Re: [PATCH] vfio/migration: Improve to read/write full migration region per chunk

[Yishai Hadas]

Gentle ping for review, CCing more people who may be involved.

Thanks,
Yishai

On 11/11/2021 11:50 AM, Yishai Hadas wrote:

Upon reading/writing the migration data there is no real reason to limit
the read/write system call from the file to be 8 bytes.

In addition, there is no reason to depend on the file offset alignment.
The offset is just some logical value which depends also on the region
index and has nothing to do with the amount of data that can be
accessed.

Move to read/write the full region size per chunk, this reduces
dramatically the number of the systems calls that are needed and improve
performance.

Signed-off-by: Yishai Hadas 
---
  hw/vfio/migration.c | 36 ++--
  1 file changed, 2 insertions(+), 34 deletions(-)

diff --git a/hw/vfio/migration.c b/hw/vfio/migration.c
index ff6b45de6b5..b5f310bb831 100644
--- a/hw/vfio/migration.c
+++ b/hw/vfio/migration.c
@@ -62,40 +62,8 @@ static inline int vfio_mig_access(VFIODevice *vbasedev, void 
*val, int count,
  return 0;
  }
  
-static int vfio_mig_rw(VFIODevice *vbasedev, __u8 *buf, size_t count,

-   off_t off, bool iswrite)
-{
-int ret, done = 0;
-__u8 *tbuf = buf;
-
-while (count) {
-int bytes = 0;
-
-if (count >= 8 && !(off % 8)) {
-bytes = 8;
-} else if (count >= 4 && !(off % 4)) {
-bytes = 4;
-} else if (count >= 2 && !(off % 2)) {
-bytes = 2;
-} else {
-bytes = 1;
-}
-
-ret = vfio_mig_access(vbasedev, tbuf, bytes, off, iswrite);
-if (ret) {
-return ret;
-}
-
-count -= bytes;
-done += bytes;
-off += bytes;
-tbuf += bytes;
-}
-return done;
-}
-
-#define vfio_mig_read(f, v, c, o)   vfio_mig_rw(f, (__u8 *)v, c, o, false)
-#define vfio_mig_write(f, v, c, o)  vfio_mig_rw(f, (__u8 *)v, c, o, true)
+#define vfio_mig_read(f, v, c, o)   vfio_mig_access(f, (__u8 *)v, c, o, 
false)
+#define vfio_mig_write(f, v, c, o)  vfio_mig_access(f, (__u8 *)v, c, o, 
true)
  
  #define VFIO_MIG_STRUCT_OFFSET(f)   \

   offsetof(struct vfio_device_migration_info, 
f)

Re: [PATCH v2 0/4] linux-user: Fix getdents alignment issues (#704)

[Laurent Vivier]

Le 14/11/2021 à 11:35, Richard Henderson a écrit :

There are a number of alignement issues flagged up by clang,
this attempts to fix only one of them: getdents.

Changes for v2:
   * Do not QEMU_BUILD_BUG_ON for size mismatch,
 as this triggers for i386 host.


r~

Richard Henderson (4):
   linux-user: Split out do_getdents, do_getdents64
   linux-user: Always use flexible arrays for dirent d_name
   linux-user: Fix member types of target_dirent64
   linux-user: Rewrite do_getdents, do_getdents64

  linux-user/syscall_defs.h |  12 +-
  linux-user/syscall.c  | 314 +++---
  2 files changed, 165 insertions(+), 161 deletions(-)




Applied to my linux-user-for-6.2 branch.

Thanks,
Laurent

Re: [PATCH] linux-user: fix Coverity CID 1464101

[Laurent Vivier]

Le 21/11/2021 à 16:17, Laurent Vivier a écrit :

target_mmap() can fail and return -1, but we don't check for that and
instead assume it's always valid.

Fixes: db2af69d6ba8 ("linux-user: Add infrastructure for a signal trampoline 
page")
Cc: richard.hender...@linaro.org
Reported-by: Peter Maydell 
Signed-off-by: Laurent Vivier 
---
  linux-user/elfload.c | 10 +++---
  1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 5da8c02d0822..767f54c76dc5 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -3254,9 +3254,13 @@ int load_elf_binary(struct linux_binprm *bprm, struct 
image_info *info)
   * Otherwise, allocate a private page to hold them.
   */
  if (TARGET_ARCH_HAS_SIGTRAMP_PAGE) {
-abi_ulong tramp_page = target_mmap(0, TARGET_PAGE_SIZE,
-   PROT_READ | PROT_WRITE,
-   MAP_PRIVATE | MAP_ANON, -1, 0);
+abi_long tramp_page = target_mmap(0, TARGET_PAGE_SIZE,
+  PROT_READ | PROT_WRITE,
+  MAP_PRIVATE | MAP_ANON, -1, 0);
+if (tramp_page == -1) {
+return -errno;
+}
+
  setup_sigtramp(tramp_page);
  target_mprotect(tramp_page, TARGET_PAGE_SIZE, PROT_READ | PROT_EXEC);
  }



Applied to my linux-user-for-6.2 branch.

Thanks,
Laurent

Re: [PATCH v3 3/3] cpus-common: implement dirty limit on vCPU

[Hyman Huang]

在 2021/11/22 15:35, Markus Armbruster 写道:

huang...@chinatelecom.cn writes:


From: Hyman Huang(黄勇) 

implement dirtyrate calculation periodically basing on
dirty-ring and throttle vCPU until it reachs the quota
dirtyrate given by user.

introduce qmp commands set-dirty-limit/cancel-dirty-limit to
set/cancel dirty limit on vCPU.


Please start sentences with a capital letter.


Ok，i'll check the syntax problem next version.


Signed-off-by: Hyman Huang(黄勇) 


[...]


diff --git a/qapi/misc.json b/qapi/misc.json
index 358548a..98e6001 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -527,3 +527,42 @@
   'data': { '*option': 'str' },
   'returns': ['CommandLineOptionInfo'],
   'allow-preconfig': true }
+
+##
+# @set-dirty-limit:
+#
+# This command could be used to cap the vCPU memory load, which is also
+# refered as dirtyrate. One should use "calc-dirty-rate" with "dirty-ring"
+# and to calculate vCPU dirtyrate and query it with "query-dirty-rate".
+# Once getting the vCPU current dirtyrate, "set-dirty-limit" can be used
+# to set the upper limit of dirtyrate for the interested vCPU.


"dirtyrate" is not a word.  Let's spell it "dirty page rate", for
consistency with the documentation in migration.json.

Ok, sounds good.


Regarding "One should use ...": sounds like you have to run
calc-dirty-rate with argument @mode set to @dirty-ring before this
command.  Correct?  What happens when you don't?  set-dirty-limit fails?

Do you also have to run query-dirty-rate before this command?

Actually no, i'll clarify the usage next verison.


Speaking of migration.json: should these commands be defined there, next
to calc-dirty-rate and query-dirty-rate?
I'm struggling too because these commands will be used in migration but 
it is vCPU they handle.



+#
+# @idx: vCPU index to set dirtylimit.
+#
+# @dirtyrate: upper limit of drityrate the specified vCPU could reach (MB/s)


Typo "drityrate".

Suggest "upper limit for the specified vCPU's dirty page rate (MB/s)".

Ok.



+#
+# Since: 6.3
+#
+# Example:
+#   {"execute": "set-dirty-limit"}
+#"arguments": { "idx": 0,
+#   "dirtyrate": 200 } }
+#
+##
+{ 'command': 'set-dirty-limit',
+  'data': { 'idx': 'int', 'dirtyrate': 'uint64' } }
+
+##
+# @cancel-dirty-limit:
+#
+# @idx: vCPU index to canceled the dirtylimit
+#
+# Since: 6.3
+#
+# Example:
+#   {"execute": "cancel-dirty-limit"}
+#"arguments": { "idx": 0 } }
+#
+##
+{ 'command': 'cancel-dirty-limit',
+  'data': { 'idx': 'int' } }
diff --git a/softmmu/vl.c b/softmmu/vl.c
index 1159a64..170ee23 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -3776,5 +3776,6 @@ void qemu_init(int argc, char **argv, char **envp)
  qemu_init_displays();
  accel_setup_post(current_machine);
  os_setup_post();
+dirtylimit_setup(current_machine->smp.max_cpus);
  resume_mux_open();
  }




--
Best regard

Hyman Huang(黄勇)

[PULL 5/5] linux-user: fix Coverity CID 1464101

[Laurent Vivier]

target_mmap() can fail and return -1, but we don't check for that and
instead assume it's always valid.

Fixes: db2af69d6ba8 ("linux-user: Add infrastructure for a signal trampoline 
page")
Cc: richard.hender...@linaro.org
Reported-by: Peter Maydell 
Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
Message-Id: <20211121151711.331653-1-laur...@vivier.eu>
Signed-off-by: Laurent Vivier 
---
 linux-user/elfload.c | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 5da8c02d0822..767f54c76dc5 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -3254,9 +3254,13 @@ int load_elf_binary(struct linux_binprm *bprm, struct 
image_info *info)
  * Otherwise, allocate a private page to hold them.
  */
 if (TARGET_ARCH_HAS_SIGTRAMP_PAGE) {
-abi_ulong tramp_page = target_mmap(0, TARGET_PAGE_SIZE,
-   PROT_READ | PROT_WRITE,
-   MAP_PRIVATE | MAP_ANON, -1, 0);
+abi_long tramp_page = target_mmap(0, TARGET_PAGE_SIZE,
+  PROT_READ | PROT_WRITE,
+  MAP_PRIVATE | MAP_ANON, -1, 0);
+if (tramp_page == -1) {
+return -errno;
+}
+
 setup_sigtramp(tramp_page);
 target_mprotect(tramp_page, TARGET_PAGE_SIZE, PROT_READ | PROT_EXEC);
 }
-- 
2.31.1

[PULL 2/5] linux-user: Always use flexible arrays for dirent d_name

[Laurent Vivier]

From: Richard Henderson 

We currently use a flexible array member for target_dirent,
but use incorrectly fixed length arrays for target_dirent64,
linux_dirent and linux_dirent64.

This requires that we adjust the definition of the VFAT READDIR
ioctls which hard-code the 256 namelen size into the ioctl constant.

Signed-off-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <2024103539.298686-3-richard.hender...@linaro.org>
Signed-off-by: Laurent Vivier 
---
 linux-user/syscall.c  | 6 --
 linux-user/syscall_defs.h | 6 +++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index a2f605dec4ca..499415ad81b8 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -197,8 +197,10 @@
 //#define DEBUG_ERESTARTSYS
 
 //#include 
-#defineVFAT_IOCTL_READDIR_BOTH _IOR('r', 1, struct 
linux_dirent [2])
-#defineVFAT_IOCTL_READDIR_SHORT_IOR('r', 2, struct 
linux_dirent [2])
+#define VFAT_IOCTL_READDIR_BOTH \
+_IOC(_IOC_READ, 'r', 1, (sizeof(struct linux_dirent) + 256) * 2)
+#define VFAT_IOCTL_READDIR_SHORT \
+_IOC(_IOC_READ, 'r', 2, (sizeof(struct linux_dirent) + 256) * 2)
 
 #undef _syscall0
 #undef _syscall1
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index a5ce487dcc38..98b09ee6d656 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -441,7 +441,7 @@ struct target_dirent64 {
int64_t d_off;
unsigned short  d_reclen;
unsigned char   d_type;
-   chard_name[256];
+   chard_name[];
 };
 
 
@@ -2714,7 +2714,7 @@ struct linux_dirent {
 longd_ino;
 unsigned long   d_off;
 unsigned short  d_reclen;
-chard_name[256]; /* We must not include limits.h! */
+chard_name[];
 };
 
 struct linux_dirent64 {
@@ -2722,7 +2722,7 @@ struct linux_dirent64 {
 int64_t d_off;
 unsigned short  d_reclen;
 unsigned char   d_type;
-chard_name[256];
+chard_name[];
 };
 
 struct target_mq_attr {
-- 
2.31.1

[PULL 1/5] linux-user: Split out do_getdents, do_getdents64

[Laurent Vivier]

From: Richard Henderson 

Retain all 3 implementations of getdents for now.

Signed-off-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <2024103539.298686-2-richard.hender...@linaro.org>
Signed-off-by: Laurent Vivier 
---
 linux-user/syscall.c | 325 +++
 1 file changed, 172 insertions(+), 153 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 544f5b662ffe..a2f605dec4ca 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8137,6 +8137,176 @@ static int host_to_target_cpu_mask(const unsigned long 
*host_mask,
 return 0;
 }
 
+#ifdef TARGET_NR_getdents
+static int do_getdents(abi_long arg1, abi_long arg2, abi_long arg3)
+{
+int ret;
+
+#ifdef EMULATE_GETDENTS_WITH_GETDENTS
+# if TARGET_ABI_BITS == 32 && HOST_LONG_BITS == 64
+struct target_dirent *target_dirp;
+struct linux_dirent *dirp;
+abi_long count = arg3;
+
+dirp = g_try_malloc(count);
+if (!dirp) {
+return -TARGET_ENOMEM;
+}
+
+ret = get_errno(sys_getdents(arg1, dirp, count));
+if (!is_error(ret)) {
+struct linux_dirent *de;
+struct target_dirent *tde;
+int len = ret;
+int reclen, treclen;
+int count1, tnamelen;
+
+count1 = 0;
+de = dirp;
+target_dirp = lock_user(VERIFY_WRITE, arg2, count, 0);
+if (!target_dirp) {
+return -TARGET_EFAULT;
+}
+tde = target_dirp;
+while (len > 0) {
+reclen = de->d_reclen;
+tnamelen = reclen - offsetof(struct linux_dirent, d_name);
+assert(tnamelen >= 0);
+treclen = tnamelen + offsetof(struct target_dirent, d_name);
+assert(count1 + treclen <= count);
+tde->d_reclen = tswap16(treclen);
+tde->d_ino = tswapal(de->d_ino);
+tde->d_off = tswapal(de->d_off);
+memcpy(tde->d_name, de->d_name, tnamelen);
+de = (struct linux_dirent *)((char *)de + reclen);
+len -= reclen;
+tde = (struct target_dirent *)((char *)tde + treclen);
+count1 += treclen;
+}
+ret = count1;
+unlock_user(target_dirp, arg2, ret);
+}
+g_free(dirp);
+# else
+struct linux_dirent *dirp;
+abi_long count = arg3;
+
+dirp = lock_user(VERIFY_WRITE, arg2, count, 0);
+if (!dirp) {
+return -TARGET_EFAULT;
+}
+ret = get_errno(sys_getdents(arg1, dirp, count));
+if (!is_error(ret)) {
+struct linux_dirent *de;
+int len = ret;
+int reclen;
+de = dirp;
+while (len > 0) {
+reclen = de->d_reclen;
+if (reclen > len) {
+break;
+}
+de->d_reclen = tswap16(reclen);
+tswapls(&de->d_ino);
+tswapls(&de->d_off);
+de = (struct linux_dirent *)((char *)de + reclen);
+len -= reclen;
+}
+}
+unlock_user(dirp, arg2, ret);
+# endif
+#else
+/* Implement getdents in terms of getdents64 */
+struct linux_dirent64 *dirp;
+abi_long count = arg3;
+
+dirp = lock_user(VERIFY_WRITE, arg2, count, 0);
+if (!dirp) {
+return -TARGET_EFAULT;
+}
+ret = get_errno(sys_getdents64(arg1, dirp, count));
+if (!is_error(ret)) {
+/*
+ * Convert the dirent64 structs to target dirent.  We do this
+ * in-place, since we can guarantee that a target_dirent is no
+ * larger than a dirent64; however this means we have to be
+ * careful to read everything before writing in the new format.
+ */
+struct linux_dirent64 *de;
+struct target_dirent *tde;
+int len = ret;
+int tlen = 0;
+
+de = dirp;
+tde = (struct target_dirent *)dirp;
+while (len > 0) {
+int namelen, treclen;
+int reclen = de->d_reclen;
+uint64_t ino = de->d_ino;
+int64_t off = de->d_off;
+uint8_t type = de->d_type;
+
+namelen = strlen(de->d_name);
+treclen = offsetof(struct target_dirent, d_name) + namelen + 2;
+treclen = QEMU_ALIGN_UP(treclen, sizeof(abi_long));
+
+memmove(tde->d_name, de->d_name, namelen + 1);
+tde->d_ino = tswapal(ino);
+tde->d_off = tswapal(off);
+tde->d_reclen = tswap16(treclen);
+/*
+ * The target_dirent type is in what was formerly a padding
+ * byte at the end of the structure:
+ */
+*(((char *)tde) + treclen - 1) = type;
+
+de = (struct linux_dirent64 *)((char *)de + reclen);
+tde = (struct target_dirent *)((char *)tde + treclen);
+len -= reclen;
+tlen += treclen;
+}
+ret = tlen;
+}
+unlock_user(dirp, arg2, ret);
+#endif
+return ret;
+}
+#endif /* TARGET_NR_getdents */
+
+#if defined(TA

[PULL 0/5] Linux user for 6.2 patches

[Laurent Vivier]

The following changes since commit 8627edfb3f1fca24a96a0954148885c3241c10f8:

  Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging 
(2021-11-19 17:16:57 +0100)

are available in the Git repository at:

  git://github.com/vivier/qemu.git tags/linux-user-for-6.2-pull-request

for you to fetch changes up to 802ae45e94151a6d3ee20eadcb865cf6c875df34:

  linux-user: fix Coverity CID 1464101 (2021-11-22 09:17:08 +0100)


linux-user pull request 20211122

Fixes for CID 1464101 and gilab #704



Laurent Vivier (1):
  linux-user: fix Coverity CID 1464101

Richard Henderson (4):
  linux-user: Split out do_getdents, do_getdents64
  linux-user: Always use flexible arrays for dirent d_name
  linux-user: Fix member types of target_dirent64
  linux-user: Rewrite do_getdents, do_getdents64

 linux-user/elfload.c  |  10 +-
 linux-user/syscall.c  | 314 +++---
 linux-user/syscall_defs.h |  12 +-
 3 files changed, 172 insertions(+), 164 deletions(-)

-- 
2.31.1

Re: [PATCH v11 04/26] target/loongarch: Add fixed point arithmetic instruction translation

[gaosong]

Hi Richard,
Sorry for the late reply.

On 2021/11/20 下午4:56, Richard Henderson wrote:

On 11/20/21 9:52 AM, gaosong wrote:
You're right, gen_set_gpr not need EXT_NONE at all, and we need not 
condition around gen_set_gpr.
I think that if we know the dst_ext is EXT_NONE, we do't need 
gen_set_gpr.


But that assumes that gpr_dst did not return a temporary.
I think it's cleaner to assume that gen_set_gpr is needed.


Does this mean that we gen_set_gpr where used gpr_dst, and gen_set_gpr need 
EXT_NONE?
Such as gpr_dst in trans_atomic.c.inc/trans_memory.c.inc, should we need 
gen_set_gpr?

Thanks
Song Gao


r~

[PULL 4/5] linux-user: Rewrite do_getdents, do_getdents64

[Laurent Vivier]

From: Richard Henderson 

Always allocate host storage; this ensures that the struct
is sufficiently aligned for the host.  Merge the three host
implementations of getdents via a few ifdefs.  Utilize the
same method for do_getdents64.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/704
Signed-off-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <2024103539.298686-5-richard.hender...@linaro.org>
Signed-off-by: Laurent Vivier 
---
 linux-user/syscall.c | 261 ---
 1 file changed, 122 insertions(+), 139 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 499415ad81b8..f1cfcc810486 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8140,172 +8140,155 @@ static int host_to_target_cpu_mask(const unsigned 
long *host_mask,
 }
 
 #ifdef TARGET_NR_getdents
-static int do_getdents(abi_long arg1, abi_long arg2, abi_long arg3)
+static int do_getdents(abi_long dirfd, abi_long arg2, abi_long count)
 {
-int ret;
+g_autofree void *hdirp = NULL;
+void *tdirp;
+int hlen, hoff, toff;
+int hreclen, treclen;
+off64_t prev_diroff = 0;
+
+hdirp = g_try_malloc(count);
+if (!hdirp) {
+return -TARGET_ENOMEM;
+}
 
 #ifdef EMULATE_GETDENTS_WITH_GETDENTS
-# if TARGET_ABI_BITS == 32 && HOST_LONG_BITS == 64
-struct target_dirent *target_dirp;
-struct linux_dirent *dirp;
-abi_long count = arg3;
+hlen = sys_getdents(dirfd, hdirp, count);
+#else
+hlen = sys_getdents64(dirfd, hdirp, count);
+#endif
 
-dirp = g_try_malloc(count);
-if (!dirp) {
-return -TARGET_ENOMEM;
+hlen = get_errno(hlen);
+if (is_error(hlen)) {
+return hlen;
 }
 
-ret = get_errno(sys_getdents(arg1, dirp, count));
-if (!is_error(ret)) {
-struct linux_dirent *de;
-struct target_dirent *tde;
-int len = ret;
-int reclen, treclen;
-int count1, tnamelen;
-
-count1 = 0;
-de = dirp;
-target_dirp = lock_user(VERIFY_WRITE, arg2, count, 0);
-if (!target_dirp) {
-return -TARGET_EFAULT;
-}
-tde = target_dirp;
-while (len > 0) {
-reclen = de->d_reclen;
-tnamelen = reclen - offsetof(struct linux_dirent, d_name);
-assert(tnamelen >= 0);
-treclen = tnamelen + offsetof(struct target_dirent, d_name);
-assert(count1 + treclen <= count);
-tde->d_reclen = tswap16(treclen);
-tde->d_ino = tswapal(de->d_ino);
-tde->d_off = tswapal(de->d_off);
-memcpy(tde->d_name, de->d_name, tnamelen);
-de = (struct linux_dirent *)((char *)de + reclen);
-len -= reclen;
-tde = (struct target_dirent *)((char *)tde + treclen);
-count1 += treclen;
-}
-ret = count1;
-unlock_user(target_dirp, arg2, ret);
-}
-g_free(dirp);
-# else
-struct linux_dirent *dirp;
-abi_long count = arg3;
-
-dirp = lock_user(VERIFY_WRITE, arg2, count, 0);
-if (!dirp) {
+tdirp = lock_user(VERIFY_WRITE, arg2, count, 0);
+if (!tdirp) {
 return -TARGET_EFAULT;
 }
-ret = get_errno(sys_getdents(arg1, dirp, count));
-if (!is_error(ret)) {
-struct linux_dirent *de;
-int len = ret;
-int reclen;
-de = dirp;
-while (len > 0) {
-reclen = de->d_reclen;
-if (reclen > len) {
-break;
-}
-de->d_reclen = tswap16(reclen);
-tswapls(&de->d_ino);
-tswapls(&de->d_off);
-de = (struct linux_dirent *)((char *)de + reclen);
-len -= reclen;
-}
-}
-unlock_user(dirp, arg2, ret);
-# endif
+
+for (hoff = toff = 0; hoff < hlen; hoff += hreclen, toff += treclen) {
+#ifdef EMULATE_GETDENTS_WITH_GETDENTS
+struct linux_dirent *hde = hdirp + hoff;
 #else
-/* Implement getdents in terms of getdents64 */
-struct linux_dirent64 *dirp;
-abi_long count = arg3;
+struct linux_dirent64 *hde = hdirp + hoff;
+#endif
+struct target_dirent *tde = tdirp + toff;
+int namelen;
+uint8_t type;
 
-dirp = lock_user(VERIFY_WRITE, arg2, count, 0);
-if (!dirp) {
-return -TARGET_EFAULT;
-}
-ret = get_errno(sys_getdents64(arg1, dirp, count));
-if (!is_error(ret)) {
-/*
- * Convert the dirent64 structs to target dirent.  We do this
- * in-place, since we can guarantee that a target_dirent is no
- * larger than a dirent64; however this means we have to be
- * careful to read everything before writing in the new format.
- */
-struct linux_dirent64 *de;
-struct target_dirent *tde;
-int len = ret;
-int tlen = 0;
+namelen = strlen(hde->d_name);
+hreclen = hde->d_reclen;
+treclen = offsetof(struct target_dirent

[PULL 3/5] linux-user: Fix member types of target_dirent64

[Laurent Vivier]

From: Richard Henderson 

The host uint64_t (etc) does not have the correct
alignment constraint as the guest: use abi_* types.

Signed-off-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <2024103539.298686-4-richard.hender...@linaro.org>
Signed-off-by: Laurent Vivier 
---
 linux-user/syscall_defs.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index 98b09ee6d656..41aaafbac12c 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -437,9 +437,9 @@ struct target_dirent {
 };
 
 struct target_dirent64 {
-   uint64_td_ino;
-   int64_t d_off;
-   unsigned short  d_reclen;
+   abi_ullong  d_ino;
+   abi_llong   d_off;
+   abi_ushort  d_reclen;
unsigned char   d_type;
chard_name[];
 };
-- 
2.31.1

Re: [PATCH v11 04/26] target/loongarch: Add fixed point arithmetic instruction translation

[Richard Henderson]

On 11/22/21 9:23 AM, gaosong wrote:

On 2021/11/20 下午4:56, Richard Henderson wrote:

On 11/20/21 9:52 AM, gaosong wrote:
You're right, gen_set_gpr not need EXT_NONE at all, and we need not condition around 
gen_set_gpr.

I think that if we know the dst_ext is EXT_NONE, we do't need gen_set_gpr.


But that assumes that gpr_dst did not return a temporary.
I think it's cleaner to assume that gen_set_gpr is needed.


Does this mean that we gen_set_gpr where used gpr_dst, and gen_set_gpr need 
EXT_NONE?
Such as gpr_dst in trans_atomic.c.inc/trans_memory.c.inc, should we need 
gen_set_gpr?


Yes.


r~

Re: [PATCH v2 1/2] docs: Drop deprecated 'props' from object-add

[Markus Armbruster]

"Rao, Lei"  writes:

> From: "Rao, Lei" 
>
> In commit 5024340745 "qapi/qom: Drop deprecated 'props' from
> object-add" (v6.0.0), we also should update documents.
>
> Signed-off-by: Lei Rao 

Reviewed-by: Markus Armbruster 

Re: [PATCH v2 2/2] docs: Use double quotes instead of single quotes for COLO

[Markus Armbruster]

"Rao, Lei"  writes:

> From: "Rao, Lei" 
>
> Signed-off-by: Lei Rao 

Reviewed-by: Markus Armbruster 

Re: [PATCH v3 3/3] cpus-common: implement dirty limit on vCPU

[Markus Armbruster]

Hyman Huang  writes:

> =E5=9C=A8 2021/11/22 15:35, Markus Armbruster =E5=86=99=E9=81=93:
>> huang...@chinatelecom.cn writes:
>> 
>>> From: Hyman Huang(=E9=BB=84=E5=8B=87) 
>>>
>>> implement dirtyrate calculation periodically basing on
>>> dirty-ring and throttle vCPU until it reachs the quota
>>> dirtyrate given by user.
>>>
>>> introduce qmp commands set-dirty-limit/cancel-dirty-limit to
>>> set/cancel dirty limit on vCPU.
>> 
>> Please start sentences with a capital letter.
>> 
> Ok，i'll check the syntax problem next version.
>>>
>>> Signed-off-by: Hyman Huang(黄勇) 
>>
>> 
>> [...]
>> 
>>> diff --git a/qapi/misc.json b/qapi/misc.json
>>> index 358548a..98e6001 100644
>>> --- a/qapi/misc.json
>>> +++ b/qapi/misc.json
>>> @@ -527,3 +527,42 @@
>>>'data': { '*option': 'str' },
>>>'returns': ['CommandLineOptionInfo'],
>>>'allow-preconfig': true }
>>> +
>>> +##
>>> +# @set-dirty-limit:
>>> +#
>>> +# This command could be used to cap the vCPU memory load, which is also
>>> +# refered as dirtyrate. One should use "calc-dirty-rate" with "dirty-ring"
>>> +# and to calculate vCPU dirtyrate and query it with "query-dirty-rate".
>>> +# Once getting the vCPU current dirtyrate, "set-dirty-limit" can be used
>>> +# to set the upper limit of dirtyrate for the interested vCPU.
>> 
>> "dirtyrate" is not a word.  Let's spell it "dirty page rate", for
>> consistency with the documentation in migration.json.
> Ok, sounds good.
>> 
>> Regarding "One should use ...": sounds like you have to run
>> calc-dirty-rate with argument @mode set to @dirty-ring before this
>> command.  Correct?  What happens when you don't?  set-dirty-limit fails?

You didn't answer this question.

>> Do you also have to run query-dirty-rate before this command?
> Actually no, i'll clarify the usage next verison.

Regarding "dirty-ring": is this merely a limitation of the
implementation, i.e. other modes could be made to work if we cared, or
is it more fundamental?

>> Speaking of migration.json: should these commands be defined there, next
>> to calc-dirty-rate and query-dirty-rate?
> I'm struggling too because these commands will be used in migration but 
> it is vCPU they handle.

I think migration.json is more about CPUs than misc.json is.  Let's add
the new commands to migration.json if migration maintainers are okay
with it.

[...]

Re: [RFC v2 PATCH 07/13] KVM: Handle page fault for fd based memslot

[Chao Peng]

On Sat, Nov 20, 2021 at 09:55:29AM +0800, Yao Yuan wrote:
> On Fri, Nov 19, 2021 at 09:47:33PM +0800, Chao Peng wrote:
> > Current code assume the private memory is persistent and KVM can check
> > with backing store to see if private memory exists at the same address
> > by calling get_pfn(alloc=false).
> >
> > Signed-off-by: Yu Zhang 
> > Signed-off-by: Chao Peng 
> > ---
> >  arch/x86/kvm/mmu/mmu.c | 75 --
> >  1 file changed, 73 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
> > index 40377901598b..cd5d1f923694 100644
> > --- a/arch/x86/kvm/mmu/mmu.c
> > +++ b/arch/x86/kvm/mmu/mmu.c
> > @@ -3277,6 +3277,9 @@ int kvm_mmu_max_mapping_level(struct kvm *kvm,
> > if (max_level == PG_LEVEL_4K)
> > return PG_LEVEL_4K;
> >
> > +   if (memslot_is_memfd(slot))
> > +   return max_level;
> > +
> > host_level = host_pfn_mapping_level(kvm, gfn, pfn, slot);
> > return min(host_level, max_level);
> >  }
> > @@ -4555,6 +4558,65 @@ static bool kvm_arch_setup_async_pf(struct kvm_vcpu 
> > *vcpu, gpa_t cr2_or_gpa,
> >   kvm_vcpu_gfn_to_hva(vcpu, gfn), &arch);
> >  }
> >
> > +static bool kvm_faultin_pfn_memfd(struct kvm_vcpu *vcpu,
> > + struct kvm_page_fault *fault, int *r)
> > +{  int order;
> > +   kvm_pfn_t pfn;
> > +   struct kvm_memory_slot *slot = fault->slot;
> > +   bool priv_gfn = kvm_vcpu_is_private_gfn(vcpu, fault->addr >> 
> > PAGE_SHIFT);
> > +   bool priv_slot_exists = memslot_has_private(slot);
> > +   bool priv_gfn_exists = false;
> > +   int mem_convert_type;
> > +
> > +   if (priv_gfn && !priv_slot_exists) {
> > +   *r = RET_PF_INVALID;
> > +   return true;
> > +   }
> > +
> > +   if (priv_slot_exists) {
> > +   pfn = slot->memfd_ops->get_pfn(slot, slot->priv_file,
> > +  fault->gfn, false, &order);
> > +   if (pfn >= 0)
> > +   priv_gfn_exists = true;
> 
> Need "fault->pfn = pfn" here if actual pfn is returned in
> get_pfn(alloc=false) case for private page case.
> 
> > +   }
> > +
> > +   if (priv_gfn && !priv_gfn_exists) {
> > +   mem_convert_type = KVM_EXIT_MEM_MAP_PRIVATE;
> > +   goto out_convert;
> > +   }
> > +
> > +   if (!priv_gfn && priv_gfn_exists) {
> > +   slot->memfd_ops->put_pfn(pfn);
> > +   mem_convert_type = KVM_EXIT_MEM_MAP_SHARED;
> > +   goto out_convert;
> > +   }
> > +
> > +   if (!priv_gfn) {
> > +   pfn = slot->memfd_ops->get_pfn(slot, slot->file,
> > +  fault->gfn, true, &order);
> 
> Need "fault->pfn = pfn" here, because he pfn for
> share page is getted here only.
> 
> > +   if (fault->pfn < 0) {
> > +   *r = RET_PF_INVALID;
> > +   return true;
> > +   }
> > +   }

Right, I actually have "fault->pfn = pfn" here but accidentally deleted
in a code factoring.

Chao
> > +
> > +   if (slot->flags & KVM_MEM_READONLY)
> > +   fault->map_writable = false;
> > +   if (order == 0)
> > +   fault->max_level = PG_LEVEL_4K;
> > +
> > +   return false;
> > +
> > +out_convert:
> > +   vcpu->run->exit_reason = KVM_EXIT_MEMORY_ERROR;
> > +   vcpu->run->mem.type = mem_convert_type;
> > +   vcpu->run->mem.u.map.gpa = fault->gfn << PAGE_SHIFT;
> > +   vcpu->run->mem.u.map.size = PAGE_SIZE;
> > +   fault->pfn = -1;
> > +   *r = -1;
> > +   return true;
> > +}
> > +
> >  static bool kvm_faultin_pfn(struct kvm_vcpu *vcpu, struct kvm_page_fault 
> > *fault, int *r)
> >  {
> > struct kvm_memory_slot *slot = fault->slot;
> > @@ -4596,6 +4658,9 @@ static bool kvm_faultin_pfn(struct kvm_vcpu *vcpu, 
> > struct kvm_page_fault *fault,
> > }
> > }
> >
> > +   if (memslot_is_memfd(slot))
> > +   return kvm_faultin_pfn_memfd(vcpu, fault, r);
> > +
> > async = false;
> > fault->pfn = __gfn_to_pfn_memslot(slot, fault->gfn, false, &async,
> >   fault->write, &fault->map_writable,
> > @@ -4660,7 +4725,8 @@ static int direct_page_fault(struct kvm_vcpu *vcpu, 
> > struct kvm_page_fault *fault
> > else
> > write_lock(&vcpu->kvm->mmu_lock);
> >
> > -   if (fault->slot && mmu_notifier_retry_hva(vcpu->kvm, mmu_seq, 
> > fault->hva))
> > +   if (fault->slot && !memslot_is_memfd(fault->slot) &&
> > +   mmu_notifier_retry_hva(vcpu->kvm, mmu_seq, fault->hva))
> > goto out_unlock;
> > r = make_mmu_pages_available(vcpu);
> > if (r)
> > @@ -4676,7 +4742,12 @@ static int direct_page_fault(struct kvm_vcpu *vcpu, 
> > struct kvm_page_fault *fault
> > read_unlock(&vcpu->kvm->mmu_lock);
> > else
> > write_unlock(&vcpu->kvm->mmu_lock);
> > -   kvm_release_pfn_clean(fault->pfn);
> > +
> > +   if (memslot_is_memfd(fault->slot))
> > +   fault->slot->memfd_ops->put_

Re: [PATCH v3 3/3] cpus-common: implement dirty limit on vCPU

[Hyman Huang]

在 2021/11/22 17:10, Markus Armbruster 写道:

Hyman Huang  writes:


=E5=9C=A8 2021/11/22 15:35, Markus Armbruster =E5=86=99=E9=81=93:

huang...@chinatelecom.cn writes:


From: Hyman Huang(=E9=BB=84=E5=8B=87) 

implement dirtyrate calculation periodically basing on
dirty-ring and throttle vCPU until it reachs the quota
dirtyrate given by user.

introduce qmp commands set-dirty-limit/cancel-dirty-limit to
set/cancel dirty limit on vCPU.


Please start sentences with a capital letter.


Ok，i'll check the syntax problem next version.


Signed-off-by: Hyman Huang(黄勇) 



[...]


diff --git a/qapi/misc.json b/qapi/misc.json
index 358548a..98e6001 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -527,3 +527,42 @@
'data': { '*option': 'str' },
'returns': ['CommandLineOptionInfo'],
'allow-preconfig': true }
+
+##
+# @set-dirty-limit:
+#
+# This command could be used to cap the vCPU memory load, which is also
+# refered as dirtyrate. One should use "calc-dirty-rate" with "dirty-ring"
+# and to calculate vCPU dirtyrate and query it with "query-dirty-rate".
+# Once getting the vCPU current dirtyrate, "set-dirty-limit" can be used
+# to set the upper limit of dirtyrate for the interested vCPU.


"dirtyrate" is not a word.  Let's spell it "dirty page rate", for
consistency with the documentation in migration.json.

Ok, sounds good.


Regarding "One should use ...": sounds like you have to run
calc-dirty-rate with argument @mode set to @dirty-ring before this
command.  Correct?  What happens when you don't?  set-dirty-limit fails?


You didn't answer this question.
set-dirty-limit doesn't do any pre-check about if calc-dirty-rate has 
executed, so it doesn't fail.


Since only executing calc-dirty-rate with dirty-ring mode can we get the 
vCPU dirty page rate currently(while the dirty-bitmap only get the vm 
dirty page rate), "One should use ..." maybe misleading, what i actually 
want to say is "One should use the dirty-ring mode to calculate the vCPU 
dirty page rate".



Do you also have to run query-dirty-rate before this command?

Actually no, i'll clarify the usage next verison.


Regarding "dirty-ring": is this merely a limitation of the
implementation, i.e. other modes could be made to work if we cared, or
is it more fundamental?


Speaking of migration.json: should these commands be defined there, next
to calc-dirty-rate and query-dirty-rate?

I'm struggling too because these commands will be used in migration but
it is vCPU they handle.


I think migration.json is more about CPUs than misc.json is.  Let's add
the new commands to migration.json if migration maintainers are okay
with it.

[...]



--
Best regard

Hyman Huang(黄勇)

Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST

[David Hildenbrand]

On 19.11.21 17:00, Jason Gunthorpe wrote:
> On Fri, Nov 19, 2021 at 04:39:15PM +0100, David Hildenbrand wrote:
> 
>>> If qmeu can put all the guest memory in a memfd and not map it, then
>>> I'd also like to see that the IOMMU can use this interface too so we
>>> can have VFIO working in this configuration.
>>
>> In QEMU we usually want to (and must) be able to access guest memory
>> from user space, with the current design we wouldn't even be able to
>> temporarily mmap it -- which makes sense for encrypted memory only. The
>> corner case really is encrypted memory. So I don't think we'll see a
>> broad use of this feature outside of encrypted VMs in QEMU. I might be
>> wrong, most probably I am :)
> 
> Interesting..
> 
> The non-encrypted case I had in mind is the horrible flow in VFIO to
> support qemu re-execing itself (VFIO_DMA_UNMAP_FLAG_VADDR).

Thanks for sharing!

> 
> Here VFIO is connected to a VA in a mm_struct that will become invalid
> during the kexec period, but VFIO needs to continue to access it. For
> IOMMU cases this is OK because the memory is already pinned, but for
> the 'emulated iommu' used by mdevs pages are pinned dynamically. qemu
> needs to ensure that VFIO can continue to access the pages across the
> kexec, even though there is nothing to pin_user_pages() on.
> 
> This flow would work a lot better if VFIO was connected to the memfd
> that is storing the guest memory. Then it naturally doesn't get
> disrupted by exec() and we don't need the mess in the kernel..

I do wonder if we want to support sharing such memfds between processes
in all cases ... we most certainly don't want to be able to share
encrypted memory between VMs (I heard that the kernel has to forbid
that). It would make sense in the use case you describe, though.

> 
> I was wondering if we could get here using the direct_io APIs but this
> would do the job too.
> 
>> Apart from the special "encrypted memory" semantics, I assume nothing
>> speaks against allowing for mmaping these memfds, for example, for any
>> other VFIO use cases.
> 
> We will eventually have VFIO with "encrypted memory". There was a talk
> in LPC about the enabling work for this.

Yes, I heard about that as well. In the foreseeable future, we'll have
shared memory only visible for VFIO devices.

> 
> So, if the plan is to put fully encrpyted memory inside a memfd, then
> we still will eventually need a way to pull the pfns it into the
> IOMMU, presumably along with the access control parameters needed to
> pass to the secure monitor to join a PCI device to the secure memory.

Long-term, agreed.

-- 
Thanks,

David / dhildenb

Re: [PATCH 03/11] multifd: Fill offset and block for reception

[Juan Quintela]

Richard Henderson  wrote:
> On 11/19/21 5:58 PM, Juan Quintela wrote:
>> We were using the iov directly, but we will need this info on the
>> following patch.
>> Signed-off-by: Juan Quintela 
>> ---
>>   migration/multifd.c | 2 ++
>>   1 file changed, 2 insertions(+)
>> diff --git a/migration/multifd.c b/migration/multifd.c
>> index 7c9deb1921..e2adcdffa1 100644
>> --- a/migration/multifd.c
>> +++ b/migration/multifd.c
>> @@ -364,6 +364,8 @@ static int multifd_recv_unfill_packet(MultiFDRecvParams 
>> *p, Error **errp)
>>  offset, block->used_length);
>>   return -1;
>>   }
>> +p->pages->offset[i] = offset;
>> +p->pages->block = block;
>>   p->pages->iov[i].iov_base = block->host + offset;
>>   p->pages->iov[i].iov_len = qemu_target_page_size();
>>   }
>> 
>
> Block should be stored one outside the loop.

Done.

Thanks, Juan.

Re: [PATCH 06/11] migration: Move iov from pages to params

[Juan Quintela]

Richard Henderson  wrote:
> On 11/19/21 5:58 PM, Juan Quintela wrote:
>>   static int nocomp_send_prepare(MultiFDSendParams *p, uint32_t used,
>>  Error **errp)
>>   {
>> +MultiFDPages_t *pages = p->pages;
>> +
>> +for (int i = 0; i < used; i++) {
>> +p->iov[p->iovs_used].iov_base = pages->block->host + 
>> pages->offset[i];
>> +p->iov[p->iovs_used].iov_len = qemu_target_page_size();
>> +p->iovs_used++;
>> +}
>> +
>>   p->next_packet_size = used * qemu_target_page_size();
>
> Compute qemu_target_page_size once in the function.
> Hoist p->iovs_used to a local variable around the loop.
>
>> @@ -154,7 +162,11 @@ static int nocomp_recv_pages(MultiFDRecvParams *p, 
>> uint32_t used, Error **errp)
>>  p->id, flags, MULTIFD_FLAG_NOCOMP);
>>   return -1;
>>   }
>> -return qio_channel_readv_all(p->c, p->pages->iov, used, errp);
>> +for (int i = 0; i < p->pages->used; i++) {
>> +p->iov[i].iov_base = p->pages->block->host + p->pages->offset[i];
>> +p->iov[i].iov_len = qemu_target_page_size();
>> +}
>
> Similarly.

Done both.

Thank again, Juan.

Re: [PULL 0/2] riscv-to-apply queue

[Richard Henderson]

On 11/22/21 7:52 AM, Alistair Francis wrote:

From: Alistair Francis 

The following changes since commit c5fbdd60cf1fb52f01bdfe342b6fa65d5343e1b1:

   Merge tag 'qemu-sparc-20211121' of git://github.com/mcayland/qemu into 
staging (2021-11-21 14:12:25 +0100)

are available in the Git repository at:

   g...@github.com:alistair23/qemu.git tags/pull-riscv-to-apply-20211122

for you to fetch changes up to 526e7443027c71fe7b04c29df529e1f9f425f9e3:

   hw/misc/sifive_u_otp: Do not reset OTP content on hardware reset (2021-11-22 
10:46:22 +1000)


Seventh RISC-V PR for QEMU 6.2

  - Deprecate IF_NONE for SiFive OTP
  - Don't reset SiFive OTP content


Philippe Mathieu-Daudé (1):
   hw/misc/sifive_u_otp: Do not reset OTP content on hardware reset

Thomas Huth (1):
   hw/misc/sifive_u_otp: Use IF_PFLASH for the OTP device instead of IF_NONE

  docs/about/deprecated.rst |  6 ++
  hw/misc/sifive_u_otp.c| 22 +-
  2 files changed, 19 insertions(+), 9 deletions(-)


Applied, thanks.

r~

Re: [PATCH 35/35] test/tcg/ppc64le: Add float reference files

[Richard Henderson]

On 11/21/21 6:47 PM, Cédric Le Goater wrote:

I am getting an error with this test. See below.

...

  ### Rounding to nearest
  from single: f32(-nan:0xffa0)
-  to double: f64(-nan:0x00fff4) (INVALID)
+  to double: f64(-nan:0x00fff4) (OK)


Well that's disconcerting.

I can replicate this failure on an x86_64 host, but do not see the same error on a power9 
ppc64le host.



r~

Re: [PATCH 1/2] docs: Fix botched rST conversion of 'submitting-a-patch.rst'

[Thomas Huth]

On 19/11/2021 20.31, Kashyap Chamarthy wrote:

I completely botched up the merged[0] rST conversion of this document by
accidentally dropping entire hunks (!) of text. :-(  I made it very hard
for reviewers to spot it, as the omitted text was buried deep in the
document.  To fix my hatchet job, I reconverted the "SubmitAPatch"
wiki[1] page from scratch and replaced the existing rST with it, while
making sure I incorporated previous feedback.


Thanks for the quick update! I've now tripple-checked the differences 
between the old wiki page and the new rst page, and I think with some 
additional small changes on top (which I will do while picking up your 
patch, see below), we should be fine now.


[...]

@@ -55,16 +55,15 @@ Writing your Patches
  Use the QEMU coding style
  ~
  
-You can run run *scripts/checkpatch.pl * before submitting to

-check that you are in compliance with our coding standards. Be aware
-that ``checkpatch.pl`` is not infallible, though, especially where C
+You can run run *scripts/checkpatch.pl * before submitting
+to check that you are in compliance with our coding standards. Be aware
+that checkpatch.pl is not infallible, though, especially where C
  preprocessor macros are involved; use some common sense too. See also:
  
-- `QEMU Coding Style

-  `__
-
+-  `QEMU Coding Style `__


While we're at it, I'll replace the link with an internal link when picking 
up this patch (so that it can also be used in offline documentation).



  -  `Automate a checkpatch run on
-   commit 
`__
+   commit 
`__
+-  Spell check your patches


I'll add the link to https://wiki.qemu.org/Contribute/SpellCheck again.


@@ -85,7 +91,7 @@ Split up longer patches into a patch series of logical code 
changes.
  Each change should compile and execute successfully. For instance, don't
  add a file to the makefile in patch one and then add the file itself in
  patch two. (This rule is here so that people can later use tools like
-`git bisect `__ without hitting
+```git bisect`` `__ without hitting


You've re-introduced the broken git-bisect link. I'll fix it again.


@@ -170,11 +175,74 @@ displays the subject line some distance apart (that is, a 
body that
  starts with "... so that" as a continuation of the subject line is
  harder to follow).
  
+If your patch fixes a commit that is already in the repository, please

+add a line with "Fixes: ("Fixed commit subject")" below the patch


Missing the "" from the Wiki page. I'll 
add it.



+description / before your "Signed-off-by:" line in the commit message.
+
+If your patch fixes a bug in the gitlab bug tracker, please add a line
+with "Resolves: " to the commit message, too. Gitlab can close bugs


Missing the "" from the Wiki. I'll add it.


+automatically once commits with the "Resolved:" keyword get merged into
+the master branch of the project. And if your patch addresses a bug in
+another public bug tracker, you can also use a line with "Buglink: " for


dito.


@@ -223,13 +291,22 @@ use --numbered so the cover and the patch have distinct 
subject lines).


I noticed that the --numbered will be translated into –numbered, so I'll add 
some `` quotes here.



@@ -288,6 +370,18 @@ it's best to:
 of the patchset you're looking for review on, and why reviewers
 should care
  
+.. _consider_whether_your_patch_is_applicable_for_stable:

+
+Consider whether your patch is applicable for stable
+
+
+If your patch fixes a severe issue or a regression, it may be applicable
+for stable. In that case, consider adding ``Cc: qemu-sta...@nongnu.org``
+to your patch to notify the stable maintainers.
+
+For more details on how QEMU's stable process works, refer to
+`docs/devel/stable-process.rst 
`__.


While at this, I'll also replace this external link with an internal one.


  Is my patch in?
  ~~~
  
+QEMU has some Continuous Integration machines that try to catch patch

+submission problems as soon as possible.  `patchew
+`__ includes a web interface for tracking the
+status of various threads that have been posted to the list, and may
+send you an automated mail if it detected a problem with your patch.
+
  Once your patch has had enough review on list, the maintainer for that
  area of code will send notification to the list that they are including
  your patch in a particular staging branch. Periodically, the maintainer
  then sends a `pull request
  `__

Re: [PATCH 35/35] test/tcg/ppc64le: Add float reference files

[Cédric Le Goater]

On 11/22/21 10:43, Richard Henderson wrote:

On 11/21/21 6:47 PM, Cédric Le Goater wrote:

I am getting an error with this test. See below.

...

  ### Rounding to nearest
  from single: f32(-nan:0xffa0)
-  to double: f64(-nan:0x00fff4) (INVALID)
+  to double: f64(-nan:0x00fff4) (OK)


Well that's disconcerting.

I can replicate this failure on an x86_64 host, but do not see the 
same error on a power9 ppc64le host.


I do replicate on both x86_64 (rh9) and POWER9 (21.10).

The same ref file on 4 different P9 systems looks the same. make
check-tcg is behaving fine with it.

Updated here :

  
https://gitlab.com/legoater/qemu/-/commit/3d5ab4afaa50c3771b9d3bc74bfd04d992dc3a07

CI in progress :

  https://gitlab.com/legoater/qemu/-/pipelines/413705207

C.

Re: [PATCH 1/2] docs: Fix botched rST conversion of 'submitting-a-patch.rst'

[Kashyap Chamarthy]

On Mon, Nov 22, 2021 at 10:51:15AM +0100, Thomas Huth wrote:
> On 19/11/2021 20.31, Kashyap Chamarthy wrote:
> > I completely botched up the merged[0] rST conversion of this document by
> > accidentally dropping entire hunks (!) of text. :-(  I made it very hard
> > for reviewers to spot it, as the omitted text was buried deep in the
> > document.  To fix my hatchet job, I reconverted the "SubmitAPatch"
> > wiki[1] page from scratch and replaced the existing rST with it, while
> > making sure I incorporated previous feedback.
> 
> Thanks for the quick update! I've now tripple-checked the differences
> between the old wiki page and the new rst page, and I think with some
> additional small changes on top (which I will do while picking up your
> patch, see below), we should be fine now.

Thanks for your eagle eyes.

[...]

> > -- `QEMU Coding Style
> > -  `__
> > -
> > +-  `QEMU Coding Style 
> > `__
> 
> While we're at it, I'll replace the link with an internal link when picking
> up this patch (so that it can also be used in offline documentation).

Sure.

> >   -  `Automate a checkpatch run on
> > -   commit 
> > `__
> > +   commit 
> > `__
> > +-  Spell check your patches
> 
> I'll add the link to https://wiki.qemu.org/Contribute/SpellCheck again.

Please don't -- I intentionally dropped it in a previous iteration based
on this feedback from Peter Maydell:

"I'm not sure that SpellCheck in particular is sufficiently baked
to be in the actual docs. I'd rather just drop the reference to it
from SubmitAPatch."

(https://lists.nongnu.org/archive/html/qemu-devel/2021-11/msg00137.html)

> > @@ -85,7 +91,7 @@ Split up longer patches into a patch series of logical 
> > code changes.
> >   Each change should compile and execute successfully. For instance, don't
> >   add a file to the makefile in patch one and then add the file itself in
> >   patch two. (This rule is here so that people can later use tools like
> > -`git bisect `__ without hitting
> > +```git bisect`` `__ without hitting
> 
> You've re-introduced the broken git-bisect link. I'll fix it again.

Oops; thanks!  It's hard to spot these double-ticks.

> > @@ -170,11 +175,74 @@ displays the subject line some distance apart (that 
> > is, a body that
> >   starts with "... so that" as a continuation of the subject line is
> >   harder to follow).
> > +If your patch fixes a commit that is already in the repository, please
> > +add a line with "Fixes: ("Fixed commit subject")" below the patch
> 
> Missing the "" from the Wiki page. I'll
> add it.
>
> > +description / before your "Signed-off-by:" line in the commit message.
> > +
> > +If your patch fixes a bug in the gitlab bug tracker, please add a line
> > +with "Resolves: " to the commit message, too. Gitlab can close bugs
> 
> Missing the "" from the Wiki. I'll add it.

Uh, not sure how I missed the above two bits.

> > +automatically once commits with the "Resolved:" keyword get merged into
> > +the master branch of the project. And if your patch addresses a bug in
> > +another public bug tracker, you can also use a line with "Buglink: " for
> 
> dito.
> 
> > @@ -223,13 +291,22 @@ use --numbered so the cover and the patch have 
> > distinct subject lines).
> 
> I noticed that the --numbered will be translated into –numbered, so I'll add
> some `` quotes here.

Good catch; my eyes glazed over it.

> > @@ -288,6 +370,18 @@ it's best to:
> >  of the patchset you're looking for review on, and why reviewers
> >  should care
> > +.. _consider_whether_your_patch_is_applicable_for_stable:
> > +
> > +Consider whether your patch is applicable for stable
> > +
> > +
> > +If your patch fixes a severe issue or a regression, it may be applicable
> > +for stable. In that case, consider adding ``Cc: qemu-sta...@nongnu.org``
> > +to your patch to notify the stable maintainers.
> > +
> > +For more details on how QEMU's stable process works, refer to
> > +`docs/devel/stable-process.rst 
> > `__.
> 
> While at this, I'll also replace this external link with an internal one.

[...]

> >   your patch in a particular staging branch. Periodically, the maintainer
> >   then sends a `pull request
> >   
> > `__
> 
> I'll also use an internal link for this reference here.

Sure.

Many thanks for the careful combing!

[...]

-- 
/kashyap

Re: [PATCH 1/2] docs: Fix botched rST conversion of 'submitting-a-patch.rst'

[Thomas Huth]

On 22/11/2021 11.20, Kashyap Chamarthy wrote:

On Mon, Nov 22, 2021 at 10:51:15AM +0100, Thomas Huth wrote:

On 19/11/2021 20.31, Kashyap Chamarthy wrote:

I completely botched up the merged[0] rST conversion of this document by
accidentally dropping entire hunks (!) of text. :-(  I made it very hard
for reviewers to spot it, as the omitted text was buried deep in the
document.  To fix my hatchet job, I reconverted the "SubmitAPatch"
wiki[1] page from scratch and replaced the existing rST with it, while
making sure I incorporated previous feedback.


Thanks for the quick update! I've now tripple-checked the differences
between the old wiki page and the new rst page, and I think with some
additional small changes on top (which I will do while picking up your
patch, see below), we should be fine now.


Thanks for your eagle eyes.

[...]


-- `QEMU Coding Style
-  `__
-
+-  `QEMU Coding Style `__


While we're at it, I'll replace the link with an internal link when picking
up this patch (so that it can also be used in offline documentation).


Sure.


   -  `Automate a checkpatch run on
-   commit 
`__
+   commit 
`__
+-  Spell check your patches


I'll add the link to https://wiki.qemu.org/Contribute/SpellCheck again.


Please don't -- I intentionally dropped it in a previous iteration based
on this feedback from Peter Maydell:

 "I'm not sure that SpellCheck in particular is sufficiently baked
 to be in the actual docs. I'd rather just drop the reference to it
 from SubmitAPatch."
 
 (https://lists.nongnu.org/archive/html/qemu-devel/2021-11/msg00137.html)


Ok, so I'll drop that line completely (otherwise it does not really make 
sense to have it in this list after the "See also:" right in front of it).


 Thomas

[PATCH v7 04/31] tcg/loongarch64: Add generated instruction opcodes and encoding helpers

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Acked-by: Richard Henderson 
---
 tcg/loongarch64/tcg-insn-defs.c.inc | 979 
 1 file changed, 979 insertions(+)
 create mode 100644 tcg/loongarch64/tcg-insn-defs.c.inc

diff --git a/tcg/loongarch64/tcg-insn-defs.c.inc 
b/tcg/loongarch64/tcg-insn-defs.c.inc
new file mode 100644
index 00..d162571856
--- /dev/null
+++ b/tcg/loongarch64/tcg-insn-defs.c.inc
@@ -0,0 +1,979 @@
+/* SPDX-License-Identifier: MIT */
+/*
+ * LoongArch instruction formats, opcodes, and encoders for TCG use.
+ *
+ * This file is auto-generated by genqemutcgdefs from
+ * https://github.com/loongson-community/loongarch-opcodes,
+ * from commit 961f0c60f5b63e574d785995600c71ad5413fdc4.
+ * DO NOT EDIT.
+ */
+
+typedef enum {
+OPC_CLZ_W = 0x1400,
+OPC_CTZ_W = 0x1c00,
+OPC_CLZ_D = 0x2400,
+OPC_CTZ_D = 0x2c00,
+OPC_REVB_2H = 0x3000,
+OPC_REVB_2W = 0x3800,
+OPC_REVB_D = 0x3c00,
+OPC_SEXT_H = 0x5800,
+OPC_SEXT_B = 0x5c00,
+OPC_ADD_W = 0x0010,
+OPC_ADD_D = 0x00108000,
+OPC_SUB_W = 0x0011,
+OPC_SUB_D = 0x00118000,
+OPC_SLT = 0x0012,
+OPC_SLTU = 0x00128000,
+OPC_MASKEQZ = 0x0013,
+OPC_MASKNEZ = 0x00138000,
+OPC_NOR = 0x0014,
+OPC_AND = 0x00148000,
+OPC_OR = 0x0015,
+OPC_XOR = 0x00158000,
+OPC_ORN = 0x0016,
+OPC_ANDN = 0x00168000,
+OPC_SLL_W = 0x0017,
+OPC_SRL_W = 0x00178000,
+OPC_SRA_W = 0x0018,
+OPC_SLL_D = 0x00188000,
+OPC_SRL_D = 0x0019,
+OPC_SRA_D = 0x00198000,
+OPC_ROTR_W = 0x001b,
+OPC_ROTR_D = 0x001b8000,
+OPC_MUL_W = 0x001c,
+OPC_MULH_W = 0x001c8000,
+OPC_MULH_WU = 0x001d,
+OPC_MUL_D = 0x001d8000,
+OPC_MULH_D = 0x001e,
+OPC_MULH_DU = 0x001e8000,
+OPC_DIV_W = 0x0020,
+OPC_MOD_W = 0x00208000,
+OPC_DIV_WU = 0x0021,
+OPC_MOD_WU = 0x00218000,
+OPC_DIV_D = 0x0022,
+OPC_MOD_D = 0x00228000,
+OPC_DIV_DU = 0x0023,
+OPC_MOD_DU = 0x00238000,
+OPC_SLLI_W = 0x00408000,
+OPC_SLLI_D = 0x0041,
+OPC_SRLI_W = 0x00448000,
+OPC_SRLI_D = 0x0045,
+OPC_SRAI_W = 0x00488000,
+OPC_SRAI_D = 0x0049,
+OPC_ROTRI_W = 0x004c8000,
+OPC_ROTRI_D = 0x004d,
+OPC_BSTRINS_W = 0x0060,
+OPC_BSTRPICK_W = 0x00608000,
+OPC_BSTRINS_D = 0x0080,
+OPC_BSTRPICK_D = 0x00c0,
+OPC_SLTI = 0x0200,
+OPC_SLTUI = 0x0240,
+OPC_ADDI_W = 0x0280,
+OPC_ADDI_D = 0x02c0,
+OPC_CU52I_D = 0x0300,
+OPC_ANDI = 0x0340,
+OPC_ORI = 0x0380,
+OPC_XORI = 0x03c0,
+OPC_LU12I_W = 0x1400,
+OPC_CU32I_D = 0x1600,
+OPC_PCADDU2I = 0x1800,
+OPC_PCALAU12I = 0x1a00,
+OPC_PCADDU12I = 0x1c00,
+OPC_PCADDU18I = 0x1e00,
+OPC_LD_B = 0x2800,
+OPC_LD_H = 0x2840,
+OPC_LD_W = 0x2880,
+OPC_LD_D = 0x28c0,
+OPC_ST_B = 0x2900,
+OPC_ST_H = 0x2940,
+OPC_ST_W = 0x2980,
+OPC_ST_D = 0x29c0,
+OPC_LD_BU = 0x2a00,
+OPC_LD_HU = 0x2a40,
+OPC_LD_WU = 0x2a80,
+OPC_LDX_B = 0x3800,
+OPC_LDX_H = 0x3804,
+OPC_LDX_W = 0x3808,
+OPC_LDX_D = 0x380c,
+OPC_STX_B = 0x3810,
+OPC_STX_H = 0x3814,
+OPC_STX_W = 0x3818,
+OPC_STX_D = 0x381c,
+OPC_LDX_BU = 0x3820,
+OPC_LDX_HU = 0x3824,
+OPC_LDX_WU = 0x3828,
+OPC_DBAR = 0x3872,
+OPC_JIRL = 0x4c00,
+OPC_B = 0x5000,
+OPC_BL = 0x5400,
+OPC_BEQ = 0x5800,
+OPC_BNE = 0x5c00,
+OPC_BGT = 0x6000,
+OPC_BLE = 0x6400,
+OPC_BGTU = 0x6800,
+OPC_BLEU = 0x6c00,
+} LoongArchInsn;
+
+static int32_t __attribute__((unused))
+encode_d_slot(LoongArchInsn opc, uint32_t d)
+{
+return opc | d;
+}
+
+static int32_t __attribute__((unused))
+encode_dj_slots(LoongArchInsn opc, uint32_t d, uint32_t j)
+{
+return opc | d | j << 5;
+}
+
+static int32_t __attribute__((unused))
+encode_djk_slots(LoongArchInsn opc, uint32_t d, uint32_t j, uint32_t k)
+{
+return opc | d | j << 5 | k << 10;
+}
+
+static int32_t __attribute__((unused))
+encode_djkm_slots(LoongArchInsn opc, uint32_t d, uint32_t j, uint32_t k,
+  uint32_t m)
+{
+return opc | d | j << 5 | k << 10 | m << 16;
+}
+
+static int32_t __attribute__((unused))
+encode_dk_slots(LoongArchInsn opc, uint32_t d, uint32_t k)
+{
+return opc | d | k << 10;
+}
+
+static int32_t __attribute__((unused))
+encode_dj_insn(LoongArchInsn opc, TCGReg d, TCGReg j)
+{
+tcg_debug_assert(d >= 0 && d <= 0x1f);
+tcg_debug_assert(j >= 0 && j <= 0x1f);
+return encode_dj_slots(opc, d, j);
+}
+
+static int32_t __attribute__((unused))
+encode_djk_insn(LoongArchInsn opc, TCGReg d, TCGReg j, TCGReg k)
+{
+tcg_debug_assert(d >= 0 && d <= 0x1f);
+tcg_debug_assert(j >= 0 && j <= 0x1f);
+tcg_debu

[PATCH v7 00/31] LoongArch64 port of QEMU TCG

[WANG Xuerui]

Hi all,

This is a port of QEMU TCG to the brand-new CPU architecture LoongArch,
introduced by Loongson with their 3A5000 chips.

Tests (run with `ninja test`) all passed, as usual; I also boot-tested
x86_64 (Debian and Gentoo installation CDs) and install-tested aarch64
(Debian netboot installer), and ran riscv64 linux-user emulation with a
chroot; everything seems fine. Cross LoongArch64 builds are also added
to CI matrix in this revision.

## About the series

Only the LP64D ABI is supported, as this is the only one fully
implemented and supported by Loongson. 32-bit support is incomplete from
outset, and removed from the very latest upstream submissions, so you
can't even configure for that.

The architecture's documentation is already translated into English;
it can be browsed at https://loongson.github.io/LoongArch-Documentation/.
The LoongArch ELF psABI doc (version 1.00) could be found at [1];
if anything is missing there, it's most likely the same as RISC-V, but
you can always raise an issue over their issue tracker at [2].

[1]: 
https://loongson.github.io/LoongArch-Documentation/LoongArch-ELF-ABI-EN.html
[2]: https://github.com/loongson/LoongArch-Documentation/issues

In this series I made use of generated instruction encodings and
emitters from https://github.com/loongson-community/loongarch-opcodes
(a community project started by myself, something I must admit), as the
LoongArch encoding is highly irregular even for a fixed 32-bit ISA, and
I want to minimize the maintenance burden for future collaboration. This
is something not seen in any of the other TCG ports out there, so I'd
like to see if this is acceptable practice (and also maybe bikeshed the
file name).

This series touches some of the same files as Song Gao's previous
submission of LoongArch *target* support, which is a bit unfortunate;
one of us will have to rebase after either series gets in. Actual
conflict should only happen on build system bits and include/elf.h,
though, as we're working on entirely different areas.

## How to build and test this

Upstream support for LoongArch is largely WIP for now, which means you
must apply a lot of patches if you want to even cross-build for this arch.
The main sources I used are as follows:

* binutils: (already upstream as of November 2021)
* gcc: https://github.com/xen0n/gcc/tree/for-gentoo-gcc-12-v2
  based on https://github.com/loongson/gcc/tree/loongarch_upstream
* glibc: https://github.com/xen0n/glibc/tree/for-gentoo-glibc-2.34
  based on https://github.com/loongson/glibc/tree/loongarch_2_34_for_upstream
* Linux: https://github.com/xen0n/linux/tree/loongarch-playground
  based on https://github.com/loongson/linux/tree/loongarch-next
* Gentoo overlay: https://github.com/xen0n/loongson-overlay

I have made ready-to-use Gentoo stage3 tarballs, but they're served with
CDN off my personal cloud account, and I don't want the link to be
exposed so that my bills skyrocket; you can reach me off-list to get the
links if you're interested.

As for the hardware availability, the boards can already be bought in
China on Taobao, and I think some people at Loongson might be able to
arrange for testing environments, if testing on real hardware other than
mine is required before merging; they have their in-house Debian spin-off
from the early days of this architecture. Their kernel is
ABI-incompatible with the version being upstreamed and used by me, but
QEMU should work there regardless.

Lastly, I'm new to QEMU development and this is my first patch series
here; apologizes if I get anything wrong, and any help or suggestion is
certainly appreciated!

## New patches in need of review

Only the last (31st) patch is new in this round; others are mostly
untouched, save for build fixes during rebase.

## Changelog

v7 -> v6:

- Rebased to latest development branch
- Added Docker image for cross-compilation and cross-build CI jobs

v6 -> v5:

- Fixed many places using 0/1 to say false/true
- Tweaks to tcg_out_movi
  - Moved variable declarations to top of function, as per QEMU coding
style
  - Added ASCII art to better explain names like `hi12` `hi32` and `hi52`
- Added example `uname -a` outputs to commit message of Patch 30 to help
  people make sense of the change

v5 -> v4:

- Updated generated instruction definition to latest (added ldx/stx
  family of indexed load/stores)
- Incorporated Richard's suggestion for tcg_out_movi, tested to cover
  the cases it's supposed to improve
- Fixed a "size == MO_64" occurrence to just say "type"
- Used indexed load/stores to optimize qemu_ld/st
- Fixed zero-extension of address register for qemu_ld/st on 32-bit
  targets

v4 -> v3:

- Addressed all review comments from v3
  - Made MAX_CODE_GEN_BUFFER_SIZE to be just SIZE_MAX (but kept
TCG_TARGET_NB_REGS as macro definition)
  - Updated generated instruction definition, made it clear that the
whole file is generated
  - Used deposit64 for hand-written relocation code
  - Reworked tcg_out_movi
- Us

[PATCH v7 03/31] tcg/loongarch64: Add the tcg-target.h file

[WANG Xuerui]

Support for all optional TCG ops are initially marked disabled; the bits
are to be set in individual commits later.

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tcg/loongarch64/tcg-target.h | 180 +++
 1 file changed, 180 insertions(+)
 create mode 100644 tcg/loongarch64/tcg-target.h

diff --git a/tcg/loongarch64/tcg-target.h b/tcg/loongarch64/tcg-target.h
new file mode 100644
index 00..5fc097b3c1
--- /dev/null
+++ b/tcg/loongarch64/tcg-target.h
@@ -0,0 +1,180 @@
+/*
+ * Tiny Code Generator for QEMU
+ *
+ * Copyright (c) 2021 WANG Xuerui 
+ *
+ * Based on tcg/riscv/tcg-target.h
+ *
+ * Copyright (c) 2018 SiFive, Inc
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef LOONGARCH_TCG_TARGET_H
+#define LOONGARCH_TCG_TARGET_H
+
+/*
+ * Loongson removed the (incomplete) 32-bit support from kernel and toolchain
+ * for the initial upstreaming of this architecture, so don't bother and just
+ * support the LP64 ABI for now.
+ */
+#if defined(__loongarch64)
+# define TCG_TARGET_REG_BITS 64
+#else
+# error unsupported LoongArch register size
+#endif
+
+#define TCG_TARGET_INSN_UNIT_SIZE 4
+#define TCG_TARGET_NB_REGS 32
+#define MAX_CODE_GEN_BUFFER_SIZE  SIZE_MAX
+
+typedef enum {
+TCG_REG_ZERO,
+TCG_REG_RA,
+TCG_REG_TP,
+TCG_REG_SP,
+TCG_REG_A0,
+TCG_REG_A1,
+TCG_REG_A2,
+TCG_REG_A3,
+TCG_REG_A4,
+TCG_REG_A5,
+TCG_REG_A6,
+TCG_REG_A7,
+TCG_REG_T0,
+TCG_REG_T1,
+TCG_REG_T2,
+TCG_REG_T3,
+TCG_REG_T4,
+TCG_REG_T5,
+TCG_REG_T6,
+TCG_REG_T7,
+TCG_REG_T8,
+TCG_REG_RESERVED,
+TCG_REG_S9,
+TCG_REG_S0,
+TCG_REG_S1,
+TCG_REG_S2,
+TCG_REG_S3,
+TCG_REG_S4,
+TCG_REG_S5,
+TCG_REG_S6,
+TCG_REG_S7,
+TCG_REG_S8,
+
+/* aliases */
+TCG_AREG0= TCG_REG_S0,
+TCG_REG_TMP0 = TCG_REG_T8,
+TCG_REG_TMP1 = TCG_REG_T7,
+TCG_REG_TMP2 = TCG_REG_T6,
+} TCGReg;
+
+/* used for function call generation */
+#define TCG_REG_CALL_STACK  TCG_REG_SP
+#define TCG_TARGET_STACK_ALIGN  16
+#define TCG_TARGET_CALL_ALIGN_ARGS  1
+#define TCG_TARGET_CALL_STACK_OFFSET0
+
+/* optional instructions */
+#define TCG_TARGET_HAS_movcond_i32  0
+#define TCG_TARGET_HAS_div_i32  0
+#define TCG_TARGET_HAS_rem_i32  0
+#define TCG_TARGET_HAS_div2_i32 0
+#define TCG_TARGET_HAS_rot_i32  0
+#define TCG_TARGET_HAS_deposit_i32  0
+#define TCG_TARGET_HAS_extract_i32  0
+#define TCG_TARGET_HAS_sextract_i32 0
+#define TCG_TARGET_HAS_extract2_i32 0
+#define TCG_TARGET_HAS_add2_i32 0
+#define TCG_TARGET_HAS_sub2_i32 0
+#define TCG_TARGET_HAS_mulu2_i320
+#define TCG_TARGET_HAS_muls2_i320
+#define TCG_TARGET_HAS_muluh_i320
+#define TCG_TARGET_HAS_mulsh_i320
+#define TCG_TARGET_HAS_ext8s_i320
+#define TCG_TARGET_HAS_ext16s_i32   0
+#define TCG_TARGET_HAS_ext8u_i320
+#define TCG_TARGET_HAS_ext16u_i32   0
+#define TCG_TARGET_HAS_bswap16_i32  0
+#define TCG_TARGET_HAS_bswap32_i32  0
+#define TCG_TARGET_HAS_not_i32  0
+#define TCG_TARGET_HAS_neg_i32  0
+#define TCG_TARGET_HAS_andc_i32 0
+#define TCG_TARGET_HAS_orc_i32  0
+#define TCG_TARGET_HAS_eqv_i32  0
+#define TCG_TARGET_HAS_nand_i32 0
+#define TCG_TARGET_HAS_nor_i32  0
+#define TCG_TARGET_HAS_clz_i32  0
+#define TCG_TARGET_HAS_ctz_i32  0
+#define TCG_TARGET_HAS_ctpop_i320
+#define TCG_TARGET_HAS_direct_jump  0
+#define TCG_TARGET_HAS_brcond2  0
+#define TCG_TARGET_HAS_setcond2 0
+#define TCG_TARGET_HAS_qemu_st8_i32 0
+
+/* 64-bit operations */
+#define TCG_TARGET_HAS_movcond_i64  0
+#define TCG_TARGET_HAS_div_i64  0
+#define TCG_TARGET_HAS_rem_i64  0
+#define TCG_TARGET_HAS_div

[PATCH v7 02/31] MAINTAINERS: Add tcg/loongarch64 entry with myself as maintainer

[WANG Xuerui]

I ported the initial code, so I should maintain it of course.

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 MAINTAINERS | 5 +
 1 file changed, 5 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index d3879aa3c1..a638fb6b31 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3137,6 +3137,11 @@ S: Maintained
 F: tcg/i386/
 F: disas/i386.c
 
+LoongArch64 TCG target
+M: WANG Xuerui 
+S: Maintained
+F: tcg/loongarch64/
+
 MIPS TCG target
 M: Philippe Mathieu-Daudé 
 R: Aurelien Jarno 
-- 
2.34.0

[PATCH v7 01/31] elf: Add machine type value for LoongArch

[WANG Xuerui]

This is already officially allocated as recorded in GNU binutils
repo [1], and the description is updated in [2]. Add to enable further
work.

[1]: 
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=4cf2ad720078a9f490dd5b5bc8893a926479196e
[2]: 
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=01a8c731aacbdbed0eb5682d13cc074dc7e25fb3

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 include/elf.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/elf.h b/include/elf.h
index 811bf4a1cb..3a4bcb646a 100644
--- a/include/elf.h
+++ b/include/elf.h
@@ -182,6 +182,8 @@ typedef struct mips_elf_abiflags_v0 {
 
 #define EM_NANOMIPS 249 /* Wave Computing nanoMIPS */
 
+#define EM_LOONGARCH258 /* LoongArch */
+
 /*
  * This is an interim value that we will use until the committee comes
  * up with a final number.
-- 
2.34.0

[PATCH v7 07/31] tcg/loongarch64: Implement necessary relocation operations

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
---
 tcg/loongarch64/tcg-target.c.inc | 66 
 1 file changed, 66 insertions(+)

diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index 64e57bd055..fbacaef862 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -168,3 +168,69 @@ static bool tcg_target_const_match(int64_t val, TCGType 
type, int ct)
 }
 return false;
 }
+
+/*
+ * Relocations
+ */
+
+/*
+ * Relocation records defined in LoongArch ELF psABI v1.00 is way too
+ * complicated; a whopping stack machine is needed to stuff the fields, at
+ * the very least one SOP_PUSH and one SOP_POP (of the correct format) are
+ * needed.
+ *
+ * Hence, define our own simpler relocation types. Numbers are chosen as to
+ * not collide with potential future additions to the true ELF relocation
+ * type enum.
+ */
+
+/* Field Sk16, shifted right by 2; suitable for conditional jumps */
+#define R_LOONGARCH_BR_SK16 256
+/* Field Sd10k16, shifted right by 2; suitable for B and BL */
+#define R_LOONGARCH_BR_SD10K16  257
+
+static bool reloc_br_sk16(tcg_insn_unit *src_rw, const tcg_insn_unit *target)
+{
+const tcg_insn_unit *src_rx = tcg_splitwx_to_rx(src_rw);
+intptr_t offset = (intptr_t)target - (intptr_t)src_rx;
+
+tcg_debug_assert((offset & 3) == 0);
+offset >>= 2;
+if (offset == sextreg(offset, 0, 16)) {
+*src_rw = deposit64(*src_rw, 10, 16, offset);
+return true;
+}
+
+return false;
+}
+
+static bool reloc_br_sd10k16(tcg_insn_unit *src_rw,
+ const tcg_insn_unit *target)
+{
+const tcg_insn_unit *src_rx = tcg_splitwx_to_rx(src_rw);
+intptr_t offset = (intptr_t)target - (intptr_t)src_rx;
+
+tcg_debug_assert((offset & 3) == 0);
+offset >>= 2;
+if (offset == sextreg(offset, 0, 26)) {
+*src_rw = deposit64(*src_rw, 0, 10, offset >> 16); /* slot d10 */
+*src_rw = deposit64(*src_rw, 10, 16, offset); /* slot k16 */
+return true;
+}
+
+return false;
+}
+
+static bool patch_reloc(tcg_insn_unit *code_ptr, int type,
+intptr_t value, intptr_t addend)
+{
+tcg_debug_assert(addend == 0);
+switch (type) {
+case R_LOONGARCH_BR_SK16:
+return reloc_br_sk16(code_ptr, (tcg_insn_unit *)value);
+case R_LOONGARCH_BR_SD10K16:
+return reloc_br_sd10k16(code_ptr, (tcg_insn_unit *)value);
+default:
+g_assert_not_reached();
+}
+}
-- 
2.34.0

[PATCH v7 09/31] tcg/loongarch64: Implement tcg_out_mov and tcg_out_movi

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tcg/loongarch64/tcg-target.c.inc | 137 +++
 1 file changed, 137 insertions(+)

diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index f12955723d..4487851b5e 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -247,6 +247,141 @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
 tcg_out_opc_dbar(s, 0);
 }
 
+static bool tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg)
+{
+if (ret == arg) {
+return true;
+}
+switch (type) {
+case TCG_TYPE_I32:
+case TCG_TYPE_I64:
+/*
+ * Conventional register-register move used in LoongArch is
+ * `or dst, src, zero`.
+ */
+tcg_out_opc_or(s, ret, arg, TCG_REG_ZERO);
+break;
+default:
+g_assert_not_reached();
+}
+return true;
+}
+
+static bool imm_part_needs_loading(bool high_bits_are_ones,
+   tcg_target_long part)
+{
+if (high_bits_are_ones) {
+return part != -1;
+} else {
+return part != 0;
+}
+}
+
+/* Loads a 32-bit immediate into rd, sign-extended.  */
+static void tcg_out_movi_i32(TCGContext *s, TCGReg rd, int32_t val)
+{
+tcg_target_long lo = sextreg(val, 0, 12);
+tcg_target_long hi12 = sextreg(val, 12, 20);
+
+/* Single-instruction cases.  */
+if (lo == val) {
+/* val fits in simm12: addi.w rd, zero, val */
+tcg_out_opc_addi_w(s, rd, TCG_REG_ZERO, val);
+return;
+}
+if (0x800 <= val && val <= 0xfff) {
+/* val fits in uimm12: ori rd, zero, val */
+tcg_out_opc_ori(s, rd, TCG_REG_ZERO, val);
+return;
+}
+
+/* High bits must be set; load with lu12i.w + optional ori.  */
+tcg_out_opc_lu12i_w(s, rd, hi12);
+if (lo != 0) {
+tcg_out_opc_ori(s, rd, rd, lo & 0xfff);
+}
+}
+
+static void tcg_out_movi(TCGContext *s, TCGType type, TCGReg rd,
+ tcg_target_long val)
+{
+/*
+ * LoongArch conventionally loads 64-bit immediates in at most 4 steps,
+ * with dedicated instructions for filling the respective bitfields
+ * below:
+ *
+ *6   5   4   3
+ *  3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2
+ * +---+---+...
+ * |  hi52 |  hi32 |
+ * +---+---+...
+ *   3   2   1
+ * 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
+ * ...+-+-+
+ *| hi12|lo   |
+ * ...+-+-+
+ *
+ * Check if val belong to one of the several fast cases, before falling
+ * back to the slow path.
+ */
+
+intptr_t pc_offset;
+tcg_target_long val_lo, val_hi, pc_hi, offset_hi;
+tcg_target_long hi32, hi52;
+bool rd_high_bits_are_ones;
+
+/* Value fits in signed i32.  */
+if (type == TCG_TYPE_I32 || val == (int32_t)val) {
+tcg_out_movi_i32(s, rd, val);
+return;
+}
+
+/* PC-relative cases.  */
+pc_offset = tcg_pcrel_diff(s, (void *)val);
+if (pc_offset == sextreg(pc_offset, 0, 22) && (pc_offset & 3) == 0) {
+/* Single pcaddu2i.  */
+tcg_out_opc_pcaddu2i(s, rd, pc_offset >> 2);
+return;
+}
+
+if (pc_offset == (int32_t)pc_offset) {
+/* Offset within 32 bits; load with pcalau12i + ori.  */
+val_lo = sextreg(val, 0, 12);
+val_hi = val >> 12;
+pc_hi = (val - pc_offset) >> 12;
+offset_hi = val_hi - pc_hi;
+
+tcg_debug_assert(offset_hi == sextreg(offset_hi, 0, 20));
+tcg_out_opc_pcalau12i(s, rd, offset_hi);
+if (val_lo != 0) {
+tcg_out_opc_ori(s, rd, rd, val_lo & 0xfff);
+}
+return;
+}
+
+hi32 = sextreg(val, 32, 20);
+hi52 = sextreg(val, 52, 12);
+
+/* Single cu52i.d case.  */
+if (ctz64(val) >= 52) {
+tcg_out_opc_cu52i_d(s, rd, TCG_REG_ZERO, hi52);
+return;
+}
+
+/* Slow path.  Initialize the low 32 bits, then concat high bits.  */
+tcg_out_movi_i32(s, rd, val);
+rd_high_bits_are_ones = (int32_t)val < 0;
+
+if (imm_part_needs_loading(rd_high_bits_are_ones, hi32)) {
+tcg_out_opc_cu32i_d(s, rd, hi32);
+rd_high_bits_are_ones = hi32 < 0;
+}
+
+if (imm_part_needs_loading(rd_high_bits_are_ones, hi52)) {
+tcg_out_opc_cu52i_d(s, rd, rd, hi52);
+}
+}
+
 /*
  * Entry-points
  */
@@ -262,6 +397,8 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 

[PATCH v7 05/31] tcg/loongarch64: Add register names, allocation order and input/output sets

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
---
 tcg/loongarch64/tcg-target.c.inc | 118 +++
 1 file changed, 118 insertions(+)
 create mode 100644 tcg/loongarch64/tcg-target.c.inc

diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
new file mode 100644
index 00..42eebef78e
--- /dev/null
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -0,0 +1,118 @@
+/*
+ * Tiny Code Generator for QEMU
+ *
+ * Copyright (c) 2021 WANG Xuerui 
+ *
+ * Based on tcg/riscv/tcg-target.c.inc
+ *
+ * Copyright (c) 2018 SiFive, Inc
+ * Copyright (c) 2008-2009 Arnaud Patard 
+ * Copyright (c) 2009 Aurelien Jarno 
+ * Copyright (c) 2008 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifdef CONFIG_DEBUG_TCG
+static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
+"zero",
+"ra",
+"tp",
+"sp",
+"a0",
+"a1",
+"a2",
+"a3",
+"a4",
+"a5",
+"a6",
+"a7",
+"t0",
+"t1",
+"t2",
+"t3",
+"t4",
+"t5",
+"t6",
+"t7",
+"t8",
+"r21", /* reserved in the LP64 ABI, hence no ABI name */
+"s9",
+"s0",
+"s1",
+"s2",
+"s3",
+"s4",
+"s5",
+"s6",
+"s7",
+"s8"
+};
+#endif
+
+static const int tcg_target_reg_alloc_order[] = {
+/* Registers preserved across calls */
+/* TCG_REG_S0 reserved for TCG_AREG0 */
+TCG_REG_S1,
+TCG_REG_S2,
+TCG_REG_S3,
+TCG_REG_S4,
+TCG_REG_S5,
+TCG_REG_S6,
+TCG_REG_S7,
+TCG_REG_S8,
+TCG_REG_S9,
+
+/* Registers (potentially) clobbered across calls */
+TCG_REG_T0,
+TCG_REG_T1,
+TCG_REG_T2,
+TCG_REG_T3,
+TCG_REG_T4,
+TCG_REG_T5,
+TCG_REG_T6,
+TCG_REG_T7,
+TCG_REG_T8,
+
+/* Argument registers, opposite order of allocation.  */
+TCG_REG_A7,
+TCG_REG_A6,
+TCG_REG_A5,
+TCG_REG_A4,
+TCG_REG_A3,
+TCG_REG_A2,
+TCG_REG_A1,
+TCG_REG_A0,
+};
+
+static const int tcg_target_call_iarg_regs[] = {
+TCG_REG_A0,
+TCG_REG_A1,
+TCG_REG_A2,
+TCG_REG_A3,
+TCG_REG_A4,
+TCG_REG_A5,
+TCG_REG_A6,
+TCG_REG_A7,
+};
+
+static const int tcg_target_call_oarg_regs[] = {
+TCG_REG_A0,
+TCG_REG_A1,
+};
-- 
2.34.0

[PATCH v7 06/31] tcg/loongarch64: Define the operand constraints

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tcg/loongarch64/tcg-target-con-str.h | 28 +++
 tcg/loongarch64/tcg-target.c.inc | 52 
 2 files changed, 80 insertions(+)
 create mode 100644 tcg/loongarch64/tcg-target-con-str.h

diff --git a/tcg/loongarch64/tcg-target-con-str.h 
b/tcg/loongarch64/tcg-target-con-str.h
new file mode 100644
index 00..c3986a4fd4
--- /dev/null
+++ b/tcg/loongarch64/tcg-target-con-str.h
@@ -0,0 +1,28 @@
+/* SPDX-License-Identifier: MIT */
+/*
+ * Define LoongArch target-specific operand constraints.
+ *
+ * Copyright (c) 2021 WANG Xuerui 
+ *
+ * Based on tcg/riscv/tcg-target-con-str.h
+ *
+ * Copyright (c) 2021 Linaro
+ */
+
+/*
+ * Define constraint letters for register sets:
+ * REGS(letter, register_mask)
+ */
+REGS('r', ALL_GENERAL_REGS)
+REGS('L', ALL_GENERAL_REGS & ~SOFTMMU_RESERVE_REGS)
+
+/*
+ * Define constraint letters for constants:
+ * CONST(letter, TCG_CT_CONST_* bit set)
+ */
+CONST('I', TCG_CT_CONST_S12)
+CONST('N', TCG_CT_CONST_N12)
+CONST('U', TCG_CT_CONST_U12)
+CONST('Z', TCG_CT_CONST_ZERO)
+CONST('C', TCG_CT_CONST_C12)
+CONST('W', TCG_CT_CONST_WSZ)
diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index 42eebef78e..64e57bd055 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -116,3 +116,55 @@ static const int tcg_target_call_oarg_regs[] = {
 TCG_REG_A0,
 TCG_REG_A1,
 };
+
+#define TCG_CT_CONST_ZERO  0x100
+#define TCG_CT_CONST_S12   0x200
+#define TCG_CT_CONST_N12   0x400
+#define TCG_CT_CONST_U12   0x800
+#define TCG_CT_CONST_C12   0x1000
+#define TCG_CT_CONST_WSZ   0x2000
+
+#define ALL_GENERAL_REGS  MAKE_64BIT_MASK(0, 32)
+/*
+ * For softmmu, we need to avoid conflicts with the first 5
+ * argument registers to call the helper.  Some of these are
+ * also used for the tlb lookup.
+ */
+#ifdef CONFIG_SOFTMMU
+#define SOFTMMU_RESERVE_REGS  MAKE_64BIT_MASK(TCG_REG_A0, 5)
+#else
+#define SOFTMMU_RESERVE_REGS  0
+#endif
+
+
+static inline tcg_target_long sextreg(tcg_target_long val, int pos, int len)
+{
+return sextract64(val, pos, len);
+}
+
+/* test if a constant matches the constraint */
+static bool tcg_target_const_match(int64_t val, TCGType type, int ct)
+{
+if (ct & TCG_CT_CONST) {
+return true;
+}
+if ((ct & TCG_CT_CONST_ZERO) && val == 0) {
+return true;
+}
+if ((ct & TCG_CT_CONST_S12) && val == sextreg(val, 0, 12)) {
+return true;
+}
+if ((ct & TCG_CT_CONST_N12) && -val == sextreg(-val, 0, 12)) {
+return true;
+}
+if ((ct & TCG_CT_CONST_U12) && val >= 0 && val <= 0xfff) {
+return true;
+}
+if ((ct & TCG_CT_CONST_C12) && ~val >= 0 && ~val <= 0xfff) {
+return true;
+}
+if ((ct & TCG_CT_CONST_WSZ) && val == (type == TCG_TYPE_I32 ? 32 : 64)) {
+return true;
+}
+return false;
+}
-- 
2.34.0

[PATCH v7 16/31] tcg/loongarch64: Implement shl/shr/sar/rotl/rotr ops

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tcg/loongarch64/tcg-target-con-set.h |  1 +
 tcg/loongarch64/tcg-target.c.inc | 91 
 tcg/loongarch64/tcg-target.h |  4 +-
 3 files changed, 94 insertions(+), 2 deletions(-)

diff --git a/tcg/loongarch64/tcg-target-con-set.h 
b/tcg/loongarch64/tcg-target-con-set.h
index 2975e03127..42f8e28741 100644
--- a/tcg/loongarch64/tcg-target-con-set.h
+++ b/tcg/loongarch64/tcg-target-con-set.h
@@ -17,6 +17,7 @@
 C_O0_I1(r)
 C_O1_I1(r, r)
 C_O1_I2(r, r, rC)
+C_O1_I2(r, r, ri)
 C_O1_I2(r, r, rU)
 C_O1_I2(r, r, rW)
 C_O1_I2(r, 0, rZ)
diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index 4c1c1d6182..d0a24cc009 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -608,6 +608,85 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 tcg_out_clzctz(s, OPC_CTZ_D, a0, a1, a2, c2, false);
 break;
 
+case INDEX_op_shl_i32:
+if (c2) {
+tcg_out_opc_slli_w(s, a0, a1, a2 & 0x1f);
+} else {
+tcg_out_opc_sll_w(s, a0, a1, a2);
+}
+break;
+case INDEX_op_shl_i64:
+if (c2) {
+tcg_out_opc_slli_d(s, a0, a1, a2 & 0x3f);
+} else {
+tcg_out_opc_sll_d(s, a0, a1, a2);
+}
+break;
+
+case INDEX_op_shr_i32:
+if (c2) {
+tcg_out_opc_srli_w(s, a0, a1, a2 & 0x1f);
+} else {
+tcg_out_opc_srl_w(s, a0, a1, a2);
+}
+break;
+case INDEX_op_shr_i64:
+if (c2) {
+tcg_out_opc_srli_d(s, a0, a1, a2 & 0x3f);
+} else {
+tcg_out_opc_srl_d(s, a0, a1, a2);
+}
+break;
+
+case INDEX_op_sar_i32:
+if (c2) {
+tcg_out_opc_srai_w(s, a0, a1, a2 & 0x1f);
+} else {
+tcg_out_opc_sra_w(s, a0, a1, a2);
+}
+break;
+case INDEX_op_sar_i64:
+if (c2) {
+tcg_out_opc_srai_d(s, a0, a1, a2 & 0x3f);
+} else {
+tcg_out_opc_sra_d(s, a0, a1, a2);
+}
+break;
+
+case INDEX_op_rotl_i32:
+/* transform into equivalent rotr/rotri */
+if (c2) {
+tcg_out_opc_rotri_w(s, a0, a1, (32 - a2) & 0x1f);
+} else {
+tcg_out_opc_sub_w(s, TCG_REG_TMP0, TCG_REG_ZERO, a2);
+tcg_out_opc_rotr_w(s, a0, a1, TCG_REG_TMP0);
+}
+break;
+case INDEX_op_rotl_i64:
+/* transform into equivalent rotr/rotri */
+if (c2) {
+tcg_out_opc_rotri_d(s, a0, a1, (64 - a2) & 0x3f);
+} else {
+tcg_out_opc_sub_w(s, TCG_REG_TMP0, TCG_REG_ZERO, a2);
+tcg_out_opc_rotr_d(s, a0, a1, TCG_REG_TMP0);
+}
+break;
+
+case INDEX_op_rotr_i32:
+if (c2) {
+tcg_out_opc_rotri_w(s, a0, a1, a2 & 0x1f);
+} else {
+tcg_out_opc_rotr_w(s, a0, a1, a2);
+}
+break;
+case INDEX_op_rotr_i64:
+if (c2) {
+tcg_out_opc_rotri_d(s, a0, a1, a2 & 0x3f);
+} else {
+tcg_out_opc_rotr_d(s, a0, a1, a2);
+}
+break;
+
 case INDEX_op_mov_i32:  /* Always emitted via tcg_out_mov.  */
 case INDEX_op_mov_i64:
 default:
@@ -657,6 +736,18 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode 
op)
  */
 return C_O1_I2(r, r, rC);
 
+case INDEX_op_shl_i32:
+case INDEX_op_shl_i64:
+case INDEX_op_shr_i32:
+case INDEX_op_shr_i64:
+case INDEX_op_sar_i32:
+case INDEX_op_sar_i64:
+case INDEX_op_rotl_i32:
+case INDEX_op_rotl_i64:
+case INDEX_op_rotr_i32:
+case INDEX_op_rotr_i64:
+return C_O1_I2(r, r, ri);
+
 case INDEX_op_and_i32:
 case INDEX_op_and_i64:
 case INDEX_op_nor_i32:
diff --git a/tcg/loongarch64/tcg-target.h b/tcg/loongarch64/tcg-target.h
index ef489cbc86..e59c2a7bec 100644
--- a/tcg/loongarch64/tcg-target.h
+++ b/tcg/loongarch64/tcg-target.h
@@ -96,7 +96,7 @@ typedef enum {
 #define TCG_TARGET_HAS_div_i32  0
 #define TCG_TARGET_HAS_rem_i32  0
 #define TCG_TARGET_HAS_div2_i32 0
-#define TCG_TARGET_HAS_rot_i32  0
+#define TCG_TARGET_HAS_rot_i32  1
 #define TCG_TARGET_HAS_deposit_i32  1
 #define TCG_TARGET_HAS_extract_i32  1
 #define TCG_TARGET_HAS_sextract_i32 0
@@ -133,7 +133,7 @@ typedef enum {
 #define TCG_TARGET_HAS_div_i64  0
 #define TCG_TARGET_HAS_rem_i64  0
 #define TCG_TARGET_HAS_div2_i64 0
-#define TCG_TARGET_HAS_rot_i64  0
+#define TCG_TARGET_HAS_rot_i64  1
 #define TCG_TARGET_HAS_deposit_i64  1
 #define TCG_TARGET_HAS_extract_i64  1
 #define TCG_TARGET_HAS_sextract_i64 0
-- 
2.34.0

[PATCH v7 17/31] tcg/loongarch64: Implement add/sub ops

[WANG Xuerui]

The neg_i{32,64} ops is fully expressible with sub, so omitted for
simplicity.

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tcg/loongarch64/tcg-target-con-set.h |  2 ++
 tcg/loongarch64/tcg-target.c.inc | 38 
 2 files changed, 40 insertions(+)

diff --git a/tcg/loongarch64/tcg-target-con-set.h 
b/tcg/loongarch64/tcg-target-con-set.h
index 42f8e28741..4b8ce85897 100644
--- a/tcg/loongarch64/tcg-target-con-set.h
+++ b/tcg/loongarch64/tcg-target-con-set.h
@@ -18,6 +18,8 @@ C_O0_I1(r)
 C_O1_I1(r, r)
 C_O1_I2(r, r, rC)
 C_O1_I2(r, r, ri)
+C_O1_I2(r, r, rI)
 C_O1_I2(r, r, rU)
 C_O1_I2(r, r, rW)
 C_O1_I2(r, 0, rZ)
+C_O1_I2(r, rZ, rN)
diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index d0a24cc009..0e6b241097 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -687,6 +687,36 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 }
 break;
 
+case INDEX_op_add_i32:
+if (c2) {
+tcg_out_opc_addi_w(s, a0, a1, a2);
+} else {
+tcg_out_opc_add_w(s, a0, a1, a2);
+}
+break;
+case INDEX_op_add_i64:
+if (c2) {
+tcg_out_opc_addi_d(s, a0, a1, a2);
+} else {
+tcg_out_opc_add_d(s, a0, a1, a2);
+}
+break;
+
+case INDEX_op_sub_i32:
+if (c2) {
+tcg_out_opc_addi_w(s, a0, a1, -a2);
+} else {
+tcg_out_opc_sub_w(s, a0, a1, a2);
+}
+break;
+case INDEX_op_sub_i64:
+if (c2) {
+tcg_out_opc_addi_d(s, a0, a1, -a2);
+} else {
+tcg_out_opc_sub_d(s, a0, a1, a2);
+}
+break;
+
 case INDEX_op_mov_i32:  /* Always emitted via tcg_out_mov.  */
 case INDEX_op_mov_i64:
 default:
@@ -748,6 +778,10 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode 
op)
 case INDEX_op_rotr_i64:
 return C_O1_I2(r, r, ri);
 
+case INDEX_op_add_i32:
+case INDEX_op_add_i64:
+return C_O1_I2(r, r, rI);
+
 case INDEX_op_and_i32:
 case INDEX_op_and_i64:
 case INDEX_op_nor_i32:
@@ -770,6 +804,10 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode 
op)
 /* Must deposit into the same register as input */
 return C_O1_I2(r, 0, rZ);
 
+case INDEX_op_sub_i32:
+case INDEX_op_sub_i64:
+return C_O1_I2(r, rZ, rN);
+
 default:
 g_assert_not_reached();
 }
-- 
2.34.0

[PATCH v7 11/31] tcg/loongarch64: Implement sign-/zero-extension ops

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tcg/loongarch64/tcg-target-con-set.h |  1 +
 tcg/loongarch64/tcg-target.c.inc | 82 
 tcg/loongarch64/tcg-target.h | 24 
 3 files changed, 95 insertions(+), 12 deletions(-)

diff --git a/tcg/loongarch64/tcg-target-con-set.h 
b/tcg/loongarch64/tcg-target-con-set.h
index 5cc4407367..7e459490ea 100644
--- a/tcg/loongarch64/tcg-target-con-set.h
+++ b/tcg/loongarch64/tcg-target-con-set.h
@@ -15,3 +15,4 @@
  * tcg-target-con-str.h; the constraint combination is inclusive or.
  */
 C_O0_I1(r)
+C_O1_I1(r, r)
diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index 17f869dbd2..0c075c7521 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -382,6 +382,36 @@ static void tcg_out_movi(TCGContext *s, TCGType type, 
TCGReg rd,
 }
 }
 
+static void tcg_out_ext8u(TCGContext *s, TCGReg ret, TCGReg arg)
+{
+tcg_out_opc_andi(s, ret, arg, 0xff);
+}
+
+static void tcg_out_ext16u(TCGContext *s, TCGReg ret, TCGReg arg)
+{
+tcg_out_opc_bstrpick_w(s, ret, arg, 0, 15);
+}
+
+static void tcg_out_ext32u(TCGContext *s, TCGReg ret, TCGReg arg)
+{
+tcg_out_opc_bstrpick_d(s, ret, arg, 0, 31);
+}
+
+static void tcg_out_ext8s(TCGContext *s, TCGReg ret, TCGReg arg)
+{
+tcg_out_opc_sext_b(s, ret, arg);
+}
+
+static void tcg_out_ext16s(TCGContext *s, TCGReg ret, TCGReg arg)
+{
+tcg_out_opc_sext_h(s, ret, arg);
+}
+
+static void tcg_out_ext32s(TCGContext *s, TCGReg ret, TCGReg arg)
+{
+tcg_out_opc_addi_w(s, ret, arg, 0);
+}
+
 /*
  * Entry-points
  */
@@ -391,6 +421,7 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
const int const_args[TCG_MAX_OP_ARGS])
 {
 TCGArg a0 = args[0];
+TCGArg a1 = args[1];
 
 switch (opc) {
 case INDEX_op_mb:
@@ -401,6 +432,41 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 tcg_out_opc_jirl(s, TCG_REG_ZERO, a0, 0);
 break;
 
+case INDEX_op_ext8s_i32:
+case INDEX_op_ext8s_i64:
+tcg_out_ext8s(s, a0, a1);
+break;
+
+case INDEX_op_ext8u_i32:
+case INDEX_op_ext8u_i64:
+tcg_out_ext8u(s, a0, a1);
+break;
+
+case INDEX_op_ext16s_i32:
+case INDEX_op_ext16s_i64:
+tcg_out_ext16s(s, a0, a1);
+break;
+
+case INDEX_op_ext16u_i32:
+case INDEX_op_ext16u_i64:
+tcg_out_ext16u(s, a0, a1);
+break;
+
+case INDEX_op_ext32u_i64:
+case INDEX_op_extu_i32_i64:
+tcg_out_ext32u(s, a0, a1);
+break;
+
+case INDEX_op_ext32s_i64:
+case INDEX_op_extrl_i64_i32:
+case INDEX_op_ext_i32_i64:
+tcg_out_ext32s(s, a0, a1);
+break;
+
+case INDEX_op_extrh_i64_i32:
+tcg_out_opc_srai_d(s, a0, a1, 32);
+break;
+
 case INDEX_op_mov_i32:  /* Always emitted via tcg_out_mov.  */
 case INDEX_op_mov_i64:
 default:
@@ -414,6 +480,22 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode 
op)
 case INDEX_op_goto_ptr:
 return C_O0_I1(r);
 
+case INDEX_op_ext8s_i32:
+case INDEX_op_ext8s_i64:
+case INDEX_op_ext8u_i32:
+case INDEX_op_ext8u_i64:
+case INDEX_op_ext16s_i32:
+case INDEX_op_ext16s_i64:
+case INDEX_op_ext16u_i32:
+case INDEX_op_ext16u_i64:
+case INDEX_op_ext32s_i64:
+case INDEX_op_ext32u_i64:
+case INDEX_op_extu_i32_i64:
+case INDEX_op_extrl_i64_i32:
+case INDEX_op_extrh_i64_i32:
+case INDEX_op_ext_i32_i64:
+return C_O1_I1(r, r);
+
 default:
 g_assert_not_reached();
 }
diff --git a/tcg/loongarch64/tcg-target.h b/tcg/loongarch64/tcg-target.h
index 5fc097b3c1..2b7d5a19b9 100644
--- a/tcg/loongarch64/tcg-target.h
+++ b/tcg/loongarch64/tcg-target.h
@@ -107,10 +107,10 @@ typedef enum {
 #define TCG_TARGET_HAS_muls2_i320
 #define TCG_TARGET_HAS_muluh_i320
 #define TCG_TARGET_HAS_mulsh_i320
-#define TCG_TARGET_HAS_ext8s_i320
-#define TCG_TARGET_HAS_ext16s_i32   0
-#define TCG_TARGET_HAS_ext8u_i320
-#define TCG_TARGET_HAS_ext16u_i32   0
+#define TCG_TARGET_HAS_ext8s_i321
+#define TCG_TARGET_HAS_ext16s_i32   1
+#define TCG_TARGET_HAS_ext8u_i321
+#define TCG_TARGET_HAS_ext16u_i32   1
 #define TCG_TARGET_HAS_bswap16_i32  0
 #define TCG_TARGET_HAS_bswap32_i32  0
 #define TCG_TARGET_HAS_not_i32  0
@@ -138,14 +138,14 @@ typedef enum {
 #define TCG_TARGET_HAS_extract_i64  0
 #define TCG_TARGET_HAS_sextract_i64 0
 #define TCG_TARGET_HAS_extract2_i64 0
-#define TCG_TARGET_HAS_extrl_i64_i320
-#define TCG_TARGET_HAS_extrh_i64_i320
-#define TCG_TARGET_HAS_ext8s_i640
-#define TCG_TARGET_HAS_ext16s_i64   0
-#define TCG_TARGET_HAS_ext32s_i64   0
-#define TCG_TARGET_HAS_ext8u_i640
-#define TCG_TARGET_HAS_ext16u_i64   0
-#define TCG_TARGET_HAS_ext32u_i64   0
+#define TC

[PATCH v7 08/31] tcg/loongarch64: Implement the memory barrier op

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tcg/loongarch64/tcg-target.c.inc | 32 
 1 file changed, 32 insertions(+)

diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index fbacaef862..f12955723d 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -234,3 +234,35 @@ static bool patch_reloc(tcg_insn_unit *code_ptr, int type,
 g_assert_not_reached();
 }
 }
+
+#include "tcg-insn-defs.c.inc"
+
+/*
+ * TCG intrinsics
+ */
+
+static void tcg_out_mb(TCGContext *s, TCGArg a0)
+{
+/* Baseline LoongArch only has the full barrier, unfortunately.  */
+tcg_out_opc_dbar(s, 0);
+}
+
+/*
+ * Entry-points
+ */
+
+static void tcg_out_op(TCGContext *s, TCGOpcode opc,
+   const TCGArg args[TCG_MAX_OP_ARGS],
+   const int const_args[TCG_MAX_OP_ARGS])
+{
+TCGArg a0 = args[0];
+
+switch (opc) {
+case INDEX_op_mb:
+tcg_out_mb(s, a0);
+break;
+
+default:
+g_assert_not_reached();
+}
+}
-- 
2.34.0

[PATCH v7 18/31] tcg/loongarch64: Implement mul/mulsh/muluh/div/divu/rem/remu ops

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tcg/loongarch64/tcg-target-con-set.h |  1 +
 tcg/loongarch64/tcg-target.c.inc | 65 
 tcg/loongarch64/tcg-target.h | 16 +++
 3 files changed, 74 insertions(+), 8 deletions(-)

diff --git a/tcg/loongarch64/tcg-target-con-set.h 
b/tcg/loongarch64/tcg-target-con-set.h
index 4b8ce85897..fb56f3a295 100644
--- a/tcg/loongarch64/tcg-target-con-set.h
+++ b/tcg/loongarch64/tcg-target-con-set.h
@@ -23,3 +23,4 @@ C_O1_I2(r, r, rU)
 C_O1_I2(r, r, rW)
 C_O1_I2(r, 0, rZ)
 C_O1_I2(r, rZ, rN)
+C_O1_I2(r, rZ, rZ)
diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index 0e6b241097..67f07a3853 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -717,6 +717,55 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 }
 break;
 
+case INDEX_op_mul_i32:
+tcg_out_opc_mul_w(s, a0, a1, a2);
+break;
+case INDEX_op_mul_i64:
+tcg_out_opc_mul_d(s, a0, a1, a2);
+break;
+
+case INDEX_op_mulsh_i32:
+tcg_out_opc_mulh_w(s, a0, a1, a2);
+break;
+case INDEX_op_mulsh_i64:
+tcg_out_opc_mulh_d(s, a0, a1, a2);
+break;
+
+case INDEX_op_muluh_i32:
+tcg_out_opc_mulh_wu(s, a0, a1, a2);
+break;
+case INDEX_op_muluh_i64:
+tcg_out_opc_mulh_du(s, a0, a1, a2);
+break;
+
+case INDEX_op_div_i32:
+tcg_out_opc_div_w(s, a0, a1, a2);
+break;
+case INDEX_op_div_i64:
+tcg_out_opc_div_d(s, a0, a1, a2);
+break;
+
+case INDEX_op_divu_i32:
+tcg_out_opc_div_wu(s, a0, a1, a2);
+break;
+case INDEX_op_divu_i64:
+tcg_out_opc_div_du(s, a0, a1, a2);
+break;
+
+case INDEX_op_rem_i32:
+tcg_out_opc_mod_w(s, a0, a1, a2);
+break;
+case INDEX_op_rem_i64:
+tcg_out_opc_mod_d(s, a0, a1, a2);
+break;
+
+case INDEX_op_remu_i32:
+tcg_out_opc_mod_wu(s, a0, a1, a2);
+break;
+case INDEX_op_remu_i64:
+tcg_out_opc_mod_du(s, a0, a1, a2);
+break;
+
 case INDEX_op_mov_i32:  /* Always emitted via tcg_out_mov.  */
 case INDEX_op_mov_i64:
 default:
@@ -808,6 +857,22 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode 
op)
 case INDEX_op_sub_i64:
 return C_O1_I2(r, rZ, rN);
 
+case INDEX_op_mul_i32:
+case INDEX_op_mul_i64:
+case INDEX_op_mulsh_i32:
+case INDEX_op_mulsh_i64:
+case INDEX_op_muluh_i32:
+case INDEX_op_muluh_i64:
+case INDEX_op_div_i32:
+case INDEX_op_div_i64:
+case INDEX_op_divu_i32:
+case INDEX_op_divu_i64:
+case INDEX_op_rem_i32:
+case INDEX_op_rem_i64:
+case INDEX_op_remu_i32:
+case INDEX_op_remu_i64:
+return C_O1_I2(r, rZ, rZ);
+
 default:
 g_assert_not_reached();
 }
diff --git a/tcg/loongarch64/tcg-target.h b/tcg/loongarch64/tcg-target.h
index e59c2a7bec..2ac2c342c7 100644
--- a/tcg/loongarch64/tcg-target.h
+++ b/tcg/loongarch64/tcg-target.h
@@ -93,8 +93,8 @@ typedef enum {
 
 /* optional instructions */
 #define TCG_TARGET_HAS_movcond_i32  0
-#define TCG_TARGET_HAS_div_i32  0
-#define TCG_TARGET_HAS_rem_i32  0
+#define TCG_TARGET_HAS_div_i32  1
+#define TCG_TARGET_HAS_rem_i32  1
 #define TCG_TARGET_HAS_div2_i32 0
 #define TCG_TARGET_HAS_rot_i32  1
 #define TCG_TARGET_HAS_deposit_i32  1
@@ -105,8 +105,8 @@ typedef enum {
 #define TCG_TARGET_HAS_sub2_i32 0
 #define TCG_TARGET_HAS_mulu2_i320
 #define TCG_TARGET_HAS_muls2_i320
-#define TCG_TARGET_HAS_muluh_i320
-#define TCG_TARGET_HAS_mulsh_i320
+#define TCG_TARGET_HAS_muluh_i321
+#define TCG_TARGET_HAS_mulsh_i321
 #define TCG_TARGET_HAS_ext8s_i321
 #define TCG_TARGET_HAS_ext16s_i32   1
 #define TCG_TARGET_HAS_ext8u_i321
@@ -130,8 +130,8 @@ typedef enum {
 
 /* 64-bit operations */
 #define TCG_TARGET_HAS_movcond_i64  0
-#define TCG_TARGET_HAS_div_i64  0
-#define TCG_TARGET_HAS_rem_i64  0
+#define TCG_TARGET_HAS_div_i64  1
+#define TCG_TARGET_HAS_rem_i64  1
 #define TCG_TARGET_HAS_div2_i64 0
 #define TCG_TARGET_HAS_rot_i64  1
 #define TCG_TARGET_HAS_deposit_i64  1
@@ -163,8 +163,8 @@ typedef enum {
 #define TCG_TARGET_HAS_sub2_i64 0
 #define TCG_TARGET_HAS_mulu2_i640
 #define TCG_TARGET_HAS_muls2_i640
-#define TCG_TARGET_HAS_muluh_i640
-#define TCG_TARGET_HAS_mulsh_i640
+#define TCG_TARGET_HAS_muluh_i641
+#define TCG_TARGET_HAS_mulsh_i641
 
 /* not defined -- call should be eliminated at compile time */
 void tb_target_set_jmp_target(uintptr_t, uintptr_t, uintptr_t, uintptr_t);
-- 
2.34.0

[PATCH v7 14/31] tcg/loongarch64: Implement bswap{16,32,64} ops

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tcg/loongarch64/tcg-target.c.inc | 32 
 tcg/loongarch64/tcg-target.h | 10 +-
 2 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index 1d903d05d6..9adac5b3fc 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -545,6 +545,33 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 tcg_out_opc_bstrins_d(s, a0, a2, args[3], args[3] + args[4] - 1);
 break;
 
+case INDEX_op_bswap16_i32:
+case INDEX_op_bswap16_i64:
+tcg_out_opc_revb_2h(s, a0, a1);
+if (a2 & TCG_BSWAP_OS) {
+tcg_out_ext16s(s, a0, a0);
+} else if ((a2 & (TCG_BSWAP_IZ | TCG_BSWAP_OZ)) == TCG_BSWAP_OZ) {
+tcg_out_ext16u(s, a0, a0);
+}
+break;
+
+case INDEX_op_bswap32_i32:
+/* All 32-bit values are computed sign-extended in the register.  */
+a2 = TCG_BSWAP_OS;
+/* fallthrough */
+case INDEX_op_bswap32_i64:
+tcg_out_opc_revb_2w(s, a0, a1);
+if (a2 & TCG_BSWAP_OS) {
+tcg_out_ext32s(s, a0, a0);
+} else if ((a2 & (TCG_BSWAP_IZ | TCG_BSWAP_OZ)) == TCG_BSWAP_OZ) {
+tcg_out_ext32u(s, a0, a0);
+}
+break;
+
+case INDEX_op_bswap64_i64:
+tcg_out_opc_revb_d(s, a0, a1);
+break;
+
 case INDEX_op_mov_i32:  /* Always emitted via tcg_out_mov.  */
 case INDEX_op_mov_i64:
 default:
@@ -576,6 +603,11 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode 
op)
 case INDEX_op_not_i64:
 case INDEX_op_extract_i32:
 case INDEX_op_extract_i64:
+case INDEX_op_bswap16_i32:
+case INDEX_op_bswap16_i64:
+case INDEX_op_bswap32_i32:
+case INDEX_op_bswap32_i64:
+case INDEX_op_bswap64_i64:
 return C_O1_I1(r, r);
 
 case INDEX_op_andc_i32:
diff --git a/tcg/loongarch64/tcg-target.h b/tcg/loongarch64/tcg-target.h
index 084d635a8e..02d17d2f6d 100644
--- a/tcg/loongarch64/tcg-target.h
+++ b/tcg/loongarch64/tcg-target.h
@@ -111,8 +111,8 @@ typedef enum {
 #define TCG_TARGET_HAS_ext16s_i32   1
 #define TCG_TARGET_HAS_ext8u_i321
 #define TCG_TARGET_HAS_ext16u_i32   1
-#define TCG_TARGET_HAS_bswap16_i32  0
-#define TCG_TARGET_HAS_bswap32_i32  0
+#define TCG_TARGET_HAS_bswap16_i32  1
+#define TCG_TARGET_HAS_bswap32_i32  1
 #define TCG_TARGET_HAS_not_i32  1
 #define TCG_TARGET_HAS_neg_i32  0
 #define TCG_TARGET_HAS_andc_i32 1
@@ -146,9 +146,9 @@ typedef enum {
 #define TCG_TARGET_HAS_ext8u_i641
 #define TCG_TARGET_HAS_ext16u_i64   1
 #define TCG_TARGET_HAS_ext32u_i64   1
-#define TCG_TARGET_HAS_bswap16_i64  0
-#define TCG_TARGET_HAS_bswap32_i64  0
-#define TCG_TARGET_HAS_bswap64_i64  0
+#define TCG_TARGET_HAS_bswap16_i64  1
+#define TCG_TARGET_HAS_bswap32_i64  1
+#define TCG_TARGET_HAS_bswap64_i64  1
 #define TCG_TARGET_HAS_not_i64  1
 #define TCG_TARGET_HAS_neg_i64  0
 #define TCG_TARGET_HAS_andc_i64 1
-- 
2.34.0

[PATCH v7 12/31] tcg/loongarch64: Implement not/and/or/xor/nor/andc/orc ops

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tcg/loongarch64/tcg-target-con-set.h |  2 +
 tcg/loongarch64/tcg-target.c.inc | 88 
 tcg/loongarch64/tcg-target.h | 16 ++---
 3 files changed, 98 insertions(+), 8 deletions(-)

diff --git a/tcg/loongarch64/tcg-target-con-set.h 
b/tcg/loongarch64/tcg-target-con-set.h
index 7e459490ea..9ac24b8ad0 100644
--- a/tcg/loongarch64/tcg-target-con-set.h
+++ b/tcg/loongarch64/tcg-target-con-set.h
@@ -16,3 +16,5 @@
  */
 C_O0_I1(r)
 C_O1_I1(r, r)
+C_O1_I2(r, r, rC)
+C_O1_I2(r, r, rU)
diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index 0c075c7521..d610b83c37 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -422,6 +422,8 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 {
 TCGArg a0 = args[0];
 TCGArg a1 = args[1];
+TCGArg a2 = args[2];
+int c2 = const_args[2];
 
 switch (opc) {
 case INDEX_op_mb:
@@ -467,6 +469,68 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 tcg_out_opc_srai_d(s, a0, a1, 32);
 break;
 
+case INDEX_op_not_i32:
+case INDEX_op_not_i64:
+tcg_out_opc_nor(s, a0, a1, TCG_REG_ZERO);
+break;
+
+case INDEX_op_nor_i32:
+case INDEX_op_nor_i64:
+if (c2) {
+tcg_out_opc_ori(s, a0, a1, a2);
+tcg_out_opc_nor(s, a0, a0, TCG_REG_ZERO);
+} else {
+tcg_out_opc_nor(s, a0, a1, a2);
+}
+break;
+
+case INDEX_op_andc_i32:
+case INDEX_op_andc_i64:
+if (c2) {
+/* guaranteed to fit due to constraint */
+tcg_out_opc_andi(s, a0, a1, ~a2);
+} else {
+tcg_out_opc_andn(s, a0, a1, a2);
+}
+break;
+
+case INDEX_op_orc_i32:
+case INDEX_op_orc_i64:
+if (c2) {
+/* guaranteed to fit due to constraint */
+tcg_out_opc_ori(s, a0, a1, ~a2);
+} else {
+tcg_out_opc_orn(s, a0, a1, a2);
+}
+break;
+
+case INDEX_op_and_i32:
+case INDEX_op_and_i64:
+if (c2) {
+tcg_out_opc_andi(s, a0, a1, a2);
+} else {
+tcg_out_opc_and(s, a0, a1, a2);
+}
+break;
+
+case INDEX_op_or_i32:
+case INDEX_op_or_i64:
+if (c2) {
+tcg_out_opc_ori(s, a0, a1, a2);
+} else {
+tcg_out_opc_or(s, a0, a1, a2);
+}
+break;
+
+case INDEX_op_xor_i32:
+case INDEX_op_xor_i64:
+if (c2) {
+tcg_out_opc_xori(s, a0, a1, a2);
+} else {
+tcg_out_opc_xor(s, a0, a1, a2);
+}
+break;
+
 case INDEX_op_mov_i32:  /* Always emitted via tcg_out_mov.  */
 case INDEX_op_mov_i64:
 default:
@@ -494,8 +558,32 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode 
op)
 case INDEX_op_extrl_i64_i32:
 case INDEX_op_extrh_i64_i32:
 case INDEX_op_ext_i32_i64:
+case INDEX_op_not_i32:
+case INDEX_op_not_i64:
 return C_O1_I1(r, r);
 
+case INDEX_op_andc_i32:
+case INDEX_op_andc_i64:
+case INDEX_op_orc_i32:
+case INDEX_op_orc_i64:
+/*
+ * LoongArch insns for these ops don't have reg-imm forms, but we
+ * can express using andi/ori if ~constant satisfies
+ * TCG_CT_CONST_U12.
+ */
+return C_O1_I2(r, r, rC);
+
+case INDEX_op_and_i32:
+case INDEX_op_and_i64:
+case INDEX_op_nor_i32:
+case INDEX_op_nor_i64:
+case INDEX_op_or_i32:
+case INDEX_op_or_i64:
+case INDEX_op_xor_i32:
+case INDEX_op_xor_i64:
+/* LoongArch reg-imm bitops have their imms ZERO-extended */
+return C_O1_I2(r, r, rU);
+
 default:
 g_assert_not_reached();
 }
diff --git a/tcg/loongarch64/tcg-target.h b/tcg/loongarch64/tcg-target.h
index 2b7d5a19b9..cb1739a54a 100644
--- a/tcg/loongarch64/tcg-target.h
+++ b/tcg/loongarch64/tcg-target.h
@@ -113,13 +113,13 @@ typedef enum {
 #define TCG_TARGET_HAS_ext16u_i32   1
 #define TCG_TARGET_HAS_bswap16_i32  0
 #define TCG_TARGET_HAS_bswap32_i32  0
-#define TCG_TARGET_HAS_not_i32  0
+#define TCG_TARGET_HAS_not_i32  1
 #define TCG_TARGET_HAS_neg_i32  0
-#define TCG_TARGET_HAS_andc_i32 0
-#define TCG_TARGET_HAS_orc_i32  0
+#define TCG_TARGET_HAS_andc_i32 1
+#define TCG_TARGET_HAS_orc_i32  1
 #define TCG_TARGET_HAS_eqv_i32  0
 #define TCG_TARGET_HAS_nand_i32 0
-#define TCG_TARGET_HAS_nor_i32  0
+#define TCG_TARGET_HAS_nor_i32  1
 #define TCG_TARGET_HAS_clz_i32  0
 #define TCG_TARGET_HAS_ctz_i32  0
 #define TCG_TARGET_HAS_ctpop_i320
@@ -149,13 +149,13 @@ typedef enum {
 #define TCG_TARGET_HAS_bswap16_i64  0
 #define TCG_TARGET_HAS_bswap32_i64  0
 #define TCG_TARGET_HAS_bswap64_i64  0
-#define TCG_TARGET_HAS_not_i64  

[PATCH v7 10/31] tcg/loongarch64: Implement goto_ptr

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tcg/loongarch64/tcg-target-con-set.h | 17 +
 tcg/loongarch64/tcg-target.c.inc | 15 +++
 2 files changed, 32 insertions(+)
 create mode 100644 tcg/loongarch64/tcg-target-con-set.h

diff --git a/tcg/loongarch64/tcg-target-con-set.h 
b/tcg/loongarch64/tcg-target-con-set.h
new file mode 100644
index 00..5cc4407367
--- /dev/null
+++ b/tcg/loongarch64/tcg-target-con-set.h
@@ -0,0 +1,17 @@
+/* SPDX-License-Identifier: MIT */
+/*
+ * Define LoongArch target-specific constraint sets.
+ *
+ * Copyright (c) 2021 WANG Xuerui 
+ *
+ * Based on tcg/riscv/tcg-target-con-set.h
+ *
+ * Copyright (c) 2021 Linaro
+ */
+
+/*
+ * C_On_Im(...) defines a constraint set with  outputs and  inputs.
+ * Each operand should be a sequence of constraint letters as defined by
+ * tcg-target-con-str.h; the constraint combination is inclusive or.
+ */
+C_O0_I1(r)
diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index 4487851b5e..17f869dbd2 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -397,9 +397,24 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 tcg_out_mb(s, a0);
 break;
 
+case INDEX_op_goto_ptr:
+tcg_out_opc_jirl(s, TCG_REG_ZERO, a0, 0);
+break;
+
 case INDEX_op_mov_i32:  /* Always emitted via tcg_out_mov.  */
 case INDEX_op_mov_i64:
 default:
 g_assert_not_reached();
 }
 }
+
+static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
+{
+switch (op) {
+case INDEX_op_goto_ptr:
+return C_O0_I1(r);
+
+default:
+g_assert_not_reached();
+}
+}
-- 
2.34.0

[PATCH v7 30/31] configure, meson.build: Mark support for loongarch64 hosts

[WANG Xuerui]

Example output of `uname -a` on an initial Gentoo LA64 port, running
the upstream submission version of Linux (with some very minor patches
not influencing output here):

> Linux  5.14.0-10342-g37a00851b145 #5 SMP PREEMPT Tue Aug 10 
> 12:56:24 PM CST 2021 loongarch64 GNU/Linux

And the same on the vendor-supplied Loongnix 20 system, with an early
in-house port of Linux, and using the old-world ABI:

> Linux  4.19.167-rc5.lnd.1-loongson-3 #1 SMP Sat Apr 17 07:32:32 UTC 
> 2021 loongarch64 loongarch64 loongarch64 GNU/Linux

So a name of "loongarch64" matches both, fortunately.

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 configure   | 7 ++-
 meson.build | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 48c21775f3..23c366a69a 100755
--- a/configure
+++ b/configure
@@ -581,6 +581,8 @@ elif check_define __arm__ ; then
   cpu="arm"
 elif check_define __aarch64__ ; then
   cpu="aarch64"
+elif check_define __loongarch64 ; then
+  cpu="loongarch64"
 else
   cpu=$(uname -m)
 fi
@@ -589,7 +591,7 @@ ARCH=
 # Normalise host CPU name and set ARCH.
 # Note that this case should only have supported host CPUs, not guests.
 case "$cpu" in
-  ppc|ppc64|s390x|sparc64|x32|riscv)
+  ppc|ppc64|s390x|sparc64|x32|riscv|loongarch64)
   ;;
   ppc64le)
 ARCH="ppc64"
@@ -3770,6 +3772,9 @@ if test "$linux" = "yes" ; then
   aarch64)
 linux_arch=arm64
 ;;
+  loongarch*)
+linux_arch=loongarch
+;;
   mips64)
 linux_arch=mips
 ;;
diff --git a/meson.build b/meson.build
index 96de1a6ef9..a6fa0d879e 100644
--- a/meson.build
+++ b/meson.build
@@ -56,7 +56,7 @@ python = import('python').find_installation()
 
 supported_oses = ['windows', 'freebsd', 'netbsd', 'openbsd', 'darwin', 
'sunos', 'linux']
 supported_cpus = ['ppc', 'ppc64', 's390x', 'riscv', 'x86', 'x86_64',
-  'arm', 'aarch64', 'mips', 'mips64', 'sparc', 'sparc64']
+  'arm', 'aarch64', 'loongarch64', 'mips', 'mips64', 'sparc', 'sparc64']
 
 cpu = host_machine.cpu_family()
 
-- 
2.34.0

[PATCH v7 23/31] tcg/loongarch64: Add softmmu load/store helpers, implement qemu_ld/qemu_st ops

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
---
 tcg/loongarch64/tcg-target-con-set.h |   2 +
 tcg/loongarch64/tcg-target.c.inc | 353 +++
 2 files changed, 355 insertions(+)

diff --git a/tcg/loongarch64/tcg-target-con-set.h 
b/tcg/loongarch64/tcg-target-con-set.h
index e54ca9b2de..349c672687 100644
--- a/tcg/loongarch64/tcg-target-con-set.h
+++ b/tcg/loongarch64/tcg-target-con-set.h
@@ -17,7 +17,9 @@
 C_O0_I1(r)
 C_O0_I2(rZ, r)
 C_O0_I2(rZ, rZ)
+C_O0_I2(LZ, L)
 C_O1_I1(r, r)
+C_O1_I1(r, L)
 C_O1_I2(r, r, rC)
 C_O1_I2(r, r, ri)
 C_O1_I2(r, r, rI)
diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index fec22cfaf6..c92587c823 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -117,6 +117,11 @@ static const int tcg_target_call_oarg_regs[] = {
 TCG_REG_A1,
 };
 
+#ifndef CONFIG_SOFTMMU
+#define USE_GUEST_BASE (guest_base != 0)
+#define TCG_GUEST_BASE_REG TCG_REG_S1
+#endif
+
 #define TCG_CT_CONST_ZERO  0x100
 #define TCG_CT_CONST_S12   0x200
 #define TCG_CT_CONST_N12   0x400
@@ -632,6 +637,333 @@ static bool tcg_out_sti(TCGContext *s, TCGType type, 
TCGArg val,
 return false;
 }
 
+/*
+ * Load/store helpers for SoftMMU, and qemu_ld/st implementations
+ */
+
+#if defined(CONFIG_SOFTMMU)
+#include "../tcg-ldst.c.inc"
+
+/*
+ * helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
+ * MemOpIdx oi, uintptr_t ra)
+ */
+static void * const qemu_ld_helpers[4] = {
+[MO_8]  = helper_ret_ldub_mmu,
+[MO_16] = helper_le_lduw_mmu,
+[MO_32] = helper_le_ldul_mmu,
+[MO_64] = helper_le_ldq_mmu,
+};
+
+/*
+ * helper signature: helper_ret_st_mmu(CPUState *env, target_ulong addr,
+ * uintxx_t val, MemOpIdx oi,
+ * uintptr_t ra)
+ */
+static void * const qemu_st_helpers[4] = {
+[MO_8]  = helper_ret_stb_mmu,
+[MO_16] = helper_le_stw_mmu,
+[MO_32] = helper_le_stl_mmu,
+[MO_64] = helper_le_stq_mmu,
+};
+
+/* We expect to use a 12-bit negative offset from ENV.  */
+QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) > 0);
+QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) < -(1 << 11));
+
+static bool tcg_out_goto(TCGContext *s, const tcg_insn_unit *target)
+{
+tcg_out_opc_b(s, 0);
+return reloc_br_sd10k16(s->code_ptr - 1, target);
+}
+
+/*
+ * Emits common code for TLB addend lookup, that eventually loads the
+ * addend in TCG_REG_TMP2.
+ */
+static void tcg_out_tlb_load(TCGContext *s, TCGReg addrl, MemOpIdx oi,
+ tcg_insn_unit **label_ptr, bool is_load)
+{
+MemOp opc = get_memop(oi);
+unsigned s_bits = opc & MO_SIZE;
+unsigned a_bits = get_alignment_bits(opc);
+tcg_target_long compare_mask;
+int mem_index = get_mmuidx(oi);
+int fast_ofs = TLB_MASK_TABLE_OFS(mem_index);
+int mask_ofs = fast_ofs + offsetof(CPUTLBDescFast, mask);
+int table_ofs = fast_ofs + offsetof(CPUTLBDescFast, table);
+
+tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_TMP0, TCG_AREG0, mask_ofs);
+tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_TMP1, TCG_AREG0, table_ofs);
+
+tcg_out_opc_srli_d(s, TCG_REG_TMP2, addrl,
+TARGET_PAGE_BITS - CPU_TLB_ENTRY_BITS);
+tcg_out_opc_and(s, TCG_REG_TMP2, TCG_REG_TMP2, TCG_REG_TMP0);
+tcg_out_opc_add_d(s, TCG_REG_TMP2, TCG_REG_TMP2, TCG_REG_TMP1);
+
+/* Load the tlb comparator and the addend.  */
+tcg_out_ld(s, TCG_TYPE_TL, TCG_REG_TMP0, TCG_REG_TMP2,
+   is_load ? offsetof(CPUTLBEntry, addr_read)
+   : offsetof(CPUTLBEntry, addr_write));
+tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_TMP2, TCG_REG_TMP2,
+   offsetof(CPUTLBEntry, addend));
+
+/* We don't support unaligned accesses.  */
+if (a_bits < s_bits) {
+a_bits = s_bits;
+}
+/* Clear the non-page, non-alignment bits from the address.  */
+compare_mask = (tcg_target_long)TARGET_PAGE_MASK | ((1 << a_bits) - 1);
+tcg_out_movi(s, TCG_TYPE_TL, TCG_REG_TMP1, compare_mask);
+tcg_out_opc_and(s, TCG_REG_TMP1, TCG_REG_TMP1, addrl);
+
+/* Compare masked address with the TLB entry.  */
+label_ptr[0] = s->code_ptr;
+tcg_out_opc_bne(s, TCG_REG_TMP0, TCG_REG_TMP1, 0);
+
+/* TLB Hit - addend in TCG_REG_TMP2, ready for use.  */
+}
+
+static void add_qemu_ldst_label(TCGContext *s, int is_ld, MemOpIdx oi,
+TCGType type,
+TCGReg datalo, TCGReg addrlo,
+void *raddr, tcg_insn_unit **label_ptr)
+{
+TCGLabelQemuLdst *label = new_ldst_label(s);
+
+label->is_ld = is_ld;
+label->oi = oi;
+label->type = type;
+label->datalo_reg = datalo;
+label->datahi_reg = 0; /* unused */
+label->addrlo_reg = addrlo;
+label->addrhi_reg = 0; /* unused */
+label->raddr = tcg_splitwx_to_rx(raddr);
+label->label_ptr[0] = label_ptr[0];
+}
+
+static bool tcg_out_q

[PATCH v7 15/31] tcg/loongarch64: Implement clz/ctz ops

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
---
 tcg/loongarch64/tcg-target-con-set.h |  1 +
 tcg/loongarch64/tcg-target.c.inc | 42 
 tcg/loongarch64/tcg-target.h |  8 +++---
 3 files changed, 47 insertions(+), 4 deletions(-)

diff --git a/tcg/loongarch64/tcg-target-con-set.h 
b/tcg/loongarch64/tcg-target-con-set.h
index d958183020..2975e03127 100644
--- a/tcg/loongarch64/tcg-target-con-set.h
+++ b/tcg/loongarch64/tcg-target-con-set.h
@@ -18,4 +18,5 @@ C_O0_I1(r)
 C_O1_I1(r, r)
 C_O1_I2(r, r, rC)
 C_O1_I2(r, r, rU)
+C_O1_I2(r, r, rW)
 C_O1_I2(r, 0, rZ)
diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index 9adac5b3fc..4c1c1d6182 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -412,6 +412,28 @@ static void tcg_out_ext32s(TCGContext *s, TCGReg ret, 
TCGReg arg)
 tcg_out_opc_addi_w(s, ret, arg, 0);
 }
 
+static void tcg_out_clzctz(TCGContext *s, LoongArchInsn opc,
+   TCGReg a0, TCGReg a1, TCGReg a2,
+   bool c2, bool is_32bit)
+{
+if (c2) {
+/*
+ * Fast path: semantics already satisfied due to constraint and
+ * insn behavior, single instruction is enough.
+ */
+tcg_debug_assert(a2 == (is_32bit ? 32 : 64));
+/* all clz/ctz insns belong to DJ-format */
+tcg_out32(s, encode_dj_insn(opc, a0, a1));
+return;
+}
+
+tcg_out32(s, encode_dj_insn(opc, TCG_REG_TMP0, a1));
+/* a0 = a1 ? REG_TMP0 : a2 */
+tcg_out_opc_maskeqz(s, TCG_REG_TMP0, TCG_REG_TMP0, a1);
+tcg_out_opc_masknez(s, a0, a2, a1);
+tcg_out_opc_or(s, a0, TCG_REG_TMP0, a0);
+}
+
 /*
  * Entry-points
  */
@@ -572,6 +594,20 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 tcg_out_opc_revb_d(s, a0, a1);
 break;
 
+case INDEX_op_clz_i32:
+tcg_out_clzctz(s, OPC_CLZ_W, a0, a1, a2, c2, true);
+break;
+case INDEX_op_clz_i64:
+tcg_out_clzctz(s, OPC_CLZ_D, a0, a1, a2, c2, false);
+break;
+
+case INDEX_op_ctz_i32:
+tcg_out_clzctz(s, OPC_CTZ_W, a0, a1, a2, c2, true);
+break;
+case INDEX_op_ctz_i64:
+tcg_out_clzctz(s, OPC_CTZ_D, a0, a1, a2, c2, false);
+break;
+
 case INDEX_op_mov_i32:  /* Always emitted via tcg_out_mov.  */
 case INDEX_op_mov_i64:
 default:
@@ -632,6 +668,12 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode 
op)
 /* LoongArch reg-imm bitops have their imms ZERO-extended */
 return C_O1_I2(r, r, rU);
 
+case INDEX_op_clz_i32:
+case INDEX_op_clz_i64:
+case INDEX_op_ctz_i32:
+case INDEX_op_ctz_i64:
+return C_O1_I2(r, r, rW);
+
 case INDEX_op_deposit_i32:
 case INDEX_op_deposit_i64:
 /* Must deposit into the same register as input */
diff --git a/tcg/loongarch64/tcg-target.h b/tcg/loongarch64/tcg-target.h
index 02d17d2f6d..ef489cbc86 100644
--- a/tcg/loongarch64/tcg-target.h
+++ b/tcg/loongarch64/tcg-target.h
@@ -120,8 +120,8 @@ typedef enum {
 #define TCG_TARGET_HAS_eqv_i32  0
 #define TCG_TARGET_HAS_nand_i32 0
 #define TCG_TARGET_HAS_nor_i32  1
-#define TCG_TARGET_HAS_clz_i32  0
-#define TCG_TARGET_HAS_ctz_i32  0
+#define TCG_TARGET_HAS_clz_i32  1
+#define TCG_TARGET_HAS_ctz_i32  1
 #define TCG_TARGET_HAS_ctpop_i320
 #define TCG_TARGET_HAS_direct_jump  0
 #define TCG_TARGET_HAS_brcond2  0
@@ -156,8 +156,8 @@ typedef enum {
 #define TCG_TARGET_HAS_eqv_i64  0
 #define TCG_TARGET_HAS_nand_i64 0
 #define TCG_TARGET_HAS_nor_i64  1
-#define TCG_TARGET_HAS_clz_i64  0
-#define TCG_TARGET_HAS_ctz_i64  0
+#define TCG_TARGET_HAS_clz_i64  1
+#define TCG_TARGET_HAS_ctz_i64  1
 #define TCG_TARGET_HAS_ctpop_i640
 #define TCG_TARGET_HAS_add2_i64 0
 #define TCG_TARGET_HAS_sub2_i64 0
-- 
2.34.0

[PATCH v7 21/31] tcg/loongarch64: Implement tcg_out_call

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
---
 tcg/loongarch64/tcg-target.c.inc | 34 
 1 file changed, 34 insertions(+)

diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index 682bf76ceb..e470d7e145 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -532,6 +532,39 @@ static void tcg_out_brcond(TCGContext *s, TCGCond cond, 
TCGReg arg1,
 tcg_out32(s, encode_djsk16_insn(op, arg1, arg2, 0));
 }
 
+static void tcg_out_call_int(TCGContext *s, const tcg_insn_unit *arg, bool 
tail)
+{
+TCGReg link = tail ? TCG_REG_ZERO : TCG_REG_RA;
+ptrdiff_t offset = tcg_pcrel_diff(s, arg);
+
+tcg_debug_assert((offset & 3) == 0);
+if (offset == sextreg(offset, 0, 28)) {
+/* short jump: +/- 256MiB */
+if (tail) {
+tcg_out_opc_b(s, offset >> 2);
+} else {
+tcg_out_opc_bl(s, offset >> 2);
+}
+} else if (offset == sextreg(offset, 0, 38)) {
+/* long jump: +/- 256GiB */
+tcg_target_long lo = sextreg(offset, 0, 18);
+tcg_target_long hi = offset - lo;
+tcg_out_opc_pcaddu18i(s, TCG_REG_TMP0, hi >> 18);
+tcg_out_opc_jirl(s, link, TCG_REG_TMP0, lo >> 2);
+} else {
+/* far jump: 64-bit */
+tcg_target_long lo = sextreg((tcg_target_long)arg, 0, 18);
+tcg_target_long hi = (tcg_target_long)arg - lo;
+tcg_out_movi(s, TCG_TYPE_PTR, TCG_REG_TMP0, hi);
+tcg_out_opc_jirl(s, link, TCG_REG_TMP0, lo >> 2);
+}
+}
+
+static void tcg_out_call(TCGContext *s, const tcg_insn_unit *arg)
+{
+tcg_out_call_int(s, arg, false);
+}
+
 /*
  * Entry-points
  */
@@ -882,6 +915,7 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 
 case INDEX_op_mov_i32:  /* Always emitted via tcg_out_mov.  */
 case INDEX_op_mov_i64:
+case INDEX_op_call: /* Always emitted via tcg_out_call.  */
 default:
 g_assert_not_reached();
 }
-- 
2.34.0

[PATCH v7 26/31] tcg/loongarch64: Implement tcg_target_init

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
---
 tcg/loongarch64/tcg-target.c.inc | 27 +++
 1 file changed, 27 insertions(+)

diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index 2d066a035d..ff167d686b 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -1604,3 +1604,30 @@ static void tcg_target_qemu_prologue(TCGContext *s)
 tcg_out_opc_addi_d(s, TCG_REG_SP, TCG_REG_SP, FRAME_SIZE);
 tcg_out_opc_jirl(s, TCG_REG_ZERO, TCG_REG_RA, 0);
 }
+
+static void tcg_target_init(TCGContext *s)
+{
+tcg_target_available_regs[TCG_TYPE_I32] = ALL_GENERAL_REGS;
+tcg_target_available_regs[TCG_TYPE_I64] = ALL_GENERAL_REGS;
+
+tcg_target_call_clobber_regs = ALL_GENERAL_REGS;
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_S0);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_S1);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_S2);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_S3);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_S4);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_S5);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_S6);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_S7);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_S8);
+tcg_regset_reset_reg(tcg_target_call_clobber_regs, TCG_REG_S9);
+
+s->reserved_regs = 0;
+tcg_regset_set_reg(s->reserved_regs, TCG_REG_ZERO);
+tcg_regset_set_reg(s->reserved_regs, TCG_REG_TMP0);
+tcg_regset_set_reg(s->reserved_regs, TCG_REG_TMP1);
+tcg_regset_set_reg(s->reserved_regs, TCG_REG_TMP2);
+tcg_regset_set_reg(s->reserved_regs, TCG_REG_SP);
+tcg_regset_set_reg(s->reserved_regs, TCG_REG_TP);
+tcg_regset_set_reg(s->reserved_regs, TCG_REG_RESERVED);
+}
-- 
2.34.0

[PATCH v7 13/31] tcg/loongarch64: Implement deposit/extract ops

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tcg/loongarch64/tcg-target-con-set.h |  1 +
 tcg/loongarch64/tcg-target.c.inc | 21 +
 tcg/loongarch64/tcg-target.h |  8 
 3 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/tcg/loongarch64/tcg-target-con-set.h 
b/tcg/loongarch64/tcg-target-con-set.h
index 9ac24b8ad0..d958183020 100644
--- a/tcg/loongarch64/tcg-target-con-set.h
+++ b/tcg/loongarch64/tcg-target-con-set.h
@@ -18,3 +18,4 @@ C_O0_I1(r)
 C_O1_I1(r, r)
 C_O1_I2(r, r, rC)
 C_O1_I2(r, r, rU)
+C_O1_I2(r, 0, rZ)
diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index d610b83c37..1d903d05d6 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -531,6 +531,20 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 }
 break;
 
+case INDEX_op_extract_i32:
+tcg_out_opc_bstrpick_w(s, a0, a1, a2, a2 + args[3] - 1);
+break;
+case INDEX_op_extract_i64:
+tcg_out_opc_bstrpick_d(s, a0, a1, a2, a2 + args[3] - 1);
+break;
+
+case INDEX_op_deposit_i32:
+tcg_out_opc_bstrins_w(s, a0, a2, args[3], args[3] + args[4] - 1);
+break;
+case INDEX_op_deposit_i64:
+tcg_out_opc_bstrins_d(s, a0, a2, args[3], args[3] + args[4] - 1);
+break;
+
 case INDEX_op_mov_i32:  /* Always emitted via tcg_out_mov.  */
 case INDEX_op_mov_i64:
 default:
@@ -560,6 +574,8 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)
 case INDEX_op_ext_i32_i64:
 case INDEX_op_not_i32:
 case INDEX_op_not_i64:
+case INDEX_op_extract_i32:
+case INDEX_op_extract_i64:
 return C_O1_I1(r, r);
 
 case INDEX_op_andc_i32:
@@ -584,6 +600,11 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode 
op)
 /* LoongArch reg-imm bitops have their imms ZERO-extended */
 return C_O1_I2(r, r, rU);
 
+case INDEX_op_deposit_i32:
+case INDEX_op_deposit_i64:
+/* Must deposit into the same register as input */
+return C_O1_I2(r, 0, rZ);
+
 default:
 g_assert_not_reached();
 }
diff --git a/tcg/loongarch64/tcg-target.h b/tcg/loongarch64/tcg-target.h
index cb1739a54a..084d635a8e 100644
--- a/tcg/loongarch64/tcg-target.h
+++ b/tcg/loongarch64/tcg-target.h
@@ -97,8 +97,8 @@ typedef enum {
 #define TCG_TARGET_HAS_rem_i32  0
 #define TCG_TARGET_HAS_div2_i32 0
 #define TCG_TARGET_HAS_rot_i32  0
-#define TCG_TARGET_HAS_deposit_i32  0
-#define TCG_TARGET_HAS_extract_i32  0
+#define TCG_TARGET_HAS_deposit_i32  1
+#define TCG_TARGET_HAS_extract_i32  1
 #define TCG_TARGET_HAS_sextract_i32 0
 #define TCG_TARGET_HAS_extract2_i32 0
 #define TCG_TARGET_HAS_add2_i32 0
@@ -134,8 +134,8 @@ typedef enum {
 #define TCG_TARGET_HAS_rem_i64  0
 #define TCG_TARGET_HAS_div2_i64 0
 #define TCG_TARGET_HAS_rot_i64  0
-#define TCG_TARGET_HAS_deposit_i64  0
-#define TCG_TARGET_HAS_extract_i64  0
+#define TCG_TARGET_HAS_deposit_i64  1
+#define TCG_TARGET_HAS_extract_i64  1
 #define TCG_TARGET_HAS_sextract_i64 0
 #define TCG_TARGET_HAS_extract2_i64 0
 #define TCG_TARGET_HAS_extrl_i64_i321
-- 
2.34.0

Re: [PATCH for-6.2] Fix some typos in documentation (found by codespell)

[Thomas Huth]

On 19/11/2021 11.15, Stefan Weil wrote:

Am 18.11.21 um 00:27 schrieb Philippe Mathieu-Daudé:


On 11/17/21 22:07, Stefan Weil wrote:

Signed-off-by: Stefan Weil 
---
  docs/devel/multi-process.rst    | 2 +-
  docs/devel/qgraph.rst   | 2 +-
  docs/devel/writing-monitor-commands.rst | 2 +-
  docs/hyperv.txt | 2 +-
  docs/system/cpu-models-x86.rst.inc  | 2 +-
  docs/system/devices/nvme.rst    | 2 +-
  docs/system/gdb.rst | 2 +-
  docs/system/ppc/ppce500.rst | 2 +-
  docs/system/riscv/shakti-c.rst  | 2 +-
  9 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/docs/system/cpu-models-x86.rst.inc 
b/docs/system/cpu-models-x86.rst.inc

index 6e8be7d79b..884b6d20fb 100644
--- a/docs/system/cpu-models-x86.rst.inc
+++ b/docs/system/cpu-models-x86.rst.inc
@@ -49,7 +49,7 @@ future OS and toolchains are likely to target newer 
ABIs. The

  table that follows illustrates which ABI compatibility levels
  can be satisfied by the QEMU CPU models. Note that the table only
  lists the long term stable CPU model versions (eg Haswell-v4).
-In addition to whats listed, there are also many CPU model
+In addition to what's listed, there are also many CPU model
  aliases which resolve to a different CPU model version,
  depending on the machine type is in use.

For a non-native English speaker, this is clearer:

"In addition to what is listed"



I agree. Maybe Paolo or whoever applies that patch can change that detail.


I'm currently assembling a pull request for doc updates, and will add you 
patch there (with the "what is" fixed).


 Thomas

[PATCH v7 22/31] tcg/loongarch64: Implement simple load/store ops

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tcg/loongarch64/tcg-target-con-set.h |   1 +
 tcg/loongarch64/tcg-target.c.inc | 131 +++
 2 files changed, 132 insertions(+)

diff --git a/tcg/loongarch64/tcg-target-con-set.h 
b/tcg/loongarch64/tcg-target-con-set.h
index a2ec61237e..e54ca9b2de 100644
--- a/tcg/loongarch64/tcg-target-con-set.h
+++ b/tcg/loongarch64/tcg-target-con-set.h
@@ -15,6 +15,7 @@
  * tcg-target-con-str.h; the constraint combination is inclusive or.
  */
 C_O0_I1(r)
+C_O0_I2(rZ, r)
 C_O0_I2(rZ, rZ)
 C_O1_I1(r, r)
 C_O1_I2(r, r, rC)
diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index e470d7e145..fec22cfaf6 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -565,6 +565,73 @@ static void tcg_out_call(TCGContext *s, const 
tcg_insn_unit *arg)
 tcg_out_call_int(s, arg, false);
 }
 
+/*
+ * Load/store helpers
+ */
+
+static void tcg_out_ldst(TCGContext *s, LoongArchInsn opc, TCGReg data,
+ TCGReg addr, intptr_t offset)
+{
+intptr_t imm12 = sextreg(offset, 0, 12);
+
+if (offset != imm12) {
+intptr_t diff = offset - (uintptr_t)s->code_ptr;
+
+if (addr == TCG_REG_ZERO && diff == (int32_t)diff) {
+imm12 = sextreg(diff, 0, 12);
+tcg_out_opc_pcaddu12i(s, TCG_REG_TMP2, (diff - imm12) >> 12);
+} else {
+tcg_out_movi(s, TCG_TYPE_PTR, TCG_REG_TMP2, offset - imm12);
+if (addr != TCG_REG_ZERO) {
+tcg_out_opc_add_d(s, TCG_REG_TMP2, TCG_REG_TMP2, addr);
+}
+}
+addr = TCG_REG_TMP2;
+}
+
+switch (opc) {
+case OPC_LD_B:
+case OPC_LD_BU:
+case OPC_LD_H:
+case OPC_LD_HU:
+case OPC_LD_W:
+case OPC_LD_WU:
+case OPC_LD_D:
+case OPC_ST_B:
+case OPC_ST_H:
+case OPC_ST_W:
+case OPC_ST_D:
+tcg_out32(s, encode_djsk12_insn(opc, data, addr, imm12));
+break;
+default:
+g_assert_not_reached();
+}
+}
+
+static void tcg_out_ld(TCGContext *s, TCGType type, TCGReg arg,
+   TCGReg arg1, intptr_t arg2)
+{
+bool is_32bit = type == TCG_TYPE_I32;
+tcg_out_ldst(s, is_32bit ? OPC_LD_W : OPC_LD_D, arg, arg1, arg2);
+}
+
+static void tcg_out_st(TCGContext *s, TCGType type, TCGReg arg,
+   TCGReg arg1, intptr_t arg2)
+{
+bool is_32bit = type == TCG_TYPE_I32;
+tcg_out_ldst(s, is_32bit ? OPC_ST_W : OPC_ST_D, arg, arg1, arg2);
+}
+
+static bool tcg_out_sti(TCGContext *s, TCGType type, TCGArg val,
+TCGReg base, intptr_t ofs)
+{
+if (val == 0) {
+tcg_out_st(s, type, TCG_REG_ZERO, base, ofs);
+return true;
+}
+return false;
+}
+
 /*
  * Entry-points
  */
@@ -913,6 +980,49 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 tcg_out_setcond(s, args[3], a0, a1, a2, c2);
 break;
 
+case INDEX_op_ld8s_i32:
+case INDEX_op_ld8s_i64:
+tcg_out_ldst(s, OPC_LD_B, a0, a1, a2);
+break;
+case INDEX_op_ld8u_i32:
+case INDEX_op_ld8u_i64:
+tcg_out_ldst(s, OPC_LD_BU, a0, a1, a2);
+break;
+case INDEX_op_ld16s_i32:
+case INDEX_op_ld16s_i64:
+tcg_out_ldst(s, OPC_LD_H, a0, a1, a2);
+break;
+case INDEX_op_ld16u_i32:
+case INDEX_op_ld16u_i64:
+tcg_out_ldst(s, OPC_LD_HU, a0, a1, a2);
+break;
+case INDEX_op_ld_i32:
+case INDEX_op_ld32s_i64:
+tcg_out_ldst(s, OPC_LD_W, a0, a1, a2);
+break;
+case INDEX_op_ld32u_i64:
+tcg_out_ldst(s, OPC_LD_WU, a0, a1, a2);
+break;
+case INDEX_op_ld_i64:
+tcg_out_ldst(s, OPC_LD_D, a0, a1, a2);
+break;
+
+case INDEX_op_st8_i32:
+case INDEX_op_st8_i64:
+tcg_out_ldst(s, OPC_ST_B, a0, a1, a2);
+break;
+case INDEX_op_st16_i32:
+case INDEX_op_st16_i64:
+tcg_out_ldst(s, OPC_ST_H, a0, a1, a2);
+break;
+case INDEX_op_st_i32:
+case INDEX_op_st32_i64:
+tcg_out_ldst(s, OPC_ST_W, a0, a1, a2);
+break;
+case INDEX_op_st_i64:
+tcg_out_ldst(s, OPC_ST_D, a0, a1, a2);
+break;
+
 case INDEX_op_mov_i32:  /* Always emitted via tcg_out_mov.  */
 case INDEX_op_mov_i64:
 case INDEX_op_call: /* Always emitted via tcg_out_call.  */
@@ -927,6 +1037,15 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode 
op)
 case INDEX_op_goto_ptr:
 return C_O0_I1(r);
 
+case INDEX_op_st8_i32:
+case INDEX_op_st8_i64:
+case INDEX_op_st16_i32:
+case INDEX_op_st16_i64:
+case INDEX_op_st32_i64:
+case INDEX_op_st_i32:
+case INDEX_op_st_i64:
+return C_O0_I2(rZ, r);
+
 case INDEX_op_brcond_i32:
 case INDEX_op_brcond_i64:
 return C_O0_I2(rZ, rZ);
@@ -954,6 +1073,18 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode 
op)
 case INDEX_op_

[PATCH v7 20/31] tcg/loongarch64: Implement setcond ops

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
---
 tcg/loongarch64/tcg-target-con-set.h |  1 +
 tcg/loongarch64/tcg-target.c.inc | 69 
 2 files changed, 70 insertions(+)

diff --git a/tcg/loongarch64/tcg-target-con-set.h 
b/tcg/loongarch64/tcg-target-con-set.h
index 367689c2e2..a2ec61237e 100644
--- a/tcg/loongarch64/tcg-target-con-set.h
+++ b/tcg/loongarch64/tcg-target-con-set.h
@@ -22,6 +22,7 @@ C_O1_I2(r, r, ri)
 C_O1_I2(r, r, rI)
 C_O1_I2(r, r, rU)
 C_O1_I2(r, r, rW)
+C_O1_I2(r, r, rZ)
 C_O1_I2(r, 0, rZ)
 C_O1_I2(r, rZ, rN)
 C_O1_I2(r, rZ, rZ)
diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index 816b16f10f..682bf76ceb 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -434,6 +434,66 @@ static void tcg_out_clzctz(TCGContext *s, LoongArchInsn 
opc,
 tcg_out_opc_or(s, a0, TCG_REG_TMP0, a0);
 }
 
+static void tcg_out_setcond(TCGContext *s, TCGCond cond, TCGReg ret,
+TCGReg arg1, TCGReg arg2, bool c2)
+{
+TCGReg tmp;
+
+if (c2) {
+tcg_debug_assert(arg2 == 0);
+}
+
+switch (cond) {
+case TCG_COND_EQ:
+if (c2) {
+tmp = arg1;
+} else {
+tcg_out_opc_sub_d(s, ret, arg1, arg2);
+tmp = ret;
+}
+tcg_out_opc_sltui(s, ret, tmp, 1);
+break;
+case TCG_COND_NE:
+if (c2) {
+tmp = arg1;
+} else {
+tcg_out_opc_sub_d(s, ret, arg1, arg2);
+tmp = ret;
+}
+tcg_out_opc_sltu(s, ret, TCG_REG_ZERO, tmp);
+break;
+case TCG_COND_LT:
+tcg_out_opc_slt(s, ret, arg1, arg2);
+break;
+case TCG_COND_GE:
+tcg_out_opc_slt(s, ret, arg1, arg2);
+tcg_out_opc_xori(s, ret, ret, 1);
+break;
+case TCG_COND_LE:
+tcg_out_setcond(s, TCG_COND_GE, ret, arg2, arg1, false);
+break;
+case TCG_COND_GT:
+tcg_out_setcond(s, TCG_COND_LT, ret, arg2, arg1, false);
+break;
+case TCG_COND_LTU:
+tcg_out_opc_sltu(s, ret, arg1, arg2);
+break;
+case TCG_COND_GEU:
+tcg_out_opc_sltu(s, ret, arg1, arg2);
+tcg_out_opc_xori(s, ret, ret, 1);
+break;
+case TCG_COND_LEU:
+tcg_out_setcond(s, TCG_COND_GEU, ret, arg2, arg1, false);
+break;
+case TCG_COND_GTU:
+tcg_out_setcond(s, TCG_COND_LTU, ret, arg2, arg1, false);
+break;
+default:
+g_assert_not_reached();
+break;
+}
+}
+
 /*
  * Branch helpers
  */
@@ -815,6 +875,11 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 tcg_out_opc_mod_du(s, a0, a1, a2);
 break;
 
+case INDEX_op_setcond_i32:
+case INDEX_op_setcond_i64:
+tcg_out_setcond(s, args[3], a0, a1, a2, c2);
+break;
+
 case INDEX_op_mov_i32:  /* Always emitted via tcg_out_mov.  */
 case INDEX_op_mov_i64:
 default:
@@ -901,6 +966,10 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode 
op)
 case INDEX_op_ctz_i64:
 return C_O1_I2(r, r, rW);
 
+case INDEX_op_setcond_i32:
+case INDEX_op_setcond_i64:
+return C_O1_I2(r, r, rZ);
+
 case INDEX_op_deposit_i32:
 case INDEX_op_deposit_i64:
 /* Must deposit into the same register as input */
-- 
2.34.0

[PATCH v7 27/31] tcg/loongarch64: Register the JIT

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
---
 tcg/loongarch64/tcg-target.c.inc | 44 
 1 file changed, 44 insertions(+)

diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index ff167d686b..8ce30ecae5 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -1631,3 +1631,47 @@ static void tcg_target_init(TCGContext *s)
 tcg_regset_set_reg(s->reserved_regs, TCG_REG_TP);
 tcg_regset_set_reg(s->reserved_regs, TCG_REG_RESERVED);
 }
+
+typedef struct {
+DebugFrameHeader h;
+uint8_t fde_def_cfa[4];
+uint8_t fde_reg_ofs[ARRAY_SIZE(tcg_target_callee_save_regs) * 2];
+} DebugFrame;
+
+#define ELF_HOST_MACHINE EM_LOONGARCH
+
+static const DebugFrame debug_frame = {
+.h.cie.len = sizeof(DebugFrameCIE) - 4, /* length after .len member */
+.h.cie.id = -1,
+.h.cie.version = 1,
+.h.cie.code_align = 1,
+.h.cie.data_align = -(TCG_TARGET_REG_BITS / 8) & 0x7f, /* sleb128 */
+.h.cie.return_column = TCG_REG_RA,
+
+/* Total FDE size does not include the "len" member.  */
+.h.fde.len = sizeof(DebugFrame) - offsetof(DebugFrame, h.fde.cie_offset),
+
+.fde_def_cfa = {
+12, TCG_REG_SP, /* DW_CFA_def_cfa sp, ...  */
+(FRAME_SIZE & 0x7f) | 0x80, /* ... uleb128 FRAME_SIZE */
+(FRAME_SIZE >> 7)
+},
+.fde_reg_ofs = {
+0x80 + 23, 11,  /* DW_CFA_offset, s0, -88 */
+0x80 + 24, 10,  /* DW_CFA_offset, s1, -80 */
+0x80 + 25, 9,   /* DW_CFA_offset, s2, -72 */
+0x80 + 26, 8,   /* DW_CFA_offset, s3, -64 */
+0x80 + 27, 7,   /* DW_CFA_offset, s4, -56 */
+0x80 + 28, 6,   /* DW_CFA_offset, s5, -48 */
+0x80 + 29, 5,   /* DW_CFA_offset, s6, -40 */
+0x80 + 30, 4,   /* DW_CFA_offset, s7, -32 */
+0x80 + 31, 3,   /* DW_CFA_offset, s8, -24 */
+0x80 + 22, 2,   /* DW_CFA_offset, s9, -16 */
+0x80 + 1 , 1,   /* DW_CFA_offset, ra, -8 */
+}
+};
+
+void tcg_register_jit(const void *buf, size_t buf_size)
+{
+tcg_register_jit_int(buf, buf_size, &debug_frame, sizeof(debug_frame));
+}
-- 
2.34.0

[PATCH v7 19/31] tcg/loongarch64: Implement br/brcond ops

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tcg/loongarch64/tcg-target-con-set.h |  1 +
 tcg/loongarch64/tcg-target.c.inc | 53 
 2 files changed, 54 insertions(+)

diff --git a/tcg/loongarch64/tcg-target-con-set.h 
b/tcg/loongarch64/tcg-target-con-set.h
index fb56f3a295..367689c2e2 100644
--- a/tcg/loongarch64/tcg-target-con-set.h
+++ b/tcg/loongarch64/tcg-target-con-set.h
@@ -15,6 +15,7 @@
  * tcg-target-con-str.h; the constraint combination is inclusive or.
  */
 C_O0_I1(r)
+C_O0_I2(rZ, rZ)
 C_O1_I1(r, r)
 C_O1_I2(r, r, rC)
 C_O1_I2(r, r, ri)
diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index 67f07a3853..816b16f10f 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -434,6 +434,44 @@ static void tcg_out_clzctz(TCGContext *s, LoongArchInsn 
opc,
 tcg_out_opc_or(s, a0, TCG_REG_TMP0, a0);
 }
 
+/*
+ * Branch helpers
+ */
+
+static const struct {
+LoongArchInsn op;
+bool swap;
+} tcg_brcond_to_loongarch[] = {
+[TCG_COND_EQ] =  { OPC_BEQ,  false },
+[TCG_COND_NE] =  { OPC_BNE,  false },
+[TCG_COND_LT] =  { OPC_BGT,  true  },
+[TCG_COND_GE] =  { OPC_BLE,  true  },
+[TCG_COND_LE] =  { OPC_BLE,  false },
+[TCG_COND_GT] =  { OPC_BGT,  false },
+[TCG_COND_LTU] = { OPC_BGTU, true  },
+[TCG_COND_GEU] = { OPC_BLEU, true  },
+[TCG_COND_LEU] = { OPC_BLEU, false },
+[TCG_COND_GTU] = { OPC_BGTU, false }
+};
+
+static void tcg_out_brcond(TCGContext *s, TCGCond cond, TCGReg arg1,
+   TCGReg arg2, TCGLabel *l)
+{
+LoongArchInsn op = tcg_brcond_to_loongarch[cond].op;
+
+tcg_debug_assert(op != 0);
+
+if (tcg_brcond_to_loongarch[cond].swap) {
+TCGReg t = arg1;
+arg1 = arg2;
+arg2 = t;
+}
+
+/* all conditional branch insns belong to DJSk16-format */
+tcg_out_reloc(s, s->code_ptr, R_LOONGARCH_BR_SK16, l, 0);
+tcg_out32(s, encode_djsk16_insn(op, arg1, arg2, 0));
+}
+
 /*
  * Entry-points
  */
@@ -456,6 +494,17 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 tcg_out_opc_jirl(s, TCG_REG_ZERO, a0, 0);
 break;
 
+case INDEX_op_br:
+tcg_out_reloc(s, s->code_ptr, R_LOONGARCH_BR_SD10K16, arg_label(a0),
+  0);
+tcg_out_opc_b(s, 0);
+break;
+
+case INDEX_op_brcond_i32:
+case INDEX_op_brcond_i64:
+tcg_out_brcond(s, a2, a0, a1, arg_label(args[3]));
+break;
+
 case INDEX_op_ext8s_i32:
 case INDEX_op_ext8s_i64:
 tcg_out_ext8s(s, a0, a1);
@@ -779,6 +828,10 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode 
op)
 case INDEX_op_goto_ptr:
 return C_O0_I1(r);
 
+case INDEX_op_brcond_i32:
+case INDEX_op_brcond_i64:
+return C_O0_I2(rZ, rZ);
+
 case INDEX_op_ext8s_i32:
 case INDEX_op_ext8s_i64:
 case INDEX_op_ext8u_i32:
-- 
2.34.0

[PATCH v7 31/31] tests/docker: Add gentoo-loongarch64-cross image and run cross builds in GitLab

[WANG Xuerui]

Normally this would be based on qemu/debian10 or qemu/ubuntu2004, but
after a week-long struggle, I still cannot build stage2 gcc with the
known-good LoongArch toolchain sources, so I chose the least-resistance
path with Gentoo as base image. As this image is not expected to be
re-built by CI, like hexagon, it should not take much maintenance
effort; also it's expected to be replaced as soon as Debian is
available.

As the LoongArch target has not been merged yet, a check-tcg job is not
added at the moment, but cross builds with the TCG port are already
possible, and added to CI matrix.

As a reference, the image takes about 27 minutes to rebuild on a
Threadripper 3990X system with Docker operating on HDD; YMMV but it
probably wouldn't become significantly shorter, as everything needs to
be built from source in our case.

Signed-off-by: WANG Xuerui 
---
 .gitlab-ci.d/container-cross.yml  |  27 
 .gitlab-ci.d/crossbuilds.yml  |  16 +++
 MAINTAINERS   |   2 +
 tests/docker/Makefile.include |  21 +++
 .../gentoo-loongarch64-cross.docker   |  19 +++
 .../build-toolchain.sh| 123 ++
 6 files changed, 208 insertions(+)
 create mode 100644 tests/docker/dockerfiles/gentoo-loongarch64-cross.docker
 create mode 100755 
tests/docker/dockerfiles/gentoo-loongarch64-cross.docker.d/build-toolchain.sh

diff --git a/.gitlab-ci.d/container-cross.yml b/.gitlab-ci.d/container-cross.yml
index a3b5b90552..7a8cc556cc 100644
--- a/.gitlab-ci.d/container-cross.yml
+++ b/.gitlab-ci.d/container-cross.yml
@@ -82,6 +82,33 @@ hppa-debian-cross-container:
   variables:
 NAME: debian-hppa-cross
 
+# Similar to hexagon, we don't want to build loongarch64 in the CI either.
+loongarch64-cross-container:
+  image: docker:stable
+  stage: containers
+  rules:
+- if: '$CI_PROJECT_NAMESPACE == "qemu-project"'
+  when: never
+- when: always
+  variables:
+NAME: gentoo-loongarch64-cross
+GIT_DEPTH: 1
+  services:
+- docker:dind
+  before_script:
+- export TAG="$CI_REGISTRY_IMAGE/qemu/$NAME:latest"
+- export COMMON_TAG="$CI_REGISTRY/qemu-project/qemu/qemu/$NAME:latest"
+- docker info
+- docker login $CI_REGISTRY -u "$CI_REGISTRY_USER" -p 
"$CI_REGISTRY_PASSWORD"
+  script:
+- echo "TAG:$TAG"
+- echo "COMMON_TAG:$COMMON_TAG"
+- docker pull $COMMON_TAG
+- docker tag $COMMON_TAG $TAG
+- docker push "$TAG"
+  after_script:
+- docker logout
+
 m68k-debian-cross-container:
   extends: .container_job_template
   stage: containers-layer2
diff --git a/.gitlab-ci.d/crossbuilds.yml b/.gitlab-ci.d/crossbuilds.yml
index 17d6cb3e45..49f5b5525e 100644
--- a/.gitlab-ci.d/crossbuilds.yml
+++ b/.gitlab-ci.d/crossbuilds.yml
@@ -68,6 +68,22 @@ cross-i386-tci:
 EXTRA_CONFIGURE_OPTS: 
--target-list=i386-softmmu,i386-linux-user,aarch64-softmmu,aarch64-linux-user,ppc-softmmu,ppc-linux-user
 MAKE_CHECK_ARGS: check check-tcg
 
+cross-loongarch64-system:
+  extends: .cross_system_build_job
+  allow_failure: true
+  needs:
+job: loongarch64-cross-container
+  variables:
+IMAGE: gentoo-loongarch64-cross
+
+cross-loongarch64-user:
+  extends: .cross_user_build_job
+  allow_failure: true
+  needs:
+job: loongarch64-cross-container
+  variables:
+IMAGE: gentoo-loongarch64-cross
+
 cross-mips-system:
   extends: .cross_system_build_job
   needs:
diff --git a/MAINTAINERS b/MAINTAINERS
index a638fb6b31..165ef630bf 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3141,6 +3141,8 @@ LoongArch64 TCG target
 M: WANG Xuerui 
 S: Maintained
 F: tcg/loongarch64/
+F: tests/docker/dockerfiles/gentoo-loongarch64-cross.docker
+F: tests/docker/dockerfiles/gentoo-loongarch64-cross.docker.d/
 
 MIPS TCG target
 M: Philippe Mathieu-Daudé 
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index f1a0c5db7a..a2cdf193bb 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -176,6 +176,27 @@ docker-image-debian-hexagon-cross: 
$(DOCKER_FILES_DIR)/debian-hexagon-cross.dock
qemu/debian-hexagon-cross --add-current-user,   
\
"PREPARE", "debian-hexagon-cross"))
 
+#
+# Same for loongarch64-cross.
+#
+docker-image-gentoo-loongarch64-cross: 
$(DOCKER_FILES_DIR)/gentoo-loongarch64-cross.docker
+   $(if $(NOCACHE),
\
+   $(call quiet-command,   
\
+   $(DOCKER_SCRIPT) build -t qemu/gentoo-loongarch64-cross 
-f $<   \
+   $(if $V,,--quiet) --no-cache
\
+   --registry $(DOCKER_REGISTRY) --extra-files 
\
+   
$(DOCKER_FILES_DIR)/gentoo-loongarch64-cross.docker.d/build-toolchain.sh, \
+   "BUILD", "gentoo-lo

[PATCH] hw/net/allwinner_emac: Replace MII_ANAR_TX -> MII_ANLPAR_TX definition

[Philippe Mathieu-Daudé]

While both MII_ANAR_TX / MII_ANLPAR_TX have the same value,
the ANAR and ANLPAR registers are different, so technically
the ANLPAR register have to use the MII_ANLPAR_TX definition.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/net/allwinner_emac.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/allwinner_emac.c b/hw/net/allwinner_emac.c
index f35c45d..3aed92b8f1a 100644
--- a/hw/net/allwinner_emac.c
+++ b/hw/net/allwinner_emac.c
@@ -50,7 +50,7 @@ static void mii_reset(RTL8201CPState *mii, bool link_ok)
 MII_BMSR_10T_HD | MII_BMSR_MFPS | MII_BMSR_AUTONEG;
 mii->anar = MII_ANAR_TXFD | MII_ANAR_TX | MII_ANAR_10FD | MII_ANAR_10 |
 MII_ANAR_CSMACD;
-mii->anlpar = MII_ANAR_TX;
+mii->anlpar = MII_ANLPAR_TX;
 
 mii_set_link(mii, link_ok);
 }
-- 
2.31.1

[PATCH v7 24/31] tcg/loongarch64: Implement tcg_target_qemu_prologue

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
---
 tcg/loongarch64/tcg-target.c.inc | 68 
 1 file changed, 68 insertions(+)

diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index c92587c823..a806e3352e 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -968,6 +968,8 @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg 
*args)
  * Entry-points
  */
 
+static const tcg_insn_unit *tb_ret_addr;
+
 static void tcg_out_op(TCGContext *s, TCGOpcode opc,
const TCGArg args[TCG_MAX_OP_ARGS],
const int const_args[TCG_MAX_OP_ARGS])
@@ -1517,3 +1519,69 @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode 
op)
 g_assert_not_reached();
 }
 }
+
+static const int tcg_target_callee_save_regs[] = {
+TCG_REG_S0, /* used for the global env (TCG_AREG0) */
+TCG_REG_S1,
+TCG_REG_S2,
+TCG_REG_S3,
+TCG_REG_S4,
+TCG_REG_S5,
+TCG_REG_S6,
+TCG_REG_S7,
+TCG_REG_S8,
+TCG_REG_S9,
+TCG_REG_RA, /* should be last for ABI compliance */
+};
+
+/* Stack frame parameters.  */
+#define REG_SIZE   (TCG_TARGET_REG_BITS / 8)
+#define SAVE_SIZE  ((int)ARRAY_SIZE(tcg_target_callee_save_regs) * REG_SIZE)
+#define TEMP_SIZE  (CPU_TEMP_BUF_NLONGS * (int)sizeof(long))
+#define FRAME_SIZE ((TCG_STATIC_CALL_ARGS_SIZE + TEMP_SIZE + SAVE_SIZE \
+ + TCG_TARGET_STACK_ALIGN - 1) \
+& -TCG_TARGET_STACK_ALIGN)
+#define SAVE_OFS   (TCG_STATIC_CALL_ARGS_SIZE + TEMP_SIZE)
+
+/* We're expecting to be able to use an immediate for frame allocation.  */
+QEMU_BUILD_BUG_ON(FRAME_SIZE > 0x7ff);
+
+/* Generate global QEMU prologue and epilogue code */
+static void tcg_target_qemu_prologue(TCGContext *s)
+{
+int i;
+
+tcg_set_frame(s, TCG_REG_SP, TCG_STATIC_CALL_ARGS_SIZE, TEMP_SIZE);
+
+/* TB prologue */
+tcg_out_opc_addi_d(s, TCG_REG_SP, TCG_REG_SP, -FRAME_SIZE);
+for (i = 0; i < ARRAY_SIZE(tcg_target_callee_save_regs); i++) {
+tcg_out_st(s, TCG_TYPE_REG, tcg_target_callee_save_regs[i],
+   TCG_REG_SP, SAVE_OFS + i * REG_SIZE);
+}
+
+#if !defined(CONFIG_SOFTMMU)
+if (USE_GUEST_BASE) {
+tcg_out_movi(s, TCG_TYPE_PTR, TCG_GUEST_BASE_REG, guest_base);
+tcg_regset_set_reg(s->reserved_regs, TCG_GUEST_BASE_REG);
+}
+#endif
+
+/* Call generated code */
+tcg_out_mov(s, TCG_TYPE_PTR, TCG_AREG0, tcg_target_call_iarg_regs[0]);
+tcg_out_opc_jirl(s, TCG_REG_ZERO, tcg_target_call_iarg_regs[1], 0);
+
+/* Return path for goto_ptr. Set return value to 0 */
+tcg_code_gen_epilogue = tcg_splitwx_to_rx(s->code_ptr);
+tcg_out_mov(s, TCG_TYPE_REG, TCG_REG_A0, TCG_REG_ZERO);
+
+/* TB epilogue */
+tb_ret_addr = tcg_splitwx_to_rx(s->code_ptr);
+for (i = 0; i < ARRAY_SIZE(tcg_target_callee_save_regs); i++) {
+tcg_out_ld(s, TCG_TYPE_REG, tcg_target_callee_save_regs[i],
+   TCG_REG_SP, SAVE_OFS + i * REG_SIZE);
+}
+
+tcg_out_opc_addi_d(s, TCG_REG_SP, TCG_REG_SP, FRAME_SIZE);
+tcg_out_opc_jirl(s, TCG_REG_ZERO, TCG_REG_RA, 0);
+}
-- 
2.34.0

[PATCH v7 29/31] accel/tcg/user-exec: Implement CPU-specific signal handler for loongarch64 hosts

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
---
 linux-user/host/loongarch64/host-signal.h | 82 +++
 1 file changed, 82 insertions(+)
 create mode 100644 linux-user/host/loongarch64/host-signal.h

diff --git a/linux-user/host/loongarch64/host-signal.h 
b/linux-user/host/loongarch64/host-signal.h
new file mode 100644
index 00..5fa993f7e7
--- /dev/null
+++ b/linux-user/host/loongarch64/host-signal.h
@@ -0,0 +1,82 @@
+/*
+ * host-signal.h: signal info dependent on the host architecture
+ *
+ * Copyright (c) 2003-2005 Fabrice Bellard
+ * Copyright (c) 2021 WANG Xuerui 
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef LOONGARCH64_HOST_SIGNAL_H
+#define LOONGARCH64_HOST_SIGNAL_H
+
+static inline uintptr_t host_signal_pc(ucontext_t *uc)
+{
+return uc->uc_mcontext.__pc;
+}
+
+static inline bool host_signal_write(siginfo_t *info, ucontext_t *uc)
+{
+const uint32_t *pinsn = (const uint32_t *)host_signal_pc(uc);
+uint32_t insn = pinsn[0];
+
+/* Detect store by reading the instruction at the program counter.  */
+switch ((insn >> 26) & 0b11) {
+case 0b001000: /* {ll,sc}.[wd] */
+switch ((insn >> 24) & 0b11) {
+case 0b01: /* sc.w */
+case 0b11: /* sc.d */
+return true;
+}
+break;
+case 0b001001: /* {ld,st}ox4.[wd] ({ld,st}ptr.[wd]) */
+switch ((insn >> 24) & 0b11) {
+case 0b01: /* stox4.w (stptr.w) */
+case 0b11: /* stox4.d (stptr.d) */
+return true;
+}
+break;
+case 0b001010: /* {ld,st}.* family */
+switch ((insn >> 22) & 0b) {
+case 0b0100: /* st.b */
+case 0b0101: /* st.h */
+case 0b0110: /* st.w */
+case 0b0111: /* st.d */
+case 0b1101: /* fst.s */
+case 0b: /* fst.d */
+return true;
+}
+break;
+case 0b001110: /* indexed, atomic, bounds-checking memory operations */
+uint32_t sel = (insn >> 15) & 0b111;
+
+switch (sel) {
+case 0b010: /* stx.b */
+case 0b0101000: /* stx.h */
+case 0b011: /* stx.w */
+case 0b0111000: /* stx.d */
+case 0b111: /* fstx.s */
+case 0b000: /* fstx.d */
+case 0b00011101100: /* fstgt.s */
+case 0b00011101101: /* fstgt.d */
+case 0b00011101110: /* fstle.s */
+case 0b0001110: /* fstle.d */
+case 0b0001000: /* stgt.b */
+case 0b0001001: /* stgt.h */
+case 0b0001010: /* stgt.w */
+case 0b0001011: /* stgt.d */
+case 0b0001100: /* stle.b */
+case 0b0001101: /* stle.h */
+case 0b0001110: /* stle.w */
+case 0b000: /* stle.d */
+case 0b0001100 ... 0b00011100011: /* am* insns */
+return true;
+}
+break;
+}
+
+return false;
+}
+
+#endif
-- 
2.34.0

Re: [PATCH-for-6.2? 0/2] hw/intc/arm_gicv3: Introduce CONFIG_ARM_GIC_TCG Kconfig selector

[Peter Maydell]

On Mon, 15 Nov 2021 at 22:36, Philippe Mathieu-Daudé  wrote:
>
> The GICv3 ITS support has been introduced uring the 6.2 development
> window (commits 18f6290a6a9..17fb5e36aab). This device is for
> emulation. When building virtualization-only binary, it might be
> desirable to not include this device.
>
> Introduce the CONFIG_ARM_GIC_TCG Kconfig selector to allow downstream
> distributions to deselect this device.
>
> Based-on: pull-target-arm-2025-1
>
> Philippe Mathieu-Daudé (2):
>   hw/intc/arm_gicv3: Extract gicv3_set_gicv3state from arm_gicv3_cpuif.c
>   hw/intc/arm_gicv3: Introduce CONFIG_ARM_GIC_TCG Kconfig selector

Reviewed-by: Peter Maydell 

This looks OK to me, but I'm inclined to leave it for 7.0 at this
point in the release cycle, unless it would be awkward for
downstreams if we didn't put it in ?

thanks
-- PMM

[PATCH v7 28/31] linux-user: Add safe syscall handling for loongarch64 hosts

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
---
 linux-user/host/loongarch64/hostdep.h | 34 
 .../host/loongarch64/safe-syscall.inc.S   | 80 +++
 2 files changed, 114 insertions(+)
 create mode 100644 linux-user/host/loongarch64/hostdep.h
 create mode 100644 linux-user/host/loongarch64/safe-syscall.inc.S

diff --git a/linux-user/host/loongarch64/hostdep.h 
b/linux-user/host/loongarch64/hostdep.h
new file mode 100644
index 00..e3d5fa703f
--- /dev/null
+++ b/linux-user/host/loongarch64/hostdep.h
@@ -0,0 +1,34 @@
+/*
+ * hostdep.h : things which are dependent on the host architecture
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef LOONGARCH64_HOSTDEP_H
+#define LOONGARCH64_HOSTDEP_H
+
+/* We have a safe-syscall.inc.S */
+#define HAVE_SAFE_SYSCALL
+
+#ifndef __ASSEMBLER__
+
+/* These are defined by the safe-syscall.inc.S file */
+extern char safe_syscall_start[];
+extern char safe_syscall_end[];
+
+/* Adjust the signal context to rewind out of safe-syscall if we're in it */
+static inline void rewind_if_in_safe_syscall(void *puc)
+{
+ucontext_t *uc = puc;
+unsigned long long *pcreg = &uc->uc_mcontext.__pc;
+
+if (*pcreg > (uintptr_t)safe_syscall_start
+&& *pcreg < (uintptr_t)safe_syscall_end) {
+*pcreg = (uintptr_t)safe_syscall_start;
+}
+}
+
+#endif /* __ASSEMBLER__ */
+
+#endif
diff --git a/linux-user/host/loongarch64/safe-syscall.inc.S 
b/linux-user/host/loongarch64/safe-syscall.inc.S
new file mode 100644
index 00..bb530248b3
--- /dev/null
+++ b/linux-user/host/loongarch64/safe-syscall.inc.S
@@ -0,0 +1,80 @@
+/*
+ * safe-syscall.inc.S : host-specific assembly fragment
+ * to handle signals occurring at the same time as system calls.
+ * This is intended to be included by linux-user/safe-syscall.S
+ *
+ * Ported to LoongArch by WANG Xuerui 
+ *
+ * Based on safe-syscall.inc.S code for every other architecture,
+ * originally written by Richard Henderson 
+ * Copyright (C) 2018 Linaro, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+   .global safe_syscall_base
+   .global safe_syscall_start
+   .global safe_syscall_end
+   .type   safe_syscall_base, @function
+   .type   safe_syscall_start, @function
+   .type   safe_syscall_end, @function
+
+   /*
+* This is the entry point for making a system call. The calling
+* convention here is that of a C varargs function with the
+* first argument an 'int *' to the signal_pending flag, the
+* second one the system call number (as a 'long'), and all further
+* arguments being syscall arguments (also 'long').
+* We return a long which is the syscall's return value, which
+* may be negative-errno on failure. Conversion to the
+* -1-and-errno-set convention is done by the calling wrapper.
+*/
+safe_syscall_base:
+   .cfi_startproc
+   /*
+* The syscall calling convention is nearly the same as C:
+* we enter with a0 == *signal_pending
+*   a1 == syscall number
+*   a2 ... a7 == syscall arguments
+*   and return the result in a0
+* and the syscall instruction needs
+*   a7 == syscall number
+*   a0 ... a5 == syscall arguments
+*   and returns the result in a0
+* Shuffle everything around appropriately.
+*/
+   move$t0, $a0/* signal_pending pointer */
+   move$t1, $a1/* syscall number */
+   move$a0, $a2/* syscall arguments */
+   move$a1, $a3
+   move$a2, $a4
+   move$a3, $a5
+   move$a4, $a6
+   move$a5, $a7
+   move$a7, $t1
+
+   /*
+* This next sequence of code works in conjunction with the
+* rewind_if_safe_syscall_function(). If a signal is taken
+* and the interrupted PC is anywhere between 'safe_syscall_start'
+* and 'safe_syscall_end' then we rewind it to 'safe_syscall_start'.
+* The code sequence must therefore be able to cope with this, and
+* the syscall instruction must be the final one in the sequence.
+*/
+safe_syscall_start:
+   /* If signal_pending is non-zero, don't do the call */
+   ld.w$t1, $t0, 0
+   bnez$t1, 0f
+   syscall 0
+safe_syscall_end:
+   /* code path for having successfully executed the syscall */
+   jr  $ra
+
+0:
+   /* code path when we didn't execute the syscall */
+   li.w$a0, -TARGET_ERESTARTSYS
+   jr  $ra
+   .cfi_endproc
+
+   .size   safe_syscall_base, .-safe_syscall_base
-- 
2.34.0

[PATCH v7 25/31] tcg/loongarch64: Implement exit_tb/goto_tb

[WANG Xuerui]

Signed-off-by: WANG Xuerui 
Reviewed-by: Richard Henderson 
---
 tcg/loongarch64/tcg-target.c.inc | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc
index a806e3352e..2d066a035d 100644
--- a/tcg/loongarch64/tcg-target.c.inc
+++ b/tcg/loongarch64/tcg-target.c.inc
@@ -980,6 +980,25 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 int c2 = const_args[2];
 
 switch (opc) {
+case INDEX_op_exit_tb:
+/* Reuse the zeroing that exists for goto_ptr.  */
+if (a0 == 0) {
+tcg_out_call_int(s, tcg_code_gen_epilogue, true);
+} else {
+tcg_out_movi(s, TCG_TYPE_PTR, TCG_REG_A0, a0);
+tcg_out_call_int(s, tb_ret_addr, true);
+}
+break;
+
+case INDEX_op_goto_tb:
+assert(s->tb_jmp_insn_offset == 0);
+/* indirect jump method */
+tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_TMP0, TCG_REG_ZERO,
+   (uintptr_t)(s->tb_jmp_target_addr + a0));
+tcg_out_opc_jirl(s, TCG_REG_ZERO, TCG_REG_TMP0, 0);
+set_jmp_reset_offset(s, a0);
+break;
+
 case INDEX_op_mb:
 tcg_out_mb(s, a0);
 break;
-- 
2.34.0

Re: [PATCH v2 1/2] docs: Drop deprecated 'props' from object-add

[Thomas Huth]

On 22/11/2021 08.49, Rao, Lei wrote:

From: "Rao, Lei" 

In commit 5024340745 "qapi/qom: Drop deprecated 'props' from
object-add" (v6.0.0), we also should update documents.

Signed-off-by: Lei Rao 
---
  docs/COLO-FT.txt| 16 
  docs/system/authz.rst   | 26 ++
  docs/throttle.txt   |  8 +++-
  docs/tools/qemu-nbd.rst |  2 +-
  4 files changed, 22 insertions(+), 30 deletions(-)


Thansk! FYI, I'm currently assembling a pull request for documentation 
updates and will add you both patches there.


 Thomas

[PATCH v2 0/5] Check PMP rules num before propagation

[LIU Zhiwei]

In this patch set, fix pmp propagation to tlb and replace pmp_is_range_in_tlb
with a more straightforward function pmp_adjust_tlb_size.

v2:
  move pmp rules num check to pmp_is_range_in_tlb
  define pmp_adjust_tlb_size to replace pmp_is_range_in_tlb


LIU Zhiwei (5):
  target/riscv: Check PMP rules num before propagation
  target/riscv: Give a more generic size for tlb
  target/riscv: Discard return value for pmp_is_range_in_tlb
  target/riscv: Rename pmp_is_range_in_tlb
  target/riscv: Modify return and parameter type for pmp_adjust_tlb_size

 target/riscv/cpu_helper.c |  6 ++
 target/riscv/pmp.c| 21 ++---
 target/riscv/pmp.h|  4 ++--
 3 files changed, 14 insertions(+), 17 deletions(-)

-- 
2.25.1

[PATCH] hw/misc/auxbus: Improve aux_bus_init() docstring

[Philippe Mathieu-Daudé]

Mention in aux_bus_init() docstring that the AUXBus
is not simply initialized, it is also allocated.

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/misc/auxbus.h | 12 +++-
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/include/hw/misc/auxbus.h b/include/hw/misc/auxbus.h
index b05799d2f7a..bd8612018a7 100644
--- a/include/hw/misc/auxbus.h
+++ b/include/hw/misc/auxbus.h
@@ -85,7 +85,8 @@ struct AUXSlave {
 };
 
 /**
- * aux_bus_init: Initialize an AUX bus.
+ * aux_bus_init:
+ * Create an AUX bus on the heap.
  *
  * Returns the new AUX bus created.
  *
@@ -101,7 +102,7 @@ AUXBus *aux_bus_init(DeviceState *parent, const char *name);
  */
 void aux_bus_realize(AUXBus *bus);
 
-/*
+/**
  * aux_request: Make a request on the bus.
  *
  * Returns the reply of the request.
@@ -115,7 +116,7 @@ void aux_bus_realize(AUXBus *bus);
 AUXReply aux_request(AUXBus *bus, AUXCommand cmd, uint32_t address,
   uint8_t len, uint8_t *data);
 
-/*
+/**
  * aux_get_i2c_bus: Get the i2c bus for I2C over AUX command.
  *
  * Returns the i2c bus associated to this AUX bus.
@@ -124,7 +125,7 @@ AUXReply aux_request(AUXBus *bus, AUXCommand cmd, uint32_t 
address,
  */
 I2CBus *aux_get_i2c_bus(AUXBus *bus);
 
-/*
+/**
  * aux_init_mmio: Init an mmio for an AUX slave.
  *
  * @aux_slave The AUX slave.
@@ -132,7 +133,8 @@ I2CBus *aux_get_i2c_bus(AUXBus *bus);
  */
 void aux_init_mmio(AUXSlave *aux_slave, MemoryRegion *mmio);
 
-/* aux_map_slave: Map the mmio for an AUX slave on the bus.
+/**
+ * aux_map_slave: Map the mmio for an AUX slave on the bus.
  *
  * @dev The AUX slave.
  * @addr The address for the slave's mmio.
-- 
2.31.1

[PATCH] hw/scsi: Fix scsi_bus_init_named() docstring

[Philippe Mathieu-Daudé]

Commit 739e95f5741 ("scsi: Replace scsi_bus_new() with
scsi_bus_init(), scsi_bus_init_named()") forgot to rename
scsi_bus_init() in the function documentation string.

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/scsi/scsi.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/hw/scsi/scsi.h b/include/hw/scsi/scsi.h
index a567a5ed86b..2ef80af6dca 100644
--- a/include/hw/scsi/scsi.h
+++ b/include/hw/scsi/scsi.h
@@ -158,7 +158,7 @@ struct SCSIBus {
  * provided by the caller. It is the caller's responsibility to make
  * sure that name does not clash with the name of any other bus in the
  * system. Unless you need the new bus to have a specific name, you
- * should use scsi_bus_new() instead.
+ * should use scsi_bus_init() instead.
  */
 void scsi_bus_init_named(SCSIBus *bus, size_t bus_size, DeviceState *host,
  const SCSIBusInfo *info, const char *bus_name);
-- 
2.31.1

Re: [PATCH] hw/scsi: Fix scsi_bus_init_named() docstring

[Peter Maydell]

On Mon, 22 Nov 2021 at 10:47, Philippe Mathieu-Daudé  wrote:
>
> Commit 739e95f5741 ("scsi: Replace scsi_bus_new() with
> scsi_bus_init(), scsi_bus_init_named()") forgot to rename
> scsi_bus_init() in the function documentation string.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/hw/scsi/scsi.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/hw/scsi/scsi.h b/include/hw/scsi/scsi.h
> index a567a5ed86b..2ef80af6dca 100644
> --- a/include/hw/scsi/scsi.h
> +++ b/include/hw/scsi/scsi.h
> @@ -158,7 +158,7 @@ struct SCSIBus {
>   * provided by the caller. It is the caller's responsibility to make
>   * sure that name does not clash with the name of any other bus in the
>   * system. Unless you need the new bus to have a specific name, you
> - * should use scsi_bus_new() instead.
> + * should use scsi_bus_init() instead.
>   */
>  void scsi_bus_init_named(SCSIBus *bus, size_t bus_size, DeviceState *host,
>   const SCSIBusInfo *info, const char *bus_name);
> --
> 2.31.1

Reviewed-by: Peter Maydell 

thanks
-- PMM

[PATCH v2 4/5] target/riscv: Rename pmp_is_range_in_tlb

[LIU Zhiwei]

Signed-off-by: LIU Zhiwei 
---
 target/riscv/cpu_helper.c | 2 +-
 target/riscv/pmp.c| 2 +-
 target/riscv/pmp.h| 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 3f53744897..cf8109197d 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -376,7 +376,7 @@ static int get_physical_address_pmp(CPURISCVState *env, int 
*prot,
 
 *prot = pmp_priv_to_page_prot(pmp_priv);
 if (tlb_size != NULL) {
-pmp_is_range_in_tlb(env, addr & ~(*tlb_size - 1), tlb_size);
+pmp_adjust_tlb_size(env, addr & ~(*tlb_size - 1), tlb_size);
 }
 
 return TRANSLATE_SUCCESS;
diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 4850a9cc5d..19baf87384 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -620,7 +620,7 @@ static target_ulong pmp_get_tlb_size(CPURISCVState *env, 
int pmp_index,
  * Check is there a PMP entry which range covers this page. If so,
  * try to find the minimum granularity for the TLB size.
  */
-void pmp_is_range_in_tlb(CPURISCVState *env, hwaddr tlb_sa,
+void pmp_adjust_tlb_size(CPURISCVState *env, hwaddr tlb_sa,
  target_ulong *tlb_size)
 {
 int i;
diff --git a/target/riscv/pmp.h b/target/riscv/pmp.h
index 69395472f9..600ac65d08 100644
--- a/target/riscv/pmp.h
+++ b/target/riscv/pmp.h
@@ -71,7 +71,7 @@ target_ulong pmpaddr_csr_read(CPURISCVState *env, uint32_t 
addr_index);
 bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
 target_ulong size, pmp_priv_t privs, pmp_priv_t *allowed_privs,
 target_ulong mode);
-void pmp_is_range_in_tlb(CPURISCVState *env, hwaddr tlb_sa,
+void pmp_adjust_tlb_size(CPURISCVState *env, hwaddr tlb_sa,
  target_ulong *tlb_size);
 void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index);
 void pmp_update_rule_nums(CPURISCVState *env);
-- 
2.25.1

Re: [PATCH] ui/vnc-clipboard: fix adding notifier twice

[Vladimir Sementsov-Ogievskiy]

21.11.2021 22:12, Nikta Lapshin wrote:


On 11/10/21 13:38, Vladimir Sementsov-Ogievskiy wrote:

vnc_server_cut_text_caps() is not guaranteed to be called only once.

If it called twice, we finally call notifier_list_add() twice with same
element. Which leads to loopback QLIST. So, on next
notifier_list_notify() we'll loop forever and QEMU stuck.

So, let's only register new notifier if it's not yet registered.

Note, that similar check is used in vdagent_chr_recv_caps() (before
call qemu_clipboard_peer_register()), and also before
qemu_clipboard_peer_unregister() call in vdagent_disconnect() and in
vnc_disconnect_finish().

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---

Hi all!

After backporting clipboard patches to our Rhel7-based downstream, we
faced Qemu stuck in notifier_list_notify():

 (gdb) bt
   #0  vnc_clipboard_notify (notifier=0x564427f283f8, data=0x564426c59a70) at 
ui/vnc-clipboard.c:193
   #1  0x564423455887 in notifier_list_notify (list=list@entry=0x564423d2b258 
, data=data@entry=0x564426c59a70) at util/notify.c:40
   #2  0x5644233273bf in qemu_clipboard_update 
(info=info@entry=0x564426c59a70) at ui/clipboard.c:19
   #3  0x56442334efd2 in vnc_client_cut_text_ext (vs=vs@entry=0x564427f18000, 
len=len@entry=4, flags=,
 data=data@entry=0x5644263cc00c 
"\002\f\001\251\020\377\377\377!\377\377\377\314\376\377\377\315\376\377\377 
\377\377\377\316\345\241\300\307\376\377\377\310\376\377\377\376\376\377\377\a")
 at ui/vnc-clipboard.c:256
   #4  0x56442333b172 in protocol_client_msg (vs=0x564427f18000, data=0x5644263cc000 
"\006", len=) at ui/vnc.c:2396
   #5  0x564423338af6 in vnc_client_read (vs=0x564427f18000) at 
ui/vnc.c:1537
   #6  vnc_client_io (ioc=, condition=G_IO_IN, 
opaque=0x564427f18000) at ui/vnc.c:1559
   #7  0x7f07b02cf147 in g_main_dispatch (context=0x564425546bb0) at 
gmain.c:3192
   #8  g_main_context_dispatch (context=context@entry=0x564425546bb0) at 
gmain.c:3845
   #9  0x5644234468f7 in glib_pollfds_poll () at util/main-loop.c:215
   #10 os_host_main_loop_wait (timeout=) at util/main-loop.c:238
   #11 main_loop_wait (nonblocking=nonblocking@entry=0) at util/main-loop.c:497


investigations shows, that notifier list has only one element which points to 
itself as next. So, we are in the endless loop.

Seems that it's possible, if vnc_server_cut_text_caps() called twice. Then it 
registers notifier twice and it added to QLIST twice, which leads to the 
situation.


I don't have any reproducer and not sure that bug may be reproduced on
master.

I'm not familiar with ui code - may be vnc_server_cut_text_caps() should
never be called twice? Or notifier should be removed somehow before the
second call? Maybe this patch just shadows another bug?

But what I do know, is that we should not put same element into QLIST
twice. And if the check I propose is not needed we should add an
assertion instead:

   assert(!vs->cbpeer.update.notify);


  ui/vnc-clipboard.c | 10 ++
  1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/ui/vnc-clipboard.c b/ui/vnc-clipboard.c
index 9f077965d0..67284b556c 100644
--- a/ui/vnc-clipboard.c
+++ b/ui/vnc-clipboard.c
@@ -316,8 +316,10 @@ void vnc_server_cut_text_caps(VncState *vs)
  caps[1] = 0;
  vnc_clipboard_send(vs, 2, caps);
-    vs->cbpeer.name = "vnc";
-    vs->cbpeer.update.notify = vnc_clipboard_notify;
-    vs->cbpeer.request = vnc_clipboard_request;
-    qemu_clipboard_peer_register(&vs->cbpeer);
+    if (!vs->cbpeer.update.notify) {
+    vs->cbpeer.name = "vnc";
+    vs->cbpeer.update.notify = vnc_clipboard_notify;
+    vs->cbpeer.request = vnc_clipboard_request;
+    qemu_clipboard_peer_register(&vs->cbpeer);
+    }
  }



Perhaps QLIST_IS_INSERTED will be suitable for such checks because I couldn't 
find any initialize of .notify pointer so it can potentially be UB.



I think, vs structure should be initialized to zero at start. For example at start of 
vnc_connect(): "VncState *vs = g_new0(VncState, 1);", and I didn't find another 
place where it is allocated.

Also similar checks are already used in the code, so I think better to behave 
similarly here.

--
Best regards,
Vladimir

Re: [PULL 0/5] Linux user for 6.2 patches

[Richard Henderson]

On 11/22/21 9:23 AM, Laurent Vivier wrote:

The following changes since commit 8627edfb3f1fca24a96a0954148885c3241c10f8:

   Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging 
(2021-11-19 17:16:57 +0100)

are available in the Git repository at:

   git://github.com/vivier/qemu.git tags/linux-user-for-6.2-pull-request

for you to fetch changes up to 802ae45e94151a6d3ee20eadcb865cf6c875df34:

   linux-user: fix Coverity CID 1464101 (2021-11-22 09:17:08 +0100)


linux-user pull request 20211122

Fixes for CID 1464101 and gilab #704



Laurent Vivier (1):
   linux-user: fix Coverity CID 1464101

Richard Henderson (4):
   linux-user: Split out do_getdents, do_getdents64
   linux-user: Always use flexible arrays for dirent d_name
   linux-user: Fix member types of target_dirent64
   linux-user: Rewrite do_getdents, do_getdents64

  linux-user/elfload.c  |  10 +-
  linux-user/syscall.c  | 314 +++---
  linux-user/syscall_defs.h |  12 +-
  3 files changed, 172 insertions(+), 164 deletions(-)


Applied, thanks.

r~

[PATCH v2 1/5] target/riscv: Check PMP rules num before propagation

[LIU Zhiwei]

When an address is in [0-4K) and no pmp rule configured, the tlb_size will
be set to 1.

This is caused by pmp_get_tlb_size return a value 1.

if (pmp_sa >= tlb_sa && pmp_ea <= tlb_ea) {
return pmp_ea - pmp_sa + 1;
}

Here pmp_sa == 0 and pmp_ea == 0.

Signed-off-by: LIU Zhiwei 
---
 target/riscv/pmp.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 54abf42583..190ff59fab 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -627,6 +627,10 @@ bool pmp_is_range_in_tlb(CPURISCVState *env, hwaddr tlb_sa,
 target_ulong val;
 target_ulong tlb_ea = (tlb_sa + TARGET_PAGE_SIZE - 1);
 
+if (pmp_get_num_rules(env) == 0) {
+return false;
+}
+
 for (i = 0; i < MAX_RISCV_PMPS; i++) {
 val = pmp_get_tlb_size(env, i, tlb_sa, tlb_ea);
 if (val) {
-- 
2.25.1

[PATCH v2 2/5] target/riscv: Give a more generic size for tlb

[LIU Zhiwei]

As the caller has given a tlb size parameter, we should use it
to keep pace with it.

Signed-off-by: LIU Zhiwei 
---
 target/riscv/cpu_helper.c | 5 +
 target/riscv/pmp.c| 7 ---
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 9eeed38c7e..3f53744897 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -362,7 +362,6 @@ static int get_physical_address_pmp(CPURISCVState *env, int 
*prot,
 int mode)
 {
 pmp_priv_t pmp_priv;
-target_ulong tlb_size_pmp = 0;
 
 if (!riscv_feature(env, RISCV_FEATURE_PMP)) {
 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
@@ -377,9 +376,7 @@ static int get_physical_address_pmp(CPURISCVState *env, int 
*prot,
 
 *prot = pmp_priv_to_page_prot(pmp_priv);
 if (tlb_size != NULL) {
-if (pmp_is_range_in_tlb(env, addr & ~(*tlb_size - 1), &tlb_size_pmp)) {
-*tlb_size = tlb_size_pmp;
-}
+pmp_is_range_in_tlb(env, addr & ~(*tlb_size - 1), tlb_size);
 }
 
 return TRANSLATE_SUCCESS;
diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 190ff59fab..ca38087574 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -625,7 +625,8 @@ bool pmp_is_range_in_tlb(CPURISCVState *env, hwaddr tlb_sa,
 {
 int i;
 target_ulong val;
-target_ulong tlb_ea = (tlb_sa + TARGET_PAGE_SIZE - 1);
+target_ulong tlb_ea = (tlb_sa + *tlb_size - 1);
+target_ulong old_size = *tlb_size;
 
 if (pmp_get_num_rules(env) == 0) {
 return false;
@@ -634,13 +635,13 @@ bool pmp_is_range_in_tlb(CPURISCVState *env, hwaddr 
tlb_sa,
 for (i = 0; i < MAX_RISCV_PMPS; i++) {
 val = pmp_get_tlb_size(env, i, tlb_sa, tlb_ea);
 if (val) {
-if (*tlb_size == 0 || *tlb_size > val) {
+if (*tlb_size > val) {
 *tlb_size = val;
 }
 }
 }
 
-if (*tlb_size != 0) {
+if (*tlb_size != old_size) {
 return true;
 }
 
-- 
2.25.1

Re: [PATCH 35/35] test/tcg/ppc64le: Add float reference files

[Richard Henderson]

On 11/22/21 10:43 AM, Richard Henderson wrote:

On 11/21/21 6:47 PM, Cédric Le Goater wrote:

I am getting an error with this test. See below.

...

  ### Rounding to nearest
  from single: f32(-nan:0xffa0)
-  to double: f64(-nan:0x00fff4) (INVALID)
+  to double: f64(-nan:0x00fff4) (OK)


Well that's disconcerting.

I can replicate this failure on an x86_64 host, but do not see the same error on a power9 
ppc64le host.


Bah.  The test case is buggy.

It reads the fpscr for the flags *after* having gone through the printf for the result, at 
which point you are at the mercy of whatever other fp arithmetic libc chooses to do.


Fixed with

--- a/tests/tcg/multiarch/float_convs.c
+++ b/tests/tcg/multiarch/float_convs.c
@@ -51,8 +51,8 @@ static void convert_single_to_double(float input)

 output = input;

-out_fmt = fmt_f64(output);
 flag_fmt = fmt_flags();
+out_fmt = fmt_f64(output);
 printf("  to double: %s (%s)\n", out_fmt, flag_fmt);
 free(out_fmt);
 free(flag_fmt);

But this alone of course causes other "failures", because we've got some incorrect 
reference files.



r~

[PATCH v2 5/5] target/riscv: Modify return and parameter type for pmp_adjust_tlb_size

[LIU Zhiwei]

Signed-off-by: LIU Zhiwei 
---
 target/riscv/cpu_helper.c |  3 ++-
 target/riscv/pmp.c| 13 +++--
 target/riscv/pmp.h|  4 ++--
 3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index cf8109197d..45e29e6c01 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -376,7 +376,8 @@ static int get_physical_address_pmp(CPURISCVState *env, int 
*prot,
 
 *prot = pmp_priv_to_page_prot(pmp_priv);
 if (tlb_size != NULL) {
-pmp_adjust_tlb_size(env, addr & ~(*tlb_size - 1), tlb_size);
+*tlb_size = pmp_adjust_tlb_size(env, addr & ~(*tlb_size - 1),
+*tlb_size);
 }
 
 return TRANSLATE_SUCCESS;
diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 19baf87384..726974c97c 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -620,25 +620,26 @@ static target_ulong pmp_get_tlb_size(CPURISCVState *env, 
int pmp_index,
  * Check is there a PMP entry which range covers this page. If so,
  * try to find the minimum granularity for the TLB size.
  */
-void pmp_adjust_tlb_size(CPURISCVState *env, hwaddr tlb_sa,
- target_ulong *tlb_size)
+target_ulong pmp_adjust_tlb_size(CPURISCVState *env, hwaddr tlb_sa,
+ target_ulong tlb_size)
 {
 int i;
 target_ulong val;
-target_ulong tlb_ea = (tlb_sa + *tlb_size - 1);
+target_ulong tlb_ea = (tlb_sa + tlb_size - 1);
 
 if (pmp_get_num_rules(env) == 0) {
-return;
+return tlb_size;
 }
 
 for (i = 0; i < MAX_RISCV_PMPS; i++) {
 val = pmp_get_tlb_size(env, i, tlb_sa, tlb_ea);
 if (val) {
-if (*tlb_size > val) {
-*tlb_size = val;
+if (tlb_size > val) {
+tlb_size = val;
 }
 }
 }
+return tlb_size;
 }
 
 /*
diff --git a/target/riscv/pmp.h b/target/riscv/pmp.h
index 600ac65d08..c110fb796b 100644
--- a/target/riscv/pmp.h
+++ b/target/riscv/pmp.h
@@ -71,8 +71,8 @@ target_ulong pmpaddr_csr_read(CPURISCVState *env, uint32_t 
addr_index);
 bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
 target_ulong size, pmp_priv_t privs, pmp_priv_t *allowed_privs,
 target_ulong mode);
-void pmp_adjust_tlb_size(CPURISCVState *env, hwaddr tlb_sa,
- target_ulong *tlb_size);
+target_ulong pmp_adjust_tlb_size(CPURISCVState *env, hwaddr tlb_sa,
+ target_ulong tlb_size);
 void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index);
 void pmp_update_rule_nums(CPURISCVState *env);
 uint32_t pmp_get_num_rules(CPURISCVState *env);
-- 
2.25.1

[PATCH v2 3/5] target/riscv: Discard return value for pmp_is_range_in_tlb

[LIU Zhiwei]

Signed-off-by: LIU Zhiwei 
---
 target/riscv/pmp.c | 11 ++-
 target/riscv/pmp.h |  2 +-
 2 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index ca38087574..4850a9cc5d 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -620,16 +620,15 @@ static target_ulong pmp_get_tlb_size(CPURISCVState *env, 
int pmp_index,
  * Check is there a PMP entry which range covers this page. If so,
  * try to find the minimum granularity for the TLB size.
  */
-bool pmp_is_range_in_tlb(CPURISCVState *env, hwaddr tlb_sa,
+void pmp_is_range_in_tlb(CPURISCVState *env, hwaddr tlb_sa,
  target_ulong *tlb_size)
 {
 int i;
 target_ulong val;
 target_ulong tlb_ea = (tlb_sa + *tlb_size - 1);
-target_ulong old_size = *tlb_size;
 
 if (pmp_get_num_rules(env) == 0) {
-return false;
+return;
 }
 
 for (i = 0; i < MAX_RISCV_PMPS; i++) {
@@ -640,12 +639,6 @@ bool pmp_is_range_in_tlb(CPURISCVState *env, hwaddr tlb_sa,
 }
 }
 }
-
-if (*tlb_size != old_size) {
-return true;
-}
-
-return false;
 }
 
 /*
diff --git a/target/riscv/pmp.h b/target/riscv/pmp.h
index a9a0b363a7..69395472f9 100644
--- a/target/riscv/pmp.h
+++ b/target/riscv/pmp.h
@@ -71,7 +71,7 @@ target_ulong pmpaddr_csr_read(CPURISCVState *env, uint32_t 
addr_index);
 bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
 target_ulong size, pmp_priv_t privs, pmp_priv_t *allowed_privs,
 target_ulong mode);
-bool pmp_is_range_in_tlb(CPURISCVState *env, hwaddr tlb_sa,
+void pmp_is_range_in_tlb(CPURISCVState *env, hwaddr tlb_sa,
  target_ulong *tlb_size);
 void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index);
 void pmp_update_rule_nums(CPURISCVState *env);
-- 
2.25.1

Re: [PATCH 3/3] hw/input/pckbd: Rename i8042_setup_a20_line() and its a20 irq argument

[Peter Maydell]

On Fri, 5 Nov 2021 at 17:21, Philippe Mathieu-Daudé  wrote:
>
> 'a20_out' is an input IRQ, rename it as 'a20_input'.
> i8042_setup_a20_line() doesn't take a Device parameter
> but an ISADevice one. Rename it as i8042_isa_*() to
> make it explicit.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/hw/input/i8042.h | 2 +-
>  hw/i386/pc.c | 2 +-
>  hw/input/pckbd.c | 4 ++--
>  3 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/include/hw/input/i8042.h b/include/hw/input/i8042.h
> index 1d90432daef..3534fcc4b43 100644
> --- a/include/hw/input/i8042.h
> +++ b/include/hw/input/i8042.h
> @@ -21,6 +21,6 @@ void i8042_mm_init(qemu_irq kbd_irq, qemu_irq mouse_irq,
> MemoryRegion *region, ram_addr_t size,
> hwaddr mask);
>  void i8042_isa_mouse_fake_event(ISAKBDState *isa);
> -void i8042_setup_a20_line(ISADevice *dev, qemu_irq a20_out);
> +void i8042_isa_setup_a20_line(ISADevice *dev, qemu_irq a20_input);
>
>  #endif /* HW_INPUT_I8042_H */
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index 2592a821486..06ef74ca22b 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -1043,7 +1043,7 @@ static void pc_superio_init(ISABus *isa_bus, bool 
> create_fdctrl, bool no_vmport)
>  port92 = isa_create_simple(isa_bus, TYPE_PORT92);
>
>  a20_line = qemu_allocate_irqs(handle_a20_line_change, first_cpu, 2);
> -i8042_setup_a20_line(i8042, a20_line[0]);
> +i8042_isa_setup_a20_line(i8042, a20_line[0]);

I think these days we can directly call
qdev_connect_gpio_out_named(DEVICE(i8042), I8042_A20_LINE, 0, a20_line[0]);
and drop the i8042_setup_a20_line() wrapper entirely,
since the named GPIO lines are a "public" interface to the device.
We only have this i8042_setup_a20_line() because the original
implementation (added in commit 956a3e6bb738) predates gpio lines
and did an assignment into the KBDState struct which needed to
be private to pckbd.c.

>  qdev_connect_gpio_out_named(DEVICE(port92),
>  PORT92_A20_LINE, 0, a20_line[1]);

That would then make it consistent with how we're wiring up the
other A20 input source here.

(Some day we should perhaps make the A20 input to the CPU an actual
GPIO input on the CPU device object, so we could wire the I8042_A20_LINE
and PORT92_A20_LINE to it via an OR gate, and drop the intermidate
qemu_irq array and handle_a20_line_change function. But needing
the OR gate makes that a little clunky so I'm not sure it's
really worth the effort.)

-- PMM

Re: [PATCH-for-6.2 0/2] hw/scsi/megasas: Avoid overflowing the SGL buffer

[Darren Kenny]

For the series:

Reviewed-by: Darren Kenny 

Thanks,

Darren.

On Friday, 2021-11-19 at 21:11:39 +01, Philippe Mathieu-Daudé wrote:
> Fix issue #521 reported by Alex some months ago:
> https://gitlab.com/qemu-project/qemu/-/issues/521
>
> Philippe Mathieu-Daudé (2):
>   hw/scsi/megasas: Fails command if SGL buffer overflows
>   tests/qtest/fuzz-megasas-test: Add test for GitLab issue #521
>
>  hw/scsi/megasas.c   |  1 +
>  tests/qtest/fuzz-megasas-test.c | 30 ++
>  2 files changed, 31 insertions(+)
>
> -- 
> 2.31.1

Re: [PATCH-for-6.2] qom/object: Ignore global properties with empty name

[Darren Kenny]

On Friday, 2021-11-19 at 12:32:29 +01, Philippe Mathieu-Daudé wrote:
> When using -global, properties might have empty name/value.
>
> This fixes this legitimate use case:
>
>   $ qemu-system-x86_64 -global driver=isa-fdc
>   qemu-system-x86_64: ../../devel/qemu/qapi/string-input-visitor.c:394:
>   string_input_visitor_new: Assertion `str' failed.
>   Aborted (core dumped)
>
>   (gdb) bt
>   #4  0x55f6b8d5 in string_input_visitor_new (str=0x0) at 
> qapi/string-input-visitor.c:394
>   #5  0x55dd0f8d in object_property_parse (obj=0x56f33400, 
> name=0x0, string=0x0, errp=0x7fffc9c8) at qom/object.c:1641
>   #6  0x55dce131 in object_apply_global_props (obj=0x56f33400, 
> props=0x56737360, errp=0x56611760 ) at qom/object.c:411
>   #7  0x55dc5ee2 in qdev_prop_set_globals (dev=0x56f33400) at 
> hw/core/qdev-properties.c:790
>   #8  0x55dc89e8 in device_post_init (obj=0x56f33400) at 
> hw/core/qdev.c:697
>   #9  0x55dce02b in object_post_init_with_type (obj=0x56f33400, 
> ti=0x5672bd20) at qom/object.c:383
>   #10 0x55dce059 in object_post_init_with_type (obj=0x56f33400, 
> ti=0x566e9090) at qom/object.c:387
>   #11 0x55dce059 in object_post_init_with_type (obj=0x56f33400, 
> ti=0x566df730) at qom/object.c:387
>   #12 0x55dce566 in object_initialize_with_type (obj=0x56f33400, 
> size=848, type=0x566df730) at qom/object.c:519
>   #13 0x55dcec78 in object_new_with_type (type=0x566df730) at 
> qom/object.c:733
>   #14 0x55dceccf in object_new (typename=0x560fcf81 "isa-fdc") at 
> qom/object.c:748
>   #15 0x55dc75fe in qdev_new (name=0x560fcf81 "isa-fdc") at 
> hw/core/qdev.c:153
>   #16 0x559eec58 in isa_new (name=0x560fcf81 "isa-fdc") at 
> hw/isa/isa-bus.c:166
>   #17 0x55bd3607 in pc_superio_init (isa_bus=0x566b42e0, 
> create_fdctrl=true, no_vmport=false) at hw/i386/pc.c:1026
>   (gdb) fr 6
>   #6  0x55dce131 in object_apply_global_props (obj=0x56f33400, 
> props=0x56737360, errp=0x56611760 ) at qom/object.c:411
>   411 if (!object_property_parse(obj, p->property, p->value, 
> &err)) {
>   (gdb) p *p
>   $1 = {driver = 0x56738250 "isa-fdc", property = 0x0, value = 0x0, used 
> = true, optional = false}
>
> Reported-by: Thomas Huth 
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/604
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Darren Kenny 

> ---
>  qom/object.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/qom/object.c b/qom/object.c
> index 4f0677cca9e..45fa8561df6 100644
> --- a/qom/object.c
> +++ b/qom/object.c
> @@ -401,6 +401,9 @@ bool object_apply_global_props(Object *obj, const 
> GPtrArray *props,
>  GlobalProperty *p = g_ptr_array_index(props, i);
>  Error *err = NULL;
>  
> +if (!p->property) {
> +continue;
> +}
>  if (object_dynamic_cast(obj, p->driver) == NULL) {
>  continue;
>  }
> -- 
> 2.31.1

Re: [PATCH v3 3/3] cpus-common: implement dirty limit on vCPU

[Markus Armbruster]

Hyman Huang  writes:

> 在 2021/11/22 17:10, Markus Armbruster 写道:
>> Hyman Huang  writes:
>> 
>>> =E5=9C=A8 2021/11/22 15:35, Markus Armbruster =E5=86=99=E9=81=93:
 huang...@chinatelecom.cn writes:

> From: Hyman Huang(=E9=BB=84=E5=8B=87) 
>
> implement dirtyrate calculation periodically basing on
> dirty-ring and throttle vCPU until it reachs the quota
> dirtyrate given by user.
>
> introduce qmp commands set-dirty-limit/cancel-dirty-limit to
> set/cancel dirty limit on vCPU.

 Please start sentences with a capital letter.

>>> Ok，i'll check the syntax problem next version.
>
> Signed-off-by: Hyman Huang(黄勇) 


 [...]

> diff --git a/qapi/misc.json b/qapi/misc.json
> index 358548a..98e6001 100644
> --- a/qapi/misc.json
> +++ b/qapi/misc.json
> @@ -527,3 +527,42 @@
> 'data': { '*option': 'str' },
> 'returns': ['CommandLineOptionInfo'],
> 'allow-preconfig': true }
> +
> +##
> +# @set-dirty-limit:
> +#
> +# This command could be used to cap the vCPU memory load, which is also
> +# refered as dirtyrate. One should use "calc-dirty-rate" with 
> "dirty-ring"
> +# and to calculate vCPU dirtyrate and query it with "query-dirty-rate".
> +# Once getting the vCPU current dirtyrate, "set-dirty-limit" can be used
> +# to set the upper limit of dirtyrate for the interested vCPU.

 "dirtyrate" is not a word.  Let's spell it "dirty page rate", for
 consistency with the documentation in migration.json.
>>> Ok, sounds good.

 Regarding "One should use ...": sounds like you have to run
 calc-dirty-rate with argument @mode set to @dirty-ring before this
 command.  Correct?  What happens when you don't?  set-dirty-limit fails?
>> You didn't answer this question.
> set-dirty-limit doesn't do any pre-check about if calc-dirty-rate has
> executed, so it doesn't fail.

Peeking at qmp_set_dirty_limit()... it fails when
!kvm_dirty_ring_enabled().  kvm_dirty_ring_enabled() returns true when
kvm_state->kvm_dirty_ring_size is non-zero.  How can it become non-zero?

> Since only executing calc-dirty-rate with dirty-ring mode can we get
> the vCPU dirty page rate currently(while the dirty-bitmap only get the
> vm dirty page rate), "One should use ..." maybe misleading, what i
> actually want to say is "One should use the dirty-ring mode to
> calculate the vCPU dirty page rate".

I'm still confused on what exactly users must do for the page dirty rate
limiting to work as intended, and at least as importantly, what happens
when they get it wrong.

[...]

[PATCH] s390x/ipl: support extended kernel command line size

[Marc Hartmayer]

In the past s390 used a fixed command line length of 896 bytes. This has changed
with the Linux commit 5ecb2da660ab ("s390: support command lines longer than 896
bytes"). There is now a parm area indicating the maximum command line size. This
parm area has always been initialized to zero, so with older kernels this field
would read zero and we must then assume that only 896 bytes are available.

Acked-by: Viktor Mihajlovski 
Signed-off-by: Marc Hartmayer 
---
 hw/s390x/ipl.c | 23 ---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index 7ddca0127fc2..092c66b3f9f1 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -37,8 +37,9 @@
 
 #define KERN_IMAGE_START0x01UL
 #define LINUX_MAGIC_ADDR0x010008UL
+#define KERN_PARM_AREA_SIZE_ADDR0x010430UL
 #define KERN_PARM_AREA  0x010480UL
-#define KERN_PARM_AREA_SIZE 0x000380UL
+#define LEGACY_KERN_PARM_AREA_SIZE  0x000380UL
 #define INITRD_START0x80UL
 #define INITRD_PARM_START   0x010408UL
 #define PARMFILE_START  0x001000UL
@@ -110,6 +111,21 @@ static uint64_t bios_translate_addr(void *opaque, uint64_t 
srcaddr)
 return srcaddr + dstaddr;
 }
 
+static uint64_t get_max_kernel_cmdline_size(void)
+{
+uint64_t *size_ptr = rom_ptr(KERN_PARM_AREA_SIZE_ADDR, sizeof(*size_ptr));
+
+if (size_ptr) {
+uint64_t size;
+
+size = be64_to_cpu(*size_ptr);
+if (size != 0) {
+return size;
+}
+}
+return LEGACY_KERN_PARM_AREA_SIZE;
+}
+
 static void s390_ipl_realize(DeviceState *dev, Error **errp)
 {
 MachineState *ms = MACHINE(qdev_get_machine());
@@ -197,10 +213,11 @@ static void s390_ipl_realize(DeviceState *dev, Error 
**errp)
 ipl->start_addr = KERN_IMAGE_START;
 /* Overwrite parameters in the kernel image, which are "rom" */
 if (parm_area) {
-if (cmdline_size > KERN_PARM_AREA_SIZE) {
+uint64_t max_cmdline_size = get_max_kernel_cmdline_size();
+if (cmdline_size > max_cmdline_size) {
 error_setg(errp,
"kernel command line exceeds maximum size: %zu 
> %lu",
-   cmdline_size, KERN_PARM_AREA_SIZE);
+   cmdline_size, max_cmdline_size);
 return;
 }
 
-- 
2.31.1

Re: [PATCH v3 3/3] hw/i386: expose a "smbios-entry-point-type" PC machine property

[Gerd Hoffmann]

On Tue, Nov 02, 2021 at 07:25:25AM -0400, Michael S. Tsirkin wrote:
> On Tue, Nov 02, 2021 at 09:51:35AM +0100, Philippe Mathieu-Daudé wrote:
> > On 10/26/21 17:11, Eduardo Habkost wrote:
> > > The i440fx and Q35 machine types are both hardcoded to use the
> > > legacy SMBIOS 2.1 (32-bit) entry point. This is a sensible
> > > conservative choice because SeaBIOS only supports SMBIOS 2.1
> > > 
> > > EDK2, however, can also support SMBIOS 3.0 (64-bit) entry points,
> > > and QEMU already uses this on the ARM virt machine type.
> > > 
> > > This adds a property to allow the choice of SMBIOS entry point
> > > versions For example to opt in to 64-bit SMBIOS entry point:
> > > 
> > >$QEMU -machine q35,smbios-entry-point-type=64
> > 
> > It would be nice to have a test for this...
> > 
> > Otherwise,
> > Reviewed-by: Philippe Mathieu-Daudé 
> 
> Can we update seabios and the switch the default?

seabios support is unfortunately not yet merged upstream.

> Maybe just for q35?
> Or are there more considerations?

It's a guest-visible change, so IMHO we need the runtime switch anyway
so old machine types can continue to use the smbios 2.x entry point.

We'll switch the default at some point for sure, but I don't think
that'll happen for the 6.2 machine type.  We are simply too late.

take care,
  Gerd

Re: [PATCH v11 19/26] linux-user: Add LoongArch signal support

[gaosong]

Hi Richard,

On 2021/11/20 下午6:33, Richard Henderson wrote:


Drop all of the the inline markers.


+{
+    int i;
+
+    __put_user(env->pc, &sc->sc_pc);
+
+    __put_user(0, &sc->sc_gpr[0]);
+    for (i = 1; i < 32; ++i) {
+    __put_user(env->gpr[i], &sc->sc_gpr[i]);
+    }
+
+    for (i = 0; i < 32; ++i) {
+    __put_user(env->fpr[i], &sc->sc_fpr[i]);
+    }
+}


Missing fcsr and fcc.

I'll note that the kernel is missing sets of vscr and scr[0-3]. IMO 
they should at least be zeroed in advance of supporting the vector 
extension.


I see that vcsr set at [1]:178.
[1]
https://github.com/loongson/linux/blob/loongarch-next/arch/loongarch/kernel/signal.c

and I also see that the kernel is missing sets of scr[0-3],  Huacai is that 
right?

Thanks
Song Gao

Re: [PATCH v11 19/26] linux-user: Add LoongArch signal support

[chen huacai]

Hi, all,

On Mon, Nov 22, 2021 at 7:41 PM gaosong  wrote:
>
> Hi Richard,
>
> On 2021/11/20 下午6:33, Richard Henderson wrote:
>
>
> Drop all of the the inline markers.
>
> +{
> +int i;
> +
> +__put_user(env->pc, &sc->sc_pc);
> +
> +__put_user(0, &sc->sc_gpr[0]);
> +for (i = 1; i < 32; ++i) {
> +__put_user(env->gpr[i], &sc->sc_gpr[i]);
> +}
> +
> +for (i = 0; i < 32; ++i) {
> +__put_user(env->fpr[i], &sc->sc_fpr[i]);
> +}
> +}
>
>
> Missing fcsr and fcc.
>
> I'll note that the kernel is missing sets of vscr and scr[0-3].  IMO they 
> should at least be zeroed in advance of supporting the vector extension.
>
> I see that vcsr set at [1]:178.
> [1]
> https://github.com/loongson/linux/blob/loongarch-next/arch/loongarch/kernel/signal.c
>
> and I also see that the kernel is missing sets of scr[0-3],  Huacai is that 
> right?
scr[0-3] is reserved for binary translation, it doesn't need to be set now.

Huacai
>
> Thanks
> Song Gao



-- 
Huacai Chen

Re: [PATCH] s390x/ipl: support extended kernel command line size

[David Hildenbrand]

On 22.11.21 12:29, Marc Hartmayer wrote:
> In the past s390 used a fixed command line length of 896 bytes. This has 
> changed
> with the Linux commit 5ecb2da660ab ("s390: support command lines longer than 
> 896
> bytes"). There is now a parm area indicating the maximum command line size. 
> This
> parm area has always been initialized to zero, so with older kernels this 
> field
> would read zero and we must then assume that only 896 bytes are available.
> 
> Acked-by: Viktor Mihajlovski 
> Signed-off-by: Marc Hartmayer 
> ---
>  hw/s390x/ipl.c | 23 ---
>  1 file changed, 20 insertions(+), 3 deletions(-)
> 
> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> index 7ddca0127fc2..092c66b3f9f1 100644
> --- a/hw/s390x/ipl.c
> +++ b/hw/s390x/ipl.c
> @@ -37,8 +37,9 @@
>  
>  #define KERN_IMAGE_START0x01UL
>  #define LINUX_MAGIC_ADDR0x010008UL
> +#define KERN_PARM_AREA_SIZE_ADDR0x010430UL
>  #define KERN_PARM_AREA  0x010480UL
> -#define KERN_PARM_AREA_SIZE 0x000380UL
> +#define LEGACY_KERN_PARM_AREA_SIZE  0x000380UL
>  #define INITRD_START0x80UL
>  #define INITRD_PARM_START   0x010408UL
>  #define PARMFILE_START  0x001000UL
> @@ -110,6 +111,21 @@ static uint64_t bios_translate_addr(void *opaque, 
> uint64_t srcaddr)
>  return srcaddr + dstaddr;
>  }
>  
> +static uint64_t get_max_kernel_cmdline_size(void)
> +{
> +uint64_t *size_ptr = rom_ptr(KERN_PARM_AREA_SIZE_ADDR, 
> sizeof(*size_ptr));
> +
> +if (size_ptr) {
> +uint64_t size;
> +
> +size = be64_to_cpu(*size_ptr);
> +if (size != 0) {

Could do "if (size) {"

> +return size;
> +}
> +}
> +return LEGACY_KERN_PARM_AREA_SIZE;
> +}
> +
>  static void s390_ipl_realize(DeviceState *dev, Error **errp)
>  {
>  MachineState *ms = MACHINE(qdev_get_machine());
> @@ -197,10 +213,11 @@ static void s390_ipl_realize(DeviceState *dev, Error 
> **errp)
>  ipl->start_addr = KERN_IMAGE_START;
>  /* Overwrite parameters in the kernel image, which are "rom" */
>  if (parm_area) {
> -if (cmdline_size > KERN_PARM_AREA_SIZE) {
> +uint64_t max_cmdline_size = get_max_kernel_cmdline_size();

We might want an empty line here.

> +if (cmdline_size > max_cmdline_size) {
>  error_setg(errp,
> "kernel command line exceeds maximum size: 
> %zu > %lu",
> -   cmdline_size, KERN_PARM_AREA_SIZE);
> +   cmdline_size, max_cmdline_size);
>  return;
>  }
>  
> 

Reviewed-by: David Hildenbrand 

-- 
Thanks,

David / dhildenb

Re: [PATCH v5 04/17] common-user: Move syscall error detection into safe_syscall_base

[Peter Maydell]

On Wed, 17 Nov 2021 at 16:12, Richard Henderson
 wrote:
>
> The current api from safe_syscall_base() is to return -errno, which is
> the interface provided by *some* linux kernel abis.  The wrapper macro,
> safe_syscall(), detects error, stores into errno, and returns -1, to
> match the api of the system syscall().
>
> For those kernel abis that do not return -errno natively, this leads
> to double syscall error detection.  E.g. Linux ppc64, which sets the
> SO flag for error.
>
> Simplify the usage from C by moving the error detection into assembly.
>
> Signed-off-by: Richard Henderson 
> ---
>  linux-user/safe-syscall.h   | 20 +++---
>  common-user/host/aarch64/safe-syscall.inc.S | 55 +---
>  common-user/host/arm/safe-syscall.inc.S | 58 ++---
>  common-user/host/i386/safe-syscall.inc.S| 51 +--
>  common-user/host/ppc64/safe-syscall.inc.S   | 63 +++
>  common-user/host/riscv/safe-syscall.inc.S   | 50 +--
>  common-user/host/s390x/safe-syscall.inc.S   | 50 +--
>  common-user/host/x86_64/safe-syscall.inc.S  | 70 -
>  8 files changed, 243 insertions(+), 174 deletions(-)
>
> diff --git a/linux-user/safe-syscall.h b/linux-user/safe-syscall.h
> index aaa9ffc0e2..ea0e8a8d24 100644
> --- a/linux-user/safe-syscall.h
> +++ b/linux-user/safe-syscall.h
> @@ -125,23 +125,17 @@
>   * kinds of restartability.
>   */
>  #ifdef HAVE_SAFE_SYSCALL
> -/* The core part of this function is implemented in assembly */
> -extern long safe_syscall_base(int *pending, long number, ...);
> +
> +/* The core part of this function is implemented in assembly. */
> +extern long safe_syscall_base(int *pending, int *errnop, long number, ...);
> +
>  /* These are defined by the safe-syscall.inc.S file */
>  extern char safe_syscall_start[];
>  extern char safe_syscall_end[];
>
> -#define safe_syscall(...)   \
> -({  \
> -long ret_;  \
> -int *psp_ = &((TaskState *)thread_cpu->opaque)->signal_pending; \
> -ret_ = safe_syscall_base(psp_, __VA_ARGS__);\
> -if (is_error(ret_)) {   \
> -errno = -ret_;  \
> -ret_ = -1;  \
> -}   \
> -ret_;   \
> -})
> +#define safe_syscall(...) \
> +safe_syscall_base(&((TaskState *)thread_cpu->opaque)->signal_pending, \
> +  &errno, __VA_ARGS__)
>
>  #else
>
> diff --git a/common-user/host/aarch64/safe-syscall.inc.S 
> b/common-user/host/aarch64/safe-syscall.inc.S
> index bc1f5a9792..95c60d8609 100644
> --- a/common-user/host/aarch64/safe-syscall.inc.S
> +++ b/common-user/host/aarch64/safe-syscall.inc.S
> @@ -17,22 +17,21 @@
> .type   safe_syscall_start, #function
> .type   safe_syscall_end, #function
>
> -   /* This is the entry point for making a system call. The calling
> +   /*
> +* This is the entry point for making a system call. The calling
>  * convention here is that of a C varargs function with the
>  * first argument an 'int *' to the signal_pending flag, the
>  * second one the system call number (as a 'long'), and all further
>  * arguments being syscall arguments (also 'long').

This comment text needs updating to mention the new errnop argument.
(Applies to all the similar comments in the files for the other archs.)

> -* We return a long which is the syscall's return value, which
> -* may be negative-errno on failure. Conversion to the
> -* -1-and-errno-set convention is done by the calling wrapper.
>  */
>  safe_syscall_base:
> .cfi_startproc
> -   /* The syscall calling convention isn't the same as the
> -* C one:
> +   /*
> + * The syscall calling convention isn't the same as the C one:

Looks like the indent here is wrong ?

>  * we enter with x0 == *signal_pending
> -*   x1 == syscall number
> -*   x2 ... x7, (stack) == syscall arguments
> +*   x1 == errno

"int* address of errno"

> +*   x2 == syscall number
> +*   x3 ... x7, (stack) == syscall arguments
>  *   and return the result in x0
>  * and the syscall instruction needs
>  *   x8 == syscall number
> @@ -40,17 +39,18 @@ safe_syscall_base:
>  *   and returns the result in x0
>  * Shuffle everything around appropriately.
>  */
> -   m

Re: [PATCH v1] virtio-mem: Don't skip alignment checks when warning about block size

[David Hildenbrand]

On 12.10.21 09:27, Michael S. Tsirkin wrote:
> On Mon, Oct 11, 2021 at 07:33:05PM +0200, David Hildenbrand wrote:
>> If we warn about the block size being smaller than the default, we skip
>> some alignment checks.
>>
>> This can currently only fail on x86-64, when specifying a block size of
>> 1 MiB, however, we detect the THP size of 2 MiB.
>>
>> Fixes: 228957fea3a9 ("virtio-mem: Probe THP size to determine default block 
>> size")
>> Cc: "Michael S. Tsirkin" 
>> Signed-off-by: David Hildenbrand 
> 
> Reviewed-by: Michael S. Tsirkin 

Thanks Michael, will you send this for the v6.2 release?


-- 
Thanks,

David / dhildenb

Re: [PATCH-for-6.2? 0/2] hw/intc/arm_gicv3: Introduce CONFIG_ARM_GIC_TCG Kconfig selector

[Philippe Mathieu-Daudé]

On 11/22/21 11:59, Peter Maydell wrote:
> On Mon, 15 Nov 2021 at 22:36, Philippe Mathieu-Daudé  
> wrote:
>>
>> The GICv3 ITS support has been introduced uring the 6.2 development
>> window (commits 18f6290a6a9..17fb5e36aab). This device is for
>> emulation. When building virtualization-only binary, it might be
>> desirable to not include this device.
>>
>> Introduce the CONFIG_ARM_GIC_TCG Kconfig selector to allow downstream
>> distributions to deselect this device.
>>
>> Based-on: pull-target-arm-2025-1
>>
>> Philippe Mathieu-Daudé (2):
>>   hw/intc/arm_gicv3: Extract gicv3_set_gicv3state from arm_gicv3_cpuif.c
>>   hw/intc/arm_gicv3: Introduce CONFIG_ARM_GIC_TCG Kconfig selector
> 
> Reviewed-by: Peter Maydell 
> 
> This looks OK to me, but I'm inclined to leave it for 7.0 at this
> point in the release cycle, unless it would be awkward for
> downstreams if we didn't put it in ?

Mirek was Cc'ed and didn't comment so let's delay it to 7.0.

Re: [PATCH-for-6.2?] ui/gtk: graphic_hw_gl_flushed after closing dmabuf->fence_fd

[Philippe Mathieu-Daudé]

On 11/21/21 18:22, Dongwon Kim wrote:
> The dmabuf often becomes invalid right after unblocking pipeline
> and graphic_hw_gl_flushed in case a new scanout blob is submitted
> because the dmabuf associated with the current guest scanout is
> freed after swapping.
> 
> So both graphic_hw_gl_block and graphic_hw_gl_flushed should be
> executed after closing fence_fd for the current dmabuf.
> 
> Cc: Gerd Hoffmann 
> Cc: Vivek Kasireddy 

If so:
Fixes: 65b847d284c ("ui: Create sync objects and fences only for blobs")

> Signed-off-by: Dongwon Kim 
> ---
>  ui/gtk.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/ui/gtk.c b/ui/gtk.c
> index 7abe1a69d8..2a3a9db13f 100644
> --- a/ui/gtk.c
> +++ b/ui/gtk.c
> @@ -589,11 +589,11 @@ void gd_hw_gl_flushed(void *vcon)
>  VirtualConsole *vc = vcon;
>  QemuDmaBuf *dmabuf = vc->gfx.guest_fb.dmabuf;
>  
> -graphic_hw_gl_block(vc->gfx.dcl.con, false);
> -graphic_hw_gl_flushed(vc->gfx.dcl.con);
>  qemu_set_fd_handler(dmabuf->fence_fd, NULL, NULL, NULL);
>  close(dmabuf->fence_fd);
>  dmabuf->fence_fd = -1;
> +graphic_hw_gl_block(vc->gfx.dcl.con, false);
> +graphic_hw_gl_flushed(vc->gfx.dcl.con);
>  }
>  
>  /** DisplayState Callbacks (opengl version) **/
> 

Re: [PATCH 2/2] ui: fix incorrect pointer position on highdpi with gtk

[Philippe Mathieu-Daudé]

On 11/21/21 07:55, Alexander Orzechowski wrote:
> Signed-off-by: Alexander Orzechowski 
> ---
>  ui/gtk.c | 13 -
>  1 file changed, 8 insertions(+), 5 deletions(-)
> 
> diff --git a/ui/gtk.c b/ui/gtk.c
> index d2892ea6b4..b2670142b5 100644
> --- a/ui/gtk.c
> +++ b/ui/gtk.c
> @@ -838,10 +838,11 @@ static gboolean gd_motion_event(GtkWidget *widget, 
> GdkEventMotion *motion,
>  {
>  VirtualConsole *vc = opaque;
>  GtkDisplayState *s = vc->s;
> +GdkWindow *window;
>  int x, y;
>  int mx, my;
>  int fbh, fbw;
> -int ww, wh;
> +int ww, wh, ws;
>  
>  if (!vc->gfx.ds) {
>  return TRUE;
> @@ -850,8 +851,10 @@ static gboolean gd_motion_event(GtkWidget *widget, 
> GdkEventMotion *motion,
>  fbw = surface_width(vc->gfx.ds) * vc->gfx.scale_x;
>  fbh = surface_height(vc->gfx.ds) * vc->gfx.scale_y;
>  
> -ww = gdk_window_get_width(gtk_widget_get_window(vc->gfx.drawing_area));
> -wh = gdk_window_get_height(gtk_widget_get_window(vc->gfx.drawing_area));
> +window = gtk_widget_get_window(vc->gfx.drawing_area);
> +ww = gdk_window_get_width(window);
> +wh = gdk_window_get_height(window);
> +ws = gdk_window_get_scale_factor (window);

Please follow the coding style and remove the extra space.

Otherwise LGTM.

Re: [PATCH 1/2] ui: fix incorrect scaling on highdpi with gtk/opengl

[Philippe Mathieu-Daudé]

On 11/21/21 07:55, Alexander Orzechowski wrote:
> Signed-off-by: Alexander Orzechowski 
> ---
>  ui/gtk-gl-area.c | 7 ---
>  1 file changed, 4 insertions(+), 3 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH] MAINTAINERS: Add myself as a reviewer for Hyper-V VMBus

[Philippe Mathieu-Daudé]

On 11/20/21 19:46, Maciej S. Szmigiero wrote:
> From: "Maciej S. Szmigiero" 
> 
> This way there is at least some contact point for incoming patches.
> 
> We'll see whether the code still gets just a random patch a few times
> a year or whether it requires a permanent maintainer to take care of it.
> 
> Signed-off-by: Maciej S. Szmigiero 
> ---
>  MAINTAINERS | 6 ++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index d3879aa3c12c..7f57e7fda73b 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -1729,6 +1729,12 @@ F: include/hw/block/fdc.h
>  F: tests/qtest/fdc-test.c
>  T: git https://gitlab.com/jsnow/qemu.git ide
>  
> +Hyper-V VMBus
> +S: Odd Fixes
> +R: Maciej S. Szmigiero 
> +F: hw/hyperv/vmbus.c
> +F: include/hw/hyperv/vmbus*.h

Reviewed-by: Philippe Mathieu-Daudé 

Thank you!

Re: [PATCH 1/2] docs: Fix botched rST conversion of 'submitting-a-patch.rst'

[Kashyap Chamarthy]

On Mon, Nov 22, 2021 at 11:36:54AM +0100, Thomas Huth wrote:
> On 22/11/2021 11.20, Kashyap Chamarthy wrote:
> > On Mon, Nov 22, 2021 at 10:51:15AM +0100, Thomas Huth wrote:

[...]

> > > I'll add the link to https://wiki.qemu.org/Contribute/SpellCheck again.
> > 
> > Please don't -- I intentionally dropped it in a previous iteration based
> > on this feedback from Peter Maydell:
> > 
> >  "I'm not sure that SpellCheck in particular is sufficiently baked
> >  to be in the actual docs. I'd rather just drop the reference to it
> >  from SubmitAPatch."
> >  
> > (https://lists.nongnu.org/archive/html/qemu-devel/2021-11/msg00137.html)
> 
> Ok, so I'll drop that line completely (otherwise it does not really make
> sense to have it in this list after the "See also:" right in front of it).

I kept that because an explicit reminder about spell-check is useful;
it's easy to forget.  Another option is to retain the line, but replace
"See also:" with "And:".  Not sure if it's any better.  But I don't mind
either way.

-- 
/kashyap

Re: [PATCH v5 04/17] common-user: Move syscall error detection into safe_syscall_base

[Richard Henderson]

On 11/22/21 12:55 PM, Peter Maydell wrote:

-   /* This is the entry point for making a system call. The calling
+   /*
+* This is the entry point for making a system call. The calling
  * convention here is that of a C varargs function with the
  * first argument an 'int *' to the signal_pending flag, the
  * second one the system call number (as a 'long'), and all further
  * arguments being syscall arguments (also 'long').


This comment text needs updating to mention the new errnop argument.
(Applies to all the similar comments in the files for the other archs.)


Yep.


+   /*
+ * The syscall calling convention isn't the same as the C one:


Looks like the indent here is wrong ?


Irritatingly, these files are a mix of tabs/spaces.


  * we enter with x0 == *signal_pending
-*   x1 == syscall number
-*   x2 ... x7, (stack) == syscall arguments
+*   x1 == errno


"int* address of errno"


Arg, fixed some of these, but clearly. not all.


 /* code path for having successfully executed the syscall */
+   cmn x0, #4095
+   b.cs1f


Shouldn't this be going to label 0f ? We need to do the 'neg',
and unless I'm misreading the diff there's currently no path
of execution that gets to that.


Oops, rebase error, where the fix landed in the next patch.


+*   r2 == syscall number
+*   r3, [sp+0] ... [sp+16] == syscall arguments
  *   and return the result in r0


Don't we wind up with a potential issue here with 64-bit arguments
due to the calling convention wanting to put those in aligned
memory/register locations? Previously because we had just two
extra arguments the arguments started at r2 and had the same
alignment behaviour as the syscall wants for them starting at
r0; but now we start at r3 so if for instance the first argument
is 64-bit it will be in [sp+0][sp+4] but should go in r0:r1
I think...

(Stopped reviewing here because if we need to change the
way we call these functions there's no point my reviewing
the fine detail of the asm.)


Oof.  I missed that detail.  Yes, that is a problem (I think arm is the only such 
supported host).  I think the best solution would be to *not* pass in &errno, but to have 
the assembly tail-call to


long safe_syscall_errno_tail(int value)
{
errno = value;
return -1;
}

Which is probably more efficient in any case.  I'll re-work this.


r~

Re: [PATCH v11 19/26] linux-user: Add LoongArch signal support

[Richard Henderson]

On 11/22/21 12:41 PM, gaosong wrote:

Hi Richard,

On 2021/11/20 下午6:33, Richard Henderson wrote:


Drop all of the the inline markers.


+{
+    int i;
+
+    __put_user(env->pc, &sc->sc_pc);
+
+    __put_user(0, &sc->sc_gpr[0]);
+    for (i = 1; i < 32; ++i) {
+    __put_user(env->gpr[i], &sc->sc_gpr[i]);
+    }
+
+    for (i = 0; i < 32; ++i) {
+    __put_user(env->fpr[i], &sc->sc_fpr[i]);
+    }
+}


Missing fcsr and fcc.

I'll note that the kernel is missing sets of vscr and scr[0-3]. IMO they should at least 
be zeroed in advance of supporting the vector extension.


I see that vcsr set at [1]:178.
[1]
https://github.com/loongson/linux/blob/loongarch-next/arch/loongarch/kernel/signal.c


That happens after line 171:

if (likely(!err))
break;

It seems most unlikely that there would be an error...

There is a macro for sc_save_vcsr in fpu.S, but it isn't used.


r~

Re: [PATCH 1/2] docs: Fix botched rST conversion of 'submitting-a-patch.rst'

[Thomas Huth]

On 22/11/2021 13.19, Kashyap Chamarthy wrote:

On Mon, Nov 22, 2021 at 11:36:54AM +0100, Thomas Huth wrote:

On 22/11/2021 11.20, Kashyap Chamarthy wrote:

On Mon, Nov 22, 2021 at 10:51:15AM +0100, Thomas Huth wrote:


[...]


I'll add the link to https://wiki.qemu.org/Contribute/SpellCheck again.


Please don't -- I intentionally dropped it in a previous iteration based
on this feedback from Peter Maydell:

  "I'm not sure that SpellCheck in particular is sufficiently baked
  to be in the actual docs. I'd rather just drop the reference to it
  from SubmitAPatch."
  (https://lists.nongnu.org/archive/html/qemu-devel/2021-11/msg00137.html)


Ok, so I'll drop that line completely (otherwise it does not really make
sense to have it in this list after the "See also:" right in front of it).


I kept that because an explicit reminder about spell-check is useful;
it's easy to forget.  Another option is to retain the line, but replace
"See also:" with "And:".  Not sure if it's any better.  But I don't mind
either way.


What about simply replacing it with a new sentence below the bullet list, 
saying:


"Please also use a spell checker like `codespell 
https://github.com/codespell-project/codespell` with your patches"


?

 Thomas

[PULL 0/8] Fixes 20211122 patches

[Gerd Hoffmann]

The following changes since commit c5fbdd60cf1fb52f01bdfe342b6fa65d5343e1b1:

  Merge tag 'qemu-sparc-20211121' of git://github.com/mcayland/qemu into 
staging (2021-11-21 14:12:25 +0100)

are available in the Git repository at:

  git://git.kraxel.org/qemu tags/fixes-20211122-pull-request

for you to fetch changes up to b9e5628ca5d42994cc6f82752d9bf0bc98f51f64:

  microvm: check g_file_set_contents() return value (2021-11-22 11:14:28 +0100)


fixes for 6.2: microvm, ui, modules.



Alexander Orzechowski (2):
  ui: fix incorrect scaling on highdpi with gtk/opengl
  ui: fix incorrect pointer position on highdpi with gtk

Dongwon Kim (1):
  ui/gtk: graphic_hw_gl_flushed after closing dmabuf->fence_fd

Gerd Hoffmann (2):
  microvm: add missing g_free() call
  microvm: check g_file_set_contents() return value

Laurent Vivier (1):
  migration: fix dump-vmstate with modules

Philippe Mathieu-Daudé (1):
  hw/i386/microvm: Reduce annoying debug message in dt_setup_microvm()

Vladimir Sementsov-Ogievskiy (1):
  ui/vnc-clipboard: fix adding notifier twice

 hw/i386/microvm-dt.c | 11 +--
 softmmu/vl.c |  1 +
 ui/gtk-gl-area.c |  7 ---
 ui/gtk.c | 17 ++---
 ui/vnc-clipboard.c   | 10 ++
 5 files changed, 30 insertions(+), 16 deletions(-)

-- 
2.33.1

[PULL 5/8] migration: fix dump-vmstate with modules

[Gerd Hoffmann]

From: Laurent Vivier 

To work correctly -dump-vmstate and vmstate-static-checker.py need to
dump all the supported vmstates.

But as some devices can be modules, they are not loaded at startup and not
dumped. Fix that by loading all available modules before dumping the
machine vmstate.

Fixes: 7ab6e7fcce97 ("qdev: device module support")
Cc: kra...@redhat.com
Signed-off-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <2026072840.132731-1-lviv...@redhat.com>
Signed-off-by: Gerd Hoffmann 
---
 softmmu/vl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/softmmu/vl.c b/softmmu/vl.c
index 1159a64bce4e..620a1f1367e2 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -3766,6 +3766,7 @@ void qemu_init(int argc, char **argv, char **envp)
 
 if (vmstate_dump_file) {
 /* dump and exit */
+module_load_qom_all();
 dump_vmstate_json_to_file(vmstate_dump_file);
 exit(0);
 }
-- 
2.33.1

[PULL 3/8] ui/gtk: graphic_hw_gl_flushed after closing dmabuf->fence_fd

[Gerd Hoffmann]

From: Dongwon Kim 

The dmabuf often becomes invalid right after unblocking pipeline
and graphic_hw_gl_flushed in case a new scanout blob is submitted
because the dmabuf associated with the current guest scanout is
freed after swapping.

So both graphic_hw_gl_block and graphic_hw_gl_flushed should be
executed after closing fence_fd for the current dmabuf.

Cc: Gerd Hoffmann 
Cc: Vivek Kasireddy 
Signed-off-by: Dongwon Kim 
Message-Id: <20211121172237.14937-1-dongwon@intel.com>
Signed-off-by: Gerd Hoffmann 
---
 ui/gtk.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ui/gtk.c b/ui/gtk.c
index dc4a1491f0ce..428f02f2dfe1 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -589,11 +589,11 @@ void gd_hw_gl_flushed(void *vcon)
 VirtualConsole *vc = vcon;
 QemuDmaBuf *dmabuf = vc->gfx.guest_fb.dmabuf;
 
-graphic_hw_gl_block(vc->gfx.dcl.con, false);
-graphic_hw_gl_flushed(vc->gfx.dcl.con);
 qemu_set_fd_handler(dmabuf->fence_fd, NULL, NULL, NULL);
 close(dmabuf->fence_fd);
 dmabuf->fence_fd = -1;
+graphic_hw_gl_block(vc->gfx.dcl.con, false);
+graphic_hw_gl_flushed(vc->gfx.dcl.con);
 }
 
 /** DisplayState Callbacks (opengl version) **/
-- 
2.33.1

[PULL 1/8] ui: fix incorrect scaling on highdpi with gtk/opengl

[Gerd Hoffmann]

From: Alexander Orzechowski 

Signed-off-by: Alexander Orzechowski 
Message-Id: <20211121065504.29101-2-orzechowski.alexan...@gmail.com>

[ kraxel: codestyle fix ]

Signed-off-by: Gerd Hoffmann 
---
 ui/gtk-gl-area.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ui/gtk-gl-area.c b/ui/gtk-gl-area.c
index 461da7712f4f..01e4e74ee361 100644
--- a/ui/gtk-gl-area.c
+++ b/ui/gtk-gl-area.c
@@ -41,15 +41,16 @@ void gd_gl_area_draw(VirtualConsole *vc)
 #ifdef CONFIG_GBM
 QemuDmaBuf *dmabuf = vc->gfx.guest_fb.dmabuf;
 #endif
-int ww, wh, y1, y2;
+int ww, wh, ws, y1, y2;
 
 if (!vc->gfx.gls) {
 return;
 }
 
 gtk_gl_area_make_current(GTK_GL_AREA(vc->gfx.drawing_area));
-ww = gtk_widget_get_allocated_width(vc->gfx.drawing_area);
-wh = gtk_widget_get_allocated_height(vc->gfx.drawing_area);
+ws = 
gdk_window_get_scale_factor(gtk_widget_get_window(vc->gfx.drawing_area));
+ww = gtk_widget_get_allocated_width(vc->gfx.drawing_area) * ws;
+wh = gtk_widget_get_allocated_height(vc->gfx.drawing_area) * ws;
 
 if (vc->gfx.scanout_mode) {
 if (!vc->gfx.guest_fb.framebuffer) {
-- 
2.33.1

[PULL 2/8] ui: fix incorrect pointer position on highdpi with gtk

[Gerd Hoffmann]

From: Alexander Orzechowski 

Signed-off-by: Alexander Orzechowski 
Message-Id: <20211121065504.29101-3-orzechowski.alexan...@gmail.com>

[ kraxel: codestyle fix ]

Signed-off-by: Gerd Hoffmann 
---
 ui/gtk.c | 13 -
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/ui/gtk.c b/ui/gtk.c
index d2892ea6b4a9..dc4a1491f0ce 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -838,10 +838,11 @@ static gboolean gd_motion_event(GtkWidget *widget, 
GdkEventMotion *motion,
 {
 VirtualConsole *vc = opaque;
 GtkDisplayState *s = vc->s;
+GdkWindow *window;
 int x, y;
 int mx, my;
 int fbh, fbw;
-int ww, wh;
+int ww, wh, ws;
 
 if (!vc->gfx.ds) {
 return TRUE;
@@ -850,8 +851,10 @@ static gboolean gd_motion_event(GtkWidget *widget, 
GdkEventMotion *motion,
 fbw = surface_width(vc->gfx.ds) * vc->gfx.scale_x;
 fbh = surface_height(vc->gfx.ds) * vc->gfx.scale_y;
 
-ww = gdk_window_get_width(gtk_widget_get_window(vc->gfx.drawing_area));
-wh = gdk_window_get_height(gtk_widget_get_window(vc->gfx.drawing_area));
+window = gtk_widget_get_window(vc->gfx.drawing_area);
+ww = gdk_window_get_width(window);
+wh = gdk_window_get_height(window);
+ws = gdk_window_get_scale_factor(window);
 
 mx = my = 0;
 if (ww > fbw) {
@@ -861,8 +864,8 @@ static gboolean gd_motion_event(GtkWidget *widget, 
GdkEventMotion *motion,
 my = (wh - fbh) / 2;
 }
 
-x = (motion->x - mx) / vc->gfx.scale_x;
-y = (motion->y - my) / vc->gfx.scale_y;
+x = (motion->x - mx) / vc->gfx.scale_x * ws;
+y = (motion->y - my) / vc->gfx.scale_y * ws;
 
 if (qemu_input_is_absolute()) {
 if (x < 0 || y < 0 ||
-- 
2.33.1

[PULL 7/8] microvm: add missing g_free() call

[Gerd Hoffmann]

Fixes: CID 1465240
Signed-off-by: Gerd Hoffmann 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20211108130718.840216-2-kra...@redhat.com>
---
 hw/i386/microvm-dt.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/i386/microvm-dt.c b/hw/i386/microvm-dt.c
index 6ee6c42904d2..a6a59a6e12cd 100644
--- a/hw/i386/microvm-dt.c
+++ b/hw/i386/microvm-dt.c
@@ -143,6 +143,8 @@ static void dt_add_pcie(MicrovmMachineState *mms)
 nr_pcie_buses = PCIE_ECAM_SIZE / PCIE_MMCFG_SIZE_MIN;
 qemu_fdt_setprop_cells(mms->fdt, nodename, "bus-range", 0,
nr_pcie_buses - 1);
+
+g_free(nodename);
 }
 
 static void dt_add_ioapic(MicrovmMachineState *mms, SysBusDevice *dev)
-- 
2.33.1