called "vmapple", as well as a family of display devices based on the
ParavirtualizedGraphics.framework in macOS. One of the display adapter
variants, apple-gfx-mmio, is required for the new machine type, while
apple-gfx-pci can be used to enable 3D graphics acceleration with x86-64
macOS guest OSes.

Previous versions of this patch set were submitted semi-separately:
the original vmapple patch set by Alexander Graf included a monolithic
implementation of apple-gfx-mmio. I subsequently reviewed and reworked
the latter to support the PCI variant of the device as well and submitted
the result in isolation. As requested in subsequent review, I have now
recombined this with the original vmapple patch set, which I have updated
and improved in a few ways as well.

The vmapple machine type approximates the configuration in macOS's own
Virtualization.framework when running arm64 macOS guests. In addition to
generic components such as a GICv3 and an XHCI USB controller, it
includes nonstandard extensions to the virtio block device, a special
"hardware" aes engine, a configuration device, a pvpanic variant, a
"backdoor" interface, and of course the apple-gfx paravirtualised display
adapter.

There are currently a few limitations to this which aren't intrinsic,
just imperfect emulation of the VZF, but it's good enough to be just
about usable for some purposes:

 * macOS 12 guests only. Versions 13+ currently fail during early boot.
 * macOS 11+ arm64 hosts only, with hvf accel. (Perhaps some differences
   between Apple M series CPUs and TCG's aarch64 implementation? macOS
   hosts only because ParavirtualizedGraphics.framework is a black box
   implementing most of the logic behind the apple-gfx device.)
 * PCI devices use legacy IRQs, not MSI/MSI-X. As far as I can tell,
   we'd need to include the GICv3 ITS, but it's unclear to me what
   exactly needs wiring up.
 * Due to lack of MSI(-X), event delivery from USB devices to the guest
   macOS isn't working correctly. My current conclusion is that the
   OS's XHCI driver simply was never designed to work with legacy IRQs.
   The upshot is that keyboard and mouse/tablet input is very laggy.
   The solution would be to implement MSI(-X) support or figure out how
   to make hcd-xhci-sysbus work with the macOS guest, if at all possible.
   (EHCI and UHCI/OHCI controllers are not an option as the VMAPPLE
   guest kernel does not include drivers for these.)
 * The guest OS must first be provisioned using Virtualization.framework;
   the disk images can subsequently be used in Qemu. (See docs.)

The apple-gfx device can be used independently from the vmapple machine
type, at least in the PCI variant. It mainly targets x86-64 macOS guests
from version 11 on, but also includes a UEFI bootrom for basic
framebuffer mode. macOS 11 is also required on the host side, as well
as a GPU that supports the Metal API. On the guest side, this provides
3D acceleration/GPGPU support with a baseline Metal feature set,
irrespective of the host GPU's feature set. A few limitations in the
current integration:

 * Although it works fine with TCG, it does not work correctly
   cross-architecture: x86-64 guests on arm64 hosts appear to make
   some boot progress, but rendering is corrupted. I suspect
   incompatible texture memory layouts; I have no idea if this is
   fixable.
 * ParavirtualizedGraphics.framework and the guest driver support
   multi-headed configurations. The current Qemu integration always
   connects precisely 1 display.
 * State serialisation and deserialisation is currently not
   implemented, though supported in principle by the framework.
   Both apple-gfx variants thus set up a migration blocker.
 * Rendering efficiency could be better. The GPU-rendered guest
   framebuffer is copied to system memory and uses Qemu's usual
   CPU-based drawing. For maximum efficiency, the Metal texture
   containing the guest framebuffer could be drawn directly to
   a Metal view in the host window, staying on the GPU. (Similar
   to the OpenGL/virgl render path on other platforms.)

My part of this work has been sponsored by Sauce Labs Inc.

---

v2 -> v3:

 * Merged the apple-gfx and vmapple patchsets.
 * Squashed a bunch of later apple-gfx patches into the main one.
   (dGPU support, queried MMIO area size, host GPU picking logic.)
 * Rebased on latest upstream, fixing any breakages due to internal
   Qemu API changes.
 * apple-gfx: Switched to re-entrant MMIO. This is supported by the
   underlying framework and simplifies the MMIO forwarding code which
   was previously different on x86-64 vs aarch64.
 * vmapple: Fixes for minor bugs and comments from the last round of
   review.
 * vmapple aes, conf, apple-gfx: Switched reset methods to implement
   the ResettableClass base's interface.
 * vmapple: switched from virtio-hid to an XHCI USB controller and
   USB mouse and tablet devices. macOS does not provide dri

[PATCH v6 08/15] hvf: arm: Ignore writes to CNTP_CTL_EL0

[Phil Dennis-Jordan]

From: Alexander Graf 

MacOS unconditionally disables interrupts of the physical timer on boot
and then continues to use the virtual one. We don't really want to support
a full physical timer emulation, so let's just ignore those writes.

Signed-off-by: Alexander Graf 
Signed-off-by: Phil Dennis-Jordan 
Reviewed-by: Akihiko Odaki 
---
 target/arm/hvf/hvf.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index 6cea483d422..b45b764dfd0 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -11,6 +11,7 @@
 
 #include "qemu/osdep.h"
 #include "qemu/error-report.h"
+#include "qemu/log.h"
 
 #include "sysemu/runstate.h"
 #include "sysemu/hvf.h"
@@ -184,6 +185,7 @@ void hvf_arm_init_debug(void)
 #define SYSREG_OSLSR_EL1  SYSREG(2, 0, 1, 1, 4)
 #define SYSREG_OSDLR_EL1  SYSREG(2, 0, 1, 3, 4)
 #define SYSREG_CNTPCT_EL0 SYSREG(3, 3, 14, 0, 1)
+#define SYSREG_CNTP_CTL_EL0   SYSREG(3, 3, 14, 2, 1)
 #define SYSREG_PMCR_EL0   SYSREG(3, 3, 9, 12, 0)
 #define SYSREG_PMUSERENR_EL0  SYSREG(3, 3, 9, 14, 0)
 #define SYSREG_PMCNTENSET_EL0 SYSREG(3, 3, 9, 12, 1)
@@ -1620,6 +1622,13 @@ static int hvf_sysreg_write(CPUState *cpu, uint32_t reg, 
uint64_t val)
 case SYSREG_OSLAR_EL1:
 env->cp15.oslsr_el1 = val & 1;
 return 0;
+case SYSREG_CNTP_CTL_EL0:
+/*
+ * Guests should not rely on the physical counter, but macOS emits
+ * disable writes to it. Let it do so, but ignore the requests.
+ */
+qemu_log_mask(LOG_UNIMP, "Unsupported write to CNTP_CTL_EL0\n");
+return 0;
 case SYSREG_OSDLR_EL1:
 /* Dummy register */
 return 0;
-- 
2.39.3 (Apple Git-145)

[PATCH v6 12/15] hw/vmapple/cfg: Introduce vmapple cfg region

[Phil Dennis-Jordan]

From: Alexander Graf 

Instead of device tree or other more standardized means, VMApple passes
platform configuration to the first stage boot loader in a binary encoded
format that resides at a dedicated RAM region in physical address space.

This patch models this configuration space as a qdev device which we can
then map at the fixed location in the address space. That way, we can
influence and annotate all configuration fields easily.

Signed-off-by: Alexander Graf 
Signed-off-by: Phil Dennis-Jordan 
---

v3:

 * Replaced legacy device reset method with Resettable method

v4:

 * Fixed initialisation of default values for properties
 * Dropped superfluous endianness conversions
 * Moved most header code to .c, device name #define goes in vmapple.h

v5:

 * Improved error reporting in case of string property buffer overflow.

 hw/vmapple/Kconfig   |   3 +
 hw/vmapple/cfg.c | 203 +++
 hw/vmapple/meson.build   |   1 +
 include/hw/vmapple/vmapple.h |   2 +
 4 files changed, 209 insertions(+)
 create mode 100644 hw/vmapple/cfg.c

diff --git a/hw/vmapple/Kconfig b/hw/vmapple/Kconfig
index 68f88876eb9..8bbeb9a9237 100644
--- a/hw/vmapple/Kconfig
+++ b/hw/vmapple/Kconfig
@@ -4,3 +4,6 @@ config VMAPPLE_AES
 config VMAPPLE_BDIF
 bool
 
+config VMAPPLE_CFG
+bool
+
diff --git a/hw/vmapple/cfg.c b/hw/vmapple/cfg.c
new file mode 100644
index 000..91c57239f86
--- /dev/null
+++ b/hw/vmapple/cfg.c
@@ -0,0 +1,203 @@
+/*
+ * VMApple Configuration Region
+ *
+ * Copyright © 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/vmapple/vmapple.h"
+#include "hw/sysbus.h"
+#include "qemu/log.h"
+#include "qemu/module.h"
+#include "qapi/error.h"
+#include "net/net.h"
+
+OBJECT_DECLARE_SIMPLE_TYPE(VMAppleCfgState, VMAPPLE_CFG)
+
+#define VMAPPLE_CFG_SIZE 0x0001
+
+typedef struct VMAppleCfg {
+uint32_t version; /* 0x000 */
+uint32_t nr_cpus; /* 0x004 */
+uint32_t unk1;/* 0x008 */
+uint32_t unk2;/* 0x00c */
+uint32_t unk3;/* 0x010 */
+uint32_t unk4;/* 0x014 */
+uint64_t ecid;/* 0x018 */
+uint64_t ram_size;/* 0x020 */
+uint32_t run_installer1;  /* 0x028 */
+uint32_t unk5;/* 0x02c */
+uint32_t unk6;/* 0x030 */
+uint32_t run_installer2;  /* 0x034 */
+uint32_t rnd; /* 0x038 */
+uint32_t unk7;/* 0x03c */
+MACAddr mac_en0;  /* 0x040 */
+uint8_t pad1[2];
+MACAddr mac_en1;  /* 0x048 */
+uint8_t pad2[2];
+MACAddr mac_wifi0;/* 0x050 */
+uint8_t pad3[2];
+MACAddr mac_bt0;  /* 0x058 */
+uint8_t pad4[2];
+uint8_t reserved[0xa0];   /* 0x060 */
+uint32_t cpu_ids[0x80];   /* 0x100 */
+uint8_t scratch[0x200];   /* 0x180 */
+char serial[32];  /* 0x380 */
+char unk8[32];/* 0x3a0 */
+char model[32];   /* 0x3c0 */
+uint8_t unk9[32]; /* 0x3e0 */
+uint32_t unk10;   /* 0x400 */
+char soc_name[32];/* 0x404 */
+} VMAppleCfg;
+
+struct VMAppleCfgState {
+SysBusDevice parent_obj;
+VMAppleCfg cfg;
+
+MemoryRegion mem;
+char *serial;
+char *model;
+char *soc_name;
+};
+
+static void vmapple_cfg_reset(Object *obj, ResetType type)
+{
+VMAppleCfgState *s = VMAPPLE_CFG(obj);
+VMAppleCfg *cfg;
+
+cfg = memory_region_get_ram_ptr(&s->mem);
+memset(cfg, 0, VMAPPLE_CFG_SIZE);
+*cfg = s->cfg;
+}
+
+static bool strlcpy_set_error(char *restrict dst, const char *restrict src,
+  size_t dst_size, Error **errp,
+  const char *parent_func, const char *location,
+  const char *buffer_name, const char *extra_info)
+{
+size_t len;
+
+len = g_strlcpy(dst, src, dst_size);
+if (len < dst_size) { /* len does not count nul terminator */
+return true;
+}
+
+error_setg(errp,
+   "%s (%s) strlcpy error: Destination buffer %s too small "
+   "(need %zu, have %zu) %s",
+   parent_func, location, buffer_name, len + 1, dst_size, 
extra_info);
+return false;
+}
+
+/*
+ * String copying wrapper that returns and reports a runtime error in
+ * case of truncation due to insufficient destination buffer space.
+ */
+#define strlcpy_array_return_error(dst_array, src, errp, extra_info) \
+do { \
+if (!strlcpy_set_error((dst_array), (src), ARRAY_SIZE(dst_array), \
+   (errp), __func__, stringify(__LINE__), \
+   # dst_array, extra_info)) { \
+return; \
+} \
+} while (0)
+
+s

[PATCH v6 02/15] hw/display/apple-gfx: Introduce ParavirtualizedGraphics.Framework support

[Phil Dennis-Jordan]

MacOS provides a framework (library) that allows any vmm to implement a
paravirtualized 3d graphics passthrough to the host metal stack called
ParavirtualizedGraphics.Framework (PVG). The library abstracts away
almost every aspect of the paravirtualized device model and only provides
and receives callbacks on MMIO access as well as to share memory address
space between the VM and PVG.

This patch implements a QEMU device that drives PVG for the VMApple
variant of it.

Signed-off-by: Alexander Graf 
Co-authored-by: Alexander Graf 

Subsequent changes:

 * Cherry-pick/rebase conflict fixes, API use updates.
 * Moved from hw/vmapple/ (useful outside that machine type)
 * Overhaul of threading model, many thread safety improvements.
 * Asynchronous rendering.
 * Memory and object lifetime fixes.
 * Refactoring to split generic and (vmapple) MMIO variant specific
   code.

Implementation wise, most of the complexity lies in the differing threading
models of ParavirtualizedGraphics.framework, which uses libdispatch and
internal locks, versus QEMU, which heavily uses the BQL, especially during
memory-mapped device I/O. Great care has therefore been taken to prevent
deadlocks by never calling into PVG methods while holding the BQL, and
similarly never acquiring the BQL in a callback from PVG. Different strategies
have been used (libdispatch, blocking and non-blocking BHs, RCU, etc.)
depending on the specific requirements at each framework entry and exit point.

Signed-off-by: Phil Dennis-Jordan 
---

v2:

 * Cherry-pick/rebase conflict fixes
 * BQL function renaming
 * Moved from hw/vmapple/ (useful outside that machine type)
 * Code review comments: Switched to DEFINE_TYPES macro & little endian
   MMIO.
 * Removed some dead/superfluous code
 * Mad set_mode thread & memory safe
 * Added migration blocker due to lack of (de-)serialisation.
 * Fixes to ObjC refcounting and autorelease pool usage.
 * Fixed ObjC new/init misuse
 * Switched to ObjC category extension for private property.
 * Simplified task memory mapping and made it thread safe.
 * Refactoring to split generic and vmapple MMIO variant specific
   code.
 * Switched to asynchronous MMIO writes on x86-64
 * Rendering and graphics update are now done asynchronously
 * Fixed cursor handling
 * Coding convention fixes
 * Removed software cursor compositing

v3:

 * Rebased on latest upstream, fixed breakages including switching to 
Resettable methods.
 * Squashed patches dealing with dGPUs, MMIO area size, and GPU picking.
 * Allow re-entrant MMIO; this simplifies the code and solves the divergence
   between x86-64 and arm64 variants.

v4:

 * Renamed '-vmapple' device variant to '-mmio'
 * MMIO device type now requires aarch64 host and guest
 * Complete overhaul of the glue code for making Qemu's and
   ParavirtualizedGraphics.framework's threading and synchronisation models
   work together. Calls into PVG are from dispatch queues while the
   BQL-holding initiating thread processes AIO context events; callbacks from
   PVG are scheduled as BHs on the BQL/main AIO context, awaiting completion
   where necessary.
 * Guest frame rendering state is covered by the BQL, with only the PVG calls
   outside the lock, and serialised on the named render_queue.
 * Simplified logic for dropping frames in-flight during mode changes, fixed
   bug in pending frames logic.
 * Addressed smaller code review notes such as: function naming, object type
   declarations, type names/declarations/casts, code formatting, #include
   order, over-cautious ObjC retain/release, what goes in init vs realize,
   etc.

v5:

 * Smaller non-functional fixes in response to review comments, such as using
   NULL for the AIO_WAIT_WHILE context argument, type name formatting,
   deleting leftover debug code, logging improvements, state struct field
   order and documentation improvements, etc.
 * Instead of a single condition variable for all synchronous BH job types,
   there is now one for each callback block. This reduces the number
   of threads being awoken unnecessarily to near zero.
 * MMIO device variant: Unified the BH job for raising interrupts.
 * Use DMA APIs for PVG framework's guest memory read requests.
 * Thread safety improvements: ensure mutable AppleGFXState fields are not
   accessed outside the appropriate lock. Added dedicated mutex for the task
   list.
 * Retain references to MemoryRegions for which there exist mappings in each
   PGTask, and for IOSurface mappings.

v6:

 * Switched PGTask_s's' mapped_regions from GPtrArray to GArray
 * Allow DisplaySurface to manage its own vram now that texture -> vram copy
   occurs under BQL.
 * Memory mapping operations now use RCU_READ_LOCK_GUARD() where possible
   instead of a heavy-weight BH job to acquire the BQL.
 * Changed PVG cursor and mode setting callbacks to kick off BHs instead of
   libdispatch tasks which then locked the BQL explicitly.
 * The single remaining callback which must wait for a BH to complete now
   

[PATCH v6 13/15] hw/vmapple/virtio-blk: Add support for apple virtio-blk

[Phil Dennis-Jordan]

From: Alexander Graf 

Apple has its own virtio-blk PCI device ID where it deviates from the
official virtio-pci spec slightly: It puts a new "apple type"
field at a static offset in config space and introduces a new barrier
command.

This patch first creates a mechanism for virtio-blk downstream classes to
handle unknown commands. It then creates such a downstream class and a new
vmapple-virtio-blk-pci class which support the additional apple type config
identifier as well as the barrier command.

It then exposes 2 subclasses from that that we can use to expose root and
aux virtio-blk devices: "vmapple-virtio-root" and "vmapple-virtio-aux".

Signed-off-by: Alexander Graf 
Signed-off-by: Phil Dennis-Jordan 
---

v4:

 * Use recommended object type declaration pattern.
 * Correctly log unimplemented code paths.
 * Most header code moved to .c, type name #defines moved to vmapple.h

v5:

 * Corrected handling of potentially unaligned writes to virtio config area.
 * Simplified passing through device variant type to subobject.

 hw/block/virtio-blk.c  |  19 ++-
 hw/vmapple/Kconfig |   3 +
 hw/vmapple/meson.build |   1 +
 hw/vmapple/virtio-blk.c| 226 +
 include/hw/pci/pci_ids.h   |   1 +
 include/hw/virtio/virtio-blk.h |  12 +-
 include/hw/vmapple/vmapple.h   |   4 +
 7 files changed, 261 insertions(+), 5 deletions(-)
 create mode 100644 hw/vmapple/virtio-blk.c

diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 9166d7974d4..9e8337bb639 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -50,12 +50,12 @@ static void virtio_blk_init_request(VirtIOBlock *s, 
VirtQueue *vq,
 req->mr_next = NULL;
 }
 
-static void virtio_blk_free_request(VirtIOBlockReq *req)
+void virtio_blk_free_request(VirtIOBlockReq *req)
 {
 g_free(req);
 }
 
-static void virtio_blk_req_complete(VirtIOBlockReq *req, unsigned char status)
+void virtio_blk_req_complete(VirtIOBlockReq *req, unsigned char status)
 {
 VirtIOBlock *s = req->dev;
 VirtIODevice *vdev = VIRTIO_DEVICE(s);
@@ -966,8 +966,18 @@ static int virtio_blk_handle_request(VirtIOBlockReq *req, 
MultiReqBuffer *mrb)
 break;
 }
 default:
-virtio_blk_req_complete(req, VIRTIO_BLK_S_UNSUPP);
-virtio_blk_free_request(req);
+{
+/*
+ * Give subclasses a chance to handle unknown requests. This way the
+ * class lookup is not in the hot path.
+ */
+VirtIOBlkClass *vbk = VIRTIO_BLK_GET_CLASS(s);
+if (!vbk->handle_unknown_request ||
+!vbk->handle_unknown_request(req, mrb, type)) {
+virtio_blk_req_complete(req, VIRTIO_BLK_S_UNSUPP);
+virtio_blk_free_request(req);
+}
+}
 }
 return 0;
 }
@@ -2044,6 +2054,7 @@ static const TypeInfo virtio_blk_info = {
 .instance_size = sizeof(VirtIOBlock),
 .instance_init = virtio_blk_instance_init,
 .class_init = virtio_blk_class_init,
+.class_size = sizeof(VirtIOBlkClass),
 };
 
 static void virtio_register_types(void)
diff --git a/hw/vmapple/Kconfig b/hw/vmapple/Kconfig
index 8bbeb9a9237..bcd1be63e3c 100644
--- a/hw/vmapple/Kconfig
+++ b/hw/vmapple/Kconfig
@@ -7,3 +7,6 @@ config VMAPPLE_BDIF
 config VMAPPLE_CFG
 bool
 
+config VMAPPLE_VIRTIO_BLK
+bool
+
diff --git a/hw/vmapple/meson.build b/hw/vmapple/meson.build
index 64b78693a31..bf17cf906c9 100644
--- a/hw/vmapple/meson.build
+++ b/hw/vmapple/meson.build
@@ -1,3 +1,4 @@
 system_ss.add(when: 'CONFIG_VMAPPLE_AES',  if_true: files('aes.c'))
 system_ss.add(when: 'CONFIG_VMAPPLE_BDIF', if_true: files('bdif.c'))
 system_ss.add(when: 'CONFIG_VMAPPLE_CFG',  if_true: files('cfg.c'))
+system_ss.add(when: 'CONFIG_VMAPPLE_VIRTIO_BLK',  if_true: 
files('virtio-blk.c'))
diff --git a/hw/vmapple/virtio-blk.c b/hw/vmapple/virtio-blk.c
new file mode 100644
index 000..1652151ec9c
--- /dev/null
+++ b/hw/vmapple/virtio-blk.c
@@ -0,0 +1,226 @@
+/*
+ * VMApple specific VirtIO Block implementation
+ *
+ * Copyright © 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * VMApple uses almost standard VirtIO Block, but with a few key differences:
+ *
+ *  - Different PCI device/vendor ID
+ *  - An additional "type" identifier to differentiate AUX and Root volumes
+ *  - An additional BARRIER command
+ */
+
+#include "qemu/osdep.h"
+#include "hw/vmapple/vmapple.h"
+#include "hw/virtio/virtio-blk.h"
+#include "hw/virtio/virtio-pci.h"
+#include "qemu/bswap.h"
+#include "qemu/log.h"
+#include "qemu/module.h"
+#include "qapi/error.h"
+
+OBJECT_DECLARE_TYPE(VMAppleVirtIOBlk, VMAppleVirtIOBlkClass, 
VMAPPLE_VIRTIO_BLK)
+
+typedef struct VMAppleVirtIOBlkClass {
+VirtIOBlkClass parent;
+
+void (*get_config)(VirtIODevice *vdev, uint8_t *config);
+} VMApple

[PATCH v6 04/15] hw/display/apple-gfx: Adds configurable mode list

[Phil Dennis-Jordan]

This change adds a property 'display_modes' on the graphics device
which permits specifying a list of display modes. (screen resolution
and refresh rate)

The property is an array of a custom type to make the syntax slightly
less awkward to use, for example:

-device '{"driver":"apple-gfx-pci", "display-modes":["1920x1080@60", 
"3840x2160@60"]}'

Signed-off-by: Phil Dennis-Jordan 
---

v4:

 * Switched to the native array property type, which recently gained
 command line support.
 * The property has also been added to the -mmio variant.
 * Tidied up the code a little.

v5:

 * Better error handling and buffer management in property parsing and
   output.

v6:

 * Switched to using NSMutableArray for the mode list to avoid need for
   allocating a temporary array - previously done with alloca.

 hw/display/apple-gfx-mmio.m |   8 +++
 hw/display/apple-gfx-pci.m  |   9 ++-
 hw/display/apple-gfx.h  |  12 
 hw/display/apple-gfx.m  | 137 +++-
 hw/display/trace-events |   2 +
 5 files changed, 148 insertions(+), 20 deletions(-)

diff --git a/hw/display/apple-gfx-mmio.m b/hw/display/apple-gfx-mmio.m
index 66d81d38326..ddc8a2fc4f3 100644
--- a/hw/display/apple-gfx-mmio.m
+++ b/hw/display/apple-gfx-mmio.m
@@ -258,6 +258,12 @@ static void apple_gfx_mmio_reset(Object *obj, ResetType 
type)
 [s->common.pgdev reset];
 }
 
+static Property apple_gfx_mmio_properties[] = {
+DEFINE_PROP_ARRAY("display-modes", AppleGFXMMIOState,
+  common.num_display_modes, common.display_modes,
+  qdev_prop_display_mode, AppleGFXDisplayMode),
+DEFINE_PROP_END_OF_LIST(),
+};
 
 static void apple_gfx_mmio_class_init(ObjectClass *klass, void *data)
 {
@@ -267,6 +273,8 @@ static void apple_gfx_mmio_class_init(ObjectClass *klass, 
void *data)
 rc->phases.hold = apple_gfx_mmio_reset;
 dc->hotpluggable = false;
 dc->realize = apple_gfx_mmio_realize;
+
+device_class_set_props(dc, apple_gfx_mmio_properties);
 }
 
 static TypeInfo apple_gfx_mmio_types[] = {
diff --git a/hw/display/apple-gfx-pci.m b/hw/display/apple-gfx-pci.m
index 870d0c41e66..e2fa2567c99 100644
--- a/hw/display/apple-gfx-pci.m
+++ b/hw/display/apple-gfx-pci.m
@@ -113,6 +113,13 @@ static void apple_gfx_pci_reset(Object *obj, ResetType 
type)
 [s->common.pgdev reset];
 }
 
+static Property apple_gfx_pci_properties[] = {
+DEFINE_PROP_ARRAY("display-modes", AppleGFXPCIState,
+  common.num_display_modes, common.display_modes,
+  qdev_prop_display_mode, AppleGFXDisplayMode),
+DEFINE_PROP_END_OF_LIST(),
+};
+
 static void apple_gfx_pci_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -129,7 +136,7 @@ static void apple_gfx_pci_class_init(ObjectClass *klass, 
void *data)
 pci->class_id = PCI_CLASS_DISPLAY_OTHER;
 pci->realize = apple_gfx_pci_realize;
 
-// TODO: Property for setting mode list
+device_class_set_props(dc, apple_gfx_pci_properties);
 }
 
 static TypeInfo apple_gfx_pci_types[] = {
diff --git a/hw/display/apple-gfx.h b/hw/display/apple-gfx.h
index 91b55299338..3868ea87391 100644
--- a/hw/display/apple-gfx.h
+++ b/hw/display/apple-gfx.h
@@ -16,6 +16,7 @@
 #import 
 #include "qemu/typedefs.h"
 #include "exec/memory.h"
+#include "hw/qdev-properties.h"
 #include "ui/surface.h"
 
 @class PGDeviceDescriptor;
@@ -27,6 +28,7 @@
 
 typedef QTAILQ_HEAD(, PGTask_s) PGTaskList;
 
+struct AppleGFXDisplayMode;
 typedef struct AppleGFXState {
 /* Initialised on init/realize() */
 MemoryRegion iomem_gfx;
@@ -36,6 +38,8 @@ typedef struct AppleGFXState {
 id mtl;
 id mtl_queue;
 dispatch_queue_t render_queue;
+struct AppleGFXDisplayMode *display_modes;
+uint32_t num_display_modes;
 
 /* List `tasks` is protected by task_mutex */
 QemuMutex task_mutex;
@@ -54,6 +58,12 @@ typedef struct AppleGFXState {
 bool cursor_show;
 } AppleGFXState;
 
+typedef struct AppleGFXDisplayMode {
+uint16_t width_px;
+uint16_t height_px;
+uint16_t refresh_rate_hz;
+} AppleGFXDisplayMode;
+
 void apple_gfx_common_init(Object *obj, AppleGFXState *s, const char* 
obj_name);
 void apple_gfx_common_realize(AppleGFXState *s, PGDeviceDescriptor *desc,
   Error **errp);
@@ -61,5 +71,7 @@ uintptr_t apple_gfx_host_address_for_gpa_range(uint64_t 
guest_physical,
uint64_t length, bool read_only,
MemoryRegion 
**mapping_in_region);
 
+extern const PropertyInfo qdev_prop_display_mode;
+
 #endif
 
diff --git a/hw/display/apple-gfx.m b/hw/display/apple-gfx.m
index bce08e57c3f..c4acefccee8 100644
--- a/hw/display/apple-gfx.m
+++ b/hw/display/apple-gfx.m
@@ -31,9 +31,10 @@
 #include "sysemu/dma.h"
 #include "ui/console.h"
 
-static const PGDisplayCoord_t apple_gfx_modes[] = {
-{ .x = 1440, .y = 1080 },
-{ .x = 1280, .y = 10

[PATCH v6 03/15] hw/display/apple-gfx: Adds PCI implementation

[Phil Dennis-Jordan]

This change wires up the PCI variant of the paravirtualised
graphics device, mainly useful for x86-64 macOS guests, implemented
by macOS's ParavirtualizedGraphics.framework. It builds on code
shared with the vmapple/mmio variant of the PVG device.

Signed-off-by: Phil Dennis-Jordan 
---

v4:

 * Threading improvements analogous to those in common apple-gfx code
   and mmio device variant.
 * Smaller code review issues addressed.

v5:

 * Minor error handling improvement.

 hw/display/Kconfig |   4 +
 hw/display/apple-gfx-pci.m | 149 +
 hw/display/meson.build |   1 +
 3 files changed, 154 insertions(+)
 create mode 100644 hw/display/apple-gfx-pci.m

diff --git a/hw/display/Kconfig b/hw/display/Kconfig
index 6a9b7b19ada..2b53dfd7d26 100644
--- a/hw/display/Kconfig
+++ b/hw/display/Kconfig
@@ -149,3 +149,7 @@ config MAC_PVG_MMIO
 bool
 depends on MAC_PVG && AARCH64
 
+config MAC_PVG_PCI
+bool
+depends on MAC_PVG && PCI
+default y if PCI_DEVICES
diff --git a/hw/display/apple-gfx-pci.m b/hw/display/apple-gfx-pci.m
new file mode 100644
index 000..870d0c41e66
--- /dev/null
+++ b/hw/display/apple-gfx-pci.m
@@ -0,0 +1,149 @@
+/*
+ * QEMU Apple ParavirtualizedGraphics.framework device, PCI variant
+ *
+ * Copyright © 2023-2024 Phil Dennis-Jordan
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * ParavirtualizedGraphics.framework is a set of libraries that macOS provides
+ * which implements 3d graphics passthrough to the host as well as a
+ * proprietary guest communication channel to drive it. This device model
+ * implements support to drive that library from within QEMU as a PCI device
+ * aimed primarily at x86-64 macOS VMs.
+ */
+
+#include "apple-gfx.h"
+#include "hw/pci/pci_device.h"
+#include "hw/pci/msi.h"
+#include "qapi/error.h"
+#include "trace.h"
+#import 
+
+OBJECT_DECLARE_SIMPLE_TYPE(AppleGFXPCIState, APPLE_GFX_PCI)
+
+struct AppleGFXPCIState {
+PCIDevice parent_obj;
+
+AppleGFXState common;
+};
+
+static const char* apple_gfx_pci_option_rom_path = NULL;
+
+static void apple_gfx_init_option_rom_path(void)
+{
+NSURL *option_rom_url = PGCopyOptionROMURL();
+const char *option_rom_path = option_rom_url.fileSystemRepresentation;
+apple_gfx_pci_option_rom_path = g_strdup(option_rom_path);
+[option_rom_url release];
+}
+
+static void apple_gfx_pci_init(Object *obj)
+{
+AppleGFXPCIState *s = APPLE_GFX_PCI(obj);
+
+if (!apple_gfx_pci_option_rom_path) {
+/* The following is done on device not class init to avoid running
+ * ObjC code before fork() in -daemonize mode. */
+PCIDeviceClass *pci = PCI_DEVICE_CLASS(object_get_class(obj));
+apple_gfx_init_option_rom_path();
+pci->romfile = apple_gfx_pci_option_rom_path;
+}
+
+apple_gfx_common_init(obj, &s->common, TYPE_APPLE_GFX_PCI);
+}
+
+typedef struct AppleGFXPCIInterruptJob {
+PCIDevice *device;
+uint32_t vector;
+} AppleGFXPCIInterruptJob;
+
+static void apple_gfx_pci_raise_interrupt(void *opaque)
+{
+AppleGFXPCIInterruptJob *job = opaque;
+
+if (msi_enabled(job->device)) {
+msi_notify(job->device, job->vector);
+}
+g_free(job);
+}
+
+static void apple_gfx_pci_interrupt(PCIDevice *dev, AppleGFXPCIState *s,
+uint32_t vector)
+{
+AppleGFXPCIInterruptJob *job;
+
+trace_apple_gfx_raise_irq(vector);
+job = g_malloc0(sizeof(*job));
+job->device = dev;
+job->vector = vector;
+aio_bh_schedule_oneshot(qemu_get_aio_context(),
+apple_gfx_pci_raise_interrupt, job);
+}
+
+static void apple_gfx_pci_realize(PCIDevice *dev, Error **errp)
+{
+AppleGFXPCIState *s = APPLE_GFX_PCI(dev);
+int ret;
+
+pci_register_bar(dev, PG_PCI_BAR_MMIO,
+ PCI_BASE_ADDRESS_SPACE_MEMORY, &s->common.iomem_gfx);
+
+ret = msi_init(dev, 0x0 /* config offset; 0 = find space */,
+   PG_PCI_MAX_MSI_VECTORS, true /* msi64bit */,
+   false /*msi_per_vector_mask*/, errp);
+if (ret != 0) {
+return;
+}
+
+@autoreleasepool {
+PGDeviceDescriptor *desc = [PGDeviceDescriptor new];
+desc.raiseInterrupt = ^(uint32_t vector) {
+apple_gfx_pci_interrupt(dev, s, vector);
+};
+
+apple_gfx_common_realize(&s->common, desc, errp);
+[desc release];
+desc = nil;
+}
+}
+
+static void apple_gfx_pci_reset(Object *obj, ResetType type)
+{
+AppleGFXPCIState *s = APPLE_GFX_PCI(obj);
+[s->common.pgdev reset];
+}
+
+static void apple_gfx_pci_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+PCIDeviceClass *pci = PCI_DEVICE_CLASS(klass);
+ResettableClass *rc = RESETTABLE_CLASS(klass);
+
+rc->phases.hold = apple_gfx_pci_reset;
+dc->desc = "macOS Paravirtualized Graphics PCI Display Controller";
+dc->hotpluggable = false;
+set_bit(DEVICE_C

RE: [SPAM] [PATCH v1 0/8] Support RTC for AST2700

[Jamin Lin]

Hi Cedric,

> Subject: Re: [SPAM] [PATCH v1 0/8] Support RTC for AST2700
> 
> On 10/29/24 10:17, Jamin Lin wrote:
> > change from v1:
> > 1. Support RTC for AST2700.
> > 2. Support SDHCI write protected pin inverted for AST2500 and AST2600.
> > 3. Introduce Capabilities Register 2 for SD slot 0 and 1.
> > 4. Support create flash devices via command line for AST1030.
> >
> > Jamin Lin (8):
> >aspeed/soc: Support RTC for AST2700
> >hw/timer/aspeed: Fix coding style
> >hw/timer/aspeed: Fix interrupt status does not be cleared for AST2600
> >hw/sd/sdhci: Fix coding style
> >hw/sd/sdhci: Introduce a new Write Protected pin inverted property
> >hw/sd/aspeed_sdhci: Introduce Capabilities Register 2 for SD slot 0
> >  and 1
> >hw/arm/aspeed: Invert sdhci write protected pin for AST2600 and
> >  AST2500 EVBs
> >aspeed: Support create flash devices via command line for AST1030
> >
> >   hw/arm/aspeed.c | 30 --
> >   hw/arm/aspeed_ast27x0.c | 11 +++
> >   hw/sd/aspeed_sdhci.c| 40 ---
> >   hw/sd/sdhci.c   | 70
> -
> >   hw/timer/aspeed_timer.c | 15 +
> >   include/hw/arm/aspeed.h |  1 +
> >   include/hw/sd/sdhci.h   |  5 +++
> >   7 files changed, 123 insertions(+), 49 deletions(-)
> >
> 
> Applied 1,2,3,6,8 to aspeed-next.
> 

Thanks for your help.
Will resend 4,5 and 7 patches in v2.
Thanks-Jamin
> Thanks,
> 
> C.
> 

Re: [PATCH v17 02/14] hw/ppc/spapr_pci: Do not create DT for disabled PCI device

[Shivaprasad G Bhat]

On 10/28/24 11:28 AM, Akihiko Odaki wrote:

On 2024/10/28 12:08, Shivaprasad G Bhat wrote:


On 10/22/24 2:06 PM, Akihiko Odaki wrote:

Disabled means it is a disabled SR-IOV VF and hidden from the guest.
Do not create DT when starting the system and also keep the disabled 
PCI

device not linked to DRC, which generates DT in case of hotplug.

Signed-off-by: Akihiko Odaki 
---
  hw/ppc/spapr_pci.c | 14 +-
  1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 5c0024bef9c4..679a22fe4e79 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -1291,8 +1291,7 @@ static void spapr_dt_pci_device_cb(PCIBus 
*bus, PCIDevice *pdev,

  PciWalkFdt *p = opaque;
  int err;
-    if (p->err) {
-    /* Something's already broken, don't keep going */
+    if (p->err || !pdev->enabled) {
  return;
  }
@@ -1592,10 +1591,10 @@ static void spapr_pci_plug(HotplugHandler 
*plug_handler,

  uint32_t slotnr = PCI_SLOT(pdev->devfn);
  /*
- * If DR is disabled we don't need to do anything in the case of
- * hotplug or coldplug callbacks.
+ * If DR or the PCI device is disabled we don't need to do 
anything

+ * in the case of hotplug or coldplug callbacks.
   */
-    if (!phb->dr_enabled) {
+    if (!phb->dr_enabled || !pdev->enabled) {
  return;
  }


Thank you. This is the right place to be called from the hotplug handler

instead of the spapr_pci_dt_populate() unlike I mentioned before..


@@ -1680,6 +1679,11 @@ static void 
spapr_pci_unplug_request(HotplugHandler *plug_handler,

  }
  g_assert(drc);
+
+    if (!drc->dev) {
+    return;


I agree with the change here, but were you able to get to this path? 
I don't see


  this if condition being entered with,

qemu-system-ppc64 -nographic  -serial none -device spapr-pci-host- 
bridge,index=4,id=pci.1  -device igb,id=igb0 <<< 'device_del igb0'


No. VFs bypass the hotplug path when unplugging. For context, see 
unparent_vfs() in "[PATCH v17 09/14] pcie_sriov: Reuse SR-IOV VF 
device instances.



Thanks. Looks good to me.

Reviewed-by: Shivaprasad G Bhat
Tested-by: Shivaprasad G Bhat


Regards,

Shivaprasad


Regards,
Akihiko Odaki




Regards,

Shivaprasad


+    }
+
  g_assert(drc->dev == plugged_dev);
  if (!spapr_drc_unplug_requested(drc)) {

[PATCH v4 06/26] hw/ppc/e500: Reuse TYPE_GPIO_PWR

[Bernhard Beschow]

Taking inspiration from the ARM virt machine, port away from
qemu_allocate_irq() by reusing TYPE_GPIO_PWR.

Signed-off-by: Bernhard Beschow 
---
 hw/ppc/e500.c  | 16 
 hw/ppc/Kconfig |  1 +
 2 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index a0c856568b..5d75a090ee 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -30,7 +30,6 @@
 #include "sysemu/sysemu.h"
 #include "sysemu/kvm.h"
 #include "sysemu/reset.h"
-#include "sysemu/runstate.h"
 #include "kvm_ppc.h"
 #include "sysemu/device_tree.h"
 #include "hw/ppc/openpic.h"
@@ -47,7 +46,6 @@
 #include "hw/platform-bus.h"
 #include "hw/net/fsl_etsec/etsec.h"
 #include "hw/i2c/i2c.h"
-#include "hw/irq.h"
 #include "hw/sd/sdhci.h"
 #include "hw/misc/unimp.h"
 
@@ -887,13 +885,6 @@ static DeviceState *ppce500_init_mpic(PPCE500MachineState 
*pms,
 return dev;
 }
 
-static void ppce500_power_off(void *opaque, int line, int on)
-{
-if (on) {
-qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
-}
-}
-
 void ppce500_init(MachineState *machine)
 {
 MemoryRegion *address_space_mem = get_system_memory();
@@ -1072,7 +1063,7 @@ void ppce500_init(MachineState *machine)
 sysbus_create_simple("e500-spin", pmc->spin_base, NULL);
 
 if (pmc->has_mpc8xxx_gpio) {
-qemu_irq poweroff_irq;
+DeviceState *gpio_pwr_dev;
 
 dev = qdev_new("mpc8xxx_gpio");
 s = SYS_BUS_DEVICE(dev);
@@ -1082,8 +1073,9 @@ void ppce500_init(MachineState *machine)
 sysbus_mmio_get_region(s, 0));
 
 /* Power Off GPIO at Pin 0 */
-poweroff_irq = qemu_allocate_irq(ppce500_power_off, NULL, 0);
-qdev_connect_gpio_out(dev, 0, poweroff_irq);
+gpio_pwr_dev = sysbus_create_simple("gpio-pwr", -1, NULL);
+qdev_connect_gpio_out(dev, 0, qdev_get_gpio_in_named(gpio_pwr_dev,
+ "shutdown", 0));
 }
 
 /* Platform Bus Device */
diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
index b44d91bebb..12ca3caabf 100644
--- a/hw/ppc/Kconfig
+++ b/hw/ppc/Kconfig
@@ -158,6 +158,7 @@ config E500
 imply VIRTIO_PCI
 select ETSEC
 select GPIO_MPC8XXX
+select GPIO_PWR
 select OPENPIC
 select PFLASH_CFI01
 select PLATFORM_BUS
-- 
2.47.0

[PATCH v4 22/26] hw/i2c/smbus_eeprom: Prefer DEFINE_TYPES() macro

[Bernhard Beschow]

Reviewed-by: Cédric Le Goater 
Signed-off-by: Bernhard Beschow 
---
 hw/i2c/smbus_eeprom.c | 19 ---
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/hw/i2c/smbus_eeprom.c b/hw/i2c/smbus_eeprom.c
index 9e62c27a1a..e3e96d4a2d 100644
--- a/hw/i2c/smbus_eeprom.c
+++ b/hw/i2c/smbus_eeprom.c
@@ -151,19 +151,16 @@ static void smbus_eeprom_class_initfn(ObjectClass *klass, 
void *data)
 dc->user_creatable = false;
 }
 
-static const TypeInfo smbus_eeprom_info = {
-.name  = TYPE_SMBUS_EEPROM,
-.parent= TYPE_SMBUS_DEVICE,
-.instance_size = sizeof(SMBusEEPROMDevice),
-.class_init= smbus_eeprom_class_initfn,
+static const TypeInfo smbus_eeprom_types[] = {
+{
+.name  = TYPE_SMBUS_EEPROM,
+.parent= TYPE_SMBUS_DEVICE,
+.instance_size = sizeof(SMBusEEPROMDevice),
+.class_init= smbus_eeprom_class_initfn,
+},
 };
 
-static void smbus_eeprom_register_types(void)
-{
-type_register_static(&smbus_eeprom_info);
-}
-
-type_init(smbus_eeprom_register_types)
+DEFINE_TYPES(smbus_eeprom_types)
 
 void smbus_eeprom_init_one(I2CBus *smbus, uint8_t address, uint8_t *eeprom_buf)
 {
-- 
2.47.0

[PATCH v4 23/26] hw/rtc/ds1338: Prefer DEFINE_TYPES() macro

[Bernhard Beschow]

Signed-off-by: Bernhard Beschow 
---
 hw/rtc/ds1338.c | 20 
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/hw/rtc/ds1338.c b/hw/rtc/ds1338.c
index a5fe221418..13472c5670 100644
--- a/hw/rtc/ds1338.c
+++ b/hw/rtc/ds1338.c
@@ -14,7 +14,6 @@
 #include "hw/i2c/i2c.h"
 #include "migration/vmstate.h"
 #include "qemu/bcd.h"
-#include "qemu/module.h"
 #include "qom/object.h"
 #include "sysemu/rtc.h"
 
@@ -227,16 +226,13 @@ static void ds1338_class_init(ObjectClass *klass, void 
*data)
 dc->vmsd = &vmstate_ds1338;
 }
 
-static const TypeInfo ds1338_info = {
-.name  = TYPE_DS1338,
-.parent= TYPE_I2C_SLAVE,
-.instance_size = sizeof(DS1338State),
-.class_init= ds1338_class_init,
+static const TypeInfo ds1338_types[] = {
+{
+.name  = TYPE_DS1338,
+.parent= TYPE_I2C_SLAVE,
+.instance_size = sizeof(DS1338State),
+.class_init= ds1338_class_init,
+},
 };
 
-static void ds1338_register_types(void)
-{
-type_register_static(&ds1338_info);
-}
-
-type_init(ds1338_register_types)
+DEFINE_TYPES(ds1338_types)
-- 
2.47.0

[PATCH v4 25/26] hw/vfio/platform: Let vfio_start_eventfd_injection() take VFIOPlatformDevice pointer

[Bernhard Beschow]

Avoids one downcast, making the code more type-safe.

Reviewed-by: Cédric Le Goater 
Signed-off-by: Bernhard Beschow 
---
 hw/vfio/platform.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/hw/vfio/platform.c b/hw/vfio/platform.c
index a85c199c76..77bbfbf62c 100644
--- a/hw/vfio/platform.c
+++ b/hw/vfio/platform.c
@@ -318,13 +318,12 @@ static void vfio_platform_eoi(VFIODevice *vbasedev)
 /**
  * vfio_start_eventfd_injection - starts the virtual IRQ injection using
  * user-side handled eventfds
- * @sbdev: the sysbus device handle
+ * @vdev: the VFIO platform device handle
  * @irq: the qemu irq handle
  */
 
-static void vfio_start_eventfd_injection(SysBusDevice *sbdev, qemu_irq irq)
+static void vfio_start_eventfd_injection(VFIOPlatformDevice *vdev, qemu_irq 
irq)
 {
-VFIOPlatformDevice *vdev = VFIO_PLATFORM_DEVICE(sbdev);
 VFIOINTp *intp;
 
 QLIST_FOREACH(intp, &vdev->intp_list, next) {
@@ -417,7 +416,7 @@ fail_vfio:
 kvm_irqchip_remove_irqfd_notifier(kvm_state, intp->interrupt, irq);
 abort();
 fail_irqfd:
-vfio_start_eventfd_injection(sbdev, irq);
+vfio_start_eventfd_injection(vdev, irq);
 return;
 }
 
-- 
2.47.0

[PATCH v4 16/26] hw/net/fsl_etsec/etsec: Prefer DEFINE_TYPES() macro

[Bernhard Beschow]

Reviewed-by: Cédric Le Goater 
Signed-off-by: Bernhard Beschow 
---
 hw/net/fsl_etsec/etsec.c | 22 +-
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/hw/net/fsl_etsec/etsec.c b/hw/net/fsl_etsec/etsec.c
index 3fdd16ef2e..d8076e7be4 100644
--- a/hw/net/fsl_etsec/etsec.c
+++ b/hw/net/fsl_etsec/etsec.c
@@ -36,7 +36,6 @@
 #include "registers.h"
 #include "qapi/error.h"
 #include "qemu/log.h"
-#include "qemu/module.h"
 
 /* #define HEX_DUMP */
 /* #define DEBUG_REGISTER */
@@ -431,17 +430,14 @@ static void etsec_class_init(ObjectClass *klass, void 
*data)
 dc->user_creatable = true;
 }
 
-static const TypeInfo etsec_info = {
-.name  = TYPE_ETSEC_COMMON,
-.parent= TYPE_SYS_BUS_DEVICE,
-.instance_size = sizeof(eTSEC),
-.class_init= etsec_class_init,
-.instance_init = etsec_instance_init,
+static const TypeInfo etsec_types[] = {
+{
+.name  = TYPE_ETSEC_COMMON,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(eTSEC),
+.class_init= etsec_class_init,
+.instance_init = etsec_instance_init,
+},
 };
 
-static void etsec_register_types(void)
-{
-type_register_static(&etsec_info);
-}
-
-type_init(etsec_register_types)
+DEFINE_TYPES(etsec_types)
-- 
2.47.0

[PATCH v6 01/15] ui & main loop: Redesign of system-specific main thread event handling

[Phil Dennis-Jordan]

macOS's Cocoa event handling must be done on the initial (main) thread
of the process. Furthermore, if library or application code uses
libdispatch, the main dispatch queue must be handling events on the main
thread as well.

So far, this has affected Qemu in both the Cocoa and SDL UIs, although
in different ways: the Cocoa UI replaces the default qemu_main function
with one that spins Qemu's internal main event loop off onto a
background thread. SDL (which uses Cocoa internally) on the other hand
uses a polling approach within Qemu's main event loop. Events are
polled during the SDL UI's dpy_refresh callback, which happens to run
on the main thread by default.

As UIs are mutually exclusive, this works OK as long as nothing else
needs platform-native event handling. In the next patch, a new device is
introduced based on the ParavirtualizedGraphics.framework in macOS.
This uses libdispatch internally, and only works when events are being
handled on the main runloop. With the current system, it works when
using either the Cocoa or the SDL UI. However, it does not when running
headless. Moreover, any attempt to install a similar scheme to the
Cocoa UI's main thread replacement fails when combined with the SDL
UI.

This change tidies up main thread management to be more flexible.

 * The qemu_main global function pointer is a custom function for the
   main thread, and it may now be NULL. When it is, the main thread
   runs the main Qemu loop. This represents the traditional setup.
 * When non-null, spawning the main Qemu event loop on a separate
   thread is now done centrally rather than inside the Cocoa UI code.
 * For most platforms, qemu_main is indeed NULL by default, but on
   Darwin, it defaults to a function that runs the CFRunLoop.
 * The Cocoa UI sets qemu_main to a function which runs the
   NSApplication event handling runloop, as is usual for a Cocoa app.
 * The SDL UI overrides the qemu_main function to NULL, thus
   specifying that Qemu's main loop must run on the main
   thread.
 * For other UIs, or in the absence of UIs, the platform's default
   behaviour is followed.

This means that on macOS, the platform's runloop events are always
handled, regardless of chosen UI. The new PV graphics device will
thus work in all configurations. There is no functional change on other
operating systems.

Signed-off-by: Phil Dennis-Jordan 
---

v5:

 * Simplified the way of setting/clearing the main loop by going back
   to setting qemu_main directly, but narrowing the scope of what it
   needs to do, and it can now be NULL.

v6:

 * Folded function qemu_run_default_main_on_new_thread's code into
   main()
 * Removed whitespace changes left over on lines near code removed
   between v4 and v5

 include/qemu-main.h |  3 +--
 include/qemu/typedefs.h |  1 +
 system/main.c   | 50 ++
 ui/cocoa.m  | 54 ++---
 ui/sdl2.c   |  4 +++
 5 files changed, 64 insertions(+), 48 deletions(-)

diff --git a/include/qemu-main.h b/include/qemu-main.h
index 940960a7dbc..4bd0d667edc 100644
--- a/include/qemu-main.h
+++ b/include/qemu-main.h
@@ -5,7 +5,6 @@
 #ifndef QEMU_MAIN_H
 #define QEMU_MAIN_H
 
-int qemu_default_main(void);
-extern int (*qemu_main)(void);
+extern qemu_main_fn qemu_main;
 
 #endif /* QEMU_MAIN_H */
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index 3d84efcac47..b02cfe1f328 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -131,5 +131,6 @@ typedef struct IRQState *qemu_irq;
  * Function types
  */
 typedef void (*qemu_irq_handler)(void *opaque, int n, int level);
+typedef int (*qemu_main_fn)(void);
 
 #endif /* QEMU_TYPEDEFS_H */
diff --git a/system/main.c b/system/main.c
index 9b91d21ea8c..d9397a6d5d0 100644
--- a/system/main.c
+++ b/system/main.c
@@ -24,13 +24,14 @@
 
 #include "qemu/osdep.h"
 #include "qemu-main.h"
+#include "qemu/main-loop.h"
 #include "sysemu/sysemu.h"
 
-#ifdef CONFIG_SDL
-#include 
+#ifdef CONFIG_DARWIN
+#include 
 #endif
 
-int qemu_default_main(void)
+static int qemu_default_main(void)
 {
 int status;
 
@@ -40,10 +41,49 @@ int qemu_default_main(void)
 return status;
 }
 
-int (*qemu_main)(void) = qemu_default_main;
+/*
+ * Various macOS system libraries, including the Cocoa UI and anything using
+ * libdispatch, such as ParavirtualizedGraphics.framework, requires that the
+ * main runloop, on the main (initial) thread be running or at least regularly
+ * polled for events. A special mode is therefore supported, where the QEMU
+ * main loop runs on a separate thread and the main thread handles the
+ * CF/Cocoa runloop.
+ */
+
+static void *call_qemu_default_main(void *opaque)
+{
+int status;
+
+bql_lock();
+status = qemu_default_main();
+bql_unlock();
+
+exit(status);
+}
+
+#ifdef CONFIG_DARWIN
+static int os_darwin_cfrunloop_main(void)
+{
+CFRunLoopRun();
+abort();
+}
+
+qemu_main_fn qemu_main = os_darwin

[PATCH v6 14/15] hw/block/virtio-blk: Replaces request free function with g_free

[Phil Dennis-Jordan]

The virtio_blk_free_request() function has been a 1-liner forwarding
to g_free() for a while now. We may as well call g_free on the request
pointer directly.

Signed-off-by: Phil Dennis-Jordan 
Reviewed-by: Akihiko Odaki 
---
 hw/block/virtio-blk.c  | 43 +++---
 hw/vmapple/virtio-blk.c|  2 +-
 include/hw/virtio/virtio-blk.h |  1 -
 3 files changed, 20 insertions(+), 26 deletions(-)

diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 9e8337bb639..40d2c9bc591 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -50,11 +50,6 @@ static void virtio_blk_init_request(VirtIOBlock *s, 
VirtQueue *vq,
 req->mr_next = NULL;
 }
 
-void virtio_blk_free_request(VirtIOBlockReq *req)
-{
-g_free(req);
-}
-
 void virtio_blk_req_complete(VirtIOBlockReq *req, unsigned char status)
 {
 VirtIOBlock *s = req->dev;
@@ -93,7 +88,7 @@ static int virtio_blk_handle_rw_error(VirtIOBlockReq *req, 
int error,
 if (acct_failed) {
 block_acct_failed(blk_get_stats(s->blk), &req->acct);
 }
-virtio_blk_free_request(req);
+g_free(req);
 }
 
 blk_error_action(s->blk, action, is_read, error);
@@ -136,7 +131,7 @@ static void virtio_blk_rw_complete(void *opaque, int ret)
 
 virtio_blk_req_complete(req, VIRTIO_BLK_S_OK);
 block_acct_done(blk_get_stats(s->blk), &req->acct);
-virtio_blk_free_request(req);
+g_free(req);
 }
 }
 
@@ -151,7 +146,7 @@ static void virtio_blk_flush_complete(void *opaque, int ret)
 
 virtio_blk_req_complete(req, VIRTIO_BLK_S_OK);
 block_acct_done(blk_get_stats(s->blk), &req->acct);
-virtio_blk_free_request(req);
+g_free(req);
 }
 
 static void virtio_blk_discard_write_zeroes_complete(void *opaque, int ret)
@@ -169,7 +164,7 @@ static void virtio_blk_discard_write_zeroes_complete(void 
*opaque, int ret)
 if (is_write_zeroes) {
 block_acct_done(blk_get_stats(s->blk), &req->acct);
 }
-virtio_blk_free_request(req);
+g_free(req);
 }
 
 static VirtIOBlockReq *virtio_blk_get_request(VirtIOBlock *s, VirtQueue *vq)
@@ -214,7 +209,7 @@ static void virtio_blk_handle_scsi(VirtIOBlockReq *req)
 
 fail:
 virtio_blk_req_complete(req, status);
-virtio_blk_free_request(req);
+g_free(req);
 }
 
 static inline void submit_requests(VirtIOBlock *s, MultiReqBuffer *mrb,
@@ -612,7 +607,7 @@ static void virtio_blk_zone_report_complete(void *opaque, 
int ret)
 
 out:
 virtio_blk_req_complete(req, err_status);
-virtio_blk_free_request(req);
+g_free(req);
 g_free(data->zone_report_data.zones);
 g_free(data);
 }
@@ -661,7 +656,7 @@ static void virtio_blk_handle_zone_report(VirtIOBlockReq 
*req,
 return;
 out:
 virtio_blk_req_complete(req, err_status);
-virtio_blk_free_request(req);
+g_free(req);
 }
 
 static void virtio_blk_zone_mgmt_complete(void *opaque, int ret)
@@ -677,7 +672,7 @@ static void virtio_blk_zone_mgmt_complete(void *opaque, int 
ret)
 }
 
 virtio_blk_req_complete(req, err_status);
-virtio_blk_free_request(req);
+g_free(req);
 }
 
 static int virtio_blk_handle_zone_mgmt(VirtIOBlockReq *req, BlockZoneOp op)
@@ -719,7 +714,7 @@ static int virtio_blk_handle_zone_mgmt(VirtIOBlockReq *req, 
BlockZoneOp op)
 return 0;
 out:
 virtio_blk_req_complete(req, err_status);
-virtio_blk_free_request(req);
+g_free(req);
 return err_status;
 }
 
@@ -750,7 +745,7 @@ static void virtio_blk_zone_append_complete(void *opaque, 
int ret)
 
 out:
 virtio_blk_req_complete(req, err_status);
-virtio_blk_free_request(req);
+g_free(req);
 g_free(data);
 }
 
@@ -788,7 +783,7 @@ static int virtio_blk_handle_zone_append(VirtIOBlockReq 
*req,
 
 out:
 virtio_blk_req_complete(req, err_status);
-virtio_blk_free_request(req);
+g_free(req);
 return err_status;
 }
 
@@ -855,7 +850,7 @@ static int virtio_blk_handle_request(VirtIOBlockReq *req, 
MultiReqBuffer *mrb)
 virtio_blk_req_complete(req, VIRTIO_BLK_S_IOERR);
 block_acct_invalid(blk_get_stats(s->blk),
is_write ? BLOCK_ACCT_WRITE : BLOCK_ACCT_READ);
-virtio_blk_free_request(req);
+g_free(req);
 return 0;
 }
 
@@ -911,7 +906,7 @@ static int virtio_blk_handle_request(VirtIOBlockReq *req, 
MultiReqBuffer *mrb)
   VIRTIO_BLK_ID_BYTES));
 iov_from_buf(in_iov, in_num, 0, serial, size);
 virtio_blk_req_complete(req, VIRTIO_BLK_S_OK);
-virtio_blk_free_request(req);
+g_free(req);
 break;
 }
 case VIRTIO_BLK_T_ZONE_APPEND & ~VIRTIO_BLK_T_OUT:
@@ -943,7 +938,7 @@ static int virtio_blk_handle_request(VirtIOBlockReq *req, 
MultiReqBuffer *mrb)
 if (unlikely(!(type & VIRTIO_BLK_T_OUT) ||
  out_len > sizeof(dwz_hdr))) {
 virtio_blk_req_complete(req, VIRTIO_BLK_S_UNSUPP);
-virtio_blk_free_req

[PATCH v6 05/15] MAINTAINERS: Add myself as maintainer for apple-gfx, reviewer for HVF

[Phil Dennis-Jordan]

I'm happy to take responsibility for the macOS PV graphics code. As
HVF patches don't seem to get much attention at the moment, I'm also
adding myself as designated reviewer for HVF and x86 HVF to try and
improve that.

I anticipate that the resulting workload should be covered by the
funding I'm receiving for improving Qemu in combination with macOS. As
of right now this runs out at the end of 2024; I expect the workload on
apple-gfx should be relatively minor and manageable in my spare time
beyond that. I may have to remove myself from more general HVF duties
once the contract runs out if it's more than I can manage.

Signed-off-by: Phil Dennis-Jordan 
---
 MAINTAINERS | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 1e88b5738cb..fa8b8e858f8 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -505,6 +505,7 @@ F: target/arm/hvf/
 X86 HVF CPUs
 M: Cameron Esfahani 
 M: Roman Bolshakov 
+R: Phil Dennis-Jordan 
 W: https://wiki.qemu.org/Features/HVF
 S: Maintained
 F: target/i386/hvf/
@@ -512,6 +513,7 @@ F: target/i386/hvf/
 HVF
 M: Cameron Esfahani 
 M: Roman Bolshakov 
+R: Phil Dennis-Jordan 
 W: https://wiki.qemu.org/Features/HVF
 S: Maintained
 F: accel/hvf/
@@ -2587,6 +2589,11 @@ F: hw/display/edid*
 F: include/hw/display/edid.h
 F: qemu-edid.c
 
+macOS PV Graphics (apple-gfx)
+M: Phil Dennis-Jordan 
+S: Maintained
+F: hw/display/apple-gfx*
+
 PIIX4 South Bridge (i82371AB)
 M: Hervé Poussineau 
 M: Philippe Mathieu-Daudé 
-- 
2.39.3 (Apple Git-145)

[PATCH v6 11/15] hw/vmapple/bdif: Introduce vmapple backdoor interface

[Phil Dennis-Jordan]

From: Alexander Graf 

The VMApple machine exposes AUX and ROOT block devices (as well as USB OTG
emulation) via virtio-pci as well as a special, simple backdoor platform
device.

This patch implements this backdoor platform device to the best of my
understanding. I left out any USB OTG parts; they're only needed for
guest recovery and I don't understand the protocol yet.

Signed-off-by: Alexander Graf 
Signed-off-by: Phil Dennis-Jordan 
---

v4:

 * Moved most header code to .c, rest to vmapple.h
 * Better compliance with coding, naming, and formatting conventions.

 hw/vmapple/Kconfig   |   3 +
 hw/vmapple/bdif.c| 261 +++
 hw/vmapple/meson.build   |   1 +
 hw/vmapple/trace-events  |   5 +
 include/hw/vmapple/vmapple.h |   2 +
 5 files changed, 272 insertions(+)
 create mode 100644 hw/vmapple/bdif.c

diff --git a/hw/vmapple/Kconfig b/hw/vmapple/Kconfig
index a73504d5999..68f88876eb9 100644
--- a/hw/vmapple/Kconfig
+++ b/hw/vmapple/Kconfig
@@ -1,3 +1,6 @@
 config VMAPPLE_AES
 bool
 
+config VMAPPLE_BDIF
+bool
+
diff --git a/hw/vmapple/bdif.c b/hw/vmapple/bdif.c
new file mode 100644
index 000..7c7a277665a
--- /dev/null
+++ b/hw/vmapple/bdif.c
@@ -0,0 +1,261 @@
+/*
+ * VMApple Backdoor Interface
+ *
+ * Copyright © 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/units.h"
+#include "qemu/log.h"
+#include "qemu/module.h"
+#include "trace.h"
+#include "hw/vmapple/vmapple.h"
+#include "hw/sysbus.h"
+#include "hw/block/block.h"
+#include "qapi/error.h"
+#include "sysemu/block-backend.h"
+
+OBJECT_DECLARE_SIMPLE_TYPE(VMAppleBdifState, VMAPPLE_BDIF)
+
+struct VMAppleBdifState {
+SysBusDevice parent_obj;
+
+BlockBackend *aux;
+BlockBackend *root;
+MemoryRegion mmio;
+};
+
+#define VMAPPLE_BDIF_SIZE   0x0020
+
+#define REG_DEVID_MASK  0x
+#define DEVID_ROOT  0x
+#define DEVID_AUX   0x0001
+#define DEVID_USB   0x0010
+
+#define REG_STATUS  0x0
+#define REG_STATUS_ACTIVE BIT(0)
+#define REG_CFG 0x4
+#define REG_CFG_ACTIVEBIT(1)
+#define REG_UNK10x8
+#define REG_BUSY0x10
+#define REG_BUSY_READYBIT(0)
+#define REG_UNK20x400
+#define REG_CMD 0x408
+#define REG_NEXT_DEVICE 0x420
+#define REG_UNK30x434
+
+typedef struct VblkSector {
+uint32_t pad;
+uint32_t pad2;
+uint32_t sector;
+uint32_t pad3;
+} VblkSector;
+
+typedef struct VblkReqCmd {
+uint64_t addr;
+uint32_t len;
+uint32_t flags;
+} VblkReqCmd;
+
+typedef struct VblkReq {
+VblkReqCmd sector;
+VblkReqCmd data;
+VblkReqCmd retval;
+} VblkReq;
+
+#define VBLK_DATA_FLAGS_READ  0x00030001
+#define VBLK_DATA_FLAGS_WRITE 0x00010001
+
+#define VBLK_RET_SUCCESS  0
+#define VBLK_RET_FAILED   1
+
+static uint64_t bdif_read(void *opaque, hwaddr offset, unsigned size)
+{
+uint64_t ret = -1;
+uint64_t devid = offset & REG_DEVID_MASK;
+
+switch (offset & ~REG_DEVID_MASK) {
+case REG_STATUS:
+ret = REG_STATUS_ACTIVE;
+break;
+case REG_CFG:
+ret = REG_CFG_ACTIVE;
+break;
+case REG_UNK1:
+ret = 0x420;
+break;
+case REG_BUSY:
+ret = REG_BUSY_READY;
+break;
+case REG_UNK2:
+ret = 0x1;
+break;
+case REG_UNK3:
+ret = 0x0;
+break;
+case REG_NEXT_DEVICE:
+switch (devid) {
+case DEVID_ROOT:
+ret = 0x800;
+break;
+case DEVID_AUX:
+ret = 0x1;
+break;
+}
+break;
+}
+
+trace_bdif_read(offset, size, ret);
+return ret;
+}
+
+static void le2cpu_sector(VblkSector *sector)
+{
+sector->sector = le32_to_cpu(sector->sector);
+}
+
+static void le2cpu_reqcmd(VblkReqCmd *cmd)
+{
+cmd->addr = le64_to_cpu(cmd->addr);
+cmd->len = le32_to_cpu(cmd->len);
+cmd->flags = le32_to_cpu(cmd->flags);
+}
+
+static void le2cpu_req(VblkReq *req)
+{
+le2cpu_reqcmd(&req->sector);
+le2cpu_reqcmd(&req->data);
+le2cpu_reqcmd(&req->retval);
+}
+
+static void vblk_cmd(uint64_t devid, BlockBackend *blk, uint64_t value,
+ uint64_t static_off)
+{
+VblkReq req;
+VblkSector sector;
+uint64_t off = 0;
+char *buf = NULL;
+uint8_t ret = VBLK_RET_FAILED;
+int r;
+
+cpu_physical_memory_read(value, &req, sizeof(req));
+le2cpu_req(&req);
+
+if (req.sector.len != sizeof(sector)) {
+ret = VBLK_RET_FAILED;
+goto out;
+}
+
+/* Read the vblk command */
+cpu_physical_memory_read(req.sector.addr, §or, sizeof(sector));
+le2cpu_sector(§or);
+
+off = sector.secto

[PATCH v6 15/15] hw/vmapple/vmapple: Add vmapple machine type

[Phil Dennis-Jordan]

From: Alexander Graf 

Apple defines a new "vmapple" machine type as part of its proprietary
macOS Virtualization.Framework vmm. This machine type is similar to the
virt one, but with subtle differences in base devices, a few special
vmapple device additions and a vastly different boot chain.

This patch reimplements this machine type in QEMU. To use it, you
have to have a readily installed version of macOS for VMApple,
run on macOS with -accel hvf, pass the Virtualization.Framework
boot rom (AVPBooter) in via -bios, pass the aux and root volume as pflash
and pass aux and root volume as virtio drives. In addition, you also
need to find the machine UUID and pass that as -M vmapple,uuid= parameter:

$ qemu-system-aarch64 -accel hvf -M vmapple,uuid=0x1234 -m 4G \
-bios 
/System/Library/Frameworks/Virtualization.framework/Versions/A/Resources/AVPBooter.vmapple2.bin
-drive file=aux,if=pflash,format=raw \
-drive file=root,if=pflash,format=raw \
-drive file=aux,if=none,id=aux,format=raw \
-device vmapple-virtio-aux,drive=aux \
-drive file=root,if=none,id=root,format=raw \
-device vmapple-virtio-root,drive=root

With all these in place, you should be able to see macOS booting
successfully.

Known issues:
 - Keyboard and mouse/tablet input is laggy. The reason for this is
   either that macOS's XHCI driver is broken when the device/platform
   does not support MSI/MSI-X, or there's some unfortunate interplay
   with Qemu's XHCI implementation in this scenario.
 - Currently only macOS 12 guests are supported. The boot process for
   13+ will need further investigation and adjustment.

Signed-off-by: Alexander Graf 
Co-authored-by: Phil Dennis-Jordan 
Signed-off-by: Phil Dennis-Jordan 
---

v3:
 * Rebased on latest upstream, updated affinity and NIC creation
API usage
 * Included Apple-variant virtio-blk in build dependency
 * Updated API usage for setting 'redist-region-count' array-typed property on 
GIC.
 * Switched from virtio HID devices (for which macOS 12 does not contain
   drivers) to an XHCI USB controller and USB HID devices.

v4:
 * Fixups for v4 changes to the other patches in the set.
 * Corrected the assert macro to use
 * Removed superfluous endian conversions corresponding to cfg's.
 * Init error handling improvement.
 * No need to select CPU type on TCG, as only HVF is supported.
 * Machine type version bumped to 9.2
 * #include order improved

v5:
 * Fixed memory reservation for ecam alias region.
 * Better error handling setting properties on devices.
 * Simplified the machine ECID/UUID extraction script and actually created a
   file for it rather than quoting its code in documentation.

 MAINTAINERS |   1 +
 contrib/vmapple/uuid.sh |   9 +
 docs/system/arm/vmapple.rst |  60 
 docs/system/target-arm.rst  |   1 +
 hw/vmapple/Kconfig  |  20 ++
 hw/vmapple/meson.build  |   1 +
 hw/vmapple/vmapple.c| 659 
 7 files changed, 751 insertions(+)
 create mode 100755 contrib/vmapple/uuid.sh
 create mode 100644 docs/system/arm/vmapple.rst
 create mode 100644 hw/vmapple/vmapple.c

diff --git a/MAINTAINERS b/MAINTAINERS
index f26024c1835..402f4a12af4 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2746,6 +2746,7 @@ R: Phil Dennis-Jordan 
 S: Maintained
 F: hw/vmapple/*
 F: include/hw/vmapple/*
+F: docs/system/arm/vmapple.rst
 
 Subsystems
 --
diff --git a/contrib/vmapple/uuid.sh b/contrib/vmapple/uuid.sh
new file mode 100755
index 000..956e8c3afed
--- /dev/null
+++ b/contrib/vmapple/uuid.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+# Used for converting a guest provisioned using Virtualization.framework
+# for use with the QEMU 'vmapple' aarch64 machine type.
+#
+# Extracts the Machine UUID from Virtualization.framework VM JSON file.
+# (as produced by 'macosvm', passed as command line argument)
+
+plutil -extract machineId raw "$1" | base64 -d | plutil -extract ECID raw -
+
diff --git a/docs/system/arm/vmapple.rst b/docs/system/arm/vmapple.rst
new file mode 100644
index 000..6a634fa4572
--- /dev/null
+++ b/docs/system/arm/vmapple.rst
@@ -0,0 +1,60 @@
+VMApple machine emulation
+
+
+VMApple is the device model that the macOS built-in hypervisor called 
"Virtualization.framework"
+exposes to Apple Silicon macOS guests. The "vmapple" machine model in QEMU 
implements the same
+device model, but does not use any code from Virtualization.Framework.
+
+Prerequisites
+-
+
+To run the vmapple machine model, you need to
+
+ * Run on Apple Silicon
+ * Run on macOS 12.0 or above
+ * Have an already installed copy of a Virtualization.Framework macOS 12 
virtual machine. I will
+   assume that you installed it using the macosvm CLI.
+
+First, we need to extract the UUID from the virtual machine that you 
installed. You can do this
+by running the shell script in contrib/vmapple/uuid.sh on the macosvm.json 
fi

[PATCH v6 10/15] hw/vmapple/aes: Introduce aes engine

[Phil Dennis-Jordan]

From: Alexander Graf 

VMApple contains an "aes" engine device that it uses to encrypt and
decrypt its nvram. It has trivial hard coded keys it uses for that
purpose.

Add device emulation for this device model.

Signed-off-by: Alexander Graf 
Signed-off-by: Phil Dennis-Jordan 
---

v3:

 * Rebased on latest upstream and fixed minor breakages.
 * Replaced legacy device reset method with Resettable method

v4:

 * Improved logging of unimplemented functions and guest errors.
 * Better adherence to naming and coding conventions.
 * Cleaner error handling and recovery, including using g_autoptr

v5:

 * More logging improvements
 * Use xxx64_overflow() functions for hexdump buffer size calculations.

 hw/vmapple/Kconfig   |   2 +
 hw/vmapple/aes.c | 578 +++
 hw/vmapple/meson.build   |   1 +
 hw/vmapple/trace-events  |  14 +
 include/hw/vmapple/vmapple.h |  17 ++
 include/qemu/cutils.h|  15 +
 util/hexdump.c   |  18 ++
 7 files changed, 645 insertions(+)
 create mode 100644 hw/vmapple/aes.c
 create mode 100644 include/hw/vmapple/vmapple.h

diff --git a/hw/vmapple/Kconfig b/hw/vmapple/Kconfig
index 8b137891791..a73504d5999 100644
--- a/hw/vmapple/Kconfig
+++ b/hw/vmapple/Kconfig
@@ -1 +1,3 @@
+config VMAPPLE_AES
+bool
 
diff --git a/hw/vmapple/aes.c b/hw/vmapple/aes.c
new file mode 100644
index 000..2b4567b6a57
--- /dev/null
+++ b/hw/vmapple/aes.c
@@ -0,0 +1,578 @@
+/*
+ * QEMU Apple AES device emulation
+ *
+ * Copyright © 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "trace.h"
+#include "crypto/hash.h"
+#include "crypto/aes.h"
+#include "crypto/cipher.h"
+#include "hw/irq.h"
+#include "hw/sysbus.h"
+#include "hw/vmapple/vmapple.h"
+#include "migration/vmstate.h"
+#include "qemu/cutils.h"
+#include "qemu/log.h"
+#include "qemu/module.h"
+#include "sysemu/dma.h"
+
+OBJECT_DECLARE_SIMPLE_TYPE(AESState, APPLE_AES)
+
+#define MAX_FIFO_SIZE 9
+
+#define CMD_KEY   0x1
+#define CMD_KEY_CONTEXT_SHIFT27
+#define CMD_KEY_CONTEXT_MASK (0x1 << CMD_KEY_CONTEXT_SHIFT)
+#define CMD_KEY_SELECT_MAX_IDX   0x7
+#define CMD_KEY_SELECT_SHIFT 24
+#define CMD_KEY_SELECT_MASK  (CMD_KEY_SELECT_MAX_IDX << 
CMD_KEY_SELECT_SHIFT)
+#define CMD_KEY_KEY_LEN_NUM  4u
+#define CMD_KEY_KEY_LEN_SHIFT22
+#define CMD_KEY_KEY_LEN_MASK ((CMD_KEY_KEY_LEN_NUM - 1u) << 
CMD_KEY_KEY_LEN_SHIFT)
+#define CMD_KEY_ENCRYPT_SHIFT20
+#define CMD_KEY_ENCRYPT_MASK (0x1 << CMD_KEY_ENCRYPT_SHIFT)
+#define CMD_KEY_BLOCK_MODE_SHIFT 16
+#define CMD_KEY_BLOCK_MODE_MASK  (0x3 << CMD_KEY_BLOCK_MODE_SHIFT)
+#define CMD_IV0x2
+#define CMD_IV_CONTEXT_SHIFT 26
+#define CMD_IV_CONTEXT_MASK  (0x3 << CMD_KEY_CONTEXT_SHIFT)
+#define CMD_DSB   0x3
+#define CMD_SKG   0x4
+#define CMD_DATA  0x5
+#define CMD_DATA_KEY_CTX_SHIFT   27
+#define CMD_DATA_KEY_CTX_MASK(0x1 << CMD_DATA_KEY_CTX_SHIFT)
+#define CMD_DATA_IV_CTX_SHIFT25
+#define CMD_DATA_IV_CTX_MASK (0x3 << CMD_DATA_IV_CTX_SHIFT)
+#define CMD_DATA_LEN_MASK0xff
+#define CMD_STORE_IV  0x6
+#define CMD_STORE_IV_ADDR_MASK   0xff
+#define CMD_WRITE_REG 0x7
+#define CMD_FLAG  0x8
+#define CMD_FLAG_STOP_MASK   BIT(26)
+#define CMD_FLAG_RAISE_IRQ_MASK  BIT(27)
+#define CMD_FLAG_INFO_MASK   0xff
+#define CMD_MAX   0x10
+
+#define CMD_SHIFT 28
+
+#define REG_STATUS0xc
+#define REG_STATUS_DMA_READ_RUNNING BIT(0)
+#define REG_STATUS_DMA_READ_PENDING BIT(1)
+#define REG_STATUS_DMA_WRITE_RUNNINGBIT(2)
+#define REG_STATUS_DMA_WRITE_PENDINGBIT(3)
+#define REG_STATUS_BUSY BIT(4)
+#define REG_STATUS_EXECUTINGBIT(5)
+#define REG_STATUS_READYBIT(6)
+#define REG_STATUS_TEXT_DPA_SEEDED  BIT(7)
+#define REG_STATUS_UNWRAP_DPA_SEEDEDBIT(8)
+
+#define REG_IRQ_STATUS0x18
+#define REG_IRQ_STATUS_INVALID_CMD  BIT(2)
+#define REG_IRQ_STATUS_FLAG BIT(5)
+#define REG_IRQ_ENABLE0x1c
+#define REG_WATERMARK 0x20
+#define REG_Q_STATUS  0x24
+#define REG_FLAG_INFO 0x30
+#define REG_FIFO  0x200
+
+static const uint32_t key_lens[CMD_KEY_KEY_LEN_NUM] = {
+[0] = 16,
+[1] = 24,
+[2] = 32,
+[3] = 64,
+};
+
+typedef struct Key {
+uint32_t key_len;
+uint8_t key[32];
+} Key;
+
+typedef struct IV {
+uint32_t iv[4];
+} IV;
+
+static Key builtin_keys[CMD_KEY_SELECT_MAX_IDX + 1] = {
+[1] = {
+.key_len = 32,
+.key = { 0x1 },
+},
+[2] = {
+.key_len = 32,
+.key = { 0x2 },
+},
+[3] = {
+.key_len = 32,
+.key = { 0x3 },
+}
+};
+
+struct AESState {
+

Re: [PATCH v4 02/15] hw/display/apple-gfx: Introduce ParavirtualizedGraphics.Framework support

[Phil Dennis-Jordan]

On Thu, 31 Oct 2024 at 07:52, Akihiko Odaki 
wrote:

> On 2024/10/30 6:16, Phil Dennis-Jordan wrote:
> >
> >
> > On Tue, 29 Oct 2024 at 08:42, Akihiko Odaki  > > wrote:
> >
> > On 2024/10/29 6:06, Phil Dennis-Jordan wrote:
> >  >
> >  >
> >  > On Mon, 28 Oct 2024 at 17:06, Akihiko Odaki
> > mailto:akihiko.od...@daynix.com>
> >  >  > >> wrote:
> >  >
> >  > On 2024/10/28 23:13, Phil Dennis-Jordan wrote:
> >  >  >
> >  >  >
> >  >  > On Mon, 28 Oct 2024 at 15:02, Akihiko Odaki
> >  > mailto:akihiko.od...@daynix.com>
> > >
> >  >  >  > 
> >  >  >  >  >  >
> >  >  > On 2024/10/28 22:31, Phil Dennis-Jordan wrote:
> >  >  >  >
> >  >  >  >
> >  >  >  > On Mon, 28 Oct 2024 at 10:00, Phil Dennis-Jordan
> >  >  > mailto:p...@philjordan.eu>
> > >
> >  > 
> > >>
> >  >  >  >  >   > >
> >  > 
> >  wrote:
> >  >  >  >
> >  >  >  >
> >  >  >  >  >  >
> >  >  >  >  >  > Hmm. I think if we were to use
> > that, we
> >  > would
> >  >  > need to
> >  >  >  > create a new
> >  >  >  >  >  > QemuEvent for every job and
> > destroy it
> >  > afterward,
> >  >  >  > which seems
> >  >  >  >  > expensive.
> >  >  >  >  >  > We can't rule out multiple
> concurrent
> >  > jobs being
> >  >  >  > submitted, and the
> >  >  >  >  >  > QemuEvent system only supports a
> > single
> >  > producer as
> >  >  >  > far as I can
> >  >  >  >  > tell.
> >  >  >  >  >  >
> >  >  >  >  >  > You can probably sort of hack
> > around it with
> >  >  > just one
> >  >  >  > QemuEvent by
> >  >  >  >  >  > putting the qemu_event_wait into
> > a loop
> >  > and turning
> >  >  >  > the job.done
> >  >  >  >  > flag
> >  >  >  >  >  > into an atomic (because it would
> now
> >  > need to be
> >  >  >  > checked outside the
> >  >  >  >  >  > lock) but this all seems
> > unnecessarily
> >  > complicated
> >  >  >  > considering the
> >  >  >  >  >  > QemuEvent uses the same mechanism
> > QemuCond/
> >  >  > QemuMutex
> >  >  >  > internally
> >  >  >  >  > on macOS
> >  >  >  >  >  > (the only platform relevant
> > here), except we
> >  >  > can use it as
> >  >  >  >  > intended with
> >  >  >  >  >  > QemuCond/QemuMutex rather than
> > having to
> >  > work
> >  >  > against the
> >  >  >  >  > abstraction.
> >  >  >  >  >
> >  >  >  >  > I don't think it's going to be used
> >  > concurrently. It
> >  >  >  > would be difficult
> >  >  >  >  > to reason even for the framework if
> it
> >  > performs memory
> >  >  >  >  > unmapping/mapping/reading operations
> >  > concurrently.
> >  >  >  >  >
> >  >  >  >  >
> >  >  >  >  > I've just performed a very quick test by
> >  > wrapping the job
> >  >  >  > submission/
> >  >  >  >  > wait in the 2 mapMemory callbacks and
> the 1
> >  > readMemory
> >  >  >  > callback with
> >  >  >  >  > atomic counters and logging whenever a
> > counter went
> >  >  > above 1.
> >  >  >  >  >
> >  >  >  >  >   * Overall, concurrent callbacks across
> all
> >  > types 

[PATCH v6 06/15] hw: Add vmapple subdir

[Phil Dennis-Jordan]

From: Alexander Graf 

We will introduce a number of devices that are specific to the vmapple
target machine. To keep them all tidily together, let's put them into
a single target directory.

Signed-off-by: Alexander Graf 
Signed-off-by: Phil Dennis-Jordan 
Reviewed-by: Akihiko Odaki 
---
 MAINTAINERS | 7 +++
 hw/Kconfig  | 1 +
 hw/meson.build  | 1 +
 hw/vmapple/Kconfig  | 1 +
 hw/vmapple/meson.build  | 0
 hw/vmapple/trace-events | 2 ++
 hw/vmapple/trace.h  | 1 +
 meson.build | 1 +
 8 files changed, 14 insertions(+)
 create mode 100644 hw/vmapple/Kconfig
 create mode 100644 hw/vmapple/meson.build
 create mode 100644 hw/vmapple/trace-events
 create mode 100644 hw/vmapple/trace.h

diff --git a/MAINTAINERS b/MAINTAINERS
index fa8b8e858f8..f26024c1835 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2740,6 +2740,13 @@ F: hw/hyperv/hv-balloon*.h
 F: include/hw/hyperv/dynmem-proto.h
 F: include/hw/hyperv/hv-balloon.h
 
+VMapple
+M: Alexander Graf 
+R: Phil Dennis-Jordan 
+S: Maintained
+F: hw/vmapple/*
+F: include/hw/vmapple/*
+
 Subsystems
 --
 Overall Audio backends
diff --git a/hw/Kconfig b/hw/Kconfig
index 1b4e9bb07f7..2871784cfdc 100644
--- a/hw/Kconfig
+++ b/hw/Kconfig
@@ -41,6 +41,7 @@ source ufs/Kconfig
 source usb/Kconfig
 source virtio/Kconfig
 source vfio/Kconfig
+source vmapple/Kconfig
 source xen/Kconfig
 source watchdog/Kconfig
 
diff --git a/hw/meson.build b/hw/meson.build
index b827c82c5d7..9c4f6d0d636 100644
--- a/hw/meson.build
+++ b/hw/meson.build
@@ -39,6 +39,7 @@ subdir('ufs')
 subdir('usb')
 subdir('vfio')
 subdir('virtio')
+subdir('vmapple')
 subdir('watchdog')
 subdir('xen')
 subdir('xenpv')
diff --git a/hw/vmapple/Kconfig b/hw/vmapple/Kconfig
new file mode 100644
index 000..8b137891791
--- /dev/null
+++ b/hw/vmapple/Kconfig
@@ -0,0 +1 @@
+
diff --git a/hw/vmapple/meson.build b/hw/vmapple/meson.build
new file mode 100644
index 000..e69de29bb2d
diff --git a/hw/vmapple/trace-events b/hw/vmapple/trace-events
new file mode 100644
index 000..9ccc5790487
--- /dev/null
+++ b/hw/vmapple/trace-events
@@ -0,0 +1,2 @@
+# See docs/devel/tracing.rst for syntax documentation.
+
diff --git a/hw/vmapple/trace.h b/hw/vmapple/trace.h
new file mode 100644
index 000..572adbefe04
--- /dev/null
+++ b/hw/vmapple/trace.h
@@ -0,0 +1 @@
+#include "trace/trace-hw_vmapple.h"
diff --git a/meson.build b/meson.build
index d286b876d62..1b13ff24fd8 100644
--- a/meson.build
+++ b/meson.build
@@ -3490,6 +3490,7 @@ if have_system
 'hw/usb',
 'hw/vfio',
 'hw/virtio',
+'hw/vmapple',
 'hw/watchdog',
 'hw/xen',
 'hw/gpio',
-- 
2.39.3 (Apple Git-145)

[PATCH v6 09/15] gpex: Allow more than 4 legacy IRQs

[Phil Dennis-Jordan]

From: Alexander Graf 

Some boards such as vmapple don't do real legacy PCI IRQ swizzling.
Instead, they just keep allocating more board IRQ lines for each new
legacy IRQ. Let's support that mode by giving instantiators a new
"nr_irqs" property they can use to support more than 4 legacy IRQ lines.
In this mode, GPEX will export more IRQ lines, one for each device.

Signed-off-by: Alexander Graf 
Signed-off-by: Phil Dennis-Jordan 
Reviewed-by: Akihiko Odaki 
---

v4:

 * Turned pair of IRQ arrays into array of structs.
 * Simplified swizzling logic selection.

 hw/arm/sbsa-ref.c  |  2 +-
 hw/arm/virt.c  |  2 +-
 hw/i386/microvm.c  |  2 +-
 hw/loongarch/virt.c|  2 +-
 hw/mips/loongson3_virt.c   |  2 +-
 hw/openrisc/virt.c | 12 +--
 hw/pci-host/gpex.c | 43 ++
 hw/riscv/virt.c| 12 +--
 hw/xtensa/virt.c   |  2 +-
 include/hw/pci-host/gpex.h |  7 +++
 10 files changed, 55 insertions(+), 31 deletions(-)

diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
index e3195d54497..7e7322486c2 100644
--- a/hw/arm/sbsa-ref.c
+++ b/hw/arm/sbsa-ref.c
@@ -673,7 +673,7 @@ static void create_pcie(SBSAMachineState *sms)
 /* Map IO port space */
 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 2, base_pio);
 
-for (i = 0; i < GPEX_NUM_IRQS; i++) {
+for (i = 0; i < PCI_NUM_PINS; i++) {
 sysbus_connect_irq(SYS_BUS_DEVICE(dev), i,
qdev_get_gpio_in(sms->gic, irq + i));
 gpex_set_irq_num(GPEX_HOST(dev), i, irq + i);
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 1a381e9a2bd..8aa22ea3155 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1547,7 +1547,7 @@ static void create_pcie(VirtMachineState *vms)
 /* Map IO port space */
 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 2, base_pio);
 
-for (i = 0; i < GPEX_NUM_IRQS; i++) {
+for (i = 0; i < PCI_NUM_PINS; i++) {
 sysbus_connect_irq(SYS_BUS_DEVICE(dev), i,
qdev_get_gpio_in(vms->gic, irq + i));
 gpex_set_irq_num(GPEX_HOST(dev), i, irq + i);
diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c
index 693099f2256..b3a348bee09 100644
--- a/hw/i386/microvm.c
+++ b/hw/i386/microvm.c
@@ -139,7 +139,7 @@ static void create_gpex(MicrovmMachineState *mms)
 mms->gpex.mmio64.base, mmio64_alias);
 }
 
-for (i = 0; i < GPEX_NUM_IRQS; i++) {
+for (i = 0; i < PCI_NUM_PINS; i++) {
 sysbus_connect_irq(SYS_BUS_DEVICE(dev), i,
x86ms->gsi[mms->gpex.irq + i]);
 }
diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index 9a635d1d3d3..50056384994 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -741,7 +741,7 @@ static void virt_devices_init(DeviceState *pch_pic,
 memory_region_add_subregion(get_system_memory(), VIRT_PCI_IO_BASE,
 pio_alias);
 
-for (i = 0; i < GPEX_NUM_IRQS; i++) {
+for (i = 0; i < PCI_NUM_PINS; i++) {
 sysbus_connect_irq(d, i,
qdev_get_gpio_in(pch_pic, 16 + i));
 gpex_set_irq_num(GPEX_HOST(gpex_dev), i, 16 + i);
diff --git a/hw/mips/loongson3_virt.c b/hw/mips/loongson3_virt.c
index f3b6326cc59..884b5f23a99 100644
--- a/hw/mips/loongson3_virt.c
+++ b/hw/mips/loongson3_virt.c
@@ -458,7 +458,7 @@ static inline void loongson3_virt_devices_init(MachineState 
*machine,
 virt_memmap[VIRT_PCIE_PIO].base, s->pio_alias);
 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 2, virt_memmap[VIRT_PCIE_PIO].base);
 
-for (i = 0; i < GPEX_NUM_IRQS; i++) {
+for (i = 0; i < PCI_NUM_PINS; i++) {
 irq = qdev_get_gpio_in(pic, PCIE_IRQ_BASE + i);
 sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, irq);
 gpex_set_irq_num(GPEX_HOST(dev), i, PCIE_IRQ_BASE + i);
diff --git a/hw/openrisc/virt.c b/hw/openrisc/virt.c
index 47d2c9bd3c7..6f053bf48e0 100644
--- a/hw/openrisc/virt.c
+++ b/hw/openrisc/virt.c
@@ -318,7 +318,7 @@ static void create_pcie_irq_map(void *fdt, char *nodename, 
int irq_base,
 {
 int pin, dev;
 uint32_t irq_map_stride = 0;
-uint32_t full_irq_map[GPEX_NUM_IRQS * GPEX_NUM_IRQS * 6] = {};
+uint32_t full_irq_map[PCI_NUM_PINS * PCI_NUM_PINS * 6] = {};
 uint32_t *irq_map = full_irq_map;
 
 /*
@@ -330,11 +330,11 @@ static void create_pcie_irq_map(void *fdt, char 
*nodename, int irq_base,
  * possible slot) seeing the interrupt-map-mask will allow the table
  * to wrap to any number of devices.
  */
-for (dev = 0; dev < GPEX_NUM_IRQS; dev++) {
+for (dev = 0; dev < PCI_NUM_PINS; dev++) {
 int devfn = dev << 3;
 
-for (pin = 0; pin < GPEX_NUM_IRQS; pin++) {
-int irq_nr = irq_base + ((pin + PCI_SLOT(devfn)) % GPEX_NUM_IRQS);
+for (pin = 0; pin < PCI_NUM_PINS; pin++) {
+int irq_nr = irq_base + ((pin + PCI_SLOT(devfn)) % PCI_NUM_PINS);
 int i = 0;
 
 

[PATCH v6 07/15] hw/misc/pvpanic: Add MMIO interface

[Phil Dennis-Jordan]

From: Alexander Graf 

In addition to the ISA and PCI variants of pvpanic, let's add an MMIO
platform device that we can use in embedded arm environments.

Signed-off-by: Alexander Graf 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Phil Dennis-Jordan 
Reviewed-by: Akihiko Odaki 
---
v3:

 * Rebased on upstream, updated a header path
 hw/misc/Kconfig   |  4 +++
 hw/misc/meson.build   |  1 +
 hw/misc/pvpanic-mmio.c| 61 +++
 include/hw/misc/pvpanic.h |  1 +
 4 files changed, 67 insertions(+)
 create mode 100644 hw/misc/pvpanic-mmio.c

diff --git a/hw/misc/Kconfig b/hw/misc/Kconfig
index 1f1baa5dde9..5a6c1603b60 100644
--- a/hw/misc/Kconfig
+++ b/hw/misc/Kconfig
@@ -145,6 +145,10 @@ config PVPANIC_ISA
 depends on ISA_BUS
 select PVPANIC_COMMON
 
+config PVPANIC_MMIO
+bool
+select PVPANIC_COMMON
+
 config AUX
 bool
 select I2C
diff --git a/hw/misc/meson.build b/hw/misc/meson.build
index d02d96e403b..4de4db0a600 100644
--- a/hw/misc/meson.build
+++ b/hw/misc/meson.build
@@ -122,6 +122,7 @@ system_ss.add(when: 'CONFIG_ARMSSE_MHU', if_true: 
files('armsse-mhu.c'))
 
 system_ss.add(when: 'CONFIG_PVPANIC_ISA', if_true: files('pvpanic-isa.c'))
 system_ss.add(when: 'CONFIG_PVPANIC_PCI', if_true: files('pvpanic-pci.c'))
+system_ss.add(when: 'CONFIG_PVPANIC_MMIO', if_true: files('pvpanic-mmio.c'))
 system_ss.add(when: 'CONFIG_AUX', if_true: files('auxbus.c'))
 system_ss.add(when: 'CONFIG_ASPEED_SOC', if_true: files(
   'aspeed_hace.c',
diff --git a/hw/misc/pvpanic-mmio.c b/hw/misc/pvpanic-mmio.c
new file mode 100644
index 000..56738efee53
--- /dev/null
+++ b/hw/misc/pvpanic-mmio.c
@@ -0,0 +1,61 @@
+/*
+ * QEMU simulated pvpanic device (MMIO frontend)
+ *
+ * Copyright © 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+
+#include "hw/qdev-properties.h"
+#include "hw/misc/pvpanic.h"
+#include "hw/sysbus.h"
+#include "standard-headers/misc/pvpanic.h"
+
+OBJECT_DECLARE_SIMPLE_TYPE(PVPanicMMIOState, PVPANIC_MMIO_DEVICE)
+
+#define PVPANIC_MMIO_SIZE 0x2
+
+struct PVPanicMMIOState {
+SysBusDevice parent_obj;
+
+PVPanicState pvpanic;
+};
+
+static void pvpanic_mmio_initfn(Object *obj)
+{
+PVPanicMMIOState *s = PVPANIC_MMIO_DEVICE(obj);
+
+pvpanic_setup_io(&s->pvpanic, DEVICE(s), PVPANIC_MMIO_SIZE);
+sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->pvpanic.mr);
+}
+
+static Property pvpanic_mmio_properties[] = {
+DEFINE_PROP_UINT8("events", PVPanicMMIOState, pvpanic.events,
+  PVPANIC_PANICKED | PVPANIC_CRASH_LOADED),
+DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pvpanic_mmio_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+device_class_set_props(dc, pvpanic_mmio_properties);
+set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+}
+
+static const TypeInfo pvpanic_mmio_info = {
+.name  = TYPE_PVPANIC_MMIO_DEVICE,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(PVPanicMMIOState),
+.instance_init = pvpanic_mmio_initfn,
+.class_init= pvpanic_mmio_class_init,
+};
+
+static void pvpanic_register_types(void)
+{
+type_register_static(&pvpanic_mmio_info);
+}
+
+type_init(pvpanic_register_types)
diff --git a/include/hw/misc/pvpanic.h b/include/hw/misc/pvpanic.h
index 9a71a5ad0d7..049a94c1125 100644
--- a/include/hw/misc/pvpanic.h
+++ b/include/hw/misc/pvpanic.h
@@ -26,6 +26,7 @@
 
 #define TYPE_PVPANIC_ISA_DEVICE "pvpanic"
 #define TYPE_PVPANIC_PCI_DEVICE "pvpanic-pci"
+#define TYPE_PVPANIC_MMIO_DEVICE "pvpanic-mmio"
 
 #define PVPANIC_IOPORT_PROP "ioport"
 
-- 
2.39.3 (Apple Git-145)

Re: [PATCH v3 22/26] hw/i2c/smbus_eeprom: Prefer DEFINE_TYPES() macro

[Bernhard Beschow]

Am 3. November 2024 07:51:46 UTC schrieb Bernhard Beschow :
>
>
>Am 2. November 2024 17:24:25 UTC schrieb Corey Minyard :
>>On Sat, Nov 2, 2024 at 8:25 AM Bernhard Beschow  wrote:
>>>
>>> Reviewed-by: Cédric Le Goater 
>>> Signed-off-by: Bernhard Beschow 
>>> ---
>>>  hw/i2c/smbus_eeprom.c | 19 ---
>>>  1 file changed, 8 insertions(+), 11 deletions(-)
>>>
>>> diff --git a/hw/i2c/smbus_eeprom.c b/hw/i2c/smbus_eeprom.c
>>> index 9e62c27a1a..1d4d9704bf 100644
>>> --- a/hw/i2c/smbus_eeprom.c
>>> +++ b/hw/i2c/smbus_eeprom.c
>>> @@ -151,19 +151,16 @@ static void smbus_eeprom_class_initfn(ObjectClass 
>>> *klass, void *data)
>>>  dc->user_creatable = false;
>>>  }
>>>
>>> -static const TypeInfo smbus_eeprom_info = {
>>> -.name  = TYPE_SMBUS_EEPROM,
>>> -.parent= TYPE_SMBUS_DEVICE,
>>> -.instance_size = sizeof(SMBusEEPROMDevice),
>>> -.class_init= smbus_eeprom_class_initfn,
>>> +static const TypeInfo types[] = {
>>
>>This is better, but why did you change the name to "types".  The
>>previous name was fairly descriptive, though you might change "info"
>>to "types".
>
>I took inspiration from 
>https://lore.kernel.org/qemu-devel/20240215175752.82828-20-phi...@linaro.org . 
>I could preserve the old names (also in the other patches) by simply 
>converting to plural form. Here it would be: smbus_eeprom_infos. OK?

Well, the plural form of " info" is also "info". So I'll keep the names in the 
patches as they are in master, except when multiple types are defined where 
I'll draw inspiration from the file names.

Best regards,
Bernhard

>
>Best regards,
>Bernhard
>
>>
>>-corey
>>
>>> +{
>>> +.name  = TYPE_SMBUS_EEPROM,
>>> +.parent= TYPE_SMBUS_DEVICE,
>>> +.instance_size = sizeof(SMBusEEPROMDevice),
>>> +.class_init= smbus_eeprom_class_initfn,
>>> +},
>>>  };
>>>
>>> -static void smbus_eeprom_register_types(void)
>>> -{
>>> -type_register_static(&smbus_eeprom_info);
>>> -}
>>> -
>>> -type_init(smbus_eeprom_register_types)
>>> +DEFINE_TYPES(types)
>>>
>>>  void smbus_eeprom_init_one(I2CBus *smbus, uint8_t address, uint8_t 
>>> *eeprom_buf)
>>>  {
>>> --
>>> 2.47.0
>>>
>>>

[PATCH v4 21/26] hw/block/pflash_cfi01: Prefer DEFINE_TYPES() macro

[Bernhard Beschow]

Reviewed-by: Cédric Le Goater 
Reviewed-by: Kevin Wolf 
Signed-off-by: Bernhard Beschow 
---
 hw/block/pflash_cfi01.c | 21 -
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index 7b6ec64442..21a81b44f0 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -47,7 +47,6 @@
 #include "qemu/bitops.h"
 #include "qemu/host-utils.h"
 #include "qemu/log.h"
-#include "qemu/module.h"
 #include "qemu/option.h"
 #include "hw/sysbus.h"
 #include "migration/vmstate.h"
@@ -947,20 +946,16 @@ static void pflash_cfi01_class_init(ObjectClass *klass, 
void *data)
 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
 }
 
-
-static const TypeInfo pflash_cfi01_info = {
-.name   = TYPE_PFLASH_CFI01,
-.parent = TYPE_SYS_BUS_DEVICE,
-.instance_size  = sizeof(PFlashCFI01),
-.class_init = pflash_cfi01_class_init,
+static const TypeInfo pflash_cfi01_types[] = {
+{
+.name   = TYPE_PFLASH_CFI01,
+.parent = TYPE_SYS_BUS_DEVICE,
+.instance_size  = sizeof(PFlashCFI01),
+.class_init = pflash_cfi01_class_init,
+},
 };
 
-static void pflash_cfi01_register_types(void)
-{
-type_register_static(&pflash_cfi01_info);
-}
-
-type_init(pflash_cfi01_register_types)
+DEFINE_TYPES(pflash_cfi01_types)
 
 PFlashCFI01 *pflash_cfi01_register(hwaddr base,
const char *name,
-- 
2.47.0

Re: [PATCH v3 22/26] hw/i2c/smbus_eeprom: Prefer DEFINE_TYPES() macro

[Bernhard Beschow]

Am 3. November 2024 11:52:40 UTC schrieb Bernhard Beschow :
>
>
>Am 3. November 2024 07:51:46 UTC schrieb Bernhard Beschow :
>>
>>
>>Am 2. November 2024 17:24:25 UTC schrieb Corey Minyard :
>>>On Sat, Nov 2, 2024 at 8:25 AM Bernhard Beschow  wrote:

 Reviewed-by: Cédric Le Goater 
 Signed-off-by: Bernhard Beschow 
 ---
  hw/i2c/smbus_eeprom.c | 19 ---
  1 file changed, 8 insertions(+), 11 deletions(-)

 diff --git a/hw/i2c/smbus_eeprom.c b/hw/i2c/smbus_eeprom.c
 index 9e62c27a1a..1d4d9704bf 100644
 --- a/hw/i2c/smbus_eeprom.c
 +++ b/hw/i2c/smbus_eeprom.c
 @@ -151,19 +151,16 @@ static void smbus_eeprom_class_initfn(ObjectClass 
 *klass, void *data)
  dc->user_creatable = false;
  }

 -static const TypeInfo smbus_eeprom_info = {
 -.name  = TYPE_SMBUS_EEPROM,
 -.parent= TYPE_SMBUS_DEVICE,
 -.instance_size = sizeof(SMBusEEPROMDevice),
 -.class_init= smbus_eeprom_class_initfn,
 +static const TypeInfo types[] = {
>>>
>>>This is better, but why did you change the name to "types".  The
>>>previous name was fairly descriptive, though you might change "info"
>>>to "types".
>>
>>I took inspiration from 
>>https://lore.kernel.org/qemu-devel/20240215175752.82828-20-phi...@linaro.org 
>>. I could preserve the old names (also in the other patches) by simply 
>>converting to plural form. Here it would be: smbus_eeprom_infos. OK?
>
>Well, the plural form of " info" is also "info". So I'll keep the names in the 
>patches as they are in master, except when multiple types are defined where 
>I'll draw inspiration from the file names.

Checking other usages of DEFINE_TYPES(), the majority by far uses a "types" 
suffix while qom.rst suggests "info". Still, 2nd place is "infos" suffix. I'll 
go with "types" suffix then which makes hcd-ehci-sysbus consistent with 
hcd-ohci-sysbus.

Best regards,
Bernhard

>
>Best regards,
>Bernhard
>
>>
>>Best regards,
>>Bernhard
>>
>>>
>>>-corey
>>>
 +{
 +.name  = TYPE_SMBUS_EEPROM,
 +.parent= TYPE_SMBUS_DEVICE,
 +.instance_size = sizeof(SMBusEEPROMDevice),
 +.class_init= smbus_eeprom_class_initfn,
 +},
  };

 -static void smbus_eeprom_register_types(void)
 -{
 -type_register_static(&smbus_eeprom_info);
 -}
 -
 -type_init(smbus_eeprom_register_types)
 +DEFINE_TYPES(types)

  void smbus_eeprom_init_one(I2CBus *smbus, uint8_t address, uint8_t 
 *eeprom_buf)
  {
 --
 2.47.0

[PATCH v4 05/26] hw/ppc/e500: Add missing device tree properties to i2c controller node

[Bernhard Beschow]

When compiling a decompiled device tree blob created with dumpdtb, dtc complains
with:

  /soc@e000/i2c@3000: incorrect #address-cells for I2C bus
  /soc@e000/i2c@3000: incorrect #size-cells for I2C bus

Fix this by adding the missing device tree properties.

Reviewed-by: Cédric Le Goater 
Signed-off-by: Bernhard Beschow 
---
 hw/ppc/e500.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index ecaaab1558..a0c856568b 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -196,6 +196,8 @@ static void dt_i2c_create(void *fdt, const char *soc, const 
char *mpic,
 qemu_fdt_setprop_cells(fdt, i2c, "cell-index", 0);
 qemu_fdt_setprop_cells(fdt, i2c, "interrupts", irq0, 0x2);
 qemu_fdt_setprop_phandle(fdt, i2c, "interrupt-parent", mpic);
+qemu_fdt_setprop_cell(fdt, i2c, "#size-cells", 0);
+qemu_fdt_setprop_cell(fdt, i2c, "#address-cells", 1);
 qemu_fdt_setprop_string(fdt, "/aliases", alias, i2c);
 
 g_free(i2c);
-- 
2.47.0

[PATCH v4 26/26] MAINTAINERS: Add hw/gpio/gpio_pwr.c

[Bernhard Beschow]

The device is only used in the ARM virt machine and designed to be used on top
of pl061 for use cases such as ARM Trusted Firmware. Add it to the same section
as hw/gpio/pl061.c.

Signed-off-by: Bernhard Beschow 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index a8f39aeb6f..5dd35f87ff 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -651,6 +651,7 @@ F: hw/display/pl110*
 F: hw/dma/pl080.c
 F: include/hw/dma/pl080.h
 F: hw/dma/pl330.c
+F: hw/gpio/gpio_pwr.c
 F: hw/gpio/pl061.c
 F: hw/input/pl050.c
 F: include/hw/input/pl050.h
-- 
2.47.0

[PATCH v4 08/26] hw/ppc/e500: Extract ppce500_ccsr.c

[Bernhard Beschow]

The device model already has a header file, so extract its implementation into
an accompanying source file like other e500 devices. While at it rename the
header file to reflect the name of the structure defined there.

This commit is also a preparation for the next commit.

Signed-off-by: Bernhard Beschow 
---
 MAINTAINERS|  2 +-
 hw/ppc/{e500-ccsr.h => ppce500_ccsr.h} |  8 +++---
 hw/ppc/e500.c  | 21 ++--
 hw/ppc/ppce500_ccsr.c  | 34 ++
 hw/ppc/meson.build |  1 +
 5 files changed, 42 insertions(+), 24 deletions(-)
 rename hw/ppc/{e500-ccsr.h => ppce500_ccsr.h} (71%)
 create mode 100644 hw/ppc/ppce500_ccsr.c

diff --git a/MAINTAINERS b/MAINTAINERS
index 1e88b5738c..a8f39aeb6f 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1391,7 +1391,7 @@ M: Bernhard Beschow 
 L: qemu-...@nongnu.org
 S: Odd Fixes
 F: hw/ppc/e500*
-F: hw/ppc/ppce500_spin.c
+F: hw/ppc/ppce500_*
 F: hw/gpio/mpc8xxx.c
 F: hw/i2c/mpc_i2c.c
 F: hw/net/fsl_etsec/
diff --git a/hw/ppc/e500-ccsr.h b/hw/ppc/ppce500_ccsr.h
similarity index 71%
rename from hw/ppc/e500-ccsr.h
rename to hw/ppc/ppce500_ccsr.h
index 249c17be3b..36cbb811ca 100644
--- a/hw/ppc/e500-ccsr.h
+++ b/hw/ppc/ppce500_ccsr.h
@@ -1,13 +1,13 @@
-#ifndef E500_CCSR_H
-#define E500_CCSR_H
+#ifndef PPCE500_CCSR_H
+#define PPCE500_CCSR_H
 
 #include "hw/sysbus.h"
 #include "qom/object.h"
 
+#define MPC85XX_CCSRBAR_SIZE   0x0010ULL
+
 struct PPCE500CCSRState {
-/*< private >*/
 SysBusDevice parent;
-/*< public >*/
 
 MemoryRegion ccsr_space;
 };
diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index 2849fba524..f640195e62 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -20,7 +20,7 @@
 #include "qemu/guest-random.h"
 #include "qapi/error.h"
 #include "e500.h"
-#include "e500-ccsr.h"
+#include "ppce500_ccsr.h"
 #include "net/net.h"
 #include "qemu/config-file.h"
 #include "hw/block/flash.h"
@@ -59,7 +59,6 @@
 #define RAM_SIZES_ALIGN(64 * MiB)
 
 /* TODO: parameterize */
-#define MPC8544_CCSRBAR_SIZE   0x0010ULL
 #define MPC8544_MPIC_REGS_OFFSET   0x4ULL
 #define MPC8544_MSI_REGS_OFFSET   0x41600ULL
 #define MPC8544_SERIAL0_REGS_OFFSET 0x4500ULL
@@ -530,7 +529,7 @@ static int ppce500_load_device_tree(PPCE500MachineState 
*pms,
 qemu_fdt_setprop_cell(fdt, soc, "#size-cells", 1);
 qemu_fdt_setprop_cells(fdt, soc, "ranges", 0x0,
pmc->ccsrbar_base >> 32, pmc->ccsrbar_base,
-   MPC8544_CCSRBAR_SIZE);
+   MPC85XX_CCSRBAR_SIZE);
 /* XXX should contain a reasonable value */
 qemu_fdt_setprop_cell(fdt, soc, "bus-frequency", 0);
 
@@ -1256,21 +1255,6 @@ void ppce500_init(MachineState *machine)
 pms->boot_info.dt_size = dt_size;
 }
 
-static void e500_ccsr_initfn(Object *obj)
-{
-PPCE500CCSRState *ccsr = CCSR(obj);
-memory_region_init(&ccsr->ccsr_space, obj, "e500-ccsr",
-   MPC8544_CCSRBAR_SIZE);
-sysbus_init_mmio(SYS_BUS_DEVICE(ccsr), &ccsr->ccsr_space);
-}
-
-static const TypeInfo e500_ccsr_info = {
-.name  = TYPE_CCSR,
-.parent= TYPE_SYS_BUS_DEVICE,
-.instance_size = sizeof(PPCE500CCSRState),
-.instance_init = e500_ccsr_initfn,
-};
-
 static const TypeInfo ppce500_info = {
 .name  = TYPE_PPCE500_MACHINE,
 .parent= TYPE_MACHINE,
@@ -1281,7 +1265,6 @@ static const TypeInfo ppce500_info = {
 
 static void e500_register_types(void)
 {
-type_register_static(&e500_ccsr_info);
 type_register_static(&ppce500_info);
 }
 
diff --git a/hw/ppc/ppce500_ccsr.c b/hw/ppc/ppce500_ccsr.c
new file mode 100644
index 00..b1fb4090c0
--- /dev/null
+++ b/hw/ppc/ppce500_ccsr.c
@@ -0,0 +1,34 @@
+/*
+ * QEMU PowerPC E500 embedded processors CCSR space emulation
+ *
+ * Copyright (C) 2009 Freescale Semiconductor, Inc. All rights reserved.
+ *
+ * Author: Yu Liu, 
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of  the GNU General  Public License as published by
+ * the Free Software Foundation;  either version 2 of the  License, or
+ * (at your option) any later version.
+ */
+
+#include "qemu/osdep.h"
+#include "ppce500_ccsr.h"
+
+static void ppce500_ccsr_init(Object *obj)
+{
+PPCE500CCSRState *s = CCSR(obj);
+
+memory_region_init(&s->ccsr_space, obj, "e500-ccsr", MPC85XX_CCSRBAR_SIZE);
+sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->ccsr_space);
+}
+
+static const TypeInfo ppce500_ccsr_types[] = {
+{
+.name  = TYPE_CCSR,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(PPCE500CCSRState),
+.instance_init = ppce500_ccsr_init,
+},
+};
+
+DEFINE_TYPES(ppce500_ccsr_types)
diff --git a/hw/ppc/meson.build b/hw/ppc/meson.build
index 7cd9189869..43c746795a 100644
--- a/hw/ppc/meson.build
+++ b/hw/ppc/meson.build
@@ -81,6 +81,7 @@ ppc_ss.add(when: 'CONFIG_MPC8

[PATCH v4 02/26] hw/ppc/e500: Remove firstenv variable

[Bernhard Beschow]

The firstenv variable is never read, so remove it. The env variable is then only
used inside the loop, so move it there to restrict its scope.

Signed-off-by: Bernhard Beschow 
---
 hw/ppc/e500.c | 9 +
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index ba83f33033..0683629ac0 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -899,7 +899,6 @@ void ppce500_init(MachineState *machine)
 const PPCE500MachineClass *pmc = PPCE500_MACHINE_GET_CLASS(machine);
 MachineClass *mc = MACHINE_CLASS(pmc);
 PCIBus *pci_bus;
-CPUPPCState *env = NULL;
 uint64_t loadaddr;
 hwaddr kernel_base = -1LL;
 int kernel_size = 0;
@@ -921,7 +920,6 @@ void ppce500_init(MachineState *machine)
 IrqLines *irqs;
 DeviceState *dev, *mpicdev;
 DriveInfo *dinfo;
-CPUPPCState *firstenv = NULL;
 MemoryRegion *ccsr_addr_space;
 SysBusDevice *s;
 PPCE500CCSRState *ccsr;
@@ -930,6 +928,7 @@ void ppce500_init(MachineState *machine)
 irqs = g_new0(IrqLines, smp_cpus);
 for (i = 0; i < smp_cpus; i++) {
 PowerPCCPU *cpu;
+CPUPPCState *env;
 CPUState *cs;
 
 cpu = POWERPC_CPU(object_new(machine->cpu_type));
@@ -950,10 +949,6 @@ void ppce500_init(MachineState *machine)
  &error_abort);
 qdev_realize_and_unref(DEVICE(cs), NULL, &error_fatal);
 
-if (!firstenv) {
-firstenv = env;
-}
-
 irqs[i].irq[OPENPIC_OUTPUT_INT] =
 qdev_get_gpio_in(DEVICE(cpu), PPCE500_INPUT_INT);
 irqs[i].irq[OPENPIC_OUTPUT_CINT] =
@@ -974,8 +969,6 @@ void ppce500_init(MachineState *machine)
 }
 }
 
-env = firstenv;
-
 if (!QEMU_IS_ALIGNED(machine->ram_size, RAM_SIZES_ALIGN)) {
 error_report("RAM size must be multiple of %" PRIu64, RAM_SIZES_ALIGN);
 exit(EXIT_FAILURE);
-- 
2.47.0

[PATCH v4 24/26] hw/usb/hcd-ehci-sysbus: Prefer DEFINE_TYPES() macro

[Bernhard Beschow]

The naming of the TypeInfo array is inspired by hcd-ohci-sysbus.

Reviewed-by: Cédric Le Goater 
Signed-off-by: Bernhard Beschow 
---
 hw/usb/hcd-ehci-sysbus.c | 118 +--
 1 file changed, 50 insertions(+), 68 deletions(-)

diff --git a/hw/usb/hcd-ehci-sysbus.c b/hw/usb/hcd-ehci-sysbus.c
index 2b1652f7a8..eb7df93ac2 100644
--- a/hw/usb/hcd-ehci-sysbus.c
+++ b/hw/usb/hcd-ehci-sysbus.c
@@ -19,7 +19,6 @@
 #include "hw/qdev-properties.h"
 #include "hw/usb/hcd-ehci.h"
 #include "migration/vmstate.h"
-#include "qemu/module.h"
 
 static const VMStateDescription vmstate_ehci_sysbus = {
 .name= "ehci-sysbus",
@@ -97,17 +96,6 @@ static void ehci_sysbus_class_init(ObjectClass *klass, void 
*data)
 set_bit(DEVICE_CATEGORY_USB, dc->categories);
 }
 
-static const TypeInfo ehci_type_info = {
-.name  = TYPE_SYS_BUS_EHCI,
-.parent= TYPE_SYS_BUS_DEVICE,
-.instance_size = sizeof(EHCISysBusState),
-.instance_init = ehci_sysbus_init,
-.instance_finalize = ehci_sysbus_finalize,
-.abstract  = true,
-.class_init= ehci_sysbus_class_init,
-.class_size= sizeof(SysBusEHCIClass),
-};
-
 static void ehci_platform_class_init(ObjectClass *oc, void *data)
 {
 SysBusEHCIClass *sec = SYS_BUS_EHCI_CLASS(oc);
@@ -118,12 +106,6 @@ static void ehci_platform_class_init(ObjectClass *oc, void 
*data)
 set_bit(DEVICE_CATEGORY_USB, dc->categories);
 }
 
-static const TypeInfo ehci_platform_type_info = {
-.name  = TYPE_PLATFORM_EHCI,
-.parent= TYPE_SYS_BUS_EHCI,
-.class_init= ehci_platform_class_init,
-};
-
 static void ehci_exynos4210_class_init(ObjectClass *oc, void *data)
 {
 SysBusEHCIClass *sec = SYS_BUS_EHCI_CLASS(oc);
@@ -134,12 +116,6 @@ static void ehci_exynos4210_class_init(ObjectClass *oc, 
void *data)
 set_bit(DEVICE_CATEGORY_USB, dc->categories);
 }
 
-static const TypeInfo ehci_exynos4210_type_info = {
-.name  = TYPE_EXYNOS4210_EHCI,
-.parent= TYPE_SYS_BUS_EHCI,
-.class_init= ehci_exynos4210_class_init,
-};
-
 static void ehci_aw_h3_class_init(ObjectClass *oc, void *data)
 {
 SysBusEHCIClass *sec = SYS_BUS_EHCI_CLASS(oc);
@@ -150,12 +126,6 @@ static void ehci_aw_h3_class_init(ObjectClass *oc, void 
*data)
 set_bit(DEVICE_CATEGORY_USB, dc->categories);
 }
 
-static const TypeInfo ehci_aw_h3_type_info = {
-.name  = TYPE_AW_H3_EHCI,
-.parent= TYPE_SYS_BUS_EHCI,
-.class_init= ehci_aw_h3_class_init,
-};
-
 static void ehci_npcm7xx_class_init(ObjectClass *oc, void *data)
 {
 SysBusEHCIClass *sec = SYS_BUS_EHCI_CLASS(oc);
@@ -168,12 +138,6 @@ static void ehci_npcm7xx_class_init(ObjectClass *oc, void 
*data)
 set_bit(DEVICE_CATEGORY_USB, dc->categories);
 }
 
-static const TypeInfo ehci_npcm7xx_type_info = {
-.name  = TYPE_NPCM7XX_EHCI,
-.parent= TYPE_SYS_BUS_EHCI,
-.class_init= ehci_npcm7xx_class_init,
-};
-
 static void ehci_tegra2_class_init(ObjectClass *oc, void *data)
 {
 SysBusEHCIClass *sec = SYS_BUS_EHCI_CLASS(oc);
@@ -184,12 +148,6 @@ static void ehci_tegra2_class_init(ObjectClass *oc, void 
*data)
 set_bit(DEVICE_CATEGORY_USB, dc->categories);
 }
 
-static const TypeInfo ehci_tegra2_type_info = {
-.name  = TYPE_TEGRA2_EHCI,
-.parent= TYPE_SYS_BUS_EHCI,
-.class_init= ehci_tegra2_class_init,
-};
-
 static void ehci_ppc4xx_init(Object *o)
 {
 EHCISysBusState *s = SYS_BUS_EHCI(o);
@@ -207,13 +165,6 @@ static void ehci_ppc4xx_class_init(ObjectClass *oc, void 
*data)
 set_bit(DEVICE_CATEGORY_USB, dc->categories);
 }
 
-static const TypeInfo ehci_ppc4xx_type_info = {
-.name  = TYPE_PPC4xx_EHCI,
-.parent= TYPE_SYS_BUS_EHCI,
-.class_init= ehci_ppc4xx_class_init,
-.instance_init = ehci_ppc4xx_init,
-};
-
 /*
  * Faraday FUSBH200 USB 2.0 EHCI
  */
@@ -282,24 +233,55 @@ static void fusbh200_ehci_class_init(ObjectClass *oc, 
void *data)
 set_bit(DEVICE_CATEGORY_USB, dc->categories);
 }
 
-static const TypeInfo ehci_fusbh200_type_info = {
-.name  = TYPE_FUSBH200_EHCI,
-.parent= TYPE_SYS_BUS_EHCI,
-.instance_size = sizeof(FUSBH200EHCIState),
-.instance_init = fusbh200_ehci_init,
-.class_init= fusbh200_ehci_class_init,
+static const TypeInfo ehci_sysbus_types[] = {
+{
+.name  = TYPE_SYS_BUS_EHCI,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(EHCISysBusState),
+.instance_init = ehci_sysbus_init,
+.instance_finalize = ehci_sysbus_finalize,
+.abstract  = true,
+.class_init= ehci_sysbus_class_init,
+.class_size= sizeof(SysBusEHCIClass),
+},
+{
+.name  = TYPE_PLATFORM_EHCI,
+.parent= TYPE_SYS_BUS_EHCI,
+.class_init= ehci_platform_class_init,
+},
+{
+.name  = TYPE_EXYNOS4210_EHCI,
+

[PATCH v4 17/26] hw/gpio/mpc8xxx: Prefer DEFINE_TYPES() macro

[Bernhard Beschow]

Reviewed-by: Cédric Le Goater 
Signed-off-by: Bernhard Beschow 
---
 hw/gpio/mpc8xxx.c | 22 +-
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/hw/gpio/mpc8xxx.c b/hw/gpio/mpc8xxx.c
index 63b7a5c881..a3c1d2fbf4 100644
--- a/hw/gpio/mpc8xxx.c
+++ b/hw/gpio/mpc8xxx.c
@@ -23,7 +23,6 @@
 #include "hw/irq.h"
 #include "hw/sysbus.h"
 #include "migration/vmstate.h"
-#include "qemu/module.h"
 #include "qom/object.h"
 
 #define TYPE_MPC8XXX_GPIO "mpc8xxx_gpio"
@@ -208,17 +207,14 @@ static void mpc8xxx_gpio_class_init(ObjectClass *klass, 
void *data)
 device_class_set_legacy_reset(dc, mpc8xxx_gpio_reset);
 }
 
-static const TypeInfo mpc8xxx_gpio_info = {
-.name  = TYPE_MPC8XXX_GPIO,
-.parent= TYPE_SYS_BUS_DEVICE,
-.instance_size = sizeof(MPC8XXXGPIOState),
-.instance_init = mpc8xxx_gpio_initfn,
-.class_init= mpc8xxx_gpio_class_init,
+static const TypeInfo mpc8xxx_gpio_types[] = {
+{
+.name  = TYPE_MPC8XXX_GPIO,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(MPC8XXXGPIOState),
+.instance_init = mpc8xxx_gpio_initfn,
+.class_init= mpc8xxx_gpio_class_init,
+},
 };
 
-static void mpc8xxx_gpio_register_types(void)
-{
-type_register_static(&mpc8xxx_gpio_info);
-}
-
-type_init(mpc8xxx_gpio_register_types)
+DEFINE_TYPES(mpc8xxx_gpio_types)
-- 
2.47.0

[PATCH v4 11/26] hw/i2c/mpc_i2c: Convert DPRINTF to trace events for register access

[Bernhard Beschow]

Reviewed-by: Cédric Le Goater 
Acked-by: Corey Minyard 
Signed-off-by: Bernhard Beschow 
---
 hw/i2c/mpc_i2c.c| 9 +
 hw/i2c/trace-events | 5 +
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/hw/i2c/mpc_i2c.c b/hw/i2c/mpc_i2c.c
index 2467d1a9aa..3d79c15653 100644
--- a/hw/i2c/mpc_i2c.c
+++ b/hw/i2c/mpc_i2c.c
@@ -24,6 +24,7 @@
 #include "hw/sysbus.h"
 #include "migration/vmstate.h"
 #include "qom/object.h"
+#include "trace.h"
 
 /* #define DEBUG_I2C */
 
@@ -224,8 +225,8 @@ static uint64_t mpc_i2c_read(void *opaque, hwaddr addr, 
unsigned size)
 break;
 }
 
-DPRINTF("%s: addr " HWADDR_FMT_plx " %02" PRIx32 "\n", __func__,
- addr, value);
+trace_mpc_i2c_read(addr, value);
+
 return (uint64_t)value;
 }
 
@@ -234,8 +235,8 @@ static void mpc_i2c_write(void *opaque, hwaddr addr,
 {
 MPCI2CState *s = opaque;
 
-DPRINTF("%s: addr " HWADDR_FMT_plx " val %08" PRIx64 "\n", __func__,
- addr, value);
+trace_mpc_i2c_write(addr, value);
+
 switch (addr) {
 case MPC_I2C_ADR:
 s->adr = value & CADR_MASK;
diff --git a/hw/i2c/trace-events b/hw/i2c/trace-events
index 6900e06eda..f708a7ace1 100644
--- a/hw/i2c/trace-events
+++ b/hw/i2c/trace-events
@@ -35,6 +35,11 @@ aspeed_i2c_bus_write(uint32_t busid, uint64_t offset, 
unsigned size, uint64_t va
 aspeed_i2c_bus_send(const char *mode, int i, int count, uint8_t byte) "%s send 
%d/%d 0x%02x"
 aspeed_i2c_bus_recv(const char *mode, int i, int count, uint8_t byte) "%s recv 
%d/%d 0x%02x"
 
+# mpc_i2c.c
+
+mpc_i2c_read(uint64_t addr, uint32_t value) "[0x%" PRIx64 "] -> 0x%02" PRIx32
+mpc_i2c_write(uint64_t addr, uint32_t value) "[0x%" PRIx64 "] <- 0x%02" PRIx32
+
 # npcm7xx_smbus.c
 
 npcm7xx_smbus_read(const char *id, uint64_t offset, uint64_t value, unsigned 
size) "%s offset: 0x%04" PRIx64 " value: 0x%02" PRIx64 " size: %u"
-- 
2.47.0

[PATCH v4 20/26] hw/sd/sdhci: Prefer DEFINE_TYPES() macro

[Bernhard Beschow]

Reviewed-by: Cédric Le Goater 
Signed-off-by: Bernhard Beschow 
---
 hw/sd/sdhci.c | 62 +--
 1 file changed, 26 insertions(+), 36 deletions(-)

diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index ed01499391..dbe5c2340c 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -37,7 +37,6 @@
 #include "migration/vmstate.h"
 #include "sdhci-internal.h"
 #include "qemu/log.h"
-#include "qemu/module.h"
 #include "trace.h"
 #include "qom/object.h"
 
@@ -1598,15 +1597,6 @@ static void sdhci_sysbus_class_init(ObjectClass *klass, 
void *data)
 sdhci_common_class_init(klass, data);
 }
 
-static const TypeInfo sdhci_sysbus_info = {
-.name = TYPE_SYSBUS_SDHCI,
-.parent = TYPE_SYS_BUS_DEVICE,
-.instance_size = sizeof(SDHCIState),
-.instance_init = sdhci_sysbus_init,
-.instance_finalize = sdhci_sysbus_finalize,
-.class_init = sdhci_sysbus_class_init,
-};
-
 /* --- qdev bus master --- */
 
 static void sdhci_bus_class_init(ObjectClass *klass, void *data)
@@ -1617,13 +1607,6 @@ static void sdhci_bus_class_init(ObjectClass *klass, 
void *data)
 sbc->set_readonly = sdhci_set_readonly;
 }
 
-static const TypeInfo sdhci_bus_info = {
-.name = TYPE_SDHCI_BUS,
-.parent = TYPE_SD_BUS,
-.instance_size = sizeof(SDBus),
-.class_init = sdhci_bus_class_init,
-};
-
 /* --- qdev i.MX eSDHC --- */
 
 #define USDHC_MIX_CTRL  0x48
@@ -1882,12 +1865,6 @@ static void imx_usdhc_init(Object *obj)
 s->quirks = SDHCI_QUIRK_NO_BUSY_IRQ;
 }
 
-static const TypeInfo imx_usdhc_info = {
-.name = TYPE_IMX_USDHC,
-.parent = TYPE_SYSBUS_SDHCI,
-.instance_init = imx_usdhc_init,
-};
-
 /* --- qdev Samsung s3c --- */
 
 #define S3C_SDHCI_CONTROL2  0x80
@@ -1946,18 +1923,31 @@ static void sdhci_s3c_init(Object *obj)
 s->io_ops = &sdhci_s3c_mmio_ops;
 }
 
-static const TypeInfo sdhci_s3c_info = {
-.name = TYPE_S3C_SDHCI  ,
-.parent = TYPE_SYSBUS_SDHCI,
-.instance_init = sdhci_s3c_init,
+static const TypeInfo sdhci_types[] = {
+{
+.name = TYPE_SDHCI_BUS,
+.parent = TYPE_SD_BUS,
+.instance_size = sizeof(SDBus),
+.class_init = sdhci_bus_class_init,
+},
+{
+.name = TYPE_SYSBUS_SDHCI,
+.parent = TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(SDHCIState),
+.instance_init = sdhci_sysbus_init,
+.instance_finalize = sdhci_sysbus_finalize,
+.class_init = sdhci_sysbus_class_init,
+},
+{
+.name = TYPE_IMX_USDHC,
+.parent = TYPE_SYSBUS_SDHCI,
+.instance_init = imx_usdhc_init,
+},
+{
+.name = TYPE_S3C_SDHCI,
+.parent = TYPE_SYSBUS_SDHCI,
+.instance_init = sdhci_s3c_init,
+},
 };
 
-static void sdhci_register_types(void)
-{
-type_register_static(&sdhci_sysbus_info);
-type_register_static(&sdhci_bus_info);
-type_register_static(&imx_usdhc_info);
-type_register_static(&sdhci_s3c_info);
-}
-
-type_init(sdhci_register_types)
+DEFINE_TYPES(sdhci_types)
-- 
2.47.0

[PATCH v4 07/26] hw/ppc/e500: Use SysBusDevice API to access TYPE_CCSR's internal resources

[Bernhard Beschow]

Rather than accessing the attributes of TYPE_CCSR directly, use the SysBusDevice
API which exists exactly for that purpose. Furthermore, registering the memory
region with the SysBusDevice API makes it show up in QMP's `info qom-tree`
command.

Reviewed-by: BALATON Zoltan 
Signed-off-by: Bernhard Beschow 
---
 hw/pci-host/ppce500.c | 10 +-
 hw/ppc/e500.c |  8 
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/hw/pci-host/ppce500.c b/hw/pci-host/ppce500.c
index 95b983b2b3..97e5d47cec 100644
--- a/hw/pci-host/ppce500.c
+++ b/hw/pci-host/ppce500.c
@@ -16,7 +16,6 @@
 
 #include "qemu/osdep.h"
 #include "hw/irq.h"
-#include "hw/ppc/e500-ccsr.h"
 #include "hw/qdev-properties.h"
 #include "migration/vmstate.h"
 #include "hw/pci/pci_device.h"
@@ -419,11 +418,12 @@ static const VMStateDescription vmstate_ppce500_pci = {
 static void e500_pcihost_bridge_realize(PCIDevice *d, Error **errp)
 {
 PPCE500PCIBridgeState *b = PPC_E500_PCI_BRIDGE(d);
-PPCE500CCSRState *ccsr = CCSR(container_get(qdev_get_machine(),
-  "/e500-ccsr"));
+SysBusDevice *ccsr = SYS_BUS_DEVICE(container_get(qdev_get_machine(),
+  "/e500-ccsr"));
+MemoryRegion *ccsr_space = sysbus_mmio_get_region(ccsr, 0);
 
-memory_region_init_alias(&b->bar0, OBJECT(ccsr), "e500-pci-bar0", 
&ccsr->ccsr_space,
- 0, int128_get64(ccsr->ccsr_space.size));
+memory_region_init_alias(&b->bar0, OBJECT(ccsr), "e500-pci-bar0",
+ ccsr_space, 0, int128_get64(ccsr_space->size));
 pci_register_bar(d, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &b->bar0);
 }
 
diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index 5d75a090ee..2849fba524 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -915,7 +915,6 @@ void ppce500_init(MachineState *machine)
 DriveInfo *dinfo;
 MemoryRegion *ccsr_addr_space;
 SysBusDevice *s;
-PPCE500CCSRState *ccsr;
 I2CBus *i2c;
 
 irqs = g_new0(IrqLines, smp_cpus);
@@ -971,10 +970,10 @@ void ppce500_init(MachineState *machine)
 memory_region_add_subregion(address_space_mem, 0, machine->ram);
 
 dev = qdev_new("e500-ccsr");
+s = SYS_BUS_DEVICE(dev);
 object_property_add_child(OBJECT(machine), "e500-ccsr", OBJECT(dev));
-sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
-ccsr = CCSR(dev);
-ccsr_addr_space = &ccsr->ccsr_space;
+sysbus_realize_and_unref(s, &error_fatal);
+ccsr_addr_space = sysbus_mmio_get_region(s, 0);
 memory_region_add_subregion(address_space_mem, pmc->ccsrbar_base,
 ccsr_addr_space);
 
@@ -1262,6 +1261,7 @@ static void e500_ccsr_initfn(Object *obj)
 PPCE500CCSRState *ccsr = CCSR(obj);
 memory_region_init(&ccsr->ccsr_space, obj, "e500-ccsr",
MPC8544_CCSRBAR_SIZE);
+sysbus_init_mmio(SYS_BUS_DEVICE(ccsr), &ccsr->ccsr_space);
 }
 
 static const TypeInfo e500_ccsr_info = {
-- 
2.47.0

[PATCH v4 04/26] hw/ppc/e500: Remove unused "irqs" parameter

[Bernhard Beschow]

Reviewed-by: BALATON Zoltan 
Signed-off-by: Bernhard Beschow 
---
 hw/ppc/e500.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index 964a22c5b7..ecaaab1558 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -825,7 +825,7 @@ static DeviceState 
*ppce500_init_mpic_qemu(PPCE500MachineState *pms,
 }
 
 static DeviceState *ppce500_init_mpic_kvm(const PPCE500MachineClass *pmc,
-  IrqLines *irqs, Error **errp)
+  Error **errp)
 {
 #ifdef CONFIG_KVM
 DeviceState *dev;
@@ -865,7 +865,7 @@ static DeviceState *ppce500_init_mpic(PPCE500MachineState 
*pms,
 Error *err = NULL;
 
 if (kvm_kernel_irqchip_allowed()) {
-dev = ppce500_init_mpic_kvm(pmc, irqs, &err);
+dev = ppce500_init_mpic_kvm(pmc, &err);
 }
 if (kvm_kernel_irqchip_required() && !dev) {
 error_reportf_err(err,
-- 
2.47.0

[PATCH v4 10/26] hw/ppc/mpc8544_guts: Populate POR PLL ratio status register

[Bernhard Beschow]

Populate this read-only register with some arbitrary values which avoids
U-Boot's get_clocks() to hang().

Reviewed-by: BALATON Zoltan 
Signed-off-by: Bernhard Beschow 
---
 hw/ppc/mpc8544_guts.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/hw/ppc/mpc8544_guts.c b/hw/ppc/mpc8544_guts.c
index e3540b0281..c02b34ccde 100644
--- a/hw/ppc/mpc8544_guts.c
+++ b/hw/ppc/mpc8544_guts.c
@@ -29,6 +29,12 @@
 #define MPC8544_GUTS_RSTCR_RESET  0x02
 
 #define MPC8544_GUTS_ADDR_PORPLLSR0x00
+REG32(GUTS_PORPLLSR, 0x00)
+FIELD(GUTS_PORPLLSR, E500_1_RATIO, 24, 6)
+FIELD(GUTS_PORPLLSR, E500_0_RATIO, 16, 6)
+FIELD(GUTS_PORPLLSR, DDR_RATIO, 9, 5)
+FIELD(GUTS_PORPLLSR, PLAT_RATIO, 1, 5)
+
 #define MPC8544_GUTS_ADDR_PORBMSR 0x04
 #define MPC8544_GUTS_ADDR_PORIMPSCR   0x08
 #define MPC8544_GUTS_ADDR_PORDEVSR0x0C
@@ -75,6 +81,12 @@ static uint64_t mpc8544_guts_read(void *opaque, hwaddr addr,
 
 addr &= MPC8544_GUTS_MMIO_SIZE - 1;
 switch (addr) {
+case MPC8544_GUTS_ADDR_PORPLLSR:
+value = FIELD_DP32(value, GUTS_PORPLLSR, E500_1_RATIO, 6); /* 3:1 */
+value = FIELD_DP32(value, GUTS_PORPLLSR, E500_0_RATIO, 6); /* 3:1 */
+value = FIELD_DP32(value, GUTS_PORPLLSR, DDR_RATIO, 12); /* 12:1 */
+value = FIELD_DP32(value, GUTS_PORPLLSR, PLAT_RATIO, 6); /* 6:1 */
+break;
 case MPC8544_GUTS_ADDR_PVR:
 value = env->spr[SPR_PVR];
 break;
-- 
2.47.0

[PATCH v4 01/26] hw/ppc/e500: Do not leak struct boot_info

[Bernhard Beschow]

The struct is allocated once with g_new0() but never free()'d. Fix the leakage
by adding an attribute to struct PPCE500MachineState which avoids the
allocation.

While at it remove the obsolete /*< private >*/ markers.

Signed-off-by: Bernhard Beschow 
---
 hw/ppc/e500.h |  9 +++--
 hw/ppc/e500.c | 17 -
 2 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/hw/ppc/e500.h b/hw/ppc/e500.h
index 8c09ef92e4..4a1b42d44b 100644
--- a/hw/ppc/e500.h
+++ b/hw/ppc/e500.h
@@ -5,18 +5,23 @@
 #include "hw/platform-bus.h"
 #include "qom/object.h"
 
+struct boot_info {
+uint32_t dt_base;
+uint32_t dt_size;
+uint32_t entry;
+};
+
 struct PPCE500MachineState {
-/*< private >*/
 MachineState parent_obj;
 
 /* points to instance of TYPE_PLATFORM_BUS_DEVICE if
  * board supports dynamic sysbus devices
  */
 PlatformBusDevice *pbus_dev;
+struct boot_info boot_info;
 };
 
 struct PPCE500MachineClass {
-/*< private >*/
 MachineClass parent_class;
 
 /* required -- must at least add toplevel board compatible */
diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index b760c6d6a2..ba83f33033 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -80,13 +80,6 @@
 
 #define PLATFORM_CLK_FREQ_HZ   (400 * 1000 * 1000)
 
-struct boot_info
-{
-uint32_t dt_base;
-uint32_t dt_size;
-uint32_t entry;
-};
-
 static uint32_t *pci_map_create(void *fdt, uint32_t mpic, int first_slot,
 int nr_slots, int *len)
 {
@@ -919,7 +912,6 @@ void ppce500_init(MachineState *machine)
 bool kernel_as_payload;
 hwaddr bios_entry = 0;
 target_long payload_size;
-struct boot_info *boot_info = NULL;
 int dt_size;
 int i;
 unsigned int smp_cpus = machine->smp.cpus;
@@ -974,9 +966,8 @@ void ppce500_init(MachineState *machine)
 /* Register reset handler */
 if (!i) {
 /* Primary CPU */
-boot_info = g_new0(struct boot_info, 1);
 qemu_register_reset(ppce500_cpu_reset, cpu);
-env->load_info = boot_info;
+env->load_info = &pms->boot_info;
 } else {
 /* Secondary CPUs */
 qemu_register_reset(ppce500_cpu_reset_sec, cpu);
@@ -1274,9 +1265,9 @@ void ppce500_init(MachineState *machine)
 }
 assert(dt_size < DTB_MAX_SIZE);
 
-boot_info->entry = bios_entry;
-boot_info->dt_base = dt_base;
-boot_info->dt_size = dt_size;
+pms->boot_info.entry = bios_entry;
+pms->boot_info.dt_base = dt_base;
+pms->boot_info.dt_size = dt_size;
 }
 
 static void e500_ccsr_initfn(Object *obj)
-- 
2.47.0

[PATCH v4 09/26] hw/ppc/ppce500_ccsr: Trace access to CCSR region

[Bernhard Beschow]

The CCSR space is just a container which is meant to be covered by platform
device memory regions. However, QEMU only implements a subset of these devices.
Add some tracing to see which unimplemented devices a guest attempts to access.

Signed-off-by: Bernhard Beschow 
---
 hw/ppc/ppce500_ccsr.c | 25 -
 hw/ppc/trace-events   |  3 +++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/ppce500_ccsr.c b/hw/ppc/ppce500_ccsr.c
index b1fb4090c0..31efc7bee8 100644
--- a/hw/ppc/ppce500_ccsr.c
+++ b/hw/ppc/ppce500_ccsr.c
@@ -13,12 +13,35 @@
 
 #include "qemu/osdep.h"
 #include "ppce500_ccsr.h"
+#include "trace.h"
+
+static uint64_t ppce500_ccsr_io_read(void *opaque, hwaddr addr, unsigned size)
+{
+uint64_t value = 0;
+
+trace_ppce500_ccsr_io_read(addr, value, size);
+
+return value;
+}
+
+static void ppce500_ccsr_io_write(void *opaque, hwaddr addr, uint64_t value,
+  unsigned size)
+{
+trace_ppce500_ccsr_io_write(addr, value, size);
+}
+
+static const MemoryRegionOps ppce500_ccsr_ops = {
+.read = ppce500_ccsr_io_read,
+.write = ppce500_ccsr_io_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+};
 
 static void ppce500_ccsr_init(Object *obj)
 {
 PPCE500CCSRState *s = CCSR(obj);
 
-memory_region_init(&s->ccsr_space, obj, "e500-ccsr", MPC85XX_CCSRBAR_SIZE);
+memory_region_init_io(&s->ccsr_space, obj, &ppce500_ccsr_ops, obj,
+  "e500-ccsr", MPC85XX_CCSRBAR_SIZE);
 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->ccsr_space);
 }
 
diff --git a/hw/ppc/trace-events b/hw/ppc/trace-events
index 1f125ce841..ca4c231c9f 100644
--- a/hw/ppc/trace-events
+++ b/hw/ppc/trace-events
@@ -143,6 +143,9 @@ ppc_irq_cpu(const char *action) "%s"
 ppc_dcr_read(uint32_t addr, uint32_t val) "DRCN[0x%x] -> 0x%x"
 ppc_dcr_write(uint32_t addr, uint32_t val) "DRCN[0x%x] <- 0x%x"
 
+ppce500_ccsr_io_read(uint32_t index, uint32_t val, uint8_t size) "[0x%" PRIx32 
"] -> 0x%08x (size: 0x%" PRIu8 ")"
+ppce500_ccsr_io_write(uint32_t index, uint32_t val, uint8_t size) "[0x%" 
PRIx32 "] <- 0x%08x (size: 0x%" PRIu8 ")"
+
 # prep_systemio.c
 prep_systemio_read(uint32_t addr, uint32_t val) "read addr=0x%x val=0x%x"
 prep_systemio_write(uint32_t addr, uint32_t val) "write addr=0x%x val=0x%x"
-- 
2.47.0

[PATCH v4 03/26] hw/ppc/e500: Prefer QOM cast

[Bernhard Beschow]

Reviewed-by: BALATON Zoltan 
Signed-off-by: Bernhard Beschow 
---
 hw/ppc/e500.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index 0683629ac0..964a22c5b7 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -1008,7 +1008,7 @@ void ppce500_init(MachineState *machine)
 sysbus_connect_irq(s, 0, qdev_get_gpio_in(mpicdev, MPC8544_I2C_IRQ));
 memory_region_add_subregion(ccsr_addr_space, MPC8544_I2C_REGS_OFFSET,
 sysbus_mmio_get_region(s, 0));
-i2c = (I2CBus *)qdev_get_child_bus(dev, "i2c");
+i2c = I2C_BUS(qdev_get_child_bus(dev, "i2c"));
 i2c_slave_create_simple(i2c, "ds1338", RTC_REGS_OFFSET);
 
 /* eSDHC */
@@ -1057,7 +1057,7 @@ void ppce500_init(MachineState *machine)
 memory_region_add_subregion(ccsr_addr_space, MPC8544_PCI_REGS_OFFSET,
 sysbus_mmio_get_region(s, 0));
 
-pci_bus = (PCIBus *)qdev_get_child_bus(dev, "pci.0");
+pci_bus = PCI_BUS(qdev_get_child_bus(dev, "pci.0"));
 if (!pci_bus)
 printf("couldn't create PCI controller!\n");
 
-- 
2.47.0

[PATCH v4 13/26] hw/pci-host/ppce500: Reuse TYPE_PPC_E500_PCI_BRIDGE define

[Bernhard Beschow]

Prefer a macro rather than a string literal when instantiaging device models.

Reviewed-by: BALATON Zoltan 
Signed-off-by: Bernhard Beschow 
---
 hw/pci-host/ppce500.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/pci-host/ppce500.c b/hw/pci-host/ppce500.c
index 97e5d47cec..d7ff2ba778 100644
--- a/hw/pci-host/ppce500.c
+++ b/hw/pci-host/ppce500.c
@@ -475,7 +475,7 @@ static void e500_pcihost_realize(DeviceState *dev, Error 
**errp)
 address_space_init(&s->bm_as, &s->bm, "pci-bm");
 pci_setup_iommu(b, &ppce500_iommu_ops, s);
 
-pci_create_simple(b, 0, "e500-host-bridge");
+pci_create_simple(b, 0, TYPE_PPC_E500_PCI_BRIDGE);
 
 memory_region_init(&s->container, OBJECT(h), "pci-container", 
PCIE500_ALL_SIZE);
 memory_region_init_io(&h->conf_mem, OBJECT(h), &pci_host_conf_be_ops, h,
-- 
2.47.0

[PATCH v4 00/26] E500 Cleanup

[Bernhard Beschow]

This series is part of a bigger series exploring data-driven machine creation
using device tree blobs on top of the e500 machines [1]. It contains patches to
make this exploration easier which are also expected to provide value in
themselves.

The cleanup starts with the e500 machine class itself, then proceeds with
machine-specific device models and concludes with more or less loosely related
devices. Device cleanup mostly consists of using the DEFINE_TYPES() macro.

Patches still missing R-b tags: 1,2,6,8,9,15,23,26

v4:
* Pick up R-b tags (thanks, Corey!)
* Keep descriptive names for TypeInfo arrays (Corey)

v3:
* Pick up R-B tags (Kevin, Zoltan -- thanks!)
* Rely on trace events only and drop unimp logging in CCSR space after
  discussion
* Merge https://patchew.org/QEMU/20241005100228.28094-1-shen...@gmail.com/ since
  ARM now mostly unaffected
* Add patch to reuse MII constants in etsec device

Testing done:
* Build qemu_ppc64_e5500_defconfig in Buildroot, run it in the ppce500 machine
  and issue the `poweroff` command. Observe that QEMU is shut down cleanly.

v2:
* Add R-b tags (Cedric, Zoltan -- thanks!)
* Add missing S-o-b tag to ds1338 patch (Cedric)
* Populate POR PLL ratio status register with real-world values (Zoltan)
* Rephrase one commit message (Zoltan)
* Also rename header of ppce500_ccsr to match struct name
* Don't mention ppc440_bamboo in license since unrelated (Zoltan)
* Various style changes (Zoltan)

Supersedes: 20241005100228.28094-1-shen...@gmail.com

Bernhard Beschow (26):
  hw/ppc/e500: Do not leak struct boot_info
  hw/ppc/e500: Remove firstenv variable
  hw/ppc/e500: Prefer QOM cast
  hw/ppc/e500: Remove unused "irqs" parameter
  hw/ppc/e500: Add missing device tree properties to i2c controller node
  hw/ppc/e500: Reuse TYPE_GPIO_PWR
  hw/ppc/e500: Use SysBusDevice API to access TYPE_CCSR's internal
resources
  hw/ppc/e500: Extract ppce500_ccsr.c
  hw/ppc/ppce500_ccsr: Trace access to CCSR region
  hw/ppc/mpc8544_guts: Populate POR PLL ratio status register
  hw/i2c/mpc_i2c: Convert DPRINTF to trace events for register access
  hw/i2c/mpc_i2c: Prefer DEFINE_TYPES() macro
  hw/pci-host/ppce500: Reuse TYPE_PPC_E500_PCI_BRIDGE define
  hw/pci-host/ppce500: Prefer DEFINE_TYPES() macro
  hw/net/fsl_etsec/miim: Reuse MII constants
  hw/net/fsl_etsec/etsec: Prefer DEFINE_TYPES() macro
  hw/gpio/mpc8xxx: Prefer DEFINE_TYPES() macro
  hw/ppc/mpc8544_guts: Prefer DEFINE_TYPES() macro
  hw/intc: Guard openpic_kvm.c by dedicated OPENPIC_KVM Kconfig switch
  hw/sd/sdhci: Prefer DEFINE_TYPES() macro
  hw/block/pflash_cfi01: Prefer DEFINE_TYPES() macro
  hw/i2c/smbus_eeprom: Prefer DEFINE_TYPES() macro
  hw/rtc/ds1338: Prefer DEFINE_TYPES() macro
  hw/usb/hcd-ehci-sysbus: Prefer DEFINE_TYPES() macro
  hw/vfio/platform: Let vfio_start_eventfd_injection() take
VFIOPlatformDevice pointer
  MAINTAINERS: Add hw/gpio/gpio_pwr.c

 MAINTAINERS|   3 +-
 hw/ppc/e500.h  |   9 +-
 hw/ppc/{e500-ccsr.h => ppce500_ccsr.h} |   8 +-
 hw/block/pflash_cfi01.c|  21 ++---
 hw/gpio/mpc8xxx.c  |  22 ++---
 hw/i2c/mpc_i2c.c   |  29 +++---
 hw/i2c/smbus_eeprom.c  |  19 ++--
 hw/net/fsl_etsec/etsec.c   |  22 ++---
 hw/net/fsl_etsec/miim.c|  19 ++--
 hw/pci-host/ppce500.c  |  54 +--
 hw/ppc/e500.c  |  81 +
 hw/ppc/mpc8544_guts.c  |  32 ---
 hw/ppc/ppce500_ccsr.c  |  57 
 hw/rtc/ds1338.c|  20 ++---
 hw/sd/sdhci.c  |  62 ++---
 hw/usb/hcd-ehci-sysbus.c   | 118 +++--
 hw/vfio/platform.c |   7 +-
 hw/i2c/trace-events|   5 ++
 hw/intc/Kconfig|   4 +
 hw/intc/meson.build|   3 +-
 hw/ppc/Kconfig |   1 +
 hw/ppc/meson.build |   1 +
 hw/ppc/trace-events|   3 +
 23 files changed, 290 insertions(+), 310 deletions(-)
 rename hw/ppc/{e500-ccsr.h => ppce500_ccsr.h} (71%)
 create mode 100644 hw/ppc/ppce500_ccsr.c

-- 
2.47.0

[PATCH v4 19/26] hw/intc: Guard openpic_kvm.c by dedicated OPENPIC_KVM Kconfig switch

[Bernhard Beschow]

Allows to clearly mark code sections relying on this device type.

Reviewed-by: Cédric Le Goater 
Signed-off-by: Bernhard Beschow 
---
 hw/ppc/e500.c   | 2 +-
 hw/intc/Kconfig | 4 
 hw/intc/meson.build | 3 +--
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index f640195e62..f12329feda 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -826,7 +826,7 @@ static DeviceState 
*ppce500_init_mpic_qemu(PPCE500MachineState *pms,
 static DeviceState *ppce500_init_mpic_kvm(const PPCE500MachineClass *pmc,
   Error **errp)
 {
-#ifdef CONFIG_KVM
+#ifdef CONFIG_OPENPIC_KVM
 DeviceState *dev;
 CPUState *cs;
 
diff --git a/hw/intc/Kconfig b/hw/intc/Kconfig
index dd405bdb5d..a3df98ae59 100644
--- a/hw/intc/Kconfig
+++ b/hw/intc/Kconfig
@@ -16,6 +16,10 @@ config OPENPIC
 bool
 select MSI_NONBROKEN
 
+config OPENPIC_KVM
+bool
+depends on OPENPIC && KVM
+
 config APIC
 bool
 select MSI_NONBROKEN
diff --git a/hw/intc/meson.build b/hw/intc/meson.build
index 6bfdc4eb33..b9de6bf5c6 100644
--- a/hw/intc/meson.build
+++ b/hw/intc/meson.build
@@ -48,8 +48,7 @@ specific_ss.add(when: 'CONFIG_IOAPIC', if_true: 
files('ioapic.c'))
 specific_ss.add(when: 'CONFIG_LOONGSON_LIOINTC', if_true: 
files('loongson_liointc.c'))
 specific_ss.add(when: 'CONFIG_MIPS_CPS', if_true: files('mips_gic.c'))
 specific_ss.add(when: 'CONFIG_OMPIC', if_true: files('ompic.c'))
-specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_OPENPIC'],
-   if_true: files('openpic_kvm.c'))
+specific_ss.add(when: 'CONFIG_OPENPIC_KVM', if_true: files('openpic_kvm.c'))
 specific_ss.add(when: 'CONFIG_POWERNV', if_true: files('xics_pnv.c', 
'pnv_xive.c', 'pnv_xive2.c'))
 specific_ss.add(when: 'CONFIG_PPC_UIC', if_true: files('ppc-uic.c'))
 specific_ss.add(when: 'CONFIG_RX_ICU', if_true: files('rx_icu.c'))
-- 
2.47.0

[PATCH v4 15/26] hw/net/fsl_etsec/miim: Reuse MII constants

[Bernhard Beschow]

Instead of defining redundant constants and using magic numbers reuse the
existing MII constants.

Signed-off-by: Bernhard Beschow 
cc: Akihiko Odaki 
---
 hw/net/fsl_etsec/miim.c | 19 ++-
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/hw/net/fsl_etsec/miim.c b/hw/net/fsl_etsec/miim.c
index b48d2cb57b..4e9169907a 100644
--- a/hw/net/fsl_etsec/miim.c
+++ b/hw/net/fsl_etsec/miim.c
@@ -29,13 +29,6 @@
 
 /* #define DEBUG_MIIM */
 
-#define MIIM_CONTROL0
-#define MIIM_STATUS 1
-#define MIIM_PHY_ID_1   2
-#define MIIM_PHY_ID_2   3
-#define MIIM_T2_STATUS  10
-#define MIIM_EXT_STATUS 15
-
 static void miim_read_cycle(eTSEC *etsec)
 {
 uint8_t  phy;
@@ -47,14 +40,14 @@ static void miim_read_cycle(eTSEC *etsec)
 addr = etsec->regs[MIIMADD].value & 0x1F;
 
 switch (addr) {
-case MIIM_CONTROL:
+case MII_BMCR:
 value = etsec->phy_control;
 break;
-case MIIM_STATUS:
+case MII_BMSR:
 value = etsec->phy_status;
 break;
-case MIIM_T2_STATUS:
-value = 0x1800;   /* Local and remote receivers OK */
+case MII_STAT1000:
+value = MII_STAT1000_LOK | MII_STAT1000_ROK;
 break;
 default:
 value = 0x0;
@@ -84,8 +77,8 @@ static void miim_write_cycle(eTSEC *etsec)
 #endif
 
 switch (addr) {
-case MIIM_CONTROL:
-etsec->phy_control = value & ~(0x8100);
+case MII_BMCR:
+etsec->phy_control = value & ~(MII_BMCR_RESET | MII_BMCR_FD);
 break;
 default:
 break;
-- 
2.47.0

[PATCH v4 12/26] hw/i2c/mpc_i2c: Prefer DEFINE_TYPES() macro

[Bernhard Beschow]

Reviewed-by: Cédric Le Goater 
Signed-off-by: Bernhard Beschow 
---
 hw/i2c/mpc_i2c.c | 20 
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/hw/i2c/mpc_i2c.c b/hw/i2c/mpc_i2c.c
index 3d79c15653..913d044ac1 100644
--- a/hw/i2c/mpc_i2c.c
+++ b/hw/i2c/mpc_i2c.c
@@ -20,7 +20,6 @@
 #include "qemu/osdep.h"
 #include "hw/i2c/i2c.h"
 #include "hw/irq.h"
-#include "qemu/module.h"
 #include "hw/sysbus.h"
 #include "migration/vmstate.h"
 #include "qom/object.h"
@@ -345,16 +344,13 @@ static void mpc_i2c_class_init(ObjectClass *klass, void 
*data)
 dc->desc = "MPC I2C Controller";
 }
 
-static const TypeInfo mpc_i2c_type_info = {
-.name  = TYPE_MPC_I2C,
-.parent= TYPE_SYS_BUS_DEVICE,
-.instance_size = sizeof(MPCI2CState),
-.class_init= mpc_i2c_class_init,
+static const TypeInfo mpc_i2c_types[] = {
+{
+.name  = TYPE_MPC_I2C,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(MPCI2CState),
+.class_init= mpc_i2c_class_init,
+},
 };
 
-static void mpc_i2c_register_types(void)
-{
-type_register_static(&mpc_i2c_type_info);
-}
-
-type_init(mpc_i2c_register_types)
+DEFINE_TYPES(mpc_i2c_types)
-- 
2.47.0

[PATCH v4 14/26] hw/pci-host/ppce500: Prefer DEFINE_TYPES() macro

[Bernhard Beschow]

Reviewed-by: Cédric Le Goater 
Signed-off-by: Bernhard Beschow 
---
 hw/pci-host/ppce500.c | 42 ++
 1 file changed, 18 insertions(+), 24 deletions(-)

diff --git a/hw/pci-host/ppce500.c b/hw/pci-host/ppce500.c
index d7ff2ba778..2dded696aa 100644
--- a/hw/pci-host/ppce500.c
+++ b/hw/pci-host/ppce500.c
@@ -21,7 +21,6 @@
 #include "hw/pci/pci_device.h"
 #include "hw/pci/pci_host.h"
 #include "qemu/bswap.h"
-#include "qemu/module.h"
 #include "hw/pci-host/ppce500.h"
 #include "qom/object.h"
 
@@ -508,17 +507,6 @@ static void e500_host_bridge_class_init(ObjectClass 
*klass, void *data)
 dc->user_creatable = false;
 }
 
-static const TypeInfo e500_host_bridge_info = {
-.name  = TYPE_PPC_E500_PCI_BRIDGE,
-.parent= TYPE_PCI_DEVICE,
-.instance_size = sizeof(PPCE500PCIBridgeState),
-.class_init= e500_host_bridge_class_init,
-.interfaces = (InterfaceInfo[]) {
-{ INTERFACE_CONVENTIONAL_PCI_DEVICE },
-{ },
-},
-};
-
 static Property pcihost_properties[] = {
 DEFINE_PROP_UINT32("first_slot", PPCE500PCIState, first_slot, 0x11),
 DEFINE_PROP_UINT32("first_pin_irq", PPCE500PCIState, first_pin_irq, 0x1),
@@ -535,17 +523,23 @@ static void e500_pcihost_class_init(ObjectClass *klass, 
void *data)
 dc->vmsd = &vmstate_ppce500_pci;
 }
 
-static const TypeInfo e500_pcihost_info = {
-.name  = TYPE_PPC_E500_PCI_HOST_BRIDGE,
-.parent= TYPE_PCI_HOST_BRIDGE,
-.instance_size = sizeof(PPCE500PCIState),
-.class_init= e500_pcihost_class_init,
+static const TypeInfo e500_pci_types[] = {
+{
+.name  = TYPE_PPC_E500_PCI_BRIDGE,
+.parent= TYPE_PCI_DEVICE,
+.instance_size = sizeof(PPCE500PCIBridgeState),
+.class_init= e500_host_bridge_class_init,
+.interfaces= (InterfaceInfo[]) {
+{ INTERFACE_CONVENTIONAL_PCI_DEVICE },
+{ },
+},
+},
+{
+.name  = TYPE_PPC_E500_PCI_HOST_BRIDGE,
+.parent= TYPE_PCI_HOST_BRIDGE,
+.instance_size = sizeof(PPCE500PCIState),
+.class_init= e500_pcihost_class_init,
+},
 };
 
-static void e500_pci_register_types(void)
-{
-type_register_static(&e500_pcihost_info);
-type_register_static(&e500_host_bridge_info);
-}
-
-type_init(e500_pci_register_types)
+DEFINE_TYPES(e500_pci_types)
-- 
2.47.0

[PATCH v4 18/26] hw/ppc/mpc8544_guts: Prefer DEFINE_TYPES() macro

[Bernhard Beschow]

Reviewed-by: Cédric Le Goater 
Signed-off-by: Bernhard Beschow 
---
 hw/ppc/mpc8544_guts.c | 20 
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/hw/ppc/mpc8544_guts.c b/hw/ppc/mpc8544_guts.c
index c02b34ccde..e3c51458e6 100644
--- a/hw/ppc/mpc8544_guts.c
+++ b/hw/ppc/mpc8544_guts.c
@@ -18,7 +18,6 @@
  */
 
 #include "qemu/osdep.h"
-#include "qemu/module.h"
 #include "qemu/log.h"
 #include "sysemu/runstate.h"
 #include "cpu.h"
@@ -141,16 +140,13 @@ static void mpc8544_guts_initfn(Object *obj)
 sysbus_init_mmio(d, &s->iomem);
 }
 
-static const TypeInfo mpc8544_guts_info = {
-.name  = TYPE_MPC8544_GUTS,
-.parent= TYPE_SYS_BUS_DEVICE,
-.instance_size = sizeof(GutsState),
-.instance_init = mpc8544_guts_initfn,
+static const TypeInfo mpc8544_guts_types[] = {
+{
+.name  = TYPE_MPC8544_GUTS,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(GutsState),
+.instance_init = mpc8544_guts_initfn,
+},
 };
 
-static void mpc8544_guts_register_types(void)
-{
-type_register_static(&mpc8544_guts_info);
-}
-
-type_init(mpc8544_guts_register_types)
+DEFINE_TYPES(mpc8544_guts_types)
-- 
2.47.0

Re: [PATCH v3 22/26] hw/i2c/smbus_eeprom: Prefer DEFINE_TYPES() macro

[Bernhard Beschow]

Am 2. November 2024 17:24:25 UTC schrieb Corey Minyard :
>On Sat, Nov 2, 2024 at 8:25 AM Bernhard Beschow  wrote:
>>
>> Reviewed-by: Cédric Le Goater 
>> Signed-off-by: Bernhard Beschow 
>> ---
>>  hw/i2c/smbus_eeprom.c | 19 ---
>>  1 file changed, 8 insertions(+), 11 deletions(-)
>>
>> diff --git a/hw/i2c/smbus_eeprom.c b/hw/i2c/smbus_eeprom.c
>> index 9e62c27a1a..1d4d9704bf 100644
>> --- a/hw/i2c/smbus_eeprom.c
>> +++ b/hw/i2c/smbus_eeprom.c
>> @@ -151,19 +151,16 @@ static void smbus_eeprom_class_initfn(ObjectClass 
>> *klass, void *data)
>>  dc->user_creatable = false;
>>  }
>>
>> -static const TypeInfo smbus_eeprom_info = {
>> -.name  = TYPE_SMBUS_EEPROM,
>> -.parent= TYPE_SMBUS_DEVICE,
>> -.instance_size = sizeof(SMBusEEPROMDevice),
>> -.class_init= smbus_eeprom_class_initfn,
>> +static const TypeInfo types[] = {
>
>This is better, but why did you change the name to "types".  The
>previous name was fairly descriptive, though you might change "info"
>to "types".

I took inspiration from 
https://lore.kernel.org/qemu-devel/20240215175752.82828-20-phi...@linaro.org . 
I could preserve the old names (also in the other patches) by simply converting 
to plural form. Here it would be: smbus_eeprom_infos. OK?

Best regards,
Bernhard

>
>-corey
>
>> +{
>> +.name  = TYPE_SMBUS_EEPROM,
>> +.parent= TYPE_SMBUS_DEVICE,
>> +.instance_size = sizeof(SMBusEEPROMDevice),
>> +.class_init= smbus_eeprom_class_initfn,
>> +},
>>  };
>>
>> -static void smbus_eeprom_register_types(void)
>> -{
>> -type_register_static(&smbus_eeprom_info);
>> -}
>> -
>> -type_init(smbus_eeprom_register_types)
>> +DEFINE_TYPES(types)
>>
>>  void smbus_eeprom_init_one(I2CBus *smbus, uint8_t address, uint8_t 
>> *eeprom_buf)
>>  {
>> --
>> 2.47.0
>>
>>