Re: [PATCH v2 2/5] hw/arm: ast2600: Set AST2600_MAX_IRQ to value from datasheet

[Philippe Mathieu-Daudé]

On 3/1/21 2:06 AM, Andrew Jeffery wrote:
> The datasheet says we have 197 IRQs allocated, and we need more than 128
> to describe IRQs from LPC devices. Raise the value now to allow
> modelling of the LPC devices.
> 
> Signed-off-by: Andrew Jeffery 
> ---
>  hw/arm/aspeed_ast2600.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Philippe Mathieu-Daudé 

Re: [PULL 27/29] vl: deprecate -writeconfig

[Markus Armbruster]

Paolo Bonzini  writes:

> The functionality of -writeconfig is limited and the code
> does not even try to detect cases where it prints incorrect
> syntax (for example if values have a quote in them, since
> qemu_config_parse does not support any kind of escaping)
> so remove it.
>
> Signed-off-by: Paolo Bonzini 
> ---
>  docs/system/deprecated.rst | 7 +++
>  qemu-options.hx| 7 +--
>  softmmu/vl.c   | 1 +
>  3 files changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
> index 2fcac7861e..561c916da2 100644
> --- a/docs/system/deprecated.rst
> +++ b/docs/system/deprecated.rst
> @@ -146,6 +146,13 @@ library enabled as a cryptography provider.
>  Neither the ``nettle`` library, or the built-in cryptography provider are
>  supported on FIPS enabled hosts.
>  
> +``-writeconfig`` (since 6.0)
> +'
> +
> +The ``-writeconfig`` option is not able to serialize the entire contents
> +of the QEMU command line.  It is thus considered a failed experiment
> +and deprecated, with no current replacement.
> +
>  QEMU Machine Protocol (QMP) commands
>  
>  
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 34be5a7a2d..252db9357c 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -4335,13 +4335,8 @@ SRST
>  ERST
>  DEF("writeconfig", HAS_ARG, QEMU_OPTION_writeconfig,
>  "-writeconfig \n"
> -"read/write config file\n", QEMU_ARCH_ALL)
> +"read/write config file (deprecated)\n", QEMU_ARCH_ALL)
>  SRST
> -``-writeconfig file``
> -Write device configuration to file. The file can be either filename
> -to save command line and device configuration into file or dash
> -``-``) character to print the output to stdout. This can be later
> -used as input file for ``-readconfig`` option.
>  ERST
>  
>  DEF("no-user-config", 0, QEMU_OPTION_nouserconfig,
> diff --git a/softmmu/vl.c b/softmmu/vl.c
> index b219ce1f35..6d8393b6f7 100644
> --- a/softmmu/vl.c
> +++ b/softmmu/vl.c
> @@ -3356,6 +3356,7 @@ void qemu_init(int argc, char **argv, char **envp)
>  case QEMU_OPTION_writeconfig:
>  {
>  FILE *fp;
> +warn_report("-writeconfig is deprecated.  It will go 
> away in QEMU 6.2 with no replacement");
>  if (strcmp(optarg, "-") == 0) {
>  fp = stdout;
>  } else {

Forgot to tweak the warning to "-writeconfig is deprecated and will go
away without a replacement"?

Re: [PATCH v2 3/5] hw/arm: ast2600: Correct the iBT interrupt ID

[Philippe Mathieu-Daudé]

On 3/1/21 2:06 AM, Andrew Jeffery wrote:
> The AST2600 allocates distinct GIC IRQs for the LPC subdevices such as
> the iBT device. Previously on the AST2400 and AST2500 the LPC subdevices
> shared a single LPC IRQ.
> 
> Signed-off-by: Andrew Jeffery 
> ---
>  hw/arm/aspeed_ast2600.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH 1/2] target/mips: Fold jazz behaviour into mips_cpu_do_transaction_failed

[Philippe Mathieu-Daudé]

On 2/28/21 10:39 PM, Richard Henderson wrote:
> On 2/28/21 8:14 AM, Philippe Mathieu-Daudé wrote:
>>> +/* Used for the jazz board to modify mips_cpu_do_transaction_failed. */
>>
>> Isn't it possible to have other (old) boards doing something similar?
> 
> It's possible, but I doubt any need to.
> 
> I think the comment in hw/mips/jazz.c is correct, in essence.  That we're
> simply being bug-compatible with older qemu, and that 

"... we don't know if ..."

> real jazz hw does not
> discriminate between instruction and data loads.
We could figure it out by suggesting a test to linux-mips list,
one subscriber still has a working Jazz board.

Re: issue with meson and recursion: negation missing in add?

[Philippe Mathieu-Daudé]

On 2/27/21 11:23 PM, Claudio Fontana wrote:
> Hi Paolo,
> 
> I don't know how to handle an issue in the current way we are using meson 
> with recursion, ie always recursing,
> and testing multiple options inside the recursed directory.
> 
> In the case of ARM, we have:
> 
> target/arm/tcg/meson.build,
> 
> where I need to check all the time for TCG, given our current standard of 
> always recursing.
> 
> Besides being error-prone to always remember to check for CONFIG_TCG,
> 
> how do I add some object conditionally on whether CONFIG_TCG is true, but 
> TARGET_AARCH64 is false?
> 
> I'd need something like:
> 
> arm_ss.add(when: [!TARGET_AARCH64,'CONFIG_TCG'], if_true: files(
>   'tcg-cpu-models.c',
> ))
> 
> but the negation !TARGET_AARCH64 is a syntax error... is there any way to 
> negate the condition?

Funny, I asked Paolo the same question last week on IRC, but:

- I also included TARGET_SIZE in the when:
- your email is clearer than my questions :)

> 
> Also as we nest directories more and more, it seems to me that this becomes 
> more and more confusing.
> 
> How about dropping the idea to recurse always unconditionally?
> 
> Thanks!
> 
> Claudio
> 
> 

Re: [PATCH 1/3] docs: vhost-user: clean up request/reply description

[Philippe Mathieu-Daudé]

On 2/26/21 3:34 PM, Paolo Bonzini wrote:
> It is not necessary to mention which side is sending/receiving
> each payload; it is more interesting to say which is the request
> and which is the reply.  This also matches what vhost-user-gpu.rst
> already does.
> 
> While at it, ensure that all messages list both the request and
> the reply payload.
> 
> Signed-off-by: Paolo Bonzini 
> ---
>  docs/interop/vhost-user.rst | 163 +---
>  1 file changed, 95 insertions(+), 68 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v4 2/4] util/qemu-sockets.c: Split host:port parsing out of inet_parse

[Markus Armbruster]

Samuel Thibault  writes:

> Hello,
>
> Daniel P. Berrangé, le lun. 22 févr. 2021 09:39:41 +, a ecrit:
>> In general callers shouldn't care about which format was parsed. The use
>> of [] is just a mechanism to reliably separate the port from the address.
>> Once you have the address part getaddrinfo() will reliably parse the
>> address into a sockaddr struct on its own.
>
> Agreed.
>
>> The is_v6 flag is only needed
>> for the legacy compat needs in slirp, even that is only if we want to 
>> have strict equivalence with historical behaviour, as opposed to changing
>> empty string to mean to listen on both IPv4+6 concurrently..
>
> I would say that empty address meaning ipv4+6 looks better to me.
>
> Doug Evans, le lun. 22 févr. 2021 09:55:09 -0800, a ecrit:
>> Hi guys. I think before I submit yet another patchset in this series I need
>> someone with authority to define the user API for ipv6 host forwarding.
>> Since the hostfwd syntax is parsed in net/slirp.c, Samuel I think that means
>> you (based on what I'm reading in MAINTAINERS).
>
> Well, I'm not maintainer of the user API actually. That'd rather be
> Markus Armbruster, now Cc-ed, who devises the command-line options,
> QAPI, etc.

I rarely devise, I just try to keep things sane by reviewing and
advising, with the help of others.

>> Based on what Maxim originally wrote I was going with addresses wrapped in []
>> mean ipv6, but Daniel does not want that.
>
> Specifying [127.0.0.1] would be odd, but for instance 
>
> ssh localhost -D '[127.0.0.1]':23456
>
> happens to listen on 127.0.0.1. So I would say that common practice
> really is that [] only matters for syntax, and not semantic.

I believe common syntactic practice is to use [brackets] only around
numeric IPv6 addresses.  E.g. socat(1):

   IP address
  An IPv4 address in numbers-and-dots notation, an IPv6 address in
  hex notation enclosed in brackets, or a hostname  that  resolves
  to an IPv4 or an IPv6 address.
  Examples: 127.0.0.1, [::1], www.dest-unreach.org, dns1

[...]

Re: [PATCH] hw/pci: Have safer pcie_bus_realize() by checking error path

[Philippe Mathieu-Daudé]

ping?

On 2/1/21 4:37 PM, Philippe Mathieu-Daudé wrote:
> While pci_bus_realize() currently does not use the Error* argument,
> it would be an error to leave pcie_bus_realize() setting bus->flags
> if pci_bus_realize() had failed.
> 
> Fix by using a local Error* and return early (propagating the error)
> if pci_bus_realize() failed.
> 
> Reported-by: Markus Armbruster 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/pci/pci.c | 7 ++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/pci/pci.c b/hw/pci/pci.c
> index 512e9042ffa..0d12e94a02e 100644
> --- a/hw/pci/pci.c
> +++ b/hw/pci/pci.c
> @@ -130,8 +130,13 @@ static void pci_bus_realize(BusState *qbus, Error **errp)
>  static void pcie_bus_realize(BusState *qbus, Error **errp)
>  {
>  PCIBus *bus = PCI_BUS(qbus);
> +Error *local_err = NULL;
>  
> -pci_bus_realize(qbus, errp);
> +pci_bus_realize(qbus, &local_err);
> +if (local_err) {
> +error_propagate(errp, local_err);
> +return;
> +}
>  
>  /*
>   * A PCI-E bus can support extended config space if it's the root
> 

Re: [PATCH] gitlab-ci: Disable vhost-kernel in build-disable job

[Philippe Mathieu-Daudé]

ping?

On 1/31/21 11:46 AM, Philippe Mathieu-Daudé wrote:
> Commit 299e6f19b3e ("vhost-net: revamp configure logic") added
> the --enable-vhost-kernel option.
> Disable it in the build-disable job.
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  .gitlab-ci.yml | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
> index 7c0db64710b..e8390314d89 100644
> --- a/.gitlab-ci.yml
> +++ b/.gitlab-ci.yml
> @@ -346,6 +346,7 @@ build-disabled:
>--disable-vhost-crypto
>--disable-vhost-net
>--disable-vhost-scsi
> +  --disable-vhost-kernel
>--disable-vhost-user
>--disable-vhost-vdpa
>--disable-vhost-vsock
> 

[PATCH v2 1/3] migration/ram: Modify the code comment of ram_save_host_page()

[Kunkun Jiang]

The ram_save_host_page() has been modified several times
since its birth. But the comment hasn't been modified as it should
be. It'd better to modify the comment to explain ram_save_host_page()
more clearly.

Signed-off-by: Keqian Zhu 
Signed-off-by: Kunkun Jiang 
---
 migration/ram.c | 14 ++
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/migration/ram.c b/migration/ram.c
index 72143da0ac..24967cb970 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -1970,15 +1970,13 @@ static int ram_save_target_page(RAMState *rs, 
PageSearchStatus *pss,
 }
 
 /**
- * ram_save_host_page: save a whole host page
+ * ram_save_host_page: save a whole host page or the rest of a RAMBlock
  *
- * Starting at *offset send pages up to the end of the current host
- * page. It's valid for the initial offset to point into the middle of
- * a host page in which case the remainder of the hostpage is sent.
- * Only dirty target pages are sent. Note that the host page size may
- * be a huge page for this block.
- * The saving stops at the boundary of the used_length of the block
- * if the RAMBlock isn't a multiple of the host page size.
+ * Send dirty pages between pss->page and either the end of that page
+ * or the used_length of the RAMBlock, whichever is smaller.
+ *
+ * Note that if the host page is a huge page, pss->page may be in the
+ * middle of that page.
  *
  * Returns the number of pages written or negative on error
  *
-- 
2.23.0

[PATCH v2 2/3] migration/ram: Modify ram_save_host_page() to match the comment

[Kunkun Jiang]

According to the comment, when the host page is a huge page, the
migration_rate_limit() should be executed. If not, this function
can be omitted to save time.

Signed-off-by: Keqian Zhu 
Signed-off-by: Kunkun Jiang 
---
 migration/ram.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/migration/ram.c b/migration/ram.c
index 24967cb970..3a9115b6dc 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -2014,7 +2014,9 @@ static int ram_save_host_page(RAMState *rs, 
PageSearchStatus *pss,
 pages += tmppages;
 pss->page++;
 /* Allow rate limiting to happen in the middle of huge pages */
-migration_rate_limit();
+if (pagesize_bits > 1) {
+migration_rate_limit();
+}
 } while ((pss->page & (pagesize_bits - 1)) &&
  offset_in_ramblock(pss->block,
 ((ram_addr_t)pss->page) << TARGET_PAGE_BITS));
-- 
2.23.0

[PATCH v2 3/3] migration/ram: Optimize ram_save_host_page()

[Kunkun Jiang]

Starting from pss->page, ram_save_host_page() will check every page
and send the dirty pages up to the end of the current host page or
the boundary of used_length of the block. If the host page size is
a huge page, the step "check" will take a lot of time.

This will improve performance to use migration_bitmap_find_dirty().

Signed-off-by: Keqian Zhu 
Signed-off-by: Kunkun Jiang 
---
 migration/ram.c | 12 +++-
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/migration/ram.c b/migration/ram.c
index 3a9115b6dc..a1374db356 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -1991,6 +1991,8 @@ static int ram_save_host_page(RAMState *rs, 
PageSearchStatus *pss,
 int tmppages, pages = 0;
 size_t pagesize_bits =
 qemu_ram_pagesize(pss->block) >> TARGET_PAGE_BITS;
+unsigned long hostpage_boundary =
+QEMU_ALIGN_UP(pss->page + 1, pagesize_bits);
 unsigned long start_page = pss->page;
 int res;
 
@@ -2002,7 +2004,7 @@ static int ram_save_host_page(RAMState *rs, 
PageSearchStatus *pss,
 do {
 /* Check the pages is dirty and if it is send it */
 if (!migration_bitmap_clear_dirty(rs, pss->block, pss->page)) {
-pss->page++;
+pss->page = migration_bitmap_find_dirty(rs, pss->block, pss->page);
 continue;
 }
 
@@ -2012,16 +2014,16 @@ static int ram_save_host_page(RAMState *rs, 
PageSearchStatus *pss,
 }
 
 pages += tmppages;
-pss->page++;
+pss->page = migration_bitmap_find_dirty(rs, pss->block, pss->page);
 /* Allow rate limiting to happen in the middle of huge pages */
 if (pagesize_bits > 1) {
 migration_rate_limit();
 }
-} while ((pss->page & (pagesize_bits - 1)) &&
+} while ((pss->page < hostpage_boundary) &&
  offset_in_ramblock(pss->block,
 ((ram_addr_t)pss->page) << TARGET_PAGE_BITS));
-/* The offset we leave with is the last one we looked at */
-pss->page--;
+/* The offset we leave with is the min boundary of host page and block */
+pss->page = MIN(pss->page, hostpage_boundary) - 1;
 
 res = ram_save_release_protection(rs, pss, start_page);
 return (res < 0 ? res : pages);
-- 
2.23.0

[PATCH v2 0/3] Some modifications about ram_save_host_page()

[Kunkun Jiang]

Hi,

This series include patches as below:
Patch 1-2:
- modified the comment and code of ram_save_host_page() to make them match each 
other

Patch 3:
- optimized ram_save_host_page() by using migration_bitmap_find_dirty() to find 
dirty
pages

History:

v1 -> v2:
- Modify ram_save_host_page() comment [David Edmondson]
- Remove 'goto' [David Edmondson]

Kunkun Jiang (3):
  migration/ram: Modify the code comment of ram_save_host_page()
  migration/ram: Modify ram_save_host_page() to match the comment
  migration/ram: Optimize ram_save_host_page()

 migration/ram.c | 30 --
 1 file changed, 16 insertions(+), 14 deletions(-)

-- 
2.23.0

Re: [RFC PATCH 0/3] Add migration support for VFIO PCI devices in SMMUv3 nested stage mode

[Kunkun Jiang]

kindly ping,
Any comments and reviews are welcome.

Thanks.
Kunkun Jiang.

On 2021/2/19 17:42, Kunkun Jiang wrote:

Hi all,

Since the SMMUv3's nested translation stages[1] has been introduced by Eric, we
need to pay attention to the migration of VFIO PCI devices in SMMUv3 nested 
stage
mode. At present, it is not yet supported in QEMU. There are two problems in the
existing framework.

First, the current way to get dirty pages is not applicable to nested stage 
mode.
Because of the "Caching Mode", VTD can map the RAM through the host single stage
(giova->hpa). "vfio_listener_log_sync" gets dirty pages by transferring "giova"
to the kernel for the RAM block section of mapped MMIO region. In nested stage
mode, we setup the stage 2 (gpa->hpa) and the stage 1(giova->gpa) separately. So
it is inapplicable to get dirty pages by the current way in nested stage mode.

Second, it also need to pass stage 1 configurations to the destination host 
after
the migration. In Eric's patch, it passes the stage 1 configuration to the host 
on
each STE update for the devices set the PASID PciOps. The configuration will be
applied at physical level. But the data of physical level will not be sent to 
the
destination host. So we have to pass stage 1 configurations to the destination
host after the migration.

This Patch set includes patches as below:
Patch 1-2:
- Refactor the vfio_listener_log_sync and added a new function to get dirty 
pages
in nested stage mode.

Patch 3:
- Added the post_load function to vmstate_smmuv3 for passing stage 1 
configuration
to the destination host after the migration.

@Eric, Could you please add this Patch set to your future version of
"vSMMUv3/pSMMUv3 2 stage VFIO integration", if you think this Patch set makes 
sense? :)

Best Regards
Kunkun Jiang

[1] [RFC,v7,00/26] vSMMUv3/pSMMUv3 2 stage VFIO integration
http://patchwork.ozlabs.org/project/qemu-devel/cover/20201116181349.11908-1-eric.au...@redhat.com/

Kunkun Jiang (3):
   vfio: Introduce helpers to mark dirty pages of a RAM section
   vfio: Add vfio_prereg_listener_log_sync in nested stage
   hw/arm/smmuv3: Post-load stage 1 configurations to the host

  hw/arm/smmuv3.c | 60 +
  hw/arm/trace-events |  1 +
  hw/vfio/common.c| 47 +--
  3 files changed, 100 insertions(+), 8 deletions(-)

Re: [PATCH v4 2/4] util/qemu-sockets.c: Split host:port parsing out of inet_parse

[Samuel Thibault]

Markus Armbruster, le lun. 01 mars 2021 09:15:41 +0100, a ecrit:
> Samuel Thibault  writes:
> > Specifying [127.0.0.1] would be odd, but for instance 
> >
> > ssh localhost -D '[127.0.0.1]':23456
> >
> > happens to listen on 127.0.0.1. So I would say that common practice
> > really is that [] only matters for syntax, and not semantic.
> 
> I believe common syntactic practice is to use [brackets] only around
> numeric IPv6 addresses.  E.g. socat(1):
> 
>IP address
>   An IPv4 address in numbers-and-dots notation, an IPv6 address in
>   hex notation enclosed in brackets, or a hostname  that  resolves
>   to an IPv4 or an IPv6 address.
>   Examples: 127.0.0.1, [::1], www.dest-unreach.org, dns1

Yes and that's also what ssh documents, but in ssh the brackets happen
to also work for an IPv4 address.

Samuel

Re: [PATCH v25 14/20] i386: separate fpu_helper into user and sysemu parts

[Claudio Fontana]

On 2/26/21 7:42 PM, Richard Henderson wrote:
> On 2/26/21 9:51 AM, Claudio Fontana wrote:
>> +/* fpu_helper.c */
>> +
>> +void do_fsave(CPUX86State *env, target_ulong ptr, int data32, uintptr_t ra);
>> +void do_frstor(CPUX86State *env, target_ulong ptr, int data32, uintptr_t 
>> ra);
>> +void do_fxsave(CPUX86State *env, target_ulong ptr, uintptr_t ra);
>> +void do_fxrstor(CPUX86State *env, target_ulong ptr, uintptr_t ra);
> 
> Is this really worth it?

No, probably not. Will respin without these parts,
and leaving the small ifdefs in the global tcg/fpu_helper.c

Thanks,

Claudio


> It means that we unnecessarily expose these functions
> in system mode, where they are still not safe.
> 
> I had thought about doing something like
> 
> #ifdef CONFIG_USER_ONLY
> #define SYSEMU_STATIC
> #else
> #define SYSEMU_STATIC static
> #endif
> 
> SYSEMU_STATIC void
> cpu_x86_fsave(...)
> {
>   ...
> }
> 
> void helper_fsave(...)
> {
> cpu_x86_fsave(..., GETPC());
> }
> 
> but I thought the existing example of "do_" functions within that file to be
> compelling.  I think small sections of this CONFIG within a file should be
> fine, especially where it interacts with other functions like this.
> 
> I guess either way,
> Reviewed-by: Richard Henderson 
> 
> 
> r~
> 

Re: [PATCH 1/2] target/mips: Fold jazz behaviour into mips_cpu_do_transaction_failed

[Philippe Mathieu-Daudé]

On 2/28/21 12:25 AM, Richard Henderson wrote:
> Add a flag to MIPSCPUClass in order to avoid needing to
> replace mips_tcg_ops.do_transaction_failed.
> 
> Signed-off-by: Richard Henderson 
> ---
>  target/mips/cpu-qom.h   |  3 +++
>  hw/mips/jazz.c  | 35 +++
>  target/mips/op_helper.c |  3 ++-
>  3 files changed, 8 insertions(+), 33 deletions(-)
...
> diff --git a/hw/mips/jazz.c b/hw/mips/jazz.c
> index 83c8086062..7b22a9b511 100644
> --- a/hw/mips/jazz.c
> +++ b/hw/mips/jazz.c
...> @@ -152,7 +128,7 @@ static void mips_jazz_init(MachineState *machine,
>  int bios_size, n;
>  Clock *cpuclk;
>  MIPSCPU *cpu;
> -CPUClass *cc;
> +MIPSCPUClass *mcc;
>  CPUMIPSState *env;
>  qemu_irq *i8259;
>  rc4030_dma *dmas;
> @@ -199,8 +175,6 @@ static void mips_jazz_init(MachineState *machine,
>   * However, we can't simply add a global memory region to catch
>   * everything, as this would make all accesses including instruction
>   * accesses be ignored and not raise exceptions.
> - * So instead we hijack the do_transaction_failed method on the CPU, and
> - * do not raise exceptions for data access.
>   *
>   * NOTE: this behaviour of raising exceptions for bad instruction
>   * fetches but not bad data accesses was added in commit 54e755588cf1e9
> @@ -210,11 +184,8 @@ static void mips_jazz_init(MachineState *machine,
>   * we could replace this hijacking of CPU methods with a simple global
>   * memory region that catches all memory accesses, as we do on Malta.
>   */
> -cc = CPU_GET_CLASS(cpu);
> -#if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY)
> -real_do_transaction_failed = cc->tcg_ops->do_transaction_failed;
> -cc->tcg_ops->do_transaction_failed = mips_jazz_do_transaction_failed;

We don't need the "hw/core/tcg-cpu-ops.h" header anymore.

> -#endif /* CONFIG_TCG && !CONFIG_USER_ONLY */
> +mcc = MIPS_CPU_GET_CLASS(cpu);
> +mcc->no_data_aborts = true;

[PATCH v26 01/20] target/i386: Rename helper_fldt, helper_fstt

[Claudio Fontana]

From: Richard Henderson 

Change the prefix from "helper" to "do".  The former should be
reserved for those functions that are called from TCG; the latter
is in use within the file already for those functions that are
called from the helper functions, adding a "retaddr" argument.

Signed-off-by: Richard Henderson 
Reviewed-by: Claudio Fontana 
Tested-by: Claudio Fontana 
Reviewed-by: Philippe Mathieu-Daudé 
---
 target/i386/tcg/fpu_helper.c | 19 +--
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c
index 60ed93520a..3d9b192901 100644
--- a/target/i386/tcg/fpu_helper.c
+++ b/target/i386/tcg/fpu_helper.c
@@ -117,8 +117,7 @@ static inline void fpop(CPUX86State *env)
 env->fpstt = (env->fpstt + 1) & 7;
 }
 
-static inline floatx80 helper_fldt(CPUX86State *env, target_ulong ptr,
-   uintptr_t retaddr)
+static floatx80 do_fldt(CPUX86State *env, target_ulong ptr, uintptr_t retaddr)
 {
 CPU_LDoubleU temp;
 
@@ -127,8 +126,8 @@ static inline floatx80 helper_fldt(CPUX86State *env, 
target_ulong ptr,
 return temp.d;
 }
 
-static inline void helper_fstt(CPUX86State *env, floatx80 f, target_ulong ptr,
-   uintptr_t retaddr)
+static void do_fstt(CPUX86State *env, floatx80 f, target_ulong ptr,
+uintptr_t retaddr)
 {
 CPU_LDoubleU temp;
 
@@ -405,14 +404,14 @@ void helper_fldt_ST0(CPUX86State *env, target_ulong ptr)
 int new_fpstt;
 
 new_fpstt = (env->fpstt - 1) & 7;
-env->fpregs[new_fpstt].d = helper_fldt(env, ptr, GETPC());
+env->fpregs[new_fpstt].d = do_fldt(env, ptr, GETPC());
 env->fpstt = new_fpstt;
 env->fptags[new_fpstt] = 0; /* validate stack entry */
 }
 
 void helper_fstt_ST0(CPUX86State *env, target_ulong ptr)
 {
-helper_fstt(env, ST0, ptr, GETPC());
+do_fstt(env, ST0, ptr, GETPC());
 }
 
 void helper_fpush(CPUX86State *env)
@@ -2468,7 +2467,7 @@ void helper_fsave(CPUX86State *env, target_ulong ptr, int 
data32)
 ptr += (14 << data32);
 for (i = 0; i < 8; i++) {
 tmp = ST(i);
-helper_fstt(env, tmp, ptr, GETPC());
+do_fstt(env, tmp, ptr, GETPC());
 ptr += 10;
 }
 
@@ -2495,7 +2494,7 @@ void helper_frstor(CPUX86State *env, target_ulong ptr, 
int data32)
 ptr += (14 << data32);
 
 for (i = 0; i < 8; i++) {
-tmp = helper_fldt(env, ptr, GETPC());
+tmp = do_fldt(env, ptr, GETPC());
 ST(i) = tmp;
 ptr += 10;
 }
@@ -2539,7 +2538,7 @@ static void do_xsave_fpu(CPUX86State *env, target_ulong 
ptr, uintptr_t ra)
 addr = ptr + XO(legacy.fpregs);
 for (i = 0; i < 8; i++) {
 floatx80 tmp = ST(i);
-helper_fstt(env, tmp, addr, ra);
+do_fstt(env, tmp, addr, ra);
 addr += 16;
 }
 }
@@ -2703,7 +2702,7 @@ static void do_xrstor_fpu(CPUX86State *env, target_ulong 
ptr, uintptr_t ra)
 
 addr = ptr + XO(legacy.fpregs);
 for (i = 0; i < 8; i++) {
-floatx80 tmp = helper_fldt(env, addr, ra);
+floatx80 tmp = do_fldt(env, addr, ra);
 ST(i) = tmp;
 addr += 16;
 }
-- 
2.26.2

[PATCH v26 02/20] target/i386: Split out do_fsave, do_frstor, do_fxsave, do_fxrstor

[Claudio Fontana]

From: Richard Henderson 

The helper_* functions must use GETPC() to unwind from TCG.
The cpu_x86_* functions cannot, and directly calling the
helper_* functions is a bug.  Split out new functions that
perform the work and can be used by both.

Signed-off-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Claudio Fontana 
Tested-by: Claudio Fontana 
---
 target/i386/tcg/fpu_helper.c | 66 +++-
 1 file changed, 42 insertions(+), 24 deletions(-)

diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c
index 3d9b192901..20e4d2e715 100644
--- a/target/i386/tcg/fpu_helper.c
+++ b/target/i386/tcg/fpu_helper.c
@@ -2457,17 +2457,18 @@ void helper_fldenv(CPUX86State *env, target_ulong ptr, 
int data32)
 do_fldenv(env, ptr, data32, GETPC());
 }
 
-void helper_fsave(CPUX86State *env, target_ulong ptr, int data32)
+static void do_fsave(CPUX86State *env, target_ulong ptr, int data32,
+ uintptr_t retaddr)
 {
 floatx80 tmp;
 int i;
 
-do_fstenv(env, ptr, data32, GETPC());
+do_fstenv(env, ptr, data32, retaddr);
 
 ptr += (14 << data32);
 for (i = 0; i < 8; i++) {
 tmp = ST(i);
-do_fstt(env, tmp, ptr, GETPC());
+do_fstt(env, tmp, ptr, retaddr);
 ptr += 10;
 }
 
@@ -2485,30 +2486,41 @@ void helper_fsave(CPUX86State *env, target_ulong ptr, 
int data32)
 env->fptags[7] = 1;
 }
 
+void helper_fsave(CPUX86State *env, target_ulong ptr, int data32)
+{
+do_fsave(env, ptr, data32, GETPC());
+}
+
+static void do_frstor(CPUX86State *env, target_ulong ptr, int data32,
+  uintptr_t retaddr)
+{
+floatx80 tmp;
+int i;
+
+do_fldenv(env, ptr, data32, retaddr);
+ptr += (14 << data32);
+
+for (i = 0; i < 8; i++) {
+tmp = do_fldt(env, ptr, retaddr);
+ST(i) = tmp;
+ptr += 10;
+}
+}
+
 void helper_frstor(CPUX86State *env, target_ulong ptr, int data32)
 {
-floatx80 tmp;
-int i;
-
-do_fldenv(env, ptr, data32, GETPC());
-ptr += (14 << data32);
-
-for (i = 0; i < 8; i++) {
-tmp = do_fldt(env, ptr, GETPC());
-ST(i) = tmp;
-ptr += 10;
-}
+do_frstor(env, ptr, data32, GETPC());
 }
 
 #if defined(CONFIG_USER_ONLY)
 void cpu_x86_fsave(CPUX86State *env, target_ulong ptr, int data32)
 {
-helper_fsave(env, ptr, data32);
+do_fsave(env, ptr, data32, 0);
 }
 
 void cpu_x86_frstor(CPUX86State *env, target_ulong ptr, int data32)
 {
-helper_frstor(env, ptr, data32);
+do_frstor(env, ptr, data32, 0);
 }
 #endif
 
@@ -2593,10 +2605,8 @@ static void do_xsave_pkru(CPUX86State *env, target_ulong 
ptr, uintptr_t ra)
 cpu_stq_data_ra(env, ptr, env->pkru, ra);
 }
 
-void helper_fxsave(CPUX86State *env, target_ulong ptr)
+static void do_fxsave(CPUX86State *env, target_ulong ptr, uintptr_t ra)
 {
-uintptr_t ra = GETPC();
-
 /* The operand must be 16 byte aligned */
 if (ptr & 0xf) {
 raise_exception_ra(env, EXCP0D_GPF, ra);
@@ -2615,6 +2625,11 @@ void helper_fxsave(CPUX86State *env, target_ulong ptr)
 }
 }
 
+void helper_fxsave(CPUX86State *env, target_ulong ptr)
+{
+do_fxsave(env, ptr, GETPC());
+}
+
 static uint64_t get_xinuse(CPUX86State *env)
 {
 uint64_t inuse = -1;
@@ -2757,10 +2772,8 @@ static void do_xrstor_pkru(CPUX86State *env, 
target_ulong ptr, uintptr_t ra)
 env->pkru = cpu_ldq_data_ra(env, ptr, ra);
 }
 
-void helper_fxrstor(CPUX86State *env, target_ulong ptr)
+static void do_fxrstor(CPUX86State *env, target_ulong ptr, uintptr_t ra)
 {
-uintptr_t ra = GETPC();
-
 /* The operand must be 16 byte aligned */
 if (ptr & 0xf) {
 raise_exception_ra(env, EXCP0D_GPF, ra);
@@ -2779,15 +2792,20 @@ void helper_fxrstor(CPUX86State *env, target_ulong ptr)
 }
 }
 
+void helper_fxrstor(CPUX86State *env, target_ulong ptr)
+{
+do_fxrstor(env, ptr, GETPC());
+}
+
 #if defined(CONFIG_USER_ONLY)
 void cpu_x86_fxsave(CPUX86State *env, target_ulong ptr)
 {
-helper_fxsave(env, ptr);
+do_fxsave(env, ptr, 0);
 }
 
 void cpu_x86_fxrstor(CPUX86State *env, target_ulong ptr)
 {
-helper_fxrstor(env, ptr);
+do_fxrstor(env, ptr, 0);
 }
 #endif
 
-- 
2.26.2

[PATCH v26 00/20] i386 cleanup PART 2

[Claudio Fontana]

v25 -> v26:
* i386: separate fpu_helper into user and sysemu parts
 - removed the splitting of the user mode into their own user/fpu_helper.c,
   seems not worth it.

v24 -> v25:

* i386: separate fpu_helper into user and sysemu parts

 - added 2 preliminary patches to the series (from Richard)
 - rebased on those

* i386: move TCG btp_helper into sysemu/

 - fixed title typo (Alex)
 - nested #ifdef more easily (Richard)

v23 -> v24:

* i386: gdbstub: only write CR0/CR2/CR3/EFER for sysemu 

 - remove additional #ifdef TARGET_X86_64
 - split in two patches, so it is easier to understand.

v22 -> v23:

* i386: move TCG btp_helper into sysemu/
 - extended the #ifndef CONFIG_USER_ONLY to entire else of
   if (cpl != 0).

* i386: split misc helper into user and sysemu parts
 - added g_assert_not_reached() and changed user file name to -stubs.

* i386: separate fpu_helper into user and sysemu parts
 - removed unused return value
 - added comment abut issues with current cpu_x86_fsave.

* i386: split off sysemu part of cpu.c
 - rename cpu-softmmu.c to cpu-sysemu.c
 - fixed two mispelled comments, and add two comments
   in the headers of cpu.c and cpu-sysemu.c to describe them

* i386: gdbstub: only write CR0/CR2/CR3/EFER for sysemu
 - defined some aux functions to reduce repeated code

* i386: make cpu_load_efer sysemu-only
 - move the function to helper.c, remove "inline"

v21 -> v22: replace "softmmu" with "sysemu"

v20 -> v21:

* meson: add target_user_arch
  - add hexagon

v19 -> v20:

* add new patch to make gdbstub only write certain registers for softmmu.
  In particular, CR0, CR2, CR3 and EFER should not be changed under
  CONFIG_USER_ONLY. (Paolo)

* add new patch to make cpu_load_efer softmmu-only (Paolo)

* i386: split svm_helper into softmmu and stub-only user

  - fixed commit message spelling (Eric)

  - mention in commit message that this reproduces the existing stubs,
but really everything that requires s->cpl == 0 should be impossible
to trigger from user-mode, and we could find a way to assert that
more consistently.

v18 -> v19:

* i386: split smm helper (softmmu)
  - add g_assert_not_reached and cpu_abort for invalid states in
CONFIG_USER_ONLY (Paolo)

* i386: move TCG btp_helper into softmmu/
  - for CONFIG_USER_ONLY, assert that the hidden IOBPT flags are not set
while attempting to generate io_bpt helpers.
Theory to verify (Paolo)

* i386: slit svm_helper into softmmu and stub-only user
  - added XXX in the commit message to highlight the question about
whether the same check should be done controlling access to
cpu_load_efer() and state of the hidden SVME flag. (Paolo)

v17 -> v18:

* meson: add target_user_arch

 - add target_user_arch to all targets which build user.
   Otherwise meson complains about missing key for archs without it.
   (Paolo)

* wrap a few gen_helper_ calls around ifndef CONFIG_USER_ONLY.
  This would need a look from someone like Alex or Richard I think,
  as potentially we could remove even more code I think around the
  gen_helper_ calls for CONFIG_USER_ONLY.

  In the current master code, we have empty helpers for user mode,
  but still we generate the preamble code, temporary variables etc,
  just to then call a helper_() function that does nothing.

  In particular I am referring to patches:

  i386: split tcg btp_helper into softmmu and user parts
DEF_HELPER_FLAGS_3(set_dr, TCG_CALL_NO_WG, void, env, int, tl)
DEF_HELPER_FLAGS_4(bpt_io, TCG_CALL_NO_WG, void, env, i32, i32, tl)
gen_bpt_io
gen_helper_set_dr(cpu_env, s->tmp2_i32, s->T0);

  i386: split smm helper (softmmu)
DEF_HELPER_1(rsm, void, env)
gen_helper_rsm(cpu_env);

  (Alex, Richard?)

* removed suffixes from user/ and softmmu/ modules
  (Alex, Philippe).
  Where possible, removed user stubs entirely.
  Renamed the leftover svm_helper stubs to user/svm_stubs.c

* cleaned up lefover unnecessary header files and squashed them.
 

v16 -> v17: changed to RFC

* tcg_ops are already in master, removed from the series

* i386: split cpu accelerators from cpu.c, using AccelCPUClass:
  removed spurious ; and added spacing before/after functions (Richard)

* added new patches as RFC for the next steps, introducing target-specific
  user-mode specific meson variables, and applied to i386/tcg as an
  example, in order to gather feedback.

v15 -> v16:

* cpu: Move synchronize_from_tb() to tcg_ops:
  - adjusted comments (Alex)

* cpu: tcg_ops: move to tcg-cpu-ops.h, keep a pointer in CPUClass:
  - remove forward decl. of AccelCPUClass, should be in a later patch. (Alex)
  - simplified comment about tcg_ops in struct CPUClass (Alex)
  - remove obsolete comment about ARM blocking TCGCPUOps from being const.
(Alex)

* accel: replace struct CpusAccel with AccelOpsClass:
  - reworded commit message to be clearer about the objective (Alex)

* accel: introdu

[PATCH v26 03/20] i386: split cpu accelerators from cpu.c, using AccelCPUClass

[Claudio Fontana]

i386 is the first user of AccelCPUClass, allowing to split
cpu.c into:

cpu.ccpuid and common x86 cpu functionality
host-cpu.c   host x86 cpu functions and "host" cpu type
kvm/kvm-cpu.cKVM x86 AccelCPUClass
hvf/hvf-cpu.cHVF x86 AccelCPUClass
tcg/tcg-cpu.cTCG x86 AccelCPUClass

Signed-off-by: Claudio Fontana 
Reviewed-by: Alex Bennée 
Reviewed-by: Richard Henderson 
---
 target/i386/cpu.h   |  20 +-
 target/i386/host-cpu.h  |  19 ++
 target/i386/kvm/kvm-cpu.h   |  41 
 target/i386/tcg/tcg-cpu.h   |  15 --
 hw/i386/pc_piix.c   |   1 +
 target/i386/cpu.c   | 390 
 target/i386/host-cpu.c  | 201 +++
 target/i386/hvf/hvf-cpu.c   |  68 +++
 target/i386/kvm/kvm-cpu.c   | 151 ++
 target/i386/kvm/kvm.c   |   3 +-
 target/i386/tcg/tcg-cpu.c   | 113 ++-
 MAINTAINERS |   2 +-
 target/i386/hvf/meson.build |   1 +
 target/i386/kvm/meson.build |   7 +-
 target/i386/meson.build |   6 +-
 15 files changed, 651 insertions(+), 387 deletions(-)
 create mode 100644 target/i386/host-cpu.h
 create mode 100644 target/i386/kvm/kvm-cpu.h
 delete mode 100644 target/i386/tcg/tcg-cpu.h
 create mode 100644 target/i386/host-cpu.c
 create mode 100644 target/i386/hvf/hvf-cpu.c
 create mode 100644 target/i386/kvm/kvm-cpu.c

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 8be39cfb62..c8a84a9033 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1925,13 +1925,20 @@ int cpu_x86_signal_handler(int host_signum, void *pinfo,
void *puc);
 
 /* cpu.c */
+void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
+  uint32_t vendor2, uint32_t vendor3);
+typedef struct PropValue {
+const char *prop, *value;
+} PropValue;
+void x86_cpu_apply_props(X86CPU *cpu, PropValue *props);
+
+/* cpu.c other functions (cpuid) */
 void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
uint32_t *eax, uint32_t *ebx,
uint32_t *ecx, uint32_t *edx);
 void cpu_clear_apic_feature(CPUX86State *env);
 void host_cpuid(uint32_t function, uint32_t count,
 uint32_t *eax, uint32_t *ebx, uint32_t *ecx, uint32_t *edx);
-void host_vendor_fms(char *vendor, int *family, int *model, int *stepping);
 
 /* helper.c */
 void x86_cpu_set_a20(X86CPU *cpu, int a20_state);
@@ -2136,17 +2143,6 @@ void cpu_report_tpr_access(CPUX86State *env, TPRAccess 
access);
 void apic_handle_tpr_access_report(DeviceState *d, target_ulong ip,
TPRAccess access);
 
-
-/* Change the value of a KVM-specific default
- *
- * If value is NULL, no default will be set and the original
- * value from the CPU model table will be kept.
- *
- * It is valid to call this function only for properties that
- * are already present in the kvm_default_props table.
- */
-void x86_cpu_change_kvm_default(const char *prop, const char *value);
-
 /* Special values for X86CPUVersion: */
 
 /* Resolve to latest CPU version */
diff --git a/target/i386/host-cpu.h b/target/i386/host-cpu.h
new file mode 100644
index 00..b47bc0943f
--- /dev/null
+++ b/target/i386/host-cpu.h
@@ -0,0 +1,19 @@
+/*
+ * x86 host CPU type initialization and host CPU functions
+ *
+ * Copyright 2021 SUSE LLC
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef HOST_CPU_H
+#define HOST_CPU_H
+
+void host_cpu_instance_init(X86CPU *cpu);
+void host_cpu_max_instance_init(X86CPU *cpu);
+void host_cpu_realizefn(CPUState *cs, Error **errp);
+
+void host_cpu_vendor_fms(char *vendor, int *family, int *model, int *stepping);
+
+#endif /* HOST_CPU_H */
diff --git a/target/i386/kvm/kvm-cpu.h b/target/i386/kvm/kvm-cpu.h
new file mode 100644
index 00..e858ca21e5
--- /dev/null
+++ b/target/i386/kvm/kvm-cpu.h
@@ -0,0 +1,41 @@
+/*
+ * i386 KVM CPU type and functions
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#ifndef KVM_CPU_H
+#define KVM_CPU_H
+
+#ifdef CONFIG_KVM
+/*
+ * Change the value of a KVM-specific default
+ *
+ * If value is NULL, no default will be set and the original
+ * value from the CPU model table will be kept.
+ *
+ * It is valid 

[PATCH v26 08/20] meson: add target_user_arch

[Claudio Fontana]

the lack of target_user_arch makes it hard to fully leverage the
build system in order to separate user code from sysemu code.

Provide it, so that we can avoid the proliferation of #ifdef
in target code.

Signed-off-by: Claudio Fontana 
Reviewed-by: Alex Bennée 

[claudio: added changes for new target hexagon]

Signed-off-by: Claudio Fontana 
---
 meson.build   | 5 +
 target/alpha/meson.build  | 3 +++
 target/arm/meson.build| 2 ++
 target/cris/meson.build   | 3 +++
 target/hexagon/meson.build| 3 +++
 target/hppa/meson.build   | 3 +++
 target/i386/meson.build   | 2 ++
 target/m68k/meson.build   | 3 +++
 target/microblaze/meson.build | 3 +++
 target/mips/meson.build   | 3 +++
 target/nios2/meson.build  | 3 +++
 target/openrisc/meson.build   | 3 +++
 target/ppc/meson.build| 3 +++
 target/riscv/meson.build  | 3 +++
 target/s390x/meson.build  | 3 +++
 target/sh4/meson.build| 3 +++
 target/sparc/meson.build  | 3 +++
 target/tilegx/meson.build | 3 +++
 target/tricore/meson.build| 3 +++
 target/xtensa/meson.build | 3 +++
 20 files changed, 60 insertions(+)

diff --git a/meson.build b/meson.build
index 05a67c20d9..5be4e5f38c 100644
--- a/meson.build
+++ b/meson.build
@@ -1735,6 +1735,7 @@ modules = {}
 hw_arch = {}
 target_arch = {}
 target_softmmu_arch = {}
+target_user_arch = {}
 
 ###
 # Trace files #
@@ -2132,6 +2133,10 @@ foreach target : target_dirs
 abi = config_target['TARGET_ABI_DIR']
 target_type='user'
 qemu_target_name = 'qemu-' + target_name
+t = target_user_arch[arch].apply(config_target, strict: false)
+arch_srcs += t.sources()
+arch_deps += t.dependencies()
+
 if 'CONFIG_LINUX_USER' in config_target
   base_dir = 'linux-user'
   target_inc += include_directories('linux-user/host/' / 
config_host['ARCH'])
diff --git a/target/alpha/meson.build b/target/alpha/meson.build
index 1aec55abb4..1b0555d3ee 100644
--- a/target/alpha/meson.build
+++ b/target/alpha/meson.build
@@ -14,5 +14,8 @@ alpha_ss.add(files(
 alpha_softmmu_ss = ss.source_set()
 alpha_softmmu_ss.add(files('machine.c'))
 
+alpha_user_ss = ss.source_set()
+
 target_arch += {'alpha': alpha_ss}
 target_softmmu_arch += {'alpha': alpha_softmmu_ss}
+target_user_arch += {'alpha': alpha_user_ss}
diff --git a/target/arm/meson.build b/target/arm/meson.build
index 15b936c101..a96af5ee1b 100644
--- a/target/arm/meson.build
+++ b/target/arm/meson.build
@@ -53,6 +53,8 @@ arm_softmmu_ss.add(files(
   'monitor.c',
   'psci.c',
 ))
+arm_user_ss = ss.source_set()
 
 target_arch += {'arm': arm_ss}
 target_softmmu_arch += {'arm': arm_softmmu_ss}
+target_user_arch += {'arm': arm_user_ss}
diff --git a/target/cris/meson.build b/target/cris/meson.build
index 67c3793c85..7fd81e0348 100644
--- a/target/cris/meson.build
+++ b/target/cris/meson.build
@@ -10,5 +10,8 @@ cris_ss.add(files(
 cris_softmmu_ss = ss.source_set()
 cris_softmmu_ss.add(files('mmu.c', 'machine.c'))
 
+cris_user_ss = ss.source_set()
+
 target_arch += {'cris': cris_ss}
 target_softmmu_arch += {'cris': cris_softmmu_ss}
+target_user_arch += {'cris': cris_user_ss}
diff --git a/target/hexagon/meson.build b/target/hexagon/meson.build
index 15318a6fa7..e92d45400d 100644
--- a/target/hexagon/meson.build
+++ b/target/hexagon/meson.build
@@ -188,4 +188,7 @@ hexagon_ss.add(files(
 'conv_emu.c',
 ))
 
+hexagon_user_ss = ss.source_set()
+
 target_arch += {'hexagon': hexagon_ss}
+target_user_arch += {'hexagon': hexagon_user_ss}
diff --git a/target/hppa/meson.build b/target/hppa/meson.build
index 8a7ff82efc..85ad314671 100644
--- a/target/hppa/meson.build
+++ b/target/hppa/meson.build
@@ -15,5 +15,8 @@ hppa_ss.add(files(
 hppa_softmmu_ss = ss.source_set()
 hppa_softmmu_ss.add(files('machine.c'))
 
+hppa_user_ss = ss.source_set()
+
 target_arch += {'hppa': hppa_ss}
 target_softmmu_arch += {'hppa': hppa_softmmu_ss}
+target_user_arch += {'hppa': hppa_user_ss}
diff --git a/target/i386/meson.build b/target/i386/meson.build
index fd24479590..cac26a4581 100644
--- a/target/i386/meson.build
+++ b/target/i386/meson.build
@@ -19,6 +19,7 @@ i386_softmmu_ss.add(files(
   'machine.c',
   'monitor.c',
 ))
+i386_user_ss = ss.source_set()
 
 subdir('kvm')
 subdir('hax')
@@ -28,3 +29,4 @@ subdir('tcg')
 
 target_arch += {'i386': i386_ss}
 target_softmmu_arch += {'i386': i386_softmmu_ss}
+target_user_arch += {'i386': i386_user_ss}
diff --git a/target/m68k/meson.build b/target/m68k/meson.build
index 05cd9fbd1e..b507682684 100644
--- a/target/m68k/meson.build
+++ b/target/m68k/meson.build
@@ -13,5 +13,8 @@ m68k_ss.add(files(
 m68k_softmmu_ss = ss.source_set()
 m68k_softmmu_ss.add(files('monitor.c'))
 
+m68k_user_ss = ss.source_set()
+
 target_arch += {'m68k': m68k_ss}
 target_softmmu_arch += {'m68k': m68k_softmmu_ss}
+target_user_arch += {'m68k': m68k_user_ss}
diff --git a/target/microblaze/meson.build b/target/microblaze/meson.build
index 05ee0ec163..52d8fcb0a3 100644
--- a/target/

[PATCH v26 05/20] accel: introduce new accessor functions

[Claudio Fontana]

avoid open coding the accesses to cpu->accel_cpu interfaces,
and instead introduce:

accel_cpu_instance_init,
accel_cpu_realizefn

to be used by the targets/ initfn code,
and by cpu_exec_realizefn respectively.

Signed-off-by: Claudio Fontana 
Reviewed-by: Alex Bennée 
Reviewed-by: Richard Henderson 
---
 include/qemu/accel.h | 13 +
 accel/accel-common.c | 19 +++
 cpu.c|  6 +-
 target/i386/cpu.c|  9 ++---
 4 files changed, 35 insertions(+), 12 deletions(-)

diff --git a/include/qemu/accel.h b/include/qemu/accel.h
index b9d6d69eb8..da0c8ab523 100644
--- a/include/qemu/accel.h
+++ b/include/qemu/accel.h
@@ -78,4 +78,17 @@ int accel_init_machine(AccelState *accel, MachineState *ms);
 void accel_setup_post(MachineState *ms);
 #endif /* !CONFIG_USER_ONLY */
 
+/**
+ * accel_cpu_instance_init:
+ * @cpu: The CPU that needs to do accel-specific object initializations.
+ */
+void accel_cpu_instance_init(CPUState *cpu);
+
+/**
+ * accel_cpu_realizefn:
+ * @cpu: The CPU that needs to call accel-specific cpu realization.
+ * @errp: currently unused.
+ */
+void accel_cpu_realizefn(CPUState *cpu, Error **errp);
+
 #endif /* QEMU_ACCEL_H */
diff --git a/accel/accel-common.c b/accel/accel-common.c
index 9901b0531c..0f6fb4fb66 100644
--- a/accel/accel-common.c
+++ b/accel/accel-common.c
@@ -89,6 +89,25 @@ void accel_init_interfaces(AccelClass *ac)
 accel_init_cpu_interfaces(ac);
 }
 
+void accel_cpu_instance_init(CPUState *cpu)
+{
+CPUClass *cc = CPU_GET_CLASS(cpu);
+
+if (cc->accel_cpu && cc->accel_cpu->cpu_instance_init) {
+cc->accel_cpu->cpu_instance_init(cpu);
+}
+}
+
+void accel_cpu_realizefn(CPUState *cpu, Error **errp)
+{
+CPUClass *cc = CPU_GET_CLASS(cpu);
+
+if (cc->accel_cpu && cc->accel_cpu->cpu_realizefn) {
+/* NB: errp parameter is unused currently */
+cc->accel_cpu->cpu_realizefn(cpu, errp);
+}
+}
+
 static const TypeInfo accel_cpu_type = {
 .name = TYPE_ACCEL_CPU,
 .parent = TYPE_OBJECT,
diff --git a/cpu.c b/cpu.c
index ba5d272c1e..25e6fbfa2c 100644
--- a/cpu.c
+++ b/cpu.c
@@ -130,11 +130,7 @@ void cpu_exec_realizefn(CPUState *cpu, Error **errp)
 CPUClass *cc = CPU_GET_CLASS(cpu);
 
 cpu_list_add(cpu);
-
-if (cc->accel_cpu) {
-/* NB: errp parameter is unused currently */
-cc->accel_cpu->cpu_realizefn(cpu, errp);
-}
+accel_cpu_realizefn(cpu, errp);
 
 #ifdef CONFIG_TCG
 /* NB: errp parameter is unused currently */
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 6e2b5d7e59..14e2a60ee5 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -28,7 +28,6 @@
 #include "sysemu/kvm.h"
 #include "sysemu/reset.h"
 #include "sysemu/hvf.h"
-#include "hw/core/accel-cpu.h"
 #include "sysemu/xen.h"
 #include "sysemu/whpx.h"
 #include "kvm/kvm_i386.h"
@@ -6786,8 +6785,6 @@ static void x86_cpu_initfn(Object *obj)
 {
 X86CPU *cpu = X86_CPU(obj);
 X86CPUClass *xcc = X86_CPU_GET_CLASS(obj);
-CPUClass *cc = CPU_CLASS(xcc);
-
 CPUX86State *env = &cpu->env;
 
 env->nr_dies = 1;
@@ -6836,10 +6833,8 @@ static void x86_cpu_initfn(Object *obj)
 x86_cpu_load_model(cpu, xcc->model);
 }
 
-/* if required, do the accelerator-specific cpu initialization */
-if (cc->accel_cpu) {
-cc->accel_cpu->cpu_instance_init(CPU(obj));
-}
+/* if required, do accelerator-specific cpu initializations */
+accel_cpu_instance_init(CPU(obj));
 }
 
 static int64_t x86_cpu_get_arch_id(CPUState *cs)
-- 
2.26.2

[PATCH v26 13/20] i386: split misc helper user stubs and sysemu part

[Claudio Fontana]

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/i386/tcg/misc_helper.c| 463 ---
 target/i386/tcg/sysemu/misc_helper.c | 438 +
 target/i386/tcg/user/misc_stubs.c|  75 +
 target/i386/tcg/sysemu/meson.build   |   1 +
 target/i386/tcg/user/meson.build |   1 +
 5 files changed, 515 insertions(+), 463 deletions(-)
 create mode 100644 target/i386/tcg/sysemu/misc_helper.c
 create mode 100644 target/i386/tcg/user/misc_stubs.c

diff --git a/target/i386/tcg/misc_helper.c b/target/i386/tcg/misc_helper.c
index f02e4fd400..82fb7037ac 100644
--- a/target/i386/tcg/misc_helper.c
+++ b/target/i386/tcg/misc_helper.c
@@ -18,12 +18,9 @@
  */
 
 #include "qemu/osdep.h"
-#include "qemu/main-loop.h"
 #include "cpu.h"
 #include "exec/helper-proto.h"
 #include "exec/exec-all.h"
-#include "exec/cpu_ldst.h"
-#include "exec/address-spaces.h"
 #include "helper-tcg.h"
 
 /*
@@ -39,69 +36,6 @@ void cpu_load_eflags(CPUX86State *env, int eflags, int 
update_mask)
 (eflags & update_mask) | 0x2;
 }
 
-void helper_outb(CPUX86State *env, uint32_t port, uint32_t data)
-{
-#ifdef CONFIG_USER_ONLY
-fprintf(stderr, "outb: port=0x%04x, data=%02x\n", port, data);
-#else
-address_space_stb(&address_space_io, port, data,
-  cpu_get_mem_attrs(env), NULL);
-#endif
-}
-
-target_ulong helper_inb(CPUX86State *env, uint32_t port)
-{
-#ifdef CONFIG_USER_ONLY
-fprintf(stderr, "inb: port=0x%04x\n", port);
-return 0;
-#else
-return address_space_ldub(&address_space_io, port,
-  cpu_get_mem_attrs(env), NULL);
-#endif
-}
-
-void helper_outw(CPUX86State *env, uint32_t port, uint32_t data)
-{
-#ifdef CONFIG_USER_ONLY
-fprintf(stderr, "outw: port=0x%04x, data=%04x\n", port, data);
-#else
-address_space_stw(&address_space_io, port, data,
-  cpu_get_mem_attrs(env), NULL);
-#endif
-}
-
-target_ulong helper_inw(CPUX86State *env, uint32_t port)
-{
-#ifdef CONFIG_USER_ONLY
-fprintf(stderr, "inw: port=0x%04x\n", port);
-return 0;
-#else
-return address_space_lduw(&address_space_io, port,
-  cpu_get_mem_attrs(env), NULL);
-#endif
-}
-
-void helper_outl(CPUX86State *env, uint32_t port, uint32_t data)
-{
-#ifdef CONFIG_USER_ONLY
-fprintf(stderr, "outl: port=0x%04x, data=%08x\n", port, data);
-#else
-address_space_stl(&address_space_io, port, data,
-  cpu_get_mem_attrs(env), NULL);
-#endif
-}
-
-target_ulong helper_inl(CPUX86State *env, uint32_t port)
-{
-#ifdef CONFIG_USER_ONLY
-fprintf(stderr, "inl: port=0x%04x\n", port);
-return 0;
-#else
-return address_space_ldl(&address_space_io, port,
- cpu_get_mem_attrs(env), NULL);
-#endif
-}
-
 void helper_into(CPUX86State *env, int next_eip_addend)
 {
 int eflags;
@@ -126,64 +60,6 @@ void helper_cpuid(CPUX86State *env)
 env->regs[R_EDX] = edx;
 }
 
-#if defined(CONFIG_USER_ONLY)
-target_ulong helper_read_crN(CPUX86State *env, int reg)
-{
-return 0;
-}
-
-void helper_write_crN(CPUX86State *env, int reg, target_ulong t0)
-{
-}
-#else
-target_ulong helper_read_crN(CPUX86State *env, int reg)
-{
-target_ulong val;
-
-cpu_svm_check_intercept_param(env, SVM_EXIT_READ_CR0 + reg, 0, GETPC());
-switch (reg) {
-default:
-val = env->cr[reg];
-break;
-case 8:
-if (!(env->hflags2 & HF2_VINTR_MASK)) {
-val = cpu_get_apic_tpr(env_archcpu(env)->apic_state);
-} else {
-val = env->v_tpr;
-}
-break;
-}
-return val;
-}
-
-void helper_write_crN(CPUX86State *env, int reg, target_ulong t0)
-{
-cpu_svm_check_intercept_param(env, SVM_EXIT_WRITE_CR0 + reg, 0, GETPC());
-switch (reg) {
-case 0:
-cpu_x86_update_cr0(env, t0);
-break;
-case 3:
-cpu_x86_update_cr3(env, t0);
-break;
-case 4:
-cpu_x86_update_cr4(env, t0);
-break;
-case 8:
-if (!(env->hflags2 & HF2_VINTR_MASK)) {
-qemu_mutex_lock_iothread();
-cpu_set_apic_tpr(env_archcpu(env)->apic_state, t0);
-qemu_mutex_unlock_iothread();
-}
-env->v_tpr = t0 & 0x0f;
-break;
-default:
-env->cr[reg] = t0;
-break;
-}
-}
-#endif
-
 void helper_lmsw(CPUX86State *env, target_ulong t0)
 {
 /* only 4 lower bits of CR0 are modified. PE cannot be set to zero
@@ -232,345 +108,6 @@ void helper_rdpmc(CPUX86State *env)
 raise_exception_err(env, EXCP06_ILLOP, 0);
 }
 
-#if defined(CONFIG_USER_ONLY)
-void helper_wrmsr(CPUX86State *env)
-{
-}
-
-void helper_rdmsr(CPUX86State *env)
-{
-}
-#else
-void helper_wrmsr(CPUX86State *env)
-{
-uint64_t val;
-CPUState *cs = env_cpu(env);
-
-cpu_svm_check_intercept_param(env, SVM_EXIT_MSR, 1, GETPC());
-
-val = ((uint32_t)env->regs[R_EAX]) |
-((uint64_t)((uint32_t)env->regs[R_EDX]) << 32);

[PATCH v26 09/20] i386: split off sysemu-only functionality in tcg-cpu

[Claudio Fontana]

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/i386/tcg/tcg-cpu.h  | 24 +
 target/i386/tcg/sysemu/tcg-cpu.c   | 83 ++
 target/i386/tcg/tcg-cpu.c  | 75 ++-
 target/i386/tcg/meson.build|  3 ++
 target/i386/tcg/sysemu/meson.build |  3 ++
 target/i386/tcg/user/meson.build   |  2 +
 6 files changed, 119 insertions(+), 71 deletions(-)
 create mode 100644 target/i386/tcg/tcg-cpu.h
 create mode 100644 target/i386/tcg/sysemu/tcg-cpu.c
 create mode 100644 target/i386/tcg/sysemu/meson.build
 create mode 100644 target/i386/tcg/user/meson.build

diff --git a/target/i386/tcg/tcg-cpu.h b/target/i386/tcg/tcg-cpu.h
new file mode 100644
index 00..36bd300af0
--- /dev/null
+++ b/target/i386/tcg/tcg-cpu.h
@@ -0,0 +1,24 @@
+/*
+ * i386 TCG cpu class initialization functions
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+#ifndef TCG_CPU_H
+#define TCG_CPU_H
+
+bool tcg_cpu_realizefn(CPUState *cs, Error **errp);
+
+#endif /* TCG_CPU_H */
diff --git a/target/i386/tcg/sysemu/tcg-cpu.c b/target/i386/tcg/sysemu/tcg-cpu.c
new file mode 100644
index 00..c223c0fe9b
--- /dev/null
+++ b/target/i386/tcg/sysemu/tcg-cpu.c
@@ -0,0 +1,83 @@
+/*
+ * i386 TCG cpu class initialization functions specific to sysemu
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "tcg/helper-tcg.h"
+
+#include "sysemu/sysemu.h"
+#include "qemu/units.h"
+#include "exec/address-spaces.h"
+
+#include "tcg/tcg-cpu.h"
+
+static void tcg_cpu_machine_done(Notifier *n, void *unused)
+{
+X86CPU *cpu = container_of(n, X86CPU, machine_done);
+MemoryRegion *smram =
+(MemoryRegion *) object_resolve_path("/machine/smram", NULL);
+
+if (smram) {
+cpu->smram = g_new(MemoryRegion, 1);
+memory_region_init_alias(cpu->smram, OBJECT(cpu), "smram",
+ smram, 0, 4 * GiB);
+memory_region_set_enabled(cpu->smram, true);
+memory_region_add_subregion_overlap(cpu->cpu_as_root, 0,
+cpu->smram, 1);
+}
+}
+
+bool tcg_cpu_realizefn(CPUState *cs, Error **errp)
+{
+X86CPU *cpu = X86_CPU(cs);
+
+/*
+ * The realize order is important, since x86_cpu_realize() checks if
+ * nothing else has been set by the user (or by accelerators) in
+ * cpu->ucode_rev and cpu->phys_bits, and the memory regions
+ * initialized here are needed for the vcpu initialization.
+ *
+ * realize order:
+ * tcg_cpu -> host_cpu -> x86_cpu
+ */
+cpu->cpu_as_mem = g_new(MemoryRegion, 1);
+cpu->cpu_as_root = g_new(MemoryRegion, 1);
+
+/* Outer container... */
+memory_region_init(cpu->cpu_as_root, OBJECT(cpu), "memory", ~0ull);
+memory_region_set_enabled(cpu->cpu_as_root, true);
+
+/*
+ * ... with two regions inside: normal system memory with low
+ * priority, and...
+ */
+memory_region_init_alias(cpu->cpu_as_mem, OBJECT(cpu), "memory",
+ get_system_memory(), 0, ~0ull);
+memory_region_add_subregion_overlap(cpu->cpu_as_root, 0, cpu->cpu_as_mem, 
0);
+memory_region_set_enabled(cpu->cpu_as_mem, true);
+
+cs->num_ases = 2;
+cpu_address_space_init(cs, 0, "cpu-memory", cs->memory);
+cpu_address_space_init(cs, 1, "cpu-smm", cpu->cpu_as_root);
+
+/* ... SMRAM with higher priority, linked from /machine/smram.  */
+cpu->machine_done.notify = tcg_cpu_machine_done;
+qemu_add_machine_init_done_notifier(&cpu->machine_done);
+return true;
+}
diff --git a/tar

[PATCH v26 10/20] i386: split smm helper (sysemu)

[Claudio Fontana]

smm is only really useful for sysemu, split in two modules
around the CONFIG_USER_ONLY, in order to remove the ifdef
and use the build system instead.

add cpu_abort() when detecting attempts to enter SMM mode via
SMI interrupt in user-mode, and assert that the cpu is not
in SMM mode while translating RSM instructions.

Signed-off-by: Claudio Fontana 
Cc: Paolo Bonzini 
Reviewed-by: Richard Henderson 
---
 target/i386/helper.h  |  4 
 target/i386/tcg/seg_helper.c  |  4 
 target/i386/tcg/{ => sysemu}/smm_helper.c | 19 ++-
 target/i386/tcg/translate.c   |  5 +
 target/i386/tcg/meson.build   |  1 -
 target/i386/tcg/sysemu/meson.build|  1 +
 6 files changed, 16 insertions(+), 18 deletions(-)
 rename target/i386/tcg/{ => sysemu}/smm_helper.c (98%)

diff --git a/target/i386/helper.h b/target/i386/helper.h
index c2ae2f7e61..8ffda4cdc6 100644
--- a/target/i386/helper.h
+++ b/target/i386/helper.h
@@ -70,7 +70,11 @@ DEF_HELPER_1(clac, void, env)
 DEF_HELPER_1(stac, void, env)
 DEF_HELPER_3(boundw, void, env, tl, int)
 DEF_HELPER_3(boundl, void, env, tl, int)
+
+#ifndef CONFIG_USER_ONLY
 DEF_HELPER_1(rsm, void, env)
+#endif /* !CONFIG_USER_ONLY */
+
 DEF_HELPER_2(into, void, env, int)
 DEF_HELPER_2(cmpxchg8b_unlocked, void, env, tl)
 DEF_HELPER_2(cmpxchg8b, void, env, tl)
diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c
index 180d47f0e9..d04fbdd7cd 100644
--- a/target/i386/tcg/seg_helper.c
+++ b/target/i386/tcg/seg_helper.c
@@ -1351,7 +1351,11 @@ bool x86_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
 case CPU_INTERRUPT_SMI:
 cpu_svm_check_intercept_param(env, SVM_EXIT_SMI, 0, 0);
 cs->interrupt_request &= ~CPU_INTERRUPT_SMI;
+#ifdef CONFIG_USER_ONLY
+cpu_abort(CPU(cpu), "SMI interrupt: cannot enter SMM in user-mode");
+#else
 do_smm_enter(cpu);
+#endif /* CONFIG_USER_ONLY */
 break;
 case CPU_INTERRUPT_NMI:
 cpu_svm_check_intercept_param(env, SVM_EXIT_NMI, 0, 0);
diff --git a/target/i386/tcg/smm_helper.c b/target/i386/tcg/sysemu/smm_helper.c
similarity index 98%
rename from target/i386/tcg/smm_helper.c
rename to target/i386/tcg/sysemu/smm_helper.c
index 62d027abd3..a45b5651c3 100644
--- a/target/i386/tcg/smm_helper.c
+++ b/target/i386/tcg/sysemu/smm_helper.c
@@ -1,5 +1,5 @@
 /*
- *  x86 SMM helpers
+ *  x86 SMM helpers (sysemu-only)
  *
  *  Copyright (c) 2003 Fabrice Bellard
  *
@@ -18,27 +18,14 @@
  */
 
 #include "qemu/osdep.h"
-#include "qemu/main-loop.h"
 #include "cpu.h"
 #include "exec/helper-proto.h"
 #include "exec/log.h"
-#include "helper-tcg.h"
+#include "tcg/helper-tcg.h"
 
 
 /* SMM support */
 
-#if defined(CONFIG_USER_ONLY)
-
-void do_smm_enter(X86CPU *cpu)
-{
-}
-
-void helper_rsm(CPUX86State *env)
-{
-}
-
-#else
-
 #ifdef TARGET_X86_64
 #define SMM_REVISION_ID 0x00020064
 #else
@@ -330,5 +317,3 @@ void helper_rsm(CPUX86State *env)
 qemu_log_mask(CPU_LOG_INT, "SMM: after RSM\n");
 log_cpu_state_mask(CPU_LOG_INT, CPU(cpu), CPU_DUMP_CCOP);
 }
-
-#endif /* !CONFIG_USER_ONLY */
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index af1faf9342..b882041ef0 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -8319,9 +8319,14 @@ static target_ulong disas_insn(DisasContext *s, CPUState 
*cpu)
 gen_svm_check_intercept(s, pc_start, SVM_EXIT_RSM);
 if (!(s->flags & HF_SMM_MASK))
 goto illegal_op;
+#ifdef CONFIG_USER_ONLY
+/* we should not be in SMM mode */
+g_assert_not_reached();
+#else
 gen_update_cc_op(s);
 gen_jmp_im(s, s->pc - s->cs_base);
 gen_helper_rsm(cpu_env);
+#endif /* CONFIG_USER_ONLY */
 gen_eob(s);
 break;
 case 0x1b8: /* SSE4.2 popcnt */
diff --git a/target/i386/tcg/meson.build b/target/i386/tcg/meson.build
index 320bcd1e46..449d9719ef 100644
--- a/target/i386/tcg/meson.build
+++ b/target/i386/tcg/meson.build
@@ -8,7 +8,6 @@ i386_ss.add(when: 'CONFIG_TCG', if_true: files(
   'misc_helper.c',
   'mpx_helper.c',
   'seg_helper.c',
-  'smm_helper.c',
   'svm_helper.c',
   'tcg-cpu.c',
   'translate.c'), if_false: files('tcg-stub.c'))
diff --git a/target/i386/tcg/sysemu/meson.build 
b/target/i386/tcg/sysemu/meson.build
index 4ab30cc32e..35ba16dc3d 100644
--- a/target/i386/tcg/sysemu/meson.build
+++ b/target/i386/tcg/sysemu/meson.build
@@ -1,3 +1,4 @@
 i386_softmmu_ss.add(when: ['CONFIG_TCG', 'CONFIG_SOFTMMU'], if_true: files(
   'tcg-cpu.c',
+  'smm_helper.c',
 ))
-- 
2.26.2

[PATCH v26 06/20] target/i386: fix host_cpu_adjust_phys_bits error handling

[Claudio Fontana]

move the check for phys_bits outside of host_cpu_adjust_phys_bits,
because otherwise it is impossible to return an error condition
explicitly.

Signed-off-by: Claudio Fontana 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alex Bennée 
Reviewed-by: Richard Henderson 
---
 target/i386/host-cpu.c | 22 --
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/target/i386/host-cpu.c b/target/i386/host-cpu.c
index 9cfe56ce41..d07d41c34c 100644
--- a/target/i386/host-cpu.c
+++ b/target/i386/host-cpu.c
@@ -50,7 +50,7 @@ static void host_cpu_enable_cpu_pm(X86CPU *cpu)
 env->features[FEAT_1_ECX] |= CPUID_EXT_MONITOR;
 }
 
-static uint32_t host_cpu_adjust_phys_bits(X86CPU *cpu, Error **errp)
+static uint32_t host_cpu_adjust_phys_bits(X86CPU *cpu)
 {
 uint32_t host_phys_bits = host_cpu_phys_bits();
 uint32_t phys_bits = cpu->phys_bits;
@@ -77,14 +77,6 @@ static uint32_t host_cpu_adjust_phys_bits(X86CPU *cpu, Error 
**errp)
 }
 }
 
-if (phys_bits &&
-(phys_bits > TARGET_PHYS_ADDR_SPACE_BITS ||
- phys_bits < 32)) {
-error_setg(errp, "phys-bits should be between 32 and %u "
-   " (but is %u)",
-   TARGET_PHYS_ADDR_SPACE_BITS, phys_bits);
-}
-
 return phys_bits;
 }
 
@@ -97,7 +89,17 @@ void host_cpu_realizefn(CPUState *cs, Error **errp)
 host_cpu_enable_cpu_pm(cpu);
 }
 if (env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM) {
-cpu->phys_bits = host_cpu_adjust_phys_bits(cpu, errp);
+uint32_t phys_bits = host_cpu_adjust_phys_bits(cpu);
+
+if (phys_bits &&
+(phys_bits > TARGET_PHYS_ADDR_SPACE_BITS ||
+ phys_bits < 32)) {
+error_setg(errp, "phys-bits should be between 32 and %u "
+   " (but is %u)",
+   TARGET_PHYS_ADDR_SPACE_BITS, phys_bits);
+return;
+}
+cpu->phys_bits = phys_bits;
 }
 }
 
-- 
2.26.2

[PATCH v26 19/20] target/i386: gdbstub: only write CR0/CR2/CR3/EFER for sysemu

[Claudio Fontana]

Signed-off-by: Claudio Fontana 
Cc: Paolo Bonzini 
Reviewed-by: Richard Henderson 
---
 target/i386/gdbstub.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/target/i386/gdbstub.c b/target/i386/gdbstub.c
index 4ad1295425..098a2ad15a 100644
--- a/target/i386/gdbstub.c
+++ b/target/i386/gdbstub.c
@@ -351,22 +351,30 @@ int x86_cpu_gdb_write_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 
 case IDX_CTL_CR0_REG:
 len = gdb_write_reg_cs64(env->hflags, mem_buf, &tmp);
+#ifndef CONFIG_USER_ONLY
 cpu_x86_update_cr0(env, tmp);
+#endif
 return len;
 
 case IDX_CTL_CR2_REG:
 len = gdb_write_reg_cs64(env->hflags, mem_buf, &tmp);
+#ifndef CONFIG_USER_ONLY
 env->cr[2] = tmp;
+#endif
 return len;
 
 case IDX_CTL_CR3_REG:
 len = gdb_write_reg_cs64(env->hflags, mem_buf, &tmp);
+#ifndef CONFIG_USER_ONLY
 cpu_x86_update_cr3(env, tmp);
+#endif
 return len;
 
 case IDX_CTL_CR4_REG:
 len = gdb_write_reg_cs64(env->hflags, mem_buf, &tmp);
+#ifndef CONFIG_USER_ONLY
 cpu_x86_update_cr4(env, tmp);
+#endif
 return len;
 
 case IDX_CTL_CR8_REG:
@@ -378,7 +386,9 @@ int x86_cpu_gdb_write_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 
 case IDX_CTL_EFER_REG:
 len = gdb_write_reg_cs64(env->hflags, mem_buf, &tmp);
+#ifndef CONFIG_USER_ONLY
 cpu_load_efer(env, tmp);
+#endif
 return len;
 }
 }
-- 
2.26.2

[PATCH v26 07/20] accel-cpu: make cpu_realizefn return a bool

[Claudio Fontana]

overall, all devices' realize functions take an Error **errp, but return void.

hw/core/qdev.c code, which realizes devices, therefore does:

local_err = NULL;
dc->realize(dev, &local_err);
if (local_err != NULL) {
goto fail;
}

However, we can improve at least accel_cpu to return a meaningful bool value.

Signed-off-by: Claudio Fontana 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alex Bennée 
Reviewed-by: Richard Henderson 
---
 include/hw/core/accel-cpu.h | 2 +-
 include/qemu/accel.h| 2 +-
 target/i386/host-cpu.h  | 2 +-
 accel/accel-common.c| 6 +++---
 cpu.c   | 5 +++--
 target/i386/host-cpu.c  | 5 +++--
 target/i386/kvm/kvm-cpu.c   | 4 ++--
 target/i386/tcg/tcg-cpu.c   | 6 --
 8 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/include/hw/core/accel-cpu.h b/include/hw/core/accel-cpu.h
index 24a6697412..5dbfd79955 100644
--- a/include/hw/core/accel-cpu.h
+++ b/include/hw/core/accel-cpu.h
@@ -32,7 +32,7 @@ typedef struct AccelCPUClass {
 
 void (*cpu_class_init)(CPUClass *cc);
 void (*cpu_instance_init)(CPUState *cpu);
-void (*cpu_realizefn)(CPUState *cpu, Error **errp);
+bool (*cpu_realizefn)(CPUState *cpu, Error **errp);
 } AccelCPUClass;
 
 #endif /* ACCEL_CPU_H */
diff --git a/include/qemu/accel.h b/include/qemu/accel.h
index da0c8ab523..4f4c283f6f 100644
--- a/include/qemu/accel.h
+++ b/include/qemu/accel.h
@@ -89,6 +89,6 @@ void accel_cpu_instance_init(CPUState *cpu);
  * @cpu: The CPU that needs to call accel-specific cpu realization.
  * @errp: currently unused.
  */
-void accel_cpu_realizefn(CPUState *cpu, Error **errp);
+bool accel_cpu_realizefn(CPUState *cpu, Error **errp);
 
 #endif /* QEMU_ACCEL_H */
diff --git a/target/i386/host-cpu.h b/target/i386/host-cpu.h
index b47bc0943f..6a9bc918ba 100644
--- a/target/i386/host-cpu.h
+++ b/target/i386/host-cpu.h
@@ -12,7 +12,7 @@
 
 void host_cpu_instance_init(X86CPU *cpu);
 void host_cpu_max_instance_init(X86CPU *cpu);
-void host_cpu_realizefn(CPUState *cs, Error **errp);
+bool host_cpu_realizefn(CPUState *cs, Error **errp);
 
 void host_cpu_vendor_fms(char *vendor, int *family, int *model, int *stepping);
 
diff --git a/accel/accel-common.c b/accel/accel-common.c
index 0f6fb4fb66..d77c09d7b5 100644
--- a/accel/accel-common.c
+++ b/accel/accel-common.c
@@ -98,14 +98,14 @@ void accel_cpu_instance_init(CPUState *cpu)
 }
 }
 
-void accel_cpu_realizefn(CPUState *cpu, Error **errp)
+bool accel_cpu_realizefn(CPUState *cpu, Error **errp)
 {
 CPUClass *cc = CPU_GET_CLASS(cpu);
 
 if (cc->accel_cpu && cc->accel_cpu->cpu_realizefn) {
-/* NB: errp parameter is unused currently */
-cc->accel_cpu->cpu_realizefn(cpu, errp);
+return cc->accel_cpu->cpu_realizefn(cpu, errp);
 }
+return true;
 }
 
 static const TypeInfo accel_cpu_type = {
diff --git a/cpu.c b/cpu.c
index 25e6fbfa2c..34a0484bf4 100644
--- a/cpu.c
+++ b/cpu.c
@@ -130,8 +130,9 @@ void cpu_exec_realizefn(CPUState *cpu, Error **errp)
 CPUClass *cc = CPU_GET_CLASS(cpu);
 
 cpu_list_add(cpu);
-accel_cpu_realizefn(cpu, errp);
-
+if (!accel_cpu_realizefn(cpu, errp)) {
+return;
+}
 #ifdef CONFIG_TCG
 /* NB: errp parameter is unused currently */
 if (tcg_enabled()) {
diff --git a/target/i386/host-cpu.c b/target/i386/host-cpu.c
index d07d41c34c..4ea9e354ea 100644
--- a/target/i386/host-cpu.c
+++ b/target/i386/host-cpu.c
@@ -80,7 +80,7 @@ static uint32_t host_cpu_adjust_phys_bits(X86CPU *cpu)
 return phys_bits;
 }
 
-void host_cpu_realizefn(CPUState *cs, Error **errp)
+bool host_cpu_realizefn(CPUState *cs, Error **errp)
 {
 X86CPU *cpu = X86_CPU(cs);
 CPUX86State *env = &cpu->env;
@@ -97,10 +97,11 @@ void host_cpu_realizefn(CPUState *cs, Error **errp)
 error_setg(errp, "phys-bits should be between 32 and %u "
" (but is %u)",
TARGET_PHYS_ADDR_SPACE_BITS, phys_bits);
-return;
+return false;
 }
 cpu->phys_bits = phys_bits;
 }
+return true;
 }
 
 #define CPUID_MODEL_ID_SZ 48
diff --git a/target/i386/kvm/kvm-cpu.c b/target/i386/kvm/kvm-cpu.c
index c23bbe6c50..c660ad4293 100644
--- a/target/i386/kvm/kvm-cpu.c
+++ b/target/i386/kvm/kvm-cpu.c
@@ -18,7 +18,7 @@
 #include "kvm_i386.h"
 #include "hw/core/accel-cpu.h"
 
-static void kvm_cpu_realizefn(CPUState *cs, Error **errp)
+static bool kvm_cpu_realizefn(CPUState *cs, Error **errp)
 {
 X86CPU *cpu = X86_CPU(cs);
 CPUX86State *env = &cpu->env;
@@ -41,7 +41,7 @@ static void kvm_cpu_realizefn(CPUState *cs, Error **errp)
MSR_IA32_UCODE_REV);
 }
 }
-host_cpu_realizefn(cs, errp);
+return host_cpu_realizefn(cs, errp);
 }
 
 /*
diff --git a/target/i386/tcg/tcg-cpu.c b/target/i386/tcg/tcg-cpu.c
index 1d3d6d1c6a..23e1f5f0c3 100644
--- a/target/i386/tcg/tcg-cpu.c
+++ b/target/i386/tcg/tcg-cpu.c
@@ -96,7 +96,7 @@ static voi

[PATCH v26 11/20] i386: split tcg excp_helper into sysemu and user parts

[Claudio Fontana]

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/i386/tcg/excp_helper.c| 572 --
 target/i386/tcg/sysemu/excp_helper.c | 581 +++
 target/i386/tcg/user/excp_helper.c   |  39 ++
 target/i386/tcg/sysemu/meson.build   |   1 +
 target/i386/tcg/user/meson.build |   1 +
 5 files changed, 622 insertions(+), 572 deletions(-)
 create mode 100644 target/i386/tcg/sysemu/excp_helper.c
 create mode 100644 target/i386/tcg/user/excp_helper.c

diff --git a/target/i386/tcg/excp_helper.c b/target/i386/tcg/excp_helper.c
index b7d6259e4a..0183f3932e 100644
--- a/target/i386/tcg/excp_helper.c
+++ b/target/i386/tcg/excp_helper.c
@@ -137,575 +137,3 @@ void raise_exception_ra(CPUX86State *env, int 
exception_index, uintptr_t retaddr
 {
 raise_interrupt2(env, exception_index, 0, 0, 0, retaddr);
 }
-
-#if !defined(CONFIG_USER_ONLY)
-static hwaddr get_hphys(CPUState *cs, hwaddr gphys, MMUAccessType access_type,
-int *prot)
-{
-CPUX86State *env = &X86_CPU(cs)->env;
-uint64_t rsvd_mask = PG_HI_RSVD_MASK;
-uint64_t ptep, pte;
-uint64_t exit_info_1 = 0;
-target_ulong pde_addr, pte_addr;
-uint32_t page_offset;
-int page_size;
-
-if (likely(!(env->hflags2 & HF2_NPT_MASK))) {
-return gphys;
-}
-
-if (!(env->nested_pg_mode & SVM_NPT_NXE)) {
-rsvd_mask |= PG_NX_MASK;
-}
-
-if (env->nested_pg_mode & SVM_NPT_PAE) {
-uint64_t pde, pdpe;
-target_ulong pdpe_addr;
-
-#ifdef TARGET_X86_64
-if (env->nested_pg_mode & SVM_NPT_LMA) {
-uint64_t pml5e;
-uint64_t pml4e_addr, pml4e;
-
-pml5e = env->nested_cr3;
-ptep = PG_NX_MASK | PG_USER_MASK | PG_RW_MASK;
-
-pml4e_addr = (pml5e & PG_ADDRESS_MASK) +
-(((gphys >> 39) & 0x1ff) << 3);
-pml4e = x86_ldq_phys(cs, pml4e_addr);
-if (!(pml4e & PG_PRESENT_MASK)) {
-goto do_fault;
-}
-if (pml4e & (rsvd_mask | PG_PSE_MASK)) {
-goto do_fault_rsvd;
-}
-if (!(pml4e & PG_ACCESSED_MASK)) {
-pml4e |= PG_ACCESSED_MASK;
-x86_stl_phys_notdirty(cs, pml4e_addr, pml4e);
-}
-ptep &= pml4e ^ PG_NX_MASK;
-pdpe_addr = (pml4e & PG_ADDRESS_MASK) +
-(((gphys >> 30) & 0x1ff) << 3);
-pdpe = x86_ldq_phys(cs, pdpe_addr);
-if (!(pdpe & PG_PRESENT_MASK)) {
-goto do_fault;
-}
-if (pdpe & rsvd_mask) {
-goto do_fault_rsvd;
-}
-ptep &= pdpe ^ PG_NX_MASK;
-if (!(pdpe & PG_ACCESSED_MASK)) {
-pdpe |= PG_ACCESSED_MASK;
-x86_stl_phys_notdirty(cs, pdpe_addr, pdpe);
-}
-if (pdpe & PG_PSE_MASK) {
-/* 1 GB page */
-page_size = 1024 * 1024 * 1024;
-pte_addr = pdpe_addr;
-pte = pdpe;
-goto do_check_protect;
-}
-} else
-#endif
-{
-pdpe_addr = (env->nested_cr3 & ~0x1f) + ((gphys >> 27) & 0x18);
-pdpe = x86_ldq_phys(cs, pdpe_addr);
-if (!(pdpe & PG_PRESENT_MASK)) {
-goto do_fault;
-}
-rsvd_mask |= PG_HI_USER_MASK;
-if (pdpe & (rsvd_mask | PG_NX_MASK)) {
-goto do_fault_rsvd;
-}
-ptep = PG_NX_MASK | PG_USER_MASK | PG_RW_MASK;
-}
-
-pde_addr = (pdpe & PG_ADDRESS_MASK) + (((gphys >> 21) & 0x1ff) << 3);
-pde = x86_ldq_phys(cs, pde_addr);
-if (!(pde & PG_PRESENT_MASK)) {
-goto do_fault;
-}
-if (pde & rsvd_mask) {
-goto do_fault_rsvd;
-}
-ptep &= pde ^ PG_NX_MASK;
-if (pde & PG_PSE_MASK) {
-/* 2 MB page */
-page_size = 2048 * 1024;
-pte_addr = pde_addr;
-pte = pde;
-goto do_check_protect;
-}
-/* 4 KB page */
-if (!(pde & PG_ACCESSED_MASK)) {
-pde |= PG_ACCESSED_MASK;
-x86_stl_phys_notdirty(cs, pde_addr, pde);
-}
-pte_addr = (pde & PG_ADDRESS_MASK) + (((gphys >> 12) & 0x1ff) << 3);
-pte = x86_ldq_phys(cs, pte_addr);
-if (!(pte & PG_PRESENT_MASK)) {
-goto do_fault;
-}
-if (pte & rsvd_mask) {
-goto do_fault_rsvd;
-}
-/* combine pde and pte nx, user and rw protections */
-ptep &= pte ^ PG_NX_MASK;
-page_size = 4096;
-} else {
-uint32_t pde;
-
-/* page directory entry */
-pde_addr = (env->nested_cr3 & ~0xfff) + ((gphys >> 20) & 0xffc);
-pde = x86_ldl_phys(cs, pde_addr);
-if (!(pde & PG_PRESENT_MASK)) {
-goto do_fault;
-}
-ptep = pde |

[PATCH v26 15/20] i386: split svm_helper into sysemu and stub-only user

[Claudio Fontana]

For now we just copy over the previous user stubs, but really,

everything that requires s->cpl == 0 should be impossible
to trigger from user-mode emulation.

Later on we should add a check that asserts this easily f.e.:

static bool check_cpl0(DisasContext *s)
{
 int cpl = s->cpl;
 #ifdef CONFIG_USER_ONLY
 assert(cpl == 3);
 #endif
 if (cpl != 0) {
 gen_exception(s, EXCP0D_GPF, s->pc_start - s->cs_base);
 return false;
 }
 return true;
}

Signed-off-by: Claudio Fontana 
Cc: Paolo Bonzini 
Reviewed-by: Richard Henderson 
---
 target/i386/tcg/{ => sysemu}/svm_helper.c | 62 +-
 target/i386/tcg/user/svm_stubs.c  | 76 +++
 target/i386/tcg/meson.build   |  1 -
 target/i386/tcg/sysemu/meson.build|  1 +
 target/i386/tcg/user/meson.build  |  1 +
 5 files changed, 80 insertions(+), 61 deletions(-)
 rename target/i386/tcg/{ => sysemu}/svm_helper.c (96%)
 create mode 100644 target/i386/tcg/user/svm_stubs.c

diff --git a/target/i386/tcg/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c
similarity index 96%
rename from target/i386/tcg/svm_helper.c
rename to target/i386/tcg/sysemu/svm_helper.c
index 097bb9b83d..5b9c6f18be 100644
--- a/target/i386/tcg/svm_helper.c
+++ b/target/i386/tcg/sysemu/svm_helper.c
@@ -1,5 +1,5 @@
 /*
- *  x86 SVM helpers
+ *  x86 SVM helpers (sysemu only)
  *
  *  Copyright (c) 2003 Fabrice Bellard
  *
@@ -22,66 +22,10 @@
 #include "exec/helper-proto.h"
 #include "exec/exec-all.h"
 #include "exec/cpu_ldst.h"
-#include "helper-tcg.h"
+#include "tcg/helper-tcg.h"
 
 /* Secure Virtual Machine helpers */
 
-#if defined(CONFIG_USER_ONLY)
-
-void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
-{
-}
-
-void helper_vmmcall(CPUX86State *env)
-{
-}
-
-void helper_vmload(CPUX86State *env, int aflag)
-{
-}
-
-void helper_vmsave(CPUX86State *env, int aflag)
-{
-}
-
-void helper_stgi(CPUX86State *env)
-{
-}
-
-void helper_clgi(CPUX86State *env)
-{
-}
-
-void helper_skinit(CPUX86State *env)
-{
-}
-
-void helper_invlpga(CPUX86State *env, int aflag)
-{
-}
-
-void cpu_vmexit(CPUX86State *nenv, uint32_t exit_code, uint64_t exit_info_1,
-uintptr_t retaddr)
-{
-assert(0);
-}
-
-void helper_svm_check_intercept_param(CPUX86State *env, uint32_t type,
-  uint64_t param)
-{
-}
-
-void cpu_svm_check_intercept_param(CPUX86State *env, uint32_t type,
-   uint64_t param, uintptr_t retaddr)
-{
-}
-
-void helper_svm_check_io(CPUX86State *env, uint32_t port, uint32_t param,
- uint32_t next_eip_addend)
-{
-}
-#else
-
 static inline void svm_save_seg(CPUX86State *env, hwaddr addr,
 const SegmentCache *sc)
 {
@@ -797,5 +741,3 @@ void do_vmexit(CPUX86State *env, uint32_t exit_code, 
uint64_t exit_info_1)
host's code segment or non-canonical (in the case of long mode), a
#GP fault is delivered inside the host. */
 }
-
-#endif
diff --git a/target/i386/tcg/user/svm_stubs.c b/target/i386/tcg/user/svm_stubs.c
new file mode 100644
index 00..97528b56ad
--- /dev/null
+++ b/target/i386/tcg/user/svm_stubs.c
@@ -0,0 +1,76 @@
+/*
+ *  x86 SVM helpers (user-mode)
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "exec/helper-proto.h"
+#include "tcg/helper-tcg.h"
+
+void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
+{
+}
+
+void helper_vmmcall(CPUX86State *env)
+{
+}
+
+void helper_vmload(CPUX86State *env, int aflag)
+{
+}
+
+void helper_vmsave(CPUX86State *env, int aflag)
+{
+}
+
+void helper_stgi(CPUX86State *env)
+{
+}
+
+void helper_clgi(CPUX86State *env)
+{
+}
+
+void helper_skinit(CPUX86State *env)
+{
+}
+
+void helper_invlpga(CPUX86State *env, int aflag)
+{
+}
+
+void cpu_vmexit(CPUX86State *nenv, uint32_t exit_code, uint64_t exit_info_1,
+uintptr_t retaddr)
+{
+assert(0);
+}
+
+void helper_svm_check_intercept_param(CPUX86State *env, uint32_t type,
+  uint64_t param)
+{
+}
+
+void cpu_svm_check_intercept_param(CPUX86State *env, uint32_t type,
+   uint64_t param, uintptr_t retaddr)
+{
+}
+
+void helper_svm_check_io(CPUX86Stat

[PATCH v26 04/20] cpu: call AccelCPUClass::cpu_realizefn in cpu_exec_realizefn

[Claudio Fontana]

move the call to accel_cpu->cpu_realizefn to the general
cpu_exec_realizefn from target/i386, so it does not need to be
called for every target explicitly as we enable more targets.

Signed-off-by: Claudio Fontana 
Reviewed-by: Alex Bennée 
Reviewed-by: Richard Henderson 
---
 cpu.c |  6 ++
 target/i386/cpu.c | 20 +++-
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/cpu.c b/cpu.c
index bfbe5a66f9..ba5d272c1e 100644
--- a/cpu.c
+++ b/cpu.c
@@ -36,6 +36,7 @@
 #include "sysemu/replay.h"
 #include "exec/translate-all.h"
 #include "exec/log.h"
+#include "hw/core/accel-cpu.h"
 
 uintptr_t qemu_host_page_size;
 intptr_t qemu_host_page_mask;
@@ -130,6 +131,11 @@ void cpu_exec_realizefn(CPUState *cpu, Error **errp)
 
 cpu_list_add(cpu);
 
+if (cc->accel_cpu) {
+/* NB: errp parameter is unused currently */
+cc->accel_cpu->cpu_realizefn(cpu, errp);
+}
+
 #ifdef CONFIG_TCG
 /* NB: errp parameter is unused currently */
 if (tcg_enabled()) {
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 648e41791f..6e2b5d7e59 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6445,16 +6445,19 @@ static void x86_cpu_hyperv_realize(X86CPU *cpu)
 static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
 {
 CPUState *cs = CPU(dev);
-CPUClass *cc = CPU_GET_CLASS(cs);
 X86CPU *cpu = X86_CPU(dev);
 X86CPUClass *xcc = X86_CPU_GET_CLASS(dev);
 CPUX86State *env = &cpu->env;
 Error *local_err = NULL;
 static bool ht_warned;
 
-/* The accelerator realizefn needs to be called first. */
-if (cc->accel_cpu) {
-cc->accel_cpu->cpu_realizefn(cs, errp);
+/* Process Hyper-V enlightenments */
+x86_cpu_hyperv_realize(cpu);
+
+cpu_exec_realizefn(cs, &local_err);
+if (local_err != NULL) {
+error_propagate(errp, local_err);
+return;
 }
 
 if (xcc->host_cpuid_required && !accel_uses_host_cpuid()) {
@@ -6570,15 +6573,6 @@ static void x86_cpu_realizefn(DeviceState *dev, Error 
**errp)
 env->cache_info_amd.l3_cache = &legacy_l3_cache;
 }
 
-/* Process Hyper-V enlightenments */
-x86_cpu_hyperv_realize(cpu);
-
-cpu_exec_realizefn(cs, &local_err);
-if (local_err != NULL) {
-error_propagate(errp, local_err);
-return;
-}
-
 #ifndef CONFIG_USER_ONLY
 MachineState *ms = MACHINE(qdev_get_machine());
 qemu_register_reset(x86_cpu_machine_reset_cb, cpu);
-- 
2.26.2

[PATCH v26 12/20] i386: move TCG bpt_helper into sysemu/

[Claudio Fontana]

for user-mode, assert that the hidden IOBPT flags are not set
while attempting to generate io_bpt helpers.

Signed-off-by: Claudio Fontana 
Cc: Paolo Bonzini 
Reviewed-by: Richard Henderson 
---
 target/i386/helper.h|   7 +
 target/i386/tcg/helper-tcg.h|   3 +
 target/i386/tcg/bpt_helper.c| 276 --
 target/i386/tcg/sysemu/bpt_helper.c | 293 
 target/i386/tcg/translate.c |   8 +-
 target/i386/tcg/sysemu/meson.build  |   1 +
 6 files changed, 311 insertions(+), 277 deletions(-)
 create mode 100644 target/i386/tcg/sysemu/bpt_helper.c

diff --git a/target/i386/helper.h b/target/i386/helper.h
index 8ffda4cdc6..095520f81f 100644
--- a/target/i386/helper.h
+++ b/target/i386/helper.h
@@ -46,7 +46,11 @@ DEF_HELPER_2(read_crN, tl, env, int)
 DEF_HELPER_3(write_crN, void, env, int, tl)
 DEF_HELPER_2(lmsw, void, env, tl)
 DEF_HELPER_1(clts, void, env)
+
+#ifndef CONFIG_USER_ONLY
 DEF_HELPER_FLAGS_3(set_dr, TCG_CALL_NO_WG, void, env, int, tl)
+#endif /* !CONFIG_USER_ONLY */
+
 DEF_HELPER_FLAGS_2(get_dr, TCG_CALL_NO_WG, tl, env, int)
 DEF_HELPER_2(invlpg, void, env, tl)
 
@@ -100,7 +104,10 @@ DEF_HELPER_3(outw, void, env, i32, i32)
 DEF_HELPER_2(inw, tl, env, i32)
 DEF_HELPER_3(outl, void, env, i32, i32)
 DEF_HELPER_2(inl, tl, env, i32)
+
+#ifndef CONFIG_USER_ONLY
 DEF_HELPER_FLAGS_4(bpt_io, TCG_CALL_NO_WG, void, env, i32, i32, tl)
+#endif /* !CONFIG_USER_ONLY */
 
 DEF_HELPER_3(svm_check_intercept_param, void, env, i32, i64)
 DEF_HELPER_4(svm_check_io, void, env, i32, i32, i32)
diff --git a/target/i386/tcg/helper-tcg.h b/target/i386/tcg/helper-tcg.h
index c133c63555..b420b3356d 100644
--- a/target/i386/tcg/helper-tcg.h
+++ b/target/i386/tcg/helper-tcg.h
@@ -92,4 +92,7 @@ void do_interrupt_x86_hardirq(CPUX86State *env, int intno, 
int is_hw);
 /* smm_helper.c */
 void do_smm_enter(X86CPU *cpu);
 
+/* bpt_helper.c */
+bool check_hw_breakpoints(CPUX86State *env, bool force_dr6_update);
+
 #endif /* I386_HELPER_TCG_H */
diff --git a/target/i386/tcg/bpt_helper.c b/target/i386/tcg/bpt_helper.c
index 979230ac12..fb2a65ac9c 100644
--- a/target/i386/tcg/bpt_helper.c
+++ b/target/i386/tcg/bpt_helper.c
@@ -19,223 +19,9 @@
 
 #include "qemu/osdep.h"
 #include "cpu.h"
-#include "exec/exec-all.h"
 #include "exec/helper-proto.h"
 #include "helper-tcg.h"
 
-
-#ifndef CONFIG_USER_ONLY
-static inline bool hw_local_breakpoint_enabled(unsigned long dr7, int index)
-{
-return (dr7 >> (index * 2)) & 1;
-}
-
-static inline bool hw_global_breakpoint_enabled(unsigned long dr7, int index)
-{
-return (dr7 >> (index * 2)) & 2;
-
-}
-static inline bool hw_breakpoint_enabled(unsigned long dr7, int index)
-{
-return hw_global_breakpoint_enabled(dr7, index) ||
-   hw_local_breakpoint_enabled(dr7, index);
-}
-
-static inline int hw_breakpoint_type(unsigned long dr7, int index)
-{
-return (dr7 >> (DR7_TYPE_SHIFT + (index * 4))) & 3;
-}
-
-static inline int hw_breakpoint_len(unsigned long dr7, int index)
-{
-int len = ((dr7 >> (DR7_LEN_SHIFT + (index * 4))) & 3);
-return (len == 2) ? 8 : len + 1;
-}
-
-static int hw_breakpoint_insert(CPUX86State *env, int index)
-{
-CPUState *cs = env_cpu(env);
-target_ulong dr7 = env->dr[7];
-target_ulong drN = env->dr[index];
-int err = 0;
-
-switch (hw_breakpoint_type(dr7, index)) {
-case DR7_TYPE_BP_INST:
-if (hw_breakpoint_enabled(dr7, index)) {
-err = cpu_breakpoint_insert(cs, drN, BP_CPU,
-&env->cpu_breakpoint[index]);
-}
-break;
-
-case DR7_TYPE_IO_RW:
-/* Notice when we should enable calls to bpt_io.  */
-return hw_breakpoint_enabled(env->dr[7], index)
-   ? HF_IOBPT_MASK : 0;
-
-case DR7_TYPE_DATA_WR:
-if (hw_breakpoint_enabled(dr7, index)) {
-err = cpu_watchpoint_insert(cs, drN,
-hw_breakpoint_len(dr7, index),
-BP_CPU | BP_MEM_WRITE,
-&env->cpu_watchpoint[index]);
-}
-break;
-
-case DR7_TYPE_DATA_RW:
-if (hw_breakpoint_enabled(dr7, index)) {
-err = cpu_watchpoint_insert(cs, drN,
-hw_breakpoint_len(dr7, index),
-BP_CPU | BP_MEM_ACCESS,
-&env->cpu_watchpoint[index]);
-}
-break;
-}
-if (err) {
-env->cpu_breakpoint[index] = NULL;
-}
-return 0;
-}
-
-static void hw_breakpoint_remove(CPUX86State *env, int index)
-{
-CPUState *cs = env_cpu(env);
-
-switch (hw_breakpoint_type(env->dr[7], index)) {
-case DR7_TYPE_BP_INST:
-if (env->cpu_breakpoint[index]) {
-cpu_breakpoint_remove_by_ref(cs, env->cpu_breakpoint[index]);
-env->cpu_breakpoint[index] = NULL;
-}
-break;
-
-

[PATCH v26 16/20] i386: split seg_helper into user-only and sysemu parts

[Claudio Fontana]

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/i386/tcg/helper-tcg.h|   5 +
 target/i386/tcg/seg_helper.h|  66 
 target/i386/tcg/seg_helper.c| 233 +---
 target/i386/tcg/sysemu/seg_helper.c | 125 +++
 target/i386/tcg/user/seg_helper.c   | 109 +
 target/i386/tcg/sysemu/meson.build  |   1 +
 target/i386/tcg/user/meson.build|   1 +
 7 files changed, 311 insertions(+), 229 deletions(-)
 create mode 100644 target/i386/tcg/seg_helper.h
 create mode 100644 target/i386/tcg/sysemu/seg_helper.c
 create mode 100644 target/i386/tcg/user/seg_helper.c

diff --git a/target/i386/tcg/helper-tcg.h b/target/i386/tcg/helper-tcg.h
index b420b3356d..30eacdbbc9 100644
--- a/target/i386/tcg/helper-tcg.h
+++ b/target/i386/tcg/helper-tcg.h
@@ -88,6 +88,11 @@ void do_vmexit(CPUX86State *env, uint32_t exit_code, 
uint64_t exit_info_1);
 
 /* seg_helper.c */
 void do_interrupt_x86_hardirq(CPUX86State *env, int intno, int is_hw);
+void do_interrupt_all(X86CPU *cpu, int intno, int is_int,
+  int error_code, target_ulong next_eip, int is_hw);
+void handle_even_inj(CPUX86State *env, int intno, int is_int,
+ int error_code, int is_hw, int rm);
+int exception_has_error_code(int intno);
 
 /* smm_helper.c */
 void do_smm_enter(X86CPU *cpu);
diff --git a/target/i386/tcg/seg_helper.h b/target/i386/tcg/seg_helper.h
new file mode 100644
index 00..ebf1035277
--- /dev/null
+++ b/target/i386/tcg/seg_helper.h
@@ -0,0 +1,66 @@
+/*
+ *  x86 segmentation related helpers macros
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#ifndef SEG_HELPER_H
+#define SEG_HELPER_H
+
+//#define DEBUG_PCALL
+
+#ifdef DEBUG_PCALL
+# define LOG_PCALL(...) qemu_log_mask(CPU_LOG_PCALL, ## __VA_ARGS__)
+# define LOG_PCALL_STATE(cpu)  \
+log_cpu_state_mask(CPU_LOG_PCALL, (cpu), CPU_DUMP_CCOP)
+#else
+# define LOG_PCALL(...) do { } while (0)
+# define LOG_PCALL_STATE(cpu) do { } while (0)
+#endif
+
+/*
+ * TODO: Convert callers to compute cpu_mmu_index_kernel once
+ * and use *_mmuidx_ra directly.
+ */
+#define cpu_ldub_kernel_ra(e, p, r) \
+cpu_ldub_mmuidx_ra(e, p, cpu_mmu_index_kernel(e), r)
+#define cpu_lduw_kernel_ra(e, p, r) \
+cpu_lduw_mmuidx_ra(e, p, cpu_mmu_index_kernel(e), r)
+#define cpu_ldl_kernel_ra(e, p, r) \
+cpu_ldl_mmuidx_ra(e, p, cpu_mmu_index_kernel(e), r)
+#define cpu_ldq_kernel_ra(e, p, r) \
+cpu_ldq_mmuidx_ra(e, p, cpu_mmu_index_kernel(e), r)
+
+#define cpu_stb_kernel_ra(e, p, v, r) \
+cpu_stb_mmuidx_ra(e, p, v, cpu_mmu_index_kernel(e), r)
+#define cpu_stw_kernel_ra(e, p, v, r) \
+cpu_stw_mmuidx_ra(e, p, v, cpu_mmu_index_kernel(e), r)
+#define cpu_stl_kernel_ra(e, p, v, r) \
+cpu_stl_mmuidx_ra(e, p, v, cpu_mmu_index_kernel(e), r)
+#define cpu_stq_kernel_ra(e, p, v, r) \
+cpu_stq_mmuidx_ra(e, p, v, cpu_mmu_index_kernel(e), r)
+
+#define cpu_ldub_kernel(e, p)cpu_ldub_kernel_ra(e, p, 0)
+#define cpu_lduw_kernel(e, p)cpu_lduw_kernel_ra(e, p, 0)
+#define cpu_ldl_kernel(e, p) cpu_ldl_kernel_ra(e, p, 0)
+#define cpu_ldq_kernel(e, p) cpu_ldq_kernel_ra(e, p, 0)
+
+#define cpu_stb_kernel(e, p, v)  cpu_stb_kernel_ra(e, p, v, 0)
+#define cpu_stw_kernel(e, p, v)  cpu_stw_kernel_ra(e, p, v, 0)
+#define cpu_stl_kernel(e, p, v)  cpu_stl_kernel_ra(e, p, v, 0)
+#define cpu_stq_kernel(e, p, v)  cpu_stq_kernel_ra(e, p, v, 0)
+
+#endif /* SEG_HELPER_H */
diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c
index d04fbdd7cd..cf3f051524 100644
--- a/target/i386/tcg/seg_helper.c
+++ b/target/i386/tcg/seg_helper.c
@@ -26,49 +26,7 @@
 #include "exec/cpu_ldst.h"
 #include "exec/log.h"
 #include "helper-tcg.h"
-
-//#define DEBUG_PCALL
-
-#ifdef DEBUG_PCALL
-# define LOG_PCALL(...) qemu_log_mask(CPU_LOG_PCALL, ## __VA_ARGS__)
-# define LOG_PCALL_STATE(cpu)  \
-log_cpu_state_mask(CPU_LOG_PCALL, (cpu), CPU_DUMP_CCOP)
-#else
-# define LOG_PCALL(...) do { } while (0)
-# define LOG_PCALL_STATE(cpu) do { } while (0)
-#endif
-
-/*
- * TODO: Convert callers to compute cpu_mmu_index_kernel once
- * and use *_mmuidx_ra directly.
- */
-#define cpu_ldub_kernel_ra(e, p, r) \
-cpu_ldub_mmuidx_ra(e, p, cpu_mmu_index_kernel(e)

[PATCH v26 18/20] target/i386: gdbstub: introduce aux functions to read/write CS64 regs

[Claudio Fontana]

a number of registers are read as 64bit under the condition that
(hflags & HF_CS64_MASK) || TARGET_X86_64)

and a number of registers are written as 64bit under the condition that
(hflags & HF_CS64_MASK).

Provide some auxiliary functions that do that.

Signed-off-by: Claudio Fontana 
Cc: Paolo Bonzini 
Reviewed-by: Richard Henderson 
---
 target/i386/gdbstub.c | 155 ++
 1 file changed, 51 insertions(+), 104 deletions(-)

diff --git a/target/i386/gdbstub.c b/target/i386/gdbstub.c
index 41e265fc67..4ad1295425 100644
--- a/target/i386/gdbstub.c
+++ b/target/i386/gdbstub.c
@@ -78,6 +78,23 @@ static const int gpr_map32[8] = { 0, 1, 2, 3, 4, 5, 6, 7 };
 #define GDB_FORCE_64 0
 #endif
 
+static int gdb_read_reg_cs64(uint32_t hflags, GByteArray *buf, target_ulong 
val)
+{
+if ((hflags & HF_CS64_MASK) || GDB_FORCE_64) {
+return gdb_get_reg64(buf, val);
+}
+return gdb_get_reg32(buf, val);
+}
+
+static int gdb_write_reg_cs64(uint32_t hflags, uint8_t *buf, target_ulong *val)
+{
+if (hflags & HF_CS64_MASK) {
+*val = ldq_p(buf);
+return 8;
+}
+*val = ldl_p(buf);
+return 4;
+}
 
 int x86_cpu_gdb_read_register(CPUState *cs, GByteArray *mem_buf, int n)
 {
@@ -142,25 +159,14 @@ int x86_cpu_gdb_read_register(CPUState *cs, GByteArray 
*mem_buf, int n)
 return gdb_get_reg32(mem_buf, env->segs[R_FS].selector);
 case IDX_SEG_REGS + 5:
 return gdb_get_reg32(mem_buf, env->segs[R_GS].selector);
-
 case IDX_SEG_REGS + 6:
-if ((env->hflags & HF_CS64_MASK) || GDB_FORCE_64) {
-return gdb_get_reg64(mem_buf, env->segs[R_FS].base);
-}
-return gdb_get_reg32(mem_buf, env->segs[R_FS].base);
-
+return gdb_read_reg_cs64(env->hflags, mem_buf, 
env->segs[R_FS].base);
 case IDX_SEG_REGS + 7:
-if ((env->hflags & HF_CS64_MASK) || GDB_FORCE_64) {
-return gdb_get_reg64(mem_buf, env->segs[R_GS].base);
-}
-return gdb_get_reg32(mem_buf, env->segs[R_GS].base);
+return gdb_read_reg_cs64(env->hflags, mem_buf, 
env->segs[R_GS].base);
 
 case IDX_SEG_REGS + 8:
 #ifdef TARGET_X86_64
-if ((env->hflags & HF_CS64_MASK) || GDB_FORCE_64) {
-return gdb_get_reg64(mem_buf, env->kernelgsbase);
-}
-return gdb_get_reg32(mem_buf, env->kernelgsbase);
+return gdb_read_reg_cs64(env->hflags, mem_buf, env->kernelgsbase);
 #else
 return gdb_get_reg32(mem_buf, 0);
 #endif
@@ -188,45 +194,23 @@ int x86_cpu_gdb_read_register(CPUState *cs, GByteArray 
*mem_buf, int n)
 return gdb_get_reg32(mem_buf, env->mxcsr);
 
 case IDX_CTL_CR0_REG:
-if ((env->hflags & HF_CS64_MASK) || GDB_FORCE_64) {
-return gdb_get_reg64(mem_buf, env->cr[0]);
-}
-return gdb_get_reg32(mem_buf, env->cr[0]);
-
+return gdb_read_reg_cs64(env->hflags, mem_buf, env->cr[0]);
 case IDX_CTL_CR2_REG:
-if ((env->hflags & HF_CS64_MASK) || GDB_FORCE_64) {
-return gdb_get_reg64(mem_buf, env->cr[2]);
-}
-return gdb_get_reg32(mem_buf, env->cr[2]);
-
+return gdb_read_reg_cs64(env->hflags, mem_buf, env->cr[2]);
 case IDX_CTL_CR3_REG:
-if ((env->hflags & HF_CS64_MASK) || GDB_FORCE_64) {
-return gdb_get_reg64(mem_buf, env->cr[3]);
-}
-return gdb_get_reg32(mem_buf, env->cr[3]);
-
+return gdb_read_reg_cs64(env->hflags, mem_buf, env->cr[3]);
 case IDX_CTL_CR4_REG:
-if ((env->hflags & HF_CS64_MASK) || GDB_FORCE_64) {
-return gdb_get_reg64(mem_buf, env->cr[4]);
-}
-return gdb_get_reg32(mem_buf, env->cr[4]);
-
+return gdb_read_reg_cs64(env->hflags, mem_buf, env->cr[4]);
 case IDX_CTL_CR8_REG:
-#ifdef CONFIG_SOFTMMU
+#ifndef CONFIG_USER_ONLY
 tpr = cpu_get_apic_tpr(cpu->apic_state);
 #else
 tpr = 0;
 #endif
-if ((env->hflags & HF_CS64_MASK) || GDB_FORCE_64) {
-return gdb_get_reg64(mem_buf, tpr);
-}
-return gdb_get_reg32(mem_buf, tpr);
+return gdb_read_reg_cs64(env->hflags, mem_buf, tpr);
 
 case IDX_CTL_EFER_REG:
-if ((env->hflags & HF_CS64_MASK) || GDB_FORCE_64) {
-return gdb_get_reg64(mem_buf, env->efer);
-}
-return gdb_get_reg32(mem_buf, env->efer);
+return gdb_read_reg_cs64(env->hflags, mem_buf, env->efer);
 }
 }
 return 0;
@@ -266,7 +250,8 @@ int x86_cpu_gdb_write_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 {
 X86CPU *cpu = X86_CPU(cs);
 CPUX86State *env = &cpu->env;
-uint32_t tmp;
+target_ulong tmp;
+int len;
 
 /* N.B. GDB can't deal with changes in registers or sizes in the midd

[PATCH v26 17/20] i386: split off sysemu part of cpu.c

[Claudio Fontana]

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/i386/cpu-internal.h |  70 +++
 target/i386/cpu-sysemu.c   | 352 +
 target/i386/cpu.c  | 385 +
 target/i386/meson.build|   1 +
 4 files changed, 429 insertions(+), 379 deletions(-)
 create mode 100644 target/i386/cpu-internal.h
 create mode 100644 target/i386/cpu-sysemu.c

diff --git a/target/i386/cpu-internal.h b/target/i386/cpu-internal.h
new file mode 100644
index 00..9baac5c0b4
--- /dev/null
+++ b/target/i386/cpu-internal.h
@@ -0,0 +1,70 @@
+/*
+ * i386 CPU internal definitions to be shared between cpu.c and cpu-sysemu.c
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#ifndef I386_CPU_INTERNAL_H
+#define I386_CPU_INTERNAL_H
+
+typedef enum FeatureWordType {
+   CPUID_FEATURE_WORD,
+   MSR_FEATURE_WORD,
+} FeatureWordType;
+
+typedef struct FeatureWordInfo {
+FeatureWordType type;
+/* feature flags names are taken from "Intel Processor Identification and
+ * the CPUID Instruction" and AMD's "CPUID Specification".
+ * In cases of disagreement between feature naming conventions,
+ * aliases may be added.
+ */
+const char *feat_names[64];
+union {
+/* If type==CPUID_FEATURE_WORD */
+struct {
+uint32_t eax;   /* Input EAX for CPUID */
+bool needs_ecx; /* CPUID instruction uses ECX as input */
+uint32_t ecx;   /* Input ECX value for CPUID */
+int reg;/* output register (R_* constant) */
+} cpuid;
+/* If type==MSR_FEATURE_WORD */
+struct {
+uint32_t index;
+} msr;
+};
+uint64_t tcg_features; /* Feature flags supported by TCG */
+uint64_t unmigratable_flags; /* Feature flags known to be unmigratable */
+uint64_t migratable_flags; /* Feature flags known to be migratable */
+/* Features that shouldn't be auto-enabled by "-cpu host" */
+uint64_t no_autoenable_flags;
+} FeatureWordInfo;
+
+extern FeatureWordInfo feature_word_info[];
+
+void x86_cpu_expand_features(X86CPU *cpu, Error **errp);
+
+#ifndef CONFIG_USER_ONLY
+GuestPanicInformation *x86_cpu_get_crash_info(CPUState *cs);
+void x86_cpu_get_crash_info_qom(Object *obj, Visitor *v,
+const char *name, void *opaque, Error **errp);
+
+void x86_cpu_apic_create(X86CPU *cpu, Error **errp);
+void x86_cpu_apic_realize(X86CPU *cpu, Error **errp);
+void x86_cpu_machine_reset_cb(void *opaque);
+#endif /* !CONFIG_USER_ONLY */
+
+#endif /* I386_CPU_INTERNAL_H */
diff --git a/target/i386/cpu-sysemu.c b/target/i386/cpu-sysemu.c
new file mode 100644
index 00..6477584313
--- /dev/null
+++ b/target/i386/cpu-sysemu.c
@@ -0,0 +1,352 @@
+/*
+ *  i386 CPUID, CPU class, definitions, models: sysemu-only code
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "sysemu/xen.h"
+#include "sysemu/whpx.h"
+#include "kvm/kvm_i386.h"
+#include "qapi/error.h"
+#include "qapi/qapi-visit-run-state.h"
+#include "qapi/qmp/qdict.h"
+#include "qom/qom-qobject.h"
+#include "qapi/qapi-commands-machine-target.h"
+#include "hw/qdev-properties.h"
+
+#include "exec/address-spaces.h"
+#include "hw/i386/apic_internal.h"
+
+#include "cpu-internal.h"
+
+/* Return a QDict containing keys for all properties that can be included
+ * in static expansion of CPU models. All properties set by 
x86_cpu_load_model()
+ * must be included in the dictionary.
+ */
+static QDict *x86_cpu_static_props(void)
+{
+FeatureWord w;
+int i;
+static 

[PATCH v26 20/20] i386: make cpu_load_efer sysemu-only

[Claudio Fontana]

cpu_load_efer is now used only for sysemu code.

Therefore, move this function implementation to
sysemu-only section of helper.c

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/i386/cpu.h| 20 +---
 target/i386/helper.c | 13 +
 2 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 3797789dc2..a1268abe9f 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1957,6 +1957,11 @@ static inline AddressSpace *cpu_addressspace(CPUState 
*cs, MemTxAttrs attrs)
 return cpu_get_address_space(cs, cpu_asidx_from_attrs(cs, attrs));
 }
 
+/*
+ * load efer and update the corresponding hflags. XXX: do consistency
+ * checks with cpuid bits?
+ */
+void cpu_load_efer(CPUX86State *env, uint64_t val);
 uint8_t x86_ldub_phys(CPUState *cs, hwaddr addr);
 uint32_t x86_lduw_phys(CPUState *cs, hwaddr addr);
 uint32_t x86_ldl_phys(CPUState *cs, hwaddr addr);
@@ -2053,21 +2058,6 @@ static inline uint32_t cpu_compute_eflags(CPUX86State 
*env)
 return eflags;
 }
 
-
-/* load efer and update the corresponding hflags. XXX: do consistency
-   checks with cpuid bits? */
-static inline void cpu_load_efer(CPUX86State *env, uint64_t val)
-{
-env->efer = val;
-env->hflags &= ~(HF_LMA_MASK | HF_SVME_MASK);
-if (env->efer & MSR_EFER_LMA) {
-env->hflags |= HF_LMA_MASK;
-}
-if (env->efer & MSR_EFER_SVME) {
-env->hflags |= HF_SVME_MASK;
-}
-}
-
 static inline MemTxAttrs cpu_get_mem_attrs(CPUX86State *env)
 {
 return ((MemTxAttrs) { .secure = (env->hflags & HF_SMM_MASK) != 0 });
diff --git a/target/i386/helper.c b/target/i386/helper.c
index 618ad1c409..7304721a94 100644
--- a/target/i386/helper.c
+++ b/target/i386/helper.c
@@ -574,6 +574,19 @@ void do_cpu_sipi(X86CPU *cpu)
 #endif
 
 #ifndef CONFIG_USER_ONLY
+
+void cpu_load_efer(CPUX86State *env, uint64_t val)
+{
+env->efer = val;
+env->hflags &= ~(HF_LMA_MASK | HF_SVME_MASK);
+if (env->efer & MSR_EFER_LMA) {
+env->hflags |= HF_LMA_MASK;
+}
+if (env->efer & MSR_EFER_SVME) {
+env->hflags |= HF_SVME_MASK;
+}
+}
+
 uint8_t x86_ldub_phys(CPUState *cs, hwaddr addr)
 {
 X86CPU *cpu = X86_CPU(cs);
-- 
2.26.2

[PATCH v26 14/20] i386: separate fpu_helper sysemu-only parts

[Claudio Fontana]

create a separate tcg/sysemu/fpu_helper.c for the sysemu-only parts.

For user mode, some small #ifdefs remain in tcg/fpu_helper.c
which do not seem worth splitting into their own user-mode module.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/i386/cpu.h   |  3 ++
 target/i386/tcg/fpu_helper.c| 41 +
 target/i386/tcg/sysemu/fpu_helper.c | 57 +
 target/i386/tcg/sysemu/meson.build  |  1 +
 4 files changed, 63 insertions(+), 39 deletions(-)
 create mode 100644 target/i386/tcg/sysemu/fpu_helper.c

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index c8a84a9033..3797789dc2 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1816,7 +1816,10 @@ int cpu_x86_support_mca_broadcast(CPUX86State *env);
 int cpu_get_pic_interrupt(CPUX86State *s);
 /* MSDOS compatibility mode FPU exception support */
 void x86_register_ferr_irq(qemu_irq irq);
+void fpu_check_raise_ferr_irq(CPUX86State *s);
 void cpu_set_ignne(void);
+void cpu_clear_ignne(void);
+
 /* mpx_helper.c */
 void cpu_sync_bndcs_hflags(CPUX86State *env);
 
diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c
index 20e4d2e715..1b30f1bb73 100644
--- a/target/i386/tcg/fpu_helper.c
+++ b/target/i386/tcg/fpu_helper.c
@@ -21,17 +21,10 @@
 #include 
 #include "cpu.h"
 #include "exec/helper-proto.h"
-#include "qemu/host-utils.h"
-#include "exec/exec-all.h"
-#include "exec/cpu_ldst.h"
 #include "fpu/softfloat.h"
 #include "fpu/softfloat-macros.h"
 #include "helper-tcg.h"
 
-#ifdef CONFIG_SOFTMMU
-#include "hw/irq.h"
-#endif
-
 /* float macros */
 #define FT0(env->ft0)
 #define ST0(env->fpregs[env->fpstt].d)
@@ -75,36 +68,6 @@
 #define floatx80_ln2_d make_floatx80(0x3ffe, 0xb17217f7d1cf79abLL)
 #define floatx80_pi_d make_floatx80(0x4000, 0xc90fdaa22168c234LL)
 
-#if !defined(CONFIG_USER_ONLY)
-static qemu_irq ferr_irq;
-
-void x86_register_ferr_irq(qemu_irq irq)
-{
-ferr_irq = irq;
-}
-
-static void cpu_clear_ignne(void)
-{
-CPUX86State *env = &X86_CPU(first_cpu)->env;
-env->hflags2 &= ~HF2_IGNNE_MASK;
-}
-
-void cpu_set_ignne(void)
-{
-CPUX86State *env = &X86_CPU(first_cpu)->env;
-env->hflags2 |= HF2_IGNNE_MASK;
-/*
- * We get here in response to a write to port F0h.  The chipset should
- * deassert FP_IRQ and FERR# instead should stay signaled until FPSW_SE is
- * cleared, because FERR# and FP_IRQ are two separate pins on real
- * hardware.  However, we don't model FERR# as a qemu_irq, so we just
- * do directly what the chipset would do, i.e. deassert FP_IRQ.
- */
-qemu_irq_lower(ferr_irq);
-}
-#endif
-
-
 static inline void fpush(CPUX86State *env)
 {
 env->fpstt = (env->fpstt - 1) & 7;
@@ -202,8 +165,8 @@ static void fpu_raise_exception(CPUX86State *env, uintptr_t 
retaddr)
 raise_exception_ra(env, EXCP10_COPR, retaddr);
 }
 #if !defined(CONFIG_USER_ONLY)
-else if (ferr_irq && !(env->hflags2 & HF2_IGNNE_MASK)) {
-qemu_irq_raise(ferr_irq);
+else {
+fpu_check_raise_ferr_irq(env);
 }
 #endif
 }
diff --git a/target/i386/tcg/sysemu/fpu_helper.c 
b/target/i386/tcg/sysemu/fpu_helper.c
new file mode 100644
index 00..1c3610da3b
--- /dev/null
+++ b/target/i386/tcg/sysemu/fpu_helper.c
@@ -0,0 +1,57 @@
+/*
+ *  x86 FPU, MMX/3DNow!/SSE/SSE2/SSE3/SSSE3/SSE4/PNI helpers (sysemu code)
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "hw/irq.h"
+
+static qemu_irq ferr_irq;
+
+void x86_register_ferr_irq(qemu_irq irq)
+{
+ferr_irq = irq;
+}
+
+void fpu_check_raise_ferr_irq(CPUX86State *env)
+{
+if (ferr_irq && !(env->hflags2 & HF2_IGNNE_MASK)) {
+qemu_irq_raise(ferr_irq);
+return;
+}
+}
+
+void cpu_clear_ignne(void)
+{
+CPUX86State *env = &X86_CPU(first_cpu)->env;
+env->hflags2 &= ~HF2_IGNNE_MASK;
+}
+
+void cpu_set_ignne(void)
+{
+CPUX86State *env = &X86_CPU(first_cpu)->env;
+env->hflags2 |= HF2_IGNNE_MASK;
+/*
+ * We get here in response to a write to port F0h.  The chipset should
+ * deassert FP_IRQ and FERR# instead should stay signaled until FPSW_SE is
+ * cleared, because FERR# and FP_IRQ are two separate pins on real
+ * hardware.  However, we don't mod

Re: Bogus "is either too old or uses too old a Python version" from docs/meson.build

[Markus Armbruster]

Peter Maydell  writes:

> On Thu, 25 Feb 2021 at 13:41, Markus Armbruster  wrote:
>> Peter Maydell  writes:
>> > I'm not sure what could reasonably be done. The Sphinx test is just
>> > "try building a trivial document with our config (which is what
>> > enforces the version requirement)".
>>
>> This question is almost certainly naive: why is it necessary for the
>> "trivial" document to include the truckload generated by qapi-gen.py
>
> Because we want to use docs/conf.py, and docs/conf.py says
> "these are the plugins we use" (by setting the 'extensions' config
> variable, and so Sphinx will run the bit of the plugin that is "run this to
> initialize me".

I see.

> You could add conditionals to the conf.py to say "don't set the 'extensions'
> variable if we're being called for the trivial document by configure",
> but if there really is some problem with the user's environment that
> means that those extensions don't work, we'd rather have configure
> detect that and default to don't-build-docs, rather than configure
> believe that all is OK and then the 'make' later falling over.

Makes sense for the initial configure, but I'm afraid it's not what
happens in the "need to run config.status case" case.

If I configured with --enable-docs, then "make" running config.status
fails in the opaque way I described.  You argued anyone messing with the
QAPI generator should be capable of following the "A full log can be
found at" clue, and figure out what's wrong.  Fair enough, as long as we
ignore the possibility that qapi-gen could ever start to fail for
reasons other than "developer messed it up", such as "a Python upgrade
messed it up",

If I let configure decide whether to build docs, then "make" will fail
in the same clear way it always fails when the developer messes up
qapi-gen.  But first, it'll disable doc generation.  I'm pretty much
certain to miss that.  Fixing qapi-gen will *not* re-enable doc
generation.  It'll silently reenable itself the next time configure gets
run for some reason.  Until then, the build tree will contain stale
documentation.  I consider this a (relatively minor) trap for
developers.

Unrelated issue: touch any QAPI schema or QAPI generator source file,
rebuild the entire documentation.  This is a real drag.  The generated
code we only recompile when it changes.

I'm switching my primary build tree to --disable-docs now.  Less drag,
one less trap, and I rarely want to look at the formatted documentation
anyway.

Re: [PATCH v26 00/20] i386 cleanup PART 2

[no-reply]

Patchew URL: https://patchew.org/QEMU/20210301085450.1732-1-cfont...@suse.de/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20210301085450.1732-1-cfont...@suse.de
Subject: [PATCH v26 00/20] i386 cleanup PART 2

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] patchew/20210301085450.1732-1-cfont...@suse.de -> 
patchew/20210301085450.1732-1-cfont...@suse.de
Switched to a new branch 'test'
00a5877 i386: make cpu_load_efer sysemu-only
bc37797 target/i386: gdbstub: only write CR0/CR2/CR3/EFER for sysemu
2b17816 target/i386: gdbstub: introduce aux functions to read/write CS64 regs
3a208cf i386: split off sysemu part of cpu.c
2c7e080 i386: split seg_helper into user-only and sysemu parts
d83014b i386: split svm_helper into sysemu and stub-only user
b6d69a4 i386: separate fpu_helper sysemu-only parts
93cb687 i386: split misc helper user stubs and sysemu part
d8352df i386: move TCG bpt_helper into sysemu/
8fbb05f i386: split tcg excp_helper into sysemu and user parts
0a91873 i386: split smm helper (sysemu)
86ad6ce i386: split off sysemu-only functionality in tcg-cpu
ecd60a2 meson: add target_user_arch
eec9c82 accel-cpu: make cpu_realizefn return a bool
007716a target/i386: fix host_cpu_adjust_phys_bits error handling
48530bb accel: introduce new accessor functions
cedc6f6 cpu: call AccelCPUClass::cpu_realizefn in cpu_exec_realizefn
ffbf00d i386: split cpu accelerators from cpu.c, using AccelCPUClass
d8033c6 target/i386: Split out do_fsave, do_frstor, do_fxsave, do_fxrstor
d516237 target/i386: Rename helper_fldt, helper_fstt

=== OUTPUT BEGIN ===
1/20 Checking commit d5162371be89 (target/i386: Rename helper_fldt, helper_fstt)
2/20 Checking commit d8033c640ed4 (target/i386: Split out do_fsave, do_frstor, 
do_fxsave, do_fxrstor)
3/20 Checking commit ffbf00db2eb3 (i386: split cpu accelerators from cpu.c, 
using AccelCPUClass)
WARNING: line over 80 characters
#1337: FILE: target/i386/tcg/tcg-cpu.c:125:
+memory_region_add_subregion_overlap(cpu->cpu_as_root, 0, cpu->cpu_as_mem, 
0);

total: 0 errors, 1 warnings, 1256 lines checked

Patch 3/20 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
4/20 Checking commit cedc6f6e4c18 (cpu: call AccelCPUClass::cpu_realizefn in 
cpu_exec_realizefn)
5/20 Checking commit 48530bbeb4c2 (accel: introduce new accessor functions)
6/20 Checking commit 007716a87edf (target/i386: fix host_cpu_adjust_phys_bits 
error handling)
7/20 Checking commit eec9c82ab85c (accel-cpu: make cpu_realizefn return a bool)
8/20 Checking commit ecd60a2189f5 (meson: add target_user_arch)
9/20 Checking commit 86ad6ce0eb6a (i386: split off sysemu-only functionality in 
tcg-cpu)
Use of uninitialized value $acpi_testexpected in string eq at 
./scripts/checkpatch.pl line 1529.
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#31: 
new file mode 100644

WARNING: line over 80 characters
#116: FILE: target/i386/tcg/sysemu/tcg-cpu.c:72:
+memory_region_add_subregion_overlap(cpu->cpu_as_root, 0, cpu->cpu_as_mem, 
0);

total: 0 errors, 2 warnings, 212 lines checked

Patch 9/20 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
10/20 Checking commit 0a9187311234 (i386: split smm helper (sysemu))
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#24: 
 target/i386/tcg/{ => sysemu}/smm_helper.c | 19 ++-

total: 0 errors, 1 warnings, 84 lines checked

Patch 10/20 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
11/20 Checking commit 8fbb05f77818 (i386: split tcg excp_helper into sysemu and 
user parts)
Use of uninitialized value $acpi_testexpected in string eq at 
./scripts/checkpatch.pl line 1529.
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#599: 
new file mode 100644

WARNING: Block comments use a leading /* on a separate line
#756: FILE: target/i386/tcg/sysemu/excp_helper.c:153:
+/* Bits 20-13 provide bits 39-32 of the address, bit 21 is 
reserved.

WARNING: Block comments use a leading /* on a separate line
#830: FILE: target/i386/tcg/sysemu/excp_helper.c:227:
+/* return value:

WARNING: line over 80 characters
#931: FILE: target/i386/tcg/sysemu/excp_helper.c:328:
+pdpe_addr = ((pml4e & PG_ADDRESS_MASK) + (((addr >> 30) & 0x1ff) 
<< 3)) &

WARNING: Block comments use a leading /* on a separate line
#1025: FILE: target/i386/tcg/

[PATCH] docs/devel/qgraph: improve qgraph documentation

[Emanuele Giuseppe Esposito]

Improve current qgraph documentation with a more concrete example
and clearer motivation.

This patch depends on the previous serie
"libqos/qgraph: format qgraph comments for sphinx documentation"

Signed-off-by: Emanuele Giuseppe Esposito 
---
 docs/devel/qgraph.rst | 509 +-
 1 file changed, 408 insertions(+), 101 deletions(-)

diff --git a/docs/devel/qgraph.rst b/docs/devel/qgraph.rst
index 62a45cbcbf..a9aff167ad 100644
--- a/docs/devel/qgraph.rst
+++ b/docs/devel/qgraph.rst
@@ -4,14 +4,37 @@
 Qtest Driver Framework
 
 
-This Qgraph API provides all basic functions to create a graph
-and instantiate nodes representing machines, drivers and tests
-representing their relations with ``CONSUMES``, ``PRODUCES``, and
-``CONTAINS`` edges.
+In order to test a specific driver, plain libqos tests need to
+take care of booting QEMU with the right machine and devices.
+This makes each test "hardcoded" for a specific configuration, reducing
+the possible coverage that it can reach.
+
+For example, the sdhci device is supported on both x86_64 and ARM boards,
+therefore a generic sdhci test should test all machines and drivers that
+support that device.
+Using only libqos APIs, the test has to manually take care of
+covering all the setups, and build the correct command line.
+
+This also introduces backward compability issues: if a device/driver command
+line name is changed, all tests that use that will not work
+properly anymore and need to be adjusted.
+
+The aim of qgraph is to create a graph of drivers, machines and tests such that
+a test aimed to a certain driver does not have to care of
+booting the right QEMU machine, pick the right device, build the command line
+and so on. Instead, it only defines what type of device it is testing
+(interface in qgraph terms) and the framework takes care of
+covering all supported types of devices and machine architectures.
+
+Following the above example, an interface would be ``sdhci``,
+so the sdhci-test should only care of linking its qgraph node with
+that interface. In this way, if the command line of a sdhci driver
+is changed, only the respective qgraph driver node has to be adjusted.
+
+The graph is composed by nodes that represent machines, drivers, tests
+and edges that define the relationships between them (``CONSUMES``, 
``PRODUCES``, and
+``CONTAINS``).
 
-The idea is to have a framework where each test asks for a specific
-driver, and the framework takes care of allocating the proper devices
-required and passing the correct command line arguments to QEMU.
 
 Nodes
 ^^
@@ -24,8 +47,11 @@ A node can be of four types:
   drivers).
   An interface is not explicitly created, it will be automatically
   instantiated when a node consumes or produces it.
-- **QNODE_TEST**:  for example ``sdhci-test``, consumes an interface and
-  tests the functions provided.
+  An interface is simply a struct that abstracts the various drivers
+  for the same type of device, and offers an API to the nodes that
+  use it ("consume" relation in qgraph terms) that is implemented/backed up by 
the drivers that implement it ("produce" relation in qgraph terms).
+- **QNODE_TEST**:  for example ``sdhci-test``. A test consumes an interface
+  and tests the functions provided by it.
 
 Notes for the nodes:
 
@@ -69,136 +95,415 @@ available and only test that are reached by them will be 
executed.
 Creating a new driver and its interface
 "
 
-.. code::
+Here we continue the ``sdhci`` use case, with the following scenario:
+
+- ``sdhci-test`` aims to test the ``read[q,w], writeq`` functions
+  offered by the ``sdhci`` drivers.
+- The current ``sdhci`` device is supported by both ``x86_64/pc`` and ``ARM``
+  (in this example we focus on the ``arm-raspi2``) machines.
+- QEMU offers 2 types of drivers: ``QSDHCI_MemoryMapped`` for ``ARM`` and
+  ``QSDHCI_PCI`` for ``x86_64/pc``. Both implement the
+  ``read[q,w], writeq`` functions.
+
+In order to implement such scenario in qgraph, the test developer needs to:
+
+- Create the ``x86_64/pc`` machine node. This machine uses the
+  ``pci-bus`` architecture so it ``contains`` a PCI driver,
+  ``pci-bus-pc``. The actual path is
+
+  ``x86_64/pc --contains--> 1440FX-pcihost --contains-->
+  pci-bus-pc --produces--> pci-bus``.
+
+  For the sake of this example,
+  we do not focus on the PCI interface implementation.
+- Create the ``sdhci-pci`` driver node, representing ``QSDHCI_PCI``.
+  The driver uses the PCI bus (and its API),
+  so it must ``consume`` the ``pci-bus`` generic interface (which abstracts
+  all the pci drivers available)
+
+  ``sdhci-pci --consumes--> pci-bus``
+- Create an ``arm/raspi2`` machine node. This machine ``contains``
+  a ``generic-sdhci`` memory mapped ``sdhci`` driver node, representing
+  ``QSDHCI_MemoryMapped``.
+
+  ``arm/raspi2 --contains--> generic-sdhci``
+- Create the ``sdhci`` interface

Re: [RFC PATCH 4/5] hw/acpi/aml-build: add processor hierarchy node structure

[Andrew Jones]

On Fri, Feb 26, 2021 at 10:23:03AM +0800, Ying Fang wrote:
> 
> 
> On 2/25/2021 7:47 PM, Andrew Jones wrote:
> > On Thu, Feb 25, 2021 at 04:56:26PM +0800, Ying Fang wrote:
> > > Add the processor hierarchy node structures to build ACPI information
> > > for CPU topology. Since the private resources may be used to describe
> > > cache hierarchy and it is variable among different topology level,
> > > three helpers are introduced to describe the hierarchy.
> > > 
> > > (1) build_socket_hierarchy for socket description
> > > (2) build_processor_hierarchy for processor description
> > > (3) build_smt_hierarchy for thread (logic processor) description
> > > 
> > > Signed-off-by: Ying Fang 
> > > Signed-off-by: Henglong Fan 
> > > ---
> > >   hw/acpi/aml-build.c | 40 +
> > >   include/hw/acpi/acpi-defs.h | 13 
> > >   include/hw/acpi/aml-build.h |  7 +++
> > >   3 files changed, 60 insertions(+)
> > > 
> > > diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
> > > index a2cd7a5830..a0af3e9d73 100644
> > > --- a/hw/acpi/aml-build.c
> > > +++ b/hw/acpi/aml-build.c
> > > @@ -1888,6 +1888,46 @@ void build_slit(GArray *table_data, BIOSLinker 
> > > *linker, MachineState *ms,
> > >table_data->len - slit_start, 1, oem_id, oem_table_id);
> > >   }
> > > +/*
> > > + * ACPI 6.3: 5.2.29.1 Processor hierarchy node structure (Type 0)
> > > + */
> > > +void build_socket_hierarchy(GArray *tbl, uint32_t parent, uint32_t id)
> > > +{
> > > +build_append_byte(tbl, ACPI_PPTT_TYPE_PROCESSOR); /* Type 0 - 
> > > processor */
> > > +build_append_byte(tbl, 20); /* Length, no private resources 
> > > */
> > > +build_append_int_noprefix(tbl, 0, 2);  /* Reserved */
> > > +build_append_int_noprefix(tbl, ACPI_PPTT_PHYSICAL_PACKAGE, 4);
> > 
> > Missing '/* Flags */'
> 
> Will fix.
> 
> > 
> > > +build_append_int_noprefix(tbl, parent, 4); /* Parent */
> > > +build_append_int_noprefix(tbl, id, 4); /* ACPI processor ID */
> > > +build_append_int_noprefix(tbl, 0, 4);  /* Number of private 
> > > resources */
> > > +}
> > > +
> > > +void build_processor_hierarchy(GArray *tbl, uint32_t flags,
> > > +   uint32_t parent, uint32_t id)
> > > +{
> > > +build_append_byte(tbl, ACPI_PPTT_TYPE_PROCESSOR);  /* Type 0 - 
> > > processor */
> > > +build_append_byte(tbl, 20); /* Length, no private resources 
> > > */
> > > +build_append_int_noprefix(tbl, 0, 2);  /* Reserved */
> > > +build_append_int_noprefix(tbl, flags, 4);  /* Flags */
> > > +build_append_int_noprefix(tbl, parent, 4); /* Parent */
> > > +build_append_int_noprefix(tbl, id, 4); /* ACPI processor ID */
> > > +build_append_int_noprefix(tbl, 0, 4);  /* Number of private 
> > > resources */
> > > +}
> > > +
> > > +void build_thread_hierarchy(GArray *tbl, uint32_t parent, uint32_t id)
> > > +{
> > > +build_append_byte(tbl, ACPI_PPTT_TYPE_PROCESSOR); /* Type 0 - 
> > > processor */
> > > +build_append_byte(tbl, 20);   /* Length, no private 
> > > resources */
> > > +build_append_int_noprefix(tbl, 0, 2); /* Reserved */
> > > +build_append_int_noprefix(tbl,
> > > +  ACPI_PPTT_ACPI_PROCESSOR_ID_VALID |
> > > +  ACPI_PPTT_ACPI_PROCESSOR_IS_THREAD |
> > > +  ACPI_PPTT_ACPI_LEAF_NODE, 4);  /* Flags */
> > > +build_append_int_noprefix(tbl, parent , 4); /* parent */
> > 
> > 'parent' not capitalized. We want these comments to exactly match the text
> > in the spec.
> 
> Will fix.
> 
> > 
> > > +build_append_int_noprefix(tbl, id, 4);  /* ACPI processor ID */
> > > +build_append_int_noprefix(tbl, 0, 4);   /* Num of private 
> > > resources */
> > > +}
> > > +
> > >   /* build rev1/rev3/rev5.1 FADT */
> > >   void build_fadt(GArray *tbl, BIOSLinker *linker, const AcpiFadtData *f,
> > >   const char *oem_id, const char *oem_table_id)
> > > diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
> > > index cf9f44299c..45e10d886f 100644
> > > --- a/include/hw/acpi/acpi-defs.h
> > > +++ b/include/hw/acpi/acpi-defs.h
> > > @@ -618,4 +618,17 @@ struct AcpiIortRC {
> > >   } QEMU_PACKED;
> > >   typedef struct AcpiIortRC AcpiIortRC;
> > > +enum {
> > > +ACPI_PPTT_TYPE_PROCESSOR = 0,
> > > +ACPI_PPTT_TYPE_CACHE,
> > > +ACPI_PPTT_TYPE_ID,
> > > +ACPI_PPTT_TYPE_RESERVED
> > > +};
> > > +
> > > +#define ACPI_PPTT_PHYSICAL_PACKAGE  (1)
> > > +#define ACPI_PPTT_ACPI_PROCESSOR_ID_VALID   (1 << 1)
> > > +#define ACPI_PPTT_ACPI_PROCESSOR_IS_THREAD  (1 << 2)  /* ACPI 6.3 */
> > > +#define ACPI_PPTT_ACPI_LEAF_NODE(1 << 3)  /* ACPI 6.3 */
> > > +#define ACPI_PPTT_ACPI_IDENTICAL(1 << 4)  /* ACPI 6.3 */
> > > +
> > >   #endif
> > > diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
> > > index 380d3e3

Re: [RFC PATCH 0/5] hw/arm/virt: Introduce cpu topology support

[Andrew Jones]

On Fri, Feb 26, 2021 at 04:41:45PM +0800, Ying Fang wrote:
> 
> 
> On 2/25/2021 8:02 PM, Andrew Jones wrote:
> > On Thu, Feb 25, 2021 at 04:56:22PM +0800, Ying Fang wrote:
> > > An accurate cpu topology may help improve the cpu scheduler's decision
> > > making when dealing with multi-core system. So cpu topology description
> > > is helpful to provide guest with the right view. Dario Faggioli's talk
> > > in [0] also shows the virtual topology may has impact on sched performace.
> > > Thus this patch series is posted to introduce cpu topology support for
> > > arm platform.
> > > 
> > > Both fdt and ACPI are introduced to present the cpu topology. To describe
> > > the cpu topology via ACPI, a PPTT table is introduced according to the
> > > processor hierarchy node structure. This series is derived from [1], in
> > > [1] we are trying to bring both cpu and cache topology support for arm
> > > platform, but there is still some issues to solve to support the cache
> > > hierarchy. So we split the cpu topology part out and send it seperately.
> > > The patch series to support cache hierarchy will be send later since
> > > Salil Mehta's cpu hotplug feature need the cpu topology enabled first and
> > > he is waiting for it to be upstreamed.
> > > 
> > > This patch series was initially based on the patches posted by Andrew 
> > > Jones [2].
> > > I jumped in on it since some OS vendor cooperative partner are eager for 
> > > it.
> > > Thanks for Andrew's contribution.
> > > 
> > > After applying this patch series, launch a guest with virt-6.0 and cpu
> > > topology configured with sockets:cores:threads = 2:4:2, you will get the
> > > bellow messages with the lscpu command.
> > > 
> > > -
> > > Architecture:aarch64
> > > CPU op-mode(s):  64-bit
> > > Byte Order:  Little Endian
> > > CPU(s):  16
> > > On-line CPU(s) list: 0-15
> > > Thread(s) per core:  2
> > 
> > What CPU model was used? Did it actually support threads? If these were
> 
> It's tested on Huawei Kunpeng 920 CPU model and vcpu host-passthrough.
> It does not support threads for now, but the next version 930 may
> support it. Here we emulate a virtual cpu topology, a virtual 2 threads
> is used to do the test.
> 
> 
> > KVM VCPUs, then I guess MPIDR.MT was not set on the CPUs. Apparently
> > that didn't confuse Linux? See [1] for how I once tried to deal with
> > threads.
> > 
> > [1] 
> > https://github.com/rhdrjones/qemu/commit/60218e0dd7b331031b644872d56f2aca42d0ff1e
> > 
> 
> If ACPI PPTT table is specified, the linux kernel won't check the MPIDR
> register to populate cpu topology. Moreover MPIDR does not ensure a
> right cpu topology. So it won't be a problem if MPIDR.MT is not set.

OK, so Linux doesn't care about MPIDR.MT with ACPI. What happens with
DT?

> 
> > > Core(s) per socket:  4
> > > Socket(s):   2
> > 
> > Good, but what happens if you specify '-smp 16'? Do you get 16 sockets
  ^^ You didn't answer this question.

> > each with 1 core? Or, do you get 1 socket with 16 cores? And, which do
> > we want and why? If you look at [2], then you'll see I was assuming we
> > want to prefer cores over sockets, since without topology descriptions
> > that's what the Linux guest kernel would do.
> > 
> > [2] 
> > https://github.com/rhdrjones/qemu/commit/c0670b1bccb4d08c7cf7c6957cc8878a2af131dd
> > 
> > > NUMA node(s):2
> > 
> > Why do we have two NUMA nodes in the guest? The two sockets in the
> > guest should not imply this.
> 
> The two NUMA nodes are emulated by Qemu since we already have guest numa
> topology feature.

That's what I suspected, and I presume only a single node is present when
you don't use QEMU's NUMA feature - even when you supply a VCPU topology
with multiple sockets?

Thanks,
drew

> So the two sockets in the guest has nothing to do with
> it. Actually even one socket may have two numa nodes in it in real cpu
> model.
> 
> > 
> > Thanks,
> > drew
> > 
> > > Vendor ID:   HiSilicon
> > > Model:   0
> > > Model name:  Kunpeng-920
> > > Stepping:0x1
> > > BogoMIPS:200.00
> > > NUMA node0 CPU(s):   0-7
> > > NUMA node1 CPU(s):   8-15
> > > 
> > > [0] 
> > > https://kvmforum2020.sched.com/event/eE1y/virtual-topology-for-virtual-machines-friend-or-foe-dario-faggioli-suse
> > > [1] https://lists.gnu.org/archive/html/qemu-devel/2020-11/msg02166.html
> > > [2] 
> > > https://patchwork.ozlabs.org/project/qemu-devel/cover/20180704124923.32483-1-drjo...@redhat.com
> > > 
> > > Ying Fang (5):
> > >device_tree: Add qemu_fdt_add_path
> > >hw/arm/virt: Add cpu-map to device tree
> > >hw/arm/virt-acpi-build: distinguish possible and present cpus
> > >hw/acpi/aml-build: add processor hie

Re: [PATCH 1/1] qga-vss: Use dynamic linking for GLib

[Konstantin Kostiuk]

ping

On Wed, Feb 17, 2021 at 2:54 PM Konstantin Kostiuk 
wrote:

> ping
>
> On Tue, Feb 9, 2021 at 4:54 PM Kostiantyn Kostiuk 
> wrote:
>
>> The current GLib version implements the DllMain function. DllMain is also
>> present in the provider.cpp code. So in the case of static linking, the
>> DllMain redefinition error occurs. For now, just switch to dynamic linking
>> and revert this patch when the issue will be solved.
>>
>> See Glib issue for more details
>> https://gitlab.gnome.org/GNOME/glib/-/issues/692
>>
>> Signed-off-by: Kostiantyn Kostiuk 
>> ---
>>  qga/vss-win32/meson.build | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/qga/vss-win32/meson.build b/qga/vss-win32/meson.build
>> index 780c461432..90825edef3 100644
>> --- a/qga/vss-win32/meson.build
>> +++ b/qga/vss-win32/meson.build
>> @@ -1,5 +1,5 @@
>>  if add_languages('cpp', required: false)
>> -  glib_static = dependency('glib-2.0', static: true)
>> +  glib_dynamic = dependency('glib-2.0', static: false)
>>link_args = cc.get_supported_link_arguments(['-fstack-protector-all',
>> '-fstack-protector-strong',
>>
>> '-Wl,--add-stdcall-alias', '-Wl,--enable-stdcall-fixup'])
>>
>> @@ -8,7 +8,7 @@ if add_languages('cpp', required: false)
>>  cpp_args: ['-Wno-unknown-pragmas',
>> '-Wno-delete-non-virtual-dtor', '-Wno-non-virtual-dtor'],
>>  link_args: link_args,
>>  vs_module_defs: 'qga-vss.def',
>> -dependencies: [glib_static, socket,
>> +dependencies: [glib_dynamic, socket,
>> cc.find_library('ole32'),
>> cc.find_library('oleaut32'),
>> cc.find_library('shlwapi'),
>> --
>> 2.25.1
>>
>>

Re: [PATCH 1/1] qemu_timer.c: add timer_deadline_ms() helper

[Greg Kurz]

On Thu, 25 Feb 2021 18:29:14 -0300
Daniel Henrique Barboza  wrote:

> The pSeries machine is using QEMUTimer internals to return the timeout
> in seconds for a timer object, in hw/ppc/spapr.c, function
> spapr_drc_unplug_timeout_remaining_sec().
> 
> Create a helper in qemu-timer.c to retrieve the deadline for a QEMUTimer
> object, in ms, to avoid exposing timer internals to the PPC code.
> 
> CC: Paolo Bonzini 
> Signed-off-by: Daniel Henrique Barboza 
> ---
> 
> This patch is applicable on top of David's ppc-for-6.0.
> 
>  hw/ppc/spapr_drc.c   |  5 ++---
>  include/qemu/timer.h |  8 
>  util/qemu-timer.c| 13 +
>  3 files changed, 23 insertions(+), 3 deletions(-)
> 
> diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
> index 8c4997d795..98b626acf9 100644
> --- a/hw/ppc/spapr_drc.c
> +++ b/hw/ppc/spapr_drc.c
> @@ -421,9 +421,8 @@ void spapr_drc_unplug_request(SpaprDrc *drc)
>  
>  int spapr_drc_unplug_timeout_remaining_sec(SpaprDrc *drc)
>  {
> -if (drc->unplug_requested && timer_pending(drc->unplug_timeout_timer)) {
> -return 
> (qemu_timeout_ns_to_ms(drc->unplug_timeout_timer->expire_time) -
> -qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL)) / 1000;
> +if (drc->unplug_requested) {
> +return timer_deadline_ms(drc->unplug_timeout_timer) / 1000;
>  }

Nice improvement. This also removes a dependency on QEMU_CLOCK_VIRTUAL
that we shouldn't need since we've already passed it to timer_new_ms()
during realize.

It seems that spapr_drc_start_unplug_timeout_timer() ...

static void spapr_drc_start_unplug_timeout_timer(SpaprDrc *drc)
{
SpaprDrcClass *drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);

if (drck->unplug_timeout_seconds != 0) {
timer_mod(drc->unplug_timeout_timer,
  qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
  drck->unplug_timeout_seconds * 1000);
}
}

...  could be simplified as well with a timer_mod_deadline_ms() helper,
but this can go to another patch.

>  
>  return 0;
> diff --git a/include/qemu/timer.h b/include/qemu/timer.h
> index 1678238384..5e76e3f8c2 100644
> --- a/include/qemu/timer.h
> +++ b/include/qemu/timer.h
> @@ -795,6 +795,14 @@ static inline int64_t get_max_clock_jump(void)
>  return 60 * NANOSECONDS_PER_SECOND;
>  }
>  
> +/**
> + * timer_deadline_ms:
> + *
> + * Returns the remaining miliseconds for @timer to expire, or zero
> + * if the timer is no longer pending.
> + */
> +int64_t timer_deadline_ms(QEMUTimer *timer);
> +
>  /*
>   * Low level clock functions
>   */
> diff --git a/util/qemu-timer.c b/util/qemu-timer.c
> index 81c28af517..3a03a63daa 100644
> --- a/util/qemu-timer.c
> +++ b/util/qemu-timer.c
> @@ -243,6 +243,19 @@ int64_t timerlist_deadline_ns(QEMUTimerList *timer_list)
>  return delta;
>  }
>  
> +/*
> + * Returns the time remaining for the deadline, in ms.
> + */
> +int64_t timer_deadline_ms(QEMUTimer *timer)
> +{
> +if (timer_pending(timer)) {
> +return qemu_timeout_ns_to_ms(timer->expire_time) -
> +   qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL);

This is assuming that the timer belongs to the QEMU_CLOCK_VIRTUAL
clock, which looks awkward for a presumably generic function.

Correct clock type can be accessed through ->timer_list :

qemu_clock_get_ms(timer->timer_list->clock->type)

> +}
> +
> +return 0;
> +}
> +
>  /* Calculate the soonest deadline across all timerlists attached
>   * to the clock. This is used for the icount timeout so we
>   * ignore whether or not the clock should be used in deadline

Re: [PATCH v2 0/2] gitlab-ci.yml: Add jobs to test CFI

[Daniel P . Berrangé]

On Fri, Feb 26, 2021 at 10:21:06AM -0500, Daniele Buono wrote:
> Build jobs are on the longer side (about 2h and 20m), but I thought it
> would be better to just have 6 large jobs than tens of smaller ones.

IMHO that is a not viable.

Our longest job today is approx 60 minutes, and that is already
painfully long when developers are repeatedly testing their
patch series to find and fix bugs before posting them for review.
I can perhaps get through 5-6 test cycles in a day. If we have a
2 hour 20 min job, then I'll get 2-3 test cycles a day.

I don't want to see any new jobs added which increase the longest
job execution time. We want to reduce our max job time if anything.


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PULL 27/29] vl: deprecate -writeconfig

[Paolo Bonzini]

On 01/03/21 09:00, Markus Armbruster wrote:

+warn_report("-writeconfig is deprecated.  It will go away in 
QEMU 6.2 with no replacement");
  if (strcmp(optarg, "-") == 0) {
  fp = stdout;
  } else {


Forgot to tweak the warning to "-writeconfig is deprecated and will go
away without a replacement"?


Didn't really forget; being pretty sure that there's no usage in the 
wild and having good reasons to remove the code, giving a firm removal 
date should encourage people to speak up sooner rather than later.


Paolo

Re: [PATCH 08/25] hmp: replace "O" parser with keyval

[Markus Armbruster]

Paolo Bonzini  writes:

> On 25/01/21 10:00, Markus Armbruster wrote:
>> Paolo Bonzini  writes:
>> 
>>> HMP is using QemuOpts to parse free-form commands device_add,
>>> netdev_add and object_add.  However, none of these need QemuOpts
>>> for validation (these three QemuOptsLists are all of the catch-all
>>> kind), and keyval is already able to parse into QDict.  So use
>>> keyval directly, avoiding the detour from
>>> string to QemuOpts to QDict.
>>>
>>> The args_type now stores the implied key.  This arguably makes more
>>> sense than storing the QemuOptsList name; at least, it _is_ a key
>>> that might end up in the arguments QDict.
>>>
>>> Signed-off-by: Paolo Bonzini 
>> 
>> Switching from QemuOpts to keyval changes the accepted language.  We may
>> change it, because HMP is not a stable interface.  The commit message
>> should point out the change, though.  Maybe even release notes, not
>> sure.
>> 
>> Let's recap the differences briefly:
>> 
>> * Boolean sugar: deprecated in QemuOpts, nonexistent in keyval
>> 
>> * QemuOpts accepts a number of more or less crazy corner cases keyval
>>rejects: invalid key, long key (silently truncated), first rather than
>>last id= wins (unlike other keys), implied key with empty value.
>> 
>> * QemuOpts rejects anti-social ID such as id=666, keyval leaves this to
>>the caller, because key "id" is not special in keyval.
>> 
>>Are these still rejected with your patch?
>
> Back here... No, and that's a feature.  There's no reason to reject 
> those ids.  However, this shows that Kevin's series to move --object to 
> keyval propagates a bug from qemu-storage-daemon to QEMU:
>
> $ storage-daemon/qemu-storage-daemon --object 
> authz-simple,id=123/546,identity=abc --chardev stdio,id=foo --monitor 
> chardev=foo
>  > {'execute':'qmp_capabilities'}
>  > {'execute':'qom-list', 'arguments': {'path':'/objects'}}
> < {"return": [{"name": "type", "type": "string"}, {"name": "123/546", 
> "type": "child"}]}
>
> Good luck using that object anywhere. :)

There is no reason to reject those IDs other than spoiling the fun we're
having with setting traps for our users.

Since QOM is treating '/' specially in paths, and uses IDs as path
components, it should reject '/' in IDs.  Same reasoning as for file
names.

We already restrict IDs to "letters, digits, '-', '.', '_', starting
with a letter" in several places, including QemuOpts.  We should do that
more, not less.

Permitting arbitrary IDs buys us nothing but trouble.

>> * device_add help,e1000
>> 
>>  {
>>  "e1000": "on",
>>  "driver": "help"
>>  }
>> 
>>Afterwards:
>>upstream-qemu: ../util/error.c:59: error_setv: Assertion `*errp == NULL' 
>> failed.
>
> I cannot reproduce it:
>
> $ ./qemu-system-x86_64 -M none -monitor stdio -display none
> QEMU 5.2.50 monitor - type 'help' for more information
> (qemu) device_add help,e1000
> Error: Parameter 'driver' is missing

I'll double-check and report back.

Re: [PATCH 2/3] docs: vhost-user: rewrite section on ring state machine

[Stefan Hajnoczi]

On Fri, Feb 26, 2021 at 09:34:12AM -0500, Paolo Bonzini wrote:
> This section is using the word "back-end" to refer to the
> "slave's back-end", and talking about the "client" for
> what the rest of the document calls the "slave".
> 
> Rework it to free the use of the term "back-end", which in
> the next patch will replace "slave".
> 
> Signed-off-by: Paolo Bonzini 
> ---
>  docs/interop/vhost-user.rst | 46 +
>  1 file changed, 21 insertions(+), 25 deletions(-)
> 
> diff --git a/docs/interop/vhost-user.rst b/docs/interop/vhost-user.rst
> index 6bbc092958..028ff98eac 100644
> --- a/docs/interop/vhost-user.rst
> +++ b/docs/interop/vhost-user.rst
> @@ -307,40 +307,36 @@ bit was dedicated for this purpose::
>  
>#define VHOST_USER_F_PROTOCOL_FEATURES 30
>  
> -Starting and stopping rings
> 
> +Ring states
> +---
>  
> -Client must only process each ring when it is started.
> +Rings can be in one of three states:
>  
> -Client must only pass data between the ring and the backend, when the
> -ring is enabled.
> +* stopped: the slave must not process the ring at all.
>  
> -If ring is started but disabled, client must process the ring without
> -talking to the backend.
> +* started but disabled: the slave must process the ring without
> +  causing any side effects.  For example, for a networking device,
> +  in the disabled state the slave must not supply any new RX packets,
> +  but must process and discard any TX packets.
>  
> -For example, for a networking device, in the disabled state client
> -must not supply any new RX packets, but must process and discard any
> -TX packets.
> +* started and enabled.
>  
> -If ``VHOST_USER_F_PROTOCOL_FEATURES`` has not been negotiated, the
> -ring is initialized in an enabled state.
> +Each ring is initialized in a stopped state.  The slave must start
> +ring upon receiving a kick (that is, detecting that file descriptor is

s/ring/the ring/

> +readable) on the descriptor specified by ``VHOST_USER_SET_VRING_KICK``
> +or receiving the in-band message ``VHOST_USER_VRING_KICK`` if negotiated,
> +and stop ring upon receiving ``VHOST_USER_GET_VRING_BASE``.

s/ring/the ring/

>  
> -If ``VHOST_USER_F_PROTOCOL_FEATURES`` has been negotiated, the ring is
> -initialized in a disabled state. Client must not pass data to/from the
> -backend until ring is enabled by ``VHOST_USER_SET_VRING_ENABLE`` with
> -parameter 1, or after it has been disabled by
> -``VHOST_USER_SET_VRING_ENABLE`` with parameter 0.
> +Rings can be enabled or disabled by ``VHOST_USER_SET_VRING_ENABLE``.
>  
> -Each ring is initialized in a stopped state, client must not process
> -it until ring is started, or after it has been stopped.
> +If ``VHOST_USER_F_PROTOCOL_FEATURES`` has not been negotiated, the
> +ring starts directly in the enabled state.

"starts" can be confused with the started ring state but is used to mean
"initialized" above. The following is clearer:
"ring is initialized to the stopped but enabled state"

>  
> -Client must start ring upon receiving a kick (that is, detecting that
> -file descriptor is readable) on the descriptor specified by
> -``VHOST_USER_SET_VRING_KICK`` or receiving the in-band message
> -``VHOST_USER_VRING_KICK`` if negotiated, and stop ring upon receiving
> -``VHOST_USER_GET_VRING_BASE``.
> +If ``VHOST_USER_F_PROTOCOL_FEATURES`` has been negotiated, the ring is
> +initialized in a disabled state and is enabled by
> +``VHOST_USER_SET_VRING_ENABLE`` with parameter 1.
>  
> -While processing the rings (whether they are enabled or not), client
> +While processing the rings (whether they are enabled or not), the slave
>  must support changing some configuration aspects on the fly.
>  
>  Multiple queue support
> -- 
> 2.26.2
> 
> 


signature.asc
Description: PGP signature

Re: [PATCH 1/3] docs: vhost-user: clean up request/reply description

[Stefan Hajnoczi]

On Fri, Feb 26, 2021 at 09:34:11AM -0500, Paolo Bonzini wrote:
> It is not necessary to mention which side is sending/receiving
> each payload; it is more interesting to say which is the request
> and which is the reply.  This also matches what vhost-user-gpu.rst
> already does.
> 
> While at it, ensure that all messages list both the request and
> the reply payload.
> 
> Signed-off-by: Paolo Bonzini 
> ---
>  docs/interop/vhost-user.rst | 163 +---
>  1 file changed, 95 insertions(+), 68 deletions(-)

Reviewed-by: Stefan Hajnoczi 


signature.asc
Description: PGP signature

Re: [PATCH 08/25] hmp: replace "O" parser with keyval

[Paolo Bonzini]

On 01/03/21 11:14, Markus Armbruster wrote:

There is no reason to reject those IDs other than spoiling the fun we're
having with setting traps for our users.

Since QOM is treating '/' specially in paths, and uses IDs as path
components, it should reject '/' in IDs.  Same reasoning as for file
names.


I agree; however I don't think it buys anything to do that in HMP rather 
than further down the call chain, because in the end there are other 
ways to get "anti-social" ids than HMP or the command line.  I commented 
on Kevin's object-add series about this issue.


Paolo


We already restrict IDs to "letters, digits, '-', '.', '_', starting
with a letter" in several places, including QemuOpts.  We should do that
more, not less.

Permitting arbitrary IDs buys us nothing but trouble.

Re: [PATCH 3/3] docs: vhost-user: replace master/slave with front-end/back-end

[Stefan Hajnoczi]

On Fri, Feb 26, 2021 at 09:34:13AM -0500, Paolo Bonzini wrote:
> -In the current implementation QEMU is the *master*, and the *slave* is
> -the external process consuming the virtio queues, for example a
> +In the current implementation QEMU is the *front-end*, and the *back-end*
> +is the external process consuming the virtio queues, for example a
>  software Ethernet switch running in user space, such as Snabbswitch,
> -or a block device backend processing read & write to a virtual
> -disk. In order to facilitate interoperability between various backend
> +or a block device back-end processing read & write to a virtual
> +disk. In order to facilitate interoperability between various back-end
>  implementations, it is recommended to follow the :ref:`Backend program
>  conventions `.

The spec uses "backend" but this patch uses "back-end".

Searching the web shows that "back end", "back-end", and "backend" are
all commonly used. I don't think there is a right or wrong choice since
all spellings are popular. It would be nice to stay consistent and use
"backend"/"frontend" in this document.


signature.asc
Description: PGP signature

Re: [PATCH 1/3] docs: vhost-user: clean up request/reply description

[Stefano Garzarella]

On Fri, Feb 26, 2021 at 09:34:11AM -0500, Paolo Bonzini wrote:

It is not necessary to mention which side is sending/receiving
each payload; it is more interesting to say which is the request
and which is the reply.  This also matches what vhost-user-gpu.rst
already does.

While at it, ensure that all messages list both the request and
the reply payload.

Signed-off-by: Paolo Bonzini 
---
docs/interop/vhost-user.rst | 163 +---
1 file changed, 95 insertions(+), 68 deletions(-)

diff --git a/docs/interop/vhost-user.rst b/docs/interop/vhost-user.rst
index d6085f7045..6bbc092958 100644
--- a/docs/interop/vhost-user.rst
+++ b/docs/interop/vhost-user.rst
@@ -841,8 +841,8 @@ Master message types


As for the slave messages, how about adding this to the beginning of 
this section?


+ For this type of message, the request is sent by the master and the
+ reply is sent by the slave.



``VHOST_USER_GET_FEATURES``
  :id: 1
  :equivalent ioctl: ``VHOST_GET_FEATURES``
-  :master payload: N/A
-  :slave payload: ``u64``
+  :request payload: N/A
+  :reply payload: ``u64``

  Get from the underlying vhost implementation the features bitmask.
  Feature bit ``VHOST_USER_F_PROTOCOL_FEATURES`` signals slave support
@@ -852,7 +852,8 @@ Master message types
``VHOST_USER_SET_FEATURES``
  :id: 2
  :equivalent ioctl: ``VHOST_SET_FEATURES``
-  :master payload: ``u64``
+  :request payload: ``u64``
+  :reply payload: N/A

  Enable features in the underlying vhost implementation using a
  bitmask.  Feature bit ``VHOST_USER_F_PROTOCOL_FEATURES`` signals
@@ -862,8 +863,8 @@ Master message types
``VHOST_USER_GET_PROTOCOL_FEATURES``
  :id: 15
  :equivalent ioctl: ``VHOST_GET_FEATURES``
-  :master payload: N/A
-  :slave payload: ``u64``
+  :request payload: N/A
+  :reply payload: ``u64``

  Get the protocol feature bitmask from the underlying vhost
  implementation.  Only legal if feature bit
@@ -878,7 +879,8 @@ Master message types
``VHOST_USER_SET_PROTOCOL_FEATURES``
  :id: 16
  :equivalent ioctl: ``VHOST_SET_FEATURES``
-  :master payload: ``u64``
+  :request payload: ``u64``
+  :reply payload: N/A

  Enable protocol features in the underlying vhost implementation.

@@ -892,7 +894,8 @@ Master message types
``VHOST_USER_SET_OWNER``
  :id: 3
  :equivalent ioctl: ``VHOST_SET_OWNER``
-  :master payload: N/A
+  :request payload: N/A
+  :reply payload: N/A

  Issued when a new connection is established. It sets the current
  *master* as an owner of the session. This can be used on the *slave*
@@ -900,7 +903,8 @@ Master message types

``VHOST_USER_RESET_OWNER``
  :id: 4
-  :master payload: N/A
+  :request payload: N/A
+  :reply payload: N/A

.. admonition:: Deprecated

@@ -913,8 +917,8 @@ Master message types
``VHOST_USER_SET_MEM_TABLE``
  :id: 5
  :equivalent ioctl: ``VHOST_SET_MEM_TABLE``
-  :master payload: memory regions description
-  :slave payload: (postcopy only) memory regions description
+  :request payload: memory regions description
+  :reply payload: (postcopy only) memory regions description

  Sets the memory map regions on the slave so it can translate the
  vring addresses. In the ancillary data there is an array of file
@@ -937,8 +941,8 @@ Master message types
``VHOST_USER_SET_LOG_BASE``
  :id: 6
  :equivalent ioctl: ``VHOST_SET_LOG_BASE``
-  :master payload: u64
-  :slave payload: N/A
+  :request payload: u64
+  :reply payload: N/A

  Sets logging shared memory space.

@@ -950,44 +954,48 @@ Master message types
``VHOST_USER_SET_LOG_FD``
  :id: 7
  :equivalent ioctl: ``VHOST_SET_LOG_FD``
-  :master payload: N/A
+  :request payload: N/A
+  :reply payload: N/A

  Sets the logging file descriptor, which is passed as ancillary data.

``VHOST_USER_SET_VRING_NUM``
  :id: 8
  :equivalent ioctl: ``VHOST_SET_VRING_NUM``
-  :master payload: vring state description
+  :request payload: vring state description
+  :reply payload: N/A

  Set the size of the queue.

``VHOST_USER_SET_VRING_ADDR``
  :id: 9
  :equivalent ioctl: ``VHOST_SET_VRING_ADDR``
-  :master payload: vring address description
-  :slave payload: N/A
+  :request payload: vring address description
+  :reply payload: N/A

  Sets the addresses of the different aspects of the vring.

``VHOST_USER_SET_VRING_BASE``
  :id: 10
  :equivalent ioctl: ``VHOST_SET_VRING_BASE``
-  :master payload: vring state description
+  :request payload: vring state description
+  :reply payload: N/A

  Sets the base offset in the available vring.

``VHOST_USER_GET_VRING_BASE``
  :id: 11
  :equivalent ioctl: ``VHOST_USER_GET_VRING_BASE``
-  :master payload: vring state description
-  :slave payload: vring state description
+  :request payload: vring state description
+  :reply payload: vring state description

  Get the available vring base offset.

``VHOST_USER_SET_VRING_KICK``
  :id: 12
  :equivalent ioctl: ``VHOST_SET_VRING_KICK``
-  :master payload: ``u64``
+  :request payload: ``u64``
+  :reply payload: N/A

  Set the event file descriptor for adding buffers to the

Re: [PATCH v2 2/5] hw/arm: ast2600: Set AST2600_MAX_IRQ to value from datasheet

[Cédric Le Goater]

On 3/1/21 2:06 AM, Andrew Jeffery wrote:
> The datasheet says we have 197 IRQs allocated, and we need more than 128
> to describe IRQs from LPC devices. Raise the value now to allow
> modelling of the LPC devices.
> 
> Signed-off-by: Andrew Jeffery 

Reviewed-by: Cédric Le Goater 

> ---
>  hw/arm/aspeed_ast2600.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c
> index bc0eeb058b24..22fcb5b0edbe 100644
> --- a/hw/arm/aspeed_ast2600.c
> +++ b/hw/arm/aspeed_ast2600.c
> @@ -65,7 +65,7 @@ static const hwaddr aspeed_soc_ast2600_memmap[] = {
>  
>  #define ASPEED_A7MPCORE_ADDR 0x4046
>  
> -#define AST2600_MAX_IRQ 128
> +#define AST2600_MAX_IRQ 197
>  
>  /* Shared Peripheral Interrupt values below are offset by -32 from datasheet 
> */
>  static const int aspeed_soc_ast2600_irqmap[] = {
> 

Re: [PATCH v2 3/5] hw/arm: ast2600: Correct the iBT interrupt ID

[Cédric Le Goater]

On 3/1/21 2:06 AM, Andrew Jeffery wrote:
> The AST2600 allocates distinct GIC IRQs for the LPC subdevices such as
> the iBT device. Previously on the AST2400 and AST2500 the LPC subdevices
> shared a single LPC IRQ.
> 
> Signed-off-by: Andrew Jeffery 

Reviewed-by: Cédric Le Goater 


> ---
>  hw/arm/aspeed_ast2600.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c
> index 22fcb5b0edbe..2125a96ef317 100644
> --- a/hw/arm/aspeed_ast2600.c
> +++ b/hw/arm/aspeed_ast2600.c
> @@ -98,7 +98,7 @@ static const int aspeed_soc_ast2600_irqmap[] = {
>  [ASPEED_DEV_WDT]   = 24,
>  [ASPEED_DEV_PWM]   = 44,
>  [ASPEED_DEV_LPC]   = 35,
> -[ASPEED_DEV_IBT]   = 35,/* LPC */
> +[ASPEED_DEV_IBT]   = 143,
>  [ASPEED_DEV_I2C]   = 110,   /* 110 -> 125 */
>  [ASPEED_DEV_ETH1]  = 2,
>  [ASPEED_DEV_ETH2]  = 3,
> 

Re: [PATCH] linux-user: manage binfmt-misc preserve-arg[0] flag

[John Paul Adrian Glaubitz]

Hi Michael!

On 2/22/21 3:58 PM, Michael Tokarev wrote:
> 22.02.2021 17:54, John Paul Adrian Glaubitz wrote:
> 
>> OK, gotcha. Is it supposed to work with systemd-binfmt? It looks like it 
>> depends
>> on the old binfmt-support package.
> 
> the qemu 4-line patch does not depend on any particular system, it relies on a
> special name of its own argv[0] when registering the binfmt entry.  In order 
> to
> utilize it, we create a special-named symlink to qemu-foo and register that 
> one
> with the binfmt-misc subsystem, no matter if it is systemd or binfmt-support 
> or
> whatever else.

I have been trying to get qemu-user working with sbuild as it is shipped in 
Debian
unstable now but I didn't have any success.

Do you have some instructions somewhere how to get qemu-user working with 
sbuild?

My standard method [1] no longer works with the qemu-user-static package that is
shipped in unstable now:

> E: 15binfmt: update-binfmts: unable to open 
> /var/run/schroot/mount/sid-m68k-sbuild-b1484996-cb57-436b-b491-60665add9bb8/bin/sh:
>  No such file or directory
> E: Failed to execute “/usr/bin/getent”: No such file or directory
> E: Failed to execute “/usr/sbin/groupadd”: No such file or directory
> E: Failed to create group sbuild

Adrian

> [1] https://wiki.debian.org/M68k/sbuildQEMU

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Re: [PATCH] linux-user: manage binfmt-misc preserve-arg[0] flag

[Michael Tokarev]

01.03.2021 13:35, John Paul Adrian Glaubitz wrote:
..

I have been trying to get qemu-user working with sbuild as it is shipped in 
Debian
unstable now but I didn't have any success.

Do you have some instructions somewhere how to get qemu-user working with 
sbuild?


Have you seen #983087 which I fixed yesterday?

/mjt

Re: [PATCH v3 12/21] sd: emmc: add CMD21 tuning sequence

[Dr. David Alan Gilbert]

* Sai Pavan Boddu (sai.pavan.bo...@xilinx.com) wrote:
> eMMC cards support tuning sequence for entering HS200 mode.
> 
> Signed-off-by: Sai Pavan Boddu 
> Signed-off-by: Edgar E. Iglesias 
> ---
>  hw/sd/sd.c | 47 +++
>  1 file changed, 47 insertions(+)
> 
> diff --git a/hw/sd/sd.c b/hw/sd/sd.c
> index bf963ec..174c28e 100644
> --- a/hw/sd/sd.c
> +++ b/hw/sd/sd.c
> @@ -1386,6 +1386,14 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, 
> SDRequest req)
>  }
>  break;
>  
> +case 21:/* CMD21: mmc SEND TUNING_BLOCK */
> +if (sd->emmc && (sd->state == sd_transfer_state)) {
> +sd->state = sd_sendingdata_state;
> +sd->data_offset = 0;
> +return sd_r1;
> +}
> +break;
> +
>  case 23:/* CMD23: SET_BLOCK_COUNT */
>  if (sd->spec_version < SD_PHY_SPECv3_01_VERS) {
>  break;
> @@ -2120,6 +2128,30 @@ static const uint8_t 
> sd_tuning_block_pattern[SD_TUNING_BLOCK_SIZE] = {
>  0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde,
>  };
>  
> +#define EXCSD_BUS_WIDTH_OFFSET 183
> +#define BUS_WIDTH_8_MASK0x4
> +#define BUS_WIDTH_4_MASK0x2
> +#define MMC_TUNING_BLOCK_SIZE   128
> +
> +static const uint8_t mmc_tunning_block_pattern[128] = {
> +   0xff, 0xff, 0x00, 0xff, 0xff, 0xff, 0x00, 0x00,
> +   0xff, 0xff, 0xcc, 0xcc, 0xcc, 0x33, 0xcc, 0xcc,
> +   0xcc, 0x33, 0x33, 0xcc, 0xcc, 0xcc, 0xff, 0xff,
> +   0xff, 0xee, 0xff, 0xff, 0xff, 0xee, 0xee, 0xff,
> +   0xff, 0xff, 0xdd, 0xff, 0xff, 0xff, 0xdd, 0xdd,
> +   0xff, 0xff, 0xff, 0xbb, 0xff, 0xff, 0xff, 0xbb,
> +   0xbb, 0xff, 0xff, 0xff, 0x77, 0xff, 0xff, 0xff,
> +   0x77, 0x77, 0xff, 0x77, 0xbb, 0xdd, 0xee, 0xff,
> +   0xff, 0xff, 0xff, 0x00, 0xff, 0xff, 0xff, 0x00,
> +   0x00, 0xff, 0xff, 0xcc, 0xcc, 0xcc, 0x33, 0xcc,
> +   0xcc, 0xcc, 0x33, 0x33, 0xcc, 0xcc, 0xcc, 0xff,
> +   0xff, 0xff, 0xee, 0xff, 0xff, 0xff, 0xee, 0xee,
> +   0xff, 0xff, 0xff, 0xdd, 0xff, 0xff, 0xff, 0xdd,
> +   0xdd, 0xff, 0xff, 0xff, 0xbb, 0xff, 0xff, 0xff,
> +   0xbb, 0xbb, 0xff, 0xff, 0xff, 0x77, 0xff, 0xff,
> +   0xff, 0x77, 0x77, 0xff, 0x77, 0xbb, 0xdd, 0xee,

Where does this magic pattern come from?  Is it part of some spec?

Dave

> +};
> +
>  uint8_t sd_read_byte(SDState *sd)
>  {
>  /* TODO: Append CRCs */
> @@ -2213,6 +2245,21 @@ uint8_t sd_read_byte(SDState *sd)
>  ret = sd_tuning_block_pattern[sd->data_offset++];
>  break;
>  
> +case 21:/* CMD21: SEND_TUNNING_BLOCK (MMC) */
> +if (sd->data_offset >= MMC_TUNING_BLOCK_SIZE - 1) {
> +sd->state = sd_transfer_state;
> +}
> +if (sd->ext_csd[EXCSD_BUS_WIDTH_OFFSET] & BUS_WIDTH_8_MASK) {
> +ret = mmc_tunning_block_pattern[sd->data_offset++];
> +} else {
> +/* Return LSB Nibbles of two byte from the 8bit tuning block
> + * for 4bit mode
> + */
> +ret = mmc_tunning_block_pattern[sd->data_offset++] & 0x0F;
> +ret |= (mmc_tunning_block_pattern[sd->data_offset++] & 0x0F) << 
> 4;
> +}
> +break;
> +
>  case 22:/* ACMD22: SEND_NUM_WR_BLOCKS */
>  ret = sd->data[sd->data_offset ++];
>  
> -- 
> 2.7.4
> 
-- 
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [PATCH 08/25] hmp: replace "O" parser with keyval

[Markus Armbruster]

Markus Armbruster  writes:

> Paolo Bonzini  writes:
>
>> HMP is using QemuOpts to parse free-form commands device_add,
>> netdev_add and object_add.  However, none of these need QemuOpts
>> for validation (these three QemuOptsLists are all of the catch-all
>> kind), and keyval is already able to parse into QDict.  So use
>> keyval directly, avoiding the detour from
>> string to QemuOpts to QDict.
>>
>> The args_type now stores the implied key.  This arguably makes more
>> sense than storing the QemuOptsList name; at least, it _is_ a key
>> that might end up in the arguments QDict.
>>
>> Signed-off-by: Paolo Bonzini 
>
> Switching from QemuOpts to keyval changes the accepted language.  We may
> change it, because HMP is not a stable interface.  The commit message
> should point out the change, though.  Maybe even release notes, not
> sure.
>
> Let's recap the differences briefly:
>
> * Boolean sugar: deprecated in QemuOpts, nonexistent in keyval
>
> * QemuOpts accepts a number of more or less crazy corner cases keyval
>   rejects: invalid key, long key (silently truncated), first rather than
>   last id= wins (unlike other keys), implied key with empty value.
>
> * QemuOpts rejects anti-social ID such as id=666, keyval leaves this to
>   the caller, because key "id" is not special in keyval.
>
>   Are these still rejected with your patch?
>
>> ---
>>  hmp-commands.hx |  6 +++---
>>  monitor/hmp.c   | 20 +---
>>  2 files changed, 12 insertions(+), 14 deletions(-)
>>
>> diff --git a/hmp-commands.hx b/hmp-commands.hx
>> index 73e0832ea1..6ee746b53e 100644
>> --- a/hmp-commands.hx
>> +++ b/hmp-commands.hx
>> @@ -669,7 +669,7 @@ ERST
>>  
>>  {
>>  .name   = "device_add",
>> -.args_type  = "device:O",
>> +.args_type  = "driver:O",
>>  .params = "driver[,prop=value][,...]",
>>  .help   = "add device, like -device on the command line",
>>  .cmd= hmp_device_add,
>> @@ -1315,7 +1315,7 @@ ERST
>>  
>>  {
>>  .name   = "netdev_add",
>> -.args_type  = "netdev:O",
>> +.args_type  = "type:O",
>>  .params = 
>> "[user|tap|socket|vde|bridge|hubport|netmap|vhost-user],id=str[,prop=value][,...]",
>>  .help   = "add host network device",
>>  .cmd= hmp_netdev_add,
>> @@ -1343,7 +1343,7 @@ ERST
>>  
>>  {
>>  .name   = "object_add",
>> -.args_type  = "object:O",
>> +.args_type  = "qom-type:O",
>>  .params = "[qom-type=]type,id=str[,prop=value][,...]",
>>  .help   = "create QOM object",
>>  .cmd= hmp_object_add,
>> diff --git a/monitor/hmp.c b/monitor/hmp.c
>> index 6c0b33a0b1..d2cb886da5 100644
>> --- a/monitor/hmp.c
>> +++ b/monitor/hmp.c
>> @@ -744,13 +744,9 @@ static QDict *monitor_parse_arguments(Monitor *mon,
>>  break;
>>  case 'O':
>>  {
>> -QemuOptsList *opts_list;
>> -QemuOpts *opts;
>> +Error *errp;

Missing initializer.  This is what causes the assertion failure reported
below.

>> +bool help;
>>  
>> -opts_list = qemu_find_opts(key);
>> -if (!opts_list || opts_list->desc->name) {
>> -goto bad_type;
>> -}
>>  while (qemu_isspace(*p)) {
>>  p++;
>>  }
>> @@ -760,12 +756,14 @@ static QDict *monitor_parse_arguments(Monitor *mon,
>>  if (get_str(buf, sizeof(buf), &p) < 0) {
>>  goto fail;
>>  }
>> -opts = qemu_opts_parse_noisily(opts_list, buf, true);
>> -if (!opts) {
>> -goto fail;
>> +keyval_parse_into(qdict, buf, key, &help, &errp);
>> +if (help) {
>
> Uh...
>
>> +if (qdict_haskey(qdict, key)) {
>
> If we parsed a value for the implied key (sugared or not),
>
>> +qdict_put_bool(qdict, "help", true);
>
> then encode the help request by mapping key "help" to true,
>
>> +} else {
>> +qdict_put_str(qdict, key, "help");
>
> else by mapping the implied key to "help".
>
>> +}
>
> Test cases:
>
> * device_add help
>
>   @qdict before the patch:
>
> {
> "driver": "help"
> }
>
>   No change.
>
> * device_add e1000,help
>
>   @qdict before the patch:
>
> {
> "driver": "e1000",
> "help": "on"
> }
>
>   Afterwards:
>
> {
> "driver": "e1000",
> "help": true
> }
>
>   If this is okay, the commit message should explain it.
>
> * device_add help,e1000
>
> {
> "e1000": "on",
> "driver": "help"
> }
>
>   Afterwards:
>   upstream-qemu: ../util/error.c:59: error_setv: Assertion `*errp == NULL' 
> failed.

Optimization masks this crash for me.

With proper initialization, I

Re: [PATCH] iotests: Fix up python style in 300

[Kevin Wolf]

Am 15.02.2021 um 23:05 hat Eric Blake geschrieben:
> Break some long lines, and relax our type hints to be more generic to
> any JSON, in order to more easily permit the additional JSON depth now
> possible in migration parameters.  Detected by iotest 297.
> 
> Fixes: ca4bfec41d56
>  (qemu-iotests: 300: Add test case for modifying persistence of bitmap)
> Reported-by: Kevin Wolf 
> Signed-off-by: Eric Blake 

Thanks, applied to the block branch.

Kevin

Re: [PATCH v2 5/5] hw/misc: Model KCS devices in the Aspeed LPC controller

[Cédric Le Goater]

On 3/1/21 2:06 AM, Andrew Jeffery wrote:
> Keyboard-Controller-Style devices for IPMI purposes are exposed via LPC
> IO cycles from the BMC to the host.
> 
> Expose support on the BMC side by implementing the usual MMIO
> behaviours, and expose the ability to inspect the KCS registers in
> "host" style by accessing QOM properties associated with each register.
> 
> The model caters to the IRQ style of both the AST2600 and the earlier
> SoCs (AST2400 and AST2500). The AST2600 allocates an IRQ for each LPC
> sub-device, while there is a single IRQ shared across all subdevices on
> the AST2400 and AST2500.
> 
> Signed-off-by: Andrew Jeffery 

Reviewed-by: Cédric Le Goater 


> ---
>  hw/arm/aspeed_ast2600.c  |  28 ++-
>  hw/arm/aspeed_soc.c  |  24 ++-
>  hw/misc/aspeed_lpc.c | 359 ++-
>  include/hw/arm/aspeed_soc.h  |   1 +
>  include/hw/misc/aspeed_lpc.h |  17 +-
>  5 files changed, 424 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c
> index 60152de001e6..fd463775d281 100644
> --- a/hw/arm/aspeed_ast2600.c
> +++ b/hw/arm/aspeed_ast2600.c
> @@ -104,7 +104,7 @@ static const int aspeed_soc_ast2600_irqmap[] = {
>  [ASPEED_DEV_ETH2]  = 3,
>  [ASPEED_DEV_ETH3]  = 32,
>  [ASPEED_DEV_ETH4]  = 33,
> -
> +[ASPEED_DEV_KCS]   = 138,   /* 138 -> 142 */
>  };
>  
>  static qemu_irq aspeed_soc_get_irq(AspeedSoCState *s, int ctrl)
> @@ -477,8 +477,34 @@ static void aspeed_soc_ast2600_realize(DeviceState *dev, 
> Error **errp)
>  return;
>  }
>  sysbus_mmio_map(SYS_BUS_DEVICE(&s->lpc), 0, sc->memmap[ASPEED_DEV_LPC]);
> +
> +/* Connect the LPC IRQ to the GIC. It is otherwise unused. */
>  sysbus_connect_irq(SYS_BUS_DEVICE(&s->emmc), 0,
> aspeed_soc_get_irq(s, ASPEED_DEV_LPC));
> +
> +/*
> + * On the AST2600 LPC subdevice IRQs are connected straight to the GIC.
> + *
> + * LPC subdevice IRQ sources are offset from 1 because the LPC model 
> caters
> + * to the AST2400 and AST2500. SoCs before the AST2600 have one LPC IRQ
> + * shared across the subdevices, and the shared IRQ output to the VIC is 
> at
> + * offset 0.
> + */
> +sysbus_connect_irq(SYS_BUS_DEVICE(&s->lpc), 1 + aspeed_lpc_kcs_1,
> +   qdev_get_gpio_in(DEVICE(&s->a7mpcore),
> +sc->irqmap[ASPEED_DEV_KCS] + 
> aspeed_lpc_kcs_1));
> +
> +sysbus_connect_irq(SYS_BUS_DEVICE(&s->lpc), 1 + aspeed_lpc_kcs_2,
> +   qdev_get_gpio_in(DEVICE(&s->a7mpcore),
> +sc->irqmap[ASPEED_DEV_KCS] + 
> aspeed_lpc_kcs_2));
> +
> +sysbus_connect_irq(SYS_BUS_DEVICE(&s->lpc), 1 + aspeed_lpc_kcs_3,
> +   qdev_get_gpio_in(DEVICE(&s->a7mpcore),
> +sc->irqmap[ASPEED_DEV_KCS] + 
> aspeed_lpc_kcs_3));
> +
> +sysbus_connect_irq(SYS_BUS_DEVICE(&s->lpc), 1 + aspeed_lpc_kcs_4,
> +   qdev_get_gpio_in(DEVICE(&s->a7mpcore),
> +sc->irqmap[ASPEED_DEV_KCS] + 
> aspeed_lpc_kcs_4));
>  }
>  
>  static void aspeed_soc_ast2600_class_init(ObjectClass *oc, void *data)
> diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
> index 4f098da437ac..057d053c8478 100644
> --- a/hw/arm/aspeed_soc.c
> +++ b/hw/arm/aspeed_soc.c
> @@ -112,7 +112,6 @@ static const int aspeed_soc_ast2400_irqmap[] = {
>  [ASPEED_DEV_WDT]= 27,
>  [ASPEED_DEV_PWM]= 28,
>  [ASPEED_DEV_LPC]= 8,
> -[ASPEED_DEV_IBT]= 8, /* LPC */
>  [ASPEED_DEV_I2C]= 12,
>  [ASPEED_DEV_ETH1]   = 2,
>  [ASPEED_DEV_ETH2]   = 3,
> @@ -401,8 +400,31 @@ static void aspeed_soc_realize(DeviceState *dev, Error 
> **errp)
>  return;
>  }
>  sysbus_mmio_map(SYS_BUS_DEVICE(&s->lpc), 0, sc->memmap[ASPEED_DEV_LPC]);
> +
> +/* Connect the LPC IRQ to the VIC */
>  sysbus_connect_irq(SYS_BUS_DEVICE(&s->lpc), 0,
> aspeed_soc_get_irq(s, ASPEED_DEV_LPC));
> +
> +/*
> + * On the AST2400 and AST2500 the one LPC IRQ is shared between all of 
> the
> + * subdevices. Connect the LPC subdevice IRQs to the LPC controller IRQ 
> (by
> + * contrast, on the AST2600, the subdevice IRQs are connected straight to
> + * the GIC).
> + *
> + * LPC subdevice IRQ sources are offset from 1 because the shared IRQ 
> output
> + * to the VIC is at offset 0.
> + */
> +sysbus_connect_irq(SYS_BUS_DEVICE(&s->lpc), 1 + aspeed_lpc_kcs_1,
> +   qdev_get_gpio_in(DEVICE(&s->lpc), aspeed_lpc_kcs_1));
> +
> +sysbus_connect_irq(SYS_BUS_DEVICE(&s->lpc), 1 + aspeed_lpc_kcs_2,
> +   qdev_get_gpio_in(DEVICE(&s->lpc), aspeed_lpc_kcs_2));
> +
> +sysbus_connect_irq(SYS_BUS_DEVICE(&s->lpc), 1 + aspeed_lpc_kcs_3,
> +   qdev_get_gpio_in(DEVICE(&s->lpc), aspeed_lpc_kcs_3));
> +
> +sysbus_connect

Re: [PATCH 3/3] docs: vhost-user: replace master/slave with front-end/back-end

[Paolo Bonzini]

On 01/03/21 11:23, Stefan Hajnoczi wrote:

The spec uses "backend" but this patch uses "back-end".

Searching the web shows that "back end", "back-end", and "backend" are
all commonly used. I don't think there is a right or wrong choice since
all spellings are popular. It would be nice to stay consistent and use
"backend"/"frontend" in this document.


Ok, will fix in v2.

Paolo

Re: [PATCH 1/3] docs: vhost-user: clean up request/reply description

[Paolo Bonzini]

On 01/03/21 11:32, Stefano Garzarella wrote:




As for the slave messages, how about adding this to the beginning of 
this section?


+ For this type of message, the request is sent by the master and the
+ reply is sent by the slave.


Ok.

Paolo

[PATCH v1] acpi: increase maximum size for "etc/table-loader" blob

[David Hildenbrand]

The resizeable memory region that is created for the cmd blob has a maximum
size of ACPI_BUILD_ALIGN_SIZE - 4k. This used to be sufficient, however,
as we try fitting in additional data (e.g., vmgenid, nvdimm, intel-iommu),
we require more than 4k and can crash QEMU when trying to resize the
resizeable memory region beyond its maximum size:
  $ build/qemu-system-x86_64 --enable-kvm \
  -machine q35,nvdimm=on \
  -smp 1 \
  -cpu host \
  -m size=2G,slots=8,maxmem=4G \
  -object memory-backend-file,id=mem0,mem-path=/tmp/nvdimm,size=256M \
  -device nvdimm,label-size=131072,memdev=mem0,id=nvdimm0,slot=1 \
  -nodefaults \
  -device vmgenid \
  -device intel-iommu

Results in:
  Unexpected error in qemu_ram_resize() at ../softmmu/physmem.c:1850:
  qemu-system-x86_64: Size too large: /rom@etc/table-loader:
0x2000 > 0x1000: Invalid argument

We try growing the resizeable memory region (resizeable RAMBlock) beyond
its maximum size. Let's increase the maximum size from 4k to 64k, which
should be good enough for the near future.

Migration is not concerned with the maximum size of a RAMBlock, only
with the used size - so existing setups are not affected. Of course, we
cannot migrate a VM that would have crash when started on older QEMU from
new QEMU to older QEMU without failing early on the destination when
synchronizing the RAM state:
qemu-system-x86_64: Size too large: /rom@etc/table-loader: 0x2000 > 0x1000: 
Invalid argument
qemu-system-x86_64: error while loading state for instance 0x0 of device 
'ram'
qemu-system-x86_64: load of migration failed: Invalid argument

While at it, replace "etc/table-loader" by ACPI_BUILD_LOADER_FILE in
the microvm.

Note: we could warn for problematic setups that migration might not
always be possible - similar to how we handle the table blob; or we
could disallow setups that would have crashed until now for compat
machines. But I am not sure if the effort (messing compat machine
properties) is worth it as we fail migration in a safe way early.

Cc: Alistair Francis 
Cc: Paolo Bonzini 
Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Peter Maydell 
Cc: Shannon Zhao 
Cc: Marcel Apfelbaum 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: qemu-...@nongnu.org
Signed-off-by: David Hildenbrand 
---
 hw/arm/virt-acpi-build.c| 3 ++-
 hw/i386/acpi-build.c| 3 ++-
 hw/i386/acpi-microvm.c  | 3 ++-
 include/hw/acpi/aml-build.h | 1 +
 4 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index f9c9df916c..a91550de6f 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -865,7 +865,8 @@ void virt_acpi_setup(VirtMachineState *vms)
 
 build_state->linker_mr =
 acpi_add_rom_blob(virt_acpi_build_update, build_state,
-  tables.linker->cmd_blob, ACPI_BUILD_LOADER_FILE, 0);
+  tables.linker->cmd_blob, ACPI_BUILD_LOADER_FILE,
+  ACPI_BUILD_LOADER_MAX_SIZE);
 
 fw_cfg_add_file(vms->fw_cfg, ACPI_BUILD_TPMLOG_FILE, tables.tcpalog->data,
 acpi_data_len(tables.tcpalog));
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 31a5f6f4a5..a75138ea5a 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2524,7 +2524,8 @@ void acpi_setup(void)
 
 build_state->linker_mr =
 acpi_add_rom_blob(acpi_build_update, build_state,
-  tables.linker->cmd_blob, ACPI_BUILD_LOADER_FILE, 0);
+  tables.linker->cmd_blob, ACPI_BUILD_LOADER_FILE,
+  ACPI_BUILD_LOADER_MAX_SIZE);
 
 fw_cfg_add_file(x86ms->fw_cfg, ACPI_BUILD_TPMLOG_FILE,
 tables.tcpalog->data, acpi_data_len(tables.tcpalog));
diff --git a/hw/i386/acpi-microvm.c b/hw/i386/acpi-microvm.c
index 54b3af478a..fe8a965fe6 100644
--- a/hw/i386/acpi-microvm.c
+++ b/hw/i386/acpi-microvm.c
@@ -255,7 +255,8 @@ void acpi_setup_microvm(MicrovmMachineState *mms)
   ACPI_BUILD_TABLE_MAX_SIZE);
 acpi_add_rom_blob(acpi_build_no_update, NULL,
   tables.linker->cmd_blob,
-  "etc/table-loader", 0);
+  ACPI_BUILD_LOADER_FILE,
+  ACPI_BUILD_LOADER_MAX_SIZE);
 acpi_add_rom_blob(acpi_build_no_update, NULL,
   tables.rsdp,
   ACPI_BUILD_RSDP_FILE, 0);
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 380d3e3924..93cdfd4006 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -6,6 +6,7 @@
 
 /* Reserve RAM space for tables: add another order of magnitude. */
 #define ACPI_BUILD_TABLE_MAX_SIZE 0x20
+#define ACPI_BUILD_LOADER_MAX_SIZE0x4
 
 #define ACPI_BUILD_APPNAME6 "BOCHS "
 #define ACPI_BUILD_APPNAME8 "BXPC"
-- 
2.29.2

Re: block/throttle and burst bucket

[Kevin Wolf]

Am 26.02.2021 um 13:33 hat Peter Lieven geschrieben:
> Am 26.02.21 um 10:27 schrieb Alberto Garcia:
> > On Thu 25 Feb 2021 06:34:48 PM CET, Peter Lieven  wrote:
> >> I was wondering if there is a way to check from outside (qmp etc.) if
> >> a throttled block device has exceeded the iops_max_length seconds of
> >> time bursting up to iops_max and is now hard limited to the iops limit
> >> that is supplied?
> >>
> >> Would it be also a good idea to exetend the accounting to account for
> >> requests that must have waited before being sent out to the backend
> >> device?
> > No, there's no such interface as far as I'm aware. I think one problem
> > is that throttling is now done using a filter, that can be inserted
> > anywhere in the node graph, and accounting is done at the BlockBackend
> > level.
> >
> > We don't even have a query-block-throttle function. I actually started
> > to write one six years ago but it was never finished.
> 
> 
> A quick idea that came to my mind was to add an option to emit a QMP
> event if the burst_bucket is exhausted and hard limits are enforced.

Do you actually need to do something every time that it's exceeded, so
QEMU needs to be the active part sending out an event, or is it
something that you need to check in specific places and could reasonably
query on demand?

For the latter, my idea would have been adding a new read-only QOM
property to the throttle group object that exposes how much is still
left. When it becomes 0, the hard limits are enforced.

> There seems to be something wrong in the throttling code anyway.
> Throttling causes addtional i/o latency always even if the actual iops
> rate is far away from the limits and ever more far away from the burst
> limits. I will dig into this.
> 
> My wishlist:
> 
>  - have a possibility to query the throttling state.
>  - have counters for no of delayed ops and for how long they were delayed.
>  - have counters for untrottled <= 4k request performance for a backend 
> storage device.
> 
> The later two seem not trivial as you mentioned.

Do you need the information per throttle node or per throttle group? For
the latter, the same QOM property approach would work.

Kevin

Re: [PATCH v3 02/21] sd: emmc: Add support for eMMC cards

[Cédric Le Goater]

On 2/28/21 8:33 PM, Sai Pavan Boddu wrote:
> Add eMMC device built on top of SD card.
> 
> Signed-off-by: Sai Pavan Boddu 
> ---
>  include/hw/sd/sd.h |  2 ++
>  hw/sd/sd.c | 20 
>  2 files changed, 22 insertions(+)
> 
> diff --git a/include/hw/sd/sd.h b/include/hw/sd/sd.h
> index 05ef9b7..b402dad 100644
> --- a/include/hw/sd/sd.h
> +++ b/include/hw/sd/sd.h
> @@ -90,6 +90,8 @@ typedef struct {
>  } SDRequest;
>  
>  
> +#define TYPE_EMMC "emmc"
> +OBJECT_DECLARE_SIMPLE_TYPE(EMMCState, EMMC)
>  #define TYPE_SD_CARD "sd-card"
>  OBJECT_DECLARE_TYPE(SDState, SDCardClass, SD_CARD)
>  
> diff --git a/hw/sd/sd.c b/hw/sd/sd.c
> index 74b9162..a23af6d 100644
> --- a/hw/sd/sd.c
> +++ b/hw/sd/sd.c
> @@ -108,6 +108,7 @@ struct SDState {
>  uint8_t spec_version;
>  BlockBackend *blk;
>  bool spi;
> +bool emmc;
>  
>  /* Runtime changeables */
>  
> @@ -143,6 +144,10 @@ struct SDState {
>  bool cmd_line;
>  };
>  
> +struct EMMCState {
> +SDState parent;
> +};
> +
>  static void sd_realize(DeviceState *dev, Error **errp);
>  
>  static const char *sd_state_name(enum SDCardStates state)
> @@ -2105,6 +2110,13 @@ static void sd_instance_init(Object *obj)
>  sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, 
> sd);
>  }
>  
> +static void emmc_instance_init(Object *obj)
> +{
> +SDState *sd = SD_CARD(obj);
> +
> +sd->emmc = true;
> +}
I think field 'emmc' would fit better in SDCardClass since it is a device 
constant. You should not need 'struct EMMCState'. So something like below.
Then you can add handlers for specific emmc commands.

Thanks,

C.


diff --git a/include/hw/sd/sd.h b/include/hw/sd/sd.h
index 47360ba4ee98..80e7cd526a57 100644
--- a/include/hw/sd/sd.h
+++ b/include/hw/sd/sd.h
@@ -93,6 +93,8 @@ typedef struct {
 #define TYPE_SD_CARD "sd-card"
 OBJECT_DECLARE_TYPE(SDState, SDCardClass, SD_CARD)
 
+#define TYPE_EMMC "emmc"
+
 struct SDCardClass {
 /*< private >*/
 DeviceClass parent_class;
@@ -124,6 +126,8 @@ struct SDCardClass {
 void (*enable)(SDState *sd, bool enable);
 bool (*get_inserted)(SDState *sd);
 bool (*get_readonly)(SDState *sd);
+
+bool emmc;
 };
 
 #define TYPE_SD_BUS "sd-bus"
diff --git a/hw/sd/sd.c b/hw/sd/sd.c
index 660026f2a667..95608f11b36e 100644
--- a/hw/sd/sd.c
+++ b/hw/sd/sd.c
@@ -2447,9 +2447,24 @@ static const TypeInfo sd_info = {
 .instance_finalize = sd_instance_finalize,
 };
 
+static void emmc_class_init(ObjectClass *klass, void *data)
+{
+SDCardClass *sc = SD_CARD_CLASS(klass);
+
+sc->emmc = true;
+}
+
+static const TypeInfo emmc_info = {
+.name = TYPE_EMMC,
+.parent = TYPE_SD_CARD,
+.instance_size = sizeof(SDState),
+.class_init = emmc_class_init,
+};
+
 static void sd_register_types(void)
 {
 type_register_static(&sd_info);
+type_register_static(&emmc_info);
 }
 
 type_init(sd_register_types)

Re: [PATCH v3 04/21] sd: emmc: update OCR fields for eMMC

[Cédric Le Goater]

On 2/28/21 8:33 PM, Sai Pavan Boddu wrote:
> From: Vincent Palatin 
> 
> eMMC OCR register doesn't has UHS-II field and voltage fields are
> different.
> 
> Signed-off-by: Vincent Palatin 
> Signed-off-by: Sai Pavan Boddu 
> ---
>  hw/sd/sd.c | 27 ---
>  1 file changed, 24 insertions(+), 3 deletions(-)
> 
> diff --git a/hw/sd/sd.c b/hw/sd/sd.c
> index 6de414b..bc9d913 100644
> --- a/hw/sd/sd.c
> +++ b/hw/sd/sd.c
> @@ -287,6 +287,15 @@ FIELD(OCR, UHS_II_CARD,29,  1) /* Only 
> UHS-II */
>  FIELD(OCR, CARD_CAPACITY,  30,  1) /* 0:SDSC, 1:SDHC/SDXC */
>  FIELD(OCR, CARD_POWER_UP,  31,  1)
>  
> +/*
> + * eMMC OCR register
> + */
> +FIELD(EMMC_OCR, VDD_WINDOW_0,  7, 1)
> +FIELD(EMMC_OCR, VDD_WINDOW_1,  8, 7)
> +FIELD(EMMC_OCR, VDD_WINDOW_2, 15, 9)
> +FIELD(EMMC_OCR, ACCESS_MODE,  29, 2)
> +FIELD(EMMC_OCR, POWER_UP, 31, 1)
> +
>  #define ACMD41_ENQUIRY_MASK 0x00ff
>  #define ACMD41_R3_MASK  (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \
> | R_OCR_ACCEPT_SWITCH_1V8_MASK \
> @@ -296,8 +305,16 @@ FIELD(OCR, CARD_POWER_UP,  31,  1)
>  
>  static void sd_set_ocr(SDState *sd)
>  {
> -/* All voltages OK */
> -sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK;
> +if (sd->emmc) {
> +/*
> + * Dual Voltage eMMC card
> + */
> +sd->ocr = R_EMMC_OCR_VDD_WINDOW_0_MASK |
> +  R_EMMC_OCR_VDD_WINDOW_2_MASK;
> +} else {
> +/* All voltages OK */
> +sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK;

'ocr' is a constant that could be in SDCardClass 

> +}
>  }
>  
>  static void sd_ocr_powerup(void *opaque)
> @@ -525,7 +542,11 @@ static void sd_response_r1_make(SDState *sd, uint8_t 
> *response)
>  
>  static void sd_response_r3_make(SDState *sd, uint8_t *response)
>  {
> -stl_be_p(response, sd->ocr & ACMD41_R3_MASK);
> +if (sd->emmc) {
> +stl_be_p(response, sd->ocr);
> +} else {
> +stl_be_p(response, sd->ocr & ACMD41_R3_MASK);
> +}
>  }
>  
>  static void sd_response_r6_make(SDState *sd, uint8_t *response)
> 

Re: [virtio-dev] [VHOST USER SPEC PATCH] vhost-user.rst: add clarifying language about protocol negotiation

[Stefan Hajnoczi]

On Fri, Feb 26, 2021 at 11:16:19AM +, Alex Bennée wrote:
> In practice the protocol negotiation between vhost master and slave
> occurs before the final feature negotiation between backend and
> frontend. This has lead to an inconsistency between the rust-vmm vhost
> implementation and the libvhost-user library in their approaches to
> checking if all the requirements for REPLY_ACK processing were met.
> As this is purely a function of the protocol negotiation and not of
> interest to the frontend lets make the language clearer about the
> requirements for a successfully negotiated protocol feature.
> 
> Signed-off-by: Alex Bennée 
> Cc: Jiang Liu 
> ---
>  docs/interop/vhost-user.rst | 14 --
>  1 file changed, 12 insertions(+), 2 deletions(-)

I had difficulty understanding this change and its purpose. I think it's
emphasizing what the spec already says: VHOST_USER_SET_PROTOCOL_FEATURES
can be sent after VHOST_USER_F_PROTOCOL_FEATURES was reported by
VHOST_USER_GET_FEATURES.

BTW Paolo has just sent a patch here to use the terms "frontend" and
"backend" with different meanings from how you are using them:
https://lists.nongnu.org/archive/html/qemu-devel/2021-02/msg08347.html

> diff --git a/docs/interop/vhost-user.rst b/docs/interop/vhost-user.rst
> index d6085f7045..3ac221a8c7 100644
> --- a/docs/interop/vhost-user.rst
> +++ b/docs/interop/vhost-user.rst
> @@ -301,12 +301,22 @@ If *slave* detects some error such as incompatible 
> features, it may also
>  close the connection. This should only happen in exceptional circumstances.
>  
>  Any protocol extensions are gated by protocol feature bits, which
> -allows full backwards compatibility on both master and slave.  As
> -older slaves don't support negotiating protocol features, a feature
> +allows full backwards compatibility on both master and slave. As older
> +slaves don't support negotiating protocol features, a device feature
>  bit was dedicated for this purpose::
>  
>#define VHOST_USER_F_PROTOCOL_FEATURES 30
>  
> +However as the protocol negotiation something that only occurs between

Missing "is". Shortening the sentence fixes that without losing clarity:
s/something that/negotiation/

> +parts of the backend implementation it is permissible to for the master

"vhost-user device backend" is often used to refer to the slave (to
avoid saying the word "slave") but "backend" is being used in a
different sense here. That is confusing.

> +to mask the feature bit from the guest.

I think this sentence effectively says "the master MAY mask the
VHOST_USER_F_PROTOCOL_FEATURES bit from the VIRTIO feature bits". That
is not really accurate since VIRTIO devices do not advertise this
feature bit and so it can never be negotiated through the VIRTIO feature
negotiation process.

How about referring to the details from the VIRTIO 1.1 specification
instead. Something like this:

  Note that VHOST_USER_F_PROTOCOL_FEATURES is the UNUSED (30) feature
  bit defined in `VIRTIO 1.1 6.3 Legacy Interface: Reserved Feature Bits
  
`_.
  VIRTIO devices do not advertise this feature bit and therefore VIRTIO
  drivers cannot negotiate it.

  This reserved feature bit was reused by the vhost-user protocol to add
  vhost-user protocol feature negotiation in a backwards compatible
  fashion. Old vhost-user master and slave implementations continue to
  work even though they are not aware of vhost-user protocol feature
  negotiation.

> As noted for the
> +``VHOST_USER_GET_PROTOCOL_FEATURES`` and
> +``VHOST_USER_SET_PROTOCOL_FEATURES`` messages this occurs before a
> +final ``VHOST_USER_SET_FEATURES`` comes from the guest.

I couldn't find any place where vhost-user.rst states that
VHOST_USER_SET_PROTOCOL_FEATURES has to come before
VHOST_USER_SET_FEATURES?

The only order I found was:

1. VHOST_USER_GET_FEATURES to determine whether protocol features are
   supported.
2. VHOST_USER_GET_PROTOCOL_FEATURES to fetch available protocol feature bits.
3. VHOST_USER_SET_PROTOCOL_FEATURES to set protocol feature bits.
4. Using functionality that depends on enabled protocol feature bits.

Is the purpose of this sentence to add a new requirement to the spec
that "VHOST_USER_SET_PROTOCOL_FEATURES MUST be sent before
VHOST_USER_SET_FEATURES"?

> So the
> +enabling of protocol features need only require the advertising of the
> +feature by the slave and the successful get/set protocol features
> +sequence.

"the feature" == VHOST_USER_F_PROTOCOL_FEATURES?

Stefan


signature.asc
Description: PGP signature

Re: [PATCH] linux-user: manage binfmt-misc preserve-arg[0] flag

[John Paul Adrian Glaubitz]

On 3/1/21 11:40 AM, Michael Tokarev wrote:
> 01.03.2021 13:35, John Paul Adrian Glaubitz wrote:
> ..
>> I have been trying to get qemu-user working with sbuild as it is shipped in 
>> Debian
>> unstable now but I didn't have any success.
>>
>> Do you have some instructions somewhere how to get qemu-user working with 
>> sbuild?
> 
> Have you seen #983087 which I fixed yesterday?

Thanks, but it doesn't help, unfortunately.

Do I need to use qemu-user-static or qemu-user-binfmt?

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Re: [RFC PATCH v2 3/4] block: Support multiple reopening with x-blockdev-reopen

[Kevin Wolf]

Am 25.02.2021 um 18:02 hat Vladimir Sementsov-Ogievskiy geschrieben:
> 24.02.2021 15:33, Kevin Wolf wrote:
> > Am 09.02.2021 um 09:03 hat Vladimir Sementsov-Ogievskiy geschrieben:
> > > 08.02.2021 21:44, Alberto Garcia wrote:
> > > > Signed-off-by: Alberto Garcia 
> > > > ---
> > > >qapi/block-core.json   |  2 +-
> > > >include/block/block.h  |  1 +
> > > >block.c| 16 +--
> > > >blockdev.c | 85 
> > > > +-
> > > >tests/qemu-iotests/155 |  9 ++--
> > > >tests/qemu-iotests/165 |  4 +-
> > > >tests/qemu-iotests/245 | 27 +++-
> > > >tests/qemu-iotests/248 |  2 +-
> > > >tests/qemu-iotests/248.out |  2 +-
> > > >tests/qemu-iotests/298 |  4 +-
> > > >10 files changed, 89 insertions(+), 63 deletions(-)
> > > > 
> > > > diff --git a/qapi/block-core.json b/qapi/block-core.json
> > > > index c0e7c23331..b9fcf20a81 100644
> > > > --- a/qapi/block-core.json
> > > > +++ b/qapi/block-core.json
> > > > @@ -4177,7 +4177,7 @@
> > > ># Since: 4.0
> > > >##
> > > >{ 'command': 'x-blockdev-reopen',
> > > > -  'data': 'BlockdevOptions', 'boxed': true }
> > > > +  'data': { 'options': ['BlockdevOptions'] } }
> > > 
> > > Do we also want to drop x- prefix?
> > 
> > libvirt really wants to have a stable blockdev-reopen interface in 6.0
> > because enabling the incremental backup code depends on this (they just
> > toggle the readonly flag if I understand correctly, so most of the work
> > we're currently doing isn't even relevant at this moment for libvirt).
> 
> Do you know what is the case exactly? If they do it to remove dirty bitmap
> from backing image after snapshot operation, probably we'd better improve
> block-dirty-bitmap-remove command to be able to reopen r-o image?
> 
> (I just recently faced such a task)

I think it was to switch nodes between read-only and read-write, but I
don't remember the exact context.

Peter, can you add the details?

> > Given that the soft freeze is coming closer (March 16), I wonder if we
> > should just make this API change and declare the interface stable. We
> > can then make Vladimir's fixes and the file reopening on top of it - if
> > it's in time for 6.0, that would be good, but if not we could move it to
> > 6.1 without impacting libvirt.
> > 
> > I think we're reasonable confident that the QAPI interfaces are right,
> > even if maybe not that all aspects of the implementation are right yet.
> > 
> > What do you think?
> 
> I think it's OK.. We have it since 4.0. What will we win keeping -x
> for years? Even latest change from updating one device to several
> could be easily done with help of 'alternate' if the command was
> already stable.

I think your series is kind of important to really call the
implementation stable. We can always feature flags to indicate the fixes
if necessary, but it would still feel better to declare something stable
that doesn't have known bugs. :-)

Do you think your series will still take a while? Maybe my first
comments sounded a bit negative because it was really hard to review at
first without knowing the final state, but after all I think the
approach is sane and apart from some implementation details, we're not
that far away from getting it into a mergable state.

Kevin

Re: [PATCH v3 05/21] sd: emmc: Add support for EXT_CSD & CSD for eMMC

[Cédric Le Goater]

On 2/28/21 8:33 PM, Sai Pavan Boddu wrote:
> From: Vincent Palatin 
> 
> eMMC CSD is similar to SD with an option to refer EXT_CSD for larger
> devices.
> 
> Signed-off-by: Vincent Palatin 
> [clg: Add user friendly macros for EXT_CSD register]
> Signed-off-by: Cédric Le Goater 
> [spb: updated commit message]
> Signed-off-by: Sai Pavan Boddu 
> ---
>  hw/sd/sdmmc-internal.h | 97 
> ++
>  hw/sd/sd.c | 61 +--
>  2 files changed, 156 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/sd/sdmmc-internal.h b/hw/sd/sdmmc-internal.h
> index d8bf17d..7ab7b4d 100644
> --- a/hw/sd/sdmmc-internal.h
> +++ b/hw/sd/sdmmc-internal.h
> @@ -37,4 +37,101 @@ const char *sd_cmd_name(uint8_t cmd);
>   */
>  const char *sd_acmd_name(uint8_t cmd);
>  
> +/*
> + * EXT_CSD fields
> + */
> +
> +#define EXT_CSD_CMDQ_MODE_EN15  /* R/W */
> +#define EXT_CSD_FLUSH_CACHE   32  /* W */
> +#define EXT_CSD_CACHE_CTRL33  /* R/W */
> +#define EXT_CSD_POWER_OFF_NOTIFICATION  34  /* R/W */
> +#define EXT_CSD_PACKED_FAILURE_INDEX  35  /* RO */
> +#define EXT_CSD_PACKED_CMD_STATUS 36  /* RO */
> +#define EXT_CSD_EXP_EVENTS_STATUS 54  /* RO, 2 bytes */
> +#define EXT_CSD_EXP_EVENTS_CTRL   56  /* R/W, 2 bytes */
> +#define EXT_CSD_DATA_SECTOR_SIZE  61  /* R */
> +#define EXT_CSD_GP_SIZE_MULT143 /* R/W */
> +#define EXT_CSD_PARTITION_SETTING_COMPLETED 155 /* R/W */
> +#define EXT_CSD_PARTITION_ATTRIBUTE 156 /* R/W */
> +#define EXT_CSD_PARTITION_SUPPORT 160 /* RO */
> +#define EXT_CSD_HPI_MGMT161 /* R/W */
> +#define EXT_CSD_RST_N_FUNCTION162 /* R/W */
> +#define EXT_CSD_BKOPS_EN163 /* R/W */
> +#define EXT_CSD_BKOPS_START   164 /* W */
> +#define EXT_CSD_SANITIZE_START165 /* W */
> +#define EXT_CSD_WR_REL_PARAM166 /* RO */
> +#define EXT_CSD_RPMB_MULT   168 /* RO */
> +#define EXT_CSD_FW_CONFIG   169 /* R/W */
> +#define EXT_CSD_BOOT_WP 173 /* R/W */
> +#define EXT_CSD_ERASE_GROUP_DEF   175 /* R/W */
> +#define EXT_CSD_PART_CONFIG   179 /* R/W */
> +#define EXT_CSD_ERASED_MEM_CONT   181 /* RO */
> +#define EXT_CSD_BUS_WIDTH   183 /* R/W */
> +#define EXT_CSD_STROBE_SUPPORT184 /* RO */
> +#define EXT_CSD_HS_TIMING   185 /* R/W */
> +#define EXT_CSD_POWER_CLASS   187 /* R/W */
> +#define EXT_CSD_REV 192 /* RO */
> +#define EXT_CSD_STRUCTURE   194 /* RO */
> +#define EXT_CSD_CARD_TYPE   196 /* RO */
> +#define EXT_CSD_DRIVER_STRENGTH   197 /* RO */
> +#define EXT_CSD_OUT_OF_INTERRUPT_TIME 198 /* RO */
> +#define EXT_CSD_PART_SWITCH_TIME199 /* RO */
> +#define EXT_CSD_PWR_CL_52_195   200 /* RO */
> +#define EXT_CSD_PWR_CL_26_195   201 /* RO */
> +#define EXT_CSD_PWR_CL_52_360   202 /* RO */
> +#define EXT_CSD_PWR_CL_26_360   203 /* RO */
> +#define EXT_CSD_SEC_CNT 212 /* RO, 4 bytes */
> +#define EXT_CSD_S_A_TIMEOUT   217 /* RO */
> +#define EXT_CSD_S_C_VCCQ  219 /* RO */
> +#define EXT_CSD_S_C_VCC 220 /* RO */
> +#define EXT_CSD_REL_WR_SEC_C222 /* RO */
> +#define EXT_CSD_HC_WP_GRP_SIZE221 /* RO */
> +#define EXT_CSD_ERASE_TIMEOUT_MULT  223 /* RO */
> +#define EXT_CSD_HC_ERASE_GRP_SIZE 224 /* RO */
> +#define EXT_CSD_ACC_SIZE225 /* RO */
> +#define EXT_CSD_BOOT_MULT   226 /* RO */
> +#define EXT_CSD_BOOT_INFO   228 /* RO */
> +#define EXT_CSD_SEC_TRIM_MULT   229 /* RO */
> +#define EXT_CSD_SEC_ERASE_MULT230 /* RO */
> +#define EXT_CSD_SEC_FEATURE_SUPPORT 231 /* RO */
> +#define EXT_CSD_TRIM_MULT   232 /* RO */
> +#define EXT_CSD_PWR_CL_200_195236 /* RO */
> +#define EXT_CSD_PWR_CL_200_360237 /* RO */
> +#define EXT_CSD_PWR_CL_DDR_52_195 238 /* RO */
> +#define EXT_CSD_PWR_CL_DDR_52_360 239 /* RO */
> +#define EXT_CSD_BKOPS_STATUS246 /* RO */
> +#define EXT_CSD_POWER_OFF_LONG_TIME 247 /* RO */
> +#define EXT_CSD_GENERIC_CMD6_TIME 248 /* RO */
> +#define EXT_CSD_CACHE_SIZE249 /* RO, 4 bytes */
> +#define EXT_CSD_PWR_CL_DDR_200_360  253 /* RO */
> +#define EXT_CSD_FIRMWARE_VERSION  254 /* RO, 8 bytes */
> +#define EXT_CSD_PRE_EOL_INFO267 /* RO */
> +#define EXT_CSD_DEVICE_LIFE_TIME_EST_TYP_A  268 /* RO */
> +#define EXT_CSD_DEVICE_LIFE_TIME_EST_TYP_B  269 /* RO */
> +#define EXT_CSD_CMDQ_DEPTH307 /* RO */
> +#define EXT_CSD_CMDQ_SUPPORT308 /* RO */
> +#define EXT_CSD_SUPPORTED_MODE493 /* RO */
> +#define EXT_CSD_TAG_UNIT_SIZE   498 /* RO */
> +#define EXT_CSD_DATA_TAG_SUPPORT  499 /* RO */
> +#define EXT_CSD_MAX_PACKED_WRITES 500 /* RO */
> +#define EXT_CSD_MAX_PACKED_READS  501 /* RO */
> +#define EXT_CSD_BKOPS_SUPPORT   502 /* RO */
> +#define EXT_CSD_HPI_FEATURES503 /* RO */
> +#define EXT_CSD_S_CMD_SET   504 /* RO */
> +
> +/*
> + * EXT_CSD field definitions
> + */
> +
> +#define EXT_CSD_WR_REL_PARAM_EN   (1 << 2)
> +#define EXT_CSD_WR_REL_PARAM_EN_RPMB_REL_WR (1 << 4)
> +
> +#define EXT_CSD_PART_CONFIG_ACC_MASK  (0x7)
> +#define EXT_CSD_PART_CONFIG_ACC_DEFAULT (0x0)
> +#define EXT_CSD_PART_CONFIG_ACC_BOOT0 (0

Re: [PATCH 00/14] deprecations: remove many old deprecations

[Kevin Wolf]

Am 25.02.2021 um 18:32 hat Jim Fehlig geschrieben:
> Adding xen-devel and Ian to cc.
> 
> On 2/24/21 6:11 AM, Daniel P. Berrangé wrote:
> > The following features have been deprecated for well over the 2
> > release cycle we promise
> 
> This reminded me of a bug report we received late last year when updating to
> 5.2.0. 'virsh setvcpus' suddenly stopped working for Xen HVM guests. Turns
> out libxl uses cpu-add under the covers.
> 
> > 
> >``-usbdevice`` (since 2.10.0)
> >``-drive file=3Djson:{...{'driver':'file'}}`` (since 3.0)
> >``-vnc acl`` (since 4.0.0)
> >``-mon ...,control=3Dreadline,pretty=3Don|off`` (since 4.1)
> >``migrate_set_downtime`` and ``migrate_set_speed`` (since 2.8.0)
> >``query-named-block-nodes`` result ``encryption_key_missing`` (since 
> > 2.10.0)
> >``query-block`` result ``inserted.encryption_key_missing`` (since 2.10.0)
> >``migrate-set-cache-size`` and ``query-migrate-cache-size`` (since 
> > 2.11.0)
> >``query-named-block-nodes`` and ``query-block`` result 
> > dirty-bitmaps[i].sta=
> > tus (ince 4.0)
> >``query-cpus`` (since 2.12.0)
> >``query-cpus-fast`` ``arch`` output member (since 3.0.0)
> >``query-events`` (since 4.0)
> >chardev client socket with ``wait`` option (since 4.0)
> >``acl_show``, ``acl_reset``, ``acl_policy``, ``acl_add``, ``acl_remove`` 
> > (s=
> > ince 4.0.0)
> >``ide-drive`` (since 4.2)
> >``scsi-disk`` (since 4.2)
> > 
> > AFAICT, libvirt has ceased to use all of these too.
> 
> A quick grep of the libxl code shows it uses -usbdevice, query-cpus, and 
> scsi-disk.
> 
> > There are many more similarly old deprecations not (yet) tackled.
> 
> The Xen tools maintainers will need to be more vigilant of the deprecations.
> I don't follow Xen development close enough to know if this topic has
> already been discussed.

MAINTAINERS has a section for "Incompatible changes" that covers
docs/system/deprecated.rst. Maybe if the Xen maintainers are interested
in that, we could add another list or individual people there so they
would see patches that deprecate something?

But either way, it would probably be useful to check the full
deprecation list rather than just what we're going to remove right now.

Kevin

Re: [PATCH v2 5/5] hw/block/nvme: report non-mdts command size limit for dsm

[Klaus Jensen]

On Feb 22 22:12, Klaus Jensen wrote:
> On Feb 23 05:55, Keith Busch wrote:
> > On Mon, Feb 22, 2021 at 07:47:59PM +0100, Klaus Jensen wrote:
> > > +typedef struct NvmeIdCtrlNvm {
> > > +uint8_t vsl;
> > > +uint8_t wzsl;
> > > +uint8_t wusl;
> > > +uint8_t dmrl;
> > > +uint32_tdmrsl;
> > > +uint64_tdmsl;
> > > +uint8_t rsvd16[4080];
> > > +} NvmeIdCtrlNvm;
> > 
> > TP 4040a still displays these fields with preceding '...' indicating
> > something comes before this. Is that just left-over from the integration
> > for TBD offsets, or is there something that still hasn't been accounted
> > for?
> 
> Good question.
> 
> But since the TBDs have been assigned I believe it is just a left-over.
> I must admit that I have not cross checked this with all other TPs, but
> AFAIK this is the only ratified TP that adds something to the
> NVM-specific identify controller data structure.

Are you otherwise OK with this?


signature.asc
Description: PGP signature

[PATCH] KVM: x86: do not fail if software breakpoint has already been removed

[Paolo Bonzini]

If kvm_arch_remove_sw_breakpoint finds that a software breakpoint does not
have an INT3 instruction, it fails.  This can happen if one sets a
software breakpoint in a kernel module and then reloads it.  gdb then
thinks the breakpoint cannot be deleted and there is no way to add it
back.

Suggested-by: Maxim Levitsky 
Signed-off-by: Paolo Bonzini 
---
 target/i386/kvm/kvm.c | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 0b5755e42b..c8d61daf68 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -4352,8 +4352,13 @@ int kvm_arch_remove_sw_breakpoint(CPUState *cs, struct 
kvm_sw_breakpoint *bp)
 {
 uint8_t int3;
 
-if (cpu_memory_rw_debug(cs, bp->pc, &int3, 1, 0) || int3 != 0xcc ||
-cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn, 1, 1)) {
+if (cpu_memory_rw_debug(cs, bp->pc, &int3, 1, 0)) {
+return -EINVAL;
+}
+if (int3 != 0xcc) {
+return 0;
+}
+if (cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn, 1, 1)) {
 return -EINVAL;
 }
 return 0;
-- 
2.29.2

Re: [PATCH] linux-user: manage binfmt-misc preserve-arg[0] flag

[Michael Tokarev]

01.03.2021 14:07, John Paul Adrian Glaubitz wrote:

On 3/1/21 11:40 AM, Michael Tokarev wrote:

01.03.2021 13:35, John Paul Adrian Glaubitz wrote:
..

I have been trying to get qemu-user working with sbuild as it is shipped in 
Debian
unstable now but I didn't have any success.

Do you have some instructions somewhere how to get qemu-user working with 
sbuild?


Have you seen #983087 which I fixed yesterday?


Thanks, but it doesn't help, unfortunately.

Do I need to use qemu-user-static or qemu-user-binfmt?


Oh. You tried to use qemu-user, not qemu-user-static..
Well.

In order for it to work it should be registered with the
in-kernel binfmt-misc subsystem. qemu-user-static package
does this automatically for you, but qemu-user does not,
for that with qemu-user you'll have to additionally install
qemu-user-binfmt package.

But I guess it wont work with qemu-user even if it is registered
(by means of installing qemu-user-binfmt or manual registration
or whatever), - because regular qemu-user binaries aren't
statically linked and hence require all the shared libraries
within the chroot in order to run.

I never tried to use regular (non-static) qemu-user with
foreign chroot, and I suspect it wont work because of that
very reason, and at least extra setup is needed (like
copying appropriate /lib/ld.so and libc&glib&Co to the
chroot).

This is all about how qemu-user works, be it debian or
any other distribution, - it is basically the same.
I can only guess the wiki page you mentioned is wrong
here.

Thanks,

/mjt

[PATCH] KVM: x86: deprecate -M kernel-irqchip=off except for -M isapc

[Paolo Bonzini]

The userspace local APIC is basically untested and does not support many
features such as TSC deadline timer, x2APIC or PV spinlocks.  On the
other hand, the PIT and IOAPIC are okay as they are not tied to
the processor and are tested with -M kernel-irqchip=split.

Therefore, deprecate the local APIC and, with it, limit
-M kernel-irqchip=off to the ISA PC machine type, which does not
have a local APIC at all.

Signed-off-by: Paolo Bonzini 
---
 docs/system/deprecated.rst | 7 +++
 hw/intc/apic.c | 5 +
 2 files changed, 12 insertions(+)

diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
index 561c916da2..ae180dc887 100644
--- a/docs/system/deprecated.rst
+++ b/docs/system/deprecated.rst
@@ -153,6 +153,13 @@ The ``-writeconfig`` option is not able to serialize the 
entire contents
 of the QEMU command line.  It is thus considered a failed experiment
 and deprecated, with no current replacement.
 
+Userspace local APIC with KVM (x86, since 6.0)
+'
+
+Using ``-M kernel-irqchip=off`` with x86 machine types that include a local
+APIC is deprecated.  The ``split`` setting is supported, as is using
+``-M kernel-irqchip=off`` with the ISA PC machine type.
+
 QEMU Machine Protocol (QMP) commands
 
 
diff --git a/hw/intc/apic.c b/hw/intc/apic.c
index 3ada22f427..7e9601b89d 100644
--- a/hw/intc/apic.c
+++ b/hw/intc/apic.c
@@ -875,6 +875,11 @@ static void apic_realize(DeviceState *dev, Error **errp)
 return;
 }
 
+if (kvm_enabled()) {
+warn_report("Userspace local APIC is deprecated for KVM.");
+warn_report("Do not use kernel-irqchip except for the -M isapc machine 
type.");
+}
+
 memory_region_init_io(&s->io_memory, OBJECT(s), &apic_io_ops, s, 
"apic-msi",
   APIC_SPACE_SIZE);
 
-- 
2.29.2

Re: [PATCH] multiprocess: move feature to meson_options.txt

[Stefan Hajnoczi]

On Fri, Feb 26, 2021 at 09:50:59AM +0100, Philippe Mathieu-Daudé wrote:
> On 2/26/21 8:48 AM, Paolo Bonzini wrote:
> > On 26/02/21 00:16, Philippe Mathieu-Daudé wrote:
> >>> I personally don’t have any preference for the name.
> >> Great.
> >>
> >> So with the summary/description updated as:
> >>
> >> summary_info += {'Multiprocess QEMU (vfio-user device backends)':
> >> multiprocess_allowed}
> >>
> >> option('multiprocess', type: 'feature', value: 'auto',
> >>     description: 'Multiprocess QEMU (vfio-user device backends)
> >> support')
> >>
> >> Reviewed-by: Philippe Mathieu-Daudé
> >>
> > 
> > It's not yet vfio-user.  For now I can put "out of process device
> > emulation";
> 
> OK.
> 
> > however, if the protocol is going to change, I wonder if it
> > should be disabled by default.
> 
> Sounds safer indeed. We need to add --enable-multiprocess in CI to
> keep testing the feature.

Package maintainers tend to disable optional features explicitly, while
developers and CIs may not notice new features that are disabled by
default.

In the interest of preventing bitrot and catching failures early (before
CI!), I suggest leaving it enabled for maximum build coverage.

Stefan


signature.asc
Description: PGP signature

Re: [PATCH v2] blockjob: report a better error message

[Kevin Wolf]

Am 25.02.2021 um 11:36 hat Stefano Garzarella geschrieben:
> When a block job fails, we report strerror(-job->job.ret) error
> message, also if the job set an error object.
> Let's report a better error message using error_get_pretty(job->job.err).
> 
> If an error object was not set, strerror(-job->ret) is used as fallback,
> as explained in include/qemu/job.h:
> 
> typedef struct Job {
> ...
> /**
>  * Error object for a failed job.
>  * If job->ret is nonzero and an error object was not set, it will be set
>  * to strerror(-job->ret) during job_completed.
>  */
> Error *err;
> }
> 
> In block_job_query() there can be a transient where 'job.err' is not set
> by a scheduled bottom half. In that case we use strerror(-job->ret) as it
> was before.
> 
> Suggested-by: Kevin Wolf 
> Signed-off-by: Stefano Garzarella 

Thanks, applied to the block branch.

Kevin

[RFC PATCH] docs/system: add a gentle prompt for the complexity to come

[Alex Bennée]

We all know the QEMU command line can become a fiendishly complex
beast. Lets gently prepare our user for the horrors to come by
referencing where other example command lines can be found in the
manual.

Signed-off-by: Alex Bennée 
---
 docs/system/quickstart.rst | 8 
 docs/system/targets.rst| 2 ++
 2 files changed, 10 insertions(+)

diff --git a/docs/system/quickstart.rst b/docs/system/quickstart.rst
index 3a3acab5e7..3498c5a29f 100644
--- a/docs/system/quickstart.rst
+++ b/docs/system/quickstart.rst
@@ -11,3 +11,11 @@ Download and uncompress a PC hard disk image with Linux 
installed (e.g.
|qemu_system| linux.img
 
 Linux should boot and give you a prompt.
+
+Users should be aware the above example elides a lot of the complexity
+of setting up a VM with x86_64 specific defaults and an assumption the
+first non switch argument is a PC compatible disk image with a boot
+sector. For non-x86 system where we emulate a broad range of machine
+types the command lines are generally more explicit in defining the
+machine and boot behaviour. You will find more example command lines
+in the :ref:`system-targets-ref` section of the manual.
diff --git a/docs/system/targets.rst b/docs/system/targets.rst
index 560783644d..145cc64551 100644
--- a/docs/system/targets.rst
+++ b/docs/system/targets.rst
@@ -1,3 +1,5 @@
+.. _system-targets-ref:
+
 QEMU System Emulator Targets
 
 
-- 
2.20.1

Re: [PATCH 1/3] docs: vhost-user: clean up request/reply description

[Alex Bennée]

Paolo Bonzini  writes:

> It is not necessary to mention which side is sending/receiving
> each payload; it is more interesting to say which is the request
> and which is the reply.  This also matches what vhost-user-gpu.rst
> already does.
>
> While at it, ensure that all messages list both the request and
> the reply payload.
>
> Signed-off-by: Paolo Bonzini 

>  
>When the ``VHOST_USER_PROTOCOL_F_STATUS`` protocol feature has been
>successfully negotiated, this message is submitted by the master to
> @@ -1351,11 +1375,14 @@ Master message types
>  Slave message types
>  ---
>  
> +For this type of message, the request is sent by the slave and the reply
> +is sent by the master.
> +

It may be worth pointing out this language will be changed in a follow
up patch in the commit.

Otherwise:

Reviewed-by: Alex Bennée 

-- 
Alex Bennée

Re: [PATCH] linux-user: manage binfmt-misc preserve-arg[0] flag

[John Paul Adrian Glaubitz]

On 3/1/21 12:16 PM, Michael Tokarev wrote:
> Oh. You tried to use qemu-user, not qemu-user-static..
> Well.

I tried both packages. I also tried systemd-binfmt and binfmt-support,
neither worked.

> This is all about how qemu-user works, be it debian or
> any other distribution, - it is basically the same.
> I can only guess the wiki page you mentioned is wrong
> here.

There isn't really much in the wiki besides installing qemu-user-static.

I was, however, able to fix it by recreating the chroot.

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

[PATCH v2] hw/nvme: move nvme emulation out of hw/block

[Klaus Jensen]

From: Klaus Jensen 

With the introduction of the nvme-subsystem device we are really
cluttering up the hw/block directory.

As suggested by Philippe previously, move the nvme emulation to
hw/nvme.

Suggested-by: Philippe Mathieu-Daudé 
Signed-off-by: Klaus Jensen 
---
v2:
  * rebased on nvme-next
  * got rid of the second patch (Minwoo)

 meson.build   |   1 +
 hw/block/nvme-ns.h| 193 -
 hw/block/nvme-subsys.h|  32 
 hw/{block => nvme}/nvme.h | 198 +-
 hw/nvme/trace.h   |   1 +
 hw/{block/nvme.c => nvme/ctrl.c}  |   1 -
 hw/{block/nvme-ns.c => nvme/ns.c} |   1 -
 hw/{block/nvme-subsys.c => nvme/subsys.c} |   2 +-
 MAINTAINERS   |   2 +-
 hw/Kconfig|   1 +
 hw/block/Kconfig  |   5 -
 hw/block/meson.build  |   1 -
 hw/block/trace-events | 182 
 hw/meson.build|   1 +
 hw/nvme/Kconfig   |   4 +
 hw/nvme/meson.build   |   1 +
 hw/nvme/trace-events  | 180 
 17 files changed, 387 insertions(+), 419 deletions(-)
 delete mode 100644 hw/block/nvme-ns.h
 delete mode 100644 hw/block/nvme-subsys.h
 rename hw/{block => nvme}/nvme.h (55%)
 create mode 100644 hw/nvme/trace.h
 rename hw/{block/nvme.c => nvme/ctrl.c} (99%)
 rename hw/{block/nvme-ns.c => nvme/ns.c} (99%)
 rename hw/{block/nvme-subsys.c => nvme/subsys.c} (98%)
 create mode 100644 hw/nvme/Kconfig
 create mode 100644 hw/nvme/meson.build
 create mode 100644 hw/nvme/trace-events

diff --git a/meson.build b/meson.build
index a923f249d89e..59507b125cfe 100644
--- a/meson.build
+++ b/meson.build
@@ -1793,6 +1793,7 @@ if have_system
 'hw/misc/macio',
 'hw/net',
 'hw/net/can',
+'hw/nvme',
 'hw/nvram',
 'hw/pci',
 'hw/pci-host',
diff --git a/hw/block/nvme-ns.h b/hw/block/nvme-ns.h
deleted file mode 100644
index 7af6884862b5..
--- a/hw/block/nvme-ns.h
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * QEMU NVM Express Virtual Namespace
- *
- * Copyright (c) 2019 CNEX Labs
- * Copyright (c) 2020 Samsung Electronics
- *
- * Authors:
- *  Klaus Jensen  
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See the
- * COPYING file in the top-level directory.
- *
- */
-
-#ifndef NVME_NS_H
-#define NVME_NS_H
-
-#define TYPE_NVME_NS "nvme-ns"
-#define NVME_NS(obj) \
-OBJECT_CHECK(NvmeNamespace, (obj), TYPE_NVME_NS)
-
-typedef struct NvmeZone {
-NvmeZoneDescr   d;
-uint64_tw_ptr;
-QTAILQ_ENTRY(NvmeZone) entry;
-} NvmeZone;
-
-typedef struct NvmeNamespaceParams {
-uint32_t nsid;
-QemuUUID uuid;
-
-uint16_t mssrl;
-uint32_t mcl;
-uint8_t  msrc;
-
-bool zoned;
-bool cross_zone_read;
-uint64_t zone_size_bs;
-uint64_t zone_cap_bs;
-uint32_t max_active_zones;
-uint32_t max_open_zones;
-uint32_t zd_extension_size;
-} NvmeNamespaceParams;
-
-typedef struct NvmeNamespace {
-DeviceState  parent_obj;
-BlockConfblkconf;
-int32_t  bootindex;
-int64_t  size;
-NvmeIdNs id_ns;
-const uint32_t *iocs;
-uint8_t  csi;
-
-NvmeSubsystem   *subsys;
-
-NvmeIdNsZoned   *id_ns_zoned;
-NvmeZone*zone_array;
-QTAILQ_HEAD(, NvmeZone) exp_open_zones;
-QTAILQ_HEAD(, NvmeZone) imp_open_zones;
-QTAILQ_HEAD(, NvmeZone) closed_zones;
-QTAILQ_HEAD(, NvmeZone) full_zones;
-uint32_tnum_zones;
-uint64_tzone_size;
-uint64_tzone_capacity;
-uint32_tzone_size_log2;
-uint8_t *zd_extensions;
-int32_t nr_open_zones;
-int32_t nr_active_zones;
-
-NvmeNamespaceParams params;
-
-struct {
-uint32_t err_rec;
-} features;
-} NvmeNamespace;
-
-static inline uint32_t nvme_nsid(NvmeNamespace *ns)
-{
-if (ns) {
-return ns->params.nsid;
-}
-
-return -1;
-}
-
-static inline bool nvme_ns_shared(NvmeNamespace *ns)
-{
-return !!ns->subsys;
-}
-
-static inline NvmeLBAF *nvme_ns_lbaf(NvmeNamespace *ns)
-{
-NvmeIdNs *id_ns = &ns->id_ns;
-return &id_ns->lbaf[NVME_ID_NS_FLBAS_INDEX(id_ns->flbas)];
-}
-
-static inline uint8_t nvme_ns_lbads(NvmeNamespace *ns)
-{
-return nvme_ns_lbaf(ns)->ds;
-}
-
-/* calculate the number of LBAs that the namespace can accomodate */
-static inline uint64_t nvme_ns_nlbas(NvmeNamespace *ns)
-{
-return ns->size >> nvme_ns_lbads(ns);
-}
-
-/* convert an LBA to the equivalent in bytes */
-static inline size_t nvme_l2b(NvmeNamespace *ns, uint64_t lba)
-{
-return lba << nvme_ns_lbads(ns);
-}
-
-typedef struct NvmeCtrl NvmeCtrl;
-
-static inline NvmeZoneState nvme_get_zone_state(NvmeZone *zone)
-{
-return zone->d.zs >> 4;
-}
-
-static inli

Re: [PATCH v2] hw/nvme: move nvme emulation out of hw/block

[Klaus Jensen]

On Mar  1 12:35, Klaus Jensen wrote:
> From: Klaus Jensen 
> 
> With the introduction of the nvme-subsystem device we are really
> cluttering up the hw/block directory.
> 
> As suggested by Philippe previously, move the nvme emulation to
> hw/nvme.
> 
> Suggested-by: Philippe Mathieu-Daudé 
> Signed-off-by: Klaus Jensen 
> ---
> v2:
>   * rebased on nvme-next
>   * got rid of the second patch (Minwoo)
> 

Argh. I forgot to add Minwoo's Acked-by and the change to the commit
messages that was suggested.

Anyway, would be nice to get this merged before I post v4 of the eedp
series since that will add yet another file in the hw/block directory.


signature.asc
Description: PGP signature

Re: [PATCH 1/1] qga-vss: Use dynamic linking for GLib

[Philippe Mathieu-Daudé]

Cc'ing Paolo/Marc-André/Daniel

On 2/9/21 3:54 PM, Kostiantyn Kostiuk wrote:
> The current GLib version implements the DllMain function. DllMain is also
> present in the provider.cpp code. So in the case of static linking, the
> DllMain redefinition error occurs. For now, just switch to dynamic linking
> and revert this patch when the issue will be solved.
> 
> See Glib issue for more details 
> https://gitlab.gnome.org/GNOME/glib/-/issues/692
> 
> Signed-off-by: Kostiantyn Kostiuk 
> ---
>  qga/vss-win32/meson.build | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/qga/vss-win32/meson.build b/qga/vss-win32/meson.build
> index 780c461432..90825edef3 100644
> --- a/qga/vss-win32/meson.build
> +++ b/qga/vss-win32/meson.build
> @@ -1,5 +1,5 @@
>  if add_languages('cpp', required: false)
> -  glib_static = dependency('glib-2.0', static: true)
> +  glib_dynamic = dependency('glib-2.0', static: false)
>link_args = cc.get_supported_link_arguments(['-fstack-protector-all', 
> '-fstack-protector-strong',
> '-Wl,--add-stdcall-alias', 
> '-Wl,--enable-stdcall-fixup'])
>  
> @@ -8,7 +8,7 @@ if add_languages('cpp', required: false)
>  cpp_args: ['-Wno-unknown-pragmas', 
> '-Wno-delete-non-virtual-dtor', '-Wno-non-virtual-dtor'],
>  link_args: link_args,
>  vs_module_defs: 'qga-vss.def',
> -dependencies: [glib_static, socket,
> +dependencies: [glib_dynamic, socket,
> cc.find_library('ole32'),
> cc.find_library('oleaut32'),
> cc.find_library('shlwapi'),
> 

[PATCH 1/2] coreaudio: Drop support for macOS older than 10.6

[Akihiko Odaki]

Mac OS X 10.6 was released in 2009.

Signed-off-by: Akihiko Odaki 
---
 audio/coreaudio.c | 103 --
 1 file changed, 103 deletions(-)

diff --git a/audio/coreaudio.c b/audio/coreaudio.c
index b7c02e0e516..c5f0b615d64 100644
--- a/audio/coreaudio.c
+++ b/audio/coreaudio.c
@@ -32,10 +32,6 @@
 #define AUDIO_CAP "coreaudio"
 #include "audio_int.h"
 
-#ifndef MAC_OS_X_VERSION_10_6
-#define MAC_OS_X_VERSION_10_6 1060
-#endif
-
 typedef struct coreaudioVoiceOut {
 HWVoiceOut hw;
 pthread_mutex_t mutex;
@@ -45,9 +41,6 @@ typedef struct coreaudioVoiceOut {
 AudioDeviceIOProcID ioprocid;
 } coreaudioVoiceOut;
 
-#if MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6
-/* The APIs used here only become available from 10.6 */
-
 static OSStatus coreaudio_get_voice(AudioDeviceID *id)
 {
 UInt32 size = sizeof(*id);
@@ -169,102 +162,6 @@ static OSStatus coreaudio_get_isrunning(AudioDeviceID id, 
UInt32 *result)
   &size,
   result);
 }
-#else
-/* Legacy versions of functions using deprecated APIs */
-
-static OSStatus coreaudio_get_voice(AudioDeviceID *id)
-{
-UInt32 size = sizeof(*id);
-
-return AudioHardwareGetProperty(
-kAudioHardwarePropertyDefaultOutputDevice,
-&size,
-id);
-}
-
-static OSStatus coreaudio_get_framesizerange(AudioDeviceID id,
- AudioValueRange *framerange)
-{
-UInt32 size = sizeof(*framerange);
-
-return AudioDeviceGetProperty(
-id,
-0,
-0,
-kAudioDevicePropertyBufferFrameSizeRange,
-&size,
-framerange);
-}
-
-static OSStatus coreaudio_get_framesize(AudioDeviceID id, UInt32 *framesize)
-{
-UInt32 size = sizeof(*framesize);
-
-return AudioDeviceGetProperty(
-id,
-0,
-false,
-kAudioDevicePropertyBufferFrameSize,
-&size,
-framesize);
-}
-
-static OSStatus coreaudio_set_framesize(AudioDeviceID id, UInt32 *framesize)
-{
-UInt32 size = sizeof(*framesize);
-
-return AudioDeviceSetProperty(
-id,
-NULL,
-0,
-false,
-kAudioDevicePropertyBufferFrameSize,
-size,
-framesize);
-}
-
-static OSStatus coreaudio_get_streamformat(AudioDeviceID id,
-   AudioStreamBasicDescription *d)
-{
-UInt32 size = sizeof(*d);
-
-return AudioDeviceGetProperty(
-id,
-0,
-false,
-kAudioDevicePropertyStreamFormat,
-&size,
-d);
-}
-
-static OSStatus coreaudio_set_streamformat(AudioDeviceID id,
-   AudioStreamBasicDescription *d)
-{
-UInt32 size = sizeof(*d);
-
-return AudioDeviceSetProperty(
-id,
-0,
-0,
-0,
-kAudioDevicePropertyStreamFormat,
-size,
-d);
-}
-
-static OSStatus coreaudio_get_isrunning(AudioDeviceID id, UInt32 *result)
-{
-UInt32 size = sizeof(*result);
-
-return AudioDeviceGetProperty(
-id,
-0,
-0,
-kAudioDevicePropertyDeviceIsRunning,
-&size,
-result);
-}
-#endif
 
 static void coreaudio_logstatus (OSStatus status)
 {
-- 
2.24.3 (Apple Git-128)

[PATCH 2/2] coreaudio: Handle output device change

[Akihiko Odaki]

An output device change can occur when plugging or unplugging an
earphone.

Signed-off-by: Akihiko Odaki 
---
 audio/coreaudio.c | 327 +-
 1 file changed, 236 insertions(+), 91 deletions(-)

diff --git a/audio/coreaudio.c b/audio/coreaudio.c
index c5f0b615d64..578ec9b8b2e 100644
--- a/audio/coreaudio.c
+++ b/audio/coreaudio.c
@@ -36,22 +36,26 @@ typedef struct coreaudioVoiceOut {
 HWVoiceOut hw;
 pthread_mutex_t mutex;
 AudioDeviceID outputDeviceID;
+int frameSizeSetting;
+uint32_t bufferCount;
 UInt32 audioDevicePropertyBufferFrameSize;
 AudioStreamBasicDescription outputStreamBasicDescription;
 AudioDeviceIOProcID ioprocid;
+bool enabled;
 } coreaudioVoiceOut;
 
+static const AudioObjectPropertyAddress voice_addr = {
+kAudioHardwarePropertyDefaultOutputDevice,
+kAudioObjectPropertyScopeGlobal,
+kAudioObjectPropertyElementMaster
+};
+
 static OSStatus coreaudio_get_voice(AudioDeviceID *id)
 {
 UInt32 size = sizeof(*id);
-AudioObjectPropertyAddress addr = {
-kAudioHardwarePropertyDefaultOutputDevice,
-kAudioObjectPropertyScopeGlobal,
-kAudioObjectPropertyElementMaster
-};
 
 return AudioObjectGetPropertyData(kAudioObjectSystemObject,
-  &addr,
+  &voice_addr,
   0,
   NULL,
   &size,
@@ -253,17 +257,8 @@ static void GCC_FMT_ATTR (3, 4) coreaudio_logerr2 (
 coreaudio_logstatus (status);
 }
 
-static inline UInt32 isPlaying (AudioDeviceID outputDeviceID)
-{
-OSStatus status;
-UInt32 result = 0;
-status = coreaudio_get_isrunning(outputDeviceID, &result);
-if (status != kAudioHardwareNoError) {
-coreaudio_logerr(status,
- "Could not determine whether Device is playing\n");
-}
-return result;
-}
+#define coreaudio_playback_logerr(status, ...) \
+coreaudio_logerr2(status, "playback", __VA_ARGS__)
 
 static int coreaudio_lock (coreaudioVoiceOut *core, const char *fn_name)
 {
@@ -336,6 +331,11 @@ static OSStatus audioDeviceIOProc(
 return 0;
 }
 
+if (inDevice != core->outputDeviceID) {
+coreaudio_unlock (core, "audioDeviceIOProc(old device)");
+return 0;
+}
+
 frameCount = core->audioDevicePropertyBufferFrameSize;
 pending_frames = hw->pending_emul / hw->info.bytes_per_frame;
 
@@ -368,175 +368,320 @@ static OSStatus audioDeviceIOProc(
 return 0;
 }
 
-static int coreaudio_init_out(HWVoiceOut *hw, struct audsettings *as,
-  void *drv_opaque)
+static OSStatus init_out_device(coreaudioVoiceOut *core)
 {
 OSStatus status;
-coreaudioVoiceOut *core = (coreaudioVoiceOut *) hw;
-int err;
-const char *typ = "playback";
 AudioValueRange frameRange;
-Audiodev *dev = drv_opaque;
-AudiodevCoreaudioPerDirectionOptions *cpdo = dev->u.coreaudio.out;
-int frames;
-struct audsettings obt_as;
-
-/* create mutex */
-err = pthread_mutex_init(&core->mutex, NULL);
-if (err) {
-dolog("Could not create mutex\nReason: %s\n", strerror (err));
-return -1;
-}
-
-obt_as = *as;
-as = &obt_as;
-as->fmt = AUDIO_FORMAT_F32;
-audio_pcm_init_info (&hw->info, as);
 
 status = coreaudio_get_voice(&core->outputDeviceID);
 if (status != kAudioHardwareNoError) {
-coreaudio_logerr2 (status, typ,
-   "Could not get default output Device\n");
-return -1;
+coreaudio_playback_logerr (status,
+   "Could not get default output Device\n");
+return status;
 }
 if (core->outputDeviceID == kAudioDeviceUnknown) {
-dolog ("Could not initialize %s - Unknown Audiodevice\n", typ);
-return -1;
+dolog ("Could not initialize playback - Unknown Audiodevice\n");
+return status;
 }
 
 /* get minimum and maximum buffer frame sizes */
 status = coreaudio_get_framesizerange(core->outputDeviceID,
   &frameRange);
+if (status == kAudioHardwareBadObjectError) {
+return 0;
+}
 if (status != kAudioHardwareNoError) {
-coreaudio_logerr2 (status, typ,
-   "Could not get device buffer frame range\n");
-return -1;
+coreaudio_playback_logerr (status,
+"Could not get device buffer frame 
range\n");
+return status;
 }
 
-frames = audio_buffer_frames(
-qapi_AudiodevCoreaudioPerDirectionOptions_base(cpdo), as, 11610);
-if (frameRange.mMinimum > frames) {
+if (frameRange.mMinimum > core->frameSizeSetting) {
 core->audioDevicePropertyBufferFrameSize = (UInt32) 
frameRange.mMinimum;
 dolog ("warning: Upsizing Buffer Frames to %f\n", fr

Re: [RFC PATCH 3/3] hw/block/pflash: use memory_region_init_rom_device_from_file()

[Philippe Mathieu-Daudé]

On 2/26/21 9:23 AM, David Edmondson wrote:
> On Friday, 2021-02-26 at 00:02:38 +01, Philippe Mathieu-Daudé wrote:
> 
>> If the block drive is read-only we will model a "protected" flash
>> device. We can thus use memory_region_init_rom_device_from_file()
>> which mmap the backing file when creating the MemoryRegion.
>> If the same backing file is used by multiple QEMU instances, this
>> reduces the memory footprint (this is often the case with the
>> CODE flash image from OVMF and AAVMF).
>>
>> Suggested-by: Stefan Hajnoczi 
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>  hw/block/pflash_cfi01.c | 20 ++--
>>  hw/block/pflash_cfi02.c | 18 ++
>>  2 files changed, 28 insertions(+), 10 deletions(-)
>>
>> diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
>> index a5fa8d8b74a..5757391df1c 100644
>> --- a/hw/block/pflash_cfi01.c
>> +++ b/hw/block/pflash_cfi01.c
>> @@ -743,11 +743,19 @@ static void pflash_cfi01_realize(DeviceState *dev, 
>> Error **errp)
>>  pfl->ro = 0;
>>  }
>>  
>> -memory_region_init_rom_device(
>> -&pfl->mem, OBJECT(dev),
>> -&pflash_cfi01_ops,
>> -pfl,
>> -pfl->name, total_len, errp);
>> +if (pfl->blk && pfl->ro) {
>> +memory_region_init_rom_device_from_file(&pfl->mem, OBJECT(dev),
>> +&pflash_cfi01_ops, pfl,
>> +pfl->name, total_len,
>> +qemu_real_host_page_size,
>> +RAM_SHARED,
>> +blk_bs(pfl->blk)->filename,
> 
> How will this behave if someone does:
> 
> -drive file=OVMF_CODE.fd.qcow2,index=0,if=pflash,format=qcow2,readonly=on
> 
> Honestly, I'm not sure why they would, but it works today.

OK I can add a check for "raw" driver, but I don't know to check for
offset == 0.

Re: [RFC v1 00/38] arm cleanup experiment for kvm-only build

[Claudio Fontana]

On 2/23/21 10:18 AM, Philippe Mathieu-Daudé wrote:
> On 2/22/21 8:00 PM, Alex Bennée wrote:
>>
>> Claudio Fontana  writes:
>>
>>> Hi all,
>>>
>>> this is an experiment, a cleanup based on and requiring the series
>>> "i386 cleanup PART 2":
>>>
>>> https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg05935.html
>>>
>>> The goal is to split the code between TCG-only and non-TCG code,
>>> fixing the KVM-only build (configure --disable-tcg),
>>>
>>> and laying the ground for further cleanups and the use of the
>>> new accel objects in the hierarchy to specialize the cpu
>>> according to the accelerator.
>>>
>>> This is known to be an early state, with probably a lot of work
>>> still needed.
>>
>> Well early work is looking pretty good:
>>
>>   18:59:22 [alex@idun:~/l/q/b/default] review/arm-cleanup-rfc1|… ± ls -lh 
>> qemu-system-aarch64
>>   -rwxr-xr-x 1 alex alex 107M Feb 22 18:08 qemu-system-aarch64*
>>   18:59:29 [alex@idun:~/l/q/b/default] review/arm-cleanup-rfc1|… ± ls -lh 
>> ../disable.tcg/qemu-system-aarch64
>>   -rwxr-xr-x 1 alex alex 76M Feb 22 17:47 ../disable.tcg/qemu-system-aarch64*
> 
> :~)
> 
>>
>> and I've tested the KVM side works well enough with a basic image.
> 
> 

I am working on the next version, one thing I noticed among others as I get 
close to the v2,
is the fact that tests/ for arm require tcg in many cases.

So there is even more cleanup needed to discern which are actually tcg-only, 
and how to tweak the others into working also with only kvm available..

Ciao,

Claudio

Re: [RFC PATCH 1/3] exec/memory: Introduce memory_region_init_rom_device_from_file()

[Stefano Garzarella]

I don't know this code very well, but I have a couple of comments below 
:-)


On Fri, Feb 26, 2021 at 12:02:36AM +0100, Philippe Mathieu-Daudé wrote:

Introduce memory_region_init_rom_device_from_file() which mmap
the backing file of ROM devices. This allows to reduce QEMU memory
footprint as the same file can be shared between multiple instances
of QEMU.

Signed-off-by: Philippe Mathieu-Daudé 
---
include/exec/memory.h | 85 +
softmmu/memory.c  | 98 +++
2 files changed, 183 insertions(+)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index c6fb714e499..bacf7495003 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -487,6 +487,9 @@ struct MemoryRegion {
const char *name;
unsigned ioeventfd_nb;
MemoryRegionIoeventfd *ioeventfds;
+#ifndef CONFIG_POSIX
+gchar *contents;
+#endif
};

struct IOMMUMemoryRegion {
@@ -1131,6 +1134,43 @@ void 
memory_region_init_rom_device_nomigrate(MemoryRegion *mr,
 uint64_t size,
 Error **errp);

+/**
+ * memory_region_init_rom_device_from_file_nomigrate:
+ * Initialize a ROM memory region from the specified backing file.
+ * Writes are handled via callbacks.
+ *
+ * Note that this function does not do anything to cause the data in the
+ * RAM side of the memory region to be migrated; that is the responsibility
+ * of the caller.
+ *
+ * @mr: the #MemoryRegion to be initialized.
+ * @owner: the object that tracks the region's reference count
+ * @ops: callbacks for write access handling (must not be NULL).
+ * @opaque: passed to the read and write callbacks of the @ops structure.
+ * @name: Region name, becomes part of RAMBlock name used in migration stream
+ *must be unique within any device
+ * @size: size of the region.
+ * @ram_flags: specify the properties of the ram block, which can be one
+ * or bit-or of following values
+ * - RAM_SHARED: mmap the backing file or device with MAP_SHARED
+ * - RAM_PMEM: the backend @mem_path is persistent memory
+ * Other bits are ignored.
+ * @path: specify the backing file
+ * @readonly: true to open @path for reading, false for read/write.
+ * @errp: pointer to Error*, to store an error if it happens.
+ */
+void memory_region_init_rom_device_from_file_nomigrate(MemoryRegion *mr,
+   Object *owner,
+   const MemoryRegionOps 
*ops,
+   void *opaque,
+   const char 
*name,

+   uint64_t size,
+   uint64_t align,
+   uint32_t ram_flags,
+   const char *path,
+   bool readonly,
+   Error **errp);
+
/**
 * memory_region_init_iommu: Initialize a memory region of a custom type
 * that translates addresses
@@ -1249,6 +1289,51 @@ void memory_region_init_rom_device(MemoryRegion *mr,
   Error **errp);


+/**
+ * memory_region_init_rom_device_from_file:
+ * Initialize a ROM memory region from the specified backing file.
+ * Writes are handled via callbacks.
+ *
+ * This function initializes a memory region backed by RAM for reads
+ * and callbacks for writes, and arranges for the RAM backing to
+ * be migrated (by calling vmstate_register_ram()
+ * if @owner is a DeviceState, or vmstate_register_ram_global() if
+ * @owner is NULL).
+ *
+ * TODO: Currently we restrict @owner to being either NULL (for
+ * global RAM regions with no owner) or devices, so that we can
+ * give the RAM block a unique name for migration purposes.
+ * We should lift this restriction and allow arbitrary Objects.
+ * If you pass a non-NULL non-device @owner then we will assert.
+ *
+ * @mr: the #MemoryRegion to be initialized.
+ * @owner: the object that tracks the region's reference count
+ * @ops: callbacks for write access handling (must not be NULL).
+ * @opaque: passed to the read and write callbacks of the @ops structure.
+ * @name: Region name, becomes part of RAMBlock name used in migration stream
+ *must be unique within any device
+ * @size: size of the region.
+ * @ram_flags: specify the properties of the ram block, which can be one
+ * or bit-or of following values
+ * - RAM_SHARED: mmap the backing file or device with MAP_SHARED
+ * - RAM_PMEM: the backend @mem_path is persistent memory
+ * Other bits are ignored.
+ * @path: specify the backing file
+ * @readonly: true to open @path for reading, false for

[RFC PATCH v2 0/3] hw/block/pflash: Mmap read-only backend files with MAP_SHARED

[Philippe Mathieu-Daudé]

Since v1:
- check driver is "raw" (David)
- ignore CFI02 for now

Hi,

This series aims to reduce the memory footprint of flash devices
when the backing file is read-only.

When a backing file is read-only, the model considers the flash
is in "protected" mode. No write are allowed, but the MMIO
state machine is still usable.

This series introduces a new memory region helper to mmap files
and use it with the pflash device (only with read-only backing
files).

The goal is to reduce QEMU's memory footprint when multiple VMs
are instantiated using the same read-only backing file, which is
the case with the CODE flash from OVMF and AAVMF.

Previous attempts:

- Huawei
https://www.mail-archive.com/qemu-devel@nongnu.org/msg607292.html
- Tencent
https://www.mail-archive.com/qemu-devel@nongnu.org/msg742066.html
- Oracle
https://www.mail-archive.com/qemu-devel@nongnu.org/msg760065.html

RFC because yet another approach to tackle this technical debt,
and very little tested.

Regards,

Phil.

Philippe Mathieu-Daudé (3):
  exec/memory: Introduce memory_region_init_rom_device_from_file()
  hw/block/pflash: Move code around
  hw/block/pflash: use memory_region_init_rom_device_from_file()

 include/exec/memory.h   | 85 +++
 hw/block/pflash_cfi01.c | 49 +++--
 hw/block/pflash_cfi02.c | 18 
 softmmu/memory.c| 98 +
 4 files changed, 228 insertions(+), 22 deletions(-)

-- 
2.26.2

[RFC PATCH v2 1/3] exec/memory: Introduce memory_region_init_rom_device_from_file()

[Philippe Mathieu-Daudé]

Introduce memory_region_init_rom_device_from_file() which mmap
the backing file of ROM devices. This allows to reduce QEMU memory
footprint as the same file can be shared between multiple instances
of QEMU.

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/exec/memory.h | 85 +
 softmmu/memory.c  | 98 +++
 2 files changed, 183 insertions(+)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index c6fb714e499..bacf7495003 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -487,6 +487,9 @@ struct MemoryRegion {
 const char *name;
 unsigned ioeventfd_nb;
 MemoryRegionIoeventfd *ioeventfds;
+#ifndef CONFIG_POSIX
+gchar *contents;
+#endif
 };
 
 struct IOMMUMemoryRegion {
@@ -1131,6 +1134,43 @@ void 
memory_region_init_rom_device_nomigrate(MemoryRegion *mr,
  uint64_t size,
  Error **errp);
 
+/**
+ * memory_region_init_rom_device_from_file_nomigrate:
+ * Initialize a ROM memory region from the specified backing file.
+ * Writes are handled via callbacks.
+ *
+ * Note that this function does not do anything to cause the data in the
+ * RAM side of the memory region to be migrated; that is the responsibility
+ * of the caller.
+ *
+ * @mr: the #MemoryRegion to be initialized.
+ * @owner: the object that tracks the region's reference count
+ * @ops: callbacks for write access handling (must not be NULL).
+ * @opaque: passed to the read and write callbacks of the @ops structure.
+ * @name: Region name, becomes part of RAMBlock name used in migration stream
+ *must be unique within any device
+ * @size: size of the region.
+ * @ram_flags: specify the properties of the ram block, which can be one
+ * or bit-or of following values
+ * - RAM_SHARED: mmap the backing file or device with MAP_SHARED
+ * - RAM_PMEM: the backend @mem_path is persistent memory
+ * Other bits are ignored.
+ * @path: specify the backing file
+ * @readonly: true to open @path for reading, false for read/write.
+ * @errp: pointer to Error*, to store an error if it happens.
+ */
+void memory_region_init_rom_device_from_file_nomigrate(MemoryRegion *mr,
+   Object *owner,
+   const MemoryRegionOps 
*ops,
+   void *opaque,
+   const char *name,
+   uint64_t size,
+   uint64_t align,
+   uint32_t ram_flags,
+   const char *path,
+   bool readonly,
+   Error **errp);
+
 /**
  * memory_region_init_iommu: Initialize a memory region of a custom type
  * that translates addresses
@@ -1249,6 +1289,51 @@ void memory_region_init_rom_device(MemoryRegion *mr,
Error **errp);
 
 
+/**
+ * memory_region_init_rom_device_from_file:
+ * Initialize a ROM memory region from the specified backing file.
+ * Writes are handled via callbacks.
+ *
+ * This function initializes a memory region backed by RAM for reads
+ * and callbacks for writes, and arranges for the RAM backing to
+ * be migrated (by calling vmstate_register_ram()
+ * if @owner is a DeviceState, or vmstate_register_ram_global() if
+ * @owner is NULL).
+ *
+ * TODO: Currently we restrict @owner to being either NULL (for
+ * global RAM regions with no owner) or devices, so that we can
+ * give the RAM block a unique name for migration purposes.
+ * We should lift this restriction and allow arbitrary Objects.
+ * If you pass a non-NULL non-device @owner then we will assert.
+ *
+ * @mr: the #MemoryRegion to be initialized.
+ * @owner: the object that tracks the region's reference count
+ * @ops: callbacks for write access handling (must not be NULL).
+ * @opaque: passed to the read and write callbacks of the @ops structure.
+ * @name: Region name, becomes part of RAMBlock name used in migration stream
+ *must be unique within any device
+ * @size: size of the region.
+ * @ram_flags: specify the properties of the ram block, which can be one
+ * or bit-or of following values
+ * - RAM_SHARED: mmap the backing file or device with MAP_SHARED
+ * - RAM_PMEM: the backend @mem_path is persistent memory
+ * Other bits are ignored.
+ * @path: specify the backing file
+ * @readonly: true to open @path for reading, false for read/write.
+ * @errp: pointer to Error*, to store an error if it happens.
+ */
+void memory_region_init_rom_device_from_file(MemoryReg

[RFC PATCH v2 2/3] hw/block/pflash: Move code around

[Philippe Mathieu-Daudé]

First do the block checks, so we know if it is read-only or not.
Then create the MemoryRegion. This will allow optimization in
the next commit.

Reviewed-by: David Edmondson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/block/pflash_cfi01.c | 24 
 hw/block/pflash_cfi02.c | 18 +-
 2 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index 22287a1522e..a5fa8d8b74a 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -731,18 +731,6 @@ static void pflash_cfi01_realize(DeviceState *dev, Error 
**errp)
 }
 device_len = sector_len_per_device * blocks_per_device;
 
-memory_region_init_rom_device(
-&pfl->mem, OBJECT(dev),
-&pflash_cfi01_ops,
-pfl,
-pfl->name, total_len, errp);
-if (*errp) {
-return;
-}
-
-pfl->storage = memory_region_get_ram_ptr(&pfl->mem);
-sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
-
 if (pfl->blk) {
 uint64_t perm;
 pfl->ro = !blk_supports_write_perm(pfl->blk);
@@ -755,6 +743,18 @@ static void pflash_cfi01_realize(DeviceState *dev, Error 
**errp)
 pfl->ro = 0;
 }
 
+memory_region_init_rom_device(
+&pfl->mem, OBJECT(dev),
+&pflash_cfi01_ops,
+pfl,
+pfl->name, total_len, errp);
+if (*errp) {
+return;
+}
+
+pfl->storage = memory_region_get_ram_ptr(&pfl->mem);
+sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
+
 if (pfl->blk) {
 if (!blk_check_size_and_read_all(pfl->blk, pfl->storage, total_len,
  errp)) {
diff --git a/hw/block/pflash_cfi02.c b/hw/block/pflash_cfi02.c
index 7962cff7455..4f62ce8917d 100644
--- a/hw/block/pflash_cfi02.c
+++ b/hw/block/pflash_cfi02.c
@@ -791,15 +791,6 @@ static void pflash_cfi02_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
-memory_region_init_rom_device(&pfl->orig_mem, OBJECT(pfl),
-  &pflash_cfi02_ops, pfl, pfl->name,
-  pfl->chip_len, errp);
-if (*errp) {
-return;
-}
-
-pfl->storage = memory_region_get_ram_ptr(&pfl->orig_mem);
-
 if (pfl->blk) {
 uint64_t perm;
 pfl->ro = !blk_supports_write_perm(pfl->blk);
@@ -812,6 +803,15 @@ static void pflash_cfi02_realize(DeviceState *dev, Error 
**errp)
 pfl->ro = 0;
 }
 
+memory_region_init_rom_device(&pfl->orig_mem, OBJECT(pfl),
+  &pflash_cfi02_ops, pfl, pfl->name,
+  pfl->chip_len, errp);
+if (*errp) {
+return;
+}
+
+pfl->storage = memory_region_get_ram_ptr(&pfl->orig_mem);
+
 if (pfl->blk) {
 if (!blk_check_size_and_read_all(pfl->blk, pfl->storage,
  pfl->chip_len, errp)) {
-- 
2.26.2

Re: [PATCH v2 19/31] qapi/qom: QAPIfy object-add

[Kevin Wolf]

Am 26.02.2021 um 12:30 hat Paolo Bonzini geschrieben:
> On 24/02/21 14:52, Kevin Wolf wrote:
> > +v = qobject_output_visitor_new(&qobj);
> > +visit_type_ObjectOptions(v, NULL, &options, &error_abort);
> > +visit_complete(v, &qobj);
> > +visit_free(v);
> > +
> > +props = qobject_to(QDict, qobj);
> > +qdict_del(props, "qom-type");
> > +qdict_del(props, "id");
> > +
> > +v = qobject_input_visitor_new(QOBJECT(props));
> > +obj = user_creatable_add_type(ObjectType_str(options->qom_type),
> > +  options->id, props, v, errp);
> > +object_unref(obj);
> 
> Please add a check in object_property_add_child that the id is well formed
> (using the id_wellformed function).  This is pre-existing, but it becomes a
> regression for -object later in the series.

Are the conditions for internally called object_property_add_child()
actually the same as for IDs specified by the user? For example, I seem
to remember some array-ish properties with [] in their name which aren't
allowed by id_wellformed().

The obvious place to affect only the external interfaces would be
user_creatable_add_type().

Kevin

[RFC PATCH v2 3/3] hw/block/pflash: use memory_region_init_rom_device_from_file()

[Philippe Mathieu-Daudé]

If the block drive is read-only we will model a "protected" flash
device. We can thus use memory_region_init_rom_device_from_file()
which mmap the backing file when creating the MemoryRegion.
If the same backing file is used by multiple QEMU instances, this
reduces the memory footprint (this is often the case with the
CODE flash image from OVMF and AAVMF).

Suggested-by: Stefan Hajnoczi 
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/block/pflash_cfi01.c | 39 +++
 1 file changed, 31 insertions(+), 8 deletions(-)

diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index a5fa8d8b74a..ec290636298 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -702,6 +702,7 @@ static void pflash_cfi01_realize(DeviceState *dev, Error 
**errp)
 int ret;
 uint64_t blocks_per_device, sector_len_per_device, device_len;
 int num_devices;
+bool romd_mr_shared_mapped;
 
 if (pfl->sector_len == 0) {
 error_setg(errp, "attribute \"sector-length\" not specified or zero.");
@@ -743,19 +744,41 @@ static void pflash_cfi01_realize(DeviceState *dev, Error 
**errp)
 pfl->ro = 0;
 }
 
-memory_region_init_rom_device(
-&pfl->mem, OBJECT(dev),
-&pflash_cfi01_ops,
-pfl,
-pfl->name, total_len, errp);
-if (*errp) {
-return;
+if (pfl->ro && pfl->blk) {
+BlockDriverState *bs = blk_bs(pfl->blk);
+
+/* If "raw" driver used, try to mmap the backing file as RAM_SHARED */
+if (bs->drv == &bdrv_raw) { /* FIXME check offset=0 ? */
+Error *local_err = NULL;
+
+memory_region_init_rom_device_from_file(&pfl->mem, OBJECT(dev),
+&pflash_cfi01_ops, pfl,
+pfl->name, total_len,
+qemu_real_host_page_size,
+RAM_SHARED,
+bs->exact_filename,
+true, &local_err);
+if (local_err) {
+error_report_err(local_err);
+/* fall back to memory_region_init_rom_device() */
+} else {
+romd_mr_shared_mapped = true;
+}
+}
+}
+if (!romd_mr_shared_mapped) {
+memory_region_init_rom_device(&pfl->mem, OBJECT(dev),
+  &pflash_cfi01_ops, pfl,
+  pfl->name, total_len, errp);
+if (*errp) {
+return;
+}
 }
 
 pfl->storage = memory_region_get_ram_ptr(&pfl->mem);
 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
 
-if (pfl->blk) {
+if (pfl->blk && !romd_mr_shared_mapped) {
 if (!blk_check_size_and_read_all(pfl->blk, pfl->storage, total_len,
  errp)) {
 vmstate_unregister_ram(&pfl->mem, DEVICE(pfl));
-- 
2.26.2

Re: [virtio-dev] [VHOST USER SPEC PATCH] vhost-user.rst: add clarifying language about protocol negotiation

[Alex Bennée]

Stefan Hajnoczi  writes:

> On Fri, Feb 26, 2021 at 11:16:19AM +, Alex Bennée wrote:
>> In practice the protocol negotiation between vhost master and slave
>> occurs before the final feature negotiation between backend and
>> frontend. This has lead to an inconsistency between the rust-vmm vhost
>> implementation and the libvhost-user library in their approaches to
>> checking if all the requirements for REPLY_ACK processing were met.
>> As this is purely a function of the protocol negotiation and not of
>> interest to the frontend lets make the language clearer about the
>> requirements for a successfully negotiated protocol feature.
>> 
>> Signed-off-by: Alex Bennée 
>> Cc: Jiang Liu 
>> ---
>>  docs/interop/vhost-user.rst | 14 --
>>  1 file changed, 12 insertions(+), 2 deletions(-)
>
> I had difficulty understanding this change and its purpose. I think it's
> emphasizing what the spec already says: VHOST_USER_SET_PROTOCOL_FEATURES
> can be sent after VHOST_USER_F_PROTOCOL_FEATURES was reported by
> VHOST_USER_GET_FEATURES.

Well and also the protocol feature is considered negotiated after that
sequence and doesn't require the feature bit to also be negotiated. I
think I read the spec properly when I submitted:

  https://github.com/rust-vmm/vhost/pull/24

however it was implied rather than explicit. I was hoping to make that
clearer but obviously I've failed with this iteration.

> BTW Paolo has just sent a patch here to use the terms "frontend" and
> "backend" with different meanings from how you are using them:
> https://lists.nongnu.org/archive/html/qemu-devel/2021-02/msg08347.html

Yeah we have mixed up terminology - the relationship between QEMU and a
vhost-user daemon is separate from the relationship between a VirtIO
device driver (in the guest) and the device implementation (as done by
the combination of QEMU and the vhost-user daemon).

I wish we had clearer terminology sections throughout both specs.

>
>> diff --git a/docs/interop/vhost-user.rst b/docs/interop/vhost-user.rst
>> index d6085f7045..3ac221a8c7 100644
>> --- a/docs/interop/vhost-user.rst
>> +++ b/docs/interop/vhost-user.rst
>> @@ -301,12 +301,22 @@ If *slave* detects some error such as incompatible 
>> features, it may also
>>  close the connection. This should only happen in exceptional circumstances.
>>  
>>  Any protocol extensions are gated by protocol feature bits, which
>> -allows full backwards compatibility on both master and slave.  As
>> -older slaves don't support negotiating protocol features, a feature
>> +allows full backwards compatibility on both master and slave. As older
>> +slaves don't support negotiating protocol features, a device feature
>>  bit was dedicated for this purpose::
>>  
>>#define VHOST_USER_F_PROTOCOL_FEATURES 30
>>  
>> +However as the protocol negotiation something that only occurs between
>
> Missing "is". Shortening the sentence fixes that without losing clarity:
> s/something that/negotiation/
>
>> +parts of the backend implementation it is permissible to for the master
>
> "vhost-user device backend" is often used to refer to the slave (to
> avoid saying the word "slave") but "backend" is being used in a
> different sense here. That is confusing.
>
>> +to mask the feature bit from the guest.
>
> I think this sentence effectively says "the master MAY mask the
> VHOST_USER_F_PROTOCOL_FEATURES bit from the VIRTIO feature bits". That
> is not really accurate since VIRTIO devices do not advertise this
> feature bit and so it can never be negotiated through the VIRTIO feature
> negotiation process.
>
> How about referring to the details from the VIRTIO 1.1 specification
> instead. Something like this:
>
>   Note that VHOST_USER_F_PROTOCOL_FEATURES is the UNUSED (30) feature
>   bit defined in `VIRTIO 1.1 6.3 Legacy Interface: Reserved Feature Bits
>   
> `_.
>   VIRTIO devices do not advertise this feature bit and therefore VIRTIO
>   drivers cannot negotiate it.
>
>   This reserved feature bit was reused by the vhost-user protocol to add
>   vhost-user protocol feature negotiation in a backwards compatible
>   fashion. Old vhost-user master and slave implementations continue to
>   work even though they are not aware of vhost-user protocol feature
>   negotiation.

OK - so does that mean that feature bit will remain UNUSED for ever
more?

What about other feature bits? Is it permissible for the
master/requester/vhost-user front-end/QEMU to filter any other feature
bits the slave/vhost-user backend/daemon may offer from being read by
the guest driver when it reads the feature bits?

>
>> As noted for the
>> +``VHOST_USER_GET_PROTOCOL_FEATURES`` and
>> +``VHOST_USER_SET_PROTOCOL_FEATURES`` messages this occurs before a
>> +final ``VHOST_USER_SET_FEATURES`` comes from the guest.
>
> I couldn't find any place where vhost-user.rst states that
> VHOST_USER_SET_PROTOCOL_FEATURES has to come befo

Re: [PATCH 08/25] hmp: replace "O" parser with keyval

[Paolo Bonzini]

On 01/03/21 11:43, Markus Armbruster wrote:


With proper initialization, I get

 {
 "driver": "help"
 }

instead.  If this change is okay, the commit message should explain it.


Matches "qemu-system-x86_64 -device help,e1000", so it should be okay.

Paolo

Re: [RFC PATCH v2 3/4] block: Support multiple reopening with x-blockdev-reopen

[Vladimir Sementsov-Ogievskiy]

01.03.2021 14:07, Kevin Wolf wrote:

Am 25.02.2021 um 18:02 hat Vladimir Sementsov-Ogievskiy geschrieben:

24.02.2021 15:33, Kevin Wolf wrote:

Am 09.02.2021 um 09:03 hat Vladimir Sementsov-Ogievskiy geschrieben:

08.02.2021 21:44, Alberto Garcia wrote:

Signed-off-by: Alberto Garcia 
---
qapi/block-core.json   |  2 +-
include/block/block.h  |  1 +
block.c| 16 +--
blockdev.c | 85 +-
tests/qemu-iotests/155 |  9 ++--
tests/qemu-iotests/165 |  4 +-
tests/qemu-iotests/245 | 27 +++-
tests/qemu-iotests/248 |  2 +-
tests/qemu-iotests/248.out |  2 +-
tests/qemu-iotests/298 |  4 +-
10 files changed, 89 insertions(+), 63 deletions(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index c0e7c23331..b9fcf20a81 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -4177,7 +4177,7 @@
# Since: 4.0
##
{ 'command': 'x-blockdev-reopen',
-  'data': 'BlockdevOptions', 'boxed': true }
+  'data': { 'options': ['BlockdevOptions'] } }


Do we also want to drop x- prefix?


libvirt really wants to have a stable blockdev-reopen interface in 6.0
because enabling the incremental backup code depends on this (they just
toggle the readonly flag if I understand correctly, so most of the work
we're currently doing isn't even relevant at this moment for libvirt).


Do you know what is the case exactly? If they do it to remove dirty bitmap
from backing image after snapshot operation, probably we'd better improve
block-dirty-bitmap-remove command to be able to reopen r-o image?

(I just recently faced such a task)


I think it was to switch nodes between read-only and read-write, but I
don't remember the exact context.



I already don't think that making implicit reopen-to-rw is a good idea. It's OK 
for blockdev-commit, but may be unexpected for bitmaps manipulation.




Given that the soft freeze is coming closer (March 16), I wonder if we
should just make this API change and declare the interface stable. We
can then make Vladimir's fixes and the file reopening on top of it - if
it's in time for 6.0, that would be good, but if not we could move it to
6.1 without impacting libvirt.

I think we're reasonable confident that the QAPI interfaces are right,
even if maybe not that all aspects of the implementation are right yet.

What do you think?


I think it's OK.. We have it since 4.0. What will we win keeping -x
for years? Even latest change from updating one device to several
could be easily done with help of 'alternate' if the command was
already stable.


I think your series is kind of important to really call the
implementation stable. We can always feature flags to indicate the fixes
if necessary, but it would still feel better to declare something stable
that doesn't have known bugs. :-)

Do you think your series will still take a while? Maybe my first
comments sounded a bit negative because it was really hard to review at
first without knowing the final state, but after all I think the
approach is sane and apart from some implementation details, we're not
that far away from getting it into a mergable state.



Thanks :)

I'm now busy with our bugs for Virtuozzo release.. Still, I hope, I'll have a 
chance to reroll permission-update series this week.

--
Best regards,
Vladimir

Re: [RFC PATCH 1/3] exec/memory: Introduce memory_region_init_rom_device_from_file()

[Philippe Mathieu-Daudé]

On 3/1/21 12:53 PM, Stefano Garzarella wrote:
> I don't know this code very well, but I have a couple of comments below :-)
> 
> On Fri, Feb 26, 2021 at 12:02:36AM +0100, Philippe Mathieu-Daudé wrote:
>> Introduce memory_region_init_rom_device_from_file() which mmap
>> the backing file of ROM devices. This allows to reduce QEMU memory
>> footprint as the same file can be shared between multiple instances
>> of QEMU.
>>
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>> include/exec/memory.h | 85 +
>> softmmu/memory.c  | 98 +++
>> 2 files changed, 183 insertions(+)
...
>> +void memory_region_init_rom_device_from_file_nomigrate(MemoryRegion *mr,
>> +   Object *owner,
>> +   const
>> MemoryRegionOps *ops,
>> +   void *opaque,
>> +   const char *name,
>> +   uint64_t size,
>> +   uint64_t align,
>> +   uint32_t
>> ram_flags,
>> +   const char *path,
>> +   bool readonly,
>> +   Error **errp)
>> +{
>> +    Error *err = NULL;
>> +
>> +    assert(ops);
>> +#ifdef CONFIG_POSIX
>> +    memory_region_init(mr, owner, name, size);
>> +    mr->opaque = opaque;
>> +    mr->ops = ops;
>> +    mr->rom_device = true;
>> +    mr->readonly = readonly;
>> +    mr->ram = true;
>> +    mr->align = align;
>> +    mr->terminates = true;
>> +    mr->destructor = memory_region_destructor_ram;
>> +    mr->ram_block = qemu_ram_alloc_from_file(size, mr, ram_flags, path,
>> + readonly, &err);
>> +    if (err) {
>> +    mr->size = int128_zero();
>> +    object_unparent(OBJECT(mr));
>> +    error_propagate(errp, err);
>> +    }
>> +#else
>> +    g_autoptr(GError) gerr = NULL;
>> +    gsize len;
>> +
>> +    memory_region_init(mr, owner, name, size);
>> +    mr->ops = ops;
>> +    mr->opaque = opaque;
>> +    mr->terminates = true;
>> +    mr->rom_device = true;
> 
> Why when CONFIG_POSIX is defined we set 'mr->ram', 'mr->align', and
> 'mr->readonly = readonly' but not here?
> (I honestly don't know if they are important, I ask out of curiosity.  :-)

I suppose we should and I forgot :/

> 
>> +
>> +    if (!g_file_get_contents(path, &mr->contents, &len, &gerr)) {
> 
> Should we do these steps in case of an error?
> 
>   mr->size = int128_zero();
>   object_unparent(OBJECT(mr));

Yes...

> 
>> +    error_setg(errp, "Unable to read '%s': %s", path,
>> gerr->message);
>> +    return;
>> +    }
>> +    mr->destructor = memory_region_destructor_contents;
>> +    mr->contents = g_realloc(mr->contents, size);
>> +    mr->ram_block = qemu_ram_alloc_from_ptr(size, mr->contents, mr,
>> &err);
>> +    if (err) {
>> +    mr->size = int128_zero();
>> +    object_unparent(OBJECT(mr));
>> +    error_propagate(errp, err);
>> +    }
>> +#endif
> 
> Maybe I would reorganize the code inside ifdef like this:
> 
>     memory_region_init(mr, owner, name, size);
>     mr->opaque = opaque;
>     ...
>     #ifdef CONFIG_POSIX
>     mr->destructor = memory_region_destructor_ram;
>     mr->ram_block = qemu_ram_alloc_from_file(...);
>     #else
>     if (!g_file_get_contents(..)) {
>     ...
>     }
>     mr->destructor = memory_region_destructor_contents;
>     mr->contents = g_realloc(mr->contents, size);
>     mr->ram_block = qemu_ram_alloc_from_ptr(...)
>     #endif
> 
>     if (err) {
>     ...
>     }

Yes, thanks :)

> 
> I don't have a strong opinion, just an idea.
> 
> Thanks,
> Stefano

Re: [PATCH v3 06/21] sd: emmc: Update CMD8 to send EXT_CSD register

[Cédric Le Goater]

On 2/28/21 8:33 PM, Sai Pavan Boddu wrote:
> From: Vincent Palatin 
> 
> Sends the EXT_CSD register as response to CMD8.
> 
> Signed-off-by: Vincent Palatin 
> Signed-off-by: Sai Pavan Boddu 
> ---
>  hw/sd/sd.c | 52 
>  1 file changed, 36 insertions(+), 16 deletions(-)
> 
> diff --git a/hw/sd/sd.c b/hw/sd/sd.c
> index a26695b..181e7e2 100644
> --- a/hw/sd/sd.c
> +++ b/hw/sd/sd.c
> @@ -1141,24 +1141,37 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, 
> SDRequest req)
>  }
>  break;
>  
> -case 8: /* CMD8:   SEND_IF_COND */
> -if (sd->spec_version < SD_PHY_SPECv2_00_VERS) {
> -break;
> -}
> -if (sd->state != sd_idle_state) {
> -break;
> -}
> -sd->vhs = 0;
> -
> -/* No response if not exactly one VHS bit is set.  */
> -if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
> -return sd->spi ? sd_r7 : sd_r0;
> -}
> +case 8:/* CMD8:   SEND_IF_COND / SEND_EXT_CSD */
> +if (sd->emmc) {
> +switch (sd->state) {
> +case sd_transfer_state:
> +/* MMC : Sends the EXT_CSD register as a Block of data */
> +sd->state = sd_sendingdata_state;
> +memcpy(sd->data, sd->ext_csd, sizeof(sd->ext_csd));
> +sd->data_start = addr;
> +sd->data_offset = 0;
> +return sd_r1;
> +default:
> +break;
> +}

This is big enough to be a SDCardClass handler.

Thanks,

C.


> +} else {
> +if (sd->spec_version < SD_PHY_SPECv2_00_VERS) {
> +break;
> +}
> +if (sd->state != sd_idle_state) {
> +break;
> +}
> +sd->vhs = 0;
>  
> -/* Accept.  */
> -sd->vhs = req.arg;
> -return sd_r7;
> +/* No response if not exactly one VHS bit is set.  */
> +if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 
> 1))) {
> +return sd->spi ? sd_r7 : sd_r0;
> +}
>  
> +/* Accept.  */
> +sd->vhs = req.arg;
> +return sd_r7;
> +}
>  case 9: /* CMD9:   SEND_CSD */
>  switch (sd->state) {
>  case sd_standby_state:
> @@ -2081,6 +2094,13 @@ uint8_t sd_read_byte(SDState *sd)
>  sd->state = sd_transfer_state;
>  break;
>  
> +case 8: /* CMD8: SEND_EXT_CSD on MMC */
> +ret = sd->data[sd->data_offset++];
> +if (sd->data_offset >= sizeof(sd->ext_csd)) {
> +sd->state = sd_transfer_state;
> +}
> +break;
> +
>  case 9: /* CMD9:   SEND_CSD */
>  case 10:/* CMD10:  SEND_CID */
>  ret = sd->data[sd->data_offset ++];
> 

Re: [PATCH v3 07/21] sd: sdmmc-internal: Add command string for SEND_OP_CMD

[Cédric Le Goater]

On 2/28/21 8:33 PM, Sai Pavan Boddu wrote:
> From: Cédric Le Goater 
> 
> This adds extra info to trace log.
> 
> Signed-off-by: Sai Pavan Boddu 

>From and Signed-off-by are not in sync :)

C.

> ---
>  hw/sd/sdmmc-internal.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/sd/sdmmc-internal.c b/hw/sd/sdmmc-internal.c
> index 2053def..8648a78 100644
> --- a/hw/sd/sdmmc-internal.c
> +++ b/hw/sd/sdmmc-internal.c
> @@ -14,7 +14,7 @@
>  const char *sd_cmd_name(uint8_t cmd)
>  {
>  static const char *cmd_abbrev[SDMMC_CMD_MAX] = {
> - [0]= "GO_IDLE_STATE",
> + [0]= "GO_IDLE_STATE",   [1]= "SEND_OP_CMD",
>   [2]= "ALL_SEND_CID",[3]= "SEND_RELATIVE_ADDR",
>   [4]= "SET_DSR", [5]= "IO_SEND_OP_COND",
>   [6]= "SWITCH_FUNC", [7]= "SELECT/DESELECT_CARD",
>