Re: [Bug 1923663] [NEW] Can't(?) disable default floppy drive any more in qemu 6.0

2021-04-14 Thread Markus Armbruster 
Adam Williamson <1923...@bugs.launchpad.net> writes:

> Public bug reported:
>
> There's a documented change in qemu 6.0:
>
> https://qemu-project.gitlab.io/qemu/system/removed-features.html#floppy-
> controllers-drive-properties-removed-in-6-0
>
> where you can't configure floppy controller device properties with
> -global any more. However, there's a thing you could do with the old
> parameter which I can't figure out a way to do with the documented
> replacement. openQA passed exactly this argument:
>
> -global isa-fdc.driveA=
>
> and that has the effect of removing/disabling the default floppy
> drive/controller. If you just run `qemu-system-i686` (no other args)
> you'll see the VM briefly try to boot from a floppy drive; if you run
> `qemu-system-i686 -global isa-fdc.driveA=` (with an earlier version of
> qemu, obviously) you'll see it does not do so.
>
> I can't see a way to do this with `-device floppy`. Going by the docs,
> the equivalent should be:
>
> -device floppy,unit=0,drive=
>
> but that does not seem to have the same effect. If you run `qemu-
> system-i686 -device floppy,unit=0,drive=`, it still tries to boot from a
> floppy drive.
>
> I see there's a -nodefaults option that disables *all* default devices,
> but I don't think that's what we want here either. We might want the
> other default devices, we just don't want the floppy drive.

= Short answer =

In my opinion, management applications are better off with -nodefaults.
It's easier to understand than the complicated mess I'm going to
describe under "Long answer" below.

If you'd prefer not to, try -global isa-fdc.fdtypeA=none.


= Long answer =

-global isa-fdc.driveA= worked.  Whether it was supported usage or
accidental dirt effect is unclear.  Doesn't matter now.

-nodefaults suppresses a number of backends:

* Character device backend for a serial device

  Also suppressed when -serial ... or -device isa-serial,... or -global
  isa-serial.PROP=VAL is given, or the machine type opts out of this
  backend.

  Backend configuration depends on other options; too complicated to
  explain here.

* Character device backend for a parallel device

  Also suppressed when -parallel ... or -device isa-parallel,... or
  -global isa-parallel.PROP=VAL is given,  or the machine type opts out
  of this backend.

  Backend configuration depends on other options; too complicated to
  explain here.

* Block device backend a floppy device

  Also suppressed when -device isa-fdc,... or -global isa-fdc.PROP=VAL
  or -device floppy or -global floppy.PROP=VAL is given, or the machine
  type opts out of this backend.

* Block device backend a CD-ROM device

  Also suppressed when -device {ide,scsi}-{cd,hd},... or -global
  {ide,scsi}-{cd,hd}.PROP=VAL is given, or the machine type opts out of
  this backend.

* SD card

  Also suppressed when the machine type opts out of this backend.

When a backend exists, the machine type may

* Create a frontend (a.k.a. device model) connected to the backend

* Ignore the backend silently

* Complain about the useless backend

-nodefaults additionally suppresses:

* Default HMP monitor

  Also suppressed when -monitor or -qmp or -qmp-pretty or -mon or
  -serial mon:... or -parallel mon:... is given.

  Monitor configuration depends on other options; too complicated to
  explain here.

* Default network frontend (-net nic) and backend (-net user)

  Also suppressed when -netdev or -nic or -net is given.

  Default backend is only done when we have SLIRP.

* Default VGA type, if any

  Actual type depends on the machine machine type.  Set to "none" when
  -vga or -device DRV,... or -global DRV.PROP=VAL is given, where DRV is
  a VGA device model.

  When the type is not "none", the machine type may:

  * Create a device of that type

  * Ignore the type silently

  * Complain about the type

* Additional stuff depending on the machine type


Questions?

[PATCH] hw/block/nvme: remove redundant invalid_lba_range trace

2021-04-14 Thread Gollu Appalanaidu 
Currently pci_nvme_err_invalid_lba_range tace being called indvidually
at each function, add this in nvme_check_bounds and remove redundant
usage of it.

Signed-off-by: Gollu Appalanaidu 
---
 hw/block/nvme.c | 9 +
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 6842b01ab5..c67d3315a1 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -1424,6 +1424,7 @@ static inline uint16_t nvme_check_bounds(NvmeNamespace 
*ns, uint64_t slba,
 uint64_t nsze = le64_to_cpu(ns->id_ns.nsze);
 
 if (unlikely(UINT64_MAX - slba < nlb || slba + nlb > nsze)) {
+trace_pci_nvme_err_invalid_lba_range(slba, nlb, nsze);
 return NVME_LBA_RANGE | NVME_DNR;
 }
 
@@ -2266,7 +2267,6 @@ static void nvme_copy_in_complete(NvmeRequest *req)
 
 status = nvme_check_bounds(ns, sdlba, ctx->nlb);
 if (status) {
-trace_pci_nvme_err_invalid_lba_range(sdlba, ctx->nlb, ns->id_ns.nsze);
 goto invalid;
 }
 
@@ -2528,8 +2528,6 @@ static uint16_t nvme_dsm(NvmeCtrl *n, NvmeRequest *req)
 uint32_t nlb = le32_to_cpu(range[i].nlb);
 
 if (nvme_check_bounds(ns, slba, nlb)) {
-trace_pci_nvme_err_invalid_lba_range(slba, nlb,
- ns->id_ns.nsze);
 continue;
 }
 
@@ -2602,7 +2600,6 @@ static uint16_t nvme_verify(NvmeCtrl *n, NvmeRequest *req)
 
 status = nvme_check_bounds(ns, slba, nlb);
 if (status) {
-trace_pci_nvme_err_invalid_lba_range(slba, nlb, ns->id_ns.nsze);
 return status;
 }
 
@@ -2687,7 +2684,6 @@ static uint16_t nvme_copy(NvmeCtrl *n, NvmeRequest *req)
 
 status = nvme_check_bounds(ns, slba, _nlb);
 if (status) {
-trace_pci_nvme_err_invalid_lba_range(slba, _nlb, ns->id_ns.nsze);
 goto out;
 }
 
@@ -2816,7 +2812,6 @@ static uint16_t nvme_compare(NvmeCtrl *n, NvmeRequest 
*req)
 
 status = nvme_check_bounds(ns, slba, nlb);
 if (status) {
-trace_pci_nvme_err_invalid_lba_range(slba, nlb, ns->id_ns.nsze);
 return status;
 }
 
@@ -2935,7 +2930,6 @@ static uint16_t nvme_read(NvmeCtrl *n, NvmeRequest *req)
 
 status = nvme_check_bounds(ns, slba, nlb);
 if (status) {
-trace_pci_nvme_err_invalid_lba_range(slba, nlb, ns->id_ns.nsze);
 goto invalid;
 }
 
@@ -3015,7 +3009,6 @@ static uint16_t nvme_do_write(NvmeCtrl *n, NvmeRequest 
*req, bool append,
 
 status = nvme_check_bounds(ns, slba, nlb);
 if (status) {
-trace_pci_nvme_err_invalid_lba_range(slba, nlb, ns->id_ns.nsze);
 goto invalid;
 }
 
-- 
2.17.1

Re: [PATCH] cutils: fix memory leak in get_relocated_path()

2021-04-14 Thread Marc-André Lureau 
On Mon, Apr 12, 2021 at 9:06 PM Stefano Garzarella 
wrote:

> get_relocated_path() allocates a GString object and returns the
> character data (C string) to the caller without freeing the memory
> allocated for that object as reported by valgrind:
>
>   24 bytes in 1 blocks are definitely lost in loss record 2,805 of 6,532
>  at 0x4839809: malloc (vg_replace_malloc.c:307)
>  by 0x55AABB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
>  by 0x55C2481: g_slice_alloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
>  by 0x55C4827: g_string_sized_new (in
> /usr/lib64/libglib-2.0.so.0.6600.8)
>  by 0x55C4CEA: g_string_new (in /usr/lib64/libglib-2.0.so.0.6600.8)
>  by 0x906314: get_relocated_path (cutils.c:1036)
>  by 0x6E1F77: qemu_read_default_config_file (vl.c:2122)
>  by 0x6E1F77: qemu_init (vl.c:2687)
>  by 0x3E3AF8: main (main.c:49)
>
> Let's use g_string_free(gstring, false) to free only the GString object
> and transfer the ownership of the character data to the caller.
>
> Fixes: f4f5ed2cbd ("cutils: introduce get_relocated_path")
> Signed-off-by: Stefano Garzarella 
>


Reviewed-by: Marc-André Lureau 

---
>  util/cutils.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/util/cutils.c b/util/cutils.c
> index ee908486da..c9b91e7535 100644
> --- a/util/cutils.c
> +++ b/util/cutils.c
> @@ -1055,5 +1055,5 @@ char *get_relocated_path(const char *dir)
>  assert(G_IS_DIR_SEPARATOR(dir[-1]));
>  g_string_append(result, dir - 1);
>  }
> -return result->str;
> +return g_string_free(result, false);
>  }
> --
> 2.30.2
>
>
>

-- 
Marc-André Lureau

Re: [PATCH v2] target/s390x: Fix translation exception on illegal instruction

2021-04-14 Thread David Hildenbrand 

On 13.04.21 18:52, Ilya Leoshkevich wrote:

Hitting an uretprobe in a s390x TCG guest causes a SIGSEGV. What
happens is:

* uretprobe maps a userspace page containing an invalid instruction.
* uretprobe replaces the target function's return address with the
   address of that page.
* When tb_gen_code() is called on that page, tb->size ends up being 0
   (because the page starts with the invalid instruction), which causes
   virt_page2 to point to the previous page.
* The previous page is not mapped, so this causes a spurious
   translation exception.

The bug is that tb->size must never be 0: even if there is an illegal
instruction, the instruction bytes that have been looked at must count
towards tb->size. So adjust s390x's translate_one() to act this way
for both illegal instructions and instructions that are known to
generate exceptions.

Also add an assertion to tb_gen_code() in order to detect such
situations in future.

Signed-off-by: Ilya Leoshkevich 
---

v1: https://lists.nongnu.org/archive/html/qemu-devel/2021-04/msg02037.html
v1 -> v2: Fix target/s390x instead of trying to tolerate tb->size == 0
   in tb_gen_code().

  accel/tcg/translate-all.c |  1 +
  target/s390x/translate.c  | 16 +++-
  2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index ba6ab09790..93b2dae112 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -1913,6 +1913,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
  
  tcg_ctx->cpu = env_cpu(env);

  gen_intermediate_code(cpu, tb, max_insns);
+assert(tb->size != 0);
  tcg_ctx->cpu = NULL;
  max_insns = tb->icount;
  
diff --git a/target/s390x/translate.c b/target/s390x/translate.c

index 4f953ddfba..e243624d2a 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -6412,7 +6412,8 @@ static DisasJumpType translate_one(CPUS390XState *env, 
DisasContext *s)
  qemu_log_mask(LOG_UNIMP, "unimplemented opcode 0x%02x%02x\n",
s->fields.op, s->fields.op2);
  gen_illegal_opcode(s);
-return DISAS_NORETURN;
+ret = DISAS_NORETURN;
+goto out;
  }
  
  #ifndef CONFIG_USER_ONLY

@@ -6428,7 +6429,8 @@ static DisasJumpType translate_one(CPUS390XState *env, 
DisasContext *s)
  /* privileged instruction */
  if ((s->base.tb->flags & FLAG_MASK_PSTATE) && (insn->flags & 
IF_PRIV)) {
  gen_program_exception(s, PGM_PRIVILEGED);
-return DISAS_NORETURN;
+ret = DISAS_NORETURN;
+goto out;
  }
  
  /* if AFP is not enabled, instructions and registers are forbidden */

@@ -6455,7 +6457,8 @@ static DisasJumpType translate_one(CPUS390XState *env, 
DisasContext *s)
  }
  if (dxc) {
  gen_data_exception(dxc);
-return DISAS_NORETURN;
+ret = DISAS_NORETURN;
+goto out;
  }
  }
  
@@ -6463,7 +6466,8 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s)

  if (insn->flags & IF_VEC) {
  if (!((s->base.tb->flags & FLAG_MASK_VECTOR))) {
  gen_data_exception(0xfe);
-return DISAS_NORETURN;
+ret = DISAS_NORETURN;
+goto out;
  }
  }
  
@@ -6484,7 +6488,8 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s)

  (insn->spec & SPEC_r1_f128 && !is_fp_pair(get_field(s, r1))) ||
  (insn->spec & SPEC_r2_f128 && !is_fp_pair(get_field(s, r2 {
  gen_program_exception(s, PGM_SPECIFICATION);
-return DISAS_NORETURN;
+ret = DISAS_NORETURN;
+goto out;
  }
  }
  
@@ -6544,6 +6549,7 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s)

  }
  #endif
  
+out:

  /* Advance to the next instruction.  */
  s->base.pc_next = s->pc_tmp;
  return ret;



Reviewed-by: David Hildenbrand 

--
Thanks,

David / dhildenb

Re: [PATCH v3 5/8] target/riscv: Implementation of enhanced PMP (ePMP)

2021-04-14 Thread Bin Meng 
Hi Alistair,

On Tue, Apr 13, 2021 at 10:42 AM Alistair Francis
 wrote:
>
> From: Hou Weiying 
>
> This commit adds support for ePMP v0.9.1.
>
> The ePMP spec can be found in:
> https://docs.google.com/document/d/1Mh_aiHYxemL0umN3GTTw8vsbmzHZ_nxZXgjgOUzbvc8
>
> Signed-off-by: Hongzheng-Li 
> Signed-off-by: Hou Weiying 
> Signed-off-by: Myriad-Dreamin 
> Message-Id: 
> 
> [ Changes by AF:
>  - Rebase on master
>  - Update to latest spec
>  - Use a switch case to handle ePMP MML permissions
>  - Fix a few bugs
> ]
> Signed-off-by: Alistair Francis 
> ---
>  target/riscv/pmp.c | 164 +
>  1 file changed, 152 insertions(+), 12 deletions(-)
>
> diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
> index e35988eec2..00f91d074f 100644
> --- a/target/riscv/pmp.c
> +++ b/target/riscv/pmp.c
> @@ -90,11 +90,42 @@ static inline uint8_t pmp_read_cfg(CPURISCVState *env, 
> uint32_t pmp_index)
>  static void pmp_write_cfg(CPURISCVState *env, uint32_t pmp_index, uint8_t 
> val)
>  {
>  if (pmp_index < MAX_RISCV_PMPS) {
> -if (!pmp_is_locked(env, pmp_index)) {
> -env->pmp_state.pmp[pmp_index].cfg_reg = val;
> -pmp_update_rule(env, pmp_index);
> +bool locked = true;
> +
> +if (riscv_feature(env, RISCV_FEATURE_EPMP)) {
> +/* mseccfg.RLB is set */
> +if (MSECCFG_RLB_ISSET(env)) {
> +locked = false;
> +}
> +
> +/* mseccfg.MML is not set */
> +if (!MSECCFG_MML_ISSET(env) && !pmp_is_locked(env, pmp_index)) {
> +locked = false;
> +}
> +
> +/* mseccfg.MML is set */
> +if (MSECCFG_MML_ISSET(env)) {
> +/* not adding execute bit */
> +if ((val & PMP_LOCK) != 0 && (val & PMP_EXEC) != PMP_EXEC) {
> +locked = false;
> +}
> +/* shared region and not adding X bit */
> +if ((val & PMP_LOCK) != PMP_LOCK &&
> +(val & 0x7) != (PMP_WRITE | PMP_EXEC)) {
> +locked = false;
> +}
> +}
>  } else {
> +if (!pmp_is_locked(env, pmp_index)) {
> +locked = false;
> +}
> +}
> +
> +if (locked) {
>  qemu_log_mask(LOG_GUEST_ERROR, "ignoring pmpcfg write - 
> locked\n");
> +} else {
> +env->pmp_state.pmp[pmp_index].cfg_reg = val;
> +pmp_update_rule(env, pmp_index);
>  }
>  } else {
>  qemu_log_mask(LOG_GUEST_ERROR,
> @@ -217,6 +248,32 @@ static bool pmp_hart_has_privs_default(CPURISCVState 
> *env, target_ulong addr,
>  {
>  bool ret;
>
> +if (riscv_feature(env, RISCV_FEATURE_EPMP)) {
> +if (MSECCFG_MMWP_ISSET(env)) {
> +/*
> + * The Machine Mode Whitelist Policy (mseccfg.MMWP) is set
> + * so we default to deny all, even for M-mode.
> + */
> +*allowed_privs = 0;
> +return false;
> +} else if (MSECCFG_MML_ISSET(env)) {
> +/*
> + * The Machine Mode Lockdown (mseccfg.MML) bit is set
> + * so we can only execute code in M-mode with an applicable
> + * rule. Other modes are disabled.
> + */
> +if (mode == PRV_M && !(privs & PMP_EXEC)) {
> +ret = true;
> +*allowed_privs = PMP_READ | PMP_WRITE;
> +} else {
> +ret = false;
> +*allowed_privs = 0;
> +}
> +
> +return ret;
> +}
> +}
> +
>  if ((!riscv_feature(env, RISCV_FEATURE_PMP)) || (mode == PRV_M)) {
>  /*
>   * Privileged spec v1.10 states if HW doesn't implement any PMP entry
> @@ -294,13 +351,94 @@ bool pmp_hart_has_privs(CPURISCVState *env, 
> target_ulong addr,
>  pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg);
>
>  /*
> - * If the PMP entry is not off and the address is in range, do the 
> priv
> - * check
> + * Convert the PMP permissions to match the truth table in the
> + * ePMP spec.
>   */
> +const uint8_t epmp_operation =
> +((env->pmp_state.pmp[i].cfg_reg & PMP_LOCK) >> 4) |
> +((env->pmp_state.pmp[i].cfg_reg & PMP_READ) << 2) |
> +(env->pmp_state.pmp[i].cfg_reg & PMP_WRITE) |
> +((env->pmp_state.pmp[i].cfg_reg & PMP_EXEC) >> 2);
> +
>  if (((s + e) == 2) && (PMP_AMATCH_OFF != a_field)) {
> -*allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC;
> -if ((mode != PRV_M) || pmp_is_locked(env, i)) {
> -*allowed_privs &= env->pmp_state.pmp[i].cfg_reg;
> +/*
> + * If the PMP entry is not off and the address is in range,
> + * do the priv check
> + */
> +if (!MSECCFG_MML_ISSET(env)) {
> +

Re: [PATCH v2 1/9] target/riscv: Remove the hardcoded RVXLEN macro

2021-04-14 Thread Bin Meng 
On Wed, Apr 14, 2021 at 7:33 AM Alistair Francis
 wrote:
>
> Signed-off-by: Alistair Francis 
> Reviewed-by: Richard Henderson 
> ---
>  target/riscv/cpu.h | 6 --
>  target/riscv/cpu.c | 6 +-
>  2 files changed, 5 insertions(+), 7 deletions(-)
>

Reviewed-by: Bin Meng

Re: [PATCH v2 2/9] target/riscv: Remove the hardcoded SSTATUS_SD macro

2021-04-14 Thread Bin Meng 
On Wed, Apr 14, 2021 at 7:33 AM Alistair Francis
 wrote:
>

Worth mentioning that this also fixed the issue of a writable SD bit

> Signed-off-by: Alistair Francis 
> Reviewed-by: Richard Henderson 
> ---
>  target/riscv/cpu_bits.h | 6 --
>  target/riscv/csr.c  | 9 -
>  2 files changed, 8 insertions(+), 7 deletions(-)
>

Otherwise,
Reviewed-by: Bin Meng

Re: [PATCH v2 7/9] target/riscv: Remove an unused CASE_OP_32_64 macro

2021-04-14 Thread Bin Meng 
On Wed, Apr 14, 2021 at 7:34 AM Alistair Francis
 wrote:
>
> Signed-off-by: Alistair Francis 
> Reviewed-by: Richard Henderson 
> ---
>  target/riscv/translate.c | 6 --
>  1 file changed, 6 deletions(-)
>

Reviewed-by: Bin Meng

Re: [PATCH v2 3/9] target/riscv: Remove the hardcoded HGATP_MODE macro

2021-04-14 Thread Bin Meng 
On Wed, Apr 14, 2021 at 7:34 AM Alistair Francis
 wrote:
>
> Signed-off-by: Alistair Francis 
> Reviewed-by: Richard Henderson 
> ---
>  target/riscv/cpu_bits.h   | 11 ---
>  target/riscv/cpu_helper.c | 24 +++-
>  2 files changed, 15 insertions(+), 20 deletions(-)
>

Reviewed-by: Bin Meng

Re: [PATCH v2 6/9] target/riscv: Remove the unused HSTATUS_WPRI macro

2021-04-14 Thread Bin Meng 
On Wed, Apr 14, 2021 at 7:34 AM Alistair Francis
 wrote:
>
> Signed-off-by: Alistair Francis 
> Reviewed-by: Richard Henderson 
> ---
>  target/riscv/cpu_bits.h | 6 --
>  1 file changed, 6 deletions(-)
>

Reviewed-by: Bin Meng

Re: [RFC v9 15/29] vfio: Set up nested stage mappings

2021-04-14 Thread Auger Eric 
Hi Kunkun,

On 4/14/21 3:45 AM, Kunkun Jiang wrote:
> On 2021/4/13 20:57, Auger Eric wrote:
>> Hi Kunkun,
>>
>> On 4/13/21 2:10 PM, Kunkun Jiang wrote:
>>> Hi Eric,
>>>
>>> On 2021/4/11 20:08, Eric Auger wrote:
 In nested mode, legacy vfio_iommu_map_notify cannot be used as
 there is no "caching" mode and we do not trap on map.

 On Intel, vfio_iommu_map_notify was used to DMA map the RAM
 through the host single stage.

 With nested mode, we need to setup the stage 2 and the stage 1
 separately. This patch introduces a prereg_listener to setup
 the stage 2 mapping.

 The stage 1 mapping, owned by the guest, is passed to the host
 when the guest invalidates the stage 1 configuration, through
 a dedicated PCIPASIDOps callback. Guest IOTLB invalidations
 are cascaded downto the host through another IOMMU MR UNMAP
 notifier.

 Signed-off-by: Eric Auger 

 ---

 v7 -> v8:
 - properly handle new IOMMUTLBEntry fields and especially
     propagate DOMAIN and PASID based invalidations

 v6 -> v7:
 - remove PASID based invalidation

 v5 -> v6:
 - add error_report_err()
 - remove the abort in case of nested stage case

 v4 -> v5:
 - use VFIO_IOMMU_SET_PASID_TABLE
 - use PCIPASIDOps for config notification

 v3 -> v4:
 - use iommu_inv_pasid_info for ASID invalidation

 v2 -> v3:
 - use VFIO_IOMMU_ATTACH_PASID_TABLE
 - new user API
 - handle leaf

 v1 -> v2:
 - adapt to uapi changes
 - pass the asid
 - pass IOMMU_NOTIFIER_S1_CFG when initializing the config notifier
 ---
    hw/vfio/common.c | 139
 +--
    hw/vfio/pci.c    |  21 +++
    hw/vfio/trace-events |   2 +
    3 files changed, 157 insertions(+), 5 deletions(-)

 diff --git a/hw/vfio/common.c b/hw/vfio/common.c
 index 0cd7ef2139..e369d451e7 100644
 --- a/hw/vfio/common.c
 +++ b/hw/vfio/common.c
 @@ -595,6 +595,73 @@ static bool vfio_get_xlat_addr(IOMMUTLBEntry
 *iotlb, void **vaddr,
    return true;
    }
    +/* Propagate a guest IOTLB invalidation to the host (nested
 mode) */
 +static void vfio_iommu_unmap_notify(IOMMUNotifier *n, IOMMUTLBEntry
 *iotlb)
 +{
 +    VFIOGuestIOMMU *giommu = container_of(n, VFIOGuestIOMMU, n);
 +    struct vfio_iommu_type1_cache_invalidate ustruct = {};
 +    VFIOContainer *container = giommu->container;
 +    int ret;
 +
 +    assert(iotlb->perm == IOMMU_NONE);
 +
 +    ustruct.argsz = sizeof(ustruct);
 +    ustruct.flags = 0;
 +    ustruct.info.argsz = sizeof(struct iommu_cache_invalidate_info);
 +    ustruct.info.version = IOMMU_CACHE_INVALIDATE_INFO_VERSION_1;
 +    ustruct.info.cache = IOMMU_CACHE_INV_TYPE_IOTLB;
 +
 +    switch (iotlb->granularity) {
 +    case IOMMU_INV_GRAN_DOMAIN:
 +    ustruct.info.granularity = IOMMU_INV_GRANU_DOMAIN;
 +    break;
 +    case IOMMU_INV_GRAN_PASID:
 +    {
 +    struct iommu_inv_pasid_info *pasid_info;
 +    int archid = -1;
 +
 +    pasid_info = &ustruct.info.granu.pasid_info;
 +    ustruct.info.granularity = IOMMU_INV_GRANU_PASID;
 +    if (iotlb->flags & IOMMU_INV_FLAGS_ARCHID) {
 +    pasid_info->flags |= IOMMU_INV_ADDR_FLAGS_ARCHID;
 +    archid = iotlb->arch_id;
 +    }
 +    pasid_info->archid = archid;
 +    trace_vfio_iommu_asid_inv_iotlb(archid);
 +    break;
 +    }
 +    case IOMMU_INV_GRAN_ADDR:
 +    {
 +    hwaddr start = iotlb->iova + giommu->iommu_offset;
 +    struct iommu_inv_addr_info *addr_info;
 +    size_t size = iotlb->addr_mask + 1;
 +    int archid = -1;
 +
 +    addr_info = &ustruct.info.granu.addr_info;
 +    ustruct.info.granularity = IOMMU_INV_GRANU_ADDR;
 +    if (iotlb->leaf) {
 +    addr_info->flags |= IOMMU_INV_ADDR_FLAGS_LEAF;
 +    }
 +    if (iotlb->flags & IOMMU_INV_FLAGS_ARCHID) {
 +    addr_info->flags |= IOMMU_INV_ADDR_FLAGS_ARCHID;
 +    archid = iotlb->arch_id;
 +    }
 +    addr_info->archid = archid;
 +    addr_info->addr = start;
 +    addr_info->granule_size = size;
 +    addr_info->nb_granules = 1;
 +    trace_vfio_iommu_addr_inv_iotlb(archid, start, size,
 +    1, iotlb->leaf);
 +    break;
 +    }
>>> Should we pass a size to  host kernel here, even if vSMMU doesn't
>>> support
>>> RIL or guest kernel doesn't use RIL?
>>>
>>> It will cause TLBI issue in  this scenario: Guest kernel issues a
>>> TLBI cmd
>>> without "range" (tg = 0) to invalidate a 2M huge page. Then qemu passed
>>> the iova and size (4K) to host kernel

Re: [PATCH v2 5/9] target/riscv: Remove the hardcoded SATP_MODE macro

2021-04-14 Thread Bin Meng 
On Wed, Apr 14, 2021 at 7:34 AM Alistair Francis
 wrote:
>
> Signed-off-by: Alistair Francis 
> ---
>  target/riscv/cpu_bits.h   | 11 ---
>  target/riscv/cpu_helper.c | 24 ++--
>  target/riscv/csr.c| 20 
>  target/riscv/monitor.c| 22 +-
>  4 files changed, 51 insertions(+), 26 deletions(-)
>
> diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
> index dd643d0f63..6a816ce9c2 100644
> --- a/target/riscv/cpu_bits.h
> +++ b/target/riscv/cpu_bits.h
> @@ -452,17 +452,6 @@
>  #define SATP64_ASID 0x0000ULL
>  #define SATP64_PPN  0x0FFFULL
>
> -#if defined(TARGET_RISCV32)
> -#define SATP_MODE   SATP32_MODE
> -#define SATP_ASID   SATP32_ASID
> -#define SATP_PPNSATP32_PPN
> -#endif
> -#if defined(TARGET_RISCV64)
> -#define SATP_MODE   SATP64_MODE
> -#define SATP_ASID   SATP64_ASID
> -#define SATP_PPNSATP64_PPN
> -#endif
> -
>  /* VM modes (mstatus.vm) privileged ISA 1.9.1 */
>  #define VM_1_09_MBARE   0
>  #define VM_1_09_MBB 1
> diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
> index b065ddb681..e5e9339458 100644
> --- a/target/riscv/cpu_helper.c
> +++ b/target/riscv/cpu_helper.c
> @@ -403,11 +403,21 @@ static int get_physical_address(CPURISCVState *env, 
> hwaddr *physical,
>
>  if (first_stage == true) {
>  if (use_background) {
> -base = (hwaddr)get_field(env->vsatp, SATP_PPN) << PGSHIFT;
> -vm = get_field(env->vsatp, SATP_MODE);
> +if (riscv_cpu_is_32bit(env)) {
> +base = (hwaddr)get_field(env->vsatp, SATP32_PPN) << PGSHIFT;
> +vm = get_field(env->vsatp, SATP32_MODE);
> +} else {
> +base = (hwaddr)get_field(env->vsatp, SATP64_PPN) << PGSHIFT;
> +vm = get_field(env->vsatp, SATP64_MODE);
> +}
>  } else {
> -base = (hwaddr)get_field(env->satp, SATP_PPN) << PGSHIFT;
> -vm = get_field(env->satp, SATP_MODE);
> +if (riscv_cpu_is_32bit(env)) {
> +base = (hwaddr)get_field(env->satp, SATP32_PPN) << PGSHIFT;
> +vm = get_field(env->satp, SATP32_MODE);
> +} else {
> +base = (hwaddr)get_field(env->satp, SATP64_PPN) << PGSHIFT;
> +vm = get_field(env->satp, SATP64_MODE);
> +}
>  }
>  widened = 0;
>  } else {
> @@ -622,8 +632,10 @@ static void raise_mmu_exception(CPURISCVState *env, 
> target_ulong address,
>  CPUState *cs = env_cpu(env);
>  int page_fault_exceptions, vm;
>
> -if (first_stage) {
> -vm = get_field(env->satp, SATP_MODE);
> +if (first_stage && riscv_cpu_is_32bit(env)) {
> +vm = get_field(env->satp, SATP32_MODE);
> +} else if (first_stage) {
> +vm = get_field(env->satp, SATP64_MODE);
>  } else if (riscv_cpu_is_32bit(env)) {
>  vm = get_field(env->hgatp, SATP32_MODE);
>  } else {

This block can be simplified by something like this:

if (riscv_cpu_is_32bit(env))
stap_mode = SATP32_MODE;
else
stap_mode = SATP64_MODE;

if (first_stage)
vm = get_field(env->satp, stap_mode);
else
vm = get_field(env->hgatp, stap_mode);

> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> index 6052b2d6e9..8abfe33b29 100644
> --- a/target/riscv/csr.c
> +++ b/target/riscv/csr.c
> @@ -927,21 +927,33 @@ static int read_satp(CPURISCVState *env, int csrno, 
> target_ulong *val)
>
>  static int write_satp(CPURISCVState *env, int csrno, target_ulong val)
>  {
> +int vm, mask, asid;
> +
>  if (!riscv_feature(env, RISCV_FEATURE_MMU)) {
>  return 0;
>  }
> -if (validate_vm(env, get_field(val, SATP_MODE)) &&
> -((val ^ env->satp) & (SATP_MODE | SATP_ASID | SATP_PPN)))
> -{
> +
> +if (riscv_cpu_is_32bit(env)) {
> +vm = validate_vm(env, get_field(val, SATP32_MODE));
> +mask = (val ^ env->satp) & (SATP32_MODE | SATP32_ASID | SATP32_PPN);
> +asid = (val ^ env->satp) & SATP32_ASID;
> +} else {
> +vm = validate_vm(env, get_field(val, SATP64_MODE));
> +mask = (val ^ env->satp) & (SATP64_MODE | SATP64_ASID | SATP64_PPN);
> +asid = (val ^ env->satp) & SATP64_ASID;
> +}
> +
> +if (vm && mask) {
>  if (env->priv == PRV_S && get_field(env->mstatus, MSTATUS_TVM)) {
>  return -RISCV_EXCP_ILLEGAL_INST;
>  } else {
> -if ((val ^ env->satp) & SATP_ASID) {
> +if (asid) {
>  tlb_flush(env_cpu(env));
>  }
>  env->satp = val;
>  }
>  }
> +
>  return 0;
>  }
>
> diff --git a/target/riscv/monitor.c b/target/riscv/monitor.c
> index e51188f919..f7e6ea72b3 100644
> --- a/target/riscv/monitor.c
> +++ b/target/riscv/monitor.c
> @@ -150,9 +150,14 @@ static void mem_i

[RFC PATCH 1/5] tests/docker/dockerfiles: Add ccache to containers where it was missing

2021-04-14 Thread Thomas Huth 
We're going to enable ccache in our gitlab-CI. Make sure that it is
available in all containers.

Signed-off-by: Thomas Huth 
---
 tests/docker/dockerfiles/alpine.docker | 1 +
 tests/docker/dockerfiles/fedora-i386-cross.docker  | 1 +
 tests/docker/dockerfiles/fedora-win32-cross.docker | 1 +
 tests/docker/dockerfiles/fedora-win64-cross.docker | 1 +
 tests/docker/dockerfiles/opensuse-leap.docker  | 1 +
 5 files changed, 5 insertions(+)

diff --git a/tests/docker/dockerfiles/alpine.docker 
b/tests/docker/dockerfiles/alpine.docker
index d63a269aef..a1ef408a6a 100644
--- a/tests/docker/dockerfiles/alpine.docker
+++ b/tests/docker/dockerfiles/alpine.docker
@@ -9,6 +9,7 @@ ENV PACKAGES \
alsa-lib-dev \
bash \
binutils \
+   ccache \
coreutils \
curl-dev \
g++ \
diff --git a/tests/docker/dockerfiles/fedora-i386-cross.docker 
b/tests/docker/dockerfiles/fedora-i386-cross.docker
index 966072c08e..66cdb06c19 100644
--- a/tests/docker/dockerfiles/fedora-i386-cross.docker
+++ b/tests/docker/dockerfiles/fedora-i386-cross.docker
@@ -1,6 +1,7 @@
 FROM fedora:33
 ENV PACKAGES \
 bzip2 \
+ccache \
 diffutils \
 findutils \
 gcc \
diff --git a/tests/docker/dockerfiles/fedora-win32-cross.docker 
b/tests/docker/dockerfiles/fedora-win32-cross.docker
index 81b5659e9c..3733df63e9 100644
--- a/tests/docker/dockerfiles/fedora-win32-cross.docker
+++ b/tests/docker/dockerfiles/fedora-win32-cross.docker
@@ -4,6 +4,7 @@ FROM fedora:33
 ENV PACKAGES \
 bc \
 bzip2 \
+ccache \
 diffutils \
 findutils \
 gcc \
diff --git a/tests/docker/dockerfiles/fedora-win64-cross.docker 
b/tests/docker/dockerfiles/fedora-win64-cross.docker
index bcb428e724..2564ce4979 100644
--- a/tests/docker/dockerfiles/fedora-win64-cross.docker
+++ b/tests/docker/dockerfiles/fedora-win64-cross.docker
@@ -4,6 +4,7 @@ FROM fedora:33
 ENV PACKAGES \
 bc \
 bzip2 \
+ccache \
 diffutils \
 findutils \
 gcc \
diff --git a/tests/docker/dockerfiles/opensuse-leap.docker 
b/tests/docker/dockerfiles/opensuse-leap.docker
index 0e64893e4a..f7e1cbfbe6 100644
--- a/tests/docker/dockerfiles/opensuse-leap.docker
+++ b/tests/docker/dockerfiles/opensuse-leap.docker
@@ -5,6 +5,7 @@ ENV PACKAGES \
 bc \
 brlapi-devel \
 bzip2 \
+ccache \
 cyrus-sasl-devel \
 gcc \
 gcc-c++ \
-- 
2.27.0

[RFC PATCH 0/5] Use ccache in the gitlab-CI

2021-04-14 Thread Thomas Huth 
Here are some patches to enable ccache in the gitlab-CI. Using the
compiler cache can speed up some of the jobs in the CI by avoiding
to recompile the same sources again and again. With this patch series,
some jobs indeed get quite a bit faster. For example "build-system-fedora"
goes down from 29 minutes (https://gitlab.com/thuth/qemu/-/jobs/1168149051)
to 12 minutes (https://gitlab.com/thuth/qemu/-/jobs/1175479324) in the
best case.
However, and that's why I've marked this series still as RFC, there
are some jobs which refuse to improve much, for example the *-cfi-* jobs
are still running for a long time, see e.g.:

 https://gitlab.com/thuth/qemu/-/jobs/1168149079 (50 minutes on master)
 https://gitlab.com/thuth/qemu/-/jobs/1175479342 (43 minutes with ccache)

Thus the overall run time did not improve very much yet.

Additionally, the jobs are sometimes running even slower, e.g. if the
cache has not been populated yet or if there are a lot of cache misses,
and I've seen some jobs hitting the 60 min time limit because of this.
And I've even seen two or three jobs failing intermittendly with a
crashing test, e.g.:

 https://gitlab.com/thuth/qemu/-/jobs/1175479336

Not sure whether that's related to some bad caching of ccache, or
whether it's something that also occurs on the master branch recently?
Has anybody else experienced such a problem?

Thus this series is RFC only - in case somebody else wants to play
with it and help to improve it, you're very welcome!

Thomas Huth (5):
  tests/docker/dockerfiles: Add ccache to containers where it was
missing
  tests/docker/dockerfiles/ubuntu2004: Add missing symlink for cc
  gitlab-ci.d/crossbuilds: Limit the amount of targets in the
cross-win64 build
  gitlab-ci.yml: Compile with ccache enabled
  gitlab-ci.d/crossbuilds.yml: Enable compilation with ccache

 .gitlab-ci.d/crossbuilds.yml  | 34 +++
 .gitlab-ci.yml| 20 +++
 tests/docker/dockerfiles/alpine.docker|  1 +
 .../dockerfiles/fedora-i386-cross.docker  |  1 +
 .../dockerfiles/fedora-win32-cross.docker |  1 +
 .../dockerfiles/fedora-win64-cross.docker |  1 +
 tests/docker/dockerfiles/opensuse-leap.docker |  1 +
 tests/docker/dockerfiles/ubuntu2004.docker|  3 ++
 8 files changed, 62 insertions(+)

-- 
2.27.0

[RFC PATCH 2/5] tests/docker/dockerfiles/ubuntu2004: Add missing symlink for cc

2021-04-14 Thread Thomas Huth 
For some reasons, the "cc" symlink is missing in Ubuntu 20.04.
Add it manually.

Signed-off-by: Thomas Huth 
---
 tests/docker/dockerfiles/ubuntu2004.docker | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/docker/dockerfiles/ubuntu2004.docker 
b/tests/docker/dockerfiles/ubuntu2004.docker
index 9750016e51..e1b309e313 100644
--- a/tests/docker/dockerfiles/ubuntu2004.docker
+++ b/tests/docker/dockerfiles/ubuntu2004.docker
@@ -74,3 +74,6 @@ ENV FEATURES clang tsan pyyaml sdl2
 # Apply patch https://reviews.llvm.org/D75820
 # This is required for TSan in clang-10 to compile with QEMU.
 RUN sed -i 's/^const/static const/g' 
/usr/lib/llvm-10/lib/clang/10.0.0/include/sanitizer/tsan_interface.h
+
+# The symlink for cc is missing on Ubuntu
+RUN cd /usr/lib/ccache && ln -s ../../bin/ccache cc
-- 
2.27.0

[RFC PATCH 5/5] gitlab-ci.d/crossbuilds.yml: Enable compilation with ccache

2021-04-14 Thread Thomas Huth 
Ccache can speed up the compilation in some cases, so enable it for
our cross-compilation CI builds, too.

Signed-off-by: Thomas Huth 
---
 .gitlab-ci.d/crossbuilds.yml | 28 
 1 file changed, 28 insertions(+)

diff --git a/.gitlab-ci.d/crossbuilds.yml b/.gitlab-ci.d/crossbuilds.yml
index 017731a894..dee327a936 100644
--- a/.gitlab-ci.d/crossbuilds.yml
+++ b/.gitlab-ci.d/crossbuilds.yml
@@ -1,4 +1,26 @@
+
+.ccache_cross_setup:
+  cache:
+key: "$CI_JOB_NAME"
+paths:
+  - ccache
+  before_script:
+- mkdir -p ccache
+- if command -v ccache ; then
+export CCACHE_BASEDIR=${PWD} ;
+export CCACHE_DIR=${PWD}/ccache ;
+export CCACHE_MAXSIZE="1G" ;
+if [ -e /usr/lib/ccache ]; then
+  export PATH=/usr/lib/ccache:$PATH ;
+fi ;
+if [ -e /usr/lib64/ccache ]; then
+  export PATH=/usr/lib64/ccache:$PATH ;
+fi ;
+ccache --zero-stats ;
+  fi
+
 .cross_system_build_job:
+  extends: .ccache_cross_setup
   stage: build
   image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
   timeout: 80m
@@ -11,6 +33,7 @@
   i386-softmmu microblaze-softmmu mips-softmmu mipsel-softmmu
   mips64-softmmu ppc-softmmu sh4-softmmu xtensa-softmmu"
 - make -j$(expr $(nproc) + 1) all check-build $MAKE_CHECK_ARGS
+- if command -v ccache ; then ccache --show-stats ; fi
 
 # Job to cross-build specific accelerators.
 #
@@ -18,6 +41,7 @@
 # KVM), and set extra options (such disabling other accelerators) via the
 # $ACCEL_CONFIGURE_OPTS variable.
 .cross_accel_build_job:
+  extends: .ccache_cross_setup
   stage: build
   image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
   timeout: 30m
@@ -28,8 +52,10 @@
   ../configure --enable-werror --disable-docs $QEMU_CONFIGURE_OPTS
 --disable-tools --enable-${ACCEL:-kvm} $ACCEL_CONFIGURE_OPTS
 - make -j$(expr $(nproc) + 1) all check-build
+- if command -v ccache ; then ccache --show-stats ; fi
 
 .cross_user_build_job:
+  extends: .ccache_cross_setup
   stage: build
   image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
   script:
@@ -39,6 +65,7 @@
   ../configure --enable-werror --disable-docs $QEMU_CONFIGURE_OPTS
 --disable-system
 - make -j$(expr $(nproc) + 1) all check-build $MAKE_CHECK_ARGS
+- if command -v ccache ; then ccache --show-stats ; fi
 
 cross-armel-system:
   extends: .cross_system_build_job
@@ -195,6 +222,7 @@ cross-win64-system:
 --target-list="cris-softmmu x86_64-softmmu microblaze-softmmu
   mipsel-softmmu mips64-softmmu ppc-softmmu sh4-softmmu xtensa-softmmu"
 - make -j$(expr $(nproc) + 1) all check-build
+- if command -v ccache ; then ccache --show-stats ; fi
 
 cross-amd64-xen-only:
   extends: .cross_accel_build_job
-- 
2.27.0

[RFC PATCH 3/5] gitlab-ci.d/crossbuilds: Limit the amount of targets in the cross-win64 build

2021-04-14 Thread Thomas Huth 
The cross-win64-system job is one of the slowest in our gitlab-ci.
With the upcoming changes that introduce ccache, it might even get
slower initially as long as the cache is not populated yet. Thus
let's limit the amount of targets that we build here even further
to avoid that we might hit the 80 minutes timeout here. Most of the
others targets are already covered by the win32 job anyway.

Signed-off-by: Thomas Huth 
---
 .gitlab-ci.d/crossbuilds.yml | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/.gitlab-ci.d/crossbuilds.yml b/.gitlab-ci.d/crossbuilds.yml
index 2d95784ed5..017731a894 100644
--- a/.gitlab-ci.d/crossbuilds.yml
+++ b/.gitlab-ci.d/crossbuilds.yml
@@ -189,6 +189,12 @@ cross-win64-system:
 job: win64-fedora-cross-container
   variables:
 IMAGE: fedora-win64-cross
+  script:
+- PKG_CONFIG_PATH=$PKG_CONFIG_PATH
+  ./configure --enable-werror --disable-docs $QEMU_CONFIGURE_OPTS
+--target-list="cris-softmmu x86_64-softmmu microblaze-softmmu
+  mipsel-softmmu mips64-softmmu ppc-softmmu sh4-softmmu xtensa-softmmu"
+- make -j$(expr $(nproc) + 1) all check-build
 
 cross-amd64-xen-only:
   extends: .cross_accel_build_job
-- 
2.27.0

[RFC PATCH 4/5] gitlab-ci.yml: Compile with ccache enabled

2021-04-14 Thread Thomas Huth 
Ccache can speed up the compilation in some cases, so enable it for
our CI builds, too.

Signed-off-by: Thomas Huth 
---
 .gitlab-ci.yml | 20 
 1 file changed, 20 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 52d65d6c04..422608381e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -18,7 +18,26 @@ include:
   image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
   before_script:
 - JOBS=$(expr $(nproc) + 1)
+  cache:
+key: "$CI_JOB_NAME"
+paths:
+  - ccache
   script:
+- mkdir -p ccache
+- if command -v ccache ; then
+export CCACHE_BASEDIR=${PWD} ;
+export CCACHE_DIR=${PWD}/ccache ;
+export CCACHE_MAXSIZE="1G" ;
+export CCACHE_COMPILERCHECK=content ;
+if [ -e /usr/lib/ccache/bin ]; then
+  export PATH=/usr/lib/ccache/bin:$PATH ;
+elif [ -e /usr/lib/ccache ]; then
+  export PATH=/usr/lib/ccache:$PATH ;
+elif [ -e /usr/lib64/ccache ]; then
+  export PATH=/usr/lib64/ccache:$PATH ;
+fi ;
+ccache --zero-stats ;
+  fi
 - mkdir build
 - cd build
 - if test -n "$TARGETS";
@@ -36,6 +55,7 @@ include:
   then
 make -j"$JOBS" $MAKE_CHECK_ARGS ;
   fi
+- if command -v ccache ; then ccache --show-stats ; fi
 
 .native_test_job_template: &native_test_job_definition
   stage: test
-- 
2.27.0

Re: [PATCH RFC 0/7] RFC: Asynchronous QMP Draft

2021-04-14 Thread Stefan Hajnoczi 
Below are the API docs that I found helpful for understanding the big
picture.

The QMP.execute() API is nice.

Regarding QMP events, I can think of two approaches:
1. Callbacks
2. An async get_event(name=Optional[str]) -> object API
   (plus get_event_nowait(name=Optional[str]) -> object)

(There's probably a third approach using async iterators but it's
similar to get_event().)

Both approaches are useful. The first is good in larger asynchronous
applications that perform many tasks concurrently. The second is good
when there is just one specific thing to do, like waiting for a block
job to complete.

My general impression is that the public API is nice and usable but the
implementation is complex and risks discouraging other people from
hacking on the code. There are too many abstractions and while it's
highly structured, there is a cost to having all this infrastructure. I
think simplifying it would make it easier for others to understand and
contribute to the code.

Ideas: open code or inline simple things instead of defining
abstractions that only have 1 user, drop the pydantic models, drop
classes that just wrap things like Message and the exception hierarchy,
combine protocol and qmp_protocol.

Things that might be worth adding:
1. File descriptor passing support.
2. Introspection support to easily check if a command/feature is
   available. Users can do this manually by sending QMP commands and
   interpreting the response, but this may be common enough to warrant a
   friendly API.

Help on module qmp.qmp_protocol in qmp:

NAME
qmp.qmp_protocol - QMP Client Implementation

DESCRIPTION
This module provides the QMP class, which can be used to connect and
send commands to a QMP server such as QEMU. The QMP class can be used to
either connect to a listening server, or used to listen and accept an
incoming connection from the server.

CLASSES
qmp.error.AQMPError(builtins.Exception)
ExecuteError
qmp.protocol.AsyncProtocol(typing.Generic)
QMP

class ExecuteError(qmp.error.AQMPError)
 |  ExecuteError(sent: qmp.message.Message, received: qmp.message.Message, 
error: qmp.models.ErrorInfo)
 |  
 |  Execution statement returned failure.
 |  
 |  Method resolution order:
 |  ExecuteError
 |  qmp.error.AQMPError
 |  builtins.Exception
 |  builtins.BaseException
 |  builtins.object
 |  
 |  Methods defined here:
 |  
 |  __init__(self, sent: qmp.message.Message, received: 
qmp.message.Message, error: qmp.models.ErrorInfo)
 |  Initialize self.  See help(type(self)) for accurate signature.
 |  
 |  __str__(self) -> str
 |  Return str(self).
 |  
 |  --
 |  Data descriptors inherited from qmp.error.AQMPError:
 |  
 |  __weakref__
 |  list of weak references to the object (if defined)
 |  
 |  --
 |  Static methods inherited from builtins.Exception:
 |  
 |  __new__(*args, **kwargs) from builtins.type
 |  Create and return a new object.  See help(type) for accurate 
signature.
 |  
 |  --
 |  Methods inherited from builtins.BaseException:
 |  
 |  __delattr__(self, name, /)
 |  Implement delattr(self, name).
 |  
 |  __getattribute__(self, name, /)
 |  Return getattr(self, name).
 |  
 |  __reduce__(...)
 |  Helper for pickle.
 |  
 |  __repr__(self, /)
 |  Return repr(self).
 |  
 |  __setattr__(self, name, value, /)
 |  Implement setattr(self, name, value).
 |  
 |  __setstate__(...)
 |  
 |  with_traceback(...)
 |  Exception.with_traceback(tb) --
 |  set self.__traceback__ to tb and return self.
 |  
 |  --
 |  Data descriptors inherited from builtins.BaseException:
 |  
 |  __cause__
 |  exception cause
 |  
 |  __context__
 |  exception context
 |  
 |  __dict__
 |  
 |  __suppress_context__
 |  
 |  __traceback__
 |  
 |  args

class QMP(qmp.protocol.AsyncProtocol)
 |  QMP(name: Optional[str] = None) -> None
 |  
 |  Implements a QMP connection to/from the server.
 |  
 |  Basic usage looks like this::
 |  
 |qmp = QMP('my_virtual_machine_name')
 |await qmp.connect(('127.0.0.1', 1234))
 |...
 |res = await qmp.execute('block-query')
 |...
 |await qmp.disconnect()
 |  
 |  :param name: Optional nickname for the connection, used for logging.
 |  
 |  Method resolution order:
 |  QMP
 |  qmp.protocol.AsyncProtocol
 |  typing.Gen

Re: [PATCH RFC 6/7] qmp_protocol: add QMP client implementation

2021-04-14 Thread Stefan Hajnoczi 
On Tue, Apr 13, 2021 at 11:55:52AM -0400, John Snow wrote:
> +async def _execute(self, msg: Message) -> object:
> +"""
> +The same as `execute_msg()`, but without safety mechanisms.
> +
> +Does not assign an execution ID and does not check that the form
> +of the message being sent is valid.
> +
> +This method *Requires* an 'id' parameter to be set on the
> +message, it will not set one for you like `execute()` or
> +`execute_msg()`.
> +
> +Do not use "__aqmp#0" style IDs, use something else to avoid
> +potential clashes. If this ID clashes with an ID presently
> +in-use or otherwise clashes with the auto-generated IDs, the
> +response routing mechanisms in _on_message may very well fail
> +loudly enough to cause the entire loop to crash.
> +
> +The ID should be a str; or at least something JSON
> +serializable. It *must* be hashable.
> +"""
> +exec_id = cast(str, msg['id'])
> +self.logger.debug("Execute(%s): '%s'", exec_id,
> +  msg.get('execute', msg.get('exec-oob')))
> +
> +queue: asyncio.Queue[Message] = asyncio.Queue(maxsize=1)
> +task = create_task(self._bh_execute(msg, queue))

We're already in a coroutine, can we await queue.get() ourselves instead
of creating a new task?

I guess this is done in order to use Task.cancel() in _bh_disconnect()
but it seems simpler to use queue both for success and cancellation.
Fewer tasks are easier to reason about.


signature.asc
Description: PGP signature

Re: [Virtio-fs] [PATCH] vhost-user-fs: fix features handling

2021-04-14 Thread Stefan Hajnoczi 
On Tue, Apr 13, 2021 at 09:35:34AM -0400, Vivek Goyal wrote:
> On Tue, Apr 13, 2021 at 09:47:14AM +0100, Stefan Hajnoczi wrote:
> > On Thu, Apr 08, 2021 at 10:55:34PM +0300, Anton Kuchin wrote:
> > > Make virtio-fs take into account server capabilities.
> > > 
> > > Just returning requested features assumes they all of then are implemented
> > > by server and results in setting unsupported configuration if some of them
> > > are absent.
> > > 
> > > Signed-off-by: Anton Kuchin 
> > > ---
> > >  hw/virtio/vhost-user-fs.c | 17 +
> > >  1 file changed, 13 insertions(+), 4 deletions(-)
> > > 
> > > diff --git a/hw/virtio/vhost-user-fs.c b/hw/virtio/vhost-user-fs.c
> > > index ac4fc34b36..6cf983ba0e 100644
> > > --- a/hw/virtio/vhost-user-fs.c
> > > +++ b/hw/virtio/vhost-user-fs.c
> > > @@ -24,6 +24,14 @@
> > >  #include "monitor/monitor.h"
> > >  #include "sysemu/sysemu.h"
> > >  
> > > +static const int user_feature_bits[] = {
> > > +VIRTIO_F_VERSION_1,
> > > +VIRTIO_RING_F_INDIRECT_DESC,
> > > +VIRTIO_RING_F_EVENT_IDX,
> > > +VIRTIO_F_NOTIFY_ON_EMPTY,
> > > +VHOST_INVALID_FEATURE_BIT
> > > +};
> > 
> > Please add:
> > 
> > VIRTIO_F_RING_PACKED
> > VIRTIO_F_IOMMU_PLATFORM
> 
> Hi Stefan,
> 
> What about
> 
> VIRTIO_F_ANY_LAYOUT
> 
> I see this one is currently set in requested_features. IIUC, qemu will
> assume that device supports VIRTIO_F_ANY_LAYOUT if we don't reset it.

virtio-fs requires VIRTIO 1.1+ where the "any layout" semantics are
mandatory. The Legacy device interface is not supported by virtio-fs so
this feature bit isn't used.

Here is the VIRTIO_F_ANY_LAYOUT section in the spec if you want to read
more about it:
https://docs.oasis-open.org/virtio/virtio/v1.1/cs01/virtio-v1.1-cs01.html#x1-4130003

> And I see two more flags.
> 
> VIRTIO_F_ORDER_PLATFORM
> VIRTIO_F_SR_IOV
> 
> Should this be part of user_feature_bits[] too?

VIRTIO_F_ORDER_PLATFORM is unclear. It could be used in some way if the
vhost-user device backend passes the virtqueue memory to a physical PCI
device, but I think vhost-user doesn't support that (instead vDPA would
be used).

VIRTIO_F_SR_IOV is not relevant to vhost-user device backends. It's
unlikely to be implemented but if so, then the hypervisor would handle
it as part of virtio-pci device emulation and the vhost-user device
backend would be unaware.

So I think these 3 feature bits do not need to be negotiated with the
vhost-user device backend.

Stefan


signature.asc
Description: PGP signature

Re: [RFC v12 03/65] arm: tcg: only build under CONFIG_TCG

2021-04-14 Thread Claudio Fontana 
On 4/13/21 10:49 PM, Philippe Mathieu-Daudé wrote:
> On 3/26/21 8:35 PM, Claudio Fontana wrote:
>> Signed-off-by: Claudio Fontana 
>> Reviewed-by: Richard Henderson 
>> Reviewed-by: Alex Bennée 
>> ---
>>  target/arm/tcg/meson.build | 6 +++---
>>  1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/target/arm/tcg/meson.build b/target/arm/tcg/meson.build
>> index 0bd4e9d954..3b4146d079 100644
>> --- a/target/arm/tcg/meson.build
>> +++ b/target/arm/tcg/meson.build
>> @@ -12,9 +12,9 @@ gen = [
>>decodetree.process('t16.decode', extra_args: ['-w', '16', 
>> '--static-decode=disas_t16']),
>>  ]
>>  
>> -arm_ss.add(gen)
>> +arm_ss.add(when: 'CONFIG_TCG', if_true: gen)
>>  
>> -arm_ss.add(files(
>> +arm_ss.add(when: 'CONFIG_TCG', if_true: files(
>>'translate.c',
>>'helper.c',
>>'iwmmxt_helper.c',
>> @@ -28,7 +28,7 @@ arm_ss.add(files(
>>'debug_helper.c',
>>  ))
>>  
>> -arm_ss.add(when: 'TARGET_AARCH64', if_true: files(
>> +arm_ss.add(when: ['TARGET_AARCH64','CONFIG_TCG'], if_true: files(
>>'translate-a64.c',
>>'translate-sve.c',
>>'helper-a64.c',
>>
> 
> Isn't it clearer to use in target/arm/meson.build:
> 
> if 'CONFIG_TCG' in config_all
>   subdir('tcg')
> endif
> 
> ?

This was my initial idea also, but now it is not possible anymore, since we now 
put some tcg stubs in tcg/.

We could instead put them in a dedicated stubs/ directory though.

The reason is basically that Paolo suggested to recurse unconditionally, I just 
considered this meson-related statement as an oracle.

Ciao,

Claudio

> 
> Similarly in the next patch for target/arm/tcg/meson.build:
> 
> if have_user
>   subdir('user')
> endif
> if have_system
>   subdir('sysemu')
> endif
>

Re: any remaining for-6.0 issues?

2021-04-14 Thread Bin Meng 
Hi Stefan,

On Tue, Apr 13, 2021 at 2:19 PM Stefan Weil  wrote:
>
> Am 13.04.21 um 07:56 schrieb Bin Meng:
>
> > On Mon, Apr 12, 2021 at 11:33 PM Peter Maydell  
> > wrote:
> >> Last call to note anything we need to fix for 6.0 on
> >> https://wiki.qemu.org/Planning/6.0#Known_issues please.
> >> The schedule is to tag rc3 tomorrow, which I would ideally like
> >> to be the last rc before release. After rc3 I will only be taking
> >> fixes for bugs which are absolutely critical...
> > This patch (affects Windows install)
> > http://patchwork.ozlabs.org/project/qemu-devel/patch/20210326062140.367861-1-bmeng...@gmail.com/
> >
> > is still not applied.
> >
> > Regards,
> > Bin
>
>
> That patch is based on an older version of my personal QEMU sources and
> not required for 6.0.

I am confused.

I see https://repo.or.cz/qemu/ar7.git/blob/HEAD:/qemu.nsi still does
not contain the fix.

Or is this qemu.nsi file not used in the latest 6.0 installer?

>
> The official QEMU sources install the whole share directory, so all
> required firmware files are included. My latest installer
> (https://qemu.weilnetz.de/w64/qemu-w64-setup-20210409.exe) installs
> those files, too.

Regards,
Bin

Re: [PATCH v2] target/s390x: Fix translation exception on illegal instruction

2021-04-14 Thread Cornelia Huck 
On Tue, 13 Apr 2021 18:52:57 +0200
Ilya Leoshkevich  wrote:

> Hitting an uretprobe in a s390x TCG guest causes a SIGSEGV. What
> happens is:
> 
> * uretprobe maps a userspace page containing an invalid instruction.
> * uretprobe replaces the target function's return address with the
>   address of that page.
> * When tb_gen_code() is called on that page, tb->size ends up being 0
>   (because the page starts with the invalid instruction), which causes
>   virt_page2 to point to the previous page.
> * The previous page is not mapped, so this causes a spurious
>   translation exception.
> 
> The bug is that tb->size must never be 0: even if there is an illegal
> instruction, the instruction bytes that have been looked at must count
> towards tb->size. So adjust s390x's translate_one() to act this way
> for both illegal instructions and instructions that are known to
> generate exceptions.
> 
> Also add an assertion to tb_gen_code() in order to detect such
> situations in future.
> 
> Signed-off-by: Ilya Leoshkevich 
> ---
> 
> v1: https://lists.nongnu.org/archive/html/qemu-devel/2021-04/msg02037.html
> v1 -> v2: Fix target/s390x instead of trying to tolerate tb->size == 0
>   in tb_gen_code().
> 
>  accel/tcg/translate-all.c |  1 +
>  target/s390x/translate.c  | 16 +++-
>  2 files changed, 12 insertions(+), 5 deletions(-)

I assume this bug is not usually hit during normal usage, right? It's
probably not release critical, so I'll line it up for 6.1 instead.

[PATCH for-6.0 v2] x86: acpi: use offset instead of pointer when using build_header()

2021-04-14 Thread Igor Mammedov 
Do the same as in commit
 (4d027afeb3a97 Virt: ACPI: fix qemu assert due to re-assigned table data 
address)
for remaining tables that happen to use saved at
the beginning pointer to build header to avoid assert
when table_data is relocated due to implicit re-size.

In this case user is trying to start Windows 10 and getting assert at
 hw/acpi/bios-linker-loader.c:239:
  bios_linker_loader_add_checksum: Assertion `start_offset < file->blob->len' 
failed.

Fixes: https://bugs.launchpad.net/bugs/1923497
Signed-off-by: Igor Mammedov 
---
v2:
  - amend commit message (Michael)
PS:
 I have build_header() refactoring patch that requires offset
 instead of pointer, to make it harder to misuse but it's
 a bit intrusive for last minute fixes. So here goes simplified
 variant, and I'll post refactoring patch for 6.1. later.

 hw/acpi/aml-build.c  | 15 +--
 hw/i386/acpi-build.c |  8 ++--
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index d33ce8954a..f0035d2b4a 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1830,6 +1830,7 @@ build_rsdt(GArray *table_data, BIOSLinker *linker, GArray 
*table_offsets,
 int i;
 unsigned rsdt_entries_offset;
 AcpiRsdtDescriptorRev1 *rsdt;
+int rsdt_start = table_data->len;
 const unsigned table_data_len = (sizeof(uint32_t) * table_offsets->len);
 const unsigned rsdt_entry_size = sizeof(rsdt->table_offset_entry[0]);
 const size_t rsdt_len = sizeof(*rsdt) + table_data_len;
@@ -1846,7 +1847,8 @@ build_rsdt(GArray *table_data, BIOSLinker *linker, GArray 
*table_offsets,
 ACPI_BUILD_TABLE_FILE, ref_tbl_offset);
 }
 build_header(linker, table_data,
- (void *)rsdt, "RSDT", rsdt_len, 1, oem_id, oem_table_id);
+ (void *)(table_data->data + rsdt_start),
+ "RSDT", rsdt_len, 1, oem_id, oem_table_id);
 }
 
 /* Build xsdt table */
@@ -1857,6 +1859,7 @@ build_xsdt(GArray *table_data, BIOSLinker *linker, GArray 
*table_offsets,
 int i;
 unsigned xsdt_entries_offset;
 AcpiXsdtDescriptorRev2 *xsdt;
+int xsdt_start = table_data->len;
 const unsigned table_data_len = (sizeof(uint64_t) * table_offsets->len);
 const unsigned xsdt_entry_size = sizeof(xsdt->table_offset_entry[0]);
 const size_t xsdt_len = sizeof(*xsdt) + table_data_len;
@@ -1873,7 +1876,8 @@ build_xsdt(GArray *table_data, BIOSLinker *linker, GArray 
*table_offsets,
 ACPI_BUILD_TABLE_FILE, ref_tbl_offset);
 }
 build_header(linker, table_data,
- (void *)xsdt, "XSDT", xsdt_len, 1, oem_id, oem_table_id);
+ (void *)(table_data->data + xsdt_start),
+ "XSDT", xsdt_len, 1, oem_id, oem_table_id);
 }
 
 void build_srat_memory(AcpiSratMemoryAffinity *numamem, uint64_t base,
@@ -2053,10 +2057,9 @@ void build_tpm2(GArray *table_data, BIOSLinker *linker, 
GArray *tcpalog,
 uint64_t control_area_start_address;
 TPMIf *tpmif = tpm_find();
 uint32_t start_method;
-void *tpm2_ptr;
 
 tpm2_start = table_data->len;
-tpm2_ptr = acpi_data_push(table_data, sizeof(AcpiTableHeader));
+acpi_data_push(table_data, sizeof(AcpiTableHeader));
 
 /* Platform Class */
 build_append_int_noprefix(table_data, TPM2_ACPI_CLASS_CLIENT, 2);
@@ -2095,8 +2098,8 @@ void build_tpm2(GArray *table_data, BIOSLinker *linker, 
GArray *tcpalog,
log_addr_offset, 8,
ACPI_BUILD_TPMLOG_FILE, 0);
 build_header(linker, table_data,
- tpm2_ptr, "TPM2", table_data->len - tpm2_start, 4, oem_id,
- oem_table_id);
+ (void *)(table_data->data + tpm2_start),
+ "TPM2", table_data->len - tpm2_start, 4, oem_id, 
oem_table_id);
 }
 
 Aml *build_crs(PCIHostState *host, CrsRangeSet *range_set, uint32_t io_offset,
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index de98750aef..daaf8f473e 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1816,6 +1816,7 @@ build_hpet(GArray *table_data, BIOSLinker *linker, const 
char *oem_id,
const char *oem_table_id)
 {
 Acpi20Hpet *hpet;
+int hpet_start = table_data->len;
 
 hpet = acpi_data_push(table_data, sizeof(*hpet));
 /* Note timer_block_id value must be kept in sync with value advertised by
@@ -1824,13 +1825,15 @@ build_hpet(GArray *table_data, BIOSLinker *linker, 
const char *oem_id,
 hpet->timer_block_id = cpu_to_le32(0x8086a201);
 hpet->addr.address = cpu_to_le64(HPET_BASE);
 build_header(linker, table_data,
- (void *)hpet, "HPET", sizeof(*hpet), 1, oem_id, oem_table_id);
+ (void *)(table_data->data + hpet_start),
+ "HPET", sizeof(*hpet), 1, oem_id, oem_table_id);
 }
 
 static void
 build_tpm_tcpa(GArray *table_data, BIOSLinker *linker, GArray *tcpalog,
const char *oem_id, const char *oem_ta

Re: [Bug 1923497] Re: bios_linker_loader_add_checksum: Assertion `start_offset < file->blob->len' failed

2021-04-14 Thread Igor Mammedov 
On Tue, 13 Apr 2021 21:29:45 -
Ed Davison <1923...@bugs.launchpad.net> wrote:

> Hmmm.  Well, I don't know what the command line was.  I use Virtual
> Machine Manager (virt-manager.org) for my interface to the VM and it
> does the startup.  The error shows up when I start the VM.
In this case you should be able to attach domain xml. 
(View->Details->Overview->XML)

Also try and see if the following patch helps:
https://lore.kernel.org/qemu-devel/20210413160834-mutt-send-email-...@kernel.org/T/#md70161e63276e9d5b6fd50fd835d2e62895810b8

Re: [PATCH for-6.0 v2] x86: acpi: use offset instead of pointer when using build_header()

2021-04-14 Thread Igor Mammedov 
On Wed, 14 Apr 2021 04:43:56 -0400
Igor Mammedov  wrote:

> Do the same as in commit
>  (4d027afeb3a97 Virt: ACPI: fix qemu assert due to re-assigned table data 
> address)
> for remaining tables that happen to use saved at
> the beginning pointer to build header to avoid assert
> when table_data is relocated due to implicit re-size.
> 
> In this case user is trying to start Windows 10 and getting assert at
>  hw/acpi/bios-linker-loader.c:239:
>   bios_linker_loader_add_checksum: Assertion `start_offset < file->blob->len' 
> failed.
> 
> Fixes: https://bugs.launchpad.net/bugs/1923497
> Signed-off-by: Igor Mammedov 

forgot to CC stable, doing it now

> ---
> v2:
>   - amend commit message (Michael)
> PS:
>  I have build_header() refactoring patch that requires offset
>  instead of pointer, to make it harder to misuse but it's
>  a bit intrusive for last minute fixes. So here goes simplified
>  variant, and I'll post refactoring patch for 6.1. later.
> 
>  hw/acpi/aml-build.c  | 15 +--
>  hw/i386/acpi-build.c |  8 ++--
>  2 files changed, 15 insertions(+), 8 deletions(-)
> 
> diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
> index d33ce8954a..f0035d2b4a 100644
> --- a/hw/acpi/aml-build.c
> +++ b/hw/acpi/aml-build.c
> @@ -1830,6 +1830,7 @@ build_rsdt(GArray *table_data, BIOSLinker *linker, 
> GArray *table_offsets,
>  int i;
>  unsigned rsdt_entries_offset;
>  AcpiRsdtDescriptorRev1 *rsdt;
> +int rsdt_start = table_data->len;
>  const unsigned table_data_len = (sizeof(uint32_t) * table_offsets->len);
>  const unsigned rsdt_entry_size = sizeof(rsdt->table_offset_entry[0]);
>  const size_t rsdt_len = sizeof(*rsdt) + table_data_len;
> @@ -1846,7 +1847,8 @@ build_rsdt(GArray *table_data, BIOSLinker *linker, 
> GArray *table_offsets,
>  ACPI_BUILD_TABLE_FILE, ref_tbl_offset);
>  }
>  build_header(linker, table_data,
> - (void *)rsdt, "RSDT", rsdt_len, 1, oem_id, oem_table_id);
> + (void *)(table_data->data + rsdt_start),
> + "RSDT", rsdt_len, 1, oem_id, oem_table_id);
>  }
>  
>  /* Build xsdt table */
> @@ -1857,6 +1859,7 @@ build_xsdt(GArray *table_data, BIOSLinker *linker, 
> GArray *table_offsets,
>  int i;
>  unsigned xsdt_entries_offset;
>  AcpiXsdtDescriptorRev2 *xsdt;
> +int xsdt_start = table_data->len;
>  const unsigned table_data_len = (sizeof(uint64_t) * table_offsets->len);
>  const unsigned xsdt_entry_size = sizeof(xsdt->table_offset_entry[0]);
>  const size_t xsdt_len = sizeof(*xsdt) + table_data_len;
> @@ -1873,7 +1876,8 @@ build_xsdt(GArray *table_data, BIOSLinker *linker, 
> GArray *table_offsets,
>  ACPI_BUILD_TABLE_FILE, ref_tbl_offset);
>  }
>  build_header(linker, table_data,
> - (void *)xsdt, "XSDT", xsdt_len, 1, oem_id, oem_table_id);
> + (void *)(table_data->data + xsdt_start),
> + "XSDT", xsdt_len, 1, oem_id, oem_table_id);
>  }
>  
>  void build_srat_memory(AcpiSratMemoryAffinity *numamem, uint64_t base,
> @@ -2053,10 +2057,9 @@ void build_tpm2(GArray *table_data, BIOSLinker 
> *linker, GArray *tcpalog,
>  uint64_t control_area_start_address;
>  TPMIf *tpmif = tpm_find();
>  uint32_t start_method;
> -void *tpm2_ptr;
>  
>  tpm2_start = table_data->len;
> -tpm2_ptr = acpi_data_push(table_data, sizeof(AcpiTableHeader));
> +acpi_data_push(table_data, sizeof(AcpiTableHeader));
>  
>  /* Platform Class */
>  build_append_int_noprefix(table_data, TPM2_ACPI_CLASS_CLIENT, 2);
> @@ -2095,8 +2098,8 @@ void build_tpm2(GArray *table_data, BIOSLinker *linker, 
> GArray *tcpalog,
> log_addr_offset, 8,
> ACPI_BUILD_TPMLOG_FILE, 0);
>  build_header(linker, table_data,
> - tpm2_ptr, "TPM2", table_data->len - tpm2_start, 4, oem_id,
> - oem_table_id);
> + (void *)(table_data->data + tpm2_start),
> + "TPM2", table_data->len - tpm2_start, 4, oem_id, 
> oem_table_id);
>  }
>  
>  Aml *build_crs(PCIHostState *host, CrsRangeSet *range_set, uint32_t 
> io_offset,
> diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> index de98750aef..daaf8f473e 100644
> --- a/hw/i386/acpi-build.c
> +++ b/hw/i386/acpi-build.c
> @@ -1816,6 +1816,7 @@ build_hpet(GArray *table_data, BIOSLinker *linker, 
> const char *oem_id,
> const char *oem_table_id)
>  {
>  Acpi20Hpet *hpet;
> +int hpet_start = table_data->len;
>  
>  hpet = acpi_data_push(table_data, sizeof(*hpet));
>  /* Note timer_block_id value must be kept in sync with value advertised 
> by
> @@ -1824,13 +1825,15 @@ build_hpet(GArray *table_data, BIOSLinker *linker, 
> const char *oem_id,
>  hpet->timer_block_id = cpu_to_le32(0x8086a201);
>  hpet->addr.address = cpu_to_le64(HPET_BASE);
>  build_header(linker, table_data,
> - (v

Re: [PULL 0/1] virtiofs queue for 6.0

2021-04-14 Thread Peter Maydell 
On Tue, 13 Apr 2021 at 16:25, Dr. David Alan Gilbert (git)
 wrote:
>
> From: "Dr. David Alan Gilbert" 
>
> The following changes since commit dce628a97fde2594f99d738883a157f05aa0a14f:
>
>   Merge remote-tracking branch 'remotes/dg-gitlab/tags/ppc-for-6.0-20210412' 
> into staging (2021-04-13 13:05:07 +0100)
>
> are available in the Git repository at:
>
>   https://gitlab.com/dagrh/qemu.git tags/pull-virtiofs-20210413
>
> for you to fetch changes up to ace66791cd15657320b11b1a421afc055f28efca:
>
>   vhost-user-fs: fix features handling (2021-04-13 16:13:41 +0100)
>
> 
> virtiofs: Fix feature negotiation (for 6.0)
>
> A 6.0 fix for feature negotiation on vhost-user.
>
> Signed-off-by: Dr. David Alan Gilbert 
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/6.0
for any user-visible changes.

-- PMM

Re: [PATCH] vhost-vdpa: Make vhost_vdpa_get_device_id() static

2021-04-14 Thread Stefano Garzarella 

On Tue, Apr 13, 2021 at 09:37:37PM +0800, Zenghui Yu wrote:

As it's only used inside hw/virtio/vhost-vdpa.c.

Signed-off-by: Zenghui Yu 
---
hw/virtio/vhost-vdpa.c | 4 ++--
include/hw/virtio/vhost-vdpa.h | 2 --
2 files changed, 2 insertions(+), 4 deletions(-)


Reviewed-by: Stefano Garzarella 



diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index 01d2101d09..8f2fb9f10b 100644
--- a/hw/virtio/vhost-vdpa.c
+++ b/hw/virtio/vhost-vdpa.c
@@ -371,8 +371,8 @@ static int vhost_vdpa_set_backend_cap(struct vhost_dev *dev)
return 0;
}

-int vhost_vdpa_get_device_id(struct vhost_dev *dev,
-   uint32_t *device_id)
+static int vhost_vdpa_get_device_id(struct vhost_dev *dev,
+uint32_t *device_id)
{
int ret;
ret = vhost_vdpa_call(dev, VHOST_VDPA_GET_DEVICE_ID, device_id);
diff --git a/include/hw/virtio/vhost-vdpa.h b/include/hw/virtio/vhost-vdpa.h
index 9b81a409da..28ca65018e 100644
--- a/include/hw/virtio/vhost-vdpa.h
+++ b/include/hw/virtio/vhost-vdpa.h
@@ -22,6 +22,4 @@ typedef struct vhost_vdpa {
} VhostVDPA;

extern AddressSpace address_space_memory;
-extern int vhost_vdpa_get_device_id(struct vhost_dev *dev,
-   uint32_t *device_id);
#endif
--
2.19.1

Re: [PATCH v2 3/7] ACPI ERST: support for ACPI ERST feature

2021-04-14 Thread Igor Mammedov 
On Fri, 9 Apr 2021 15:54:47 +
Eric DeVolder  wrote:

> Hi Igor,
> Thank you for reviewing. I've responded inline below.
> eric
> 
> 
> From: Igor Mammedov 
> Sent: Tuesday, April 6, 2021 2:31 PM
> To: Eric DeVolder 
> Cc: m...@redhat.com ; marcel.apfelb...@gmail.com 
> ; pbonz...@redhat.com ; 
> r...@twiddle.net ; ehabk...@redhat.com 
> ; qemu-devel@nongnu.org ; Boris 
> Ostrovsky ; kw...@oracle.com 
> Subject: Re: [PATCH v2 3/7] ACPI ERST: support for ACPI ERST feature
> 
> On Mon,  8 Feb 2021 15:57:55 -0500
> Eric DeVolder  wrote:
> 
> > This change implements the support for the ACPI ERST feature[1,2].
> >
> > The size of the ACPI ERST storage is declared via the QEMU
> > global parameter acpi-erst.size. The size can range from 64KiB
> > to to 64MiB. The default is 64KiB.
> >
> > The location of the ACPI ERST storage backing file is delared
> > via the QEMU global parameter acpi-erst.filename. The default
> > is acpi-erst.backing.
> >
> > [1] "Advanced Configuration and Power Interface Specification",
> > version 6.2, May 2017.
> > https://www.uefi.org/sites/default/files/resources/ACPI_6_2.pdf
> >
> > [2] "Unified Extensible Firmware Interface Specification",
> > version 2.8, March 2019.
> > https://uefi.org/sites/default/files/resources/UEFI_Spec_2_8_final.pdf
> >
> > Signed-off-by: Eric DeVolder   
> 
> items 2/4/5 from v1 review still need to be addressed.
> 
> >
> > 2. patch is too big to review, please split it up in smaller chunks.
> >
> > EJD: Done.  
> 
> (separating a header and a makefile rule doesn't make much sense)
> 
> it should be split at least on part that implements device model and ACPI 
> parts
> 
> EJD: I'll rebase this patch set on qemu-6 and accommodate your suggestions 
> with how to split/organize the patch set.
> 
> [...]
> >
> > 4. Maybe instead of SYSBUS device, implement it as a PCI device and
> >use its BAR/control registers for pstore storage and control interface.
> >It could save you headache of picking address where to map it +
> >it would take care of migration part automatically, as firmware
> >would do it for you and then QEMU could pickup firmware programmed
> >address and put it into ERST table.
> > EJD: Thanks for the idea. For now I've left it as a SYSBUS device; we can 
> > revisit as needed.  
> 
> I would really prefer to see a PCI version (current way is just a hack)
> 
> EJD: I understand, I don't like the base address problem either. Is there an 
> example PCI device that gets its base address assigned during ACPI setup that 
> I could reference and pattern this work after? I've been using SYSBUS as that 
> most closely mimics the real hardware implementations I've studied in order 
> to produce this code.
> EJD: I thought my inexperience with authoring QEMU devices was the primary 
> problem in establishing a solution for the base address. Otherwise, this 
> thing only needs a single 4KiB page (for the 2 registers + exchange buffer) 
> exposed.

I don't recall if we merged example PCI device in QEMU, but someone worked on 
it before.
Google search yields following:
 
https://github.com/grandemk/qemu_devices/commit/ba8d38a858ba63ef4d419a926f58328b9675fc98


> > 5. instead of dealing with file for storage directly, reuse hostmem backend
> >to provide it to for your device. ex: pc-dimm. i.e. split device
> >on frontend and backend
> >
> > EJD: I had looked into that prior to posting v1. The entire ERST storage is 
> > not memory mapped, just an exchange buffer. So the hostmem backend is not 
> > suitable for this purpose.  
> 
> Is there a compelling reason why it can't be memory mapped?
> 
> EJD: Well, this ERST device I've coded pretty much follows the ACPI ERST spec 
> verbatim. As it stands today, the spec doesn't provide a way to report the 
> total size of the persistent storage behind the interface; you know when 
> storage is full only when you receive an Out Of Storage error code upon 
> write. In a sense, that allows the size of the storage to vary greatly and be 
> implemented in any way needed (ie actual hardware, this has tended to be in 
> the 64KiB range when it is carved out of system parallel flash memory, but 
> some hardware uses serial flash as well). In virtual environments, it can be 
> of any size, and we at Oracle have intentions of heavily utilizing ACPI ERST 
> to stuff all kinds of diagnostic information into it, thus wanting the 
> storage to be very large. By not actually exposing/memory-mapping the 
> storage, the issue of where to drop it in the memory map goes away (yes a PCI 
> BAR could solve this).
> EJD: But at the end of the day, could this storage be memory mapped? I 
> suppose it could be, but then that rather circumvents the entire need for the 
> ACPI ERST interface to start with. Linux and Windows both already know how to 
> utilize ACPI ERST.

Maybe I wasn't clear on it, I did not propose to map storage into guest.
Only use MemoryRegion

Re: any remaining for-6.0 issues?

2021-04-14 Thread Stefan Weil 

Am 14.04.21 um 10:30 schrieb Bin Meng:


Hi Stefan,

On Tue, Apr 13, 2021 at 2:19 PM Stefan Weil  wrote:

Am 13.04.21 um 07:56 schrieb Bin Meng:


This patch (affects Windows install)
http://patchwork.ozlabs.org/project/qemu-devel/patch/20210326062140.367861-1-bmeng...@gmail.com/

is still not applied.

Regards,
Bin


That patch is based on an older version of my personal QEMU sources and
not required for 6.0.

I am confused.

I see https://repo.or.cz/qemu/ar7.git/blob/HEAD:/qemu.nsi still does
not contain the fix.

Or is this qemu.nsi file not used in the latest 6.0 installer?



https://repo.or.cz/qemu/ar7.git/blob/HEAD:/qemu.nsi#l139 installs all 
shared files recursively (same as in the official QEMU git master), so 
no fix is required.


Stefan

Re: [PATCH v2] target/s390x: Fix translation exception on illegal instruction

2021-04-14 Thread Ilya Leoshkevich 
On Wed, 2021-04-14 at 10:38 +0200, Cornelia Huck wrote:
> On Tue, 13 Apr 2021 18:52:57 +0200
> Ilya Leoshkevich  wrote:
> 
> > Hitting an uretprobe in a s390x TCG guest causes a SIGSEGV. What
> > happens is:
> > 
> > * uretprobe maps a userspace page containing an invalid
> > instruction.
> > * uretprobe replaces the target function's return address with the
> >   address of that page.
> > * When tb_gen_code() is called on that page, tb->size ends up being
> > 0
> >   (because the page starts with the invalid instruction), which
> > causes
> >   virt_page2 to point to the previous page.
> > * The previous page is not mapped, so this causes a spurious
> >   translation exception.
> > 
> > The bug is that tb->size must never be 0: even if there is an
> > illegal
> > instruction, the instruction bytes that have been looked at must
> > count
> > towards tb->size. So adjust s390x's translate_one() to act this way
> > for both illegal instructions and instructions that are known to
> > generate exceptions.
> > 
> > Also add an assertion to tb_gen_code() in order to detect such
> > situations in future.
> > 
> > Signed-off-by: Ilya Leoshkevich 
> > ---
> > 
> > v1: 
> > https://lists.nongnu.org/archive/html/qemu-devel/2021-04/msg02037.html
> > v1 -> v2: Fix target/s390x instead of trying to tolerate tb->size
> > == 0
> >   in tb_gen_code().
> > 
> >  accel/tcg/translate-all.c |  1 +
> >  target/s390x/translate.c  | 16 +++-
> >  2 files changed, 12 insertions(+), 5 deletions(-)
> 
> I assume this bug is not usually hit during normal usage, right? It's
> probably not release critical, so I'll line it up for 6.1 instead.

Yes, I saw it only with uprobes, and then it leads only to a process
crash, not to a kernel crash. Thanks!

Re: any remaining for-6.0 issues?

2021-04-14 Thread Peter Maydell 
On Wed, 14 Apr 2021 at 09:31, Bin Meng  wrote:
>
> Hi Stefan,
>
> On Tue, Apr 13, 2021 at 2:19 PM Stefan Weil  wrote:
> > That patch is based on an older version of my personal QEMU sources and
> > not required for 6.0.
>
> I am confused.
>
> I see https://repo.or.cz/qemu/ar7.git/blob/HEAD:/qemu.nsi still does
> not contain the fix.
>
> Or is this qemu.nsi file not used in the latest 6.0 installer?

In any case, that is a branch, and so any issues in it are not relevant
to 6.0 unless they are also a problem for QEMU master itself.

thanks
-- PMM

Re: [PATCH 00/11] Add support for Blob resources feature

2021-04-14 Thread Gerd Hoffmann 
  Hi,

> Any other ideas as to how to eliminate that Blit cleanly?

Well, "cleanly" pretty much implies "supported by toolkit".

gtk glarea for example sets up a framebuffer and expects the application
render to that framebuffer.  So qemu glarea code does a fb-to-fb blit.

Other reasons are scaling and cursor rendering.  Not all reasons apply
to all UIs.  I think when using spice qemu doesn't blit (not fully sure
what happens inside spice-server), but it could very well be that the
spice-client does the blit instead, i.e. we just shift the issue to
another place ...

take care,
  Gerd

Re: Issues with modifying pc in a sigaction handler

2021-04-14 Thread Peter Maydell 
On Tue, 13 Apr 2021 at 23:44, Devin Hussey  wrote:
>
> In a toy project I was doing
> (https://github.com/easyaspi314/ThumbGolf), I found that qemu will
> incorrectly handle modifying pc in a handler.
>
> Specifically, on platforms with instruction alignment requirements
> (most notably ARM), if you set the pc to an odd address, QEMU will
> start reading unaligned instructions.
>
> Naturally, this is frustrating when dealing with ARM Thumb functions
> which have the lowest bit set when referenced, as you must manually
> clear the Thumb bit instead of it being implicit on hardware.
>
> The following code exhibits this bug for ARM:
>
> ---
> #include 
> #include 
> #include 
>
> static void hello(void)
> {
> printf("Hello,");
> }
>
> static void handler(int signo, siginfo_t *si, void *data)
> {
> ucontext_t *uc = (ucontext_t *)data;
> // Effectively bl hello although we assume thumb state
> uc->uc_mcontext.arm_lr = uc->uc_mcontext.arm_pc + 2 | 1;
> uc->uc_mcontext.arm_pc = (unsigned long)&hello;

This is setting the arm_pc field to an odd number (because
the compiler/linker for Thumb will treat "take the address
of a thumb mode function" as a request for the value with the
LSB set to indicate Thumb mode. However, the ABI for the
uc_mcontext fields is that the arm_pc field should be the actual
required value of the PC -- if you want to go to somewhere in
Thumb mode you need to set the arm_pc field to the true PC
(with the LSB clear) and also set the T bit in the CPSR field
of the uc_mcontext.

So your code is doing something it shouldn't and has thus
wandered off into a corner case where QEMU behaves differently
from the hardware...

thanks
-- PMM

[Bug 1923689] Re: sig-abort / coredump observed from aio_ctx_finalize

2021-04-14 Thread Stefan Hajnoczi 
Please install debuginfo and run "p *ctx" in GDB from the
aio_ctx_finalize frame. That should show ctx->scheduled_coroutines,
ctx->bh_slice_list, etc.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1923689

Title:
  sig-abort / coredump observed from aio_ctx_finalize

Status in QEMU:
  New

Bug description:
  Observing occasional sig-abort based on v5.2.0 (tag) of QEMU. The VMM
  is configured for Kata use case, launching with a nvdimm/pmem based
  rootfs, and a set of workloads which are heavily utilizing virtio-fs.

  Sample qemu-cmdline:
  /usr/bin/qemu-kata-system-x86_64
  -name sandbox-9dc314445bbb2cd02e6d30126ea8355a4f8acd36c866ea32171486931dc2b99c
  -uuid cd58d78d-ad44-4d26-9eab-66efab3fb23b
  -machine pc,accel=kvm,kernel_irqchip,nvdimm=on
  -cpu host,pmu=off
  -qmp 
unix:/run/vc/vm/9dc314445bbb2cd02e6d30126ea8355a4f8acd36c866ea32171486931dc2b99c/qmp.sock,server,nowait
  -m 2048M,slots=10,maxmem=386381M
  -device 
pci-bridge,bus=pci.0,id=pci-bridge-0,chassis_nr=1,shpc=on,addr=2,romfile=
  -device virtio-serial-pci,disable-modern=false,id=serial0,romfile=,max_ports=2
  -device virtconsole,chardev=charconsole0,id=console0
  -chardev 
socket,id=charconsole0,path=/run/vc/vm/9dc314445bbb2cd02e6d30126ea8355a4f8acd36c866ea32171486931dc2b99c/console.sock,server,nowait
  -device nvdimm,id=nv0,memdev=mem0
  -object 
memory-backend-file,id=mem0,mem-path=/usr/share/kata-containers/kata-containers.img,size=536870912
  -object rng-random,id=rng0,filename=/dev/urandom
  -device virtio-rng-pci,rng=rng0,romfile=
  -device 
vhost-vsock-pci,disable-modern=false,vhostfd=3,id=vsock-3054067214,guest-cid=3054067214,romfile=
  -chardev 
socket,id=char-770bb156466e8ed5,path=/run/vc/vm/9dc314445bbb2cd02e6d30126ea8355a4f8acd36c866ea32171486931dc2b99c/vhost-fs.sock
  -device 
vhost-user-fs-pci,chardev=char-770bb156466e8ed5,tag=kataShared,romfile=
  -netdev tap,id=network-0,vhost=on,vhostfds=4,fds=5
  -device 
driver=virtio-net-pci,netdev=network-0,mac=9e:ad:0c:d1:58:e0,disable-modern=false,mq=on,vectors=4,romfile=
  -rtc base=utc,driftfix=slew,clock=host
  -global kvm-pit.lost_tick_policy=discard
  -vga none
  -no-user-config
  -nodefaults
  -nographic
  --no-reboot
  -daemonize
  -object memory-backend-file,id=dimm1,size=2048M,mem-path=/dev/shm,share=on
  -numa node,memdev=dimm1
  -kernel /usr/share/kata-containers/vmlinuz
  -append tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 
i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k console=hvc0 
console=hvc1 cryptomgr.notests net.ifnames=0 pci=lastbus=0 root=/dev/pmem0p1 
rootflags=dax,data=ordered,errors=remount-ro ro rootfstype=ext4 quiet 
systemd.show_status=false panic=1 nr_cpus=32 
systemd.unit=kata-containers.target systemd.mask=systemd-networkd.service 
systemd.mask=systemd-networkd.socket
  -pidfile 
/run/vc/vm/9dc314445bbb2cd02e6d30126ea8355a4f8acd36c866ea32171486931dc2b99c/pid
  -smp 1,cores=1,threads=1,sockets=32,maxcpus=32

  From the core file I was able to obtain a backtrace:

  ```
  (gdb) info thread
Id   Target Id Frame
6Thread 0x7f92feffd700 (LWP 14678) 0x7f93b23a0a35 in 
pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
5Thread 0x7f92f700 (LWP 13860) 0x7f93b23a0a35 in 
pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
4Thread 0x7f930dcff700 (LWP 13572) 0x7f93b23a0a35 in 
pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
3Thread 0x7f92ff7fe700 (LWP 14179) 0x7f93b23a0a35 in 
pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
2Thread 0x7f93aed03700 (LWP 13565) 0x7f93b20bfd19 in syscall () 
from /lib64/libc.so.6
  * 1Thread 0x7f93c718dcc0 (LWP 13564) 0x7f93b1ffd3d7 in raise () from 
/lib64/libc.so.6
  (gdb) bt trace
  No symbol table is loaded.  Use the "file" command.
  (gdb) bt
  #0  0x7f93b1ffd3d7 in raise () from /lib64/libc.so.6
  #1  0x7f93b1ffeac8 in abort () from /lib64/libc.so.6
  #2  0x7f93b1ff61a6 in __assert_fail_base () from /lib64/libc.so.6
  #3  0x7f93b1ff6252 in __assert_fail () from /lib64/libc.so.6
  #4  0x007c6955 in aio_ctx_finalize ()
  #5  0x7f93c64223d1 in g_source_unref_internal () from 
/lib64/libglib-2.0.so.0
  #6  0x7f93c64225f5 in g_source_iter_next () from /lib64/libglib-2.0.so.0
  #7  0x7f93c642362d in g_main_context_unref () from /lib64/libglib-2.0.so.0
  #8  0x7f93c6425628 in g_main_loop_unref () from /lib64/libglib-2.0.so.0
  #9  0x006dbaa0 in iothread_instance_finalize ()
  #10 0x006c01e9 in object_unref ()
  #11 0x006be647 in object_property_del_child ()
  #12 0x0075ad79 in monitor_cleanup ()
  #13 0x00630635 in qemu_cleanup ()
  #14 0x0040fed3 in main ()
  ```

  I *think* we're hitting this assert: 
https://github.com/qemu/qemu/blob/master/util/async.c#L339 based on 
  ```
  (gdb

Re: [PATCH] gitlab-ci: Restrict jobs using Docker to runners having 'docker' tag

2021-04-14 Thread Philippe Mathieu-Daudé 
On 3/19/21 6:40 AM, Thomas Huth wrote:
> On 19/03/2021 01.43, Philippe Mathieu-Daudé wrote:
>> When a job is based on a Docker image [1], or is using a Docker
>> service, it requires a runner with Docker installed.
>>
>> Gitlab shared runners provide the 'docker' tag when they have it
>> installed.
>>
>> Are Gitlab shared runners are limited resources, we'd like to
> 
> s/Are/As/
> 
>> add more runners to QEMU repositories hosted on Gitlab. If a
>> runner doesn't provide Docker, our jobs requiring it will fail.
>>
>> Use the standard 'docker' tag to mark the jobs requiring Docker
>> on the runner.
>>
>> [1] https://docs.gitlab.com/ee/ci/yaml/#image
>> [2] https://docs.gitlab.com/ee/ci/yaml/#services
>>
>> Signed-off-by: Philippe Mathieu-Daudé 
> [...]
>> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
>> index f65cb11c4d3..d4511cf7dea 100644
>> --- a/.gitlab-ci.yml
>> +++ b/.gitlab-ci.yml
>> @@ -14,6 +14,8 @@ include:
>>     - local: '/.gitlab-ci.d/crossbuilds.yml'
>>     .native_build_job_template: &native_build_job_definition
>> +  tags:
>> +  - docker
>>     stage: build
>>     image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
>>     before_script:
>> @@ -38,6 +40,8 @@ include:
>>     fi
>>     .native_test_job_template: &native_test_job_definition
>> +  tags:
>> +  - docker
>>     stage: test
>>     image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
>>     script:
> 
> If you add it to the templates ... won't this disable most of the jobs
> on the dedicated runners that don't have docker? Wouldn't it be better
> to add the tag only to the jobs that run "make check-tcg" ?

But this is the point, if a runner doesn't have Docker, it can not
run the job...

Re: [PATCH] vhost-vdpa: Make vhost_vdpa_get_device_id() static

2021-04-14 Thread Philippe Mathieu-Daudé 
On 4/13/21 3:37 PM, Zenghui Yu wrote:
> As it's only used inside hw/virtio/vhost-vdpa.c.
> 
> Signed-off-by: Zenghui Yu 
> ---
>  hw/virtio/vhost-vdpa.c | 4 ++--
>  include/hw/virtio/vhost-vdpa.h | 2 --
>  2 files changed, 2 insertions(+), 4 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé

[Bug 1920913] Re: Openjdk11+ fails to install on s390x

2021-04-14 Thread Namrata Bhave 
As java -version passes few times, further also checked behaviour of Maven. 
Observed that mvn -v crashes in a similar fashion, however after setting below:
export MAVEN_OPTS="-XX:-TieredCompilation -XX:+UseG1GC -Dcount=100"

mvn -v always passes.

root@XX:/# mvn -v
OpenJDK 64-Bit Server VM warning: You have loaded library 
/apache-maven-3.6.3/lib/jansi-native/linux64/libjansi.so which might have 
disabled stack guard. The VM will try to fix the stack guard now.
It's highly recommended that you fix the library with 'execstack -c ', 
or link it with '-z noexecstack'.
Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f)
Maven home: /apache-maven-3.6.3
Java version: 11.0.7, vendor: Ubuntu, runtime: 
/usr/lib/jvm/java-11-openjdk-s390x
Default locale: en_US, platform encoding: ANSI_X3.4-1968
OS name: "linux", version: "5.4.0-70-generic", arch: "s390x", family: "unix"


However what I am really interested in, is mvn clean install command which 
never passes with above settings.

@davidhildenbrand, any help would be appreciated.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1920913

Title:
  Openjdk11+ fails to install on s390x

Status in QEMU:
  New

Bug description:
  While installing openjdk11 or higher from repo, it crashes while configuring 
ca-certificates-java.
  Although `java -version` passes, `jar -version` crashes. Detailed logs 
attached to this issue.

  ```
  # A fatal error has been detected by the Java Runtime Environment:
  #
  #  SIGILL (0x4) at pc=0x0040126f9980, pid=8425, tid=8430
  #
  # JRE version: OpenJDK Runtime Environment (11.0.10+9) (build 
11.0.10+9-Ubuntu-0ubuntu1.20.04)
  # Java VM: OpenJDK 64-Bit Server VM (11.0.10+9-Ubuntu-0ubuntu1.20.04, mixed 
mode, tiered, compressed oops, g1 gc, linux-s390x)
  # Problematic frame:
  # J 4 c1 java.lang.StringLatin1.hashCode([B)I java.base@11.0.10 (42 bytes) @ 
0x0040126f9980 [0x0040126f9980+0x]
  #
  # Core dump will be written. Default location: Core dumps may be processed 
with "/usr/share/apport/apport %p %s %c %d %P %E" (or dumping to //core.8425)
  #
  # An error report file with more information is saved as:
  # //hs_err_pid8425.log
  sed with "/usr/share/apport/apport %p %s %c %d %P %E" (or dumping to 
/root/core.10740)
  #
  # An error report file with more information is saved as:
  # /root/hs_err_pid10740.log
  ```

  Observed this on s390x/ubuntu as well as s390x/alpine when run on amd64 host.
  Please note, on native s390x, the installation is successful. Also this crash 
is not observed while installing openjdk-8-jdk.

  Qemu version: 5.2.0

  Please let me know if any more details are needed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1920913/+subscriptions

Re: [RFC PATCH 2/5] tests/docker/dockerfiles/ubuntu2004: Add missing symlink for cc

2021-04-14 Thread Philippe Mathieu-Daudé 
On 4/14/21 10:19 AM, Thomas Huth wrote:
> For some reasons, the "cc" symlink is missing in Ubuntu 20.04.
> Add it manually.
> 
> Signed-off-by: Thomas Huth 
> ---
>  tests/docker/dockerfiles/ubuntu2004.docker | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/tests/docker/dockerfiles/ubuntu2004.docker 
> b/tests/docker/dockerfiles/ubuntu2004.docker
> index 9750016e51..e1b309e313 100644
> --- a/tests/docker/dockerfiles/ubuntu2004.docker
> +++ b/tests/docker/dockerfiles/ubuntu2004.docker
> @@ -74,3 +74,6 @@ ENV FEATURES clang tsan pyyaml sdl2
>  # Apply patch https://reviews.llvm.org/D75820
>  # This is required for TSan in clang-10 to compile with QEMU.
>  RUN sed -i 's/^const/static const/g' 
> /usr/lib/llvm-10/lib/clang/10.0.0/include/sanitizer/tsan_interface.h
> +
> +# The symlink for cc is missing on Ubuntu

Maybe precise the version: "on Ubuntu 20.04" so we can remove
when upgrading to the next release?

> +RUN cd /usr/lib/ccache && ln -s ../../bin/ccache cc

No need to change current directory:

   RUN ln -s ../../bin/ccache /usr/lib/ccache/cc

Or use absolute (but if other use relative, better keep relative,
I haven't check):

   RUN ln -s /usr/bin/ccache /usr/lib/ccache/cc

Re: [PATCH v2] target/s390x: Fix translation exception on illegal instruction

2021-04-14 Thread Ilya Leoshkevich 
On Wed, 2021-04-14 at 11:19 +0200, Ilya Leoshkevich wrote:
> On Wed, 2021-04-14 at 10:38 +0200, Cornelia Huck wrote:
> > On Tue, 13 Apr 2021 18:52:57 +0200
> > Ilya Leoshkevich  wrote:
> > 
> > > Hitting an uretprobe in a s390x TCG guest causes a SIGSEGV. What
> > > happens is:
> > > 
> > > * uretprobe maps a userspace page containing an invalid
> > > instruction.
> > > * uretprobe replaces the target function's return address with the
> > >   address of that page.
> > > * When tb_gen_code() is called on that page, tb->size ends up being
> > > 0
> > >   (because the page starts with the invalid instruction), which
> > > causes
> > >   virt_page2 to point to the previous page.
> > > * The previous page is not mapped, so this causes a spurious
> > >   translation exception.
> > > 
> > > The bug is that tb->size must never be 0: even if there is an
> > > illegal
> > > instruction, the instruction bytes that have been looked at must
> > > count
> > > towards tb->size. So adjust s390x's translate_one() to act this way
> > > for both illegal instructions and instructions that are known to
> > > generate exceptions.
> > > 
> > > Also add an assertion to tb_gen_code() in order to detect such
> > > situations in future.
> > > 
> > > Signed-off-by: Ilya Leoshkevich 
> > > ---
> > > 
> > > v1: 
> > > https://lists.nongnu.org/archive/html/qemu-devel/2021-04/msg02037.html
> > > v1 -> v2: Fix target/s390x instead of trying to tolerate tb->size
> > > == 0
> > >   in tb_gen_code().
> > > 
> > >  accel/tcg/translate-all.c |  1 +
> > >  target/s390x/translate.c  | 16 +++-
> > >  2 files changed, 12 insertions(+), 5 deletions(-)
> > 
> > I assume this bug is not usually hit during normal usage, right? It's
> > probably not release critical, so I'll line it up for 6.1 instead.
> 
> Yes, I saw it only with uprobes, and then it leads only to a process
> crash, not to a kernel crash. Thanks!

Seems like the new assertion triggers on ARM:

https://gitlab.com/cohuck/qemu/-/jobs/1178409450

What are the rules in s390x-next-staging, can we amend the patch, or
only commit a follow-up? In either case, I think we'll need something
like this (untested):

--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -9060,6 +9060,7 @@ static void
arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
 unsigned int insn;
 
 if (arm_pre_translate_insn(dc)) {
+dc->base.pc_next += 4;
 return;
 }


I'm currently trying to debug this in more detail and test the fix.

Re: [RFC PATCH 5/5] gitlab-ci.d/crossbuilds.yml: Enable compilation with ccache

2021-04-14 Thread Philippe Mathieu-Daudé 
On 4/14/21 10:19 AM, Thomas Huth wrote:
> Ccache can speed up the compilation in some cases, so enable it for
> our cross-compilation CI builds, too.
> 
> Signed-off-by: Thomas Huth 
> ---
>  .gitlab-ci.d/crossbuilds.yml | 28 
>  1 file changed, 28 insertions(+)
> 
> diff --git a/.gitlab-ci.d/crossbuilds.yml b/.gitlab-ci.d/crossbuilds.yml
> index 017731a894..dee327a936 100644
> --- a/.gitlab-ci.d/crossbuilds.yml
> +++ b/.gitlab-ci.d/crossbuilds.yml
> @@ -1,4 +1,26 @@
> +
> +.ccache_cross_setup:
> +  cache:
> +key: "$CI_JOB_NAME"
> +paths:
> +  - ccache

I discovered last month the cache/artifact passing feature is useful
when all runners are in the same premises, but when you used runner
in different locations it become slower (except if all your runners
are in very fast clouds probably).

Not a short term problem, but can hit us long term. I haven't looked
if GitLab already figured how to manage this globally, like registering
runners with affinity, or assigning them to pools.

If we decide to stick with the free-tier runners, then this is a great
improvement.

For custom runners, a simple kludge is to assert they do *not* use
cache/artifacts (from free-tier runners).

We could restrict this to free-tier runners but these runners tag aren't
standardized, and AFAIK we can not (yet?) use the "ANY" word to "select
runners with any of this tag list". So far I noticed gitlab uses these:
- shared docker
- gce docker
- gitlab-org
- gitlab-org-docker

The last 2 are recent, and seem to help with the problem I reported
that some runners don't have Docker installed:
https://lists.gnu.org/archive/html/qemu-devel/2021-04/msg02213.html

Regards,

Phil.

Re: [RFC PATCH 0/5] Use ccache in the gitlab-CI

2021-04-14 Thread Stefan Hajnoczi 
On Wed, Apr 14, 2021 at 10:19:02AM +0200, Thomas Huth wrote:
> Here are some patches to enable ccache in the gitlab-CI. Using the
> compiler cache can speed up some of the jobs in the CI by avoiding
> to recompile the same sources again and again. With this patch series,
> some jobs indeed get quite a bit faster. For example "build-system-fedora"
> goes down from 29 minutes (https://gitlab.com/thuth/qemu/-/jobs/1168149051)
> to 12 minutes (https://gitlab.com/thuth/qemu/-/jobs/1175479324) in the
> best case.
> However, and that's why I've marked this series still as RFC, there
> are some jobs which refuse to improve much, for example the *-cfi-* jobs
> are still running for a long time, see e.g.:
> 
>  https://gitlab.com/thuth/qemu/-/jobs/1168149079 (50 minutes on master)
>  https://gitlab.com/thuth/qemu/-/jobs/1175479342 (43 minutes with ccache)
> 
> Thus the overall run time did not improve very much yet.
> 
> Additionally, the jobs are sometimes running even slower, e.g. if the
> cache has not been populated yet or if there are a lot of cache misses,
> and I've seen some jobs hitting the 60 min time limit because of this.
> And I've even seen two or three jobs failing intermittendly with a
> crashing test, e.g.:
> 
>  https://gitlab.com/thuth/qemu/-/jobs/1175479336
> 
> Not sure whether that's related to some bad caching of ccache, or
> whether it's something that also occurs on the master branch recently?
> Has anybody else experienced such a problem?

The GitLab CI cache implementation does not appear to be designed for
ccache because the files are saved in a cache.zip file and then
extracted again each time a job runs.

That is very inefficient for something like a 1 GiB ccache directory.

More details:
https://docs.gitlab.com/ee/ci/caching/#availability-of-the-cache

The GitLab CI cache feature in its current form just doesn't look
suitable for ccache.

I wonder if we can implement ccache differently on dedicated runners.
The ccache directory would really be shared (mounted within job
containers) without the additional cache.zip step to avoid wasting CPU
cycles compressing/decompressing and RAM with duplicated page cache.

Stefan


signature.asc
Description: PGP signature

Re: [RFC PATCH 5/5] gitlab-ci.d/crossbuilds.yml: Enable compilation with ccache

2021-04-14 Thread Philippe Mathieu-Daudé 
On 4/14/21 12:29 PM, Philippe Mathieu-Daudé wrote:
> On 4/14/21 10:19 AM, Thomas Huth wrote:
>> Ccache can speed up the compilation in some cases, so enable it for
>> our cross-compilation CI builds, too.
>>
>> Signed-off-by: Thomas Huth 
>> ---
>>  .gitlab-ci.d/crossbuilds.yml | 28 
>>  1 file changed, 28 insertions(+)
>>
>> diff --git a/.gitlab-ci.d/crossbuilds.yml b/.gitlab-ci.d/crossbuilds.yml
>> index 017731a894..dee327a936 100644
>> --- a/.gitlab-ci.d/crossbuilds.yml
>> +++ b/.gitlab-ci.d/crossbuilds.yml
>> @@ -1,4 +1,26 @@
>> +
>> +.ccache_cross_setup:
>> +  cache:
>> +key: "$CI_JOB_NAME"
>> +paths:
>> +  - ccache
> 
> I discovered last month the cache/artifact passing feature is useful
> when all runners are in the same premises, but when you used runner
> in different locations it become slower (except if all your runners
> are in very fast clouds probably).
> 
> Not a short term problem, but can hit us long term. I haven't looked
> if GitLab already figured how to manage this globally, like registering
> runners with affinity, or assigning them to pools.
> 
> If we decide to stick with the free-tier runners, then this is a great
> improvement.
> 
> For custom runners, a simple kludge is to assert they do *not* use
> cache/artifacts (from free-tier runners).
> 
> We could restrict this to free-tier runners but these runners tag aren't
> standardized, and AFAIK we can not (yet?) use the "ANY" word to "select
> runners with any of this tag list". So far I noticed gitlab uses these:
> - shared docker
> - gce docker
> - gitlab-org
> - gitlab-org-docker
> 
> The last 2 are recent, and seem to help with the problem I reported
> that some runners don't have Docker installed:
> https://lists.gnu.org/archive/html/qemu-devel/2021-04/msg02213.html

Actually found the doc for the last 2:
https://docs.gitlab.com/ee/user/gitlab_com/#linux-shared-runners

- gitlab-org-docker

All your CI/CD jobs run on n1-standard-1 instances with 3.75GB of RAM,
CoreOS and the latest Docker Engine installed. Instances provide 1 vCPU
and 25GB of HDD disk space. The default region of the VMs is US East1.
Each instance is used only for one job, this ensures any sensitive data
left on the system can’t be accessed by other people their CI jobs.

- gitlab-org

The gitlab-shared-runners-manager-X.gitlab.com fleet of runners are
dedicated for GitLab projects as well as community forks of them. They
use a slightly larger machine type (n1-standard-2) and have a bigger SSD
disk size. They don’t run untagged jobs and unlike the general fleet of
shared runners, the instances are re-used up to 40 times.

Re: [PATCH v2] vhost-user-blk: Fail gracefully on too large queue size

2021-04-14 Thread Stefan Hajnoczi 
On Tue, Apr 13, 2021 at 06:56:54PM +0200, Kevin Wolf wrote:
> virtio_add_queue() aborts when queue_size > VIRTQUEUE_MAX_SIZE, so
> vhost_user_blk_device_realize() should check this before calling it.
> 
> Simple reproducer:
> 
> qemu-system-x86_64 \
> -chardev null,id=foo \
> -device vhost-user-blk-pci,queue-size=4096,chardev=foo
> 
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935014
> Signed-off-by: Kevin Wolf 
> ---
>  hw/block/vhost-user-blk.c | 5 +
>  1 file changed, 5 insertions(+)

Reviewed-by: Stefan Hajnoczi 


signature.asc
Description: PGP signature

Re: [PATCH v2] target/s390x: Fix translation exception on illegal instruction

2021-04-14 Thread Cornelia Huck 
On Wed, 14 Apr 2021 12:27:03 +0200
Ilya Leoshkevich  wrote:

> On Wed, 2021-04-14 at 11:19 +0200, Ilya Leoshkevich wrote:
> > On Wed, 2021-04-14 at 10:38 +0200, Cornelia Huck wrote:  
> > > On Tue, 13 Apr 2021 18:52:57 +0200
> > > Ilya Leoshkevich  wrote:
> > >   
> > > > Hitting an uretprobe in a s390x TCG guest causes a SIGSEGV. What
> > > > happens is:
> > > > 
> > > > * uretprobe maps a userspace page containing an invalid
> > > > instruction.
> > > > * uretprobe replaces the target function's return address with the
> > > >   address of that page.
> > > > * When tb_gen_code() is called on that page, tb->size ends up being
> > > > 0
> > > >   (because the page starts with the invalid instruction), which
> > > > causes
> > > >   virt_page2 to point to the previous page.
> > > > * The previous page is not mapped, so this causes a spurious
> > > >   translation exception.
> > > > 
> > > > The bug is that tb->size must never be 0: even if there is an
> > > > illegal
> > > > instruction, the instruction bytes that have been looked at must
> > > > count
> > > > towards tb->size. So adjust s390x's translate_one() to act this way
> > > > for both illegal instructions and instructions that are known to
> > > > generate exceptions.
> > > > 
> > > > Also add an assertion to tb_gen_code() in order to detect such
> > > > situations in future.
> > > > 
> > > > Signed-off-by: Ilya Leoshkevich 
> > > > ---
> > > > 
> > > > v1: 
> > > > https://lists.nongnu.org/archive/html/qemu-devel/2021-04/msg02037.html
> > > > v1 -> v2: Fix target/s390x instead of trying to tolerate tb->size
> > > > == 0
> > > >   in tb_gen_code().
> > > > 
> > > >  accel/tcg/translate-all.c |  1 +
> > > >  target/s390x/translate.c  | 16 +++-
> > > >  2 files changed, 12 insertions(+), 5 deletions(-)  
> > > 
> > > I assume this bug is not usually hit during normal usage, right? It's
> > > probably not release critical, so I'll line it up for 6.1 instead.  
> > 
> > Yes, I saw it only with uprobes, and then it leads only to a process
> > crash, not to a kernel crash. Thanks!  
> 
> Seems like the new assertion triggers on ARM:
> 
> https://gitlab.com/cohuck/qemu/-/jobs/1178409450

Yep, I just wanted to make sure it was this patch before complaining :)

> 
> What are the rules in s390x-next-staging, can we amend the patch, or
> only commit a follow-up? 

-staging is before I merge properly, so no problem folding something in.

> In either case, I think we'll need something
> like this (untested):
> 
> --- a/target/arm/translate.c
> +++ b/target/arm/translate.c
> @@ -9060,6 +9060,7 @@ static void
> arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
>  unsigned int insn;
>  
>  if (arm_pre_translate_insn(dc)) {
> +dc->base.pc_next += 4;
>  return;
>  }
> 
> 
> I'm currently trying to debug this in more detail and test the fix.
>

Re: [PATCH] ratelimit: protect with a mutex

2021-04-14 Thread Stefan Hajnoczi 
On Tue, Apr 13, 2021 at 02:55:33PM +0200, Paolo Bonzini wrote:
> Right now, rate limiting is protected by the AioContext mutex, which is
> taken for example both by the block jobs and by qmp_block_job_set_speed
> (via find_block_job).
> 
> We would like to remove the dependency of block layer code on the
> AioContext mutex, since most drivers and the core I/O code are already
> not relying on it.  However, there is no existing lock that can easily
> be taken by both ratelimit_set_speed and ratelimit_calculate_delay,
> especially because the latter might run in coroutine context (and
> therefore under a CoMutex) but the former will not.
> 
> Since concurrent calls to ratelimit_calculate_delay are not possible,
> one idea could be to use a seqlock to get a snapshot of slice_ns and
> slice_quota.  But for now keep it simple, and just add a mutex to the
> RateLimit struct; block jobs are generally not performance critical to
> the point of optimizing the clock cycles spent in synchronization.
> 
> This also requires the introduction of init/destroy functions, so
> add them to the two users of ratelimit.h.
> 
> Signed-off-by: Paolo Bonzini 
> ---
>  block/block-copy.c   |  2 ++
>  blockjob.c   |  3 +++
>  include/qemu/ratelimit.h | 14 ++
>  3 files changed, 19 insertions(+)

Reviewed-by: Stefan Hajnoczi 


signature.asc
Description: PGP signature

Re: [PATCH v2] target/s390x: Fix translation exception on illegal instruction

2021-04-14 Thread Cornelia Huck 
On Wed, 14 Apr 2021 12:39:36 +0200
Cornelia Huck  wrote:

> On Wed, 14 Apr 2021 12:27:03 +0200
> Ilya Leoshkevich  wrote:
> 
> > On Wed, 2021-04-14 at 11:19 +0200, Ilya Leoshkevich wrote:  
> > > On Wed, 2021-04-14 at 10:38 +0200, Cornelia Huck wrote:
> > > > On Tue, 13 Apr 2021 18:52:57 +0200
> > > > Ilya Leoshkevich  wrote:
> > > > 
> > > > > Hitting an uretprobe in a s390x TCG guest causes a SIGSEGV. What
> > > > > happens is:
> > > > > 
> > > > > * uretprobe maps a userspace page containing an invalid
> > > > > instruction.
> > > > > * uretprobe replaces the target function's return address with the
> > > > >   address of that page.
> > > > > * When tb_gen_code() is called on that page, tb->size ends up being
> > > > > 0
> > > > >   (because the page starts with the invalid instruction), which
> > > > > causes
> > > > >   virt_page2 to point to the previous page.
> > > > > * The previous page is not mapped, so this causes a spurious
> > > > >   translation exception.
> > > > > 
> > > > > The bug is that tb->size must never be 0: even if there is an
> > > > > illegal
> > > > > instruction, the instruction bytes that have been looked at must
> > > > > count
> > > > > towards tb->size. So adjust s390x's translate_one() to act this way
> > > > > for both illegal instructions and instructions that are known to
> > > > > generate exceptions.
> > > > > 
> > > > > Also add an assertion to tb_gen_code() in order to detect such
> > > > > situations in future.
> > > > > 
> > > > > Signed-off-by: Ilya Leoshkevich 
> > > > > ---
> > > > > 
> > > > > v1: 
> > > > > https://lists.nongnu.org/archive/html/qemu-devel/2021-04/msg02037.html
> > > > > v1 -> v2: Fix target/s390x instead of trying to tolerate tb->size
> > > > > == 0
> > > > >   in tb_gen_code().
> > > > > 
> > > > >  accel/tcg/translate-all.c |  1 +
> > > > >  target/s390x/translate.c  | 16 +++-
> > > > >  2 files changed, 12 insertions(+), 5 deletions(-)
> > > > 
> > > > I assume this bug is not usually hit during normal usage, right? It's
> > > > probably not release critical, so I'll line it up for 6.1 instead.
> > > 
> > > Yes, I saw it only with uprobes, and then it leads only to a process
> > > crash, not to a kernel crash. Thanks!
> > 
> > Seems like the new assertion triggers on ARM:
> > 
> > https://gitlab.com/cohuck/qemu/-/jobs/1178409450  
> 
> Yep, I just wanted to make sure it was this patch before complaining :)
> 
> > 
> > What are the rules in s390x-next-staging, can we amend the patch, or
> > only commit a follow-up?   
> 
> -staging is before I merge properly, so no problem folding something in.
> 
> > In either case, I think we'll need something
> > like this (untested):
> > 
> > --- a/target/arm/translate.c
> > +++ b/target/arm/translate.c
> > @@ -9060,6 +9060,7 @@ static void
> > arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
> >  unsigned int insn;
> >  
> >  if (arm_pre_translate_insn(dc)) {
> > +dc->base.pc_next += 4;
> >  return;
> >  }
> > 
> > 
> > I'm currently trying to debug this in more detail and test the fix.
> >   
> 

I'm also seeing a problem on xtensa
(https://gitlab.com/cohuck/qemu/-/jobs/1178409540), but not sure if it
is related to this patch, or more general flakiness.

[PATCH] hw/elf_ops: clear uninitialized segment space

2021-04-14 Thread Laurent Vivier 
When the mem_size of the segment is bigger than the file_size,
and if this space doesn't overlap another segment, it needs
to be cleared.

This bug is very similar to the one we had for linux-user,
22d113b52f41 ("linux-user: Fix loading of BSS segments"),
where .bss section is encoded as an extension of the the data
one by setting the segment p_memsz > p_filesz.

Signed-off-by: Laurent Vivier 
---
 include/hw/elf_ops.h | 17 +
 1 file changed, 17 insertions(+)

diff --git a/include/hw/elf_ops.h b/include/hw/elf_ops.h
index 6ee458e7bc3c..e3dcee3ee349 100644
--- a/include/hw/elf_ops.h
+++ b/include/hw/elf_ops.h
@@ -562,6 +562,23 @@ static int glue(load_elf, SZ)(const char *name, int fd,
 if (res != MEMTX_OK) {
 goto fail;
 }
+/*
+ * We need to zero'ify the space that is not copied
+ * from file
+ */
+if (file_size < mem_size) {
+static uint8_t zero[4096];
+uint64_t i;
+for (i = file_size; i < mem_size; i += sizeof(zero)) {
+res = address_space_write(
+ as ? as : &address_space_memory,
+ addr + i, MEMTXATTRS_UNSPECIFIED,
+ zero, MIN(sizeof(zero), mem_size - 
i));
+if (res != MEMTX_OK) {
+goto fail;
+}
+}
+}
 }
 }
 
-- 
2.30.2

Re: [PATCH] tests/tcg: Run tests on arch variants again

2021-04-14 Thread Alex Bennée 


Philippe Mathieu-Daudé  writes:

> We used to run the TCG tests for various QEMU targets, but at
> some points it got restricted to base directories in tests/tcg/.
> For example, armeb/mipsel/mips64/... targets are currently skipped.
>
> The configuration Makefiles in default-configs/targets/ provide all
> the required information, in particular TARGET_BASE_ARCH.
>
> Source the target default-configs.mak and optionally process the
> TARGET_ARCH / TARGET_BASE_ARCH Makefiles (if these variables differ
> from TARGET_NAME).
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  tests/tcg/Makefile.target | 27 +++
>  1 file changed, 27 insertions(+)
>
> diff --git a/tests/tcg/Makefile.target b/tests/tcg/Makefile.target
> index 24d75a5801f..677b247328f 100644
> --- a/tests/tcg/Makefile.target
> +++ b/tests/tcg/Makefile.target
> @@ -85,6 +85,10 @@ TIMEOUT=15
>  endif
>  
>  ifdef CONFIG_USER_ONLY
> +
> +# FIXME bsd-user?
> +include $(SRC_PATH)/default-configs/targets/$(TARGET_NAME)-linux-user.mak
> +
>  # The order we include is important. We include multiarch first and
>  # then the target. If there are common tests shared between
>  # sub-targets (e.g. ARM & AArch64) then it is up to
> @@ -92,6 +96,16 @@ ifdef CONFIG_USER_ONLY
>  # architecture in its VPATH.
>  -include $(SRC_PATH)/tests/tcg/multiarch/Makefile.target
>  -include $(SRC_PATH)/tests/tcg/$(TARGET_NAME)/Makefile.target
> +ifneq ($(TARGET_ARCH),)
> +ifneq ($(TARGET_ARCH),$(TARGET_NAME))
> +-include $(SRC_PATH)/tests/tcg/$(TARGET_ARCH)/Makefile.target
> +endif
> +endif
> +ifneq ($(TARGET_BASE_ARCH),)
> +ifneq ($(TARGET_BASE_ARCH),$(TARGET_ARCH))
> +-include $(SRC_PATH)/tests/tcg/$(TARGET_BASE_ARCH)/Makefile.target
> +endif
> +endif

This then breaks things like aarch64-linux-user semihosting tests
because we end up overriding semihosting CFLAGS:

  subprocess.CalledProcessError: Command '['docker', 'run', '--rm', '--label', 
'com.qemu.instance.uuid=34c4dca59b4f4f368fcc75f25e6b79d8', '-u', '1000', '-w', 
'/home/alex/lsrc/qemu.git/builds/user.static/tests/tcg/aarch64-linux-user', 
'-v', 
'/home/alex/lsrc/qemu.git/builds/user.static/tests/tcg/aarch64-linux-user:/home/alex/lsrc/qemu.git/builds/user.static/tests/tcg/aarch64-linux-user:rw',
 '-v', '/home/alex/lsrc/qemu.git:/home/alex/lsrc/qemu.git:ro,z', 
'qemu/debian-arm64-test-cross', 'aarch64-linux-gnu-gcc-10', '-Wall', '-Werror', 
'-O0', '-g', '-fno-strict-aliasing', 
'-I/home/alex/lsrc/qemu.git/tests/tcg/aarch64', '-mthumb', 
'/home/alex/lsrc/qemu.git/tests/tcg/multiarch/arm-compat-semi/semihosting.c', 
'-o', 'semihosting', '-static']' returned non-zero exit status 1.
  filter=--filter=label=com.qemu.instance.uuid=34c4dca59b4f4f368fcc75f25e6b79d8
  make[2]: *** [../Makefile.target:120: semihosting] Error 1
  make[1]: *** [/home/alex/lsrc/qemu.git/tests/tcg/Makefile.qemu:64: 
docker-build-guest-tests] Error 2
  make: *** [/home/alex/lsrc/qemu.git/tests/Makefile.include:56: 
build-tcg-tests-aarch64-linux-user] Error 2

We should at least be able to run multiarch tests for all these other
arches if we have the right compilers for them.

I'm untangling configure.sh at the moment because I'm not quite sure
what the current "arches" variable in there is trying to achieve.

-- 
Alex Bennée

[Bug 1809665] Re: Xbox One controller USB passthrough disconnections and stops

2021-04-14 Thread Saverio Miroddi 
Still an issue as of QEMU 6.0.0rc2.

I can't (still) exclude that it's an issue on the host side, although,
when it comes to USB passthrough, I don't have issues with similar
devices (mice, keyboards etc.).

The module blacklist workaround works.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1809665

Title:
  Xbox One controller USB passthrough disconnections and stops

Status in QEMU:
  New

Bug description:
  I can't properly passthrough my Xbox One controller to a virtual
  machine; it causes USB disconnections on the host, ultimately
  preventing it to work (at all) on the guest

  I've seen a few other cases reported in other websites, which show the
  same symptoms:

  - https://www.reddit.com/r/VFIO/comments/97dhbw/qemu_w10_xbox_one_controller
  - 
https://unix.stackexchange.com/questions/452751/how-can-i-pass-through-an-xbox-one-controller-to-a-windows-vm-on-ubuntu

  This is sample:

  libusb: error [udev_hotplug_event] ignoring udev action bind
  qemu-system-x86_64: libusb_release_interface: -4 [NO_DEVICE]
  qemu-system-x86_64: libusb_release_interface: -4 [NO_DEVICE]
  qemu-system-x86_64: libusb_release_interface: -4 [NO_DEVICE]
  libusb: error [_get_usbfs_fd] File doesn't exist, wait 10 ms and try again
  libusb: error [_get_usbfs_fd] libusb couldn't open USB device
  /dev/bus/usb/003/016: No such file or directory

  I think this is a quite long-standing issue, as I've been experiencing
  through several versions, including the current one (3.1).

  I can reproduce this 100% of the times, on multiple host O/S
  distributions (the current one being based on Ubuntu 18.04 x86-64).

  I compile QEMU directly from source, and execute it via commandline;
  the command is very long, however, the relevant part is standard (I
  think):

  -usb \
  -device usb-tablet \
  -device 
usb-host,vendorid=0x$VGAPT_XBOX_PAD_VEND_ID,productid=0x$VGAPT_XBOX_PAD_PROD_ID 
\

  The guest is Windows 10 64bit.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1809665/+subscriptions

[PATCH for-6.1 0/4] Poison more CONFIG switches

2021-04-14 Thread Thomas Huth 
Using target-specific CONFIG_xxx switches in common code via "#ifdef"s
is wrong, since these macros are only defined for target-specific code.
We already poison many switches in common code to avoid the bugs with
dead code here, but these problems still keep creeping in ...
This series now improves the situation by poisoning more symbols,
especially by generating these from the target-specific config headers
automatically.

Thomas Huth (4):
  include/sysemu: Poison all accelerator CONFIG switches in common code
  migration: Move populate_vfio_info() into a separate file
  qapi/qom.json: Do not use CONFIG_VIRTIO_CRYPTO in common code
  configure: Poison all current target-specific #defines

 Makefile  |  2 +-
 configure |  5 +
 include/exec/poison.h |  6 ++
 include/sysemu/hax.h  |  4 
 include/sysemu/hvf.h  |  4 
 include/sysemu/whpx.h |  4 
 migration/meson.build |  3 ++-
 migration/migration.c | 15 ---
 migration/migration.h |  2 ++
 migration/target.c| 25 +
 qapi/qom.json |  4 ++--
 11 files changed, 55 insertions(+), 19 deletions(-)
 create mode 100644 migration/target.c

-- 
2.27.0

[PATCH for-6.1 1/4] include/sysemu: Poison all accelerator CONFIG switches in common code

2021-04-14 Thread Thomas Huth 
We are already poisoning CONFIG_KVM since this switch is not working
in common code. Do the same with the other accelerator switches, too
(except for CONFIG_TCG, which is special, since it is also defined in
config-host.h).

Signed-off-by: Thomas Huth 
---
 include/exec/poison.h | 4 
 include/sysemu/hax.h  | 4 
 include/sysemu/hvf.h  | 4 
 include/sysemu/whpx.h | 4 
 4 files changed, 16 insertions(+)

diff --git a/include/exec/poison.h b/include/exec/poison.h
index 4cd3f8abb4..3250fc1d52 100644
--- a/include/exec/poison.h
+++ b/include/exec/poison.h
@@ -88,8 +88,12 @@
 #pragma GCC poison CONFIG_SPARC_DIS
 #pragma GCC poison CONFIG_XTENSA_DIS
 
+#pragma GCC poison CONFIG_HAX
+#pragma GCC poison CONFIG_HVF
 #pragma GCC poison CONFIG_LINUX_USER
 #pragma GCC poison CONFIG_KVM
 #pragma GCC poison CONFIG_SOFTMMU
+#pragma GCC poison CONFIG_WHPX
+#pragma GCC poison CONFIG_XEN
 
 #endif
diff --git a/include/sysemu/hax.h b/include/sysemu/hax.h
index 12fb54f990..247f0661d1 100644
--- a/include/sysemu/hax.h
+++ b/include/sysemu/hax.h
@@ -24,6 +24,8 @@
 
 int hax_sync_vcpus(void);
 
+#ifdef NEED_CPU_H
+
 #ifdef CONFIG_HAX
 
 int hax_enabled(void);
@@ -34,4 +36,6 @@ int hax_enabled(void);
 
 #endif /* CONFIG_HAX */
 
+#endif /* NEED_CPU_H */
+
 #endif /* QEMU_HAX_H */
diff --git a/include/sysemu/hvf.h b/include/sysemu/hvf.h
index c98636bc81..bb70082e45 100644
--- a/include/sysemu/hvf.h
+++ b/include/sysemu/hvf.h
@@ -16,6 +16,8 @@
 #include "qemu/accel.h"
 #include "qom/object.h"
 
+#ifdef NEED_CPU_H
+
 #ifdef CONFIG_HVF
 uint32_t hvf_get_supported_cpuid(uint32_t func, uint32_t idx,
  int reg);
@@ -26,6 +28,8 @@ extern bool hvf_allowed;
 #define hvf_get_supported_cpuid(func, idx, reg) 0
 #endif /* !CONFIG_HVF */
 
+#endif /* NEED_CPU_H */
+
 #define TYPE_HVF_ACCEL ACCEL_CLASS_NAME("hvf")
 
 typedef struct HVFState HVFState;
diff --git a/include/sysemu/whpx.h b/include/sysemu/whpx.h
index 8ca1c1c4ac..2889fa2278 100644
--- a/include/sysemu/whpx.h
+++ b/include/sysemu/whpx.h
@@ -13,6 +13,8 @@
 #ifndef QEMU_WHPX_H
 #define QEMU_WHPX_H
 
+#ifdef NEED_CPU_H
+
 #ifdef CONFIG_WHPX
 
 int whpx_enabled(void);
@@ -25,4 +27,6 @@ bool whpx_apic_in_platform(void);
 
 #endif /* CONFIG_WHPX */
 
+#endif /* NEED_CPU_H */
+
 #endif /* QEMU_WHPX_H */
-- 
2.27.0

[PATCH for-6.1 3/4] qapi/qom.json: Do not use CONFIG_VIRTIO_CRYPTO in common code

2021-04-14 Thread Thomas Huth 
The ObjectType enum and ObjectOptions are included from qapi-types-qom.h
into common code. We should not use target-specific config switches like
CONFIG_VIRTIO_CRYPTO here, since this is not defined in common code and
thus the enum will look differently between common and target specific
code. For this case, it's hopefully enough to check for CONFIG_VHOST_CRYPTO
only (which is a host specific config switch, i.e. it's the same on all
targets).

Signed-off-by: Thomas Huth 
---
 qapi/qom.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/qapi/qom.json b/qapi/qom.json
index db5ac419b1..cd0e76d564 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
@@ -752,7 +752,7 @@
 'cryptodev-backend',
 'cryptodev-backend-builtin',
 { 'name': 'cryptodev-vhost-user',
-  'if': 'defined(CONFIG_VIRTIO_CRYPTO) && defined(CONFIG_VHOST_CRYPTO)' },
+  'if': 'defined(CONFIG_VHOST_CRYPTO)' },
 'dbus-vmstate',
 'filter-buffer',
 'filter-dump',
@@ -809,7 +809,7 @@
   'cryptodev-backend':  'CryptodevBackendProperties',
   'cryptodev-backend-builtin':  'CryptodevBackendProperties',
   'cryptodev-vhost-user':   { 'type': 'CryptodevVhostUserProperties',
-  'if': 'defined(CONFIG_VIRTIO_CRYPTO) && 
defined(CONFIG_VHOST_CRYPTO)' },
+  'if': 'defined(CONFIG_VHOST_CRYPTO)' },
   'dbus-vmstate':   'DBusVMStateProperties',
   'filter-buffer':  'FilterBufferProperties',
   'filter-dump':'FilterDumpProperties',
-- 
2.27.0

[PATCH for-6.1 4/4] configure: Poison all current target-specific #defines

2021-04-14 Thread Thomas Huth 
We are generating a lot of target-specific defines in the *-config-devices.h
and *-config-target.h files. Using them in common code is wrong and leads
to very subtle bugs since a "#ifdef CONFIG_SOMETHING" is not working there
as expected. To avoid these issues, we are already poisoning many of the
macros in include/exec/poison.h - but it's cumbersome to maintain this
list manually. Thus let's generate an additional list of poisoned macros
automatically from the current config switches - this should give us a
much better test coverage via the different CI configurations.

Note that CONFIG_TCG (which is also defined in config-host.h) and
CONFIG_USER_ONLY are special, so we have to filter these out.

Signed-off-by: Thomas Huth 
---
 Makefile  | 2 +-
 configure | 5 +
 include/exec/poison.h | 2 ++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index bcbbec71a1..4cab10a2a4 100644
--- a/Makefile
+++ b/Makefile
@@ -213,7 +213,7 @@ qemu-%.tar.bz2:
 
 distclean: clean
-$(quiet-@)test -f build.ninja && $(NINJA) $(NINJAFLAGS) -t clean -g || 
:
-   rm -f config-host.mak config-host.h*
+   rm -f config-host.mak config-host.h* config-poison.h
rm -f tests/tcg/config-*.mak
rm -f config-all-disas.mak config.status
rm -f roms/seabios/config.mak roms/vgabios/config.mak
diff --git a/configure b/configure
index 4f374b4889..a0f0601e7e 100755
--- a/configure
+++ b/configure
@@ -6440,6 +6440,11 @@ if test -n "${deprecated_features}"; then
 echo "  features: ${deprecated_features}"
 fi
 
+sed -n -e '/CONFIG_TCG/d' -e '/CONFIG_USER_ONLY/d' \
+-e '/^#define / { s///; s/ .*//; s/^/#pragma GCC poison /p; }' \
+*-config-devices.h *-config-target.h | \
+sort -u > config-poison.h
+
 # Save the configure command line for later reuse.
 cat

[PATCH for-6.1 2/4] migration: Move populate_vfio_info() into a separate file

2021-04-14 Thread Thomas Huth 
The CONFIG_VFIO switch only works in target specific code. Since
migration/migration.c is common code, the #ifdef does not have
the intended behavior here. Move the related code to a separate
file now which gets compiled via specific_ss instead.

Fixes: 3710586caa ("qapi: Add VFIO devices migration stats in Migration stats")
Signed-off-by: Thomas Huth 
---
 migration/meson.build |  3 ++-
 migration/migration.c | 15 ---
 migration/migration.h |  2 ++
 migration/target.c| 25 +
 4 files changed, 29 insertions(+), 16 deletions(-)
 create mode 100644 migration/target.c

diff --git a/migration/meson.build b/migration/meson.build
index 3ecedce94d..f8714dcb15 100644
--- a/migration/meson.build
+++ b/migration/meson.build
@@ -31,4 +31,5 @@ softmmu_ss.add(when: ['CONFIG_RDMA', rdma], if_true: 
files('rdma.c'))
 softmmu_ss.add(when: 'CONFIG_LIVE_BLOCK_MIGRATION', if_true: files('block.c'))
 softmmu_ss.add(when: zstd, if_true: files('multifd-zstd.c'))
 
-specific_ss.add(when: 'CONFIG_SOFTMMU', if_true: files('dirtyrate.c', 'ram.c'))
+specific_ss.add(when: 'CONFIG_SOFTMMU',
+if_true: files('dirtyrate.c', 'ram.c', 'target.c'))
diff --git a/migration/migration.c b/migration/migration.c
index 8ca034136b..db8c378079 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -60,10 +60,6 @@
 #include "qemu/yank.h"
 #include "sysemu/cpus.h"
 
-#ifdef CONFIG_VFIO
-#include "hw/vfio/vfio-common.h"
-#endif
-
 #define MAX_THROTTLE  (128 << 20)  /* Migration transfer speed throttling 
*/
 
 /* Amount of time to allocate to each "chunk" of bandwidth-throttled
@@ -1059,17 +1055,6 @@ static void populate_disk_info(MigrationInfo *info)
 }
 }
 
-static void populate_vfio_info(MigrationInfo *info)
-{
-#ifdef CONFIG_VFIO
-if (vfio_mig_active()) {
-info->has_vfio = true;
-info->vfio = g_malloc0(sizeof(*info->vfio));
-info->vfio->transferred = vfio_mig_bytes_transferred();
-}
-#endif
-}
-
 static void fill_source_migration_info(MigrationInfo *info)
 {
 MigrationState *s = migrate_get_current();
diff --git a/migration/migration.h b/migration/migration.h
index db6708326b..2730fa05c0 100644
--- a/migration/migration.h
+++ b/migration/migration.h
@@ -376,4 +376,6 @@ void migration_make_urgent_request(void);
 void migration_consume_urgent_request(void);
 bool migration_rate_limit(void);
 
+void populate_vfio_info(MigrationInfo *info);
+
 #endif
diff --git a/migration/target.c b/migration/target.c
new file mode 100644
index 00..907ebf0a0a
--- /dev/null
+++ b/migration/target.c
@@ -0,0 +1,25 @@
+/*
+ * QEMU live migration - functions that need to be compiled target-specific
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2
+ * or (at your option) any later version.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/qapi-types-migration.h"
+#include "migration.h"
+
+#ifdef CONFIG_VFIO
+#include "hw/vfio/vfio-common.h"
+#endif
+
+void populate_vfio_info(MigrationInfo *info)
+{
+#ifdef CONFIG_VFIO
+if (vfio_mig_active()) {
+info->has_vfio = true;
+info->vfio = g_malloc0(sizeof(*info->vfio));
+info->vfio->transferred = vfio_mig_bytes_transferred();
+}
+#endif
+}
-- 
2.27.0

Re: [PATCH] ratelimit: protect with a mutex

2021-04-14 Thread Emanuele Giuseppe Esposito 




On 13/04/2021 14:55, Paolo Bonzini wrote:

Right now, rate limiting is protected by the AioContext mutex, which is
taken for example both by the block jobs and by qmp_block_job_set_speed
(via find_block_job).

We would like to remove the dependency of block layer code on the
AioContext mutex, since most drivers and the core I/O code are already
not relying on it.  However, there is no existing lock that can easily
be taken by both ratelimit_set_speed and ratelimit_calculate_delay,
especially because the latter might run in coroutine context (and
therefore under a CoMutex) but the former will not.

Since concurrent calls to ratelimit_calculate_delay are not possible,
one idea could be to use a seqlock to get a snapshot of slice_ns and
slice_quota.  But for now keep it simple, and just add a mutex to the
RateLimit struct; block jobs are generally not performance critical to
the point of optimizing the clock cycles spent in synchronization.

This also requires the introduction of init/destroy functions, so
add them to the two users of ratelimit.h.

Signed-off-by: Paolo Bonzini 
---
  block/block-copy.c   |  2 ++
  blockjob.c   |  3 +++
  include/qemu/ratelimit.h | 14 ++
  3 files changed, 19 insertions(+)

diff --git a/block/block-copy.c b/block/block-copy.c
index 39ae481c8b..9b4af00614 100644
--- a/block/block-copy.c
+++ b/block/block-copy.c
@@ -230,6 +230,7 @@ void block_copy_state_free(BlockCopyState *s)
  return;
  }
  
+ratelimit_destroy(&s->rate_limit);

  bdrv_release_dirty_bitmap(s->copy_bitmap);
  shres_destroy(s->mem);
  g_free(s);
@@ -289,6 +290,7 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, 
BdrvChild *target,
  s->copy_size = MAX(s->cluster_size, BLOCK_COPY_MAX_BUFFER);
  }
  
+ratelimit_init(&s->rate_limit);

  QLIST_INIT(&s->tasks);
  QLIST_INIT(&s->calls);
  
diff --git a/blockjob.c b/blockjob.c

index 207e8c7fd9..46f15befe8 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -87,6 +87,7 @@ void block_job_free(Job *job)
  
  block_job_remove_all_bdrv(bjob);

  blk_unref(bjob->blk);
+ratelimit_destroy(&bjob->limit);
  error_free(bjob->blocker);
  }
  
@@ -435,6 +436,8 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver,

  assert(job->job.driver->free == &block_job_free);
  assert(job->job.driver->user_resume == &block_job_user_resume);
  
+ratelimit_init(&job->limit);

+
  job->blk = blk;
  
  job->finalize_cancelled_notifier.notify = block_job_event_cancelled;

diff --git a/include/qemu/ratelimit.h b/include/qemu/ratelimit.h
index 01da8d63f1..003ea6d5a3 100644
--- a/include/qemu/ratelimit.h
+++ b/include/qemu/ratelimit.h
@@ -14,9 +14,11 @@
  #ifndef QEMU_RATELIMIT_H
  #define QEMU_RATELIMIT_H
  
+#include "qemu/lockable.h"

  #include "qemu/timer.h"
  
  typedef struct {

+QemuMutex lock;
  int64_t slice_start_time;
  int64_t slice_end_time;
  uint64_t slice_quota;
@@ -40,6 +42,7 @@ static inline int64_t ratelimit_calculate_delay(RateLimit 
*limit, uint64_t n)
  int64_t now = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
  double delay_slices;
  
+QEMU_LOCK_GUARD(&limit->lock);

  assert(limit->slice_quota && limit->slice_ns);
  
  if (limit->slice_end_time < now) {

@@ -65,9 +68,20 @@ static inline int64_t ratelimit_calculate_delay(RateLimit 
*limit, uint64_t n)
  return limit->slice_end_time - now;
  }
  
+static inline void ratelimit_init(RateLimit *limit)

+{
+qemu_mutex_init(&limit->lock);
+}
+
+static inline void ratelimit_destroy(RateLimit *limit)
+{
+qemu_mutex_destroy(&limit->lock);
+}
+
  static inline void ratelimit_set_speed(RateLimit *limit, uint64_t speed,
 uint64_t slice_ns)
  {
+QEMU_LOCK_GUARD(&limit->lock);
  limit->slice_ns = slice_ns;
  limit->slice_quota = MAX(((double)speed * slice_ns) / 10ULL, 1);
  }



Reviewed-by: Emanuele Giuseppe Esposito

[RFC v13 01/80] target/arm: move translate modules to tcg/

2021-04-14 Thread Claudio Fontana 
Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Reviewed-by: Alex Bennée 
---
 target/arm/{ => tcg}/translate-a64.h  |  0
 target/arm/{ => tcg}/translate.h  |  0
 target/arm/{ => tcg}/a32-uncond.decode|  0
 target/arm/{ => tcg}/a32.decode   |  0
 target/arm/{ => tcg}/m-nocp.decode|  0
 target/arm/{ => tcg}/neon-dp.decode   |  0
 target/arm/{ => tcg}/neon-ls.decode   |  0
 target/arm/{ => tcg}/neon-shared.decode   |  0
 target/arm/{ => tcg}/sve.decode   |  0
 target/arm/{ => tcg}/t16.decode   |  0
 target/arm/{ => tcg}/t32.decode   |  0
 target/arm/{ => tcg}/vfp-uncond.decode|  0
 target/arm/{ => tcg}/vfp.decode   |  0
 target/arm/{ => tcg}/translate-a64.c  |  0
 target/arm/{ => tcg}/translate-sve.c  |  0
 target/arm/{ => tcg}/translate.c  |  0
 target/arm/{ => tcg}/translate-neon.c.inc |  0
 target/arm/{ => tcg}/translate-vfp.c.inc  |  0
 target/arm/meson.build| 20 ++-
 target/arm/tcg/meson.build| 24 +++
 20 files changed, 26 insertions(+), 18 deletions(-)
 rename target/arm/{ => tcg}/translate-a64.h (100%)
 rename target/arm/{ => tcg}/translate.h (100%)
 rename target/arm/{ => tcg}/a32-uncond.decode (100%)
 rename target/arm/{ => tcg}/a32.decode (100%)
 rename target/arm/{ => tcg}/m-nocp.decode (100%)
 rename target/arm/{ => tcg}/neon-dp.decode (100%)
 rename target/arm/{ => tcg}/neon-ls.decode (100%)
 rename target/arm/{ => tcg}/neon-shared.decode (100%)
 rename target/arm/{ => tcg}/sve.decode (100%)
 rename target/arm/{ => tcg}/t16.decode (100%)
 rename target/arm/{ => tcg}/t32.decode (100%)
 rename target/arm/{ => tcg}/vfp-uncond.decode (100%)
 rename target/arm/{ => tcg}/vfp.decode (100%)
 rename target/arm/{ => tcg}/translate-a64.c (100%)
 rename target/arm/{ => tcg}/translate-sve.c (100%)
 rename target/arm/{ => tcg}/translate.c (100%)
 rename target/arm/{ => tcg}/translate-neon.c.inc (100%)
 rename target/arm/{ => tcg}/translate-vfp.c.inc (100%)
 create mode 100644 target/arm/tcg/meson.build

diff --git a/target/arm/translate-a64.h b/target/arm/tcg/translate-a64.h
similarity index 100%
rename from target/arm/translate-a64.h
rename to target/arm/tcg/translate-a64.h
diff --git a/target/arm/translate.h b/target/arm/tcg/translate.h
similarity index 100%
rename from target/arm/translate.h
rename to target/arm/tcg/translate.h
diff --git a/target/arm/a32-uncond.decode b/target/arm/tcg/a32-uncond.decode
similarity index 100%
rename from target/arm/a32-uncond.decode
rename to target/arm/tcg/a32-uncond.decode
diff --git a/target/arm/a32.decode b/target/arm/tcg/a32.decode
similarity index 100%
rename from target/arm/a32.decode
rename to target/arm/tcg/a32.decode
diff --git a/target/arm/m-nocp.decode b/target/arm/tcg/m-nocp.decode
similarity index 100%
rename from target/arm/m-nocp.decode
rename to target/arm/tcg/m-nocp.decode
diff --git a/target/arm/neon-dp.decode b/target/arm/tcg/neon-dp.decode
similarity index 100%
rename from target/arm/neon-dp.decode
rename to target/arm/tcg/neon-dp.decode
diff --git a/target/arm/neon-ls.decode b/target/arm/tcg/neon-ls.decode
similarity index 100%
rename from target/arm/neon-ls.decode
rename to target/arm/tcg/neon-ls.decode
diff --git a/target/arm/neon-shared.decode b/target/arm/tcg/neon-shared.decode
similarity index 100%
rename from target/arm/neon-shared.decode
rename to target/arm/tcg/neon-shared.decode
diff --git a/target/arm/sve.decode b/target/arm/tcg/sve.decode
similarity index 100%
rename from target/arm/sve.decode
rename to target/arm/tcg/sve.decode
diff --git a/target/arm/t16.decode b/target/arm/tcg/t16.decode
similarity index 100%
rename from target/arm/t16.decode
rename to target/arm/tcg/t16.decode
diff --git a/target/arm/t32.decode b/target/arm/tcg/t32.decode
similarity index 100%
rename from target/arm/t32.decode
rename to target/arm/tcg/t32.decode
diff --git a/target/arm/vfp-uncond.decode b/target/arm/tcg/vfp-uncond.decode
similarity index 100%
rename from target/arm/vfp-uncond.decode
rename to target/arm/tcg/vfp-uncond.decode
diff --git a/target/arm/vfp.decode b/target/arm/tcg/vfp.decode
similarity index 100%
rename from target/arm/vfp.decode
rename to target/arm/tcg/vfp.decode
diff --git a/target/arm/translate-a64.c b/target/arm/tcg/translate-a64.c
similarity index 100%
rename from target/arm/translate-a64.c
rename to target/arm/tcg/translate-a64.c
diff --git a/target/arm/translate-sve.c b/target/arm/tcg/translate-sve.c
similarity index 100%
rename from target/arm/translate-sve.c
rename to target/arm/tcg/translate-sve.c
diff --git a/target/arm/translate.c b/target/arm/tcg/translate.c
similarity index 100%
rename from target/arm/translate.c
rename to target/arm/tcg/translate.c
diff --git a/target/arm/translate-neon.c.inc 
b/target/arm/tcg/translate-neon.c.inc
similarity index 100%
rename from target/arm/translate-neon.c.inc
rename to target/arm/tcg/translate-neon.c.inc
diff --gi

[RFC v13 05/80] target/arm: tcg: split mte_helper user-only and sysemu code

2021-04-14 Thread Claudio Fontana 
allocation_tag_mem has a different implementation for
user-only and sysemu, so move the two implementations into
the dedicated subdirs.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Reviewed-by: Alex Bennée 
---
 target/arm/tcg/mte_helper.h|  53 
 target/arm/tcg/mte_helper.c| 191 +
 target/arm/tcg/sysemu/mte_helper.c | 159 
 target/arm/tcg/user/mte_helper.c   |  57 +
 target/arm/tcg/sysemu/meson.build  |   1 +
 target/arm/tcg/user/meson.build|   1 +
 6 files changed, 272 insertions(+), 190 deletions(-)
 create mode 100644 target/arm/tcg/mte_helper.h
 create mode 100644 target/arm/tcg/sysemu/mte_helper.c
 create mode 100644 target/arm/tcg/user/mte_helper.c

diff --git a/target/arm/tcg/mte_helper.h b/target/arm/tcg/mte_helper.h
new file mode 100644
index 00..29db1ad9fc
--- /dev/null
+++ b/target/arm/tcg/mte_helper.h
@@ -0,0 +1,53 @@
+/*
+ * ARM v8.5-MemTag Operations
+ *
+ * Copyright (c) 2020 Linaro, Ltd.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#ifndef MTE_HELPER_H
+#define MTE_HELPER_H
+
+/**
+ * allocation_tag_mem:
+ * @env: the cpu environment
+ * @ptr_mmu_idx: the addressing regime to use for the virtual address
+ * @ptr: the virtual address for which to look up tag memory
+ * @ptr_access: the access to use for the virtual address
+ * @ptr_size: the number of bytes in the normal memory access
+ * @tag_access: the access to use for the tag memory
+ * @tag_size: the number of bytes in the tag memory access
+ * @ra: the return address for exception handling
+ *
+ * Our tag memory is formatted as a sequence of little-endian nibbles.
+ * That is, the byte at (addr >> (LOG2_TAG_GRANULE + 1)) contains two
+ * tags, with the tag at [3:0] for the lower addr and the tag at [7:4]
+ * for the higher addr.
+ *
+ * Here, resolve the physical address from the virtual address, and return
+ * a pointer to the corresponding tag byte.  Exit with exception if the
+ * virtual address is not accessible for @ptr_access.
+ *
+ * The @ptr_size and @tag_size values may not have an obvious relation
+ * due to the alignment of @ptr, and the number of tag checks required.
+ *
+ * If there is no tag storage corresponding to @ptr, return NULL.
+ */
+uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
+uint64_t ptr, MMUAccessType ptr_access,
+int ptr_size, MMUAccessType tag_access,
+int tag_size, uintptr_t ra);
+
+#endif /* MTE_HELPER_H */
diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c
index 0bbb9ec346..ea4196a162 100644
--- a/target/arm/tcg/mte_helper.c
+++ b/target/arm/tcg/mte_helper.c
@@ -26,7 +26,7 @@
 #include "exec/helper-proto.h"
 #include "qapi/error.h"
 #include "qemu/guest-random.h"
-
+#include "tcg/mte_helper.h"
 
 static int choose_nonexcluded_tag(int tag, int offset, uint16_t exclude)
 {
@@ -47,195 +47,6 @@ static int choose_nonexcluded_tag(int tag, int offset, 
uint16_t exclude)
 return tag;
 }
 
-/**
- * allocation_tag_mem:
- * @env: the cpu environment
- * @ptr_mmu_idx: the addressing regime to use for the virtual address
- * @ptr: the virtual address for which to look up tag memory
- * @ptr_access: the access to use for the virtual address
- * @ptr_size: the number of bytes in the normal memory access
- * @tag_access: the access to use for the tag memory
- * @tag_size: the number of bytes in the tag memory access
- * @ra: the return address for exception handling
- *
- * Our tag memory is formatted as a sequence of little-endian nibbles.
- * That is, the byte at (addr >> (LOG2_TAG_GRANULE + 1)) contains two
- * tags, with the tag at [3:0] for the lower addr and the tag at [7:4]
- * for the higher addr.
- *
- * Here, resolve the physical address from the virtual address, and return
- * a pointer to the corresponding tag byte.  Exit with exception if the
- * virtual address is not accessible for @ptr_access.
- *
- * The @ptr_size and @tag_size values may not have an obvious relation
- * due to the alignment of @ptr, and the number of tag checks required.
- *
- * If there is no tag storage corresponding to @ptr, return NULL.
- */
-static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
-   uint64_t ptr,

[RFC v13 00/80] arm cleanup experiment for kvm-only build

2021-04-14 Thread Claudio Fontana 
Here a new version of the series that enables kvm-only builds.

The goal here is to enable the KVM-only build, but there is
some additional cleanup too.

Comments welcome, thanks,

Ciao, C

v12 -> v13:

* "target/arm: tcg: add stubs for some helpers for non-tcg builds"
  - renamed helper-stubs.c to tcg-stubs.c 

* "target/arm: move arm_sctlr away from tcg helpers"
  - split change in two steps to separate the TARGET_AARCH64-only part

  - added a new patch that uses is_a64(env) instead of TARGET_AARCH64,
assuming the protected part is AArch64-only code.

* "target/arm: split a15 cpu model and 32bit class functions to cpu32.c"
  - split the patch into three :
  
  "target/arm: new cpu32 ARM 32 bit CPU Class"
  "target/arm: split 32bit and 64bit arm dump state"
  "target/arm: move a15 cpu model away from the TCG-only models"

* "target/arm: tcg: add stubs for some helpers for non-tcg builds"
  - removed the fp_exception_el stub 
  - added three patches:

  "target/arm: fix comments style of fp_exception_el before moving it"
  "target/arm: move fp_exception_el out of TCG helpers" 
  "target/arm: remove now useless ifndef from fp_exception_el"

* "target/arm: move exception code out of tcg/helper.c"
  - add new preparation patch:
  "target/arm: make further preparation for the exception code to move"
  

  - added new post-move patch:
  "target/arm: rename handle_semihosting to tcg_handle_semihosting"

* "target/arm: move kvm-const.h, kvm.c, kvm64.c, kvm_arm.h to kvm/"
  - added new patch that updates arm kvm maintainer to all of kvm:
  "MAINTAINERS: update arm kvm maintained files to all in target/arm/kvm/"
  

* "target/arm: remove broad "else" statements when checking accels"
  - use "else if" in cpu_pre_save when checking accelerators 

* "target/arm: cpu-sve: new module"
  - change commit message 
  - split the renames into new patch: 
  "target/arm: cpu-sve: rename functions according to module prefix"

* "target/arm: cpu-sve: split TCG and KVM functionality"
  - split the name change to a new patch :
  "target/arm: cpu-sve: make cpu_sve_finalize_features return bool"

* "target/arm: restrict rebuild_hflags_a64 to TARGET_AARCH64"
  - use QEMU_ERROR if function not elided 
  - mention the need of this for future changes 

* "target/arm: cpu-exceptions: new module"
  - move less code. Only the actual exception handling code is moved.
  - mention that -aa64.c requires the previous A64 restrictions

* "target/arm: tcg-sve: import narrow_vq and change_el functions"
  - update stale comment. 

* "target/arm: cpu-pauth: new module for ARMv8.3 Pointer Authentication"
  - separate rename and sig change in a separate patch:
  "target/arm: cpu-pauth: change arm_cpu_pauth_finalize name and sig"

* "cpu-sve: rename sve_zcr_len_for_el to cpu_sve_get_zcr_len_for_el"
  - reordered to just after the move of the function

* "target/arm: move arm_cpu_finalize_features into cpu64"
  - split rename and additional post-move changes into separate patches:
  "target/arm: cpu64: rename arm_cpu_finalize_features"
  "target/arm: cpu64: some final cleanup on aarch64_cpu_finalize_features"

* "target/arm: remove v7m stub function for !CONFIG_TCG"
  - use tcg_enabled() instead of CONFIG_TCG









v11 ->v12:

* reordered additions to meson files, sorting alphabetically.

* renamed the accel-specific cpu_sve modules to tcg_sve and kvm_sve.

* added sve_zcr_len_for_el() to cpu_sve, then renamed.
  It is now made TARGET_AARCH64-only, thanks to preceding changes.

* added aarch64_sve_narrow_vq() and _change_el() to tcg_sve, then renamed.

* "target/arm: tcg: add sysemu and user subdirs"
  - remove redundant meson check for CONFIG_SOFTMMU and CONFIG_USER_ONLY

* "cpu-mmu: fix comment style"
* "target/arm: cpregs: fix style (mostly just comments)"
* "target/arm: cpu: fix style"
  - reordered comment and style changes to before the code moves.

* "target/arm: split cpregs from tcg/helper.c"
  - take also the cpregs definitions ARM_CP_.. from cpu.h into cpregs.h

* "kvm: add stubs for some helpers"
  - move the stubs in tcg/ , to be used by all non-TCG accels

* "target/arm: move arm_sctlr away from tcg helpers"
  - added #ifdef TARGET_AARCH64 for the specific part of the function

* "target/arm: move aarch64_sync_32_to_64 (and vv) to cpu code"
  - removed whitespace

* "target/arm: split a15 cpu model and 32bit class functions to cpu32.c"
  - fixed missing dispatch for aarch64/aarch32

* "target/arm: refactor exception and cpu code"
  - split into multiple patches

* "target/arm: move kvm-const.h, kvm.c, kvm64.c, kvm_arm.h to kvm/"
  - split into multiple patches

* "target/arm: remove broad "else" statements when checking accels"
  - added "else if"s when checking for accelerators

* "target/arm: arch_dump: restrict ELFCLASS64 to AArch64"
  - split into multiple patches


v10 ->v11:

* "target/arm: tcg: split mte_helper user-only and sysemu code" (new)
* "target/arm: tcg: move sysemu-only parts of debug_helper" (new)
* "target/ar

[RFC v13 03/80] arm: tcg: only build under CONFIG_TCG

2021-04-14 Thread Claudio Fontana 
Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Reviewed-by: Alex Bennée 
---
 target/arm/tcg/meson.build | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/target/arm/tcg/meson.build b/target/arm/tcg/meson.build
index 0bd4e9d954..3b4146d079 100644
--- a/target/arm/tcg/meson.build
+++ b/target/arm/tcg/meson.build
@@ -12,9 +12,9 @@ gen = [
   decodetree.process('t16.decode', extra_args: ['-w', '16', 
'--static-decode=disas_t16']),
 ]
 
-arm_ss.add(gen)
+arm_ss.add(when: 'CONFIG_TCG', if_true: gen)
 
-arm_ss.add(files(
+arm_ss.add(when: 'CONFIG_TCG', if_true: files(
   'translate.c',
   'helper.c',
   'iwmmxt_helper.c',
@@ -28,7 +28,7 @@ arm_ss.add(files(
   'debug_helper.c',
 ))
 
-arm_ss.add(when: 'TARGET_AARCH64', if_true: files(
+arm_ss.add(when: ['TARGET_AARCH64','CONFIG_TCG'], if_true: files(
   'translate-a64.c',
   'translate-sve.c',
   'helper-a64.c',
-- 
2.26.2

[RFC v13 02/80] target/arm: move helpers to tcg/

2021-04-14 Thread Claudio Fontana 
Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Reviewed-by: Alex Bennée 
---
 meson.build  |  1 +
 target/arm/{ => tcg}/op_addsub.h |  0
 target/arm/tcg/trace.h   |  1 +
 target/arm/{ => tcg}/vec_internal.h  |  0
 target/arm/{ => tcg}/crypto_helper.c |  0
 target/arm/{ => tcg}/debug_helper.c  |  0
 target/arm/{ => tcg}/helper-a64.c|  0
 target/arm/{ => tcg}/helper.c|  0
 target/arm/{ => tcg}/iwmmxt_helper.c |  0
 target/arm/{ => tcg}/m_helper.c  |  0
 target/arm/{ => tcg}/mte_helper.c|  0
 target/arm/{ => tcg}/neon_helper.c   |  0
 target/arm/{ => tcg}/op_helper.c |  0
 target/arm/{ => tcg}/pauth_helper.c  |  0
 target/arm/{ => tcg}/sve_helper.c|  0
 target/arm/{ => tcg}/tlb_helper.c|  0
 target/arm/{ => tcg}/vec_helper.c|  0
 target/arm/{ => tcg}/vfp_helper.c|  0
 target/arm/meson.build   | 14 --
 target/arm/tcg/meson.build   | 14 ++
 target/arm/tcg/trace-events  | 10 ++
 target/arm/trace-events  |  9 -
 22 files changed, 26 insertions(+), 23 deletions(-)
 rename target/arm/{ => tcg}/op_addsub.h (100%)
 create mode 100644 target/arm/tcg/trace.h
 rename target/arm/{ => tcg}/vec_internal.h (100%)
 rename target/arm/{ => tcg}/crypto_helper.c (100%)
 rename target/arm/{ => tcg}/debug_helper.c (100%)
 rename target/arm/{ => tcg}/helper-a64.c (100%)
 rename target/arm/{ => tcg}/helper.c (100%)
 rename target/arm/{ => tcg}/iwmmxt_helper.c (100%)
 rename target/arm/{ => tcg}/m_helper.c (100%)
 rename target/arm/{ => tcg}/mte_helper.c (100%)
 rename target/arm/{ => tcg}/neon_helper.c (100%)
 rename target/arm/{ => tcg}/op_helper.c (100%)
 rename target/arm/{ => tcg}/pauth_helper.c (100%)
 rename target/arm/{ => tcg}/sve_helper.c (100%)
 rename target/arm/{ => tcg}/tlb_helper.c (100%)
 rename target/arm/{ => tcg}/vec_helper.c (100%)
 rename target/arm/{ => tcg}/vfp_helper.c (100%)
 create mode 100644 target/arm/tcg/trace-events

diff --git a/meson.build b/meson.build
index 25363b492d..357ddc3dd6 100644
--- a/meson.build
+++ b/meson.build
@@ -1845,6 +1845,7 @@ if have_system or have_user
 'accel/tcg',
 'hw/core',
 'target/arm',
+'target/arm/tcg',
 'target/hppa',
 'target/i386',
 'target/i386/kvm',
diff --git a/target/arm/op_addsub.h b/target/arm/tcg/op_addsub.h
similarity index 100%
rename from target/arm/op_addsub.h
rename to target/arm/tcg/op_addsub.h
diff --git a/target/arm/tcg/trace.h b/target/arm/tcg/trace.h
new file mode 100644
index 00..c6e89d018b
--- /dev/null
+++ b/target/arm/tcg/trace.h
@@ -0,0 +1 @@
+#include "trace/trace-target_arm_tcg.h"
diff --git a/target/arm/vec_internal.h b/target/arm/tcg/vec_internal.h
similarity index 100%
rename from target/arm/vec_internal.h
rename to target/arm/tcg/vec_internal.h
diff --git a/target/arm/crypto_helper.c b/target/arm/tcg/crypto_helper.c
similarity index 100%
rename from target/arm/crypto_helper.c
rename to target/arm/tcg/crypto_helper.c
diff --git a/target/arm/debug_helper.c b/target/arm/tcg/debug_helper.c
similarity index 100%
rename from target/arm/debug_helper.c
rename to target/arm/tcg/debug_helper.c
diff --git a/target/arm/helper-a64.c b/target/arm/tcg/helper-a64.c
similarity index 100%
rename from target/arm/helper-a64.c
rename to target/arm/tcg/helper-a64.c
diff --git a/target/arm/helper.c b/target/arm/tcg/helper.c
similarity index 100%
rename from target/arm/helper.c
rename to target/arm/tcg/helper.c
diff --git a/target/arm/iwmmxt_helper.c b/target/arm/tcg/iwmmxt_helper.c
similarity index 100%
rename from target/arm/iwmmxt_helper.c
rename to target/arm/tcg/iwmmxt_helper.c
diff --git a/target/arm/m_helper.c b/target/arm/tcg/m_helper.c
similarity index 100%
rename from target/arm/m_helper.c
rename to target/arm/tcg/m_helper.c
diff --git a/target/arm/mte_helper.c b/target/arm/tcg/mte_helper.c
similarity index 100%
rename from target/arm/mte_helper.c
rename to target/arm/tcg/mte_helper.c
diff --git a/target/arm/neon_helper.c b/target/arm/tcg/neon_helper.c
similarity index 100%
rename from target/arm/neon_helper.c
rename to target/arm/tcg/neon_helper.c
diff --git a/target/arm/op_helper.c b/target/arm/tcg/op_helper.c
similarity index 100%
rename from target/arm/op_helper.c
rename to target/arm/tcg/op_helper.c
diff --git a/target/arm/pauth_helper.c b/target/arm/tcg/pauth_helper.c
similarity index 100%
rename from target/arm/pauth_helper.c
rename to target/arm/tcg/pauth_helper.c
diff --git a/target/arm/sve_helper.c b/target/arm/tcg/sve_helper.c
similarity index 100%
rename from target/arm/sve_helper.c
rename to target/arm/tcg/sve_helper.c
diff --git a/target/arm/tlb_helper.c b/target/arm/tcg/tlb_helper.c
similarity index 100%
rename from target/arm/tlb_helper.c
rename to target/arm/tcg/tlb_helper.c
diff --git a/target/arm/vec_helper.c b/target/arm/tcg/vec_helper.c
similarity index 100%
rename from target/arm/vec_helper.c
rename to target/arm/tcg/vec_help

[RFC v13 09/80] target/arm: only build psci for TCG

2021-04-14 Thread Claudio Fontana 
We do not move psci.c to tcg/ because we expect other
hypervisors to use it (waiting for HVF enablement).

Signed-off-by: Claudio Fontana 
Cc: Alexander Graf 
Reviewed-by: Richard Henderson 
---
 target/arm/meson.build | 4 
 1 file changed, 4 insertions(+)

diff --git a/target/arm/meson.build b/target/arm/meson.build
index 0172937b40..a9fdada0cc 100644
--- a/target/arm/meson.build
+++ b/target/arm/meson.build
@@ -19,8 +19,12 @@ arm_softmmu_ss.add(files(
   'arm-powerctl.c',
   'machine.c',
   'monitor.c',
+))
+
+arm_softmmu_ss.add(when: 'CONFIG_TCG', if_true: files(
   'psci.c',
 ))
+
 arm_user_ss = ss.source_set()
 
 subdir('tcg')
-- 
2.26.2

[RFC v13 06/80] target/arm: tcg: move sysemu-only parts of debug_helper

2021-04-14 Thread Claudio Fontana 
move sysemu-only parts of debug_helper to sysemu/

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Reviewed-by: Alex Bennée 
---
 target/arm/tcg/debug_helper.c| 27 ---
 target/arm/tcg/sysemu/debug_helper.c | 33 
 target/arm/tcg/sysemu/meson.build|  1 +
 3 files changed, 34 insertions(+), 27 deletions(-)
 create mode 100644 target/arm/tcg/sysemu/debug_helper.c

diff --git a/target/arm/tcg/debug_helper.c b/target/arm/tcg/debug_helper.c
index 2ff72d47d1..66a0915393 100644
--- a/target/arm/tcg/debug_helper.c
+++ b/target/arm/tcg/debug_helper.c
@@ -308,30 +308,3 @@ void arm_debug_excp_handler(CPUState *cs)
 arm_debug_target_el(env));
 }
 }
-
-#if !defined(CONFIG_USER_ONLY)
-
-vaddr arm_adjust_watchpoint_address(CPUState *cs, vaddr addr, int len)
-{
-ARMCPU *cpu = ARM_CPU(cs);
-CPUARMState *env = &cpu->env;
-
-/*
- * In BE32 system mode, target memory is stored byteswapped (on a
- * little-endian host system), and by the time we reach here (via an
- * opcode helper) the addresses of subword accesses have been adjusted
- * to account for that, which means that watchpoints will not match.
- * Undo the adjustment here.
- */
-if (arm_sctlr_b(env)) {
-if (len == 1) {
-addr ^= 3;
-} else if (len == 2) {
-addr ^= 2;
-}
-}
-
-return addr;
-}
-
-#endif
diff --git a/target/arm/tcg/sysemu/debug_helper.c 
b/target/arm/tcg/sysemu/debug_helper.c
new file mode 100644
index 00..0bce00144f
--- /dev/null
+++ b/target/arm/tcg/sysemu/debug_helper.c
@@ -0,0 +1,33 @@
+/*
+ * ARM debug helpers.
+ *
+ * This code is licensed under the GNU GPL v2 or later.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "internals.h"
+
+vaddr arm_adjust_watchpoint_address(CPUState *cs, vaddr addr, int len)
+{
+ARMCPU *cpu = ARM_CPU(cs);
+CPUARMState *env = &cpu->env;
+
+/*
+ * In BE32 system mode, target memory is stored byteswapped (on a
+ * little-endian host system), and by the time we reach here (via an
+ * opcode helper) the addresses of subword accesses have been adjusted
+ * to account for that, which means that watchpoints will not match.
+ * Undo the adjustment here.
+ */
+if (arm_sctlr_b(env)) {
+if (len == 1) {
+addr ^= 3;
+} else if (len == 2) {
+addr ^= 2;
+}
+}
+
+return addr;
+}
diff --git a/target/arm/tcg/sysemu/meson.build 
b/target/arm/tcg/sysemu/meson.build
index 6f014f77ec..1a4d7a0940 100644
--- a/target/arm/tcg/sysemu/meson.build
+++ b/target/arm/tcg/sysemu/meson.build
@@ -1,3 +1,4 @@
 arm_softmmu_ss.add(when: 'CONFIG_TCG', if_true: files(
+  'debug_helper.c',
   'mte_helper.c',
 ))
-- 
2.26.2

[RFC v13 13/80] target/arm: fix style in preparation of new cpregs module

2021-04-14 Thread Claudio Fontana 
in preparation of the creation of a new cpregs module,
fix the style for the to-be-exported code.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/cpu.h|  54 ---
 target/arm/tcg/helper.c | 310 ++--
 2 files changed, 239 insertions(+), 125 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 7877d5417f..6454cb575e 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2693,14 +2693,16 @@ typedef struct ARMCPRegInfo ARMCPRegInfo;
 typedef enum CPAccessResult {
 /* Access is permitted */
 CP_ACCESS_OK = 0,
-/* Access fails due to a configurable trap or enable which would
+/*
+ * Access fails due to a configurable trap or enable which would
  * result in a categorized exception syndrome giving information about
  * the failing instruction (ie syndrome category 0x3, 0x4, 0x5, 0x6,
  * 0xc or 0x18). The exception is taken to the usual target EL (EL1 or
  * PL1 if in EL0, otherwise to the current EL).
  */
 CP_ACCESS_TRAP = 1,
-/* Access fails and results in an exception syndrome 0x0 ("uncategorized").
+/*
+ * Access fails and results in an exception syndrome 0x0 ("uncategorized").
  * Note that this is not a catch-all case -- the set of cases which may
  * result in this failure is specifically defined by the architecture.
  */
@@ -2711,14 +2713,16 @@ typedef enum CPAccessResult {
 /* As CP_ACCESS_UNCATEGORIZED, but for traps directly to EL2 or EL3 */
 CP_ACCESS_TRAP_UNCATEGORIZED_EL2 = 5,
 CP_ACCESS_TRAP_UNCATEGORIZED_EL3 = 6,
-/* Access fails and results in an exception syndrome for an FP access,
+/*
+ * Access fails and results in an exception syndrome for an FP access,
  * trapped directly to EL2 or EL3
  */
 CP_ACCESS_TRAP_FP_EL2 = 7,
 CP_ACCESS_TRAP_FP_EL3 = 8,
 } CPAccessResult;
 
-/* Access functions for coprocessor registers. These cannot fail and
+/*
+ * Access functions for coprocessor registers. These cannot fail and
  * may not raise exceptions.
  */
 typedef uint64_t CPReadFn(CPUARMState *env, const ARMCPRegInfo *opaque);
@@ -2737,7 +2741,8 @@ typedef void CPResetFn(CPUARMState *env, const 
ARMCPRegInfo *opaque);
 struct ARMCPRegInfo {
 /* Name of register (useful mainly for debugging, need not be unique) */
 const char *name;
-/* Location of register: coprocessor number and (crn,crm,opc1,opc2)
+/*
+ * Location of register: coprocessor number and (crn,crm,opc1,opc2)
  * tuple. Any of crm, opc1 and opc2 may be CP_ANY to indicate a
  * 'wildcard' field -- any value of that field in the MRC/MCR insn
  * will be decoded to this register. The register read and write
@@ -2768,16 +2773,19 @@ struct ARMCPRegInfo {
 int access;
 /* Security state: ARM_CP_SECSTATE_* bits/values */
 int secure;
-/* The opaque pointer passed to define_arm_cp_regs_with_opaque() when
+/*
+ * The opaque pointer passed to define_arm_cp_regs_with_opaque() when
  * this register was defined: can be used to hand data through to the
  * register read/write functions, since they are passed the ARMCPRegInfo*.
  */
 void *opaque;
-/* Value of this register, if it is ARM_CP_CONST. Otherwise, if
+/*
+ * Value of this register, if it is ARM_CP_CONST. Otherwise, if
  * fieldoffset is non-zero, the reset value of the register.
  */
 uint64_t resetvalue;
-/* Offset of the field in CPUARMState for this register.
+/*
+ * Offset of the field in CPUARMState for this register.
  *
  * This is not needed if either:
  *  1. type is ARM_CP_CONST or one of the ARM_CP_SPECIALs
@@ -2785,7 +2793,8 @@ struct ARMCPRegInfo {
  */
 ptrdiff_t fieldoffset; /* offsetof(CPUARMState, field) */
 
-/* Offsets of the secure and non-secure fields in CPUARMState for the
+/*
+ * Offsets of the secure and non-secure fields in CPUARMState for the
  * register if it is banked.  These fields are only used during the static
  * registration of a register.  During hashing the bank associated
  * with a given security state is copied to fieldoffset which is used from
@@ -2798,36 +2807,42 @@ struct ARMCPRegInfo {
  */
 ptrdiff_t bank_fieldoffsets[2];
 
-/* Function for making any access checks for this register in addition to
+/*
+ * Function for making any access checks for this register in addition to
  * those specified by the 'access' permissions bits. If NULL, no extra
  * checks required. The access check is performed at runtime, not at
  * translate time.
  */
 CPAccessFn *accessfn;
-/* Function for handling reads of this register. If NULL, then reads
+/*
+ * Function for handling reads of this register. If NULL, then reads
  * will be done by loading from the offset into CPUARMState specified
  * by fieldoffset.
  */
 CPReadFn *readfn;
-/* Function

[RFC v13 04/80] target/arm: tcg: add sysemu and user subdirs

2021-04-14 Thread Claudio Fontana 
Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/tcg/meson.build| 3 +++
 target/arm/tcg/sysemu/meson.build | 2 ++
 target/arm/tcg/user/meson.build   | 2 ++
 3 files changed, 7 insertions(+)
 create mode 100644 target/arm/tcg/sysemu/meson.build
 create mode 100644 target/arm/tcg/user/meson.build

diff --git a/target/arm/tcg/meson.build b/target/arm/tcg/meson.build
index 3b4146d079..abc9d27b63 100644
--- a/target/arm/tcg/meson.build
+++ b/target/arm/tcg/meson.build
@@ -36,3 +36,6 @@ arm_ss.add(when: ['TARGET_AARCH64','CONFIG_TCG'], if_true: 
files(
   'pauth_helper.c',
   'sve_helper.c',
 ))
+
+subdir('user')
+subdir('sysemu')
diff --git a/target/arm/tcg/sysemu/meson.build 
b/target/arm/tcg/sysemu/meson.build
new file mode 100644
index 00..726387b0b3
--- /dev/null
+++ b/target/arm/tcg/sysemu/meson.build
@@ -0,0 +1,2 @@
+arm_softmmu_ss.add(when: 'CONFIG_TCG', if_true: files(
+))
diff --git a/target/arm/tcg/user/meson.build b/target/arm/tcg/user/meson.build
new file mode 100644
index 00..7af3311190
--- /dev/null
+++ b/target/arm/tcg/user/meson.build
@@ -0,0 +1,2 @@
+arm_user_ss.add(when: 'CONFIG_TCG', if_true: files(
+))
-- 
2.26.2

[RFC v13 15/80] target/arm: move cpu definitions to common cpu module

2021-04-14 Thread Claudio Fontana 
Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/cpu-common.c | 41 +
 target/arm/tcg/helper.c | 29 -
 target/arm/meson.build  |  1 +
 3 files changed, 42 insertions(+), 29 deletions(-)
 create mode 100644 target/arm/cpu-common.c

diff --git a/target/arm/cpu-common.c b/target/arm/cpu-common.c
new file mode 100644
index 00..0f8ca94815
--- /dev/null
+++ b/target/arm/cpu-common.c
@@ -0,0 +1,41 @@
+/*
+ * ARM CPU common definitions
+ *
+ * This code is licensed under the GNU GPL v2 or later.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "qom/object.h"
+#include "qapi/qapi-commands-machine-target.h"
+#include "qapi/error.h"
+#include "cpu.h"
+
+static void arm_cpu_add_definition(gpointer data, gpointer user_data)
+{
+ObjectClass *oc = data;
+CpuDefinitionInfoList **cpu_list = user_data;
+CpuDefinitionInfo *info;
+const char *typename;
+
+typename = object_class_get_name(oc);
+info = g_malloc0(sizeof(*info));
+info->name = g_strndup(typename,
+   strlen(typename) - strlen("-" TYPE_ARM_CPU));
+info->q_typename = g_strdup(typename);
+
+QAPI_LIST_PREPEND(*cpu_list, info);
+}
+
+CpuDefinitionInfoList *qmp_query_cpu_definitions(Error **errp)
+{
+CpuDefinitionInfoList *cpu_list = NULL;
+GSList *list;
+
+list = object_class_get_list(TYPE_ARM_CPU, false);
+g_slist_foreach(list, arm_cpu_add_definition, &cpu_list);
+g_slist_free(list);
+
+return cpu_list;
+}
diff --git a/target/arm/tcg/helper.c b/target/arm/tcg/helper.c
index 8e976ceb6a..08456aa50a 100644
--- a/target/arm/tcg/helper.c
+++ b/target/arm/tcg/helper.c
@@ -28,7 +28,6 @@
 #include "sysemu/kvm.h"
 #include "sysemu/tcg.h"
 #include "qemu/range.h"
-#include "qapi/qapi-commands-machine-target.h"
 #include "qapi/error.h"
 #include "qemu/guest-random.h"
 #ifdef CONFIG_TCG
@@ -697,34 +696,6 @@ void arm_cpu_list(void)
 g_slist_free(list);
 }
 
-static void arm_cpu_add_definition(gpointer data, gpointer user_data)
-{
-ObjectClass *oc = data;
-CpuDefinitionInfoList **cpu_list = user_data;
-CpuDefinitionInfo *info;
-const char *typename;
-
-typename = object_class_get_name(oc);
-info = g_malloc0(sizeof(*info));
-info->name = g_strndup(typename,
-   strlen(typename) - strlen("-" TYPE_ARM_CPU));
-info->q_typename = g_strdup(typename);
-
-QAPI_LIST_PREPEND(*cpu_list, info);
-}
-
-CpuDefinitionInfoList *qmp_query_cpu_definitions(Error **errp)
-{
-CpuDefinitionInfoList *cpu_list = NULL;
-GSList *list;
-
-list = object_class_get_list(TYPE_ARM_CPU, false);
-g_slist_foreach(list, arm_cpu_add_definition, &cpu_list);
-g_slist_free(list);
-
-return cpu_list;
-}
-
 static int bad_mode_switch(CPUARMState *env, int mode, CPSRWriteType 
write_type)
 {
 /* Return true if it is not valid for us to switch to
diff --git a/target/arm/meson.build b/target/arm/meson.build
index 5fb34c1af1..8d6177c1fb 100644
--- a/target/arm/meson.build
+++ b/target/arm/meson.build
@@ -2,6 +2,7 @@ arm_ss = ss.source_set()
 arm_ss.add(files(
   'cpregs.c',
   'cpu.c',
+  'cpu-common.c',
   'cpu-mmu.c',
   'cpustate-list.c',
   'gdbstub.c',
-- 
2.26.2

[RFC v13 21/80] target/arm: split vfp state setting from tcg helpers

2021-04-14 Thread Claudio Fontana 
cpu-vfp.c: vfp_get_fpsr and vfp_set_fpsr are needed also for KVM,
   so create a new cpu-vfp.c

tcg/cpu-vfp.c: vfp_get_fpscr_from_host and vv are TCG-only, so we
   move the implementation to tcg/cpu-vfp.c

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/cpu-vfp.h|  29 +
 target/arm/cpu-vfp.c|  97 +
 target/arm/tcg/cpu-vfp.c| 146 +
 target/arm/tcg/vfp_helper.c | 210 +---
 target/arm/meson.build  |   1 +
 target/arm/tcg/meson.build  |   1 +
 6 files changed, 276 insertions(+), 208 deletions(-)
 create mode 100644 target/arm/cpu-vfp.h
 create mode 100644 target/arm/cpu-vfp.c
 create mode 100644 target/arm/tcg/cpu-vfp.c

diff --git a/target/arm/cpu-vfp.h b/target/arm/cpu-vfp.h
new file mode 100644
index 00..41e0d710a0
--- /dev/null
+++ b/target/arm/cpu-vfp.h
@@ -0,0 +1,29 @@
+/*
+ * ARM VFP floating-point operations internals
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#ifndef CPU_VFP_H
+#define CPU_VFP_H
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+
+uint32_t vfp_get_fpscr_from_host(CPUARMState *env);
+void vfp_set_fpscr_to_host(CPUARMState *env, uint32_t val);
+
+#endif /* CPU_VFP_H */
diff --git a/target/arm/cpu-vfp.c b/target/arm/cpu-vfp.c
new file mode 100644
index 00..8ea615a916
--- /dev/null
+++ b/target/arm/cpu-vfp.c
@@ -0,0 +1,97 @@
+/*
+ * ARM VFP floating-point operations
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "cpu-vfp.h"
+#include "sysemu/tcg.h"
+
+uint32_t vfp_get_fpscr(CPUARMState *env)
+{
+uint32_t i, fpscr;
+
+fpscr = env->vfp.xregs[ARM_VFP_FPSCR]
+| (env->vfp.vec_len << 16)
+| (env->vfp.vec_stride << 20);
+
+/*
+ * M-profile LTPSIZE overlaps A-profile Stride; whichever of the
+ * two is not applicable to this CPU will always be zero.
+ */
+fpscr |= env->v7m.ltpsize << 16;
+
+if (tcg_enabled()) {
+fpscr |= vfp_get_fpscr_from_host(env);
+}
+
+i = env->vfp.qc[0] | env->vfp.qc[1] | env->vfp.qc[2] | env->vfp.qc[3];
+fpscr |= i ? FPCR_QC : 0;
+
+return fpscr;
+}
+
+void vfp_set_fpscr(CPUARMState *env, uint32_t val)
+{
+/* When ARMv8.2-FP16 is not supported, FZ16 is RES0.  */
+if (!cpu_isar_feature(any_fp16, env_archcpu(env))) {
+val &= ~FPCR_FZ16;
+}
+
+if (tcg_enabled()) {
+vfp_set_fpscr_to_host(env, val);
+}
+
+if (!arm_feature(env, ARM_FEATURE_M)) {
+/*
+ * Short-vector length and stride; on M-profile these bits
+ * are used for different purposes.
+ * We can't make this conditional be "if MVFR0.FPShVec != 0",
+ * because in v7A no-short-vector-support cores still had to
+ * allow Stride/Len to be written with the only effect that
+ * some insns are required to UNDEF if the guest sets them.
+ *
+ * TODO: if M-profile MVE implemented, set LTPSIZE.
+ */
+env->vfp.vec_len = extract32(val, 16, 3);
+env->vfp.vec_stride = extract32(val, 20, 2);
+}
+
+if (arm_feature(env, ARM_FEATURE_NEON)) {
+/*
+ * The bit we set within fpscr_q is arbitrary; the register as a
+ * whole being zero/non-zero is what counts.
+ * TODO: M-profile MVE also has a QC bit.
+ */
+env->vfp.qc[0] = val & FPCR_QC;
+env->vfp.qc[1] = 0;
+env->vfp.qc[2] = 0;
+env->vfp.qc[3] = 0;
+}
+
+/*
+ * We don't implement trapped exception handling, so the
+ *

[RFC v13 07/80] target/arm: tcg: split tlb_helper user-only and sysemu-only parts

2021-04-14 Thread Claudio Fontana 
Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Reviewed-by: Alex Bennée 
---
 target/arm/tcg/tlb_helper.h| 17 ++
 target/arm/tcg/sysemu/tlb_helper.c | 83 +
 target/arm/tcg/tlb_helper.c| 97 ++
 target/arm/tcg/user/tlb_helper.c   | 32 ++
 target/arm/tcg/sysemu/meson.build  |  1 +
 target/arm/tcg/user/meson.build|  1 +
 6 files changed, 138 insertions(+), 93 deletions(-)
 create mode 100644 target/arm/tcg/tlb_helper.h
 create mode 100644 target/arm/tcg/sysemu/tlb_helper.c
 create mode 100644 target/arm/tcg/user/tlb_helper.c

diff --git a/target/arm/tcg/tlb_helper.h b/target/arm/tcg/tlb_helper.h
new file mode 100644
index 00..6ce3d315cf
--- /dev/null
+++ b/target/arm/tcg/tlb_helper.h
@@ -0,0 +1,17 @@
+/*
+ * ARM TLB (Translation lookaside buffer) helpers.
+ *
+ * This code is licensed under the GNU GPL v2 or later.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#ifndef TLB_HELPER_H
+#define TLB_HELPER_H
+
+#include "cpu.h"
+
+void QEMU_NORETURN arm_deliver_fault(ARMCPU *cpu, vaddr addr,
+ MMUAccessType access_type,
+ int mmu_idx, ARMMMUFaultInfo *fi);
+
+#endif /* TLB_HELPER_H */
diff --git a/target/arm/tcg/sysemu/tlb_helper.c 
b/target/arm/tcg/sysemu/tlb_helper.c
new file mode 100644
index 00..586f602989
--- /dev/null
+++ b/target/arm/tcg/sysemu/tlb_helper.c
@@ -0,0 +1,83 @@
+/*
+ * ARM TLB (Translation lookaside buffer) helpers.
+ *
+ * This code is licensed under the GNU GPL v2 or later.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "internals.h"
+#include "exec/exec-all.h"
+#include "tcg/tlb_helper.h"
+
+/*
+ * arm_cpu_do_transaction_failed: handle a memory system error response
+ * (eg "no device/memory present at address") by raising an external abort
+ * exception
+ */
+void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
+   vaddr addr, unsigned size,
+   MMUAccessType access_type,
+   int mmu_idx, MemTxAttrs attrs,
+   MemTxResult response, uintptr_t retaddr)
+{
+ARMCPU *cpu = ARM_CPU(cs);
+ARMMMUFaultInfo fi = {};
+
+/* now we have a real cpu fault */
+cpu_restore_state(cs, retaddr, true);
+
+fi.ea = arm_extabort_type(response);
+fi.type = ARMFault_SyncExternal;
+arm_deliver_fault(cpu, addr, access_type, mmu_idx, &fi);
+}
+
+bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
+  MMUAccessType access_type, int mmu_idx,
+  bool probe, uintptr_t retaddr)
+{
+ARMCPU *cpu = ARM_CPU(cs);
+ARMMMUFaultInfo fi = {};
+hwaddr phys_addr;
+target_ulong page_size;
+int prot, ret;
+MemTxAttrs attrs = {};
+ARMCacheAttrs cacheattrs = {};
+
+/*
+ * Walk the page table and (if the mapping exists) add the page
+ * to the TLB.  On success, return true.  Otherwise, if probing,
+ * return false.  Otherwise populate fsr with ARM DFSR/IFSR fault
+ * register format, and signal the fault.
+ */
+ret = get_phys_addr(&cpu->env, address, access_type,
+core_to_arm_mmu_idx(&cpu->env, mmu_idx),
+&phys_addr, &attrs, &prot, &page_size,
+&fi, &cacheattrs);
+if (likely(!ret)) {
+/*
+ * Map a single [sub]page. Regions smaller than our declared
+ * target page size are handled specially, so for those we
+ * pass in the exact addresses.
+ */
+if (page_size >= TARGET_PAGE_SIZE) {
+phys_addr &= TARGET_PAGE_MASK;
+address &= TARGET_PAGE_MASK;
+}
+/* Notice and record tagged memory. */
+if (cpu_isar_feature(aa64_mte, cpu) && cacheattrs.attrs == 0xf0) {
+arm_tlb_mte_tagged(&attrs) = true;
+}
+
+tlb_set_page_with_attrs(cs, address, phys_addr, attrs,
+prot, mmu_idx, page_size);
+return true;
+} else if (probe) {
+return false;
+} else {
+/* now we have a real cpu fault */
+cpu_restore_state(cs, retaddr, true);
+arm_deliver_fault(cpu, address, access_type, mmu_idx, &fi);
+}
+}
diff --git a/target/arm/tcg/tlb_helper.c b/target/arm/tcg/tlb_helper.c
index 3107f9823e..77aefc274d 100644
--- a/target/arm/tcg/tlb_helper.c
+++ b/target/arm/tcg/tlb_helper.c
@@ -9,6 +9,7 @@
 #include "cpu.h"
 #include "internals.h"
 #include "exec/exec-all.h"
+#include "tcg/tlb_helper.h"
 
 static inline uint32_t merge_syn_data_abort(uint32_t template_syn,
 unsigned int target_el,
@@ -49,9 +50,9 @@ static inline uint32_t merge_syn_data_abort(uint32_t 
template_syn,
 return syn;
 }
 
-static void QEMU_NORETURN arm_deliver_fau

[RFC v13 16/80] target/arm: only perform TCG cpu and machine inits if TCG enabled

2021-04-14 Thread Claudio Fontana 
of note, cpreg lists were previously initialized by TCG first,
and then thrown away and replaced with the data coming from KVM.

Now we just initialize once, either for TCG or for KVM.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/cpu.c | 32 ++--
 target/arm/kvm.c | 18 +-
 target/arm/machine.c | 20 +---
 3 files changed, 40 insertions(+), 30 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 4981c0a3fe..3e9714a768 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -436,9 +436,11 @@ static void arm_cpu_reset(DeviceState *dev)
 }
 #endif
 
-hw_breakpoint_update_all(cpu);
-hw_watchpoint_update_all(cpu);
-arm_rebuild_hflags(env);
+if (tcg_enabled()) {
+hw_breakpoint_update_all(cpu);
+hw_watchpoint_update_all(cpu);
+arm_rebuild_hflags(env);
+}
 }
 
 static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
@@ -1319,6 +1321,7 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
 }
 }
 
+#ifdef CONFIG_TCG
 {
 uint64_t scale;
 
@@ -1344,7 +1347,8 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
 cpu->gt_timer[GTIMER_HYPVIRT] = timer_new(QEMU_CLOCK_VIRTUAL, scale,
   arm_gt_hvtimer_cb, cpu);
 }
-#endif
+#endif /* CONFIG_TCG */
+#endif /* !CONFIG_USER_ONLY */
 
 cpu_exec_realizefn(cs, &local_err);
 if (local_err != NULL) {
@@ -1645,17 +1649,16 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
 unset_feature(env, ARM_FEATURE_PMU);
 }
 if (arm_feature(env, ARM_FEATURE_PMU)) {
-pmu_init(cpu);
-
-if (!kvm_enabled()) {
+if (tcg_enabled()) {
+pmu_init(cpu);
 arm_register_pre_el_change_hook(cpu, &pmu_pre_el_change, 0);
 arm_register_el_change_hook(cpu, &pmu_post_el_change, 0);
-}
 
 #ifndef CONFIG_USER_ONLY
-cpu->pmu_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, arm_pmu_timer_cb,
-cpu);
+cpu->pmu_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, arm_pmu_timer_cb,
+  cpu);
 #endif
+}
 } else {
 cpu->isar.id_aa64dfr0 =
 FIELD_DP64(cpu->isar.id_aa64dfr0, ID_AA64DFR0, PMUVER, 0);
@@ -1738,10 +1741,11 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
 set_feature(env, ARM_FEATURE_VBAR);
 }
 
-register_cp_regs_for_features(cpu);
-arm_cpu_register_gdb_regs_for_features(cpu);
-
-init_cpreg_list(cpu);
+if (tcg_enabled()) {
+register_cp_regs_for_features(cpu);
+arm_cpu_register_gdb_regs_for_features(cpu);
+init_cpreg_list(cpu);
+}
 
 #ifndef CONFIG_USER_ONLY
 MachineState *ms = MACHINE(qdev_get_machine());
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index d8381ba224..1b093cc52f 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -431,9 +431,11 @@ static uint64_t *kvm_arm_get_cpreg_ptr(ARMCPU *cpu, 
uint64_t regidx)
 return &cpu->cpreg_values[res - cpu->cpreg_indexes];
 }
 
-/* Initialize the ARMCPU cpreg list according to the kernel's
- * definition of what CPU registers it knows about (and throw away
- * the previous TCG-created cpreg list).
+/*
+ * Initialize the ARMCPU cpreg list according to the kernel's
+ * definition of what CPU registers it knows about.
+ *
+ * The parallel for TCG is init_cpreg_list() in tcg/
  */
 int kvm_arm_init_cpreg_list(ARMCPU *cpu)
 {
@@ -475,12 +477,10 @@ int kvm_arm_init_cpreg_list(ARMCPU *cpu)
 arraylen++;
 }
 
-cpu->cpreg_indexes = g_renew(uint64_t, cpu->cpreg_indexes, arraylen);
-cpu->cpreg_values = g_renew(uint64_t, cpu->cpreg_values, arraylen);
-cpu->cpreg_vmstate_indexes = g_renew(uint64_t, cpu->cpreg_vmstate_indexes,
- arraylen);
-cpu->cpreg_vmstate_values = g_renew(uint64_t, cpu->cpreg_vmstate_values,
-arraylen);
+cpu->cpreg_indexes = g_new(uint64_t, arraylen);
+cpu->cpreg_values = g_new(uint64_t, arraylen);
+cpu->cpreg_vmstate_indexes = g_new(uint64_t, arraylen);
+cpu->cpreg_vmstate_values = g_new(uint64_t, arraylen);
 cpu->cpreg_array_len = arraylen;
 cpu->cpreg_vmstate_array_len = arraylen;
 
diff --git a/target/arm/machine.c b/target/arm/machine.c
index e568662cca..2982e8d7f4 100644
--- a/target/arm/machine.c
+++ b/target/arm/machine.c
@@ -2,6 +2,7 @@
 #include "cpu.h"
 #include "qemu/error-report.h"
 #include "sysemu/kvm.h"
+#include "sysemu/tcg.h"
 #include "kvm_arm.h"
 #include "internals.h"
 #include "migration/cpu.h"
@@ -635,7 +636,7 @@ static int cpu_pre_save(void *opaque)
 {
 ARMCPU *cpu = opaque;
 
-if (!kvm_enabled()) {
+if (tcg_enabled()) {
 pmu_op_start(&cpu->env);
 }
 
@@ -670,7 +671,7 @@ static int cpu_post_save(void *opaque)
 {
 ARMC

[RFC v13 11/80] target/arm: tcg: fix comment style before move to cpu-mmu

2021-04-14 Thread Claudio Fontana 
before exporting some functionality from helper.c into a new module,
fix the comment style of those functions.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/tcg/helper.c | 152 ++--
 1 file changed, 101 insertions(+), 51 deletions(-)

diff --git a/target/arm/tcg/helper.c b/target/arm/tcg/helper.c
index d9220be7c5..d18dc6cbfa 100644
--- a/target/arm/tcg/helper.c
+++ b/target/arm/tcg/helper.c
@@ -10154,7 +10154,8 @@ static inline bool 
regime_translation_disabled(CPUARMState *env,
 return false;
 case 0:
 default:
-/* HFNMIENA set and ENABLE clear is UNPREDICTABLE, but
+/*
+ * HFNMIENA set and ENABLE clear is UNPREDICTABLE, but
  * we warned about that in armv7m_nvic.c when the guest set it.
  */
 return true;
@@ -10208,7 +10209,8 @@ static inline uint64_t regime_ttbr(CPUARMState *env, 
ARMMMUIdx mmu_idx,
 
 #endif /* !CONFIG_USER_ONLY */
 
-/* Convert a possible stage1+2 MMU index into the appropriate
+/*
+ * Convert a possible stage1+2 MMU index into the appropriate
  * stage 1 MMU index
  */
 static inline ARMMMUIdx stage_1_mmu_idx(ARMMMUIdx mmu_idx)
@@ -10279,7 +10281,8 @@ static inline bool regime_is_user(CPUARMState *env, 
ARMMMUIdx mmu_idx)
 }
 }
 
-/* Translate section/page access permissions to page
+/*
+ * Translate section/page access permissions to page
  * R/W protection flags
  *
  * @env: CPUARMState
@@ -10335,7 +10338,8 @@ static inline int ap_to_rw_prot(CPUARMState *env, 
ARMMMUIdx mmu_idx,
 }
 }
 
-/* Translate section/page access permissions to page
+/*
+ * Translate section/page access permissions to page
  * R/W protection flags.
  *
  * @ap:  The 2-bit simple AP (AP[2:1])
@@ -10363,7 +10367,8 @@ simple_ap_to_rw_prot(CPUARMState *env, ARMMMUIdx 
mmu_idx, int ap)
 return simple_ap_to_rw_prot_is_user(ap, regime_is_user(env, mmu_idx));
 }
 
-/* Translate S2 section/page access permissions to protection flags
+/*
+ * Translate S2 section/page access permissions to protection flags
  *
  * @env: CPUARMState
  * @s2ap:The 2-bit stage2 access permissions (S2AP)
@@ -10411,7 +10416,8 @@ static int get_S2prot(CPUARMState *env, int s2ap, int 
xn, bool s1_is_el0)
 return prot;
 }
 
-/* Translate section/page access permissions to protection flags
+/*
+ * Translate section/page access permissions to protection flags
  *
  * @env: CPUARMState
  * @mmu_idx: MMU index indicating required translation regime
@@ -10448,7 +10454,8 @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx 
mmu_idx, bool is_aa64,
 return prot_rw;
 }
 
-/* TODO have_wxn should be replaced with
+/*
+ * TODO have_wxn should be replaced with
  *   ARM_FEATURE_V8 || (ARM_FEATURE_V7 && ARM_FEATURE_EL2)
  * when ARM_FEATURE_EL2 starts getting set. For now we assume all LPAE
  * compatible processors have EL2, which is required for [U]WXN.
@@ -10720,7 +10727,8 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t 
address,
 phys_addr = (desc & 0xf000) | (address & 0xfff);
 *page_size = 0x1000;
 } else {
-/* UNPREDICTABLE in ARMv5; we choose to take a
+/*
+ * UNPREDICTABLE in ARMv5; we choose to take a
  * page translation fault.
  */
 fi->type = ARMFault_Translation;
@@ -10786,7 +10794,8 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t 
address,
 }
 type = (desc & 3);
 if (type == 0 || (type == 3 && !cpu_isar_feature(aa32_pxn, cpu))) {
-/* Section translation fault, or attempt to use the encoding
+/*
+ * Section translation fault, or attempt to use the encoding
  * which is Reserved on implementations without PXN.
  */
 fi->type = ARMFault_Translation;
@@ -10891,7 +10900,8 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t 
address,
 }
 }
 if (ns) {
-/* The NS bit will (as required by the architecture) have no effect if
+/*
+ * The NS bit will (as required by the architecture) have no effect if
  * the CPU doesn't support TZ or this is a non-secure translation
  * regime, because the attribute will already be non-secure.
  */
@@ -10973,7 +10983,8 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool 
is_aa64, int level,
 return true;
 }
 
-/* Translate from the 4-bit stage 2 representation of
+/*
+ * Translate from the 4-bit stage 2 representation of
  * memory attributes (without cache-allocation hints) to
  * the 8-bit representation of the stage 1 MAIR registers
  * (which includes allocation hints).
@@ -11262,7 +11273,8 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 stride = 9;
 }
 
-/* Note that QEMU ignores shareability and cach

[RFC v13 10/80] target/arm: split off cpu-sysemu.c

2021-04-14 Thread Claudio Fontana 
move work is needed later on to split things into
tcg-specific portions and kvm-specific portions of this

Signed-off-by: Claudio Fontana 
Reviewed-by: Alex Bennée 
Reviewed-by: Richard Henderson 
---
 target/arm/internals.h  |   8 ++-
 target/arm/cpu-sysemu.c | 105 
 target/arm/cpu.c|  83 ---
 target/arm/meson.build  |   1 +
 4 files changed, 113 insertions(+), 84 deletions(-)
 create mode 100644 target/arm/cpu-sysemu.c

diff --git a/target/arm/internals.h b/target/arm/internals.h
index f11bd32696..479dc10463 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1205,4 +1205,10 @@ static inline uint64_t useronly_maybe_clean_ptr(uint32_t 
desc, uint64_t ptr)
 return ptr;
 }
 
-#endif
+#ifndef CONFIG_USER_ONLY
+void arm_cpu_set_irq(void *opaque, int irq, int level);
+void arm_cpu_kvm_set_irq(void *opaque, int irq, int level);
+bool arm_cpu_virtio_is_big_endian(CPUState *cs);
+#endif /* !CONFIG_USER_ONLY */
+
+#endif /* TARGET_ARM_INTERNALS_H */
diff --git a/target/arm/cpu-sysemu.c b/target/arm/cpu-sysemu.c
new file mode 100644
index 00..db1c8cb245
--- /dev/null
+++ b/target/arm/cpu-sysemu.c
@@ -0,0 +1,105 @@
+/*
+ * QEMU ARM CPU
+ *
+ * Copyright (c) 2012 SUSE LINUX Products GmbH
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see
+ * 
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "internals.h"
+#include "sysemu/hw_accel.h"
+#include "kvm_arm.h"
+
+void arm_cpu_set_irq(void *opaque, int irq, int level)
+{
+ARMCPU *cpu = opaque;
+CPUARMState *env = &cpu->env;
+CPUState *cs = CPU(cpu);
+static const int mask[] = {
+[ARM_CPU_IRQ] = CPU_INTERRUPT_HARD,
+[ARM_CPU_FIQ] = CPU_INTERRUPT_FIQ,
+[ARM_CPU_VIRQ] = CPU_INTERRUPT_VIRQ,
+[ARM_CPU_VFIQ] = CPU_INTERRUPT_VFIQ
+};
+
+if (level) {
+env->irq_line_state |= mask[irq];
+} else {
+env->irq_line_state &= ~mask[irq];
+}
+
+switch (irq) {
+case ARM_CPU_VIRQ:
+assert(arm_feature(env, ARM_FEATURE_EL2));
+arm_cpu_update_virq(cpu);
+break;
+case ARM_CPU_VFIQ:
+assert(arm_feature(env, ARM_FEATURE_EL2));
+arm_cpu_update_vfiq(cpu);
+break;
+case ARM_CPU_IRQ:
+case ARM_CPU_FIQ:
+if (level) {
+cpu_interrupt(cs, mask[irq]);
+} else {
+cpu_reset_interrupt(cs, mask[irq]);
+}
+break;
+default:
+g_assert_not_reached();
+}
+}
+
+void arm_cpu_kvm_set_irq(void *opaque, int irq, int level)
+{
+#ifdef CONFIG_KVM
+ARMCPU *cpu = opaque;
+CPUARMState *env = &cpu->env;
+CPUState *cs = CPU(cpu);
+uint32_t linestate_bit;
+int irq_id;
+
+switch (irq) {
+case ARM_CPU_IRQ:
+irq_id = KVM_ARM_IRQ_CPU_IRQ;
+linestate_bit = CPU_INTERRUPT_HARD;
+break;
+case ARM_CPU_FIQ:
+irq_id = KVM_ARM_IRQ_CPU_FIQ;
+linestate_bit = CPU_INTERRUPT_FIQ;
+break;
+default:
+g_assert_not_reached();
+}
+
+if (level) {
+env->irq_line_state |= linestate_bit;
+} else {
+env->irq_line_state &= ~linestate_bit;
+}
+kvm_arm_set_irq(cs->cpu_index, KVM_ARM_IRQ_TYPE_CPU, irq_id, !!level);
+#endif
+}
+
+bool arm_cpu_virtio_is_big_endian(CPUState *cs)
+{
+ARMCPU *cpu = ARM_CPU(cs);
+CPUARMState *env = &cpu->env;
+
+cpu_synchronize_state(cs);
+return arm_cpu_data_is_big_endian(env);
+}
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 0dd623e590..9722848923 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -650,89 +650,6 @@ void arm_cpu_update_vfiq(ARMCPU *cpu)
 }
 }
 
-#ifndef CONFIG_USER_ONLY
-static void arm_cpu_set_irq(void *opaque, int irq, int level)
-{
-ARMCPU *cpu = opaque;
-CPUARMState *env = &cpu->env;
-CPUState *cs = CPU(cpu);
-static const int mask[] = {
-[ARM_CPU_IRQ] = CPU_INTERRUPT_HARD,
-[ARM_CPU_FIQ] = CPU_INTERRUPT_FIQ,
-[ARM_CPU_VIRQ] = CPU_INTERRUPT_VIRQ,
-[ARM_CPU_VFIQ] = CPU_INTERRUPT_VFIQ
-};
-
-if (level) {
-env->irq_line_state |= mask[irq];
-} else {
-env->irq_line_state &= ~mask[irq];
-}
-
-switch (irq) {
-case ARM_CPU_VIRQ:
-assert(arm_feature(env, ARM_FEATURE_EL2));
-arm_cpu_update_virq(cpu);
-break;
-

[RFC v13 18/80] target/arm: move cpsr_read, cpsr_write to cpu_common

2021-04-14 Thread Claudio Fontana 
we need as a result to move switch_mode too,
so we put an implementation into cpu_user and cpu_sysemu.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/cpu.h|   2 +
 target/arm/cpu-common.c | 192 +++
 target/arm/cpu-sysemu.c |  30 ++
 target/arm/cpu-user.c   |  24 +
 target/arm/tcg/helper.c | 220 
 target/arm/meson.build  |   3 +
 6 files changed, 251 insertions(+), 220 deletions(-)
 create mode 100644 target/arm/cpu-user.c

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 91fabb7ab2..30882bfbb6 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1383,6 +1383,8 @@ typedef enum CPSRWriteType {
 void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask,
 CPSRWriteType write_type);
 
+void switch_mode(CPUARMState *env, int mode);
+
 /* Return the current xPSR value.  */
 static inline uint32_t xpsr_read(CPUARMState *env)
 {
diff --git a/target/arm/cpu-common.c b/target/arm/cpu-common.c
index 0f8ca94815..694e5d73f3 100644
--- a/target/arm/cpu-common.c
+++ b/target/arm/cpu-common.c
@@ -7,10 +7,12 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/log.h"
 #include "qom/object.h"
 #include "qapi/qapi-commands-machine-target.h"
 #include "qapi/error.h"
 #include "cpu.h"
+#include "internals.h"
 
 static void arm_cpu_add_definition(gpointer data, gpointer user_data)
 {
@@ -39,3 +41,193 @@ CpuDefinitionInfoList *qmp_query_cpu_definitions(Error 
**errp)
 
 return cpu_list;
 }
+
+uint32_t cpsr_read(CPUARMState *env)
+{
+int ZF;
+ZF = (env->ZF == 0);
+return env->uncached_cpsr | (env->NF & 0x8000) | (ZF << 30) |
+(env->CF << 29) | ((env->VF & 0x8000) >> 3) | (env->QF << 27)
+| (env->thumb << 5) | ((env->condexec_bits & 3) << 25)
+| ((env->condexec_bits & 0xfc) << 8)
+| (env->GE << 16) | (env->daif & CPSR_AIF);
+}
+
+static int bad_mode_switch(CPUARMState *env, int mode, CPSRWriteType 
write_type)
+{
+/*
+ * Return true if it is not valid for us to switch to
+ * this CPU mode (ie all the UNPREDICTABLE cases in
+ * the ARM ARM CPSRWriteByInstr pseudocode).
+ */
+
+/* Changes to or from Hyp via MSR and CPS are illegal. */
+if (write_type == CPSRWriteByInstr &&
+((env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_HYP ||
+ mode == ARM_CPU_MODE_HYP)) {
+return 1;
+}
+
+switch (mode) {
+case ARM_CPU_MODE_USR:
+return 0;
+case ARM_CPU_MODE_SYS:
+case ARM_CPU_MODE_SVC:
+case ARM_CPU_MODE_ABT:
+case ARM_CPU_MODE_UND:
+case ARM_CPU_MODE_IRQ:
+case ARM_CPU_MODE_FIQ:
+/*
+ * Note that we don't implement the IMPDEF NSACR.RFR which in v7
+ * allows FIQ mode to be Secure-only. (In v8 this doesn't exist.)
+ *
+ * If HCR.TGE is set then changes from Monitor to NS PL1 via MSR
+ * and CPS are treated as illegal mode changes.
+ */
+if (write_type == CPSRWriteByInstr &&
+(env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_MON &&
+(arm_hcr_el2_eff(env) & HCR_TGE)) {
+return 1;
+}
+return 0;
+case ARM_CPU_MODE_HYP:
+return !arm_is_el2_enabled(env) || arm_current_el(env) < 2;
+case ARM_CPU_MODE_MON:
+return arm_current_el(env) < 3;
+default:
+return 1;
+}
+}
+
+void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask,
+CPSRWriteType write_type)
+{
+uint32_t changed_daif;
+
+if (mask & CPSR_NZCV) {
+env->ZF = (~val) & CPSR_Z;
+env->NF = val;
+env->CF = (val >> 29) & 1;
+env->VF = (val << 3) & 0x8000;
+}
+if (mask & CPSR_Q) {
+env->QF = ((val & CPSR_Q) != 0);
+}
+if (mask & CPSR_T) {
+env->thumb = ((val & CPSR_T) != 0);
+}
+if (mask & CPSR_IT_0_1) {
+env->condexec_bits &= ~3;
+env->condexec_bits |= (val >> 25) & 3;
+}
+if (mask & CPSR_IT_2_7) {
+env->condexec_bits &= 3;
+env->condexec_bits |= (val >> 8) & 0xfc;
+}
+if (mask & CPSR_GE) {
+env->GE = (val >> 16) & 0xf;
+}
+
+/*
+ * In a V7 implementation that includes the security extensions but does
+ * not include Virtualization Extensions the SCR.FW and SCR.AW bits control
+ * whether non-secure software is allowed to change the CPSR_F and CPSR_A
+ * bits respectively.
+ *
+ * In a V8 implementation, it is permitted for privileged software to
+ * change the CPSR A/F bits regardless of the SCR.AW/FW bits.
+ */
+if (write_type != CPSRWriteRaw && !arm_feature(env, ARM_FEATURE_V8) &&
+arm_feature(env, ARM_FEATURE_EL3) &&
+!arm_feature(env, ARM_FEATURE_EL2) &&
+!arm_is_secure(env)) {
+
+changed_daif = (env->daif ^ val) & mask;
+
+if (changed_daif & CPSR_A) {
+/*
+ * Check to see if we are allowed

[RFC v13 19/80] target/arm: add temporary stub for arm_rebuild_hflags

2021-04-14 Thread Claudio Fontana 
this should go away once the configuration and hw/arm is clean

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 hw/arm/boot.c  | 5 -
 target/arm/arm-powerctl.c  | 8 +---
 target/arm/tcg/tcg-stubs.c | 5 +
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index e56c42ac22..1fb56a846f 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -27,6 +27,7 @@
 #include "qemu/option.h"
 #include "exec/address-spaces.h"
 #include "qemu/units.h"
+#include "sysemu/tcg.h"
 
 /* Kernel boot protocol is specified in the kernel docs
  * Documentation/arm/Booting and Documentation/arm64/booting.txt
@@ -797,7 +798,9 @@ static void do_cpu_reset(void *opaque)
 info->secondary_cpu_reset_hook(cpu, info);
 }
 }
-arm_rebuild_hflags(env);
+if (tcg_enabled()) {
+arm_rebuild_hflags(env);
+}
 }
 }
 
diff --git a/target/arm/arm-powerctl.c b/target/arm/arm-powerctl.c
index b75f813b40..a00624876c 100644
--- a/target/arm/arm-powerctl.c
+++ b/target/arm/arm-powerctl.c
@@ -15,6 +15,7 @@
 #include "arm-powerctl.h"
 #include "qemu/log.h"
 #include "qemu/main-loop.h"
+#include "sysemu/tcg.h"
 
 #ifndef DEBUG_ARM_POWERCTL
 #define DEBUG_ARM_POWERCTL 0
@@ -127,9 +128,10 @@ static void arm_set_cpu_on_async_work(CPUState 
*target_cpu_state,
 target_cpu->env.regs[0] = info->context_id;
 }
 
-/* CP15 update requires rebuilding hflags */
-arm_rebuild_hflags(&target_cpu->env);
-
+if (tcg_enabled()) {
+/* CP15 update requires rebuilding hflags */
+arm_rebuild_hflags(&target_cpu->env);
+}
 /* Start the new CPU at the requested address */
 cpu_set_pc(target_cpu_state, info->entry);
 
diff --git a/target/arm/tcg/tcg-stubs.c b/target/arm/tcg/tcg-stubs.c
index 14220d59a1..332f1b9cfb 100644
--- a/target/arm/tcg/tcg-stubs.c
+++ b/target/arm/tcg/tcg-stubs.c
@@ -14,3 +14,8 @@ void write_v7m_exception(CPUARMState *env, uint32_t new_exc)
 {
 g_assert_not_reached();
 }
+
+void arm_rebuild_hflags(CPUARMState *env)
+{
+g_assert_not_reached();
+}
-- 
2.26.2

[RFC v13 30/80] target/arm: fixup sve_exception_el code style before move

2021-04-14 Thread Claudio Fontana 
before moving over sve_exception_el from the helper code,
cleanup the style.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/tcg/helper.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/target/arm/tcg/helper.c b/target/arm/tcg/helper.c
index 5ec8f9c005..e4f18bcaa7 100644
--- a/target/arm/tcg/helper.c
+++ b/target/arm/tcg/helper.c
@@ -261,7 +261,8 @@ static int arm_gdb_set_svereg(CPUARMState *env, uint8_t 
*buf, int reg)
 }
 #endif /* TARGET_AARCH64 */
 
-/* Return the exception level to which exceptions should be taken
+/*
+ * Return the exception level to which exceptions should be taken
  * via SVEAccessTrap.  If an exception should be routed through
  * AArch64.AdvSIMDFPAccessTrap, return 0; fp_exception_el should
  * take care of raising that exception.
@@ -275,7 +276,8 @@ int sve_exception_el(CPUARMState *env, int el)
 if (el <= 1 && (hcr_el2 & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
 bool disabled = false;
 
-/* The CPACR.ZEN controls traps to EL1:
+/*
+ * The CPACR.ZEN controls traps to EL1:
  * 0, 2 : trap EL0 and EL1 accesses
  * 1: trap only EL0 accesses
  * 3: trap no accesses
@@ -301,7 +303,8 @@ int sve_exception_el(CPUARMState *env, int el)
 }
 }
 
-/* CPTR_EL2.  Since TZ and TFP are positive,
+/*
+ * CPTR_EL2.  Since TZ and TFP are positive,
  * they will be zero when EL2 is not present.
  */
 if (el <= 2 && arm_is_el2_enabled(env)) {
-- 
2.26.2

[RFC v13 22/80] target/arm: move arm_mmu_idx* to cpu-mmu

2021-04-14 Thread Claudio Fontana 
Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/cpu-mmu.c| 95 +
 target/arm/tcg/helper.c | 95 -
 2 files changed, 95 insertions(+), 95 deletions(-)

diff --git a/target/arm/cpu-mmu.c b/target/arm/cpu-mmu.c
index f463f8458e..c6ac90a61e 100644
--- a/target/arm/cpu-mmu.c
+++ b/target/arm/cpu-mmu.c
@@ -122,3 +122,98 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
 .using64k = using64k,
 };
 }
+
+/* Return the exception level we're running at if this is our mmu_idx */
+int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx)
+{
+if (mmu_idx & ARM_MMU_IDX_M) {
+return mmu_idx & ARM_MMU_IDX_M_PRIV;
+}
+
+switch (mmu_idx) {
+case ARMMMUIdx_E10_0:
+case ARMMMUIdx_E20_0:
+case ARMMMUIdx_SE10_0:
+case ARMMMUIdx_SE20_0:
+return 0;
+case ARMMMUIdx_E10_1:
+case ARMMMUIdx_E10_1_PAN:
+case ARMMMUIdx_SE10_1:
+case ARMMMUIdx_SE10_1_PAN:
+return 1;
+case ARMMMUIdx_E2:
+case ARMMMUIdx_E20_2:
+case ARMMMUIdx_E20_2_PAN:
+case ARMMMUIdx_SE2:
+case ARMMMUIdx_SE20_2:
+case ARMMMUIdx_SE20_2_PAN:
+return 2;
+case ARMMMUIdx_SE3:
+return 3;
+default:
+g_assert_not_reached();
+}
+}
+
+#ifndef CONFIG_TCG
+ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, bool secstate)
+{
+g_assert_not_reached();
+}
+#endif
+
+ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
+{
+ARMMMUIdx idx;
+uint64_t hcr;
+
+if (arm_feature(env, ARM_FEATURE_M)) {
+return arm_v7m_mmu_idx_for_secstate(env, env->v7m.secure);
+}
+
+/* See ARM pseudo-function ELIsInHost.  */
+switch (el) {
+case 0:
+hcr = arm_hcr_el2_eff(env);
+if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) {
+idx = ARMMMUIdx_E20_0;
+} else {
+idx = ARMMMUIdx_E10_0;
+}
+break;
+case 1:
+if (env->pstate & PSTATE_PAN) {
+idx = ARMMMUIdx_E10_1_PAN;
+} else {
+idx = ARMMMUIdx_E10_1;
+}
+break;
+case 2:
+/* Note that TGE does not apply at EL2.  */
+if (arm_hcr_el2_eff(env) & HCR_E2H) {
+if (env->pstate & PSTATE_PAN) {
+idx = ARMMMUIdx_E20_2_PAN;
+} else {
+idx = ARMMMUIdx_E20_2;
+}
+} else {
+idx = ARMMMUIdx_E2;
+}
+break;
+case 3:
+return ARMMMUIdx_SE3;
+default:
+g_assert_not_reached();
+}
+
+if (arm_is_secure_below_el3(env)) {
+idx &= ~ARM_MMU_IDX_A_NS;
+}
+
+return idx;
+}
+
+ARMMMUIdx arm_mmu_idx(CPUARMState *env)
+{
+return arm_mmu_idx_el(env, arm_current_el(env));
+}
diff --git a/target/arm/tcg/helper.c b/target/arm/tcg/helper.c
index 15f53d57b0..4b8a0d436c 100644
--- a/target/arm/tcg/helper.c
+++ b/target/arm/tcg/helper.c
@@ -2093,101 +2093,6 @@ int fp_exception_el(CPUARMState *env, int cur_el)
 return 0;
 }
 
-/* Return the exception level we're running at if this is our mmu_idx */
-int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx)
-{
-if (mmu_idx & ARM_MMU_IDX_M) {
-return mmu_idx & ARM_MMU_IDX_M_PRIV;
-}
-
-switch (mmu_idx) {
-case ARMMMUIdx_E10_0:
-case ARMMMUIdx_E20_0:
-case ARMMMUIdx_SE10_0:
-case ARMMMUIdx_SE20_0:
-return 0;
-case ARMMMUIdx_E10_1:
-case ARMMMUIdx_E10_1_PAN:
-case ARMMMUIdx_SE10_1:
-case ARMMMUIdx_SE10_1_PAN:
-return 1;
-case ARMMMUIdx_E2:
-case ARMMMUIdx_E20_2:
-case ARMMMUIdx_E20_2_PAN:
-case ARMMMUIdx_SE2:
-case ARMMMUIdx_SE20_2:
-case ARMMMUIdx_SE20_2_PAN:
-return 2;
-case ARMMMUIdx_SE3:
-return 3;
-default:
-g_assert_not_reached();
-}
-}
-
-#ifndef CONFIG_TCG
-ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, bool secstate)
-{
-g_assert_not_reached();
-}
-#endif
-
-ARMMMUIdx arm_mmu_idx_el(CPUARMState *env, int el)
-{
-ARMMMUIdx idx;
-uint64_t hcr;
-
-if (arm_feature(env, ARM_FEATURE_M)) {
-return arm_v7m_mmu_idx_for_secstate(env, env->v7m.secure);
-}
-
-/* See ARM pseudo-function ELIsInHost.  */
-switch (el) {
-case 0:
-hcr = arm_hcr_el2_eff(env);
-if ((hcr & (HCR_E2H | HCR_TGE)) == (HCR_E2H | HCR_TGE)) {
-idx = ARMMMUIdx_E20_0;
-} else {
-idx = ARMMMUIdx_E10_0;
-}
-break;
-case 1:
-if (env->pstate & PSTATE_PAN) {
-idx = ARMMMUIdx_E10_1_PAN;
-} else {
-idx = ARMMMUIdx_E10_1;
-}
-break;
-case 2:
-/* Note that TGE does not apply at EL2.  */
-if (arm_hcr_el2_eff(env) & HCR_E2H) {
-if (env->pstate & PSTATE_PAN) {
-idx = ARMMMUIdx_E20_2_PAN;
-} else {
-idx = ARMMMUIdx_E20_2;
-}
-} else {

[RFC v13 26/80] target/arm: move aarch64_sync_32_to_64 (and vv) to cpu code

2021-04-14 Thread Claudio Fontana 
and arm_phys_excp_target_el since it is tied up inside the
same #ifdef block.

aarch64_sync_32_to_64 and aarch64_sync_64_to_32 are
mixed in with the TCG helpers, but they shouldn't, as they
are needed for KVM too.

kvm_arch_get_registers()
{
if (!is_a64(env)) {
aarch64_sync_64_to_32(env);
}
write_kvmstate_to_list(cpu);
write_list_to_cpustate(cpu);
...
}

kvm_arch_put_registers()
{
if (!is_a64(env)) {
aarch64_sync_32_to_64(env);
}
write_cpustate_to_list(cpu, true);
write_list_to_kvmstate(cpu, level)
...
}

Move to the cpu module.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/cpu-sysemu.c | 215 +
 target/arm/cpu-user.c   |  11 ++
 target/arm/tcg/helper.c | 232 +---
 3 files changed, 229 insertions(+), 229 deletions(-)

diff --git a/target/arm/cpu-sysemu.c b/target/arm/cpu-sysemu.c
index 3add2c2439..7a314bf805 100644
--- a/target/arm/cpu-sysemu.c
+++ b/target/arm/cpu-sysemu.c
@@ -133,3 +133,218 @@ void switch_mode(CPUARMState *env, int mode)
 env->banked_r14[r14_bank_number(old_mode)] = env->regs[14];
 env->regs[14] = env->banked_r14[r14_bank_number(mode)];
 }
+
+/*
+ * Function used to synchronize QEMU's AArch64 register set with AArch32
+ * register set.  This is necessary when switching between AArch32 and AArch64
+ * execution state.
+ */
+void aarch64_sync_32_to_64(CPUARMState *env)
+{
+int i;
+uint32_t mode = env->uncached_cpsr & CPSR_M;
+
+/* We can blanket copy R[0:7] to X[0:7] */
+for (i = 0; i < 8; i++) {
+env->xregs[i] = env->regs[i];
+}
+
+/*
+ * Unless we are in FIQ mode, x8-x12 come from the user registers r8-r12.
+ * Otherwise, they come from the banked user regs.
+ */
+if (mode == ARM_CPU_MODE_FIQ) {
+for (i = 8; i < 13; i++) {
+env->xregs[i] = env->usr_regs[i - 8];
+}
+} else {
+for (i = 8; i < 13; i++) {
+env->xregs[i] = env->regs[i];
+}
+}
+
+/*
+ * Registers x13-x23 are the various mode SP and FP registers. Registers
+ * r13 and r14 are only copied if we are in that mode, otherwise we copy
+ * from the mode banked register.
+ */
+if (mode == ARM_CPU_MODE_USR || mode == ARM_CPU_MODE_SYS) {
+env->xregs[13] = env->regs[13];
+env->xregs[14] = env->regs[14];
+} else {
+env->xregs[13] = env->banked_r13[bank_number(ARM_CPU_MODE_USR)];
+/* HYP is an exception in that it is copied from r14 */
+if (mode == ARM_CPU_MODE_HYP) {
+env->xregs[14] = env->regs[14];
+} else {
+env->xregs[14] = 
env->banked_r14[r14_bank_number(ARM_CPU_MODE_USR)];
+}
+}
+
+if (mode == ARM_CPU_MODE_HYP) {
+env->xregs[15] = env->regs[13];
+} else {
+env->xregs[15] = env->banked_r13[bank_number(ARM_CPU_MODE_HYP)];
+}
+
+if (mode == ARM_CPU_MODE_IRQ) {
+env->xregs[16] = env->regs[14];
+env->xregs[17] = env->regs[13];
+} else {
+env->xregs[16] = env->banked_r14[r14_bank_number(ARM_CPU_MODE_IRQ)];
+env->xregs[17] = env->banked_r13[bank_number(ARM_CPU_MODE_IRQ)];
+}
+
+if (mode == ARM_CPU_MODE_SVC) {
+env->xregs[18] = env->regs[14];
+env->xregs[19] = env->regs[13];
+} else {
+env->xregs[18] = env->banked_r14[r14_bank_number(ARM_CPU_MODE_SVC)];
+env->xregs[19] = env->banked_r13[bank_number(ARM_CPU_MODE_SVC)];
+}
+
+if (mode == ARM_CPU_MODE_ABT) {
+env->xregs[20] = env->regs[14];
+env->xregs[21] = env->regs[13];
+} else {
+env->xregs[20] = env->banked_r14[r14_bank_number(ARM_CPU_MODE_ABT)];
+env->xregs[21] = env->banked_r13[bank_number(ARM_CPU_MODE_ABT)];
+}
+
+if (mode == ARM_CPU_MODE_UND) {
+env->xregs[22] = env->regs[14];
+env->xregs[23] = env->regs[13];
+} else {
+env->xregs[22] = env->banked_r14[r14_bank_number(ARM_CPU_MODE_UND)];
+env->xregs[23] = env->banked_r13[bank_number(ARM_CPU_MODE_UND)];
+}
+
+/*
+ * Registers x24-x30 are mapped to r8-r14 in FIQ mode.  If we are in FIQ
+ * mode, then we can copy from r8-r14.  Otherwise, we copy from the
+ * FIQ bank for r8-r14.
+ */
+if (mode == ARM_CPU_MODE_FIQ) {
+for (i = 24; i < 31; i++) {
+env->xregs[i] = env->regs[i - 16];   /* X[24:30] <- R[8:14] */
+}
+} else {
+for (i = 24; i < 29; i++) {
+env->xregs[i] = env->fiq_regs[i - 24];
+}
+env->xregs[29] = env->banked_r13[bank_number(ARM_CPU_MODE_FIQ)];
+env->xregs[30] = env->banked_r14[r14_bank_number(ARM_CPU_MODE_FIQ)];
+}
+
+env->pc = env->regs[15];
+}
+
+/*
+ * Function used to synchronize QEMU's AArch32 register set with AArch64
+ * register set.  This is necessary when switching between AArch32 and AArch64
+ * execution state.
+ */
+void

[RFC v13 24/80] target/arm: move arm_sctlr away from tcg helpers

2021-04-14 Thread Claudio Fontana 
this function is used for kvm too, add it to the
cpu-common module.

Signed-off-by: Claudio Fontana 
---
 target/arm/cpu-common.c | 11 +++
 target/arm/tcg/helper.c | 11 ---
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/target/arm/cpu-common.c b/target/arm/cpu-common.c
index a34f7f19d8..93aea216cc 100644
--- a/target/arm/cpu-common.c
+++ b/target/arm/cpu-common.c
@@ -342,3 +342,14 @@ uint32_t sve_zcr_len_for_el(CPUARMState *env, int el)
 }
 
 /* #endif TARGET_AARCH64 , see matching comment above */
+
+uint64_t arm_sctlr(CPUARMState *env, int el)
+{
+/* Only EL0 needs to be adjusted for EL1&0 or EL2&0. */
+if (el == 0) {
+ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, 0);
+el = (mmu_idx == ARMMMUIdx_E20_0 || mmu_idx == ARMMMUIdx_SE20_0)
+? 2 : 1;
+}
+return env->cp15.sctlr_el[el];
+}
diff --git a/target/arm/tcg/helper.c b/target/arm/tcg/helper.c
index 5bc0055c87..b72765ad8a 100644
--- a/target/arm/tcg/helper.c
+++ b/target/arm/tcg/helper.c
@@ -1675,17 +1675,6 @@ void arm_cpu_do_interrupt(CPUState *cs)
 }
 #endif /* !CONFIG_USER_ONLY */
 
-uint64_t arm_sctlr(CPUARMState *env, int el)
-{
-/* Only EL0 needs to be adjusted for EL1&0 or EL2&0. */
-if (el == 0) {
-ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, 0);
-el = (mmu_idx == ARMMMUIdx_E20_0 || mmu_idx == ARMMMUIdx_SE20_0)
- ? 2 : 1;
-}
-return env->cp15.sctlr_el[el];
-}
-
 /* Returns true if the stage 1 translation regime is using LPAE format page
  * tables. Used when raising alignment exceptions, whose FSR changes depending
  * on whether the long or short descriptor format is in use. */
-- 
2.26.2

[RFC v13 17/80] target/arm: tcg: add stubs for some helpers for non-tcg builds

2021-04-14 Thread Claudio Fontana 
this first armv7m one should go away with proper
configuration changes (only enabling possible boards for KVM).

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/tcg/tcg-stubs.c | 16 
 target/arm/tcg/meson.build |  3 +++
 2 files changed, 19 insertions(+)
 create mode 100644 target/arm/tcg/tcg-stubs.c

diff --git a/target/arm/tcg/tcg-stubs.c b/target/arm/tcg/tcg-stubs.c
new file mode 100644
index 00..14220d59a1
--- /dev/null
+++ b/target/arm/tcg/tcg-stubs.c
@@ -0,0 +1,16 @@
+/*
+ * QEMU ARM stubs for some TCG helper functions
+ *
+ * Copyright 2021 SUSE LLC
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+
+void write_v7m_exception(CPUARMState *env, uint32_t new_exc)
+{
+g_assert_not_reached();
+}
diff --git a/target/arm/tcg/meson.build b/target/arm/tcg/meson.build
index 21d44404f3..8e1885a72f 100644
--- a/target/arm/tcg/meson.build
+++ b/target/arm/tcg/meson.build
@@ -27,6 +27,9 @@ arm_ss.add(when: 'CONFIG_TCG', if_true: files(
   'vfp_helper.c',
   'crypto_helper.c',
   'debug_helper.c',
+
+), if_false: files(
+  'tcg-stubs.c',
 ))
 
 arm_ss.add(when: ['TARGET_AARCH64','CONFIG_TCG'], if_true: files(
-- 
2.26.2

[RFC v13 27/80] target/arm: new cpu32 ARM 32 bit CPU Class

2021-04-14 Thread Claudio Fontana 
In the ARM CPU class hierarchy, the ancestor TYPE_ARM_CPU is fundamentally
a 32 bit CPU Class. The child TYPE_AARCH64_CPU overrides the class to
make it a 64 bit CPU Class.

Explicitly put the 32bit CPU Class implementation in a cpu32.c,
along with the 32bit CPU Class model registration function.

In later changes, we will further split 32bit and 64bit code.

Signed-off-by: Claudio Fontana 
---
 target/arm/cpu-qom.h   |   3 --
 target/arm/cpu32.h |  28 ++
 target/arm/cpu.c   |  55 ++-
 target/arm/cpu32.c | 118 +
 target/arm/cpu64.c |   2 +-
 target/arm/cpu_tcg.c   |   3 +-
 target/arm/meson.build |   6 ++-
 7 files changed, 159 insertions(+), 56 deletions(-)
 create mode 100644 target/arm/cpu32.h
 create mode 100644 target/arm/cpu32.c

diff --git a/target/arm/cpu-qom.h b/target/arm/cpu-qom.h
index a22bd506d0..0d41a346b9 100644
--- a/target/arm/cpu-qom.h
+++ b/target/arm/cpu-qom.h
@@ -38,9 +38,6 @@ typedef struct ARMCPUInfo {
 void (*class_init)(ObjectClass *oc, void *data);
 } ARMCPUInfo;
 
-void arm_cpu_register(const ARMCPUInfo *info);
-void aarch64_cpu_register(const ARMCPUInfo *info);
-
 /**
  * ARMCPUClass:
  * @parent_realize: The parent class' realize handler.
diff --git a/target/arm/cpu32.h b/target/arm/cpu32.h
new file mode 100644
index 00..211fad6f55
--- /dev/null
+++ b/target/arm/cpu32.h
@@ -0,0 +1,28 @@
+/*
+ * QEMU ARM CPU models (32bit)
+ *
+ * Copyright (c) 2012 SUSE LINUX Products GmbH
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see
+ * 
+ */
+
+#ifndef ARM_CPU32_H
+#define ARM_CPU32_H
+
+void arm_cpu_dump_state(CPUState *cs, FILE *f, int flags);
+void arm32_cpu_class_init(ObjectClass *oc, void *data);
+void arm32_cpu_register(const ARMCPUInfo *info);
+
+#endif /* ARM_CPU32_H */
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 3e9714a768..d88074b677 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -30,6 +30,7 @@
 #ifdef CONFIG_TCG
 #include "hw/core/tcg-cpu-ops.h"
 #endif /* CONFIG_TCG */
+#include "cpu32.h"
 #include "internals.h"
 #include "exec/exec-all.h"
 #include "hw/qdev-properties.h"
@@ -854,7 +855,7 @@ static inline void aarch64_cpu_dump_state(CPUState *cs, 
FILE *f, int flags)
 
 #endif
 
-static void arm_cpu_dump_state(CPUState *cs, FILE *f, int flags)
+void arm_cpu_dump_state(CPUState *cs, FILE *f, int flags)
 {
 ARMCPU *cpu = ARM_CPU(cs);
 CPUARMState *env = &cpu->env;
@@ -1855,17 +1856,6 @@ static Property arm_cpu_properties[] = {
 DEFINE_PROP_END_OF_LIST()
 };
 
-static gchar *arm_gdb_arch_name(CPUState *cs)
-{
-ARMCPU *cpu = ARM_CPU(cs);
-CPUARMState *env = &cpu->env;
-
-if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
-return g_strdup("iwmmxt");
-}
-return g_strdup("arm");
-}
-
 #ifdef CONFIG_TCG
 static struct TCGCPUOps arm_tcg_ops = {
 .initialize = arm_translate_init,
@@ -1898,10 +1888,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void 
*data)
 
 cc->class_by_name = arm_cpu_class_by_name;
 cc->has_work = arm_cpu_has_work;
-cc->dump_state = arm_cpu_dump_state;
 cc->set_pc = arm_cpu_set_pc;
-cc->gdb_read_register = arm_cpu_gdb_read_register;
-cc->gdb_write_register = arm_cpu_gdb_write_register;
 #ifndef CONFIG_USER_ONLY
 cc->get_phys_page_attrs_debug = arm_cpu_get_phys_page_attrs_debug;
 cc->asidx_from_attrs = arm_asidx_from_attrs;
@@ -1910,9 +1897,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void 
*data)
 cc->write_elf64_note = arm_cpu_write_elf64_note;
 cc->write_elf32_note = arm_cpu_write_elf32_note;
 #endif
-cc->gdb_num_core_regs = 26;
-cc->gdb_core_xml_file = "arm-core.xml";
-cc->gdb_arch_name = arm_gdb_arch_name;
+
 cc->gdb_get_dynamic_xml = arm_gdb_get_dynamic_xml;
 cc->gdb_stop_before_watchpoint = true;
 cc->disas_set_info = arm_disas_set_info;
@@ -1920,6 +1905,8 @@ static void arm_cpu_class_init(ObjectClass *oc, void 
*data)
 #ifdef CONFIG_TCG
 cc->tcg_ops = &arm_tcg_ops;
 #endif /* CONFIG_TCG */
+
+arm32_cpu_class_init(oc, data);
 }
 
 #ifdef CONFIG_KVM
@@ -1942,38 +1929,6 @@ static const TypeInfo host_arm_cpu_type_info = {
 
 #endif
 
-static void arm_cpu_instance_init(Object *obj)
-{
-ARMCPUClass *acc = ARM_CPU_GET_CLASS(obj);
-
-acc->info->initfn(obj);
-arm_cpu_post_init(obj);
-}
-
-static void cpu_register_cla

[RFC v13 25/80] target/arm: move arm_cpu_list to common_cpu

2021-04-14 Thread Claudio Fontana 
Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/cpu-common.c | 42 +
 target/arm/tcg/helper.c | 41 
 2 files changed, 42 insertions(+), 41 deletions(-)

diff --git a/target/arm/cpu-common.c b/target/arm/cpu-common.c
index 93aea216cc..f4a3780e9e 100644
--- a/target/arm/cpu-common.c
+++ b/target/arm/cpu-common.c
@@ -8,6 +8,7 @@
 
 #include "qemu/osdep.h"
 #include "qemu/log.h"
+#include "qemu/qemu-print.h"
 #include "qom/object.h"
 #include "qapi/qapi-commands-machine-target.h"
 #include "qapi/error.h"
@@ -353,3 +354,44 @@ uint64_t arm_sctlr(CPUARMState *env, int el)
 }
 return env->cp15.sctlr_el[el];
 }
+
+/* Sort alphabetically by type name, except for "any". */
+static gint arm_cpu_list_compare(gconstpointer a, gconstpointer b)
+{
+ObjectClass *class_a = (ObjectClass *)a;
+ObjectClass *class_b = (ObjectClass *)b;
+const char *name_a, *name_b;
+
+name_a = object_class_get_name(class_a);
+name_b = object_class_get_name(class_b);
+if (strcmp(name_a, "any-" TYPE_ARM_CPU) == 0) {
+return 1;
+} else if (strcmp(name_b, "any-" TYPE_ARM_CPU) == 0) {
+return -1;
+} else {
+return strcmp(name_a, name_b);
+}
+}
+
+static void arm_cpu_list_entry(gpointer data, gpointer user_data)
+{
+ObjectClass *oc = data;
+const char *typename;
+char *name;
+
+typename = object_class_get_name(oc);
+name = g_strndup(typename, strlen(typename) - strlen("-" TYPE_ARM_CPU));
+qemu_printf("  %s\n", name);
+g_free(name);
+}
+
+void arm_cpu_list(void)
+{
+GSList *list;
+
+list = object_class_get_list(TYPE_ARM_CPU, false);
+list = g_slist_sort(list, arm_cpu_list_compare);
+qemu_printf("Available CPUs:\n");
+g_slist_foreach(list, arm_cpu_list_entry, NULL);
+g_slist_free(list);
+}
diff --git a/target/arm/tcg/helper.c b/target/arm/tcg/helper.c
index b72765ad8a..9763cae8f8 100644
--- a/target/arm/tcg/helper.c
+++ b/target/arm/tcg/helper.c
@@ -552,47 +552,6 @@ void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu)
 
 }
 
-/* Sort alphabetically by type name, except for "any". */
-static gint arm_cpu_list_compare(gconstpointer a, gconstpointer b)
-{
-ObjectClass *class_a = (ObjectClass *)a;
-ObjectClass *class_b = (ObjectClass *)b;
-const char *name_a, *name_b;
-
-name_a = object_class_get_name(class_a);
-name_b = object_class_get_name(class_b);
-if (strcmp(name_a, "any-" TYPE_ARM_CPU) == 0) {
-return 1;
-} else if (strcmp(name_b, "any-" TYPE_ARM_CPU) == 0) {
-return -1;
-} else {
-return strcmp(name_a, name_b);
-}
-}
-
-static void arm_cpu_list_entry(gpointer data, gpointer user_data)
-{
-ObjectClass *oc = data;
-const char *typename;
-char *name;
-
-typename = object_class_get_name(oc);
-name = g_strndup(typename, strlen(typename) - strlen("-" TYPE_ARM_CPU));
-qemu_printf("  %s\n", name);
-g_free(name);
-}
-
-void arm_cpu_list(void)
-{
-GSList *list;
-
-list = object_class_get_list(TYPE_ARM_CPU, false);
-list = g_slist_sort(list, arm_cpu_list_compare);
-qemu_printf("Available CPUs:\n");
-g_slist_foreach(list, arm_cpu_list_entry, NULL);
-g_slist_free(list);
-}
-
 /* Sign/zero extend */
 uint32_t HELPER(sxtb16)(uint32_t x)
 {
-- 
2.26.2

[RFC v13 35/80] target/arm: make further preparation for the exception code to move

2021-04-14 Thread Claudio Fontana 
the exception code in tcg/ needs some adjustment before being exposed
to KVM-only builds. We need to call arm_rebuild_hflags only when
TCG is enabled, or we will error out.

The direct call to helper_rebuild_hflags_a64(env, new_el) will not
be possible when extracting out to common code,
it seems safe to replace it with a call to arm_rebuild_hflags, since
the write to pstate is already done.

Also, some CONFIG_TCG needs to be extended further, so that all
the tcg-only code is marked as such.

Signed-off-by: Claudio Fontana 
---
 target/arm/tcg/helper.c | 12 +---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/target/arm/tcg/helper.c b/target/arm/tcg/helper.c
index 2dbeb3a077..f2407f0af5 100644
--- a/target/arm/tcg/helper.c
+++ b/target/arm/tcg/helper.c
@@ -755,7 +755,9 @@ static void take_aarch32_exception(CPUARMState *env, int 
new_mode,
 env->regs[14] = env->regs[15] + offset;
 }
 env->regs[15] = newpc;
-arm_rebuild_hflags(env);
+if (tcg_enabled()) {
+arm_rebuild_hflags(env);
+}
 }
 
 static void arm_cpu_do_interrupt_aarch32_hyp(CPUState *cs)
@@ -1242,7 +1244,11 @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
 pstate_write(env, PSTATE_DAIF | new_mode);
 env->aarch64 = 1;
 aarch64_restore_sp(env, new_el);
-helper_rebuild_hflags_a64(env, new_el);
+
+if (tcg_enabled()) {
+/* pstate already written, so we can use arm_rebuild_hflags here */
+arm_rebuild_hflags(env);
+}
 
 env->pc = addr;
 
@@ -1306,6 +1312,7 @@ void arm_cpu_do_interrupt(CPUState *cs)
   env->exception.syndrome);
 }
 
+#ifdef CONFIG_TCG
 if (arm_is_psci_call(cpu, cs->exception_index)) {
 arm_handle_psci_call(cpu);
 qemu_log_mask(CPU_LOG_INT, "...handled as PSCI call\n");
@@ -1317,7 +1324,6 @@ void arm_cpu_do_interrupt(CPUState *cs)
  * that caused the exception, not the target exception level, so
  * must be handled here.
  */
-#ifdef CONFIG_TCG
 if (cs->exception_index == EXCP_SEMIHOST) {
 handle_semihosting(cs);
 return;
-- 
2.26.2

[RFC v13 20/80] target/arm: move arm_hcr_el2_eff from tcg/ to common_cpu

2021-04-14 Thread Claudio Fontana 
we will need this for KVM too, especially for Nested support.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/cpu-common.c | 68 +
 target/arm/tcg/helper.c | 68 -
 2 files changed, 68 insertions(+), 68 deletions(-)

diff --git a/target/arm/cpu-common.c b/target/arm/cpu-common.c
index 694e5d73f3..040e06392a 100644
--- a/target/arm/cpu-common.c
+++ b/target/arm/cpu-common.c
@@ -231,3 +231,71 @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t 
mask,
 mask &= ~CACHED_CPSR_BITS;
 env->uncached_cpsr = (env->uncached_cpsr & ~mask) | (val & mask);
 }
+
+/*
+ * Return the effective value of HCR_EL2.
+ * Bits that are not included here:
+ * RW   (read from SCR_EL3.RW as needed)
+ */
+uint64_t arm_hcr_el2_eff(CPUARMState *env)
+{
+uint64_t ret = env->cp15.hcr_el2;
+
+if (!arm_is_el2_enabled(env)) {
+/*
+ * "This register has no effect if EL2 is not enabled in the
+ * current Security state".  This is ARMv8.4-SecEL2 speak for
+ * !(SCR_EL3.NS==1 || SCR_EL3.EEL2==1).
+ *
+ * Prior to that, the language was "In an implementation that
+ * includes EL3, when the value of SCR_EL3.NS is 0 the PE behaves
+ * as if this field is 0 for all purposes other than a direct
+ * read or write access of HCR_EL2".  With lots of enumeration
+ * on a per-field basis.  In current QEMU, this is condition
+ * is arm_is_secure_below_el3.
+ *
+ * Since the v8.4 language applies to the entire register, and
+ * appears to be backward compatible, use that.
+ */
+return 0;
+}
+
+/*
+ * For a cpu that supports both aarch64 and aarch32, we can set bits
+ * in HCR_EL2 (e.g. via EL3) that are RES0 when we enter EL2 as aa32.
+ * Ignore all of the bits in HCR+HCR2 that are not valid for aarch32.
+ */
+if (!arm_el_is_aa64(env, 2)) {
+uint64_t aa32_valid;
+
+/*
+ * These bits are up-to-date as of ARMv8.6.
+ * For HCR, it's easiest to list just the 2 bits that are invalid.
+ * For HCR2, list those that are valid.
+ */
+aa32_valid = MAKE_64BIT_MASK(0, 32) & ~(HCR_RW | HCR_TDZ);
+aa32_valid |= (HCR_CD | HCR_ID | HCR_TERR | HCR_TEA | HCR_MIOCNCE |
+   HCR_TID4 | HCR_TICAB | HCR_TOCU | HCR_TTLBIS);
+ret &= aa32_valid;
+}
+
+if (ret & HCR_TGE) {
+/* These bits are up-to-date as of ARMv8.6.  */
+if (ret & HCR_E2H) {
+ret &= ~(HCR_VM | HCR_FMO | HCR_IMO | HCR_AMO |
+ HCR_BSU_MASK | HCR_DC | HCR_TWI | HCR_TWE |
+ HCR_TID0 | HCR_TID2 | HCR_TPCP | HCR_TPU |
+ HCR_TDZ | HCR_CD | HCR_ID | HCR_MIOCNCE |
+ HCR_TID4 | HCR_TICAB | HCR_TOCU | HCR_ENSCXT |
+ HCR_TTLBIS | HCR_TTLBOS | HCR_TID5);
+} else {
+ret |= HCR_FMO | HCR_IMO | HCR_AMO;
+}
+ret &= ~(HCR_SWIO | HCR_PTW | HCR_VF | HCR_VI | HCR_VSE |
+ HCR_FB | HCR_TID1 | HCR_TID3 | HCR_TSC | HCR_TACR |
+ HCR_TSW | HCR_TTLB | HCR_TVM | HCR_HCD | HCR_TRVM |
+ HCR_TLOR);
+}
+
+return ret;
+}
diff --git a/target/arm/tcg/helper.c b/target/arm/tcg/helper.c
index f35d2969b0..15f53d57b0 100644
--- a/target/arm/tcg/helper.c
+++ b/target/arm/tcg/helper.c
@@ -261,74 +261,6 @@ static int arm_gdb_set_svereg(CPUARMState *env, uint8_t 
*buf, int reg)
 }
 #endif /* TARGET_AARCH64 */
 
-/*
- * Return the effective value of HCR_EL2.
- * Bits that are not included here:
- * RW   (read from SCR_EL3.RW as needed)
- */
-uint64_t arm_hcr_el2_eff(CPUARMState *env)
-{
-uint64_t ret = env->cp15.hcr_el2;
-
-if (!arm_is_el2_enabled(env)) {
-/*
- * "This register has no effect if EL2 is not enabled in the
- * current Security state".  This is ARMv8.4-SecEL2 speak for
- * !(SCR_EL3.NS==1 || SCR_EL3.EEL2==1).
- *
- * Prior to that, the language was "In an implementation that
- * includes EL3, when the value of SCR_EL3.NS is 0 the PE behaves
- * as if this field is 0 for all purposes other than a direct
- * read or write access of HCR_EL2".  With lots of enumeration
- * on a per-field basis.  In current QEMU, this is condition
- * is arm_is_secure_below_el3.
- *
- * Since the v8.4 language applies to the entire register, and
- * appears to be backward compatible, use that.
- */
-return 0;
-}
-
-/*
- * For a cpu that supports both aarch64 and aarch32, we can set bits
- * in HCR_EL2 (e.g. via EL3) that are RES0 when we enter EL2 as aa32.
- * Ignore all of the bits in HCR+HCR2 that are not valid for aarch32.
- */
-if (!arm_el_is_aa64(env, 2)) {
-uint64_t aa32_valid;
-
-

[RFC v13 33/80] target/arm: move fp_exception_el out of TCG helpers

2021-04-14 Thread Claudio Fontana 
Signed-off-by: Claudio Fontana 
---
 target/arm/cpu-sysemu.c | 100 
 target/arm/cpu-user.c   |   5 ++
 target/arm/tcg/helper.c | 100 
 3 files changed, 105 insertions(+), 100 deletions(-)

diff --git a/target/arm/cpu-sysemu.c b/target/arm/cpu-sysemu.c
index 7cc721fe68..128616d90d 100644
--- a/target/arm/cpu-sysemu.c
+++ b/target/arm/cpu-sysemu.c
@@ -410,3 +410,103 @@ int sve_exception_el(CPUARMState *env, int el)
 }
 return 0;
 }
+
+/*
+ * Return the exception level to which FP-disabled exceptions should
+ * be taken, or 0 if FP is enabled.
+ */
+int fp_exception_el(CPUARMState *env, int cur_el)
+{
+#ifndef CONFIG_USER_ONLY
+/*
+ * CPACR and the CPTR registers don't exist before v6, so FP is
+ * always accessible
+ */
+if (!arm_feature(env, ARM_FEATURE_V6)) {
+return 0;
+}
+
+if (arm_feature(env, ARM_FEATURE_M)) {
+/* CPACR can cause a NOCP UsageFault taken to current security state */
+if (!v7m_cpacr_pass(env, env->v7m.secure, cur_el != 0)) {
+return 1;
+}
+
+if (arm_feature(env, ARM_FEATURE_M_SECURITY) && !env->v7m.secure) {
+if (!extract32(env->v7m.nsacr, 10, 1)) {
+/* FP insns cause a NOCP UsageFault taken to Secure */
+return 3;
+}
+}
+
+return 0;
+}
+
+/*
+ * The CPACR controls traps to EL1, or PL1 if we're 32 bit:
+ * 0, 2 : trap EL0 and EL1/PL1 accesses
+ * 1: trap only EL0 accesses
+ * 3: trap no accesses
+ * This register is ignored if E2H+TGE are both set.
+ */
+if ((arm_hcr_el2_eff(env) & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
+int fpen = extract32(env->cp15.cpacr_el1, 20, 2);
+
+switch (fpen) {
+case 0:
+case 2:
+if (cur_el == 0 || cur_el == 1) {
+/* Trap to PL1, which might be EL1 or EL3 */
+if (arm_is_secure(env) && !arm_el_is_aa64(env, 3)) {
+return 3;
+}
+return 1;
+}
+if (cur_el == 3 && !is_a64(env)) {
+/* Secure PL1 running at EL3 */
+return 3;
+}
+break;
+case 1:
+if (cur_el == 0) {
+return 1;
+}
+break;
+case 3:
+break;
+}
+}
+
+/*
+ * The NSACR allows A-profile AArch32 EL3 and M-profile secure mode
+ * to control non-secure access to the FPU. It doesn't have any
+ * effect if EL3 is AArch64 or if EL3 doesn't exist at all.
+ */
+if ((arm_feature(env, ARM_FEATURE_EL3) && !arm_el_is_aa64(env, 3) &&
+ cur_el <= 2 && !arm_is_secure_below_el3(env))) {
+if (!extract32(env->cp15.nsacr, 10, 1)) {
+/* FP insns act as UNDEF */
+return cur_el == 2 ? 2 : 1;
+}
+}
+
+/*
+ * For the CPTR registers we don't need to guard with an ARM_FEATURE
+ * check because zero bits in the registers mean "don't trap".
+ */
+
+/* CPTR_EL2 : present in v7VE or v8 */
+if (cur_el <= 2 && extract32(env->cp15.cptr_el[2], 10, 1)
+&& arm_is_el2_enabled(env)) {
+/* Trap FP ops at EL2, NS-EL1 or NS-EL0 to EL2 */
+return 2;
+}
+
+/* CPTR_EL3 : present in v8 */
+if (extract32(env->cp15.cptr_el[3], 10, 1)) {
+/* Trap all FP ops to EL3 */
+return 3;
+}
+#endif
+return 0;
+}
diff --git a/target/arm/cpu-user.c b/target/arm/cpu-user.c
index 39093ade76..6a1a1fa273 100644
--- a/target/arm/cpu-user.c
+++ b/target/arm/cpu-user.c
@@ -38,3 +38,8 @@ int sve_exception_el(CPUARMState *env, int el)
 {
 return 0;
 }
+
+int fp_exception_el(CPUARMState *env, int el)
+{
+return 0;
+}
diff --git a/target/arm/tcg/helper.c b/target/arm/tcg/helper.c
index 4e027b98fe..2dbeb3a077 100644
--- a/target/arm/tcg/helper.c
+++ b/target/arm/tcg/helper.c
@@ -1625,106 +1625,6 @@ uint32_t HELPER(crc32c)(uint32_t acc, uint32_t val, 
uint32_t bytes)
 return crc32c(acc, buf, bytes) ^ 0x;
 }
 
-/*
- * Return the exception level to which FP-disabled exceptions should
- * be taken, or 0 if FP is enabled.
- */
-int fp_exception_el(CPUARMState *env, int cur_el)
-{
-#ifndef CONFIG_USER_ONLY
-/*
- * CPACR and the CPTR registers don't exist before v6, so FP is
- * always accessible
- */
-if (!arm_feature(env, ARM_FEATURE_V6)) {
-return 0;
-}
-
-if (arm_feature(env, ARM_FEATURE_M)) {
-/* CPACR can cause a NOCP UsageFault taken to current security state */
-if (!v7m_cpacr_pass(env, env->v7m.secure, cur_el != 0)) {
-return 1;
-}
-
-if (arm_feature(env, ARM_FEATURE_M_SECURITY) && !env->v7m.secure) {
-if (!extract32(env->v7m.nsacr, 10, 1)) {
-/* FP insns cause a NOCP UsageFault taken to Secure */
-r

[RFC v13 28/80] target/arm: split 32bit and 64bit arm dump state

2021-04-14 Thread Claudio Fontana 
Signed-off-by: Claudio Fontana 
---
 target/arm/cpu32.h |   2 +-
 target/arm/cpu.c   | 225 -
 target/arm/cpu32.c |  85 -
 target/arm/cpu64.c | 142 
 4 files changed, 227 insertions(+), 227 deletions(-)

diff --git a/target/arm/cpu32.h b/target/arm/cpu32.h
index 211fad6f55..128d0c9247 100644
--- a/target/arm/cpu32.h
+++ b/target/arm/cpu32.h
@@ -21,7 +21,7 @@
 #ifndef ARM_CPU32_H
 #define ARM_CPU32_H
 
-void arm_cpu_dump_state(CPUState *cs, FILE *f, int flags);
+void arm32_cpu_dump_state(CPUState *cs, FILE *f, int flags);
 void arm32_cpu_class_init(ObjectClass *oc, void *data);
 void arm32_cpu_register(const ARMCPUInfo *info);
 
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index d88074b677..e9dc5da4ca 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -19,7 +19,6 @@
  */
 
 #include "qemu/osdep.h"
-#include "qemu/qemu-print.h"
 #include "qemu-common.h"
 #include "target/arm/idau.h"
 #include "qemu/module.h"
@@ -717,230 +716,6 @@ static void arm_disas_set_info(CPUState *cpu, 
disassemble_info *info)
 #endif
 }
 
-#ifdef TARGET_AARCH64
-
-static void aarch64_cpu_dump_state(CPUState *cs, FILE *f, int flags)
-{
-ARMCPU *cpu = ARM_CPU(cs);
-CPUARMState *env = &cpu->env;
-uint32_t psr = pstate_read(env);
-int i;
-int el = arm_current_el(env);
-const char *ns_status;
-
-qemu_fprintf(f, " PC=%016" PRIx64 " ", env->pc);
-for (i = 0; i < 32; i++) {
-if (i == 31) {
-qemu_fprintf(f, " SP=%016" PRIx64 "\n", env->xregs[i]);
-} else {
-qemu_fprintf(f, "X%02d=%016" PRIx64 "%s", i, env->xregs[i],
- (i + 2) % 3 ? " " : "\n");
-}
-}
-
-if (arm_feature(env, ARM_FEATURE_EL3) && el != 3) {
-ns_status = env->cp15.scr_el3 & SCR_NS ? "NS " : "S ";
-} else {
-ns_status = "";
-}
-qemu_fprintf(f, "PSTATE=%08x %c%c%c%c %sEL%d%c",
- psr,
- psr & PSTATE_N ? 'N' : '-',
- psr & PSTATE_Z ? 'Z' : '-',
- psr & PSTATE_C ? 'C' : '-',
- psr & PSTATE_V ? 'V' : '-',
- ns_status,
- el,
- psr & PSTATE_SP ? 'h' : 't');
-
-if (cpu_isar_feature(aa64_bti, cpu)) {
-qemu_fprintf(f, "  BTYPE=%d", (psr & PSTATE_BTYPE) >> 10);
-}
-if (!(flags & CPU_DUMP_FPU)) {
-qemu_fprintf(f, "\n");
-return;
-}
-if (fp_exception_el(env, el) != 0) {
-qemu_fprintf(f, "FPU disabled\n");
-return;
-}
-qemu_fprintf(f, " FPCR=%08x FPSR=%08x\n",
- vfp_get_fpcr(env), vfp_get_fpsr(env));
-
-if (cpu_isar_feature(aa64_sve, cpu) && sve_exception_el(env, el) == 0) {
-int j, zcr_len = sve_zcr_len_for_el(env, el);
-
-for (i = 0; i <= FFR_PRED_NUM; i++) {
-bool eol;
-if (i == FFR_PRED_NUM) {
-qemu_fprintf(f, "FFR=");
-/* It's last, so end the line.  */
-eol = true;
-} else {
-qemu_fprintf(f, "P%02d=", i);
-switch (zcr_len) {
-case 0:
-eol = i % 8 == 7;
-break;
-case 1:
-eol = i % 6 == 5;
-break;
-case 2:
-case 3:
-eol = i % 3 == 2;
-break;
-default:
-/* More than one quadword per predicate.  */
-eol = true;
-break;
-}
-}
-for (j = zcr_len / 4; j >= 0; j--) {
-int digits;
-if (j * 4 + 4 <= zcr_len + 1) {
-digits = 16;
-} else {
-digits = (zcr_len % 4 + 1) * 4;
-}
-qemu_fprintf(f, "%0*" PRIx64 "%s", digits,
- env->vfp.pregs[i].p[j],
- j ? ":" : eol ? "\n" : " ");
-}
-}
-
-for (i = 0; i < 32; i++) {
-if (zcr_len == 0) {
-qemu_fprintf(f, "Z%02d=%016" PRIx64 ":%016" PRIx64 "%s",
- i, env->vfp.zregs[i].d[1],
- env->vfp.zregs[i].d[0], i & 1 ? "\n" : " ");
-} else if (zcr_len == 1) {
-qemu_fprintf(f, "Z%02d=%016" PRIx64 ":%016" PRIx64
- ":%016" PRIx64 ":%016" PRIx64 "\n",
- i, env->vfp.zregs[i].d[3], env->vfp.zregs[i].d[2],
- env->vfp.zregs[i].d[1], env->vfp.zregs[i].d[0]);
-} else {
-for (j = zcr_len; j >= 0; j--) {
-bool odd = (zcr_len - j) % 2 != 0;
-if (j == zcr_len) {
-qemu_fprintf(f, "Z%02d[%x-%x]=", i, j, j - 1);
-

[RFC v13 40/80] target/arm: move TCGCPUOps to tcg/tcg-cpu.c

2021-04-14 Thread Claudio Fontana 
move the TCGCPUOps interface to tcg/tcg-cpu.c
in preparation for the addition of the TCG accel-cpu class.

Signed-off-by: Claudio Fontana 
---
 target/arm/cpu.h   |   1 -
 target/arm/internals.h |   5 -
 target/arm/tcg/tcg-cpu.h   |   6 +
 target/arm/cpu-sysemu.c|   4 +
 target/arm/cpu.c   | 209 +
 target/arm/cpu_tcg.c   |   2 +-
 target/arm/tcg/helper.c|   1 +
 target/arm/tcg/tcg-cpu.c   | 229 +
 target/arm/tcg/meson.build |   1 +
 9 files changed, 244 insertions(+), 214 deletions(-)
 create mode 100644 target/arm/tcg/tcg-cpu.c

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 30882bfbb6..3e92f4faaa 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1024,7 +1024,6 @@ extern const VMStateDescription vmstate_arm_cpu;
 
 void arm_cpu_do_interrupt(CPUState *cpu);
 void arm_v7m_cpu_do_interrupt(CPUState *cpu);
-bool arm_cpu_exec_interrupt(CPUState *cpu, int int_req);
 
 int arm_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int reg);
 int arm_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
diff --git a/target/arm/internals.h b/target/arm/internals.h
index e137bb0ac0..811e029f83 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -172,11 +172,6 @@ static inline int r14_bank_number(int mode)
 void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu);
 void arm_translate_init(void);
 
-#ifdef CONFIG_TCG
-void arm_cpu_synchronize_from_tb(CPUState *cs, const TranslationBlock *tb);
-#endif /* CONFIG_TCG */
-
-
 enum arm_fprounding {
 FPROUNDING_TIEEVEN,
 FPROUNDING_POSINF,
diff --git a/target/arm/tcg/tcg-cpu.h b/target/arm/tcg/tcg-cpu.h
index 7e62f92d16..d93c6a6749 100644
--- a/target/arm/tcg/tcg-cpu.h
+++ b/target/arm/tcg/tcg-cpu.h
@@ -21,6 +21,12 @@
 #define ARM_TCG_CPU_H
 
 #include "cpu.h"
+#include "hw/core/tcg-cpu-ops.h"
+
+void arm_cpu_synchronize_from_tb(CPUState *cs,
+ const TranslationBlock *tb);
+
+extern struct TCGCPUOps arm_tcg_ops;
 
 #ifndef CONFIG_USER_ONLY
 /* Do semihosting call and set the appropriate return value. */
diff --git a/target/arm/cpu-sysemu.c b/target/arm/cpu-sysemu.c
index e83d55b9f7..c09c89eeac 100644
--- a/target/arm/cpu-sysemu.c
+++ b/target/arm/cpu-sysemu.c
@@ -28,6 +28,10 @@
 #include "sysemu/tcg.h"
 #include "tcg/tcg-cpu.h"
 
+#ifdef CONFIG_TCG
+#include "tcg/tcg-cpu.h"
+#endif /* CONFIG_TCG */
+
 void arm_cpu_set_irq(void *opaque, int irq, int level)
 {
 ARMCPU *cpu = opaque;
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index e9dc5da4ca..b130f56d98 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -27,7 +27,7 @@
 #include "cpu.h"
 #include "cpregs.h"
 #ifdef CONFIG_TCG
-#include "hw/core/tcg-cpu-ops.h"
+#include "tcg/tcg-cpu.h"
 #endif /* CONFIG_TCG */
 #include "cpu32.h"
 #include "internals.h"
@@ -59,25 +59,6 @@ static void arm_cpu_set_pc(CPUState *cs, vaddr value)
 }
 }
 
-#ifdef CONFIG_TCG
-void arm_cpu_synchronize_from_tb(CPUState *cs,
- const TranslationBlock *tb)
-{
-ARMCPU *cpu = ARM_CPU(cs);
-CPUARMState *env = &cpu->env;
-
-/*
- * It's OK to look at env for the current mode here, because it's
- * never possible for an AArch64 TB to chain to an AArch32 TB.
- */
-if (is_a64(env)) {
-env->pc = tb->pc;
-} else {
-env->regs[15] = tb->pc;
-}
-}
-#endif /* CONFIG_TCG */
-
 static bool arm_cpu_has_work(CPUState *cs)
 {
 ARMCPU *cpu = ARM_CPU(cs);
@@ -443,175 +424,6 @@ static void arm_cpu_reset(DeviceState *dev)
 }
 }
 
-static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
- unsigned int target_el,
- unsigned int cur_el, bool secure,
- uint64_t hcr_el2)
-{
-CPUARMState *env = cs->env_ptr;
-bool pstate_unmasked;
-bool unmasked = false;
-
-/*
- * Don't take exceptions if they target a lower EL.
- * This check should catch any exceptions that would not be taken
- * but left pending.
- */
-if (cur_el > target_el) {
-return false;
-}
-
-switch (excp_idx) {
-case EXCP_FIQ:
-pstate_unmasked = !(env->daif & PSTATE_F);
-break;
-
-case EXCP_IRQ:
-pstate_unmasked = !(env->daif & PSTATE_I);
-break;
-
-case EXCP_VFIQ:
-if (!(hcr_el2 & HCR_FMO) || (hcr_el2 & HCR_TGE)) {
-/* VFIQs are only taken when hypervized.  */
-return false;
-}
-return !(env->daif & PSTATE_F);
-case EXCP_VIRQ:
-if (!(hcr_el2 & HCR_IMO) || (hcr_el2 & HCR_TGE)) {
-/* VIRQs are only taken when hypervized.  */
-return false;
-}
-return !(env->daif & PSTATE_I);
-default:
-g_assert_not_reached();
-}
-
-/*
- * Use the target EL, current execution state and SCR/HCR settings to
- * determi

[RFC v13 23/80] target/arm: move sve_zcr_len_for_el to common_cpu

2021-04-14 Thread Claudio Fontana 
it is required by arch-dump.c and cpu.c, so apparently
we need this for KVM too

Signed-off-by: Claudio Fontana 
---
 target/arm/cpu-common.c | 43 +
 target/arm/tcg/helper.c | 33 ---
 2 files changed, 43 insertions(+), 33 deletions(-)

diff --git a/target/arm/cpu-common.c b/target/arm/cpu-common.c
index 040e06392a..a34f7f19d8 100644
--- a/target/arm/cpu-common.c
+++ b/target/arm/cpu-common.c
@@ -299,3 +299,46 @@ uint64_t arm_hcr_el2_eff(CPUARMState *env)
 
 return ret;
 }
+
+/*
+ * these are AARCH64-only, but due to the chain of dependencies,
+ * between HELPER prototypes, hflags, cpreg definitions and functions in
+ * tcg/ etc, it becomes incredibly messy to add what should be here:
+ *
+ * #ifdef TARGET_AARCH64
+ */
+
+static uint32_t sve_zcr_get_valid_len(ARMCPU *cpu, uint32_t start_len)
+{
+uint32_t end_len;
+
+end_len = start_len &= 0xf;
+if (!test_bit(start_len, cpu->sve_vq_map)) {
+end_len = find_last_bit(cpu->sve_vq_map, start_len);
+assert(end_len < start_len);
+}
+return end_len;
+}
+
+/*
+ * Given that SVE is enabled, return the vector length for EL.
+ */
+uint32_t sve_zcr_len_for_el(CPUARMState *env, int el)
+{
+ARMCPU *cpu = env_archcpu(env);
+uint32_t zcr_len = cpu->sve_max_vq - 1;
+
+if (el <= 1) {
+zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[1]);
+}
+if (el <= 2 && arm_feature(env, ARM_FEATURE_EL2)) {
+zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[2]);
+}
+if (arm_feature(env, ARM_FEATURE_EL3)) {
+zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[3]);
+}
+
+return sve_zcr_get_valid_len(cpu, zcr_len);
+}
+
+/* #endif TARGET_AARCH64 , see matching comment above */
diff --git a/target/arm/tcg/helper.c b/target/arm/tcg/helper.c
index 4b8a0d436c..5bc0055c87 100644
--- a/target/arm/tcg/helper.c
+++ b/target/arm/tcg/helper.c
@@ -322,39 +322,6 @@ int sve_exception_el(CPUARMState *env, int el)
 return 0;
 }
 
-static uint32_t sve_zcr_get_valid_len(ARMCPU *cpu, uint32_t start_len)
-{
-uint32_t end_len;
-
-end_len = start_len &= 0xf;
-if (!test_bit(start_len, cpu->sve_vq_map)) {
-end_len = find_last_bit(cpu->sve_vq_map, start_len);
-assert(end_len < start_len);
-}
-return end_len;
-}
-
-/*
- * Given that SVE is enabled, return the vector length for EL.
- */
-uint32_t sve_zcr_len_for_el(CPUARMState *env, int el)
-{
-ARMCPU *cpu = env_archcpu(env);
-uint32_t zcr_len = cpu->sve_max_vq - 1;
-
-if (el <= 1) {
-zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[1]);
-}
-if (el <= 2 && arm_feature(env, ARM_FEATURE_EL2)) {
-zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[2]);
-}
-if (arm_feature(env, ARM_FEATURE_EL3)) {
-zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[3]);
-}
-
-return sve_zcr_get_valid_len(cpu, zcr_len);
-}
-
 void hw_watchpoint_update(ARMCPU *cpu, int n)
 {
 CPUARMState *env = &cpu->env;
-- 
2.26.2

[RFC v13 31/80] target/arm: move sve_exception_el out of TCG helpers

2021-04-14 Thread Claudio Fontana 
we need this for KVM too.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/cpu-sysemu.c | 62 +++
 target/arm/cpu-user.c   |  5 
 target/arm/tcg/helper.c | 64 -
 3 files changed, 67 insertions(+), 64 deletions(-)

diff --git a/target/arm/cpu-sysemu.c b/target/arm/cpu-sysemu.c
index 7a314bf805..7cc721fe68 100644
--- a/target/arm/cpu-sysemu.c
+++ b/target/arm/cpu-sysemu.c
@@ -348,3 +348,65 @@ void aarch64_sync_64_to_32(CPUARMState *env)
 
 env->regs[15] = env->pc;
 }
+
+/*
+ * Return the exception level to which exceptions should be taken
+ * via SVEAccessTrap.  If an exception should be routed through
+ * AArch64.AdvSIMDFPAccessTrap, return 0; fp_exception_el should
+ * take care of raising that exception.
+ * C.f. the ARM pseudocode function CheckSVEEnabled.
+ */
+int sve_exception_el(CPUARMState *env, int el)
+{
+uint64_t hcr_el2 = arm_hcr_el2_eff(env);
+
+if (el <= 1 && (hcr_el2 & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
+bool disabled = false;
+
+/*
+ * The CPACR.ZEN controls traps to EL1:
+ * 0, 2 : trap EL0 and EL1 accesses
+ * 1: trap only EL0 accesses
+ * 3: trap no accesses
+ */
+if (!extract32(env->cp15.cpacr_el1, 16, 1)) {
+disabled = true;
+} else if (!extract32(env->cp15.cpacr_el1, 17, 1)) {
+disabled = el == 0;
+}
+if (disabled) {
+/* route_to_el2 */
+return hcr_el2 & HCR_TGE ? 2 : 1;
+}
+
+/* Check CPACR.FPEN.  */
+if (!extract32(env->cp15.cpacr_el1, 20, 1)) {
+disabled = true;
+} else if (!extract32(env->cp15.cpacr_el1, 21, 1)) {
+disabled = el == 0;
+}
+if (disabled) {
+return 0;
+}
+}
+
+/*
+ * CPTR_EL2.  Since TZ and TFP are positive,
+ * they will be zero when EL2 is not present.
+ */
+if (el <= 2 && arm_is_el2_enabled(env)) {
+if (env->cp15.cptr_el[2] & CPTR_TZ) {
+return 2;
+}
+if (env->cp15.cptr_el[2] & CPTR_TFP) {
+return 0;
+}
+}
+
+/* CPTR_EL3.  Since EZ is negative we must check for EL3.  */
+if (arm_feature(env, ARM_FEATURE_EL3)
+&& !(env->cp15.cptr_el[3] & CPTR_EZ)) {
+return 3;
+}
+return 0;
+}
diff --git a/target/arm/cpu-user.c b/target/arm/cpu-user.c
index 0225089e46..39093ade76 100644
--- a/target/arm/cpu-user.c
+++ b/target/arm/cpu-user.c
@@ -33,3 +33,8 @@ uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t 
excp_idx,
 {
 return 1;
 }
+
+int sve_exception_el(CPUARMState *env, int el)
+{
+return 0;
+}
diff --git a/target/arm/tcg/helper.c b/target/arm/tcg/helper.c
index e4f18bcaa7..aaa307daca 100644
--- a/target/arm/tcg/helper.c
+++ b/target/arm/tcg/helper.c
@@ -261,70 +261,6 @@ static int arm_gdb_set_svereg(CPUARMState *env, uint8_t 
*buf, int reg)
 }
 #endif /* TARGET_AARCH64 */
 
-/*
- * Return the exception level to which exceptions should be taken
- * via SVEAccessTrap.  If an exception should be routed through
- * AArch64.AdvSIMDFPAccessTrap, return 0; fp_exception_el should
- * take care of raising that exception.
- * C.f. the ARM pseudocode function CheckSVEEnabled.
- */
-int sve_exception_el(CPUARMState *env, int el)
-{
-#ifndef CONFIG_USER_ONLY
-uint64_t hcr_el2 = arm_hcr_el2_eff(env);
-
-if (el <= 1 && (hcr_el2 & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
-bool disabled = false;
-
-/*
- * The CPACR.ZEN controls traps to EL1:
- * 0, 2 : trap EL0 and EL1 accesses
- * 1: trap only EL0 accesses
- * 3: trap no accesses
- */
-if (!extract32(env->cp15.cpacr_el1, 16, 1)) {
-disabled = true;
-} else if (!extract32(env->cp15.cpacr_el1, 17, 1)) {
-disabled = el == 0;
-}
-if (disabled) {
-/* route_to_el2 */
-return hcr_el2 & HCR_TGE ? 2 : 1;
-}
-
-/* Check CPACR.FPEN.  */
-if (!extract32(env->cp15.cpacr_el1, 20, 1)) {
-disabled = true;
-} else if (!extract32(env->cp15.cpacr_el1, 21, 1)) {
-disabled = el == 0;
-}
-if (disabled) {
-return 0;
-}
-}
-
-/*
- * CPTR_EL2.  Since TZ and TFP are positive,
- * they will be zero when EL2 is not present.
- */
-if (el <= 2 && arm_is_el2_enabled(env)) {
-if (env->cp15.cptr_el[2] & CPTR_TZ) {
-return 2;
-}
-if (env->cp15.cptr_el[2] & CPTR_TFP) {
-return 0;
-}
-}
-
-/* CPTR_EL3.  Since EZ is negative we must check for EL3.  */
-if (arm_feature(env, ARM_FEATURE_EL3)
-&& !(env->cp15.cptr_el[3] & CPTR_EZ)) {
-return 3;
-}
-#endif
-return 0;
-}
-
 void hw_watchpoint_update(ARMCPU *cpu, int n)
 {
 CPUAR

[RFC v13 32/80] target/arm: fix comments style of fp_exception_el before moving it

2021-04-14 Thread Claudio Fontana 
Signed-off-by: Claudio Fontana 
---
 target/arm/tcg/helper.c | 12 
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/target/arm/tcg/helper.c b/target/arm/tcg/helper.c
index aaa307daca..4e027b98fe 100644
--- a/target/arm/tcg/helper.c
+++ b/target/arm/tcg/helper.c
@@ -1625,13 +1625,15 @@ uint32_t HELPER(crc32c)(uint32_t acc, uint32_t val, 
uint32_t bytes)
 return crc32c(acc, buf, bytes) ^ 0x;
 }
 
-/* Return the exception level to which FP-disabled exceptions should
+/*
+ * Return the exception level to which FP-disabled exceptions should
  * be taken, or 0 if FP is enabled.
  */
 int fp_exception_el(CPUARMState *env, int cur_el)
 {
 #ifndef CONFIG_USER_ONLY
-/* CPACR and the CPTR registers don't exist before v6, so FP is
+/*
+ * CPACR and the CPTR registers don't exist before v6, so FP is
  * always accessible
  */
 if (!arm_feature(env, ARM_FEATURE_V6)) {
@@ -1654,7 +1656,8 @@ int fp_exception_el(CPUARMState *env, int cur_el)
 return 0;
 }
 
-/* The CPACR controls traps to EL1, or PL1 if we're 32 bit:
+/*
+ * The CPACR controls traps to EL1, or PL1 if we're 32 bit:
  * 0, 2 : trap EL0 and EL1/PL1 accesses
  * 1: trap only EL0 accesses
  * 3: trap no accesses
@@ -1701,7 +1704,8 @@ int fp_exception_el(CPUARMState *env, int cur_el)
 }
 }
 
-/* For the CPTR registers we don't need to guard with an ARM_FEATURE
+/*
+ * For the CPTR registers we don't need to guard with an ARM_FEATURE
  * check because zero bits in the registers mean "don't trap".
  */
 
-- 
2.26.2

[RFC v13 44/80] target/arm: move kvm-const.h, kvm.c, kvm64.c, kvm_arm.h to kvm/

2021-04-14 Thread Claudio Fontana 
and adapt the code including the header references,
and trace-events / trace.h

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 meson.build   | 2 +-
 target/arm/cpu.h  | 2 +-
 target/arm/{ => kvm}/kvm-consts.h | 0
 target/arm/{ => kvm}/kvm_arm.h| 0
 target/arm/kvm/trace.h| 1 +
 target/arm/trace.h| 1 -
 hw/arm/sbsa-ref.c | 2 +-
 hw/arm/virt-acpi-build.c  | 2 +-
 hw/arm/virt.c | 2 +-
 hw/arm/xlnx-versal.c  | 2 +-
 hw/arm/xlnx-zynqmp.c  | 2 +-
 hw/cpu/a15mpcore.c| 2 +-
 hw/intc/arm_gic_kvm.c | 2 +-
 hw/intc/arm_gicv3_its_kvm.c   | 2 +-
 hw/intc/arm_gicv3_kvm.c   | 2 +-
 target/arm/cpu-sysemu.c   | 2 +-
 target/arm/cpu.c  | 2 +-
 target/arm/cpu32.c| 2 +-
 target/arm/cpu64.c| 2 +-
 target/arm/{ => kvm}/kvm.c| 0
 target/arm/{ => kvm}/kvm64.c  | 0
 target/arm/machine.c  | 2 +-
 target/arm/monitor.c  | 2 +-
 target/arm/tcg/sysemu/tcg-cpu.c   | 1 -
 MAINTAINERS   | 2 +-
 target/arm/kvm/meson.build| 4 
 target/arm/{ => kvm}/trace-events | 0
 target/arm/meson.build| 3 +--
 28 files changed, 24 insertions(+), 22 deletions(-)
 rename target/arm/{ => kvm}/kvm-consts.h (100%)
 rename target/arm/{ => kvm}/kvm_arm.h (100%)
 create mode 100644 target/arm/kvm/trace.h
 delete mode 100644 target/arm/trace.h
 rename target/arm/{ => kvm}/kvm.c (100%)
 rename target/arm/{ => kvm}/kvm64.c (100%)
 create mode 100644 target/arm/kvm/meson.build
 rename target/arm/{ => kvm}/trace-events (100%)

diff --git a/meson.build b/meson.build
index 357ddc3dd6..18be3e6295 100644
--- a/meson.build
+++ b/meson.build
@@ -1844,8 +1844,8 @@ if have_system or have_user
   trace_events_subdirs += [
 'accel/tcg',
 'hw/core',
-'target/arm',
 'target/arm/tcg',
+'target/arm/kvm',
 'target/hppa',
 'target/i386',
 'target/i386/kvm',
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 3e92f4faaa..8b570fa14c 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -20,7 +20,7 @@
 #ifndef ARM_CPU_H
 #define ARM_CPU_H
 
-#include "kvm-consts.h"
+#include "kvm/kvm-consts.h"
 #include "hw/registerfields.h"
 #include "cpu-qom.h"
 #include "exec/cpu-defs.h"
diff --git a/target/arm/kvm-consts.h b/target/arm/kvm/kvm-consts.h
similarity index 100%
rename from target/arm/kvm-consts.h
rename to target/arm/kvm/kvm-consts.h
diff --git a/target/arm/kvm_arm.h b/target/arm/kvm/kvm_arm.h
similarity index 100%
rename from target/arm/kvm_arm.h
rename to target/arm/kvm/kvm_arm.h
diff --git a/target/arm/kvm/trace.h b/target/arm/kvm/trace.h
new file mode 100644
index 00..c688745b90
--- /dev/null
+++ b/target/arm/kvm/trace.h
@@ -0,0 +1 @@
+#include "trace/trace-target_arm_kvm.h"
diff --git a/target/arm/trace.h b/target/arm/trace.h
deleted file mode 100644
index 60372d8e26..00
--- a/target/arm/trace.h
+++ /dev/null
@@ -1 +0,0 @@
-#include "trace/trace-target_arm.h"
diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
index 88dfb2284c..fa0356cf20 100644
--- a/hw/arm/sbsa-ref.c
+++ b/hw/arm/sbsa-ref.c
@@ -29,7 +29,7 @@
 #include "sysemu/sysemu.h"
 #include "exec/address-spaces.h"
 #include "exec/hwaddr.h"
-#include "kvm_arm.h"
+#include "kvm/kvm_arm.h"
 #include "hw/arm/boot.h"
 #include "hw/block/flash.h"
 #include "hw/boards.h"
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index f5a2b2d4cb..1dc165a32d 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -51,7 +51,7 @@
 #include "sysemu/numa.h"
 #include "sysemu/reset.h"
 #include "sysemu/tpm.h"
-#include "kvm_arm.h"
+#include "kvm/kvm_arm.h"
 #include "migration/vmstate.h"
 #include "hw/acpi/ghes.h"
 
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 9f01d9041b..65964edd58 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -65,7 +65,7 @@
 #include "hw/intc/arm_gic.h"
 #include "hw/intc/arm_gicv3_common.h"
 #include "hw/irq.h"
-#include "kvm_arm.h"
+#include "kvm/kvm_arm.h"
 #include "hw/firmware/smbios.h"
 #include "qapi/visitor.h"
 #include "qapi/qapi-visit-common.h"
diff --git a/hw/arm/xlnx-versal.c b/hw/arm/xlnx-versal.c
index 79609692e4..49873584a1 100644
--- a/hw/arm/xlnx-versal.c
+++ b/hw/arm/xlnx-versal.c
@@ -19,7 +19,7 @@
 #include "sysemu/sysemu.h"
 #include "sysemu/kvm.h"
 #include "hw/arm/boot.h"
-#include "kvm_arm.h"
+#include "kvm/kvm_arm.h"
 #include "hw/misc/unimp.h"
 #include "hw/arm/xlnx-versal.h"
 
diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
index 7f01284a5c..90c3254bdd 100644
--- a/hw/arm/xlnx-zynqmp.c
+++ b/hw/arm/xlnx-zynqmp.c
@@ -25,7 +25,7 @@
 #include "exec/address-spaces.h"
 #include "sysemu/kvm.h"
 #include "sysemu/sysemu.h"
-#include "kvm_arm.h"
+#include "kvm/kvm_arm.h"
 
 #define GIC_NUM_SPI_INTR 160
 
diff --git a/hw/cpu/a15mpcore.c b/hw/cpu/a15mpcore.c
index 774ca9987a..670d07a98c

[RFC v13 34/80] target/arm: remove now useless ifndef from fp_exception_el

2021-04-14 Thread Claudio Fontana 
after moving the code of fp_exception_el to a sysemu-only module,
we can remove the #ifndef CONFIG_USER_ONLY.

Signed-off-by: Claudio Fontana 
---
 target/arm/cpu-sysemu.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/target/arm/cpu-sysemu.c b/target/arm/cpu-sysemu.c
index 128616d90d..0d80a0161c 100644
--- a/target/arm/cpu-sysemu.c
+++ b/target/arm/cpu-sysemu.c
@@ -417,7 +417,6 @@ int sve_exception_el(CPUARMState *env, int el)
  */
 int fp_exception_el(CPUARMState *env, int cur_el)
 {
-#ifndef CONFIG_USER_ONLY
 /*
  * CPACR and the CPTR registers don't exist before v6, so FP is
  * always accessible
@@ -507,6 +506,5 @@ int fp_exception_el(CPUARMState *env, int cur_el)
 /* Trap all FP ops to EL3 */
 return 3;
 }
-#endif
 return 0;
 }
-- 
2.26.2

[RFC v13 29/80] target/arm: move a15 cpu model away from the TCG-only models

2021-04-14 Thread Claudio Fontana 
Cortex-A15 is the only ARM cpu class we need in KVM too.

We will be able to move it to tcg/ once the board code and configurations
are fixed.

Signed-off-by: Claudio Fontana 
---
 target/arm/cpu32.h   |  4 +++
 target/arm/cpu32.c   | 73 
 target/arm/cpu_tcg.c | 67 
 3 files changed, 77 insertions(+), 67 deletions(-)

diff --git a/target/arm/cpu32.h b/target/arm/cpu32.h
index 128d0c9247..abd575d47d 100644
--- a/target/arm/cpu32.h
+++ b/target/arm/cpu32.h
@@ -21,8 +21,12 @@
 #ifndef ARM_CPU32_H
 #define ARM_CPU32_H
 
+#include "cpregs.h"
+
 void arm32_cpu_dump_state(CPUState *cs, FILE *f, int flags);
 void arm32_cpu_class_init(ObjectClass *oc, void *data);
 void arm32_cpu_register(const ARMCPUInfo *info);
+void cortex_a15_initfn(Object *obj);
+extern const ARMCPRegInfo cortexa15_cp_reginfo[];
 
 #endif /* ARM_CPU32_H */
diff --git a/target/arm/cpu32.c b/target/arm/cpu32.c
index c03f420ba2..a6ba91ae08 100644
--- a/target/arm/cpu32.c
+++ b/target/arm/cpu32.c
@@ -43,8 +43,81 @@
 #include "cpu-mmu.h"
 #include "cpu32.h"
 
+#if !defined(CONFIG_USER_ONLY) || !defined(TARGET_AARCH64)
+
+#ifndef CONFIG_USER_ONLY
+static uint64_t a15_l2ctlr_read(CPUARMState *env, const ARMCPRegInfo *ri)
+{
+MachineState *ms = MACHINE(qdev_get_machine());
+
+/*
+ * Linux wants the number of processors from here.
+ * Might as well set the interrupt-controller bit too.
+ */
+return ((ms->smp.cpus - 1) << 24) | (1 << 23);
+}
+#endif
+
+const ARMCPRegInfo cortexa15_cp_reginfo[] = {
+#ifndef CONFIG_USER_ONLY
+{ .name = "L2CTLR", .cp = 15, .crn = 9, .crm = 0, .opc1 = 1, .opc2 = 2,
+  .access = PL1_RW, .resetvalue = 0, .readfn = a15_l2ctlr_read,
+  .writefn = arm_cp_write_ignore, },
+#endif
+{ .name = "L2ECTLR", .cp = 15, .crn = 9, .crm = 0, .opc1 = 1, .opc2 = 3,
+  .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+REGINFO_SENTINEL
+};
+
+void cortex_a15_initfn(Object *obj)
+{
+ARMCPU *cpu = ARM_CPU(obj);
+
+cpu->dtb_compatible = "arm,cortex-a15";
+set_feature(&cpu->env, ARM_FEATURE_V7VE);
+set_feature(&cpu->env, ARM_FEATURE_NEON);
+set_feature(&cpu->env, ARM_FEATURE_THUMB2EE);
+set_feature(&cpu->env, ARM_FEATURE_GENERIC_TIMER);
+set_feature(&cpu->env, ARM_FEATURE_DUMMY_C15_REGS);
+set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
+set_feature(&cpu->env, ARM_FEATURE_EL2);
+set_feature(&cpu->env, ARM_FEATURE_EL3);
+set_feature(&cpu->env, ARM_FEATURE_PMU);
+cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A15;
+cpu->midr = 0x412fc0f1;
+cpu->reset_fpsid = 0x410430f0;
+cpu->isar.mvfr0 = 0x10110222;
+cpu->isar.mvfr1 = 0x;
+cpu->ctr = 0x8444c004;
+cpu->reset_sctlr = 0x00c50078;
+cpu->isar.id_pfr0 = 0x1131;
+cpu->isar.id_pfr1 = 0x00011011;
+cpu->isar.id_dfr0 = 0x02010555;
+cpu->id_afr0 = 0x;
+cpu->isar.id_mmfr0 = 0x10201105;
+cpu->isar.id_mmfr1 = 0x2000;
+cpu->isar.id_mmfr2 = 0x0124;
+cpu->isar.id_mmfr3 = 0x02102211;
+cpu->isar.id_isar0 = 0x02101110;
+cpu->isar.id_isar1 = 0x13112111;
+cpu->isar.id_isar2 = 0x21232041;
+cpu->isar.id_isar3 = 0x2131;
+cpu->isar.id_isar4 = 0x10011142;
+cpu->isar.dbgdidr = 0x3515f021;
+cpu->clidr = 0x0a200023;
+cpu->ccsidr[0] = 0x701fe00a; /* 32K L1 dcache */
+cpu->ccsidr[1] = 0x201fe00a; /* 32K L1 icache */
+cpu->ccsidr[2] = 0x711fe07a; /* 4096K L2 unified cache */
+define_arm_cp_regs(cpu, cortexa15_cp_reginfo);
+}
+
+#endif /* !CONFIG_USER_ONLY || !TARGET_AARCH64 */
+
 /* we can move this to tcg/ after the cleanup of ARM boards configurations */
 static const ARMCPUInfo arm32_cpus[] = {
+#if !defined(CONFIG_USER_ONLY) || !defined(TARGET_AARCH64)
+{ .name = "cortex-a15",  .initfn = cortex_a15_initfn },
+#endif /* !CONFIG_USER_ONLY || !TARGET_AARCH64 */
 };
 
 static gchar *arm_gdb_arch_name(CPUState *cs)
diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c
index 0d5c8340b7..d120250b18 100644
--- a/target/arm/cpu_tcg.c
+++ b/target/arm/cpu_tcg.c
@@ -378,30 +378,6 @@ static void cortex_a9_initfn(Object *obj)
 define_arm_cp_regs(cpu, cortexa9_cp_reginfo);
 }
 
-#ifndef CONFIG_USER_ONLY
-static uint64_t a15_l2ctlr_read(CPUARMState *env, const ARMCPRegInfo *ri)
-{
-MachineState *ms = MACHINE(qdev_get_machine());
-
-/*
- * Linux wants the number of processors from here.
- * Might as well set the interrupt-controller bit too.
- */
-return ((ms->smp.cpus - 1) << 24) | (1 << 23);
-}
-#endif
-
-static const ARMCPRegInfo cortexa15_cp_reginfo[] = {
-#ifndef CONFIG_USER_ONLY
-{ .name = "L2CTLR", .cp = 15, .crn = 9, .crm = 0, .opc1 = 1, .opc2 = 2,
-  .access = PL1_RW, .resetvalue = 0, .readfn = a15_l2ctlr_read,
-  .writefn = arm_cp_write_ignore, },
-#endif
-{ .name = "L2ECTLR", .cp = 15, .crn = 9, .crm = 0, .opc1 = 1, .opc2 = 3,
-  .access = PL1_RW, .type = ARM_CP_CONST,

[RFC v13 42/80] target/arm: wrap call to aarch64_sve_change_el in tcg_enabled()

2021-04-14 Thread Claudio Fontana 
After this patch it is possible to build only kvm:

./configure --disable-tcg --enable-kvm

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/cpu-sysemu.c | 12 +++-
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/target/arm/cpu-sysemu.c b/target/arm/cpu-sysemu.c
index c09c89eeac..2d3fe4f643 100644
--- a/target/arm/cpu-sysemu.c
+++ b/target/arm/cpu-sysemu.c
@@ -917,11 +917,13 @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
 unsigned int cur_el = arm_current_el(env);
 int rt;
 
-/*
- * Note that new_el can never be 0.  If cur_el is 0, then
- * el0_a64 is is_a64(), else el0_a64 is ignored.
- */
-aarch64_sve_change_el(env, cur_el, new_el, is_a64(env));
+if (tcg_enabled()) {
+/*
+ * Note that new_el can never be 0.  If cur_el is 0, then
+ * el0_a64 is is_a64(), else el0_a64 is ignored.
+ */
+aarch64_sve_change_el(env, cur_el, new_el, is_a64(env));
+}
 
 if (cur_el < new_el) {
 /*
-- 
2.26.2

[RFC v13 36/80] target/arm: fix style of arm_cpu_do_interrupt functions before move

2021-04-14 Thread Claudio Fontana 
before refactoring the exception code, fix the style of the
functions being moved.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/tcg/helper.c | 17 +++--
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/target/arm/tcg/helper.c b/target/arm/tcg/helper.c
index f2407f0af5..9f16af8a68 100644
--- a/target/arm/tcg/helper.c
+++ b/target/arm/tcg/helper.c
@@ -896,10 +896,11 @@ static void arm_cpu_do_interrupt_aarch32(CPUState *cs)
 new_mode = ARM_CPU_MODE_UND;
 addr = 0x04;
 mask = CPSR_I;
-if (env->thumb)
+if (env->thumb) {
 offset = 2;
-else
+} else {
 offset = 4;
+}
 break;
 case EXCP_SWI:
 new_mode = ARM_CPU_MODE_SVC;
@@ -985,7 +986,8 @@ static void arm_cpu_do_interrupt_aarch32(CPUState *cs)
 /* High vectors. When enabled, base address cannot be remapped. */
 addr += 0x;
 } else {
-/* ARM v7 architectures provide a vector base address register to remap
+/*
+ * ARM v7 architectures provide a vector base address register to remap
  * the interrupt vector table.
  * This register is only followed in non-monitor mode, and is banked.
  * Note: only bits 31:5 are valid.
@@ -1094,7 +1096,8 @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
 aarch64_sve_change_el(env, cur_el, new_el, is_a64(env));
 
 if (cur_el < new_el) {
-/* Entry vector offset depends on whether the implemented EL
+/*
+ * Entry vector offset depends on whether the implemented EL
  * immediately lower than the target level is using AArch32 or AArch64
  */
 bool is_aa64;
@@ -1285,7 +1288,8 @@ static void handle_semihosting(CPUState *cs)
 }
 #endif
 
-/* Handle a CPU exception for A and R profile CPUs.
+/*
+ * Handle a CPU exception for A and R profile CPUs.
  * Do any appropriate logging, handle PSCI calls, and then hand off
  * to the AArch64-entry or AArch32-entry function depending on the
  * target exception level's register width.
@@ -1330,7 +1334,8 @@ void arm_cpu_do_interrupt(CPUState *cs)
 }
 #endif
 
-/* Hooks may change global state so BQL should be held, also the
+/*
+ * Hooks may change global state so BQL should be held, also the
  * BQL needs to be held for any modification of
  * cs->interrupt_request.
  */
-- 
2.26.2

[RFC v13 41/80] target/arm: move cpu_tcg to tcg/tcg-cpu-models.c

2021-04-14 Thread Claudio Fontana 
move the module containing cpu models definitions
for 32bit TCG-only CPUs to tcg/ and rename it for clarity.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/{cpu_tcg.c => tcg/tcg-cpu-models.c} | 9 +
 target/arm/meson.build | 4 
 target/arm/tcg/meson.build | 1 +
 3 files changed, 2 insertions(+), 12 deletions(-)
 rename target/arm/{cpu_tcg.c => tcg/tcg-cpu-models.c} (99%)

diff --git a/target/arm/cpu_tcg.c b/target/arm/tcg/tcg-cpu-models.c
similarity index 99%
rename from target/arm/cpu_tcg.c
rename to target/arm/tcg/tcg-cpu-models.c
index 54df5a8e77..5dc8e2c93f 100644
--- a/target/arm/cpu_tcg.c
+++ b/target/arm/tcg/tcg-cpu-models.c
@@ -1,5 +1,5 @@
 /*
- * QEMU ARM TCG CPUs.
+ * QEMU ARM TCG-only CPUs.
  *
  * Copyright (c) 2012 SUSE LINUX Products GmbH
  *
@@ -9,10 +9,7 @@
  */
 
 #include "qemu/osdep.h"
-#include "cpu.h"
-#ifdef CONFIG_TCG
 #include "tcg/tcg-cpu.h"
-#endif /* CONFIG_TCG */
 #include "internals.h"
 #include "target/arm/idau.h"
 #if !defined(CONFIG_USER_ONLY)
@@ -24,7 +21,6 @@
 /* CPU models. These are not needed for the AArch64 linux-user build. */
 #if !defined(CONFIG_USER_ONLY) || !defined(TARGET_AARCH64)
 
-#ifdef CONFIG_TCG
 static bool arm_v7m_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
 {
 CPUClass *cc = CPU_GET_CLASS(cs);
@@ -48,7 +44,6 @@ static bool arm_v7m_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
 }
 return ret;
 }
-#endif /* CONFIG_TCG */
 
 static void arm926_initfn(Object *obj)
 {
@@ -833,7 +828,6 @@ static void pxa270c5_initfn(Object *obj)
 cpu->reset_sctlr = 0x0078;
 }
 
-#ifdef CONFIG_TCG
 static struct TCGCPUOps arm_v7m_tcg_ops = {
 .initialize = arm_translate_init,
 .synchronize_from_tb = arm_cpu_synchronize_from_tb,
@@ -849,7 +843,6 @@ static struct TCGCPUOps arm_v7m_tcg_ops = {
 .debug_check_watchpoint = arm_debug_check_watchpoint,
 #endif /* !CONFIG_USER_ONLY */
 };
-#endif /* CONFIG_TCG */
 
 static void arm_v7m_class_init(ObjectClass *oc, void *data)
 {
diff --git a/target/arm/meson.build b/target/arm/meson.build
index 0ccd2fb0bc..8d0c12b2fc 100644
--- a/target/arm/meson.build
+++ b/target/arm/meson.build
@@ -18,10 +18,6 @@ arm_ss.add(when: 'TARGET_AARCH64', if_true: files(
   'gdbstub64.c',
 ))
 
-arm_ss.add(when: 'CONFIG_TCG', if_true: files(
-  'cpu_tcg.c',
-))
-
 arm_softmmu_ss = ss.source_set()
 arm_softmmu_ss.add(files(
   'arch_dump.c',
diff --git a/target/arm/tcg/meson.build b/target/arm/tcg/meson.build
index cb67c59416..b3beeef5f2 100644
--- a/target/arm/tcg/meson.build
+++ b/target/arm/tcg/meson.build
@@ -29,6 +29,7 @@ arm_ss.add(when: 'CONFIG_TCG', if_true: files(
   'crypto_helper.c',
   'debug_helper.c',
   'tcg-cpu.c',
+  'tcg-cpu-models.c',
 
 ), if_false: files(
   'tcg-stubs.c',
-- 
2.26.2

[RFC v13 43/80] target/arm: remove kvm include file for PSCI and arm-powerctl

2021-04-14 Thread Claudio Fontana 
The QEMU PSCI implementation is not used for KVM,
we do not need the kvm constants header.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
---
 target/arm/arm-powerctl.h | 2 --
 target/arm/psci.c | 1 -
 2 files changed, 3 deletions(-)

diff --git a/target/arm/arm-powerctl.h b/target/arm/arm-powerctl.h
index 37c8a04f0a..35e048ce14 100644
--- a/target/arm/arm-powerctl.h
+++ b/target/arm/arm-powerctl.h
@@ -11,8 +11,6 @@
 #ifndef QEMU_ARM_POWERCTL_H
 #define QEMU_ARM_POWERCTL_H
 
-#include "kvm-consts.h"
-
 #define QEMU_ARM_POWERCTL_RET_SUCCESS QEMU_PSCI_RET_SUCCESS
 #define QEMU_ARM_POWERCTL_INVALID_PARAM QEMU_PSCI_RET_INVALID_PARAMS
 #define QEMU_ARM_POWERCTL_ALREADY_ON QEMU_PSCI_RET_ALREADY_ON
diff --git a/target/arm/psci.c b/target/arm/psci.c
index 6709e28013..800c4a55d8 100644
--- a/target/arm/psci.c
+++ b/target/arm/psci.c
@@ -19,7 +19,6 @@
 #include "qemu/osdep.h"
 #include "cpu.h"
 #include "exec/helper-proto.h"
-#include "kvm-consts.h"
 #include "qemu/main-loop.h"
 #include "sysemu/runstate.h"
 #include "internals.h"
-- 
2.26.2

[RFC v13 52/80] tests: device-introspect-test: cope with ARM TCG-only devices

2021-04-14 Thread Claudio Fontana 
Skip the test_device_intro_concrete for now for ARM KVM-only build,
as on ARM we currently build devices for ARM that are not
compatible with a KVM-only build.

We can remove this workaround when we fix this in KConfig etc,
and we only list and build machines that are compatible with KVM
for KVM-only builds.

Signed-off-by: Claudio Fontana 
Cc: Philippe Mathieu-Daudé 
---
 tests/qtest/device-introspect-test.c | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/tests/qtest/device-introspect-test.c 
b/tests/qtest/device-introspect-test.c
index bbec166dbc..1ff15e2247 100644
--- a/tests/qtest/device-introspect-test.c
+++ b/tests/qtest/device-introspect-test.c
@@ -329,12 +329,30 @@ int main(int argc, char **argv)
 qtest_add_func("device/introspect/none", test_device_intro_none);
 qtest_add_func("device/introspect/abstract", test_device_intro_abstract);
 qtest_add_func("device/introspect/abstract-interfaces", 
test_abstract_interfaces);
+
+/*
+ * XXX currently we build also boards for ARM that are incompatible with 
KVM.
+ * We therefore need to check this explicitly, and only test virt for 
kvm-only
+ * arm builds.
+ * After we do the work of Kconfig etc to ensure that only KVM-compatible 
boards
+ * are built for the kvm-only build, we could remove this.
+ */
+#ifndef CONFIG_TCG
+{
+const char *arch = qtest_get_arch();
+if (strcmp(arch, "arm") == 0 || strcmp(arch, "aarch64") == 0) {
+goto add_machine_test_done;
+}
+}
+#endif /* !CONFIG_TCG */
 if (g_test_quick()) {
 qtest_add_data_func("device/introspect/concrete/defaults/none",
 g_strdup(common_args), test_device_intro_concrete);
 } else {
 qtest_cb_for_every_machine(add_machine_test_case, true);
 }
+goto add_machine_test_done;
 
+ add_machine_test_done:
 return g_test_run();
 }
-- 
2.26.2

[RFC v13 47/80] target/arm: remove broad "else" statements when checking accels

2021-04-14 Thread Claudio Fontana 
There might be more than just KVM and TCG in the future,
so where appropriate, replace broad "else" statements
with the appropriate if (accel_enabled()) check.

Also invert some checks for !kvm_enabled() or !tcg_enabled()
where it seems appropriate to do so.

Note that to make qtest happy we need to perform gpio
initialization in the qtest_enabled() case as well.

Hopefully we do not break any Xen stuff.

Signed-off-by: Claudio Fontana 
Cc: Julien Grall 
Cc: Stefano Stabellini 
Cc: Olaf Hering 
Cc: Alex Bennée 
---
 target/arm/cpu.c |  9 +
 target/arm/cpu64.c   |  9 +
 target/arm/machine.c | 18 ++
 3 files changed, 16 insertions(+), 20 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index cc3e2355c1..ae28779edd 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -37,6 +37,7 @@
 #endif
 
 #include "sysemu/tcg.h"
+#include "sysemu/qtest.h"
 #include "kvm/kvm_arm.h"
 #include "disas/capstone.h"
 #include "fpu/softfloat.h"
@@ -564,7 +565,7 @@ static void arm_cpu_initfn(Object *obj)
  * the same interface as non-KVM CPUs.
  */
 qdev_init_gpio_in(DEVICE(cpu), arm_cpu_kvm_set_irq, 4);
-} else {
+} else if (tcg_enabled() || qtest_enabled()) {
 qdev_init_gpio_in(DEVICE(cpu), arm_cpu_set_irq, 4);
 }
 
@@ -741,14 +742,14 @@ void arm_cpu_post_init(Object *obj)
 ? cpu_isar_feature(aa64_fp_simd, cpu)
 : cpu_isar_feature(aa32_vfp, cpu)) {
 cpu->has_vfp = true;
-if (!kvm_enabled()) {
+if (tcg_enabled()) {
 qdev_property_add_static(DEVICE(obj), &arm_cpu_has_vfp_property);
 }
 }
 
 if (arm_feature(&cpu->env, ARM_FEATURE_NEON)) {
 cpu->has_neon = true;
-if (!kvm_enabled()) {
+if (tcg_enabled()) {
 qdev_property_add_static(DEVICE(obj), &arm_cpu_has_neon_property);
 }
 }
@@ -849,7 +850,7 @@ void arm_cpu_finalize_features(ARMCPU *cpu, Error **errp)
  * We have not registered the cpu properties when KVM
  * is in use, so the user will not be able to set them.
  */
-if (!kvm_enabled()) {
+if (tcg_enabled()) {
 arm_cpu_pauth_finalize(cpu, &local_err);
 if (local_err != NULL) {
 error_propagate(errp, local_err);
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index cf89dfc1bc..efc821363c 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -24,6 +24,7 @@
 #include "cpu.h"
 #include "cpu32.h"
 #include "qemu/module.h"
+#include "sysemu/tcg.h"
 #include "sysemu/kvm.h"
 #include "kvm/kvm_arm.h"
 #include "qapi/visitor.h"
@@ -297,7 +298,7 @@ void arm_cpu_sve_finalize(ARMCPU *cpu, Error **errp)
  */
 bitmap_andnot(tmp, kvm_supported, cpu->sve_vq_init, max_vq);
 bitmap_or(cpu->sve_vq_map, cpu->sve_vq_map, tmp, max_vq);
-} else {
+} else if (tcg_enabled()) {
 /* Propagate enabled bits down through required powers-of-two. */
 for (vq = pow2floor(max_vq); vq >= 1; vq >>= 1) {
 if (!test_bit(vq - 1, cpu->sve_vq_init)) {
@@ -334,7 +335,7 @@ void arm_cpu_sve_finalize(ARMCPU *cpu, Error **errp)
   "vector length must be enabled.\n");
 return;
 }
-} else {
+} else if (tcg_enabled()) {
 /* Disabling a power-of-two disables all larger lengths. */
 if (test_bit(0, cpu->sve_vq_init)) {
 error_setg(errp, "cannot disable sve128");
@@ -416,7 +417,7 @@ void arm_cpu_sve_finalize(ARMCPU *cpu, Error **errp)
 }
 return;
 }
-} else {
+} else if (tcg_enabled()) {
 /* Ensure all required powers-of-two are enabled. */
 for (vq = pow2floor(max_vq); vq >= 1; vq >>= 1) {
 if (!test_bit(vq - 1, cpu->sve_vq_map)) {
@@ -610,7 +611,7 @@ static void aarch64_max_initfn(Object *obj)
 
 if (kvm_enabled()) {
 kvm_arm_set_cpu_features_from_host(cpu);
-} else {
+} else if (tcg_enabled()) {
 uint64_t t;
 uint32_t u;
 aarch64_a57_initfn(obj);
diff --git a/target/arm/machine.c b/target/arm/machine.c
index 595ab94237..4acdccc22d 100644
--- a/target/arm/machine.c
+++ b/target/arm/machine.c
@@ -638,9 +638,11 @@ static int cpu_pre_save(void *opaque)
 
 if (tcg_enabled()) {
 pmu_op_start(&cpu->env);
-}
-
-if (kvm_enabled()) {
+if (!write_cpustate_to_list(cpu, false)) {
+/* This should never fail. */
+abort();
+}
+} else if (kvm_enabled()) {
 if (!write_kvmstate_to_list(cpu)) {
 /* This should never fail */
 abort();
@@ -651,11 +653,6 @@ static int cpu_pre_save(void *opaque)
  * write_kvmstate_to_list()
  */
 kvm_arm_cpu_pre_save(cpu);
-} else {
-if (!write_cpustate_to_list(cpu, false)) {
-/* This should never fail. */
-

[RFC v13 39/80] target/arm: replace CONFIG_TCG with tcg_enabled

2021-04-14 Thread Claudio Fontana 
for "all" builds (tcg + kvm), we want to avoid doing
the psci and semihosting checks if tcg is built-in, but not enabled.

Signed-off-by: Claudio Fontana 
---
 target/arm/cpu-sysemu.c | 30 +++---
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/target/arm/cpu-sysemu.c b/target/arm/cpu-sysemu.c
index 7569241339..e83d55b9f7 100644
--- a/target/arm/cpu-sysemu.c
+++ b/target/arm/cpu-sysemu.c
@@ -1141,22 +1141,22 @@ void arm_cpu_do_interrupt(CPUState *cs)
   env->exception.syndrome);
 }
 
-#ifdef CONFIG_TCG
-if (arm_is_psci_call(cpu, cs->exception_index)) {
-arm_handle_psci_call(cpu);
-qemu_log_mask(CPU_LOG_INT, "...handled as PSCI call\n");
-return;
-}
-/*
- * Semihosting semantics depend on the register width of the code
- * that caused the exception, not the target exception level, so
- * must be handled here.
- */
-if (cs->exception_index == EXCP_SEMIHOST) {
-tcg_handle_semihosting(cs);
-return;
+if (tcg_enabled()) {
+if (arm_is_psci_call(cpu, cs->exception_index)) {
+arm_handle_psci_call(cpu);
+qemu_log_mask(CPU_LOG_INT, "...handled as PSCI call\n");
+return;
+}
+/*
+ * Semihosting semantics depend on the register width of the code
+ * that caused the exception, not the target exception level, so
+ * must be handled here.
+ */
+if (cs->exception_index == EXCP_SEMIHOST) {
+tcg_handle_semihosting(cs);
+return;
+}
 }
-#endif /* CONFIG_TCG */
 /*
  * Hooks may change global state so BQL should be held, also the
  * BQL needs to be held for any modification of
-- 
2.26.2

[RFC v13 51/80] tests: do not run test-hmp on all machines for ARM KVM-only

2021-04-14 Thread Claudio Fontana 
on ARM we currently list and build all machines, even when
building KVM-only, without TCG.

Until we fix this (and we only list and build machines that are
compatible with KVM), only test specifically using the "virt"
machine in this case.

Signed-off-by: Claudio Fontana 
Cc: Philippe Mathieu-Daudé 
---
 tests/qtest/test-hmp.c | 20 
 1 file changed, 20 insertions(+)

diff --git a/tests/qtest/test-hmp.c b/tests/qtest/test-hmp.c
index 413eb95d2a..1d4b4f2f0e 100644
--- a/tests/qtest/test-hmp.c
+++ b/tests/qtest/test-hmp.c
@@ -157,8 +157,28 @@ int main(int argc, char **argv)
 
 g_test_init(&argc, &argv, NULL);
 
+/*
+ * XXX currently we build also boards for ARM that are incompatible with 
KVM.
+ * We therefore need to check this explicitly, and only test virt for 
kvm-only
+ * arm builds.
+ * After we do the work of Kconfig etc to ensure that only KVM-compatible 
boards
+ * are built for the kvm-only build, we could remove this.
+ */
+#ifndef CONFIG_TCG
+{
+const char *arch = qtest_get_arch();
+
+if (strcmp(arch, "arm") == 0 || strcmp(arch, "aarch64") == 0) {
+add_machine_test_case("virt");
+goto add_machine_test_done;
+}
+}
+#endif /* !CONFIG_TCG */
+
 qtest_cb_for_every_machine(add_machine_test_case, g_test_quick());
+goto add_machine_test_done;
 
+ add_machine_test_done:
 /* as none machine has no memory by default, add a test case with memory */
 qtest_add_data_func("hmp/none+2MB", g_strdup("none -m 2"), test_machine);
 
-- 
2.26.2

  1   2   3   4   >