Re: [PATCH v4 3/5] target/s390x: Fix cc_calc_sla_64() missing overflows

[David Hildenbrand]

On 12.01.22 17:50, Ilya Leoshkevich wrote:
> An overflow occurs for SLAG when at least one shifted bit is not equal
> to sign bit. Therefore, we need to check that `shift + 1` bits are
> neither all 0s nor all 1s. The current code checks only `shift` bits,
> missing some overflows.
> 
> Fixes: cbe24bfa91d2 ("target-s390: Convert SHIFT, ROTATE SINGLE")
> Co-developed-by: David Hildenbrand 
> Signed-off-by: Ilya Leoshkevich 
> ---
>  target/s390x/tcg/cc_helper.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/s390x/tcg/cc_helper.c b/target/s390x/tcg/cc_helper.c
> index c2c96c3a3c..c9b7b0e8c6 100644
> --- a/target/s390x/tcg/cc_helper.c
> +++ b/target/s390x/tcg/cc_helper.c
> @@ -297,7 +297,7 @@ static uint32_t cc_calc_sla_32(uint32_t src, int shift)
>  
>  static uint32_t cc_calc_sla_64(uint64_t src, int shift)
>  {
> -uint64_t mask = ((1ULL << shift) - 1ULL) << (64 - shift);
> +uint64_t mask = -1ULL << (63 - shift);
>  uint64_t sign = 1ULL << 63;
>  uint64_t match;
>  int64_t r;

Reviewed-by: David Hildenbrand 

-- 
Thanks,

David / dhildenb

Re: [PATCH v4 4/5] target/s390x: Fix shifting 32-bit values for more than 31 bits

[David Hildenbrand]

On 12.01.22 17:50, Ilya Leoshkevich wrote:
> According to PoP, both 32- and 64-bit shifts use lowest 6 address
> bits. The current code special-cases 32-bit shifts to use only 5 bits,
> which is not correct. For example, shifting by 32 bits currently
> preserves the initial value, however, it's supposed zero it out
> instead.
> 
> Fix by merging sh32 and sh64 and adapting CC calculation to shift
> values greater than 31.
> 
> Fixes: cbe24bfa91d2 ("target-s390: Convert SHIFT, ROTATE SINGLE")
> Signed-off-by: Ilya Leoshkevich 
> ---

Reviewed-by: David Hildenbrand 

-- 
Thanks,

David / dhildenb

Re: [PATCH v4 5/5] tests/tcg/s390x: Test shift instructions

[David Hildenbrand]

On 12.01.22 17:50, Ilya Leoshkevich wrote:
> Add a test for each shift instruction in order to to prevent
> regressions.
> 
> Signed-off-by: Ilya Leoshkevich 
> ---
>  tests/tcg/s390x/Makefile.target |   1 +
>  tests/tcg/s390x/shift.c | 270 
>  2 files changed, 271 insertions(+)
>  create mode 100644 tests/tcg/s390x/shift.c
> 
> diff --git a/tests/tcg/s390x/Makefile.target b/tests/tcg/s390x/Makefile.target
> index cc64dd32d2..1a7238b4eb 100644
> --- a/tests/tcg/s390x/Makefile.target
> +++ b/tests/tcg/s390x/Makefile.target
> @@ -9,6 +9,7 @@ TESTS+=exrl-trtr
>  TESTS+=pack
>  TESTS+=mvo
>  TESTS+=mvc
> +TESTS+=shift
>  TESTS+=trap
>  TESTS+=signals-s390x
>  
> diff --git a/tests/tcg/s390x/shift.c b/tests/tcg/s390x/shift.c
> new file mode 100644
> index 00..29594fec5c
> --- /dev/null
> +++ b/tests/tcg/s390x/shift.c
> @@ -0,0 +1,270 @@
> +#include 
> +#include 
> +#include 
> +
> +#define DEFINE_SHIFT_SINGLE_COMMON(_name, _insn_str) \
> +static uint64_t _name(uint64_t op1, uint64_t op2, uint64_t *cc) \
> +{ \
> +asm("sll %[cc],28\n" \
> +"spm %[cc]\n" \
> +"" _insn_str "\n" \
> +"ipm %[cc]\n" \
> +"srl %[cc],28" \
> +: [op1] "+&r" (op1), \
> +  [cc] "+&r" (*cc) \
> +: [op2] "r" (op2) \
> +: "cc"); \
> +return op1; \
> +}
> +#define DEFINE_SHIFT_SINGLE_2(_insn, _offset) \
> +DEFINE_SHIFT_SINGLE_COMMON(_insn ## _ ## _offset, \
> +   #_insn " %[op1]," #_offset "(%[op2])")
> +#define DEFINE_SHIFT_SINGLE_3(_insn, _offset) \
> +DEFINE_SHIFT_SINGLE_COMMON(_insn ## _ ## _offset, \
> +   #_insn " %[op1],%[op1]," #_offset "(%[op2])")
> +#define DEFINE_SHIFT_DOUBLE(_insn, _offset) \
> +static uint64_t _insn ## _ ## _offset(uint64_t op1, uint64_t op2, \
> +  uint64_t *cc) \
> +{ \
> +uint32_t op1h = op1 >> 32; \
> +uint32_t op1l = op1 & 0x; \
> +register uint32_t r2 asm("2") = op1h; \
> +register uint32_t r3 asm("3") = op1l; \
> +\
> +asm("sll %[cc],28\n" \
> +"spm %[cc]\n" \
> +"" #_insn " %[r2]," #_offset "(%[op2])\n" \
> +"ipm %[cc]\n" \
> +"srl %[cc],28" \
> +: [r2] "+&r" (r2), \
> +  [r3] "+&r" (r3), \
> +  [cc] "+&r" (*cc) \
> +: [op2] "r" (op2) \
> +: "cc"); \
> +op1h = r2; \
> +op1l = r3; \
> +return (((uint64_t)op1h) << 32) | op1l; \
> +}
> +
> +DEFINE_SHIFT_SINGLE_3(rll, 0x4cf3b);
> +DEFINE_SHIFT_SINGLE_3(rllg, 0x697c9);
> +DEFINE_SHIFT_SINGLE_2(sla, 0x4b0);
> +DEFINE_SHIFT_SINGLE_2(sla, 0xd54);
> +DEFINE_SHIFT_SINGLE_3(slak, 0x2832c);
> +DEFINE_SHIFT_SINGLE_3(slag, 0x66cc4);
> +DEFINE_SHIFT_SINGLE_3(slag, 0xd54);
> +DEFINE_SHIFT_SINGLE_2(sll, 0xd04);
> +DEFINE_SHIFT_SINGLE_3(sllk, 0x2699f);
> +DEFINE_SHIFT_SINGLE_3(sllg, 0x59df9);
> +DEFINE_SHIFT_SINGLE_2(sra, 0x67e);
> +DEFINE_SHIFT_SINGLE_3(srak, 0x60943);
> +DEFINE_SHIFT_SINGLE_3(srag, 0x6b048);
> +DEFINE_SHIFT_SINGLE_2(srl, 0x035);
> +DEFINE_SHIFT_SINGLE_3(srlk, 0x43dfc);
> +DEFINE_SHIFT_SINGLE_3(srlg, 0x27227);
> +DEFINE_SHIFT_DOUBLE(slda, 0x38b);
> +DEFINE_SHIFT_DOUBLE(sldl, 0x031);
> +DEFINE_SHIFT_DOUBLE(srda, 0x36f);
> +DEFINE_SHIFT_DOUBLE(srdl, 0x99a);
> +
> +struct shift_test {
> +const char *name;
> +uint64_t (*insn)(uint64_t, uint64_t, uint64_t *);
> +uint64_t op1;
> +uint64_t op2;
> +uint64_t exp_result;
> +uint64_t exp_cc;
> +};
> +
> +static const struct shift_test tests[] = {
> +{
> +.name = "rll",
> +.insn = rll_0x4cf3b,
> +.op1 = 0xecbd589a45c248f5ull,
> +.op2 = 0x62e5508ccb4c99fdull,
> +.exp_result = 0xecbd589af545c248ull,
> +.exp_cc = 0,
> +},
> +{
> +.name = "rllg",
> +.insn = rllg_0x697c9,
> +.op1 = 0xaa2d54c1b729f7f4ull,
> +.op2 = 0x5ffcf7465f5cd71full,
> +.exp_result = 0x29f7f4aa2d54c1b7ull,
> +.exp_cc = 0,
> +},
> +{
> +.name = "sla-1",
> +.insn = sla_0x4b0,
> +.op1 = 0x8bf21fb67cca0e96ull,
> +.op2 = 0x3ddf2f53347d3030ull,
> +.exp_result = 0x8bf21fb6ull,
> +.exp_cc = 3,
> +},
> +{
> +.name = "sla-2",
> +.insn = sla_0xd54,
> +.op1 = 0xe4faaed5def0e926ull,
> +.op2 = 0x18d586fab239cbeeull,
> +.exp_result = 0xe4faaed5fbc3a498ull,
> +.exp_cc = 3,
> +},
> +{
> +.name = "slak",
> +.insn = slak_0x2832c,
> +.op1 = 0x7300bf78707f09f9ull,
> +.op2 = 0x4d193b85bb5cb39bull,
> +.exp_result = 0x7300bf783f84fc80ull,
> +.exp_cc = 3,
> +},
> +{
> +.name = "slag-1",
> +.insn = slag_0x66cc4,
> +.op1 = 0xe805966de1a777

Re: [PATCH v1 1/2] decodetree: Add an optional predicate-function for decoding

[Philipp Tomsich]

On Thu, 13 Jan 2022 at 06:07, Alistair Francis  wrote:
>
> On Thu, Jan 13, 2022 at 1:42 AM Philipp Tomsich
>  wrote:
> >
> > Alistair,
> >
> > Do you (and the other RISC-V custodians of target/riscv) have any opinion 
> > on this?
> > We can go either way — and it boils down to a style and process question.
>
> Sorry, it's a busy week!
>
> I had a quick look over this series and left some comments below.


Thank you for taking the time despite the busy week — I can absolutely
relate, as it seems that January is picking up right where December
left off ;-)

>
> >
> > Thanks,
> > Philipp.
> >
> > On Mon, 10 Jan 2022 at 12:30, Philippe Mathieu-Daudé  
> > wrote:
> >>
> >> On 1/10/22 12:11, Philipp Tomsich wrote:
> >> > On Mon, 10 Jan 2022 at 11:03, Philippe Mathieu-Daudé  >> > > wrote:
> >> >
> >> > On 1/10/22 10:52, Philipp Tomsich wrote:
> >> > > For RISC-V the opcode decode will change between different vendor
> >> > > implementations of RISC-V (emulated by the same qemu binary).
> >> > > Any two vendors may reuse the same opcode space, e.g., we may end
> >> > up with:
> >> > >
> >> > > # *** RV64 Custom-3 Extension ***
> >> > > {
> >> > >   vt_maskc   000  . . 110 . 011 @r
> >> > |has_xventanacondops_p
> >> > >   vt_maskcn  000  . . 111 . 011 @r
> >> > |has_xventanacondops_p
> >> > >   someone_something   . 000 . 1100111 @i
> >> > > |has_xsomeonesomething_p
> >> > > }
>
> I don't love this. If even a few vendors use this we could have a huge
> number of instructions here
>
> >> > >
> >> > > With extensions being enabled either from the commandline
> >> > > -cpu any,xventanacondops=true
> >> > > or possibly even having a AMP in one emulation setup (e.g. 
> >> > application
> >> > > cores having one extension and power-mangement cores having a
> >> > > different one — or even a conflicting one).
>
> Agreed, an AMP configuration is entirely possible.
>
> >> >
> >> > I understand, I think this is what MIPS does, see commit 9d005392390:
> >> > ("target/mips: Introduce decodetree structure for NEC Vr54xx 
> >> > extension")
> >> >
> >> >
> >> > The MIPS implementation is functionally equivalent, and I could see us
> >> > doing something similar for RISC-V (although I would strongly prefer to
> >> > make everything explicit via the .decode-file instead of relying on
> >> > people being aware of the logic in decode_op).
> >> >
> >> > With the growing number of optional extensions (as of today, at least
> >> > the Zb[abcs] and vector comes to mind), we would end up with a large
> >> > number of decode-files that will then need to be sequentially called
> >> > from decode_op(). The predicates can then move up into decode_op,
> >> > predicting the auto-generated decoders from being invoked.
> >> >
> >> > As of today, we have predicates for at least the following:
> >> >
> >> >   * Zb[abcs]
> >> >   * Vectors
>
> I see your point, having a long list of decode_*() functions to call
> is a hassle. On the other hand having thousands of lines in
> insn32.decode is also a pain.
>
> In saying that, having official RISC-V extensions in insn32.decode and
> vendor instructions in insn.decode seems like a reasonable
> compromise. Maybe even large extensions (vector maybe?) could have
> their own insn.decode file, on a case by case basis.
>
> >> >
> >> > As long as we are in greenfield territory (i.e. not dealing with
> >> > HINT-instructions that overlap existing opcode space), this will be fine
> >> > and provide proper isolation between the .decode-tables.
> >> > However, as soon as we need to implement something along the lines (I
> >> > know this is a bad example, as prefetching will be a no-op on qemu) of:
> >> >
> >> > {
> >> >   {
> >> > # *** RV32 Zicbop Sandard Extension (hints in the ori-space) ***
> >> > prefetch_i  ... 0 . 110 0 0010011 @cbo_pref
> >> > prefetch_r  ... 1 . 110 0 0010011 @cbo_pref
> >> > prefetch_w  ... 00011 . 110 0 0010011 @cbo_pref
> >> >   }
> >> >   ori   . 110 . 0010011 @i
> >> > }
> >> >
> >> > we'd need to make sure that the generated decoders are called in the
> >> > appropriate order (i.e. the decoder for the specialized instructions
> >> > will need to be called first), which would not be apparent from looking
> >> > at the individual .decode files.
> >> >
> >> > Let me know what direction we want to take (of course, I have a bias
> >> > towards the one in the patch).
> >>
> >> I can't say for RISCV performance, I am myself biased toward maintenance
> >> where having one compilation unit per (vendor) extension.
> >> ARM and MIPS seems to go in this direction, while PPC and RISCV in the
> >> other one.
>
> I think we could do both right?
>
> We could add the predicate support, but also isola

Re: [PATCH 0/3] malta: Move PCI interrupt handling from gt64xxx to piix4

[Philippe Mathieu-Daudé]

Hi Bernhard,

On 12/1/22 22:36, Bernhard Beschow wrote:

Hi,

first-time contributor here. Inspired by an article in LWN [1] I figured I'd
get my hands dirty with QEMU development. According to the article my goal is
to eliminate some "accidental complexity".

While studying the code I noticed some (accidental?) differences between piix3
and piix4 where the PCI interrupts are handled. Moreover, I noticed presence of
global variables in piix4 which probably constitute a limitation of QOM's idea
of configuration-driven machine creation. By applying piix3 concepts, i.e.
moving the interrupt handling from gt64xxx to piix4, it's possible to both
eliminate the differences and resolve the global variables.

The patch series is structured as follows: Patch 1 eliminates the differences,
patch 3 resolves the global variables. Patch 2 is a preparation for patch 3.
Some of my further comments regarding the patches are:

Patch 1:
* pci_slot_get_pirq() looks quite malta-specific. Neither gt64xxx nor piix4
   seem to be the perfect fit. So I moved it to piix4, analogous to piix3.
* The i8259 property moved from MaltaState to PIIX4State looks quite redundant
   to the isa property. Could isa be used instead, eliminating i8259?

Patch 2:
* Besides piix4, there were four further cases where the PIC array was passed
   as the opaque parameter to the pci_map_irq_fn's. AFAICS in all other cases
   the DeviceState is passed instead. With this patch, consistency is
   esablished.
* Passing PIIX4State to piix4_set_irq() paves the way for eliminating all
   global variables left in piix4.c (see patch 3).

Comments welcome.

Cheers
Bernhard

[1] https://lwn.net/Articles/872321/

Bernhard Beschow (3):
   malta: Move PCI interrupt handling from gt64xxx to piix4
   pci: Always pass own DeviceState to pci_map_irq_fn's
   isa/piix4: Resolve global variables


Did you forget to sent the patches?

Re: [PATCH v2 2/6] hw/usb/canokey: Add trace events

[Gerd Hoffmann]

On Fri, Jan 07, 2022 at 11:35:13PM +0800, Hongren (Zenithal) Zheng wrote:
> Signed-off-by: Hongren (Zenithal) Zheng 

scripts/checkpatch.pl complains:

ERROR: line over 90 characters
#112: FILE: hw/usb/canokey.c:209:
+trace_canokey_handle_data_out_err(ep_out, p->iov.size, 
key->ep_out_size[ep_out]);

ERROR: Hex numbers must be prefixed with '0x'
#157: FILE: hw/usb/trace-events:357:
+canokey_handle_control_setup(int request, int value, int index, int length) 
"request %04X value %04X index %04X length %04X"

total: 2 errors, 0 warnings, 130 lines checked

take care,
  Gerd

Re: [PATCH 09/15] audio: revert tests for pcm_ops table

[Gerd Hoffmann]

On Thu, Jan 06, 2022 at 10:23:26AM +0100, Volker Rümelin wrote:
> From: Volker Rümelin 
> 
> With previous commit every audio backend has a pcm_ops function
> table. It's no longer necessary to test if the table is
> available. This reverts commit cbaf25d1f5: "audio: fix
> wavcapture segfault"

You can just "git revert cbaf25d1f5" then, and append the reason
why you are reverting the commit to the commit message.

> 
> Signed-off-by: Volker Rümelin 
> ---
>  audio/audio.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/audio/audio.c b/audio/audio.c
> index 55f885f8e9..c420a8bd1c 100644
> --- a/audio/audio.c
> +++ b/audio/audio.c
> @@ -612,7 +612,7 @@ static size_t audio_pcm_sw_read(SWVoiceIn *sw, void *buf, 
> size_t size)
>  total += isamp;
>  }
>  
> -if (hw->pcm_ops && !hw->pcm_ops->volume_in) {
> +if (!hw->pcm_ops->volume_in) {
>  mixeng_volume (sw->buf, ret, &sw->vol);
>  }
>  
> @@ -718,7 +718,7 @@ static size_t audio_pcm_sw_write(SWVoiceOut *sw, void 
> *buf, size_t size)
>  if (swlim) {
>  sw->conv (sw->buf, buf, swlim);
>  
> -if (sw->hw->pcm_ops && !sw->hw->pcm_ops->volume_out) {
> +if (!sw->hw->pcm_ops->volume_out) {
>  mixeng_volume (sw->buf, swlim, &sw->vol);
>  }
>  }
> -- 
> 2.31.1
> 

-- 

Re: [PATCH v2 4/6] docs: Add CanoKey documentation

[Thomas Huth]

On 07/01/2022 16.37, Hongren (Zenithal) Zheng wrote:

Signed-off-by: Hongren (Zenithal) Zheng 
---
  docs/canokey.txt | 140 +++


I think this should likely rather go into the docs/system/devices directory 
instead? And it would be nice if you could also turn it into a reStructured 
text (*.rst) document right from the start.


 Thanks,
  Thomas

Re: [PATCH v2 2/2] tests: add qtest for hw/sensor/sbtsi

[Thomas Huth]

On 13/01/2022 00.26, Patrick Venture wrote:

From: Hao Wu 

Reviewed-by: Doug Evanwqs 
Signed-off-by: Hao Wu 
Signed-off-by: Patrick Venture 
---
  tests/qtest/meson.build  |   1 +
  tests/qtest/tmp_sbtsi-test.c | 161 +++


I'd prefer to use "-" instead of "_" in the file name, but anyway:

Acked-by: Thomas Huth 

Re: [PATCH v2] audio: Add sndio backend

[Gerd Hoffmann]

On Mon, Dec 20, 2021 at 04:41:31PM +0100, Christian Schoenebeck wrote:
> On Freitag, 17. Dezember 2021 10:38:32 CET Alexandre Ratchov wrote:
> > sndio is the native API used by OpenBSD, although it has been ported to
> > other *BSD's and Linux (packages for Ubuntu, Debian, Void, Arch, etc.).

> > diff --git a/MAINTAINERS b/MAINTAINERS
> > index 7543eb4d59..76bdad064f 100644
> > --- a/MAINTAINERS
> > +++ b/MAINTAINERS
> > @@ -2307,6 +2307,7 @@ X: audio/jackaudio.c
> >  X: audio/ossaudio.c
> >  X: audio/paaudio.c
> >  X: audio/sdlaudio.c
> > +X: audio/sndio.c
> >  X: audio/spiceaudio.c
> >  F: qapi/audio.json
> > 
> > @@ -2349,6 +2350,10 @@ R: Thomas Huth 
> >  S: Odd Fixes
> >  F: audio/sdlaudio.c
> > 
> > +Sndio Audio backend
> > +R: Alexandre Ratchov 
> > +F: audio/sndio.c

[ ... wading through my patch mail backlog ... ]

> Thanks Alexandre for volunteering as reviewer!
> 
> Gerd, would it be OK to set you as maintainer for now until new maintainer(s) 
> adopt audio sections? Or should this start with "S: Orphan" instead?

Yep, adding me is fine for now, although I can't promise timely
responses due to being quite busy with tianocore.

take care,
  Gerd

Re: [Virtio-fs] [PATCH] virtiofsd: Do not support blocking flock

[Greg Kurz]

On Tue, 11 Jan 2022 19:10:43 +0100
Sebastian Hasler  wrote:

> With the current implementation, blocking flock can lead to
> deadlock. Thus, it's better to return EOPNOTSUPP if a user attempts
> to perform a blocking flock request.
> 
> Signed-off-by: Sebastian Hasler 
> ---
>  tools/virtiofsd/passthrough_ll.c | 6 ++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/tools/virtiofsd/passthrough_ll.c 
> b/tools/virtiofsd/passthrough_ll.c
> index 64b5b4fbb1..f3cc307f6d 100644
> --- a/tools/virtiofsd/passthrough_ll.c
> +++ b/tools/virtiofsd/passthrough_ll.c
> @@ -2442,6 +2442,12 @@ static void lo_flock(fuse_req_t req, fuse_ino_t ino, 
> struct fuse_file_info *fi,
>  int res;
>  (void)ino;
>  
> +if (!(op & LOCK_NB)) {
> +/* Blocking flock is not supported */

This paraphrases the code. It would be more informative to provide
an explanation, something like /* Blocking flock can deadlock */ .

No big deal.

Reviewed-by: Greg Kurz 

> +fuse_reply_err(req, EOPNOTSUPP);
> +return;
> +}
> +
>  res = flock(lo_fi_fd(req, fi), op);
>  
>  fuse_reply_err(req, res == -1 ? errno : 0);

Re: [PATCH v7 2/5] QIOChannelSocket: Implement io_writev zero copy flag & io_flush for CONFIG_LINUX

[Daniel P . Berrangé]

On Thu, Jan 13, 2022 at 02:48:15PM +0800, Peter Xu wrote:
> On Thu, Jan 06, 2022 at 07:13:39PM -0300, Leonardo Bras wrote:
> > @@ -558,15 +575,26 @@ static ssize_t qio_channel_socket_writev(QIOChannel 
> > *ioc,
> >  memcpy(CMSG_DATA(cmsg), fds, fdsize);
> >  }
> >  
> > +if (flags & QIO_CHANNEL_WRITE_FLAG_ZERO_COPY) {
> > +sflags = MSG_ZEROCOPY;
> > +}
> > +
> >   retry:
> > -ret = sendmsg(sioc->fd, &msg, 0);
> > +ret = sendmsg(sioc->fd, &msg, sflags);
> >  if (ret <= 0) {
> > -if (errno == EAGAIN) {
> > +switch (errno) {
> > +case EAGAIN:
> >  return QIO_CHANNEL_ERR_BLOCK;
> > -}
> > -if (errno == EINTR) {
> > +case EINTR:
> >  goto retry;
> > +case ENOBUFS:
> > +if (sflags & MSG_ZEROCOPY) {
> > +error_setg_errno(errp, errno,
> > + "Process can't lock enough memory for 
> > using MSG_ZEROCOPY");
> > +return -1;
> > +}
> 
> I have no idea whether it'll make a real differnece, but - should we better 
> add
> a "break" here?  If you agree and with that fixed, feel free to add:
> 
> Reviewed-by: Peter Xu 
> 
> I also wonder whether you hit ENOBUFS in any of the environments.  On Fedora
> here it's by default unlimited, but just curious when we should keep an eye.

Fedora doesn't allow unlimited locked memory by default

$ grep "locked memory" /proc/self/limits 
Max locked memory 6553665536bytes 

And  regardless of Fedora defaults, libvirt will set a limit
for the guest. It will only be unlimited if requiring certain
things like VFIO.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH 3/4] acpi: fix OEM ID/OEM Table ID padding

[Ani Sinha]

On Thu, 13 Jan 2022, Dmitry V. Orekhov wrote:
> I can't apply the patch to the qemu-6.1.0 source code on my own.
> There is no acpi_table_begin function in the qemu-6.1.0 source code
> (hw/acpi/aml-buld.c).
>
Try the following patch :

>From 10620c384bf05f0a7561c1afd0ec8ad5af9b7c0f Mon Sep 17 00:00:00 2001
From: Ani Sinha 
Date: Thu, 13 Jan 2022 15:48:16 +0530
Subject: [PATCH] acpi: fix OEM ID/OEM Table ID padding for qemu 6.1.1

Replace whitespace padding with '\0' padding in accordance with spec
and expectations of guest OS.

Signed-off-by: Ani Sinha 
---
 hw/acpi/aml-build.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index d5103e6..0df053c 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1703,9 +1703,9 @@ build_header(BIOSLinker *linker, GArray *table_data,
 h->length = cpu_to_le32(len);
 h->revision = rev;

-strpadcpy((char *)h->oem_id, sizeof h->oem_id, oem_id, ' ');
+strpadcpy((char *)h->oem_id, sizeof h->oem_id, oem_id, '\0');
 strpadcpy((char *)h->oem_table_id, sizeof h->oem_table_id,
-  oem_table_id, ' ');
+  oem_table_id, '\0');

 h->oem_revision = cpu_to_le32(1);
 memcpy(h->asl_compiler_id, ACPI_BUILD_APPNAME8, 4);
-- 
2.6.3

Re: [PULL 00/31] testing/next and other misc fixes

[Alex Bennée]

Peter Maydell  writes:

(adding the s390x people to the CC if they have any clues)

> On Wed, 12 Jan 2022 at 11:27, Alex Bennée  wrote:
>>
>> The following changes since commit bf99e0ec9a51976868d7a8334620716df15fe7fe:
>>
>>   Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging 
>> (2022-01-11 10:12:29 +)
>>
>> are available in the Git repository at:
>>
>>   https://github.com/stsquad/qemu.git tags/pull-for-7.0-110122-1
>>
>> for you to fetch changes up to dbd30b7abee963f4fb08892a7d7f920bb76ece58:
>>
>>   linux-user: Remove the deprecated ppc64abi32 target (2022-01-11 13:00:53 
>> +)
>>

> This seems to fail the ubuntu-18.04-s390x-all-linux-static job
> with segfaults running linux-user binaries (not always the same
> binary), eg:
> https://gitlab.com/qemu-project/qemu/-/jobs/1968789446
> https://gitlab.com/qemu-project/qemu/-/jobs/1968080419

*sigh*

So the regression is caused by:

  linux-user: don't adjust base of found hole

However it only occurs when pgb_static starts base at a low address. For
example:

  pgb_find_hole: base @ 13dd000 for 17432080 bytes
  pgb_static: base @ 13dd000 for 17432080 bytes
  Locating guest address space @ 0x13dd000

fails whereas:

  pgb_find_hole: base @ 41f97000 for 17432080 bytes  
  pgb_static: base @ 41f97000 for 17432080 bytes
  Locating guest address space @ 0x41f97000  

works.

What I find confusing is why we end up with different addresses when
both QEMU and the test binary are static allocations. However the
varying allocation occurs before the change but without triggering the
crash:

  pgb_static: base @ 3dd000 for 17432080 bytes
  pgb_static: base @ 3dd000 for 17432080 bytes
  pgb_static: base @ 41246000 for 17432080 bytes
  pgb_static: base @ 3dd000 for 17432080 bytes
  pgb_static: base @ 40a2a000 for 17432080 bytes
  pgb_static: base @ 3dd000 for 17432080 bytes
  pgb_static: base @ 3dd000 for 17432080 bytes
  pgb_static: base @ 4060c000 for 17432080 bytes
  pgb_static: base @ 3dd000 for 17432080 bytes
  pgb_static: base @ 3dd000 for 17432080 bytes
  pgb_static: base @ 3dd000 for 17432080 bytes

>
>
> thanks
> -- PMM


-- 
Alex Bennée

Re: [PATCH v7 2/5] QIOChannelSocket: Implement io_writev zero copy flag & io_flush for CONFIG_LINUX

[Peter Xu]

On Thu, Jan 13, 2022 at 10:06:14AM +, Daniel P. Berrangé wrote:
> On Thu, Jan 13, 2022 at 02:48:15PM +0800, Peter Xu wrote:
> > On Thu, Jan 06, 2022 at 07:13:39PM -0300, Leonardo Bras wrote:
> > > @@ -558,15 +575,26 @@ static ssize_t qio_channel_socket_writev(QIOChannel 
> > > *ioc,
> > >  memcpy(CMSG_DATA(cmsg), fds, fdsize);
> > >  }
> > >  
> > > +if (flags & QIO_CHANNEL_WRITE_FLAG_ZERO_COPY) {
> > > +sflags = MSG_ZEROCOPY;
> > > +}
> > > +
> > >   retry:
> > > -ret = sendmsg(sioc->fd, &msg, 0);
> > > +ret = sendmsg(sioc->fd, &msg, sflags);
> > >  if (ret <= 0) {
> > > -if (errno == EAGAIN) {
> > > +switch (errno) {
> > > +case EAGAIN:
> > >  return QIO_CHANNEL_ERR_BLOCK;
> > > -}
> > > -if (errno == EINTR) {
> > > +case EINTR:
> > >  goto retry;
> > > +case ENOBUFS:
> > > +if (sflags & MSG_ZEROCOPY) {
> > > +error_setg_errno(errp, errno,
> > > + "Process can't lock enough memory for 
> > > using MSG_ZEROCOPY");
> > > +return -1;
> > > +}
> > 
> > I have no idea whether it'll make a real differnece, but - should we better 
> > add
> > a "break" here?  If you agree and with that fixed, feel free to add:
> > 
> > Reviewed-by: Peter Xu 
> > 
> > I also wonder whether you hit ENOBUFS in any of the environments.  On Fedora
> > here it's by default unlimited, but just curious when we should keep an eye.
> 
> Fedora doesn't allow unlimited locked memory by default
> 
> $ grep "locked memory" /proc/self/limits 
> Max locked memory 6553665536bytes 
> 
> And  regardless of Fedora defaults, libvirt will set a limit
> for the guest. It will only be unlimited if requiring certain
> things like VFIO.

Thanks, I obviously checked up the wrong host..

Leo, do you know how much locked memory will be needed by zero copy?  Will
there be a limit?  Is it linear to the number of sockets/channels?

It'll be better if we can fail at enabling the feature when we detected that
the specified locked memory limit may not be suffice.

-- 
Peter Xu

[PATCH 0/2] TPM-CRB: Remove spurious error report when used with VFIO

[Eric Auger]

launching a guest with a TPM-CRB device and VFIO-PCI devices.

The CRB command buffer currently is a RAM MemoryRegion and given
its base address alignment, it causes an error report on
vfio_listener_region_add(). This series proposes to use a ram-device
region instead which helps in better assessing the dma map error
failure severity on VFIO side.

Best Regards

Eric

This series can be found at:
https://github.com/eauger/qemu/tree/tpm-crb-ram-device-v1

Eric Auger (2):
  tpm: CRB: Use ram_device for "tpm-crb-cmd" region
  hw/vfio/common: Silence ram device offset alignment error traces

 hw/tpm/meson.build   |  2 +-
 hw/tpm/tpm_crb.c | 10 --
 hw/vfio/common.c | 15 ++-
 hw/vfio/trace-events |  1 +
 4 files changed, 24 insertions(+), 4 deletions(-)

-- 
2.26.3

[PATCH 2/2] hw/vfio/common: Silence ram device offset alignment error traces

[Eric Auger]

Failing to DMA MAP a ram_device should not cause an error message.
This is currently happening with the TPM CRB command region and
this is causing confusion.

We may want to keep the trace for debug purpose though.

Signed-off-by: Eric Auger 

---

I am not totally clear why we do not fail on the non RAM device case
though.
---
 hw/vfio/common.c | 15 ++-
 hw/vfio/trace-events |  1 +
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index 080046e3f5..9caa560b07 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -884,7 +884,20 @@ static void vfio_listener_region_add(MemoryListener 
*listener,
 if (unlikely((section->offset_within_address_space &
   ~qemu_real_host_page_mask) !=
  (section->offset_within_region & ~qemu_real_host_page_mask))) 
{
-error_report("%s received unaligned region", __func__);
+if (memory_region_is_ram_device(section->mr)) { /* just debug purpose 
*/
+trace_vfio_listener_region_add_bad_offset_alignment(
+memory_region_name(section->mr),
+section->offset_within_address_space,
+section->offset_within_region, qemu_real_host_page_size);
+} else { /* error case we don't want to be fatal */
+error_report("%s received unaligned region %s iova=0x%"PRIx64
+ " offset_within_region=0x%"PRIx64
+ " qemu_real_host_page_mask=0x%"PRIx64,
+ __func__, memory_region_name(section->mr),
+ section->offset_within_address_space,
+ section->offset_within_region,
+ qemu_real_host_page_mask);
+}
 return;
 }
 
diff --git a/hw/vfio/trace-events b/hw/vfio/trace-events
index 0ef1b5f4a6..ccd9d7610d 100644
--- a/hw/vfio/trace-events
+++ b/hw/vfio/trace-events
@@ -100,6 +100,7 @@ vfio_listener_region_add_skip(uint64_t start, uint64_t end) 
"SKIPPING region_add
 vfio_spapr_group_attach(int groupfd, int tablefd) "Attached groupfd %d to 
liobn fd %d"
 vfio_listener_region_add_iommu(uint64_t start, uint64_t end) "region_add 
[iommu] 0x%"PRIx64" - 0x%"PRIx64
 vfio_listener_region_add_ram(uint64_t iova_start, uint64_t iova_end, void 
*vaddr) "region_add [ram] 0x%"PRIx64" - 0x%"PRIx64" [%p]"
+vfio_listener_region_add_bad_offset_alignment(const char *name, uint64_t iova, 
uint64_t offset_within_region, uint64_t page_size) "Region \"%s\" @0x%"PRIx64", 
offset_within_region=0x%"PRIx64", qemu_real_host_page_mask=0x%"PRIx64 " cannot 
be mapped for DMA"
 vfio_listener_region_add_no_dma_map(const char *name, uint64_t iova, uint64_t 
size, uint64_t page_size) "Region \"%s\" 0x%"PRIx64" size=0x%"PRIx64" is not 
aligned to 0x%"PRIx64" and cannot be mapped for DMA"
 vfio_listener_region_del_skip(uint64_t start, uint64_t end) "SKIPPING 
region_del 0x%"PRIx64" - 0x%"PRIx64
 vfio_listener_region_del(uint64_t start, uint64_t end) "region_del 0x%"PRIx64" 
- 0x%"PRIx64
-- 
2.26.3

[PATCH 1/2] tpm: CRB: Use ram_device for "tpm-crb-cmd" region

[Eric Auger]

Representing the CRB cmd/response buffer as a standard
RAM region causes some trouble when the device is used
with VFIO. Indeed VFIO attempts to DMA_MAP this region
as usual RAM but this latter does not have a valid page
size alignment causing such an error report:
"vfio_listener_region_add received unaligned region".
To allow VFIO to detect that failing dma mapping
this region is not an issue, let's use a ram_device
memory region type instead.

The change in meson.build is required to include the
cpu.h header.

Signed-off-by: Eric Auger 
---
 hw/tpm/meson.build |  2 +-
 hw/tpm/tpm_crb.c   | 10 --
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/hw/tpm/meson.build b/hw/tpm/meson.build
index 1c68d81d6a..3e74df945b 100644
--- a/hw/tpm/meson.build
+++ b/hw/tpm/meson.build
@@ -1,8 +1,8 @@
 softmmu_ss.add(when: 'CONFIG_TPM_TIS', if_true: files('tpm_tis_common.c'))
 softmmu_ss.add(when: 'CONFIG_TPM_TIS_ISA', if_true: files('tpm_tis_isa.c'))
 softmmu_ss.add(when: 'CONFIG_TPM_TIS_SYSBUS', if_true: 
files('tpm_tis_sysbus.c'))
-softmmu_ss.add(when: 'CONFIG_TPM_CRB', if_true: files('tpm_crb.c'))
 
+specific_ss.add(when: 'CONFIG_TPM_CRB', if_true: files('tpm_crb.c'))
 specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TPM_TIS'], if_true: 
files('tpm_ppi.c'))
 specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TPM_CRB'], if_true: 
files('tpm_ppi.c'))
 specific_ss.add(when: 'CONFIG_TPM_SPAPR', if_true: files('tpm_spapr.c'))
diff --git a/hw/tpm/tpm_crb.c b/hw/tpm/tpm_crb.c
index 58ebd1469c..25f8e685e4 100644
--- a/hw/tpm/tpm_crb.c
+++ b/hw/tpm/tpm_crb.c
@@ -25,6 +25,7 @@
 #include "sysemu/tpm_backend.h"
 #include "sysemu/tpm_util.h"
 #include "sysemu/reset.h"
+#include "cpu.h"
 #include "tpm_prop.h"
 #include "tpm_ppi.h"
 #include "trace.h"
@@ -43,6 +44,7 @@ struct CRBState {
 
 bool ppi_enabled;
 TPMPPI ppi;
+uint8_t *crb_cmd_buf;
 };
 typedef struct CRBState CRBState;
 
@@ -291,10 +293,14 @@ static void tpm_crb_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
+s->crb_cmd_buf = qemu_memalign(qemu_real_host_page_size,
+HOST_PAGE_ALIGN(CRB_CTRL_CMD_SIZE));
+
 memory_region_init_io(&s->mmio, OBJECT(s), &tpm_crb_memory_ops, s,
 "tpm-crb-mmio", sizeof(s->regs));
-memory_region_init_ram(&s->cmdmem, OBJECT(s),
-"tpm-crb-cmd", CRB_CTRL_CMD_SIZE, errp);
+memory_region_init_ram_device_ptr(&s->cmdmem, OBJECT(s), "tpm-crb-cmd",
+  CRB_CTRL_CMD_SIZE, s->crb_cmd_buf);
+vmstate_register_ram(&s->cmdmem, DEVICE(s));
 
 memory_region_add_subregion(get_system_memory(),
 TPM_CRB_ADDR_BASE, &s->mmio);
-- 
2.26.3

Re: [PATCH v6 13/23] target/riscv: Implement AIA mtopi, stopi, and vstopi CSRs

[Anup Patel]

On Wed, Jan 12, 2022 at 5:46 PM Frank Chang  wrote:
>
> Anup Patel  於 2021年12月30日 週四 下午8:47寫道：
>>
>> From: Anup Patel 
>>
>> The AIA specification introduces new [m|s|vs]topi CSRs for
>> reporting pending local IRQ number and associated IRQ priority.
>>
>> Signed-off-by: Anup Patel 
>> Signed-off-by: Anup Patel 
>> ---
>>  target/riscv/csr.c | 156 +
>>  1 file changed, 156 insertions(+)
>>
>> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
>> index 55e747fbf7..5a27c3bfbb 100644
>> --- a/target/riscv/csr.c
>> +++ b/target/riscv/csr.c
>> @@ -190,6 +190,15 @@ static int smode32(CPURISCVState *env, int csrno)
>>  return smode(env, csrno);
>>  }
>>
>> +static int aia_smode(CPURISCVState *env, int csrno)
>> +{
>> +if (!riscv_feature(env, RISCV_FEATURE_AIA)) {
>> +return RISCV_EXCP_ILLEGAL_INST;
>> +}
>> +
>> +return smode(env, csrno);
>> +}
>> +
>>  static int aia_smode32(CPURISCVState *env, int csrno)
>>  {
>>  if (!riscv_feature(env, RISCV_FEATURE_AIA)) {
>> @@ -502,6 +511,8 @@ static RISCVException read_timeh(CPURISCVState *env, int 
>> csrno,
>>  #define VS_MODE_INTERRUPTS ((uint64_t)(MIP_VSSIP | MIP_VSTIP | MIP_VSEIP))
>>  #define HS_MODE_INTERRUPTS ((uint64_t)(MIP_SGEIP | VS_MODE_INTERRUPTS))
>>
>> +#define VSTOPI_NUM_SRCS 5
>
>
> Nit:
> VSTOPI_NUM_SRCS can be reduced to 2 as AIA spec says:
>   The list of candidate interrupts can be reduced to two finalists relatively.
> But it's fine to keep it to 5 if you think it has better readability.

Let's keep is 5 for now. This is little high to ensure that
we don't run out space in the candidate array.

Regards,
Anup

>
>>
>> +
>>  static const uint64_t delegable_ints = S_MODE_INTERRUPTS |
>> VS_MODE_INTERRUPTS;
>>  static const uint64_t vs_delegable_ints = VS_MODE_INTERRUPTS;
>> @@ -862,6 +873,28 @@ static RISCVException rmw_mieh(CPURISCVState *env, int 
>> csrno,
>>  return ret;
>>  }
>>
>> +static int read_mtopi(CPURISCVState *env, int csrno, target_ulong *val)
>> +{
>> +int irq;
>> +uint8_t iprio;
>> +
>> +irq = riscv_cpu_mirq_pending(env);
>> +if (irq <= 0 || irq > 63) {
>> +   *val = 0;
>> +} else {
>> +   iprio = env->miprio[irq];
>> +   if (!iprio) {
>> +   if (riscv_cpu_default_priority(irq) > IPRIO_DEFAULT_M) {
>> +   iprio = IPRIO_MMAXIPRIO;
>> +   }
>> +   }
>> +   *val = (irq & TOPI_IID_MASK) << TOPI_IID_SHIFT;
>> +   *val |= iprio;
>> +}
>> +
>> +return RISCV_EXCP_NONE;
>> +}
>> +
>>  static RISCVException read_mtvec(CPURISCVState *env, int csrno,
>>   target_ulong *val)
>>  {
>> @@ -1391,6 +1424,120 @@ static RISCVException write_satp(CPURISCVState *env, 
>> int csrno,
>>  return RISCV_EXCP_NONE;
>>  }
>>
>> +static int read_vstopi(CPURISCVState *env, int csrno, target_ulong *val)
>> +{
>> +int irq, ret;
>> +target_ulong topei;
>> +uint64_t vseip, vsgein;
>> +uint32_t iid, iprio, hviid, hviprio, gein;
>> +uint32_t s, scount = 0, siid[VSTOPI_NUM_SRCS], siprio[VSTOPI_NUM_SRCS];
>> +
>> +gein = get_field(env->hstatus, HSTATUS_VGEIN);
>> +hviid = get_field(env->hvictl, HVICTL_IID);
>> +hviprio = get_field(env->hvictl, HVICTL_IPRIO);
>> +
>> +if (gein) {
>> +vsgein = (env->hgeip & (1ULL << gein)) ? MIP_VSEIP : 0;
>> +vseip = env->mie & (env->mip | vsgein) & MIP_VSEIP;
>> +if (gein <= env->geilen && vseip) {
>> +siid[scount] = IRQ_S_EXT;
>> +siprio[scount] = IPRIO_MMAXIPRIO + 1;
>> +if (env->aia_ireg_rmw_fn[PRV_S]) {
>> +/*
>> + * Call machine specific IMSIC register emulation for
>> + * reading TOPEI.
>> + */
>> +ret = env->aia_ireg_rmw_fn[PRV_S](
>> +env->aia_ireg_rmw_fn_arg[PRV_S],
>> +AIA_MAKE_IREG(ISELECT_IMSIC_TOPEI, PRV_S, true, 
>> gein,
>> +  riscv_cpu_mxl_bits(env)),
>> +&topei, 0, 0);
>> +if (!ret && topei) {
>> +siprio[scount] = topei & IMSIC_TOPEI_IPRIO_MASK;
>> +}
>> +}
>> +scount++;
>> +}
>> +} else {
>> +if (hviid == IRQ_S_EXT && hviprio) {
>> +siid[scount] = IRQ_S_EXT;
>> +siprio[scount] = hviprio;
>> +scount++;
>> +}
>> +}
>> +
>> +if (env->hvictl & HVICTL_VTI) {
>> +if (hviid != IRQ_S_EXT) {
>> +siid[scount] = hviid;
>> +siprio[scount] = hviprio;
>> +scount++;
>> +}
>> +} else {
>> +irq = riscv_cpu_vsirq_pending(env);
>> +if (irq != IRQ_S_EXT && 0 < irq && irq <= 63) {
>> +   siid[scount] = irq;
>> +   siprio[scount] = env->hviprio[irq];
>> +   scount++;
>> +}
>> +}
>>

Re: [PATCH v7 2/5] QIOChannelSocket: Implement io_writev zero copy flag & io_flush for CONFIG_LINUX

[Daniel P . Berrangé]

On Thu, Jan 13, 2022 at 06:34:12PM +0800, Peter Xu wrote:
> On Thu, Jan 13, 2022 at 10:06:14AM +, Daniel P. Berrangé wrote:
> > On Thu, Jan 13, 2022 at 02:48:15PM +0800, Peter Xu wrote:
> > > On Thu, Jan 06, 2022 at 07:13:39PM -0300, Leonardo Bras wrote:
> > > > @@ -558,15 +575,26 @@ static ssize_t 
> > > > qio_channel_socket_writev(QIOChannel *ioc,
> > > >  memcpy(CMSG_DATA(cmsg), fds, fdsize);
> > > >  }
> > > >  
> > > > +if (flags & QIO_CHANNEL_WRITE_FLAG_ZERO_COPY) {
> > > > +sflags = MSG_ZEROCOPY;
> > > > +}
> > > > +
> > > >   retry:
> > > > -ret = sendmsg(sioc->fd, &msg, 0);
> > > > +ret = sendmsg(sioc->fd, &msg, sflags);
> > > >  if (ret <= 0) {
> > > > -if (errno == EAGAIN) {
> > > > +switch (errno) {
> > > > +case EAGAIN:
> > > >  return QIO_CHANNEL_ERR_BLOCK;
> > > > -}
> > > > -if (errno == EINTR) {
> > > > +case EINTR:
> > > >  goto retry;
> > > > +case ENOBUFS:
> > > > +if (sflags & MSG_ZEROCOPY) {
> > > > +error_setg_errno(errp, errno,
> > > > + "Process can't lock enough memory for 
> > > > using MSG_ZEROCOPY");
> > > > +return -1;
> > > > +}
> > > 
> > > I have no idea whether it'll make a real differnece, but - should we 
> > > better add
> > > a "break" here?  If you agree and with that fixed, feel free to add:
> > > 
> > > Reviewed-by: Peter Xu 
> > > 
> > > I also wonder whether you hit ENOBUFS in any of the environments.  On 
> > > Fedora
> > > here it's by default unlimited, but just curious when we should keep an 
> > > eye.
> > 
> > Fedora doesn't allow unlimited locked memory by default
> > 
> > $ grep "locked memory" /proc/self/limits 
> > Max locked memory 6553665536bytes   
> >   
> > 
> > And  regardless of Fedora defaults, libvirt will set a limit
> > for the guest. It will only be unlimited if requiring certain
> > things like VFIO.
> 
> Thanks, I obviously checked up the wrong host..
> 
> Leo, do you know how much locked memory will be needed by zero copy?  Will
> there be a limit?  Is it linear to the number of sockets/channels?

IIRC we decided it would be limited by the socket send buffer size, rather
than guest RAM, because writes will block once the send buffer is full.

This has a default global setting, with per-socket override. On one box I
have it is 200 Kb. With multifd you'll need  "num-sockets * send buffer".

> It'll be better if we can fail at enabling the feature when we detected that
> the specified locked memory limit may not be suffice.

Checking this value against available locked memory though will always
have an error margin because other things in QEMU can use locked memory
too


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH v6 09/23] target/riscv: Implement AIA local interrupt priorities

[Anup Patel]

On Wed, Jan 12, 2022 at 8:30 AM Frank Chang  wrote:
>
> On Wed, Jan 12, 2022 at 1:18 AM Anup Patel  wrote:
>>
>>
>>
>> On Mon, Jan 10, 2022 at 6:38 PM Frank Chang  wrote:
>> >
>> > Anup Patel  於 2021年12月30日 週四 下午8:38寫道：
>> >>
>> >> From: Anup Patel 
>> >>
>> >> The AIA spec defines programmable 8-bit priority for each local interrupt
>> >> at M-level, S-level and VS-level so we extend local interrupt processing
>> >> to consider AIA interrupt priorities. The AIA CSRs which help software
>> >> configure local interrupt priorities will be added by subsequent patches.
>> >>
>> >> Signed-off-by: Anup Patel 
>> >> Signed-off-by: Anup Patel 
>> >> Reviewed-by: Alistair Francis 
>> >> ---
>> >>  target/riscv/cpu.c|  19 
>> >>  target/riscv/cpu.h|  12 ++
>> >>  target/riscv/cpu_helper.c | 231 ++
>> >>  target/riscv/machine.c|   3 +
>> >>  4 files changed, 244 insertions(+), 21 deletions(-)
>> >>
>> >> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
>> >> index 9f1a4d1088..9ad26035e1 100644
>> >> --- a/target/riscv/cpu.c
>> >> +++ b/target/riscv/cpu.c
>> >> @@ -348,6 +348,10 @@ void restore_state_to_opc(CPURISCVState *env, 
>> >> TranslationBlock *tb,
>> >>
>> >>  static void riscv_cpu_reset(DeviceState *dev)
>> >>  {
>> >> +#ifndef CONFIG_USER_ONLY
>> >> +uint8_t iprio;
>> >> +int i, irq, rdzero;
>> >> +#endif
>> >>  CPUState *cs = CPU(dev);
>> >>  RISCVCPU *cpu = RISCV_CPU(cs);
>> >>  RISCVCPUClass *mcc = RISCV_CPU_GET_CLASS(cpu);
>> >> @@ -370,6 +374,21 @@ static void riscv_cpu_reset(DeviceState *dev)
>> >>  env->miclaim = MIP_SGEIP;
>> >>  env->pc = env->resetvec;
>> >>  env->two_stage_lookup = false;
>> >> +
>> >> +/* Initialized default priorities of local interrupts. */
>> >> +for (i = 0; i < ARRAY_SIZE(env->miprio); i++) {
>> >> +iprio = riscv_cpu_default_priority(i);
>> >> +env->miprio[i] = (i == IRQ_M_EXT) ? 0 : iprio;
>> >> +env->siprio[i] = (i == IRQ_S_EXT) ? 0 : iprio;
>> >> +env->hviprio[i] = 0;
>> >> +}
>> >> +i = 0;
>> >> +while (!riscv_cpu_hviprio_index2irq(i, &irq, &rdzero)) {
>> >> +if (!rdzero) {
>> >> +env->hviprio[irq] = env->miprio[irq];
>> >> +}
>> >> +i++;
>> >> +}
>> >>  /* mmte is supposed to have pm.current hardwired to 1 */
>> >>  env->mmte |= (PM_EXT_INITIAL | MMTE_M_PM_CURRENT);
>> >>  #endif
>> >> diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
>> >> index 02f3ef2c3c..140fabfdf9 100644
>> >> --- a/target/riscv/cpu.h
>> >> +++ b/target/riscv/cpu.h
>> >> @@ -182,6 +182,10 @@ struct CPURISCVState {
>> >>  target_ulong mcause;
>> >>  target_ulong mtval;  /* since: priv-1.10.0 */
>> >>
>> >> +/* Machine and Supervisor interrupt priorities */
>> >> +uint8_t miprio[64];
>> >> +uint8_t siprio[64];
>> >> +
>> >>  /* Hypervisor CSRs */
>> >>  target_ulong hstatus;
>> >>  target_ulong hedeleg;
>> >> @@ -194,6 +198,9 @@ struct CPURISCVState {
>> >>  target_ulong hgeip;
>> >>  uint64_t htimedelta;
>> >>
>> >> +/* Hypervisor controlled virtual interrupt priorities */
>> >> +uint8_t hviprio[64];
>> >> +
>> >>  /* Virtual CSRs */
>> >>  /*
>> >>   * For RV32 this is 32-bit vsstatus and 32-bit vsstatush.
>> >> @@ -379,6 +386,11 @@ int riscv_cpu_write_elf32_note(WriteCoreDumpFunction 
>> >> f, CPUState *cs,
>> >> int cpuid, void *opaque);
>> >>  int riscv_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int reg);
>> >>  int riscv_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
>> >> +int riscv_cpu_hviprio_index2irq(int index, int *out_irq, int 
>> >> *out_rdzero);
>> >> +uint8_t riscv_cpu_default_priority(int irq);
>> >> +int riscv_cpu_mirq_pending(CPURISCVState *env);
>> >> +int riscv_cpu_sirq_pending(CPURISCVState *env);
>> >> +int riscv_cpu_vsirq_pending(CPURISCVState *env);
>> >>  bool riscv_cpu_fp_enabled(CPURISCVState *env);
>> >>  target_ulong riscv_cpu_get_geilen(CPURISCVState *env);
>> >>  void riscv_cpu_set_geilen(CPURISCVState *env, target_ulong geilen);
>> >> diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
>> >> index f94a36fa89..e3532de4cf 100644
>> >> --- a/target/riscv/cpu_helper.c
>> >> +++ b/target/riscv/cpu_helper.c
>> >> @@ -151,36 +151,225 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, 
>> >> target_ulong *pc,
>> >>  }
>> >>
>> >>  #ifndef CONFIG_USER_ONLY
>> >> -static int riscv_cpu_local_irq_pending(CPURISCVState *env)
>> >> +
>> >> +/*
>> >> + * The HS-mode is allowed to configure priority only for the
>> >> + * following VS-mode local interrupts:
>> >> + *
>> >> + * 0  (Reserved interrupt, reads as zero)
>> >> + * 1  Supervisor software interrupt
>> >> + * 4  (Reserved interrupt, reads as zero)
>> >> + * 5  Supervisor timer interrupt
>> >> + * 8  (Reserved interrupt, reads as zero)
>> >> + * 13 (Reserved interrupt)
>> >> + * 14 "
>> >> + * 15 "
>> >>

Re: [PATCH v6 11/23] target/riscv: Implement AIA hvictl and hviprioX CSRs

[Anup Patel]

On Wed, Jan 12, 2022 at 6:45 PM Frank Chang  wrote:
>
> Anup Patel  於 2021年12月30日 週四 下午8:41寫道：
>>
>> From: Anup Patel 
>>
>> The AIA hvictl and hviprioX CSRs allow hypervisor to control
>> interrupts visible at VS-level. This patch implements AIA hvictl
>> and hviprioX CSRs.
>>
>> Signed-off-by: Anup Patel 
>> Signed-off-by: Anup Patel 
>> Reviewed-by: Alistair Francis 
>> ---
>>  target/riscv/cpu.h |   2 +
>>  target/riscv/csr.c | 126 +
>>  target/riscv/machine.c |   2 +
>>  3 files changed, 130 insertions(+)
>>
>> diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
>> index 72d03aa126..721727c577 100644
>> --- a/target/riscv/cpu.h
>> +++ b/target/riscv/cpu.h
>> @@ -199,6 +199,7 @@ struct CPURISCVState {
>>  uint64_t htimedelta;
>>
>>  /* Hypervisor controlled virtual interrupt priorities */
>> +target_ulong hvictl;
>>  uint8_t hviprio[64];
>>
>>  /* Virtual CSRs */
>> @@ -475,6 +476,7 @@ static inline RISCVMXL riscv_cpu_mxl(CPURISCVState *env)
>>  return env->misa_mxl;
>>  }
>>  #endif
>> +#define riscv_cpu_mxl_bits(env) (1UL << (4 + riscv_cpu_mxl(env)))
>>
>>  /*
>>   * Encode LMUL to lmul as follows:
>> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
>> index 06db5ab1a8..decb0376fc 100644
>> --- a/target/riscv/csr.c
>> +++ b/target/riscv/csr.c
>> @@ -230,6 +230,15 @@ static RISCVException pointer_masking(CPURISCVState 
>> *env, int csrno)
>>  return RISCV_EXCP_ILLEGAL_INST;
>>  }
>>
>> +static int aia_hmode(CPURISCVState *env, int csrno)
>> +{
>> +if (!riscv_feature(env, RISCV_FEATURE_AIA)) {
>> +return RISCV_EXCP_ILLEGAL_INST;
>> + }
>> +
>> + return hmode(env, csrno);
>> +}
>> +
>>  static int aia_hmode32(CPURISCVState *env, int csrno)
>>  {
>>  if (!riscv_feature(env, RISCV_FEATURE_AIA)) {
>> @@ -1070,6 +1079,9 @@ static RISCVException rmw_sie64(CPURISCVState *env, 
>> int csrno,
>>  uint64_t mask = env->mideleg & S_MODE_INTERRUPTS;
>>
>>  if (riscv_cpu_virt_enabled(env)) {
>> +if (env->hvictl & HVICTL_VTI) {
>> +return RISCV_EXCP_VIRT_INSTRUCTION_FAULT;
>> +}
>>  ret = rmw_vsie64(env, CSR_VSIE, ret_val, new_val, wr_mask);
>>  } else {
>>  ret = rmw_mie64(env, csrno, ret_val, new_val, wr_mask & mask);
>> @@ -1268,6 +1280,9 @@ static RISCVException rmw_sip64(CPURISCVState *env, 
>> int csrno,
>>  uint64_t mask = env->mideleg & sip_writable_mask;
>>
>>  if (riscv_cpu_virt_enabled(env)) {
>> +if (env->hvictl & HVICTL_VTI) {
>> +return RISCV_EXCP_VIRT_INSTRUCTION_FAULT;
>> +}
>>  ret = rmw_vsip64(env, CSR_VSIP, ret_val, new_val, wr_mask);
>>  } else {
>>  ret = rmw_mip64(env, csrno, ret_val, new_val, wr_mask & mask);
>> @@ -1654,6 +1669,110 @@ static RISCVException 
>> write_htimedeltah(CPURISCVState *env, int csrno,
>>  return RISCV_EXCP_NONE;
>>  }
>>
>> +static int read_hvictl(CPURISCVState *env, int csrno, target_ulong *val)
>> +{
>> +*val = env->hvictl;
>> +return RISCV_EXCP_NONE;
>> +}
>> +
>> +static int write_hvictl(CPURISCVState *env, int csrno, target_ulong val)
>> +{
>> +env->hvictl = val & HVICTL_VALID_MASK;
>> +return RISCV_EXCP_NONE;
>> +}
>> +
>> +static int read_hvipriox(CPURISCVState *env, int first_index,
>> + uint8_t *iprio, target_ulong *val)
>> +{
>> +int i, irq, rdzero, num_irqs = 4 * (riscv_cpu_mxl_bits(env) / 32);
>> +
>> +/* First index has to be multiple of numbe of irqs per register */
>
>
> typo: number

Okay, I will update.

>
>>
>> +if (first_index % num_irqs) {
>> +return (riscv_cpu_virt_enabled(env)) ?
>> +   RISCV_EXCP_VIRT_INSTRUCTION_FAULT : RISCV_EXCP_ILLEGAL_INST;
>> +}
>> +
>> +/* Fill-up return value */
>> +*val = 0;
>> +for (i = 0; i < num_irqs; i++) {
>> +if (riscv_cpu_hviprio_index2irq(first_index + i, &irq, &rdzero)) {
>> +continue;
>> +}
>> +if (rdzero) {
>> +continue;
>> +}
>> +*val |= ((target_ulong)iprio[irq]) << (i * 8);
>> +}
>> +
>> +return RISCV_EXCP_NONE;
>> +}
>> +
>> +static int write_hvipriox(CPURISCVState *env, int first_index,
>> +  uint8_t *iprio, target_ulong val)
>> +{
>> +int i, irq, rdzero, num_irqs = 4 * (riscv_cpu_mxl_bits(env) / 32);
>> +
>> +/* First index has to be multiple of numbe of irqs per register */
>
>
> typo: number

Okay, I will update.

>
>>
>> +if (first_index % num_irqs) {
>> +return (riscv_cpu_virt_enabled(env)) ?
>> +   RISCV_EXCP_VIRT_INSTRUCTION_FAULT : RISCV_EXCP_ILLEGAL_INST;
>> +}
>> +
>> +/* Fill-up priority arrary */
>> +for (i = 0; i < num_irqs; i++) {
>> +if (riscv_cpu_hviprio_index2irq(first_index + i, &irq, &rdzero)) {
>> +continue;
>> +}
>> +if (rdzero) {
>> +iprio[irq] = 0;
>> +} else {
>> +iprio[irq] 

Re: [PATCH v7 1/5] QIOChannel: Add flags on io_writev and introduce io_flush callback

[Daniel P . Berrangé]

On Thu, Jan 06, 2022 at 07:13:38PM -0300, Leonardo Bras wrote:
> Add flags to io_writev and introduce io_flush as optional callback to
> QIOChannelClass, allowing the implementation of zero copy writes by
> subclasses.
> 
> How to use them:
> - Write data using qio_channel_writev(...,QIO_CHANNEL_WRITE_FLAG_ZERO_COPY),
> - Wait write completion with qio_channel_flush().
> 
> Notes:
> As some zero copy implementations work asynchronously, it's
> recommended to keep the write buffer untouched until the return of
> qio_channel_flush(), to avoid the risk of sending an updated buffer
> instead of the buffer state during write.
> 
> As io_flush callback is optional, if a subclass does not implement it, then:
> - io_flush will return 0 without changing anything.
> 
> Also, some functions like qio_channel_writev_full_all() were adapted to
> receive a flag parameter. That allows shared code between zero copy and
> non-zero copy writev, and also an easier implementation on new flags.
> 
> Signed-off-by: Leonardo Bras 
> ---
>  include/io/channel.h | 67 +++-
>  io/channel-buffer.c  |  1 +
>  io/channel-command.c |  1 +
>  io/channel-file.c|  1 +
>  io/channel-socket.c  |  2 ++
>  io/channel-tls.c |  1 +
>  io/channel-websock.c |  1 +
>  io/channel.c | 51 +++--
>  migration/rdma.c |  1 +
>  9 files changed, 98 insertions(+), 28 deletions(-)
> 
> diff --git a/include/io/channel.h b/include/io/channel.h
> index 88988979f8..343766ce5b 100644
> --- a/include/io/channel.h
> +++ b/include/io/channel.h
> @@ -32,12 +32,15 @@ OBJECT_DECLARE_TYPE(QIOChannel, QIOChannelClass,
>  
>  #define QIO_CHANNEL_ERR_BLOCK -2
>  
> +#define QIO_CHANNEL_WRITE_FLAG_ZERO_COPY 0x1
> +
>  typedef enum QIOChannelFeature QIOChannelFeature;
>  
>  enum QIOChannelFeature {
>  QIO_CHANNEL_FEATURE_FD_PASS,
>  QIO_CHANNEL_FEATURE_SHUTDOWN,
>  QIO_CHANNEL_FEATURE_LISTEN,
> +QIO_CHANNEL_FEATURE_WRITE_ZERO_COPY,
>  };
>  
>  
> @@ -104,6 +107,7 @@ struct QIOChannelClass {
>   size_t niov,
>   int *fds,
>   size_t nfds,
> + int flags,
>   Error **errp);
>  ssize_t (*io_readv)(QIOChannel *ioc,
>  const struct iovec *iov,
> @@ -136,6 +140,8 @@ struct QIOChannelClass {
>IOHandler *io_read,
>IOHandler *io_write,
>void *opaque);
> +int (*io_flush)(QIOChannel *ioc,
> +Error **errp);
>  };
>  
>  /* General I/O handling functions */
> @@ -222,12 +228,13 @@ ssize_t qio_channel_readv_full(QIOChannel *ioc,
>  
>  
>  /**
> - * qio_channel_writev_full:
> + * qio_channel_writev_full_flags:
>   * @ioc: the channel object
>   * @iov: the array of memory regions to write data from
>   * @niov: the length of the @iov array
>   * @fds: an array of file handles to send
>   * @nfds: number of file handles in @fds
> + * @flags: write flags (QIO_CHANNEL_WRITE_FLAG_*)
>   * @errp: pointer to a NULL-initialized error object
>   *
>   * Write data to the IO channel, reading it from the
> @@ -255,12 +262,16 @@ ssize_t qio_channel_readv_full(QIOChannel *ioc,
>   * or QIO_CHANNEL_ERR_BLOCK if no data is can be sent
>   * and the channel is non-blocking
>   */
> -ssize_t qio_channel_writev_full(QIOChannel *ioc,
> -const struct iovec *iov,
> -size_t niov,
> -int *fds,
> -size_t nfds,
> -Error **errp);
> +ssize_t qio_channel_writev_full_flags(QIOChannel *ioc,
> +  const struct iovec *iov,
> +  size_t niov,
> +  int *fds,
> +  size_t nfds,
> +  int flags,
> +  Error **errp);
> +
> +#define qio_channel_writev_full(ioc, iov, niov, fds, nfds, errp) \
> +qio_channel_writev_full_flags(ioc, iov, niov, fds, nfds, 0, errp)

Don't introduce yet another API variant here. Just add flags to
all the existing write APIs with "full" in their name. The word
"full" in their name was intended to indicate that they are
accepting all possible parameters, so it doesn't mean sense to
add APIs which take even more possible parameters.

> +int qio_channel_writev_full_all_flags(QIOChannel *ioc,
> +  const struct iovec *iov,
> +  size_t niov,
> +  int *fds, size_t nfds,
> +  int flags, Error **errp);
> +#define qio_channel_writev_full_all(ioc, iov, niov, fds, nfds, errp) \
> +qio_channel_writev_full_all_flags(ioc, iov

Re: [PATCH] migration: Add canary to VMSTATE_END_OF_LIST

[Peter Maydell]

On Thu, 13 Jan 2022 at 01:21, Peter Xu  wrote:
>
> On Wed, Jan 12, 2022 at 10:56:07AM +, Peter Maydell wrote:
> > We could have vmstate_register_with_alias_id() iterate through
> > and assert presence of the right terminator (probably only if
> > qtest enabled, or some other suitable condition). Then the
> > existing tests that do the basic "check we can instantiate every
> > device and initialize every board model" would run that code
> > and catch most missing terminator cases, I think.
>
> Agreed.  How about assert it even without qtest?  We do tons of assertion for
> programming errors anyway in QEMU.

I don't inherently object, but in this case to do the assertion
we'd need to do a scan over the fields arrays which we wouldn't
otherwise need to, so the cost of the assert is not simply
the compare-and-branch but also the loop over the array. If
that's not significant in terms of start-up time costs we can
just go ahead and do it (which would be nicer for debugging
and making it really obvious to people writing new devices)
but my remark above was a gesture towards "maybe we need to
not do it for normal startup"..

-- PMM

Re: [PATCH v2 1/2] hw/sensor: Add SB-TSI Temperature Sensor Interface

[Philippe Mathieu-Daudé]

Hi Patrick,

On 13/1/22 00:26, Patrick Venture wrote:

From: Hao Wu 

SB Temperature Sensor Interface (SB-TSI) is an SMBus compatible
interface that reports AMD SoC's Ttcl (normalized temperature),
and resembles a typical 8-pin remote temperature sensor's I2C interface
to BMC.

This patch implements a basic AMD SB-TSI sensor that is
compatible with the open-source data sheet from AMD and Linux
kernel driver.

Reference:
Linux kernel driver:
https://lkml.org/lkml/2020/12/11/968
Register Map:
https://developer.amd.com/wp-content/resources/56255_3_03.PDF
(Chapter 6)

Signed-off-by: Hao Wu 
Reviewed-by: Doug Evans 
---
  hw/sensor/Kconfig |   4 +
  hw/sensor/meson.build |   1 +
  hw/sensor/tmp_sbtsi.c | 365 ++
  hw/sensor/trace-events|   5 +
  hw/sensor/trace.h |   1 +
  include/hw/sensor/sbtsi.h |  50 ++
  meson.build   |   1 +
  7 files changed, 427 insertions(+)
  create mode 100644 hw/sensor/tmp_sbtsi.c
  create mode 100644 hw/sensor/trace-events
  create mode 100644 hw/sensor/trace.h
  create mode 100644 include/hw/sensor/sbtsi.h


Since you are posting various patches, consider setting
the scripts/git.orderfile script up to ease on-list reviews.


diff --git a/include/hw/sensor/sbtsi.h b/include/hw/sensor/sbtsi.h
new file mode 100644
index 00..841891e89e
--- /dev/null
+++ b/include/hw/sensor/sbtsi.h
@@ -0,0 +1,50 @@
+/*
+ * AMD SBI Temperature Sensor Interface (SB-TSI)
+ *
+ * Copyright 2021 Google LLC
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+#ifndef QEMU_TMP_SBTSI_H
+#define QEMU_TMP_SBTSI_H
+
+#include "qom/object.h"
+
+#define TYPE_SBTSI "sbtsi"
+#define SBTSI(obj) OBJECT_CHECK(SBTSIState, (obj), TYPE_SBTSI)


SBTSIState is not declared outside of tmp_sbtsi.c, so I'd keep
SBTSI() there. Otherwise:

Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v2 1/4] include/qemu: rename Windows context definitions to expose bitness

[Philippe Mathieu-Daudé]

On 13/1/22 01:52, Viktor Prutyanov wrote:

Context structure in 64-bit Windows differs from 32-bit one and it
should be reflected in its name.

Signed-off-by: Viktor Prutyanov 
---
  contrib/elf2dmp/main.c   |  6 +++---
  dump/win_dump.c  | 14 +++---
  include/qemu/win_dump_defs.h |  8 
  3 files changed, 14 insertions(+), 14 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH 0/3] malta: Move PCI interrupt handling from gt64xxx to piix4

[Bernhard Beschow]

Hi Philippe,

On Thu, Jan 13, 2022 at 10:24 AM Philippe Mathieu-Daudé 
wrote:

> Hi Bernhard,
>
> On 12/1/22 22:36, Bernhard Beschow wrote:
> > Hi,
> >
> > first-time contributor here. Inspired by an article in LWN [1] I figured
> I'd
> > get my hands dirty with QEMU development. According to the article my
> goal is
> > to eliminate some "accidental complexity".
> >
> > While studying the code I noticed some (accidental?) differences between
> piix3
> > and piix4 where the PCI interrupts are handled. Moreover, I noticed
> presence of
> > global variables in piix4 which probably constitute a limitation of
> QOM's idea
> > of configuration-driven machine creation. By applying piix3 concepts,
> i.e.
> > moving the interrupt handling from gt64xxx to piix4, it's possible to
> both
> > eliminate the differences and resolve the global variables.
> >
> > The patch series is structured as follows: Patch 1 eliminates the
> differences,
> > patch 3 resolves the global variables. Patch 2 is a preparation for
> patch 3.
> > Some of my further comments regarding the patches are:
> >
> > Patch 1:
> > * pci_slot_get_pirq() looks quite malta-specific. Neither gt64xxx nor
> piix4
> >seem to be the perfect fit. So I moved it to piix4, analogous to
> piix3.
> > * The i8259 property moved from MaltaState to PIIX4State looks quite
> redundant
> >to the isa property. Could isa be used instead, eliminating i8259?
> >
> > Patch 2:
> > * Besides piix4, there were four further cases where the PIC array was
> passed
> >as the opaque parameter to the pci_map_irq_fn's. AFAICS in all other
> cases
> >the DeviceState is passed instead. With this patch, consistency is
> >esablished.
> > * Passing PIIX4State to piix4_set_irq() paves the way for eliminating all
> >global variables left in piix4.c (see patch 3).
> >
> > Comments welcome.
> >
> > Cheers
> > Bernhard
> >
> > [1] https://lwn.net/Articles/872321/
> >
> > Bernhard Beschow (3):
> >malta: Move PCI interrupt handling from gt64xxx to piix4
> >pci: Always pass own DeviceState to pci_map_irq_fn's
> >isa/piix4: Resolve global variables
>
> Did you forget to sent the patches?
>

I can see my patches in-reply-to my cover letter here [1]. Do I miss
something?

[1]  https://lists.nongnu.org/archive/html/qemu-devel/2022-01/msg02786.html

Re: [PATCH v2 3/4] include/qemu: add 32-bit Windows dump structures

[Philippe Mathieu-Daudé]

On 13/1/22 01:52, Viktor Prutyanov wrote:

These structures are required to produce 32-bit guest Windows Complete
Memory Dump. Add 32-bit Windows dump header, CPU context and physical
memory descriptor structures along with corresponding definitions.

Signed-off-by: Viktor Prutyanov 
---
  include/qemu/win_dump_defs.h | 107 +++
  1 file changed, 107 insertions(+)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v2 4/4] dump/win_dump: add 32-bit guest Windows support

[Philippe Mathieu-Daudé]

On 13/1/22 01:52, Viktor Prutyanov wrote:

Before this patch, 'dump-guest-memory -w' was accepting only 64-bit
dump header provided by guest through vmcoreinfo and thus was unable
to produce 32-bit guest Windows dump. So, add 32-bit guest Windows
dumping support.

Signed-off-by: Viktor Prutyanov 
---
  dump/win_dump.c | 231 +---
  1 file changed, 139 insertions(+), 92 deletions(-)

diff --git a/dump/win_dump.c b/dump/win_dump.c
index df3b432ca5..d751cd6d36 100644
--- a/dump/win_dump.c
+++ b/dump/win_dump.c
@@ -24,18 +24,18 @@
  #include "hw/misc/vmcoreinfo.h"
  #include "win_dump.h"
  
-#define WIN_DUMP_PTR_SIZE sizeof(uint64_t)

+#define WIN_DUMP_PTR_SIZE (x64 ? sizeof(uint64_t) : sizeof(uint32_t))
  
-#define _WIN_DUMP_FIELD(f) (h->f)

+#define _WIN_DUMP_FIELD(f) (x64 ? h->x64.f : h->x32.f)
  #define WIN_DUMP_FIELD(field) _WIN_DUMP_FIELD(field)
  
-#define _WIN_DUMP_FIELD_PTR(f) ((void *)&h->f)

+#define _WIN_DUMP_FIELD_PTR(f) (x64 ? (void *)&h->x64.f : (void *)&h->x32.f)
  #define WIN_DUMP_FIELD_PTR(field) _WIN_DUMP_FIELD_PTR(field)
  
-#define _WIN_DUMP_FIELD_SIZE(f) sizeof(h->f)

+#define _WIN_DUMP_FIELD_SIZE(f) (x64 ? sizeof(h->x64.f) : sizeof(h->x32.f))
  #define WIN_DUMP_FIELD_SIZE(field) _WIN_DUMP_FIELD_SIZE(field)
  
-#define WIN_DUMP_CTX_SIZE sizeof(WinContext64)

+#define WIN_DUMP_CTX_SIZE (x64 ? sizeof(WinContext64) : sizeof(WinContext32))


I'd feel safer with functions rather than macros. Anyhow,

Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH] docs/can: convert to restructuredText

[Peter Maydell]

On Wed, 5 Jan 2022 at 20:56,  wrote:
>
> From: Lucas Ramage 
>
> Buglink: https://gitlab.com/qemu-project/qemu/-/issues/527
> Signed-off-by: Lucas Ramage 
> ---
>  docs/{can.txt => system/can.rst} | 92 ++--
>  docs/system/index.rst|  1 +
>  2 files changed, 42 insertions(+), 51 deletions(-)
>  rename docs/{can.txt => system/can.rst} (68%)

Hi Lucas; thanks for this docs-conversion patch. It looks
good to me, except that I think that rather than putting
the new document in the top-level index of the system manual
it would fit better in the "Device Emulation / Emulated Devices"
subsection, where we already document things like USB devices.

Rather than ask you to respin the patch again for what is
basically just a "git mv", I'm going to take this patch via
my target-arm tree and make that change there.

Thanks
-- PMM

[PATCH v6 00/22] Support UXL filed in xstatus

[LIU Zhiwei]

In this patch set, we process the pc reigsters writes,
gdb reads and writes, and address calculation under
different UXLEN settings.

The patch set v6 has been tested by running rv64 Linux with 
rv32 rootfs in compat mode. You can almost follow the test [1]
given by GuoRen, except using the branch riscv-upstream-uxl-v6
on my QEMU repo [2].

[1] 
https://lore.kernel.org/linux-arm-kernel/20211228143958.3409187-17-guo...@kernel.org/t/
[2] https://github.com/romanheros/qemu.git 

Patch 3, 5, 20, 22, have not been reviewed. Others have been reviewed or acked.

v6:
  Pass boot 32bit rootfs on compat Linux
  Pass test cases on compat OpenTee
  Fix csr write mask 
  Fix WARL for uxl
  Fix sstatus read for uxl
  Relax UXL field for debugging
  Don't bump machine state version for xl
  Rename cpu_get_xl to cpu_recompute_xl
  Rebase to vector v1.0
  Rebase to 128 bit cpu

v5:
  Add xl field in env to clear up redundant riscv_cpu_xl
  Adjust pmpcfg access with mxl
  Select gdb core xml according to mxl 

v4:
  Support SSTATUS64_UXL write
  Bump vmstate version for vill split

v3:
  Merge gen_pm_adjust_address into a canonical address function
  Adjust address for RVA with XLEN
  Split pm_enabled into pm_mask_enabled and pm_base_enabled
  Replace array of pm tcg globals with one scalar tcg global
  Split and change patch sequence

v2:
  Split out vill from vtype
  Remove context switch when xlen changes at exception
  Use XL instead of OL in many places
  Use pointer masking and XLEN for vector address
  Define an common fuction to calculate address for ld


LIU Zhiwei (22):
  target/riscv: Adjust pmpcfg access with mxl
  target/riscv: Don't save pc when exception return
  target/riscv: Sign extend link reg for jal and jalr
  target/riscv: Sign extend pc for different XLEN
  target/riscv: Create xl field in env
  target/riscv: Ignore the pc bits above XLEN
  target/riscv: Extend pc for runtime pc write
  target/riscv: Use gdb xml according to max mxlen
  target/riscv: Relax debug check for pm write
  target/riscv: Adjust csr write mask with XLEN
  target/riscv: Create current pm fields in env
  target/riscv: Alloc tcg global for cur_pm[mask|base]
  target/riscv: Calculate address according to XLEN
  target/riscv: Split pm_enabled into mask and base
  target/riscv: Split out the vill from vtype
  target/riscv: Adjust vsetvl according to XLEN
  target/riscv: Remove VILL field in VTYPE
  target/riscv: Fix check range for first fault only
  target/riscv: Adjust vector address with mask
  target/riscv: Adjust scalar reg in vector with XLEN
  target/riscv: Enable uxl field write
  target/riscv: Relax UXL field for debugging

 target/riscv/cpu.c| 32 +--
 target/riscv/cpu.h| 45 -
 target/riscv/cpu_helper.c | 94 +--
 target/riscv/csr.c| 74 +--
 target/riscv/gdbstub.c| 71 ++
 target/riscv/helper.h |  4 +-
 .../riscv/insn_trans/trans_privileged.c.inc   |  9 +-
 target/riscv/insn_trans/trans_rva.c.inc   |  9 +-
 target/riscv/insn_trans/trans_rvd.c.inc   | 19 +---
 target/riscv/insn_trans/trans_rvf.c.inc   | 19 +---
 target/riscv/insn_trans/trans_rvi.c.inc   | 39 +++-
 target/riscv/insn_trans/trans_rvv.c.inc   |  6 +-
 target/riscv/machine.c| 16 +++-
 target/riscv/op_helper.c  |  7 +-
 target/riscv/pmp.c| 12 +--
 target/riscv/translate.c  | 90 +-
 target/riscv/vector_helper.c  | 39 +---
 17 files changed, 355 insertions(+), 230 deletions(-)

-- 
2.25.1

[PATCH v6 01/22] target/riscv: Adjust pmpcfg access with mxl

[LIU Zhiwei]

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
---
 target/riscv/csr.c | 19 +++
 target/riscv/pmp.c | 12 
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index adb3d4381d..e7578f3e0f 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -1493,9 +1493,23 @@ static RISCVException write_mseccfg(CPURISCVState *env, 
int csrno,
 return RISCV_EXCP_NONE;
 }
 
+static bool check_pmp_reg_index(CPURISCVState *env, uint32_t reg_index)
+{
+/* TODO: RV128 restriction check */
+if ((reg_index & 1) && (riscv_cpu_mxl(env) == MXL_RV64)) {
+return false;
+}
+return true;
+}
+
 static RISCVException read_pmpcfg(CPURISCVState *env, int csrno,
   target_ulong *val)
 {
+uint32_t reg_index = csrno - CSR_PMPCFG0;
+
+if (!check_pmp_reg_index(env, reg_index)) {
+return RISCV_EXCP_ILLEGAL_INST;
+}
 *val = pmpcfg_csr_read(env, csrno - CSR_PMPCFG0);
 return RISCV_EXCP_NONE;
 }
@@ -1503,6 +1517,11 @@ static RISCVException read_pmpcfg(CPURISCVState *env, 
int csrno,
 static RISCVException write_pmpcfg(CPURISCVState *env, int csrno,
target_ulong val)
 {
+uint32_t reg_index = csrno - CSR_PMPCFG0;
+
+if (!check_pmp_reg_index(env, reg_index)) {
+return RISCV_EXCP_ILLEGAL_INST;
+}
 pmpcfg_csr_write(env, csrno - CSR_PMPCFG0, val);
 return RISCV_EXCP_NONE;
 }
diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 54abf42583..81b61bb65c 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -463,16 +463,11 @@ void pmpcfg_csr_write(CPURISCVState *env, uint32_t 
reg_index,
 {
 int i;
 uint8_t cfg_val;
+int pmpcfg_nums = 2 << riscv_cpu_mxl(env);
 
 trace_pmpcfg_csr_write(env->mhartid, reg_index, val);
 
-if ((reg_index & 1) && (sizeof(target_ulong) == 8)) {
-qemu_log_mask(LOG_GUEST_ERROR,
-  "ignoring pmpcfg write - incorrect address\n");
-return;
-}
-
-for (i = 0; i < sizeof(target_ulong); i++) {
+for (i = 0; i < pmpcfg_nums; i++) {
 cfg_val = (val >> 8 * i)  & 0xff;
 pmp_write_cfg(env, (reg_index * 4) + i, cfg_val);
 }
@@ -490,8 +485,9 @@ target_ulong pmpcfg_csr_read(CPURISCVState *env, uint32_t 
reg_index)
 int i;
 target_ulong cfg_val = 0;
 target_ulong val = 0;
+int pmpcfg_nums = 2 << riscv_cpu_mxl(env);
 
-for (i = 0; i < sizeof(target_ulong); i++) {
+for (i = 0; i < pmpcfg_nums; i++) {
 val = pmp_read_cfg(env, (reg_index * 4) + i);
 cfg_val |= (val << (i * 8));
 }
-- 
2.25.1

[PATCH v6 02/22] target/riscv: Don't save pc when exception return

[LIU Zhiwei]

As pc will be written by the xepc in exception return, just ignore
pc in translation.

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
---
 target/riscv/helper.h  | 4 ++--
 target/riscv/insn_trans/trans_privileged.c.inc | 7 ++-
 target/riscv/op_helper.c   | 4 ++--
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/target/riscv/helper.h b/target/riscv/helper.h
index 6cf6d6ce98..72cc2582f4 100644
--- a/target/riscv/helper.h
+++ b/target/riscv/helper.h
@@ -100,8 +100,8 @@ DEF_HELPER_2(csrr_i128, tl, env, int)
 DEF_HELPER_4(csrw_i128, void, env, int, tl, tl)
 DEF_HELPER_6(csrrw_i128, tl, env, int, tl, tl, tl, tl)
 #ifndef CONFIG_USER_ONLY
-DEF_HELPER_2(sret, tl, env, tl)
-DEF_HELPER_2(mret, tl, env, tl)
+DEF_HELPER_1(sret, tl, env)
+DEF_HELPER_1(mret, tl, env)
 DEF_HELPER_1(wfi, void, env)
 DEF_HELPER_1(tlb_flush, void, env)
 #endif
diff --git a/target/riscv/insn_trans/trans_privileged.c.inc 
b/target/riscv/insn_trans/trans_privileged.c.inc
index 75c6ef80a6..6077bbbf11 100644
--- a/target/riscv/insn_trans/trans_privileged.c.inc
+++ b/target/riscv/insn_trans/trans_privileged.c.inc
@@ -74,10 +74,8 @@ static bool trans_uret(DisasContext *ctx, arg_uret *a)
 static bool trans_sret(DisasContext *ctx, arg_sret *a)
 {
 #ifndef CONFIG_USER_ONLY
-tcg_gen_movi_tl(cpu_pc, ctx->base.pc_next);
-
 if (has_ext(ctx, RVS)) {
-gen_helper_sret(cpu_pc, cpu_env, cpu_pc);
+gen_helper_sret(cpu_pc, cpu_env);
 tcg_gen_exit_tb(NULL, 0); /* no chaining */
 ctx->base.is_jmp = DISAS_NORETURN;
 } else {
@@ -92,8 +90,7 @@ static bool trans_sret(DisasContext *ctx, arg_sret *a)
 static bool trans_mret(DisasContext *ctx, arg_mret *a)
 {
 #ifndef CONFIG_USER_ONLY
-tcg_gen_movi_tl(cpu_pc, ctx->base.pc_next);
-gen_helper_mret(cpu_pc, cpu_env, cpu_pc);
+gen_helper_mret(cpu_pc, cpu_env);
 tcg_gen_exit_tb(NULL, 0); /* no chaining */
 ctx->base.is_jmp = DISAS_NORETURN;
 return true;
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index 6f040f2fb9..67693cb42b 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -115,7 +115,7 @@ target_ulong helper_csrrw_i128(CPURISCVState *env, int csr,
 
 #ifndef CONFIG_USER_ONLY
 
-target_ulong helper_sret(CPURISCVState *env, target_ulong cpu_pc_deb)
+target_ulong helper_sret(CPURISCVState *env)
 {
 uint64_t mstatus;
 target_ulong prev_priv, prev_virt;
@@ -176,7 +176,7 @@ target_ulong helper_sret(CPURISCVState *env, target_ulong 
cpu_pc_deb)
 return retpc;
 }
 
-target_ulong helper_mret(CPURISCVState *env, target_ulong cpu_pc_deb)
+target_ulong helper_mret(CPURISCVState *env)
 {
 if (!(env->priv >= PRV_M)) {
 riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC());
-- 
2.25.1

Re: [RFC PATCH v3 7/7] gitlab-ci: Support macOS 12 via cirrus-run

[Philippe Mathieu-Daudé]

On 13/1/22 08:39, Thomas Huth wrote:

On 10/01/2022 14.10, Philippe Mathieu-Daudé wrote:

Add support for macOS 12 build on Cirrus-CI, similarly to commit
0e103a65ba1 ("gitlab: support for ... macOS 11 via cirrus-run").

Update the lcitool repository to get the macos12 mappings,
and generate the vars file by calling 'make lcitool-refresh'.

Signed-off-by: Philippe Mathieu-Daudé 
---
Pending on libvirt-ci MR #210:
https://gitlab.com/libvirt/libvirt-ci/-/merge_requests/210
---
  .gitlab-ci.d/cirrus.yml   | 15 +++
  .gitlab-ci.d/cirrus/macos-12.vars | 16 
  tests/lcitool/libvirt-ci  |  2 +-
  tests/lcitool/refresh |  1 +
  4 files changed, 33 insertions(+), 1 deletion(-)
  create mode 100644 .gitlab-ci.d/cirrus/macos-12.vars

diff --git a/.gitlab-ci.d/cirrus.yml b/.gitlab-ci.d/cirrus.yml
index b96b22e2697..b7662959070 100644
--- a/.gitlab-ci.d/cirrus.yml
+++ b/.gitlab-ci.d/cirrus.yml
@@ -87,6 +87,21 @@ x64-macos-11-base-build:
  PKG_CONFIG_PATH: 
/usr/local/opt/curl/lib/pkgconfig:/usr/local/opt/ncurses/lib/pkgconfig:/usr/local/opt/readline/lib/pkgconfig 

  TEST_TARGETS: check-unit check-block check-qapi-schema 
check-softfloat check-qtest-x86_64

+x64-macos-12-base-build:
+  extends: .cirrus_build_job
+  variables:
+    NAME: macos-12
+    CIRRUS_VM_INSTANCE_TYPE: osx_instance
+    CIRRUS_VM_IMAGE_SELECTOR: image
+    CIRRUS_VM_IMAGE_NAME: monterey-base
+    CIRRUS_VM_CPUS: 12
+    CIRRUS_VM_RAM: 24G
+    UPDATE_COMMAND: brew update
+    INSTALL_COMMAND: brew install
+    PATH_EXTRA: /usr/local/opt/ccache/libexec:/usr/local/opt/gettext/bin
+    PKG_CONFIG_PATH: 
/usr/local/opt/curl/lib/pkgconfig:/usr/local/opt/ncurses/lib/pkgconfig:/usr/local/opt/readline/lib/pkgconfig 

+    TEST_TARGETS: check-unit check-block check-qapi-schema 
check-softfloat check-qtest-x86_64


Since we cannot run that many Cirrus-CI jobs in parallel, I think it 
might make sense to limit the macos-11 job to manual mode now?


TBH I don't know, IIUC macOS seems somehow a bit tied with hardware
(updated less often), and apparently our user base is still interested
in having the previous Catalina version working too.

What about FreeBSD jobs? Do you also plan to set the FreeBSD 12 job to 
manual?


Maybe we could split the configured options, but I'm not sure we'll save
much, the basics to be covered are major sysemu with ui, tools & doc.

[PATCH v6 06/22] target/riscv: Ignore the pc bits above XLEN

[LIU Zhiwei]

The read from PC for translation is in cpu_get_tb_cpu_state, before translation.

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
---
 target/riscv/cpu_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 32ea066ef0..2c83eb1f05 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -40,7 +40,7 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong 
*pc,
 {
 uint32_t flags = 0;
 
-*pc = env->pc;
+*pc = env->xl == MXL_RV32 ? env->pc & UINT32_MAX : env->pc;
 *cs_base = 0;
 
 if (riscv_has_ext(env, RVV)) {
-- 
2.25.1

[PATCH v6 04/22] target/riscv: Sign extend pc for different XLEN

[LIU Zhiwei]

When pc is written, it is sign-extended to fill the widest supported XLEN.

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
---
 .../riscv/insn_trans/trans_privileged.c.inc   |  2 +-
 target/riscv/insn_trans/trans_rvi.c.inc   |  5 ++--
 target/riscv/insn_trans/trans_rvv.c.inc   |  4 +--
 target/riscv/translate.c  | 25 ---
 4 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/target/riscv/insn_trans/trans_privileged.c.inc 
b/target/riscv/insn_trans/trans_privileged.c.inc
index 6077bbbf11..53613682e8 100644
--- a/target/riscv/insn_trans/trans_privileged.c.inc
+++ b/target/riscv/insn_trans/trans_privileged.c.inc
@@ -102,7 +102,7 @@ static bool trans_mret(DisasContext *ctx, arg_mret *a)
 static bool trans_wfi(DisasContext *ctx, arg_wfi *a)
 {
 #ifndef CONFIG_USER_ONLY
-tcg_gen_movi_tl(cpu_pc, ctx->pc_succ_insn);
+gen_set_pc_imm(ctx, ctx->pc_succ_insn);
 gen_helper_wfi(cpu_env);
 return true;
 #else
diff --git a/target/riscv/insn_trans/trans_rvi.c.inc 
b/target/riscv/insn_trans/trans_rvi.c.inc
index b9ba57f266..04d3ea237f 100644
--- a/target/riscv/insn_trans/trans_rvi.c.inc
+++ b/target/riscv/insn_trans/trans_rvi.c.inc
@@ -59,6 +59,7 @@ static bool trans_jalr(DisasContext *ctx, arg_jalr *a)
 tcg_gen_addi_tl(cpu_pc, get_gpr(ctx, a->rs1, EXT_NONE), a->imm);
 tcg_gen_andi_tl(cpu_pc, cpu_pc, (target_ulong)-2);
 
+gen_set_pc(ctx, cpu_pc);
 if (!has_ext(ctx, RVC)) {
 TCGv t0 = tcg_temp_new();
 
@@ -827,7 +828,7 @@ static bool trans_fence_i(DisasContext *ctx, arg_fence_i *a)
  * FENCE_I is a no-op in QEMU,
  * however we need to end the translation block
  */
-tcg_gen_movi_tl(cpu_pc, ctx->pc_succ_insn);
+gen_set_pc_imm(ctx, ctx->pc_succ_insn);
 tcg_gen_exit_tb(NULL, 0);
 ctx->base.is_jmp = DISAS_NORETURN;
 return true;
@@ -836,7 +837,7 @@ static bool trans_fence_i(DisasContext *ctx, arg_fence_i *a)
 static bool do_csr_post(DisasContext *ctx)
 {
 /* We may have changed important cpu state -- exit to main loop. */
-tcg_gen_movi_tl(cpu_pc, ctx->pc_succ_insn);
+gen_set_pc_imm(ctx, ctx->pc_succ_insn);
 tcg_gen_exit_tb(NULL, 0);
 ctx->base.is_jmp = DISAS_NORETURN;
 return true;
diff --git a/target/riscv/insn_trans/trans_rvv.c.inc 
b/target/riscv/insn_trans/trans_rvv.c.inc
index 6c285c958b..1c8086d3a6 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -149,7 +149,7 @@ static bool do_vsetvl(DisasContext *s, int rd, int rs1, 
TCGv s2)
 gen_set_gpr(s, rd, dst);
 mark_vs_dirty(s);
 
-tcg_gen_movi_tl(cpu_pc, s->pc_succ_insn);
+gen_set_pc_imm(s, s->pc_succ_insn);
 tcg_gen_lookup_and_goto_ptr();
 s->base.is_jmp = DISAS_NORETURN;
 
@@ -173,7 +173,7 @@ static bool do_vsetivli(DisasContext *s, int rd, TCGv s1, 
TCGv s2)
 gen_helper_vsetvl(dst, cpu_env, s1, s2);
 gen_set_gpr(s, rd, dst);
 mark_vs_dirty(s);
-tcg_gen_movi_tl(cpu_pc, s->pc_succ_insn);
+gen_set_pc_imm(s, s->pc_succ_insn);
 tcg_gen_lookup_and_goto_ptr();
 s->base.is_jmp = DISAS_NORETURN;
 
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index b47b308920..d8b7c48600 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -191,16 +191,33 @@ static void gen_check_nanbox_s(TCGv_i64 out, TCGv_i64 in)
 tcg_gen_movcond_i64(TCG_COND_GEU, out, in, t_max, in, t_nan);
 }
 
+static void gen_set_pc_imm(DisasContext *ctx, target_ulong dest)
+{
+if (get_xl(ctx) == MXL_RV32) {
+dest = (int32_t)dest;
+}
+tcg_gen_movi_tl(cpu_pc, dest);
+}
+
+static void gen_set_pc(DisasContext *ctx, TCGv dest)
+{
+if (get_xl(ctx) == MXL_RV32) {
+tcg_gen_ext32s_tl(cpu_pc, dest);
+} else {
+tcg_gen_mov_tl(cpu_pc, dest);
+}
+}
+
 static void generate_exception(DisasContext *ctx, int excp)
 {
-tcg_gen_movi_tl(cpu_pc, ctx->base.pc_next);
+gen_set_pc_imm(ctx, ctx->base.pc_next);
 gen_helper_raise_exception(cpu_env, tcg_constant_i32(excp));
 ctx->base.is_jmp = DISAS_NORETURN;
 }
 
 static void generate_exception_mtval(DisasContext *ctx, int excp)
 {
-tcg_gen_movi_tl(cpu_pc, ctx->base.pc_next);
+gen_set_pc_imm(ctx, ctx->base.pc_next);
 tcg_gen_st_tl(cpu_pc, cpu_env, offsetof(CPURISCVState, badaddr));
 gen_helper_raise_exception(cpu_env, tcg_constant_i32(excp));
 ctx->base.is_jmp = DISAS_NORETURN;
@@ -223,10 +240,10 @@ static void gen_goto_tb(DisasContext *ctx, int n, 
target_ulong dest)
 {
 if (translator_use_goto_tb(&ctx->base, dest)) {
 tcg_gen_goto_tb(n);
-tcg_gen_movi_tl(cpu_pc, dest);
+gen_set_pc_imm(ctx, dest);
 tcg_gen_exit_tb(ctx->base.tb, n);
 } else {
-tcg_gen_movi_tl(cpu_pc, dest);
+gen_set_pc_imm(ctx, dest);
 tcg_gen_lookup_and_goto_ptr();
 }
 }
-- 
2.25.1

[PATCH v6 03/22] target/riscv: Sign extend link reg for jal and jalr

[LIU Zhiwei]

Signed-off-by: LIU Zhiwei 
---
 target/riscv/insn_trans/trans_rvi.c.inc | 4 +---
 target/riscv/translate.c| 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvi.c.inc 
b/target/riscv/insn_trans/trans_rvi.c.inc
index 3a0ae28fef..b9ba57f266 100644
--- a/target/riscv/insn_trans/trans_rvi.c.inc
+++ b/target/riscv/insn_trans/trans_rvi.c.inc
@@ -68,9 +68,7 @@ static bool trans_jalr(DisasContext *ctx, arg_jalr *a)
 tcg_temp_free(t0);
 }
 
-if (a->rd != 0) {
-tcg_gen_movi_tl(cpu_gpr[a->rd], ctx->pc_succ_insn);
-}
+gen_set_gpri(ctx, a->rd, ctx->pc_succ_insn);
 tcg_gen_lookup_and_goto_ptr();
 
 if (misaligned) {
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 615048ec87..b47b308920 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -367,10 +367,8 @@ static void gen_jal(DisasContext *ctx, int rd, 
target_ulong imm)
 return;
 }
 }
-if (rd != 0) {
-tcg_gen_movi_tl(cpu_gpr[rd], ctx->pc_succ_insn);
-}
 
+gen_set_gpri(ctx, rd, ctx->pc_succ_insn);
 gen_goto_tb(ctx, 0, ctx->base.pc_next + imm); /* must use this for safety 
*/
 ctx->base.is_jmp = DISAS_NORETURN;
 }
-- 
2.25.1

[PATCH v6 10/22] target/riscv: Adjust csr write mask with XLEN

[LIU Zhiwei]

Write mask is representing the bits we care about.

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
---
 target/riscv/insn_trans/trans_rvi.c.inc | 12 
 target/riscv/op_helper.c|  3 ++-
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rvi.c.inc 
b/target/riscv/insn_trans/trans_rvi.c.inc
index 04d3ea237f..631bc1f09e 100644
--- a/target/riscv/insn_trans/trans_rvi.c.inc
+++ b/target/riscv/insn_trans/trans_rvi.c.inc
@@ -924,7 +924,8 @@ static bool do_csrrw_i128(DisasContext *ctx, int rd, int rc,
 
 static bool trans_csrrw(DisasContext *ctx, arg_csrrw *a)
 {
-if (get_xl(ctx) < MXL_RV128) {
+RISCVMXL xl = get_xl(ctx);
+if (xl < MXL_RV128) {
 TCGv src = get_gpr(ctx, a->rs1, EXT_NONE);
 
 /*
@@ -935,7 +936,8 @@ static bool trans_csrrw(DisasContext *ctx, arg_csrrw *a)
 return do_csrw(ctx, a->csr, src);
 }
 
-TCGv mask = tcg_constant_tl(-1);
+TCGv mask = tcg_constant_tl(xl == MXL_RV32 ? UINT32_MAX :
+ (target_ulong)-1);
 return do_csrrw(ctx, a->rd, a->csr, src, mask);
 } else {
 TCGv srcl = get_gpr(ctx, a->rs1, EXT_NONE);
@@ -1013,7 +1015,8 @@ static bool trans_csrrc(DisasContext *ctx, arg_csrrc *a)
 
 static bool trans_csrrwi(DisasContext *ctx, arg_csrrwi *a)
 {
-if (get_xl(ctx) < MXL_RV128) {
+RISCVMXL xl = get_xl(ctx);
+if (xl < MXL_RV128) {
 TCGv src = tcg_constant_tl(a->rs1);
 
 /*
@@ -1024,7 +1027,8 @@ static bool trans_csrrwi(DisasContext *ctx, arg_csrrwi *a)
 return do_csrw(ctx, a->csr, src);
 }
 
-TCGv mask = tcg_constant_tl(-1);
+TCGv mask = tcg_constant_tl(xl == MXL_RV32 ? UINT32_MAX :
+ (target_ulong)-1);
 return do_csrrw(ctx, a->rd, a->csr, src, mask);
 } else {
 TCGv src = tcg_constant_tl(a->rs1);
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index 67693cb42b..1a75ba11e6 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -50,7 +50,8 @@ target_ulong helper_csrr(CPURISCVState *env, int csr)
 
 void helper_csrw(CPURISCVState *env, int csr, target_ulong src)
 {
-RISCVException ret = riscv_csrrw(env, csr, NULL, src, -1);
+target_ulong mask = env->xl == MXL_RV32 ? UINT32_MAX : (target_ulong)-1;
+RISCVException ret = riscv_csrrw(env, csr, NULL, src, mask);
 
 if (ret != RISCV_EXCP_NONE) {
 riscv_raise_exception(env, ret, GETPC());
-- 
2.25.1

[PATCH v6 07/22] target/riscv: Extend pc for runtime pc write

[LIU Zhiwei]

In some cases, we must restore the guest PC to the address of the start of
the TB, such as when the instruction counter hits zero. So extend pc register
according to current xlen for these cases.

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
---
 target/riscv/cpu.c | 22 +++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 54c1cf8ec5..db16aaf7c9 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -341,7 +341,12 @@ static void riscv_cpu_set_pc(CPUState *cs, vaddr value)
 {
 RISCVCPU *cpu = RISCV_CPU(cs);
 CPURISCVState *env = &cpu->env;
-env->pc = value;
+
+if (env->xl == MXL_RV32) {
+env->pc = (int32_t)value;
+} else {
+env->pc = value;
+}
 }
 
 static void riscv_cpu_synchronize_from_tb(CPUState *cs,
@@ -349,7 +354,13 @@ static void riscv_cpu_synchronize_from_tb(CPUState *cs,
 {
 RISCVCPU *cpu = RISCV_CPU(cs);
 CPURISCVState *env = &cpu->env;
-env->pc = tb->pc;
+RISCVMXL xl = FIELD_EX32(tb->flags, TB_FLAGS, XL);
+
+if (xl == MXL_RV32) {
+env->pc = (int32_t)tb->pc;
+} else {
+env->pc = tb->pc;
+}
 }
 
 static bool riscv_cpu_has_work(CPUState *cs)
@@ -370,7 +381,12 @@ static bool riscv_cpu_has_work(CPUState *cs)
 void restore_state_to_opc(CPURISCVState *env, TranslationBlock *tb,
   target_ulong *data)
 {
-env->pc = data[0];
+RISCVMXL xl = FIELD_EX32(tb->flags, TB_FLAGS, XL);
+if (xl == MXL_RV32) {
+env->pc = (int32_t)data[0];
+} else {
+env->pc = data[0];
+}
 }
 
 static void riscv_cpu_reset(DeviceState *dev)
-- 
2.25.1

[PATCH v6 05/22] target/riscv: Create xl field in env

[LIU Zhiwei]

Signed-off-by: LIU Zhiwei 
---
 target/riscv/cpu.c|  1 +
 target/riscv/cpu.h| 31 +++
 target/riscv/cpu_helper.c | 34 ++
 target/riscv/csr.c|  2 ++
 target/riscv/machine.c| 10 ++
 5 files changed, 46 insertions(+), 32 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 9bc25d3055..54c1cf8ec5 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -399,6 +399,7 @@ static void riscv_cpu_reset(DeviceState *dev)
 /* mmte is supposed to have pm.current hardwired to 1 */
 env->mmte |= (PM_EXT_INITIAL | MMTE_M_PM_CURRENT);
 #endif
+env->xl = riscv_cpu_mxl(env);
 cs->exception_index = RISCV_EXCP_NONE;
 env->load_res = -1;
 set_default_nan_mode(1, &env->fp_status);
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 4d63086765..65fd849bef 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -145,6 +145,7 @@ struct CPURISCVState {
 uint32_t misa_mxl_max;  /* max mxl for this cpu */
 uint32_t misa_ext;  /* current extensions */
 uint32_t misa_ext_mask; /* max ext for this cpu */
+uint32_t xl;/* current xlen */
 
 /* 128-bit helpers upper part return value */
 target_ulong retxh;
@@ -443,6 +444,36 @@ static inline RISCVMXL riscv_cpu_mxl(CPURISCVState *env)
 }
 #endif
 
+#if defined(TARGET_RISCV32)
+#define cpu_recompute_xl(env)  ((void)(env), MXL_RV32)
+#else
+static inline RISCVMXL cpu_recompute_xl(CPURISCVState *env)
+{
+RISCVMXL xl = env->misa_mxl;
+#if !defined(CONFIG_USER_ONLY)
+/*
+ * When emulating a 32-bit-only cpu, use RV32.
+ * When emulating a 64-bit cpu, and MXL has been reduced to RV32,
+ * MSTATUSH doesn't have UXL/SXL, therefore XLEN cannot be widened
+ * back to RV64 for lower privs.
+ */
+if (xl != MXL_RV32) {
+switch (env->priv) {
+case PRV_M:
+break;
+case PRV_U:
+xl = get_field(env->mstatus, MSTATUS64_UXL);
+break;
+default: /* PRV_S | PRV_H */
+xl = get_field(env->mstatus, MSTATUS64_SXL);
+break;
+}
+}
+#endif
+return xl;
+}
+#endif
+
 /*
  * Encode LMUL to lmul as follows:
  * LMULvlmullmul
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 434a83e66a..32ea066ef0 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -35,37 +35,6 @@ int riscv_cpu_mmu_index(CPURISCVState *env, bool ifetch)
 #endif
 }
 
-static RISCVMXL cpu_get_xl(CPURISCVState *env)
-{
-#if defined(TARGET_RISCV32)
-return MXL_RV32;
-#elif defined(CONFIG_USER_ONLY)
-return MXL_RV64;
-#else
-RISCVMXL xl = riscv_cpu_mxl(env);
-
-/*
- * When emulating a 32-bit-only cpu, use RV32.
- * When emulating a 64-bit cpu, and MXL has been reduced to RV32,
- * MSTATUSH doesn't have UXL/SXL, therefore XLEN cannot be widened
- * back to RV64 for lower privs.
- */
-if (xl != MXL_RV32) {
-switch (env->priv) {
-case PRV_M:
-break;
-case PRV_U:
-xl = get_field(env->mstatus, MSTATUS64_UXL);
-break;
-default: /* PRV_S | PRV_H */
-xl = get_field(env->mstatus, MSTATUS64_SXL);
-break;
-}
-}
-return xl;
-#endif
-}
-
 void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong *pc,
   target_ulong *cs_base, uint32_t *pflags)
 {
@@ -145,7 +114,7 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong 
*pc,
 }
 #endif
 
-flags = FIELD_DP32(flags, TB_FLAGS, XL, cpu_get_xl(env));
+flags = FIELD_DP32(flags, TB_FLAGS, XL, env->xl);
 
 *pflags = flags;
 }
@@ -361,6 +330,7 @@ void riscv_cpu_set_mode(CPURISCVState *env, target_ulong 
newpriv)
 }
 /* tlb_flush is unnecessary as mode is contained in mmu_idx */
 env->priv = newpriv;
+env->xl = cpu_recompute_xl(env);
 
 /*
  * Clear the load reservation - otherwise a reservation placed in one
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index e7578f3e0f..b282a642f5 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -585,6 +585,7 @@ static RISCVException write_mstatus(CPURISCVState *env, int 
csrno,
 mstatus = set_field(mstatus, MSTATUS64_UXL, xl);
 }
 env->mstatus = mstatus;
+env->xl = cpu_recompute_xl(env);
 
 return RISCV_EXCP_NONE;
 }
@@ -700,6 +701,7 @@ static RISCVException write_misa(CPURISCVState *env, int 
csrno,
 /* flush translation cache */
 tb_flush(env_cpu(env));
 env->misa_ext = val;
+env->xl = riscv_cpu_mxl(env);
 return RISCV_EXCP_NONE;
 }
 
diff --git a/target/riscv/machine.c b/target/riscv/machine.c
index 13b9ab375b..e1d1029e88 100644
--- a/target/riscv/machine.c
+++ b/target/riscv/machine.c
@@ -185,10 +185,20 @@ static const VMStateDescription vmstate_rv128 = {
 }
 };
 
+static int riscv_cpu_post_load(void *opaque, int version_id)
+{
+RIS

[PATCH v6 17/22] target/riscv: Remove VILL field in VTYPE

[LIU Zhiwei]

Signed-off-by: LIU Zhiwei 
Acked-by: Richard Henderson 
Reviewed-by: Alistair Francis 
---
 target/riscv/cpu.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 645a1b3f6c..85eb5c63cf 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -110,7 +110,6 @@ FIELD(VTYPE, VTA, 6, 1)
 FIELD(VTYPE, VMA, 7, 1)
 FIELD(VTYPE, VEDIV, 8, 2)
 FIELD(VTYPE, RESERVED, 10, sizeof(target_ulong) * 8 - 11)
-FIELD(VTYPE, VILL, sizeof(target_ulong) * 8 - 1, 1)
 
 struct CPURISCVState {
 target_ulong gpr[32];
-- 
2.25.1

[PATCH v6 08/22] target/riscv: Use gdb xml according to max mxlen

[LIU Zhiwei]

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
---
 target/riscv/cpu.c |  8 ++---
 target/riscv/gdbstub.c | 71 +++---
 2 files changed, 55 insertions(+), 24 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index db16aaf7c9..a21287253a 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -446,6 +446,7 @@ static void riscv_cpu_realize(DeviceState *dev, Error 
**errp)
 RISCVCPU *cpu = RISCV_CPU(dev);
 CPURISCVState *env = &cpu->env;
 RISCVCPUClass *mcc = RISCV_CPU_GET_CLASS(dev);
+CPUClass *cc = CPU_CLASS(mcc);
 int priv_version = 0;
 Error *local_err = NULL;
 
@@ -496,11 +497,13 @@ static void riscv_cpu_realize(DeviceState *dev, Error 
**errp)
 switch (env->misa_mxl_max) {
 #ifdef TARGET_RISCV64
 case MXL_RV64:
+cc->gdb_core_xml_file = "riscv-64bit-cpu.xml";
 break;
 case MXL_RV128:
 break;
 #endif
 case MXL_RV32:
+cc->gdb_core_xml_file = "riscv-32bit-cpu.xml";
 break;
 default:
 g_assert_not_reached();
@@ -772,11 +775,6 @@ static void riscv_cpu_class_init(ObjectClass *c, void 
*data)
 cc->gdb_read_register = riscv_cpu_gdb_read_register;
 cc->gdb_write_register = riscv_cpu_gdb_write_register;
 cc->gdb_num_core_regs = 33;
-#if defined(TARGET_RISCV32)
-cc->gdb_core_xml_file = "riscv-32bit-cpu.xml";
-#elif defined(TARGET_RISCV64)
-cc->gdb_core_xml_file = "riscv-64bit-cpu.xml";
-#endif
 cc->gdb_stop_before_watchpoint = true;
 cc->disas_set_info = riscv_cpu_disas_set_info;
 #ifndef CONFIG_USER_ONLY
diff --git a/target/riscv/gdbstub.c b/target/riscv/gdbstub.c
index a5429b92d4..f531a74c2f 100644
--- a/target/riscv/gdbstub.c
+++ b/target/riscv/gdbstub.c
@@ -50,11 +50,23 @@ int riscv_cpu_gdb_read_register(CPUState *cs, GByteArray 
*mem_buf, int n)
 {
 RISCVCPU *cpu = RISCV_CPU(cs);
 CPURISCVState *env = &cpu->env;
+target_ulong tmp;
 
 if (n < 32) {
-return gdb_get_regl(mem_buf, env->gpr[n]);
+tmp = env->gpr[n];
 } else if (n == 32) {
-return gdb_get_regl(mem_buf, env->pc);
+tmp = env->pc;
+} else {
+return 0;
+}
+
+switch (env->misa_mxl_max) {
+case MXL_RV32:
+return gdb_get_reg32(mem_buf, tmp);
+case MXL_RV64:
+return gdb_get_reg64(mem_buf, tmp);
+default:
+g_assert_not_reached();
 }
 return 0;
 }
@@ -63,18 +75,32 @@ int riscv_cpu_gdb_write_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 {
 RISCVCPU *cpu = RISCV_CPU(cs);
 CPURISCVState *env = &cpu->env;
-
-if (n == 0) {
-/* discard writes to x0 */
-return sizeof(target_ulong);
-} else if (n < 32) {
-env->gpr[n] = ldtul_p(mem_buf);
-return sizeof(target_ulong);
+int length = 0;
+target_ulong tmp;
+
+switch (env->misa_mxl_max) {
+case MXL_RV32:
+tmp = (int32_t)ldl_p(mem_buf);
+length = 4;
+break;
+case MXL_RV64:
+if (env->xl < MXL_RV64) {
+tmp = (int32_t)ldq_p(mem_buf);
+} else {
+tmp = ldq_p(mem_buf);
+}
+length = 8;
+break;
+default:
+g_assert_not_reached();
+}
+if (n > 0 && n < 32) {
+env->gpr[n] = tmp;
 } else if (n == 32) {
-env->pc = ldtul_p(mem_buf);
-return sizeof(target_ulong);
+env->pc = tmp;
 }
-return 0;
+
+return length;
 }
 
 static int riscv_gdb_get_fpu(CPURISCVState *env, GByteArray *buf, int n)
@@ -387,13 +413,20 @@ void riscv_cpu_register_gdb_regs_for_features(CPUState 
*cs)
   
cs->gdb_num_regs),
  "riscv-vector.xml", 0);
 }
-#if defined(TARGET_RISCV32)
-gdb_register_coprocessor(cs, riscv_gdb_get_virtual, riscv_gdb_set_virtual,
- 1, "riscv-32bit-virtual.xml", 0);
-#elif defined(TARGET_RISCV64)
-gdb_register_coprocessor(cs, riscv_gdb_get_virtual, riscv_gdb_set_virtual,
- 1, "riscv-64bit-virtual.xml", 0);
-#endif
+switch (env->misa_mxl_max) {
+case MXL_RV32:
+gdb_register_coprocessor(cs, riscv_gdb_get_virtual,
+ riscv_gdb_set_virtual,
+ 1, "riscv-32bit-virtual.xml", 0);
+break;
+case MXL_RV64:
+gdb_register_coprocessor(cs, riscv_gdb_get_virtual,
+ riscv_gdb_set_virtual,
+ 1, "riscv-64bit-virtual.xml", 0);
+break;
+default:
+g_assert_not_reached();
+}
 
 gdb_register_coprocessor(cs, riscv_gdb_get_csr, riscv_gdb_set_csr,
  riscv_gen_dynamic_csr_xml(cs, cs->gdb_num_regs),
-- 
2.25.1

Re: [PATCH] tests/qtest: add qtests for npcm7xx sdhci

[Peter Maydell]

On Fri, 7 Jan 2022 at 22:32, Patrick Venture  wrote:
>
> From: Shengtan Mao 
>
> Reviewed-by: Hao Wu 
> Reviewed-by: Chris Rauer 
> Signed-off-by: Shengtan Mao 
> ---
>  tests/qtest/meson.build  |   1 +
>  tests/qtest/npcm7xx_sdhci-test.c | 201 +++
>  2 files changed, 202 insertions(+)
>  create mode 100644 tests/qtest/npcm7xx_sdhci-test.c
>
> diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
> index 37e1eaa449..b406eba8f6 100644
> --- a/tests/qtest/meson.build
> +++ b/tests/qtest/meson.build
> @@ -189,6 +189,7 @@ qtests_npcm7xx = \
> 'npcm7xx_gpio-test',
> 'npcm7xx_pwm-test',
> 'npcm7xx_rng-test',
> +   'npcm7xx_sdhci-test',
> 'npcm7xx_smbus-test',
> 'npcm7xx_timer-test',
> 'npcm7xx_watchdog_timer-test'] + \
> diff --git a/tests/qtest/npcm7xx_sdhci-test.c 
> b/tests/qtest/npcm7xx_sdhci-test.c
> new file mode 100644
> index 00..feb09b921a
> --- /dev/null
> +++ b/tests/qtest/npcm7xx_sdhci-test.c
> @@ -0,0 +1,201 @@
> +/*
> + * QTests for NPCM7xx SD-3.0 / MMC-4.51 Host Controller
> + *
> + * Copyright (c) 2021 Google LLC
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License as published by the
> + * Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful, but 
> WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
> + * for more details.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "hw/sd/npcm7xx_sdhci.h"
> +
> +#include "libqos/libqtest.h"
> +#include "libqtest-single.h"
> +#include "libqos/sdhci-cmd.h"
> +
> +#define NPCM7XX_MMC_BA 0xF0842000
> +#define NPCM7XX_BLK_SIZE 512
> +#define NPCM7XX_TEST_IMAGE_SIZE (1 << 30)
> +
> +char *sd_path;
> +
> +static QTestState *setup_sd_card(void)
> +{
> +QTestState *qts = qtest_initf(
> +"-machine kudo-bmc "
> +"-device sd-card,drive=drive0 "
> +"-drive id=drive0,if=none,file=%s,format=raw,auto-read-only=off",
> +sd_path);
> +
> +qtest_writew(qts, NPCM7XX_MMC_BA + SDHC_SWRST, SDHC_RESET_ALL);
> +qtest_writew(qts, NPCM7XX_MMC_BA + SDHC_CLKCON,
> + SDHC_CLOCK_SDCLK_EN | SDHC_CLOCK_INT_STABLE |
> + SDHC_CLOCK_INT_EN);
> +sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0, 0, SDHC_APP_CMD);
> +sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0x4120, 0, (41 << 8));
> +sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0, 0, SDHC_ALL_SEND_CID);
> +sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0, 0, SDHC_SEND_RELATIVE_ADDR);
> +sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0x4567, 0,
> +   SDHC_SELECT_DESELECT_CARD);
> +
> +return qts;
> +}
> +
> +static void write_sdread(QTestState *qts, const char *msg)
> +{
> +size_t len = strlen(msg);
> +char *rmsg = g_malloc(len);
> +
> +/* write message to sd */
> +int fd = open(sd_path, O_WRONLY);
> +int ret = write(fd, msg, len);

You're not checking that open() succeeded before using the fd
(similarly in a function later on).

-- PMM

[PATCH v6 09/22] target/riscv: Relax debug check for pm write

[LIU Zhiwei]

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
---
 target/riscv/csr.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index b282a642f5..3f3afbed21 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -1552,6 +1552,9 @@ static bool check_pm_current_disabled(CPURISCVState *env, 
int csrno)
 int csr_priv = get_field(csrno, 0x300);
 int pm_current;
 
+if (env->debugger) {
+return false;
+}
 /*
  * If priv lvls differ that means we're accessing csr from higher priv lvl,
  * so allow the access
-- 
2.25.1

Re: [PATCH 0/2] Adds designware i2c module and adds it to virt arm

[Peter Maydell]

On Thu, 13 Jan 2022 at 11:48, Peter Maydell  wrote:
>
> On Mon, 10 Jan 2022 at 21:47, Patrick Venture  wrote:
> >
> > This patch series introduces a new i2c module, namely the designware one 
> > and further enables this (optionally) for the virt-arm machine.
> >
> > Chris Rauer (2):
> >   hw/i2c: Add designware i2c controller.
> >   hw/arm: Enable smbus on arm virt machine.
>
> I need to see a pretty strong justification for why we
> should be adding new kinds of devices to the virt machine,
> given that it increases complexity and potential attack
> surface for using it with KVM; this cover letter doesn't
> seem to provide any...

Forgot to mention, but my prefered approach for providing
an i2c controller on the virt board would be to have a
PCI i2c controller: that way users who do need it can plug it
in with a -device command line option, and users who don't
need it never have to worry about it. (We seem to have
an ICH9-SMB PCI device already; I have no idea if it's suitable.)

thanks
-- PMM

[PATCH v6 12/22] target/riscv: Alloc tcg global for cur_pm[mask|base]

[LIU Zhiwei]

Replace the array of pm_mask/pm_base with scalar variables.
Remove the cached array value in DisasContext.

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
---
 target/riscv/translate.c | 32 
 1 file changed, 8 insertions(+), 24 deletions(-)

diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index d8b7c48600..4a8b091790 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -38,8 +38,8 @@ static TCGv_i64 cpu_fpr[32]; /* assume F and D extensions */
 static TCGv load_res;
 static TCGv load_val;
 /* globals for PM CSRs */
-static TCGv pm_mask[4];
-static TCGv pm_base[4];
+static TCGv pm_mask;
+static TCGv pm_base;
 
 #include "exec/gen-icount.h"
 
@@ -107,8 +107,6 @@ typedef struct DisasContext {
 TCGv temp[4];
 /* PointerMasking extension */
 bool pm_enabled;
-TCGv pm_mask;
-TCGv pm_base;
 } DisasContext;
 
 static inline bool has_ext(DisasContext *ctx, uint32_t ext)
@@ -401,8 +399,8 @@ static TCGv gen_pm_adjust_address(DisasContext *s, TCGv src)
 return src;
 } else {
 temp = temp_new(s);
-tcg_gen_andc_tl(temp, src, s->pm_mask);
-tcg_gen_or_tl(temp, temp, s->pm_base);
+tcg_gen_andc_tl(temp, src, pm_mask);
+tcg_gen_or_tl(temp, temp, pm_base);
 return temp;
 }
 }
@@ -925,10 +923,6 @@ static void riscv_tr_init_disas_context(DisasContextBase 
*dcbase, CPUState *cs)
 ctx->ntemp = 0;
 memset(ctx->temp, 0, sizeof(ctx->temp));
 ctx->pm_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_ENABLED);
-int priv = tb_flags & TB_FLAGS_PRIV_MMU_MASK;
-ctx->pm_mask = pm_mask[priv];
-ctx->pm_base = pm_base[priv];
-
 ctx->zero = tcg_constant_tl(0);
 }
 
@@ -1046,19 +1040,9 @@ void riscv_translate_init(void)
  "load_res");
 load_val = tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, load_val),
  "load_val");
-#ifndef CONFIG_USER_ONLY
 /* Assign PM CSRs to tcg globals */
-pm_mask[PRV_U] =
-  tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, upmmask), "upmmask");
-pm_base[PRV_U] =
-  tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, upmbase), "upmbase");
-pm_mask[PRV_S] =
-  tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, spmmask), "spmmask");
-pm_base[PRV_S] =
-  tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, spmbase), "spmbase");
-pm_mask[PRV_M] =
-  tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, mpmmask), "mpmmask");
-pm_base[PRV_M] =
-  tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, mpmbase), "mpmbase");
-#endif
+pm_mask = tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, cur_pmmask),
+ "pmmask");
+pm_base = tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, cur_pmbase),
+ "pmbase");
 }
-- 
2.25.1

[PATCH v6 11/22] target/riscv: Create current pm fields in env

[LIU Zhiwei]

Signed-off-by: LIU Zhiwei 
Reviewed-by: Alistair Francis 
Reviewed-by: Richard Henderson 
---
 target/riscv/cpu.c|  1 +
 target/riscv/cpu.h|  4 
 target/riscv/cpu_helper.c | 43 +++
 target/riscv/csr.c| 19 +
 target/riscv/machine.c|  1 +
 5 files changed, 68 insertions(+)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index a21287253a..a4b9ab0d9c 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -416,6 +416,7 @@ static void riscv_cpu_reset(DeviceState *dev)
 env->mmte |= (PM_EXT_INITIAL | MMTE_M_PM_CURRENT);
 #endif
 env->xl = riscv_cpu_mxl(env);
+riscv_cpu_update_mask(env);
 cs->exception_index = RISCV_EXCP_NONE;
 env->load_res = -1;
 set_default_nan_mode(1, &env->fp_status);
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 65fd849bef..adb455cf09 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -265,6 +265,8 @@ struct CPURISCVState {
 target_ulong upmmask;
 target_ulong upmbase;
 #endif
+target_ulong cur_pmmask;
+target_ulong cur_pmbase;
 
 float_status fp_status;
 
@@ -502,6 +504,8 @@ static inline uint32_t vext_get_vlmax(RISCVCPU *cpu, 
target_ulong vtype)
 void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong *pc,
   target_ulong *cs_base, uint32_t *pflags);
 
+void riscv_cpu_update_mask(CPURISCVState *env);
+
 RISCVException riscv_csrrw(CPURISCVState *env, int csrno,
target_ulong *ret_value,
target_ulong new_value, target_ulong write_mask);
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 2c83eb1f05..e6c95edb18 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -119,6 +119,48 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong 
*pc,
 *pflags = flags;
 }
 
+void riscv_cpu_update_mask(CPURISCVState *env)
+{
+target_ulong mask = -1, base = 0;
+/*
+ * TODO: Current RVJ spec does not specify
+ * how the extension interacts with XLEN.
+ */
+#ifndef CONFIG_USER_ONLY
+if (riscv_has_ext(env, RVJ)) {
+switch (env->priv) {
+case PRV_M:
+if (env->mmte & M_PM_ENABLE) {
+mask = env->mpmmask;
+base = env->mpmbase;
+}
+break;
+case PRV_S:
+if (env->mmte & S_PM_ENABLE) {
+mask = env->spmmask;
+base = env->spmbase;
+}
+break;
+case PRV_U:
+if (env->mmte & U_PM_ENABLE) {
+mask = env->upmmask;
+base = env->upmbase;
+}
+break;
+default:
+g_assert_not_reached();
+}
+}
+#endif
+if (env->xl == MXL_RV32) {
+env->cur_pmmask = mask & UINT32_MAX;
+env->cur_pmbase = base & UINT32_MAX;
+} else {
+env->cur_pmmask = mask;
+env->cur_pmbase = base;
+}
+}
+
 #ifndef CONFIG_USER_ONLY
 static int riscv_cpu_local_irq_pending(CPURISCVState *env)
 {
@@ -331,6 +373,7 @@ void riscv_cpu_set_mode(CPURISCVState *env, target_ulong 
newpriv)
 /* tlb_flush is unnecessary as mode is contained in mmu_idx */
 env->priv = newpriv;
 env->xl = cpu_recompute_xl(env);
+riscv_cpu_update_mask(env);
 
 /*
  * Clear the load reservation - otherwise a reservation placed in one
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 3f3afbed21..6e4b8cd56d 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -1603,6 +1603,7 @@ static RISCVException write_mmte(CPURISCVState *env, int 
csrno,
 /* hardwiring pm.instruction bit to 0, since it's not supported yet */
 wpri_val &= ~(MMTE_M_PM_INSN | MMTE_S_PM_INSN | MMTE_U_PM_INSN);
 env->mmte = wpri_val | PM_EXT_DIRTY;
+riscv_cpu_update_mask(env);
 
 /* Set XS and SD bits, since PM CSRs are dirty */
 mstatus = env->mstatus | MSTATUS_XS;
@@ -1678,6 +1679,9 @@ static RISCVException write_mpmmask(CPURISCVState *env, 
int csrno,
 uint64_t mstatus;
 
 env->mpmmask = val;
+if ((env->priv == PRV_M) && (env->mmte & M_PM_ENABLE)) {
+env->cur_pmmask = val;
+}
 env->mmte |= PM_EXT_DIRTY;
 
 /* Set XS and SD bits, since PM CSRs are dirty */
@@ -1703,6 +1707,9 @@ static RISCVException write_spmmask(CPURISCVState *env, 
int csrno,
 return RISCV_EXCP_NONE;
 }
 env->spmmask = val;
+if ((env->priv == PRV_S) && (env->mmte & S_PM_ENABLE)) {
+env->cur_pmmask = val;
+}
 env->mmte |= PM_EXT_DIRTY;
 
 /* Set XS and SD bits, since PM CSRs are dirty */
@@ -1728,6 +1735,9 @@ static RISCVException write_upmmask(CPURISCVState *env, 
int csrno,
 return RISCV_EXCP_NONE;
 }
 env->upmmask = val;
+if ((env->priv == PRV_U) && (env->mmte & U_PM_ENABLE)) {
+env->cur_pmmask = val;
+}
 env->mmte |= PM_EXT_DIRTY;
 
 /* Set XS and SD bits, since PM CSRs are

[PATCH v6 13/22] target/riscv: Calculate address according to XLEN

[LIU Zhiwei]

Define one common function to compute a canonical address from a register
plus offset. Merge gen_pm_adjust_address into this function.

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
---
 target/riscv/insn_trans/trans_rva.c.inc |  9 +++--
 target/riscv/insn_trans/trans_rvd.c.inc | 19 ++-
 target/riscv/insn_trans/trans_rvf.c.inc | 19 ++-
 target/riscv/insn_trans/trans_rvi.c.inc | 18 ++
 target/riscv/translate.c| 25 -
 5 files changed, 21 insertions(+), 69 deletions(-)

diff --git a/target/riscv/insn_trans/trans_rva.c.inc 
b/target/riscv/insn_trans/trans_rva.c.inc
index 86032fa9a7..45db82c9be 100644
--- a/target/riscv/insn_trans/trans_rva.c.inc
+++ b/target/riscv/insn_trans/trans_rva.c.inc
@@ -20,12 +20,11 @@
 
 static bool gen_lr(DisasContext *ctx, arg_atomic *a, MemOp mop)
 {
-TCGv src1 = get_gpr(ctx, a->rs1, EXT_ZERO);
+TCGv src1 = get_address(ctx, a->rs1, 0);
 
 if (a->rl) {
 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
 }
-src1 = gen_pm_adjust_address(ctx, src1);
 tcg_gen_qemu_ld_tl(load_val, src1, ctx->mem_idx, mop);
 if (a->aq) {
 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
@@ -44,8 +43,7 @@ static bool gen_sc(DisasContext *ctx, arg_atomic *a, MemOp 
mop)
 TCGLabel *l1 = gen_new_label();
 TCGLabel *l2 = gen_new_label();
 
-src1 = get_gpr(ctx, a->rs1, EXT_ZERO);
-src1 = gen_pm_adjust_address(ctx, src1);
+src1 = get_address(ctx, a->rs1, 0);
 tcg_gen_brcond_tl(TCG_COND_NE, load_res, src1, l1);
 
 /*
@@ -83,10 +81,9 @@ static bool gen_amo(DisasContext *ctx, arg_atomic *a,
 MemOp mop)
 {
 TCGv dest = dest_gpr(ctx, a->rd);
-TCGv src1 = get_gpr(ctx, a->rs1, EXT_NONE);
+TCGv src1 = get_address(ctx, a->rs1, 0);
 TCGv src2 = get_gpr(ctx, a->rs2, EXT_NONE);
 
-src1 = gen_pm_adjust_address(ctx, src1);
 func(dest, src1, src2, ctx->mem_idx, mop);
 
 gen_set_gpr(ctx, a->rd, dest);
diff --git a/target/riscv/insn_trans/trans_rvd.c.inc 
b/target/riscv/insn_trans/trans_rvd.c.inc
index ed444b042a..091ed3a8ad 100644
--- a/target/riscv/insn_trans/trans_rvd.c.inc
+++ b/target/riscv/insn_trans/trans_rvd.c.inc
@@ -25,14 +25,7 @@ static bool trans_fld(DisasContext *ctx, arg_fld *a)
 REQUIRE_FPU;
 REQUIRE_EXT(ctx, RVD);
 
-addr = get_gpr(ctx, a->rs1, EXT_NONE);
-if (a->imm) {
-TCGv temp = temp_new(ctx);
-tcg_gen_addi_tl(temp, addr, a->imm);
-addr = temp;
-}
-addr = gen_pm_adjust_address(ctx, addr);
-
+addr = get_address(ctx, a->rs1, a->imm);
 tcg_gen_qemu_ld_i64(cpu_fpr[a->rd], addr, ctx->mem_idx, MO_TEUQ);
 
 mark_fs_dirty(ctx);
@@ -46,16 +39,8 @@ static bool trans_fsd(DisasContext *ctx, arg_fsd *a)
 REQUIRE_FPU;
 REQUIRE_EXT(ctx, RVD);
 
-addr = get_gpr(ctx, a->rs1, EXT_NONE);
-if (a->imm) {
-TCGv temp = temp_new(ctx);
-tcg_gen_addi_tl(temp, addr, a->imm);
-addr = temp;
-}
-addr = gen_pm_adjust_address(ctx, addr);
-
+addr = get_address(ctx, a->rs1, a->imm);
 tcg_gen_qemu_st_i64(cpu_fpr[a->rs2], addr, ctx->mem_idx, MO_TEUQ);
-
 return true;
 }
 
diff --git a/target/riscv/insn_trans/trans_rvf.c.inc 
b/target/riscv/insn_trans/trans_rvf.c.inc
index b5459249c4..0aac87f7db 100644
--- a/target/riscv/insn_trans/trans_rvf.c.inc
+++ b/target/riscv/insn_trans/trans_rvf.c.inc
@@ -31,14 +31,7 @@ static bool trans_flw(DisasContext *ctx, arg_flw *a)
 REQUIRE_FPU;
 REQUIRE_EXT(ctx, RVF);
 
-addr = get_gpr(ctx, a->rs1, EXT_NONE);
-if (a->imm) {
-TCGv temp = temp_new(ctx);
-tcg_gen_addi_tl(temp, addr, a->imm);
-addr = temp;
-}
-addr = gen_pm_adjust_address(ctx, addr);
-
+addr = get_address(ctx, a->rs1, a->imm);
 dest = cpu_fpr[a->rd];
 tcg_gen_qemu_ld_i64(dest, addr, ctx->mem_idx, MO_TEUL);
 gen_nanbox_s(dest, dest);
@@ -54,16 +47,8 @@ static bool trans_fsw(DisasContext *ctx, arg_fsw *a)
 REQUIRE_FPU;
 REQUIRE_EXT(ctx, RVF);
 
-addr = get_gpr(ctx, a->rs1, EXT_NONE);
-if (a->imm) {
-TCGv temp = tcg_temp_new();
-tcg_gen_addi_tl(temp, addr, a->imm);
-addr = temp;
-}
-addr = gen_pm_adjust_address(ctx, addr);
-
+addr = get_address(ctx, a->rs1, a->imm);
 tcg_gen_qemu_st_i64(cpu_fpr[a->rs2], addr, ctx->mem_idx, MO_TEUL);
-
 return true;
 }
 
diff --git a/target/riscv/insn_trans/trans_rvi.c.inc 
b/target/riscv/insn_trans/trans_rvi.c.inc
index 631bc1f09e..3cd1b3f877 100644
--- a/target/riscv/insn_trans/trans_rvi.c.inc
+++ b/target/riscv/insn_trans/trans_rvi.c.inc
@@ -226,14 +226,7 @@ static bool trans_bgeu(DisasContext *ctx, arg_bgeu *a)
 static bool gen_load_tl(DisasContext *ctx, arg_lb *a, MemOp memop)
 {
 TCGv dest = dest_gpr(ctx, a->rd);
-TCGv addr = get_gpr(ctx, a->rs1, EXT_NONE);
-
-if (a->imm) {
-TCGv temp = temp_new(ctx);
-tcg_gen_addi_tl

[PATCH v6 19/22] target/riscv: Adjust vector address with mask

[LIU Zhiwei]

The mask comes from the pointer masking extension, or the max value
corresponding to XLEN bits.

Signed-off-by: LIU Zhiwei 
Acked-by: Alistair Francis 
Reviewed-by: Richard Henderson 
---
 target/riscv/vector_helper.c | 25 +++--
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c
index efb3129532..020d2e841f 100644
--- a/target/riscv/vector_helper.c
+++ b/target/riscv/vector_helper.c
@@ -139,6 +139,11 @@ static inline uint32_t vext_max_elems(uint32_t desc, 
uint32_t esz)
 return scale < 0 ? vlenb >> -scale : vlenb << scale;
 }
 
+static inline target_ulong adjust_addr(CPURISCVState *env, target_ulong addr)
+{
+return (addr & env->cur_pmmask) | env->cur_pmbase;
+}
+
 /*
  * This function checks watchpoint before real load operation.
  *
@@ -156,12 +161,12 @@ static void probe_pages(CPURISCVState *env, target_ulong 
addr,
 target_ulong pagelen = -(addr | TARGET_PAGE_MASK);
 target_ulong curlen = MIN(pagelen, len);
 
-probe_access(env, addr, curlen, access_type,
+probe_access(env, adjust_addr(env, addr), curlen, access_type,
  cpu_mmu_index(env, false), ra);
 if (len > curlen) {
 addr += curlen;
 curlen = len - curlen;
-probe_access(env, addr, curlen, access_type,
+probe_access(env, adjust_addr(env, addr), curlen, access_type,
  cpu_mmu_index(env, false), ra);
 }
 }
@@ -239,7 +244,7 @@ vext_ldst_stride(void *vd, void *v0, target_ulong base,
 k = 0;
 while (k < nf) {
 target_ulong addr = base + stride * i + (k << esz);
-ldst_elem(env, addr, i + k * max_elems, vd, ra);
+ldst_elem(env, adjust_addr(env, addr), i + k * max_elems, vd, ra);
 k++;
 }
 }
@@ -295,7 +300,7 @@ vext_ldst_us(void *vd, target_ulong base, CPURISCVState 
*env, uint32_t desc,
 k = 0;
 while (k < nf) {
 target_ulong addr = base + ((i * nf + k) << esz);
-ldst_elem(env, addr, i + k * max_elems, vd, ra);
+ldst_elem(env, adjust_addr(env, addr), i + k * max_elems, vd, ra);
 k++;
 }
 }
@@ -409,7 +414,7 @@ vext_ldst_index(void *vd, void *v0, target_ulong base,
 k = 0;
 while (k < nf) {
 abi_ptr addr = get_index_addr(base, i, vs2) + (k << esz);
-ldst_elem(env, addr, i + k * max_elems, vd, ra);
+ldst_elem(env, adjust_addr(env, addr), i + k * max_elems, vd, ra);
 k++;
 }
 }
@@ -488,7 +493,7 @@ vext_ldff(void *vd, void *v0, target_ulong base,
 if (!vm && !vext_elem_mask(v0, i)) {
 continue;
 }
-addr = base + i * (nf << esz);
+addr = adjust_addr(env, base + i * (nf << esz));
 if (i == 0) {
 probe_pages(env, addr, nf << esz, ra, MMU_DATA_LOAD);
 } else {
@@ -515,7 +520,7 @@ vext_ldff(void *vd, void *v0, target_ulong base,
 break;
 }
 remain -= offset;
-addr += offset;
+addr = adjust_addr(env, addr + offset);
 }
 }
 }
@@ -531,7 +536,7 @@ ProbeSuccess:
 }
 while (k < nf) {
 target_ulong addr = base + ((i * nf + k) << esz);
-ldst_elem(env, addr, i + k * max_elems, vd, ra);
+ldst_elem(env, adjust_addr(env, addr), i + k * max_elems, vd, ra);
 k++;
 }
 }
@@ -585,7 +590,7 @@ vext_ldst_whole(void *vd, target_ulong base, CPURISCVState 
*env, uint32_t desc,
 /* load/store rest of elements of current segment pointed by vstart */
 for (pos = off; pos < max_elems; pos++, env->vstart++) {
 target_ulong addr = base + ((pos + k * max_elems) << esz);
-ldst_elem(env, addr, pos + k * max_elems, vd, ra);
+ldst_elem(env, adjust_addr(env, addr), pos + k * max_elems, vd, 
ra);
 }
 k++;
 }
@@ -594,7 +599,7 @@ vext_ldst_whole(void *vd, target_ulong base, CPURISCVState 
*env, uint32_t desc,
 for (; k < nf; k++) {
 for (i = 0; i < max_elems; i++, env->vstart++) {
 target_ulong addr = base + ((i + k * max_elems) << esz);
-ldst_elem(env, addr, i + k * max_elems, vd, ra);
+ldst_elem(env, adjust_addr(env, addr), i + k * max_elems, vd, ra);
 }
 }
 
-- 
2.25.1

[PATCH v6 15/22] target/riscv: Split out the vill from vtype

[LIU Zhiwei]

We need not specially process vtype when XLEN changes.

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
---
 target/riscv/cpu.h   |  1 +
 target/riscv/cpu_helper.c|  3 +--
 target/riscv/csr.c   | 13 -
 target/riscv/machine.c   |  5 +++--
 target/riscv/vector_helper.c |  3 ++-
 5 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 41dcf9775a..abf217e34f 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -124,6 +124,7 @@ struct CPURISCVState {
 target_ulong vl;
 target_ulong vstart;
 target_ulong vtype;
+bool vill;
 
 target_ulong pc;
 target_ulong load_res;
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index b781e96657..bebcfcd009 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -57,8 +57,7 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong 
*pc,
 uint32_t maxsz = vlmax << sew;
 bool vl_eq_vlmax = (env->vstart == 0) && (vlmax == env->vl) &&
(maxsz >= 8);
-flags = FIELD_DP32(flags, TB_FLAGS, VILL,
-FIELD_EX64(env->vtype, VTYPE, VILL));
+flags = FIELD_DP32(flags, TB_FLAGS, VILL, env->vill);
 flags = FIELD_DP32(flags, TB_FLAGS, SEW, sew);
 flags = FIELD_DP32(flags, TB_FLAGS, LMUL,
 FIELD_EX64(env->vtype, VTYPE, VLMUL));
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 6e4b8cd56d..8e67ff7c54 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -279,7 +279,18 @@ static RISCVException write_fcsr(CPURISCVState *env, int 
csrno,
 static RISCVException read_vtype(CPURISCVState *env, int csrno,
  target_ulong *val)
 {
-*val = env->vtype;
+uint64_t vill;
+switch (env->xl) {
+case MXL_RV32:
+vill = (uint32_t)env->vill << 31;
+break;
+case MXL_RV64:
+vill = (uint64_t)env->vill << 63;
+break;
+default:
+g_assert_not_reached();
+}
+*val = (target_ulong)vill | env->vtype;
 return RISCV_EXCP_NONE;
 }
 
diff --git a/target/riscv/machine.c b/target/riscv/machine.c
index 58dd7c2fad..8cea167bca 100644
--- a/target/riscv/machine.c
+++ b/target/riscv/machine.c
@@ -124,8 +124,8 @@ static bool vector_needed(void *opaque)
 
 static const VMStateDescription vmstate_vector = {
 .name = "cpu/vector",
-.version_id = 1,
-.minimum_version_id = 1,
+.version_id = 2,
+.minimum_version_id = 2,
 .needed = vector_needed,
 .fields = (VMStateField[]) {
 VMSTATE_UINT64_ARRAY(env.vreg, RISCVCPU, 32 * RV_VLEN_MAX / 64),
@@ -134,6 +134,7 @@ static const VMStateDescription vmstate_vector = {
 VMSTATE_UINTTL(env.vl, RISCVCPU),
 VMSTATE_UINTTL(env.vstart, RISCVCPU),
 VMSTATE_UINTTL(env.vtype, RISCVCPU),
+VMSTATE_BOOL(env.vill, RISCVCPU),
 VMSTATE_END_OF_LIST()
 }
 };
diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c
index ad505ec9b2..a9484c22ea 100644
--- a/target/riscv/vector_helper.c
+++ b/target/riscv/vector_helper.c
@@ -52,7 +52,8 @@ target_ulong HELPER(vsetvl)(CPURISCVState *env, target_ulong 
s1,
 || (ediv != 0)
 || (reserved != 0)) {
 /* only set vill bit. */
-env->vtype = FIELD_DP64(0, VTYPE, VILL, 1);
+env->vill = 1;
+env->vtype = 0;
 env->vl = 0;
 env->vstart = 0;
 return 0;
-- 
2.25.1

[PATCH v6 14/22] target/riscv: Split pm_enabled into mask and base

[LIU Zhiwei]

Use cached cur_pmmask and cur_pmbase to infer the
current PM mode.

This may decrease the TCG IR by one when pm_enabled
is true and pm_base_enabled is false.

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
---
 target/riscv/cpu.h|  3 ++-
 target/riscv/cpu_helper.c | 24 ++--
 target/riscv/translate.c  | 12 
 3 files changed, 16 insertions(+), 23 deletions(-)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index adb455cf09..41dcf9775a 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -435,7 +435,8 @@ FIELD(TB_FLAGS, MSTATUS_HS_VS, 18, 2)
 /* The combination of MXL/SXL/UXL that applies to the current cpu mode. */
 FIELD(TB_FLAGS, XL, 20, 2)
 /* If PointerMasking should be applied */
-FIELD(TB_FLAGS, PM_ENABLED, 22, 1)
+FIELD(TB_FLAGS, PM_MASK_ENABLED, 22, 1)
+FIELD(TB_FLAGS, PM_BASE_ENABLED, 23, 1)
 
 #ifdef TARGET_RISCV32
 #define riscv_cpu_mxl(env)  ((void)(env), MXL_RV32)
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index e6c95edb18..b781e96657 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -94,27 +94,15 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong 
*pc,
 flags = FIELD_DP32(flags, TB_FLAGS, MSTATUS_HS_VS,
get_field(env->mstatus_hs, MSTATUS_VS));
 }
-if (riscv_has_ext(env, RVJ)) {
-int priv = flags & TB_FLAGS_PRIV_MMU_MASK;
-bool pm_enabled = false;
-switch (priv) {
-case PRV_U:
-pm_enabled = env->mmte & U_PM_ENABLE;
-break;
-case PRV_S:
-pm_enabled = env->mmte & S_PM_ENABLE;
-break;
-case PRV_M:
-pm_enabled = env->mmte & M_PM_ENABLE;
-break;
-default:
-g_assert_not_reached();
-}
-flags = FIELD_DP32(flags, TB_FLAGS, PM_ENABLED, pm_enabled);
-}
 #endif
 
 flags = FIELD_DP32(flags, TB_FLAGS, XL, env->xl);
+if (env->cur_pmmask < (env->xl == MXL_RV32 ? UINT32_MAX : UINT64_MAX)) {
+flags = FIELD_DP32(flags, TB_FLAGS, PM_MASK_ENABLED, 1);
+}
+if (env->cur_pmbase != 0) {
+flags = FIELD_DP32(flags, TB_FLAGS, PM_BASE_ENABLED, 1);
+}
 
 *pflags = flags;
 }
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index a1d1018b1b..a0caf306c9 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -106,7 +106,8 @@ typedef struct DisasContext {
 /* Space for 3 operands plus 1 extra for address computation. */
 TCGv temp[4];
 /* PointerMasking extension */
-bool pm_enabled;
+bool pm_mask_enabled;
+bool pm_base_enabled;
 } DisasContext;
 
 static inline bool has_ext(DisasContext *ctx, uint32_t ext)
@@ -395,12 +396,14 @@ static TCGv get_address(DisasContext *ctx, int rs1, int 
imm)
 TCGv src1 = get_gpr(ctx, rs1, EXT_NONE);
 
 tcg_gen_addi_tl(addr, src1, imm);
-if (ctx->pm_enabled) {
+if (ctx->pm_mask_enabled) {
 tcg_gen_and_tl(addr, addr, pm_mask);
-tcg_gen_or_tl(addr, addr, pm_base);
 } else if (get_xl(ctx) == MXL_RV32) {
 tcg_gen_ext32u_tl(addr, addr);
 }
+if (ctx->pm_base_enabled) {
+tcg_gen_or_tl(addr, addr, pm_base);
+}
 return addr;
 }
 
@@ -921,7 +924,8 @@ static void riscv_tr_init_disas_context(DisasContextBase 
*dcbase, CPUState *cs)
 ctx->cs = cs;
 ctx->ntemp = 0;
 memset(ctx->temp, 0, sizeof(ctx->temp));
-ctx->pm_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_ENABLED);
+ctx->pm_mask_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_MASK_ENABLED);
+ctx->pm_base_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_BASE_ENABLED);
 ctx->zero = tcg_constant_tl(0);
 }
 
-- 
2.25.1

[PATCH v6 21/22] target/riscv: Enable uxl field write

[LIU Zhiwei]

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
---
 target/riscv/csr.c | 17 -
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 8e67ff7c54..d944ee9caf 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -568,6 +568,7 @@ static RISCVException write_mstatus(CPURISCVState *env, int 
csrno,
 {
 uint64_t mstatus = env->mstatus;
 uint64_t mask = 0;
+RISCVMXL xl = riscv_cpu_mxl(env);
 
 /* flush tlb on mstatus fields that affect VM */
 if ((val ^ mstatus) & (MSTATUS_MXR | MSTATUS_MPP | MSTATUS_MPV |
@@ -579,21 +580,22 @@ static RISCVException write_mstatus(CPURISCVState *env, 
int csrno,
 MSTATUS_MPP | MSTATUS_MXR | MSTATUS_TVM | MSTATUS_TSR |
 MSTATUS_TW | MSTATUS_VS;
 
-if (riscv_cpu_mxl(env) != MXL_RV32) {
+if (xl != MXL_RV32) {
 /*
  * RV32: MPV and GVA are not in mstatus. The current plan is to
  * add them to mstatush. For now, we just don't support it.
  */
 mask |= MSTATUS_MPV | MSTATUS_GVA;
+if ((val & MSTATUS64_UXL) != 0) {
+mask |= MSTATUS64_UXL;
+}
 }
 
 mstatus = (mstatus & ~mask) | (val & mask);
 
-RISCVMXL xl = riscv_cpu_mxl(env);
 if (xl > MXL_RV32) {
-/* SXL and UXL fields are for now read only */
+/* SXL field is for now read only */
 mstatus = set_field(mstatus, MSTATUS64_SXL, xl);
-mstatus = set_field(mstatus, MSTATUS64_UXL, xl);
 }
 env->mstatus = mstatus;
 env->xl = cpu_recompute_xl(env);
@@ -903,7 +905,9 @@ static RISCVException read_sstatus(CPURISCVState *env, int 
csrno,
target_ulong *val)
 {
 target_ulong mask = (sstatus_v1_10_mask);
-
+if (env->xl != MXL_RV32) {
+mask |= SSTATUS64_UXL;
+}
 /* TODO: Use SXL not MXL. */
 *val = add_status_sd(riscv_cpu_mxl(env), env->mstatus & mask);
 return RISCV_EXCP_NONE;
@@ -913,6 +917,9 @@ static RISCVException write_sstatus(CPURISCVState *env, int 
csrno,
 target_ulong val)
 {
 target_ulong mask = (sstatus_v1_10_mask);
+if (env->xl != MXL_RV32) {
+mask |= SSTATUS64_UXL;
+}
 target_ulong newval = (env->mstatus & ~mask) | (val & mask);
 return write_mstatus(env, CSR_MSTATUS, newval);
 }
-- 
2.25.1

Re: [PATCH] migration: Add canary to VMSTATE_END_OF_LIST

[Peter Xu]

On Thu, Jan 13, 2022 at 11:00:20AM +, Peter Maydell wrote:
> On Thu, 13 Jan 2022 at 01:21, Peter Xu  wrote:
> >
> > On Wed, Jan 12, 2022 at 10:56:07AM +, Peter Maydell wrote:
> > > We could have vmstate_register_with_alias_id() iterate through
> > > and assert presence of the right terminator (probably only if
> > > qtest enabled, or some other suitable condition). Then the
> > > existing tests that do the basic "check we can instantiate every
> > > device and initialize every board model" would run that code
> > > and catch most missing terminator cases, I think.
> >
> > Agreed.  How about assert it even without qtest?  We do tons of assertion 
> > for
> > programming errors anyway in QEMU.
> 
> I don't inherently object, but in this case to do the assertion
> we'd need to do a scan over the fields arrays which we wouldn't
> otherwise need to, so the cost of the assert is not simply
> the compare-and-branch but also the loop over the array. If
> that's not significant in terms of start-up time costs we can
> just go ahead and do it (which would be nicer for debugging
> and making it really obvious to people writing new devices)
> but my remark above was a gesture towards "maybe we need to
> not do it for normal startup"..

Hmm.. Then how about put it into a "#ifdef CONFIG_DEBUG"?

We may need some extra lines in configure, though:

if test "$debug" = "yes"; then
  echo "CONFIG_DEBUG=y" >> $config_host_mak
fi

PS: I'm a bit surprised we don't have CONFIG_DEBUG already..

Thanks,

-- 
Peter Xu

[PATCH v6 16/22] target/riscv: Adjust vsetvl according to XLEN

[LIU Zhiwei]

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
---
 target/riscv/cpu.h   | 5 +
 target/riscv/vector_helper.c | 7 +--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index abf217e34f..645a1b3f6c 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -478,6 +478,11 @@ static inline RISCVMXL cpu_recompute_xl(CPURISCVState *env)
 }
 #endif
 
+static inline int riscv_cpu_xlen(CPURISCVState *env)
+{
+return 16 << env->xl;
+}
+
 /*
  * Encode LMUL to lmul as follows:
  * LMULvlmullmul
diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c
index a9484c22ea..8b7c9ec890 100644
--- a/target/riscv/vector_helper.c
+++ b/target/riscv/vector_helper.c
@@ -36,8 +36,11 @@ target_ulong HELPER(vsetvl)(CPURISCVState *env, target_ulong 
s1,
 uint64_t lmul = FIELD_EX64(s2, VTYPE, VLMUL);
 uint16_t sew = 8 << FIELD_EX64(s2, VTYPE, VSEW);
 uint8_t ediv = FIELD_EX64(s2, VTYPE, VEDIV);
-bool vill = FIELD_EX64(s2, VTYPE, VILL);
-target_ulong reserved = FIELD_EX64(s2, VTYPE, RESERVED);
+int xlen = riscv_cpu_xlen(env);
+bool vill = (s2 >> (xlen - 1)) & 0x1;
+target_ulong reserved = s2 &
+MAKE_64BIT_MASK(R_VTYPE_RESERVED_SHIFT,
+xlen - 1 - R_VTYPE_RESERVED_SHIFT);
 
 if (lmul & 4) {
 /* Fractional LMUL. */
-- 
2.25.1

Re: [PATCH v4 0/2] hw/arm/virt: Support for virtio-mem-pci

[Peter Maydell]

On Tue, 11 Jan 2022 at 06:34, Gavin Shan  wrote:
>
> This series supports virtio-mem-pci device, by simply following the
> implementation on x86. The exception is the block size is 512MB on
> ARM64 instead of 128MB on x86, compatible with the memory section
> size in linux guest.
>
> The work was done by David Hildenbrand and then Jonathan Cameron. I'm
> taking the patch and putting more efforts, which is all about testing
> to me at current stage.



Applied to target-arm.next, thanks.

-- PMM

[PATCH v6 18/22] target/riscv: Fix check range for first fault only

[LIU Zhiwei]

Only check the range that has passed the address translation.

Signed-off-by: LIU Zhiwei 
Reviewed-by: Richard Henderson 
Reviewed-by: Alistair Francis 
---
 target/riscv/vector_helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c
index 8b7c9ec890..efb3129532 100644
--- a/target/riscv/vector_helper.c
+++ b/target/riscv/vector_helper.c
@@ -500,12 +500,12 @@ vext_ldff(void *vd, void *v0, target_ulong base,
  cpu_mmu_index(env, false));
 if (host) {
 #ifdef CONFIG_USER_ONLY
-if (page_check_range(addr, nf << esz, PAGE_READ) < 0) {
+if (page_check_range(addr, offset, PAGE_READ) < 0) {
 vl = i;
 goto ProbeSuccess;
 }
 #else
-probe_pages(env, addr, nf << esz, ra, MMU_DATA_LOAD);
+probe_pages(env, addr, offset, ra, MMU_DATA_LOAD);
 #endif
 } else {
 vl = i;
-- 
2.25.1

Re: [PATCH 0/2] Adds designware i2c module and adds it to virt arm

[Peter Maydell]

On Mon, 10 Jan 2022 at 21:47, Patrick Venture  wrote:
>
> This patch series introduces a new i2c module, namely the designware one and 
> further enables this (optionally) for the virt-arm machine.
>
> Chris Rauer (2):
>   hw/i2c: Add designware i2c controller.
>   hw/arm: Enable smbus on arm virt machine.

I need to see a pretty strong justification for why we
should be adding new kinds of devices to the virt machine,
given that it increases complexity and potential attack
surface for using it with KVM; this cover letter doesn't
seem to provide any...

thanks
-- PMM

[PATCH v6 20/22] target/riscv: Adjust scalar reg in vector with XLEN

[LIU Zhiwei]

When sew <= 32bits, not need to extend scalar reg.
When sew > 32bits, if xlen is less that sew, we should sign extend
the scalar register, except explicitly specified by the spec.

Signed-off-by: LIU Zhiwei 
---
 target/riscv/insn_trans/trans_rvv.c.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/riscv/insn_trans/trans_rvv.c.inc 
b/target/riscv/insn_trans/trans_rvv.c.inc
index 1c8086d3a6..b6502cdc7c 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -1201,7 +1201,7 @@ static bool opivx_trans(uint32_t vd, uint32_t rs1, 
uint32_t vs2, uint32_t vm,
 dest = tcg_temp_new_ptr();
 mask = tcg_temp_new_ptr();
 src2 = tcg_temp_new_ptr();
-src1 = get_gpr(s, rs1, EXT_NONE);
+src1 = get_gpr(s, rs1, EXT_SIGN);
 
 data = FIELD_DP32(data, VDATA, VM, vm);
 data = FIELD_DP32(data, VDATA, LMUL, s->lmul);
-- 
2.25.1

Re: [PATCH 0/3] malta: Move PCI interrupt handling from gt64xxx to piix4

[Philippe Mathieu-Daudé]

On 13/1/22 12:22, Bernhard Beschow wrote:

Hi Philippe,

On Thu, Jan 13, 2022 at 10:24 AM Philippe Mathieu-Daudé > wrote:


 > Bernhard Beschow (3):
 >    malta: Move PCI interrupt handling from gt64xxx to piix4
 >    pci: Always pass own DeviceState to pci_map_irq_fn's
 >    isa/piix4: Resolve global variables

Did you forget to sent the patches?


I can see my patches in-reply-to my cover letter here [1]. Do I miss 
something?


[1] 
https://lists.nongnu.org/archive/html/qemu-devel/2022-01/msg02786.html 



I should have checked there first. I found the patches in my SPAM box,
apparently due to "SPF=SOFTFAIL" (no clue...):

Authentication-Results: mx.google.com;
   dkim=pass header.i=@gmail.com header.s=20210112 header.b="Sf/DBOt0";
   spf=softfail (google.com: domain of transitioning 
shen...@gmail.com does not designate 172.105.152.211 as permitted 
sender) smtp.mailfrom=shen...@gmail.com;

   dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com

[PATCH v6 22/22] target/riscv: Relax UXL field for debugging

[LIU Zhiwei]

Signed-off-by: LIU Zhiwei 
---
 target/riscv/csr.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index d944ee9caf..1037c6b15d 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -580,7 +580,7 @@ static RISCVException write_mstatus(CPURISCVState *env, int 
csrno,
 MSTATUS_MPP | MSTATUS_MXR | MSTATUS_TVM | MSTATUS_TSR |
 MSTATUS_TW | MSTATUS_VS;
 
-if (xl != MXL_RV32) {
+if (xl != MXL_RV32 || env->debugger) {
 /*
  * RV32: MPV and GVA are not in mstatus. The current plan is to
  * add them to mstatush. For now, we just don't support it.
@@ -905,7 +905,7 @@ static RISCVException read_sstatus(CPURISCVState *env, int 
csrno,
target_ulong *val)
 {
 target_ulong mask = (sstatus_v1_10_mask);
-if (env->xl != MXL_RV32) {
+if (env->xl != MXL_RV32 || env->debugger) {
 mask |= SSTATUS64_UXL;
 }
 /* TODO: Use SXL not MXL. */
@@ -917,7 +917,8 @@ static RISCVException write_sstatus(CPURISCVState *env, int 
csrno,
 target_ulong val)
 {
 target_ulong mask = (sstatus_v1_10_mask);
-if (env->xl != MXL_RV32) {
+
+if (env->xl != MXL_RV32 || env->debugger) {
 mask |= SSTATUS64_UXL;
 }
 target_ulong newval = (env->mstatus & ~mask) | (val & mask);
-- 
2.25.1

Re: [PATCH v7 2/5] QIOChannelSocket: Implement io_writev zero copy flag & io_flush for CONFIG_LINUX

[Peter Xu]

On Thu, Jan 13, 2022 at 10:42:39AM +, Daniel P. Berrangé wrote:
> On Thu, Jan 13, 2022 at 06:34:12PM +0800, Peter Xu wrote:
> > On Thu, Jan 13, 2022 at 10:06:14AM +, Daniel P. Berrangé wrote:
> > > On Thu, Jan 13, 2022 at 02:48:15PM +0800, Peter Xu wrote:
> > > > On Thu, Jan 06, 2022 at 07:13:39PM -0300, Leonardo Bras wrote:
> > > > > @@ -558,15 +575,26 @@ static ssize_t 
> > > > > qio_channel_socket_writev(QIOChannel *ioc,
> > > > >  memcpy(CMSG_DATA(cmsg), fds, fdsize);
> > > > >  }
> > > > >  
> > > > > +if (flags & QIO_CHANNEL_WRITE_FLAG_ZERO_COPY) {
> > > > > +sflags = MSG_ZEROCOPY;
> > > > > +}
> > > > > +
> > > > >   retry:
> > > > > -ret = sendmsg(sioc->fd, &msg, 0);
> > > > > +ret = sendmsg(sioc->fd, &msg, sflags);
> > > > >  if (ret <= 0) {
> > > > > -if (errno == EAGAIN) {
> > > > > +switch (errno) {
> > > > > +case EAGAIN:
> > > > >  return QIO_CHANNEL_ERR_BLOCK;
> > > > > -}
> > > > > -if (errno == EINTR) {
> > > > > +case EINTR:
> > > > >  goto retry;
> > > > > +case ENOBUFS:
> > > > > +if (sflags & MSG_ZEROCOPY) {
> > > > > +error_setg_errno(errp, errno,
> > > > > + "Process can't lock enough memory 
> > > > > for using MSG_ZEROCOPY");
> > > > > +return -1;
> > > > > +}
> > > > 
> > > > I have no idea whether it'll make a real differnece, but - should we 
> > > > better add
> > > > a "break" here?  If you agree and with that fixed, feel free to add:
> > > > 
> > > > Reviewed-by: Peter Xu 
> > > > 
> > > > I also wonder whether you hit ENOBUFS in any of the environments.  On 
> > > > Fedora
> > > > here it's by default unlimited, but just curious when we should keep an 
> > > > eye.
> > > 
> > > Fedora doesn't allow unlimited locked memory by default
> > > 
> > > $ grep "locked memory" /proc/self/limits 
> > > Max locked memory 6553665536bytes 
> > > 
> > > 
> > > And  regardless of Fedora defaults, libvirt will set a limit
> > > for the guest. It will only be unlimited if requiring certain
> > > things like VFIO.
> > 
> > Thanks, I obviously checked up the wrong host..
> > 
> > Leo, do you know how much locked memory will be needed by zero copy?  Will
> > there be a limit?  Is it linear to the number of sockets/channels?
> 
> IIRC we decided it would be limited by the socket send buffer size, rather
> than guest RAM, because writes will block once the send buffer is full.
> 
> This has a default global setting, with per-socket override. On one box I
> have it is 200 Kb. With multifd you'll need  "num-sockets * send buffer".
> 
> > It'll be better if we can fail at enabling the feature when we detected that
> > the specified locked memory limit may not be suffice.
> 
> Checking this value against available locked memory though will always
> have an error margin because other things in QEMU can use locked memory
> too

We could always still allow false positive in this check, so we can fail if we
have a solid clue to know we'll fail later (e.g. minimum locked_vm needed is
already less than total).  But no strong opinion; we could have this merged and
see whether that's needed in real life.  Thanks,

-- 
Peter Xu

Re: [PATCH v6 20/23] hw/intc: Add RISC-V AIA IMSIC device emulation

[Anup Patel]

On Thu, Jan 13, 2022 at 12:56 PM Frank Chang  wrote:
>
> Anup Patel  於 2021年12月30日 週四 下午9:00寫道：
>>
>> From: Anup Patel 
>>
>> The RISC-V AIA (Advanced Interrupt Architecture) defines a new
>> interrupt controller for MSIs (message signal interrupts) called
>> IMSIC (Incoming Message Signal Interrupt Controller). The IMSIC
>> is per-HART device and also suppport virtualizaiton of MSIs using
>> dedicated VS-level guest interrupt files.
>>
>> This patch adds device emulation for RISC-V AIA IMSIC which
>> supports M-level, S-level, and VS-level MSIs.
>>
>> Signed-off-by: Anup Patel 
>> Signed-off-by: Anup Patel 
>> ---
>>  hw/intc/Kconfig   |   3 +
>>  hw/intc/meson.build   |   1 +
>>  hw/intc/riscv_imsic.c | 447 ++
>>  include/hw/intc/riscv_imsic.h |  68 ++
>>  4 files changed, 519 insertions(+)
>>  create mode 100644 hw/intc/riscv_imsic.c
>>  create mode 100644 include/hw/intc/riscv_imsic.h
>>
>> diff --git a/hw/intc/Kconfig b/hw/intc/Kconfig
>> index 528e77b4a6..ec8d4cec29 100644
>> --- a/hw/intc/Kconfig
>> +++ b/hw/intc/Kconfig
>> @@ -73,6 +73,9 @@ config RISCV_ACLINT
>>  config RISCV_APLIC
>>  bool
>>
>> +config RISCV_IMSIC
>> +bool
>> +
>>  config SIFIVE_PLIC
>>  bool
>>
>> diff --git a/hw/intc/meson.build b/hw/intc/meson.build
>> index 7466024402..5caa337654 100644
>> --- a/hw/intc/meson.build
>> +++ b/hw/intc/meson.build
>> @@ -51,6 +51,7 @@ specific_ss.add(when: 'CONFIG_S390_FLIC_KVM', if_true: 
>> files('s390_flic_kvm.c'))
>>  specific_ss.add(when: 'CONFIG_SH_INTC', if_true: files('sh_intc.c'))
>>  specific_ss.add(when: 'CONFIG_RISCV_ACLINT', if_true: 
>> files('riscv_aclint.c'))
>>  specific_ss.add(when: 'CONFIG_RISCV_APLIC', if_true: files('riscv_aplic.c'))
>> +specific_ss.add(when: 'CONFIG_RISCV_IMSIC', if_true: files('riscv_imsic.c'))
>>  specific_ss.add(when: 'CONFIG_SIFIVE_PLIC', if_true: files('sifive_plic.c'))
>>  specific_ss.add(when: 'CONFIG_XICS', if_true: files('xics.c'))
>>  specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_XICS'],
>> diff --git a/hw/intc/riscv_imsic.c b/hw/intc/riscv_imsic.c
>> new file mode 100644
>> index 00..753fa11a9c
>> --- /dev/null
>> +++ b/hw/intc/riscv_imsic.c
>> @@ -0,0 +1,447 @@
>> +/*
>> + * RISC-V IMSIC (Incoming Message Signaled Interrupt Controller)
>> + *
>> + * Copyright (c) 2021 Western Digital Corporation or its affiliates.
>> + *
>> + * This program is free software; you can redistribute it and/or modify it
>> + * under the terms and conditions of the GNU General Public License,
>> + * version 2 or later, as published by the Free Software Foundation.
>> + *
>> + * This program is distributed in the hope it will be useful, but WITHOUT
>> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
>> + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
>> + * more details.
>> + *
>> + * You should have received a copy of the GNU General Public License along 
>> with
>> + * this program.  If not, see .
>> + */
>> +
>> +#include "qemu/osdep.h"
>> +#include "qapi/error.h"
>> +#include "qemu/log.h"
>> +#include "qemu/module.h"
>> +#include "qemu/error-report.h"
>> +#include "qemu/bswap.h"
>> +#include "exec/address-spaces.h"
>> +#include "hw/sysbus.h"
>> +#include "hw/pci/msi.h"
>> +#include "hw/boards.h"
>> +#include "hw/qdev-properties.h"
>> +#include "hw/intc/riscv_imsic.h"
>> +#include "hw/irq.h"
>> +#include "target/riscv/cpu.h"
>> +#include "target/riscv/cpu_bits.h"
>> +#include "sysemu/sysemu.h"
>> +#include "migration/vmstate.h"
>> +
>> +#define IMSIC_MMIO_PAGE_LE 0x00
>> +#define IMSIC_MMIO_PAGE_BE 0x04
>> +
>> +#define IMSIC_MIN_ID   ((IMSIC_EIPx_BITS * 2) - 1)
>> +#define IMSIC_MAX_ID   (IMSIC_TOPEI_IID_MASK)
>> +
>> +#define IMSIC_EISTATE_PENDING  (1U << 0)
>> +#define IMSIC_EISTATE_ENABLED  (1U << 1)
>> +#define IMSIC_EISTATE_ENPEND   (IMSIC_EISTATE_ENABLED | \
>> +IMSIC_EISTATE_PENDING)
>> +
>> +static uint32_t riscv_imsic_topei(RISCVIMSICState *imsic, uint32_t page)
>> +{
>> +uint32_t i, max_irq, base;
>> +
>> +base = page * imsic->num_irqs;
>> +max_irq = (imsic->num_irqs < imsic->eithreshold[page]) ?
>> +  imsic->num_irqs : imsic->eithreshold[page];
>
>
> Do we need to exclude the case which imsic->eithreshold[page] == 0?
>   The value of a *topei CSR (mtopei, stopei, or vstopei) indicates the 
> interrupt file’s current
>   highest-priority pending-and-enabled interrupt that also exceeds the 
> priority threshold specified by
>   its eithreshold register if eithreshold is not zero.

This is similar to the mistake I did with APLIC IDC. Thanks for catching.

I will fix this in next revision.

Regards,
Anup

>
>>
>> +for (i = 1; i < max_irq; i++) {
>> +if ((imsic->eistate[base + i] & IMSIC_EISTATE_ENPEND) ==
>> +IMSIC_EISTATE_EN

Re: [PULL 00/31] testing/next and other misc fixes

[Alex Bennée]

Alex Bennée  writes:

> Peter Maydell  writes:
>
> (adding the s390x people to the CC if they have any clues)
>
>> On Wed, 12 Jan 2022 at 11:27, Alex Bennée  wrote:
>>>
>>> The following changes since commit bf99e0ec9a51976868d7a8334620716df15fe7fe:
>>>
>>>   Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging 
>>> (2022-01-11 10:12:29 +)
>>>
>>> are available in the Git repository at:
>>>
>>>   https://github.com/stsquad/qemu.git tags/pull-for-7.0-110122-1
>>>
>>> for you to fetch changes up to dbd30b7abee963f4fb08892a7d7f920bb76ece58:
>>>
>>>   linux-user: Remove the deprecated ppc64abi32 target (2022-01-11 13:00:53 
>>> +)
>>>
> 
>> This seems to fail the ubuntu-18.04-s390x-all-linux-static job
>> with segfaults running linux-user binaries (not always the same
>> binary), eg:
>> https://gitlab.com/qemu-project/qemu/-/jobs/1968789446
>> https://gitlab.com/qemu-project/qemu/-/jobs/1968080419
>
> *sigh*
>
> So the regression is caused by:
>
>   linux-user: don't adjust base of found hole
>
> However it only occurs when pgb_static starts base at a low address. For
> example:
>
>   pgb_find_hole: base @ 13dd000 for 17432080 bytes
>   pgb_static: base @ 13dd000 for 17432080 bytes
>   Locating guest address space @ 0x13dd000
>
> fails whereas:
>
>   pgb_find_hole: base @ 41f97000 for 17432080 bytes  
>   pgb_static: base @ 41f97000 for 17432080 bytes
>   Locating guest address space @ 0x41f97000  
>
> works.
>
> What I find confusing is why we end up with different addresses when
> both QEMU and the test binary are static allocations. However the
> varying allocation occurs before the change but without triggering the
> crash:

Continuing with debug dumps:

  read_self_maps: heap at 2445000->24ab000
  pgb_find_hole: brk @ 24ab000
  pgb_find_hole: start:24ab000 align_start:24ab000 end:3ffa000
  pgb_find_hole: after brk tweak align_start:424ab000
  Created 10 threads
  Done
  3, 0, PASS, 0.251649, 2, 3, -
  read_self_maps: heap at 2d14000->2d7a000
  pgb_find_hole: brk @ 2d7a000
  pgb_find_hole: start:13dd000 align_start:13dd000 end:2d14000
  4, -11, FALSE, 0.251602, 2, 4, -
  read_self_maps: heap at 1e6c000->1ed2000
  pgb_find_hole: brk @ 1ed2000
  pgb_find_hole: start:1ed2000 align_start:1ed2000 end:3ff9000
  pgb_find_hole: after brk tweak align_start:41ed2000
  Created 10 threads
  Done
  5, 0, PASS, 0.253451, 3, 5, -
  read_self_maps: heap at 2c32000->2c98000
  pgb_find_hole: brk @ 2c98000
  pgb_find_hole: start:13dd000 align_start:13dd000 end:2c32000
  6, -11, FALSE, 0.251998, 3, 6, -
  read_self_maps: heap at 29f2000->2a58000
  pgb_find_hole: brk @ 2a58000
  pgb_find_hole: start:13dd000 align_start:13dd000 end:29f2000
  7, -11, FALSE, 0.251922, 3, 7, -
  read_self_maps: heap at 1b1f000->1b85000
  pgb_find_hole: brk @ 1b85000
  pgb_find_hole: start:1b85000 align_start:1b85000 end:3ff7800
  pgb_find_hole: after brk tweak align_start:41b85000
  Created 10 threads
  Done
  8, 0, PASS, 0.251691, 4, 8, -

It looks like that we occasionally fit in bellow the heap and location
of brk but we aren't asking for enough space. I would like to get a core
dump of the failure because of course using gdb moves the maps around
enough that everything always works.

-- 
Alex Bennée

Re: [PATCH v7 2/5] QIOChannelSocket: Implement io_writev zero copy flag & io_flush for CONFIG_LINUX

[Daniel P . Berrangé]

On Thu, Jan 06, 2022 at 07:13:39PM -0300, Leonardo Bras wrote:
> For CONFIG_LINUX, implement the new zero copy flag and the optional callback
> io_flush on QIOChannelSocket, but enables it only when MSG_ZEROCOPY
> feature is available in the host kernel, which is checked on
> qio_channel_socket_connect_sync()
> 
> qio_channel_socket_flush() was implemented by counting how many times
> sendmsg(...,MSG_ZEROCOPY) was successfully called, and then reading the
> socket's error queue, in order to find how many of them finished sending.
> Flush will loop until those counters are the same, or until some error occurs.
> 
> Notes on using writev() with QIO_CHANNEL_WRITE_FLAG_ZERO_COPY:
> 1: Buffer
> - As MSG_ZEROCOPY tells the kernel to use the same user buffer to avoid 
> copying,
> some caution is necessary to avoid overwriting any buffer before it's sent.
> If something like this happen, a newer version of the buffer may be sent 
> instead.
> - If this is a problem, it's recommended to call qio_channel_flush() before 
> freeing
> or re-using the buffer.
> 
> 2: Locked memory
> - When using MSG_ZERCOCOPY, the buffer memory will be locked after queued, and
> unlocked after it's sent.
> - Depending on the size of each buffer, and how often it's sent, it may 
> require
> a larger amount of locked memory than usually available to non-root user.
> - If the required amount of locked memory is not available, writev_zero_copy
> will return an error, which can abort an operation like migration,
> - Because of this, when an user code wants to add zero copy as a feature, it
> requires a mechanism to disable it, so it can still be accessible to less
> privileged users.
> 
> Signed-off-by: Leonardo Bras 
> ---
>  include/io/channel-socket.h |   2 +
>  io/channel-socket.c | 107 ++--
>  2 files changed, 105 insertions(+), 4 deletions(-)

Reviewed-by: Daniel P. Berrangé 


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH v7 3/5] migration: Add zero-copy parameter for QMP/HMP for Linux

[Daniel P . Berrangé]

On Thu, Jan 06, 2022 at 07:13:40PM -0300, Leonardo Bras wrote:
> Add property that allows zero-copy migration of memory pages,
> and also includes a helper function migrate_use_zero_copy() to check
> if it's enabled.
> 
> No code is introduced to actually do the migration, but it allow
> future implementations to enable/disable this feature.
> 
> On non-Linux builds this parameter is compiled-out.
> 
> Signed-off-by: Leonardo Bras 
> ---
>  qapi/migration.json   | 24 
>  migration/migration.h |  5 +
>  migration/migration.c | 32 
>  migration/socket.c|  5 +
>  monitor/hmp-cmds.c|  6 ++
>  5 files changed, 72 insertions(+)

Reviewed-by: Daniel P. Berrangé 

> 
> diff --git a/qapi/migration.json b/qapi/migration.json
> index bbfd48cf0b..2e62ea6ebd 100644
> --- a/qapi/migration.json
> +++ b/qapi/migration.json
> @@ -730,6 +730,13 @@
>  #  will consume more CPU.
>  #  Defaults to 1. (Since 5.0)
>  #
> +# @zero-copy: Controls behavior on sending memory pages on migration.
> +# When true, enables a zero-copy mechanism for sending memory
> +# pages, if host supports it.
> +# Requires that QEMU be permitted to use locked memory for guest
> +# RAM pages.
> +# Defaults to false. (Since 7.0)
> +#
>  # @block-bitmap-mapping: Maps block nodes and bitmaps on them to
>  #aliases for the purpose of dirty bitmap migration.  
> Such
>  #aliases may for example be the corresponding names 
> on the
> @@ -769,6 +776,7 @@
> 'xbzrle-cache-size', 'max-postcopy-bandwidth',
> 'max-cpu-throttle', 'multifd-compression',
> 'multifd-zlib-level' ,'multifd-zstd-level',
> +   { 'name': 'zero-copy', 'if' : 'CONFIG_LINUX'},
> 'block-bitmap-mapping' ] }
>  
>  ##
> @@ -895,6 +903,13 @@
>  #  will consume more CPU.
>  #  Defaults to 1. (Since 5.0)
>  #
> +# @zero-copy: Controls behavior on sending memory pages on migration.
> +# When true, enables a zero-copy mechanism for sending memory
> +# pages, if host supports it.
> +# Requires that QEMU be permitted to use locked memory for guest
> +# RAM pages.
> +# Defaults to false. (Since 7.0)
> +#
>  # @block-bitmap-mapping: Maps block nodes and bitmaps on them to
>  #aliases for the purpose of dirty bitmap migration.  
> Such
>  #aliases may for example be the corresponding names 
> on the
> @@ -949,6 +964,7 @@
>  '*multifd-compression': 'MultiFDCompression',
>  '*multifd-zlib-level': 'uint8',
>  '*multifd-zstd-level': 'uint8',
> +'*zero-copy': { 'type': 'bool', 'if': 'CONFIG_LINUX' },
>  '*block-bitmap-mapping': [ 'BitmapMigrationNodeAlias' ] } }

The current zerocopy impl is for the send path.

Do you expect we might get zerocopy in the receive path
later ?

If so then either call this 'send-zero-copy', or change it
from a bool to an enum taking '["send", "recv", "both"]'.

I'd probably take the former and just rename it.


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH v7 4/5] migration: Add migrate_use_tls() helper

[Daniel P . Berrangé]

On Thu, Jan 06, 2022 at 07:13:41PM -0300, Leonardo Bras wrote:
> A lot of places check parameters.tls_creds in order to evaluate if TLS is
> in use, and sometimes call migrate_get_current() just for that test.
> 
> Add new helper function migrate_use_tls() in order to simplify testing
> for TLS usage.
> 
> Signed-off-by: Leonardo Bras 
> Reviewed-by: Juan Quintela 
> ---
>  migration/migration.h | 1 +
>  migration/channel.c   | 6 +++---
>  migration/migration.c | 9 +
>  migration/multifd.c   | 5 +
>  4 files changed, 14 insertions(+), 7 deletions(-)

Reviewed-by: Daniel P. Berrangé 

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH v4 07/23] multifd: Use proper maximum compression values

[Dr. David Alan Gilbert]

* Juan Quintela (quint...@redhat.com) wrote:
> It happens that there are functions to calculate the worst possible
> compression size for a packet.  Use them.
> 
> Suggested-by: Dr. David Alan Gilbert 
> Signed-off-by: Juan Quintela 

Reviewed-by: Dr. David Alan Gilbert 

> ---
>  migration/multifd-zlib.c | 4 ++--
>  migration/multifd-zstd.c | 4 ++--
>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/migration/multifd-zlib.c b/migration/multifd-zlib.c
> index 9f6ebf1076..a2fec4d01d 100644
> --- a/migration/multifd-zlib.c
> +++ b/migration/multifd-zlib.c
> @@ -54,8 +54,8 @@ static int zlib_send_setup(MultiFDSendParams *p, Error 
> **errp)
>  error_setg(errp, "multifd %u: deflate init failed", p->id);
>  return -1;
>  }
> -/* To be safe, we reserve twice the size of the packet */
> -z->zbuff_len = MULTIFD_PACKET_SIZE * 2;
> +/* This is the maxium size of the compressed buffer */
> +z->zbuff_len = compressBound(MULTIFD_PACKET_SIZE);
>  z->zbuff = g_try_malloc(z->zbuff_len);
>  if (!z->zbuff) {
>  deflateEnd(&z->zs);
> diff --git a/migration/multifd-zstd.c b/migration/multifd-zstd.c
> index cc4e991724..97c08367d0 100644
> --- a/migration/multifd-zstd.c
> +++ b/migration/multifd-zstd.c
> @@ -67,8 +67,8 @@ static int zstd_send_setup(MultiFDSendParams *p, Error 
> **errp)
> p->id, ZSTD_getErrorName(res));
>  return -1;
>  }
> -/* To be safe, we reserve twice the size of the packet */
> -z->zbuff_len = MULTIFD_PACKET_SIZE * 2;
> +/* This is the maxium size of the compressed buffer */
> +z->zbuff_len = ZSTD_compressBound(MULTIFD_PACKET_SIZE);
>  z->zbuff = g_try_malloc(z->zbuff_len);
>  if (!z->zbuff) {
>  ZSTD_freeCStream(z->zcs);
> -- 
> 2.34.1
> 
-- 
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [PULL 00/34] ppc queue

[Peter Maydell]

On Wed, 12 Jan 2022 at 11:56, Cédric Le Goater  wrote:
>
> The following changes since commit 7bb1272f40bdbdebcaec1737c412dcb52e414842:
>
>   Merge remote-tracking branch 
> 'remotes/jsnow-gitlab/tags/python-pull-request' into staging (2022-01-11 
> 14:20:42 +)
>
> are available in the Git repository at:
>
>   https://github.com/legoater/qemu/ tags/pull-ppc-20220112
>
> for you to fetch changes up to f83460bb203a49dd1693bf8b664d2a935a5be621:
>
>   ppc/pnv: use stack->pci_regs[] in pnv_pec_stk_pci_xscom_write() (2022-01-12 
> 11:28:27 +0100)
>
> 
> ppc 7.0 queue:
>
> * New SLOF for PPC970 and POWER5+ (Alexey)
> * Fixes for POWER5+ pseries (Cedric)
> * Updates of documentation (Leonardo and Thomas)
> * First step of exception model cleanup (Fabiano)
> * User created PHB3/PHB4 devices (Daniel and Cedric)
>
> 


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/7.0
for any user-visible changes.

-- PMM

Re: [PULL V2 00/13] Net patches

[Peter Maydell]

On Wed, 12 Jan 2022 at 08:32, Jason Wang  wrote:
>
> The following changes since commit 64c01c7da449bcafc614b27ecf1325bb08031c84:
>
>   Merge remote-tracking branch 'remotes/philmd/tags/sdmmc-20220108' into 
> staging (2022-01-11 11:39:31 +)
>
> are available in the git repository at:
>
>   https://github.com/jasowang/qemu.git tags/net-pull-request
>
> for you to fetch changes up to 99420f216cf5cd2e5c09e0d491b9e44d16030aba:
>
>   net/vmnet: update MAINTAINERS list (2022-01-12 16:27:19 +0800)
>
> 
>

Let me know if you want me to apply this or if you're going to update
it with Vladislav's v11 vmnet series.


thanks
-- PMM

Re: [PATCH 1/2] tpm: CRB: Use ram_device for "tpm-crb-cmd" region

[Stefan Berger]

On 1/13/22 05:37, Eric Auger wrote:

Representing the CRB cmd/response buffer as a standard
RAM region causes some trouble when the device is used
with VFIO. Indeed VFIO attempts to DMA_MAP this region
as usual RAM but this latter does not have a valid page
size alignment causing such an error report:
"vfio_listener_region_add received unaligned region".
To allow VFIO to detect that failing dma mapping
this region is not an issue, let's use a ram_device
memory region type instead.

The change in meson.build is required to include the
cpu.h header.

Signed-off-by: Eric Auger 
---
  hw/tpm/meson.build |  2 +-
  hw/tpm/tpm_crb.c   | 10 --
  2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/hw/tpm/meson.build b/hw/tpm/meson.build
index 1c68d81d6a..3e74df945b 100644
--- a/hw/tpm/meson.build
+++ b/hw/tpm/meson.build
@@ -1,8 +1,8 @@
  softmmu_ss.add(when: 'CONFIG_TPM_TIS', if_true: files('tpm_tis_common.c'))
  softmmu_ss.add(when: 'CONFIG_TPM_TIS_ISA', if_true: files('tpm_tis_isa.c'))
  softmmu_ss.add(when: 'CONFIG_TPM_TIS_SYSBUS', if_true: 
files('tpm_tis_sysbus.c'))
-softmmu_ss.add(when: 'CONFIG_TPM_CRB', if_true: files('tpm_crb.c'))

+specific_ss.add(when: 'CONFIG_TPM_CRB', if_true: files('tpm_crb.c'))
  specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TPM_TIS'], if_true: 
files('tpm_ppi.c'))
  specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TPM_CRB'], if_true: 
files('tpm_ppi.c'))
  specific_ss.add(when: 'CONFIG_TPM_SPAPR', if_true: files('tpm_spapr.c'))
diff --git a/hw/tpm/tpm_crb.c b/hw/tpm/tpm_crb.c
index 58ebd1469c..25f8e685e4 100644
--- a/hw/tpm/tpm_crb.c
+++ b/hw/tpm/tpm_crb.c
@@ -25,6 +25,7 @@
  #include "sysemu/tpm_backend.h"
  #include "sysemu/tpm_util.h"
  #include "sysemu/reset.h"
+#include "cpu.h"
  #include "tpm_prop.h"
  #include "tpm_ppi.h"
  #include "trace.h"
@@ -43,6 +44,7 @@ struct CRBState {

  bool ppi_enabled;
  TPMPPI ppi;
+uint8_t *crb_cmd_buf;
  };
  typedef struct CRBState CRBState;

@@ -291,10 +293,14 @@ static void tpm_crb_realize(DeviceState *dev, Error 
**errp)
  return;
  }

+s->crb_cmd_buf = qemu_memalign(qemu_real_host_page_size,
+HOST_PAGE_ALIGN(CRB_CTRL_CMD_SIZE));
+


Do we need an unrealize function now to qemu_vfree() this memory?



  memory_region_init_io(&s->mmio, OBJECT(s), &tpm_crb_memory_ops, s,
  "tpm-crb-mmio", sizeof(s->regs));
-memory_region_init_ram(&s->cmdmem, OBJECT(s),
-"tpm-crb-cmd", CRB_CTRL_CMD_SIZE, errp);
+memory_region_init_ram_device_ptr(&s->cmdmem, OBJECT(s), "tpm-crb-cmd",
+  CRB_CTRL_CMD_SIZE, s->crb_cmd_buf);
+vmstate_register_ram(&s->cmdmem, DEVICE(s));
  memory_region_add_subregion(get_system_memory(),
  TPM_CRB_ADDR_BASE, &s->mmio);

Re: [PATCH] tests/qtest: add qtests for npcm7xx sdhci

[Thomas Huth]

 Hi!

On 07/01/2022 23.25, Patrick Venture wrote:
[...]

diff --git a/tests/qtest/npcm7xx_sdhci-test.c b/tests/qtest/npcm7xx_sdhci-test.c
new file mode 100644
index 00..feb09b921a
--- /dev/null
+++ b/tests/qtest/npcm7xx_sdhci-test.c
@@ -0,0 +1,201 @@
+/*
+ * QTests for NPCM7xx SD-3.0 / MMC-4.51 Host Controller
+ *
+ * Copyright (c) 2021 Google LLC


You might want to update to 2022 now.


+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sd/npcm7xx_sdhci.h"
+
+#include "libqos/libqtest.h"
+#include "libqtest-single.h"
+#include "libqos/sdhci-cmd.h"
+
+#define NPCM7XX_MMC_BA 0xF0842000
+#define NPCM7XX_BLK_SIZE 512
+#define NPCM7XX_TEST_IMAGE_SIZE (1 << 30)
+
+char *sd_path;
+
+static QTestState *setup_sd_card(void)
+{
+QTestState *qts = qtest_initf(
+"-machine kudo-bmc "
+"-device sd-card,drive=drive0 "
+"-drive id=drive0,if=none,file=%s,format=raw,auto-read-only=off",
+sd_path);
+
+qtest_writew(qts, NPCM7XX_MMC_BA + SDHC_SWRST, SDHC_RESET_ALL);
+qtest_writew(qts, NPCM7XX_MMC_BA + SDHC_CLKCON,
+ SDHC_CLOCK_SDCLK_EN | SDHC_CLOCK_INT_STABLE |
+ SDHC_CLOCK_INT_EN);
+sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0, 0, SDHC_APP_CMD);
+sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0x4120, 0, (41 << 8));
+sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0, 0, SDHC_ALL_SEND_CID);
+sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0, 0, SDHC_SEND_RELATIVE_ADDR);
+sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0x4567, 0,
+   SDHC_SELECT_DESELECT_CARD);
+
+return qts;
+}
+
+static void write_sdread(QTestState *qts, const char *msg)
+{
+size_t len = strlen(msg);
+char *rmsg = g_malloc(len);
+
+/* write message to sd */
+int fd = open(sd_path, O_WRONLY);
+int ret = write(fd, msg, len);
+close(fd);
+g_assert(ret == len);
+
+/* read message using sdhci */
+ret = sdhci_read_cmd(qts, NPCM7XX_MMC_BA, rmsg, len);
+g_assert(ret == len);
+g_assert(!strcmp(rmsg, msg));
+
+free(rmsg);


g_free(), please. Or you could use g_autofree instead.


+}
+
+/* Check MMC can read values from sd */
+static void test_read_sd(void)
+{
+QTestState *qts = setup_sd_card();
+
+write_sdread(qts, "hello world");
+write_sdread(qts, "goodbye");
+
+qtest_quit(qts);
+}
+
+static void sdwrite_read(QTestState *qts, const char *msg)
+{
+size_t len = strlen(msg);
+char *rmsg = g_malloc(len);
+
+/* write message using sdhci */
+sdhci_write_cmd(qts, NPCM7XX_MMC_BA, msg, len, NPCM7XX_BLK_SIZE);
+
+/* read message from sd */
+int fd = open(sd_path, O_RDONLY);
+int ret = read(fd, rmsg, len);


according to the QEMU coding style:

"declarations should be at the beginning
of blocks"

So please separate the declarations from the assignment here.


+close(fd);
+g_assert(ret == len);
+
+g_assert(!strcmp(rmsg, msg));
+
+free(rmsg);


g_free() or g_autofree please.


+}
+
+/* Check MMC can write values to sd */
+static void test_write_sd(void)
+{
+QTestState *qts = setup_sd_card();
+
+sdwrite_read(qts, "hello world");
+sdwrite_read(qts, "goodbye");
+
+qtest_quit(qts);
+}
+
+/* Check SDHCI has correct default values. */
+static void test_reset(void)
+{
+QTestState *qts = qtest_init("-machine kudo-bmc");
+
+uint64_t addr = NPCM7XX_MMC_BA;
+uint64_t end_addr = addr + NPCM7XX_REG_SIZE;
+uint16_t prstvals_resets[] = {NPCM7XX_PRSTVALS_0_RESET,
+  NPCM7XX_PRSTVALS_1_RESET,
+  0,
+  NPCM7XX_PRSTVALS_3_RESET,
+  0,
+  0};


I'd prefer a space after the "{" and before the "}" ... I wonder why 
checkpatch doesn't complain here... maybe it's just a matter of taste, indeed.



+int i;
+uint32_t mask;
+while (addr < end_addr) {
+switch (addr - NPCM7XX_MMC_BA) {
+case SDHC_PRNSTS:
+/* ignores bits 20 to 24: they are changed when reading registers 
*/
+mask = 0x1f0;
+g_assert_cmphex(qtest_readl(qts, addr) | mask, ==,
+NPCM7XX_PRSNTS_RESET | mask);
+addr += 4;
+break;
+case SDHC_BLKGAP:
+g_assert_cmphex(qtest_readb(qts, addr), ==, NPCM7XX_BLKGAP_RESET);
+addr += 1;
+break;
+case SDHC_CAPAB:
+g_assert_cmphex

Re: [PATCH] Fix null pointer dereference in util/fdmon-epoll.c

[Stefan Hajnoczi]

On Tue, Jan 11, 2022 at 08:10:59PM +0800, Daniella Lee wrote:
> Orginal qemu commit hash: de3f5223fa4cf8bfc5e3fe1fd495ddf468edcdf7
> In util/fdmon-epoll.c, function fdmon_epoll_update, variable "old_node" 
> maybe NULL with the condition, while it is directly used in the statement and 
> may lead to null pointer dereferencen problem.
> Variable "r" in the condition is the return value of epoll_ctl function,
> and will return -1 when failed.
> Therefore, the patch added a check and initialized the variable "r".
> 
> 
> Signed-off-by: Daniella Lee 
> ---
>  util/fdmon-epoll.c | 6 --
>  1 file changed, 4 insertions(+), 2 deletions(-)

Hi Daniella,
Thanks for the patch! How is the new_node == NULL && old_node == NULL
case reached?

The caller is util/aio-posix.c:aio_set_fd_handler():

  AioHandler *node;
  AioHandler *new_node = NULL;
  ...
  node = find_aio_handler(ctx, fd);

  /* Are we deleting the fd handler? */
  if (!io_read && !io_write && !io_poll) {
  if (node == NULL) {
  qemu_lockcnt_unlock(&ctx->list_lock);
  return; /* old_node == NULL && new_node == NULL */
  }
  ... /* old_node != NULL && new_node == NULL */
  } else {
  ...
  new_node = g_new0(AioHandler, 1);
  ...
  }
  /* (old_node != NULL && new_node == NULL) || (new_node != NULL) */
  ...
  ctx->fdmon_ops->update(ctx, node, new_node);

aio_set_fd_handler() returns early instead of calling ->update() when
old_node == NULL && new_node == NULL. It looks like the NULL pointer
dereference cannot happen and semantically it doesn't make sense to call
->update(ctx, NULL, NULL) since there is nothing to update so it's
unlikely to be called this way in the future.

Have I missed something?

Thanks,
Stefan

> diff --git a/util/fdmon-epoll.c b/util/fdmon-epoll.c
> index e11a8a022e..3c8b0de694 100644
> --- a/util/fdmon-epoll.c
> +++ b/util/fdmon-epoll.c
> @@ -38,10 +38,12 @@ static void fdmon_epoll_update(AioContext *ctx,
>  .data.ptr = new_node,
>  .events = new_node ? epoll_events_from_pfd(new_node->pfd.events) : 0,
>  };
> -int r;
> +int r = -1;
>  
>  if (!new_node) {
> -r = epoll_ctl(ctx->epollfd, EPOLL_CTL_DEL, old_node->pfd.fd, &event);
> +if (old_node) {
> +r = epoll_ctl(ctx->epollfd, EPOLL_CTL_DEL, old_node->pfd.fd, 
> &event);
> +}
>  } else if (!old_node) {
>  r = epoll_ctl(ctx->epollfd, EPOLL_CTL_ADD, new_node->pfd.fd, &event);
>  } else {
> -- 
> 2.17.1
> 


signature.asc
Description: PGP signature

Re: [PATCH v6 09/23] target/riscv: Implement AIA local interrupt priorities

[Frank Chang]

On Thu, Jan 13, 2022 at 6:45 PM Anup Patel  wrote:

> On Wed, Jan 12, 2022 at 8:30 AM Frank Chang 
> wrote:
> >
> > On Wed, Jan 12, 2022 at 1:18 AM Anup Patel  wrote:
> >>
> >>
> >>
> >> On Mon, Jan 10, 2022 at 6:38 PM Frank Chang 
> wrote:
> >> >
> >> > Anup Patel  於 2021年12月30日 週四 下午8:38寫道：
> >> >>
> >> >> From: Anup Patel 
> >> >>
> >> >> The AIA spec defines programmable 8-bit priority for each local
> interrupt
> >> >> at M-level, S-level and VS-level so we extend local interrupt
> processing
> >> >> to consider AIA interrupt priorities. The AIA CSRs which help
> software
> >> >> configure local interrupt priorities will be added by subsequent
> patches.
> >> >>
> >> >> Signed-off-by: Anup Patel 
> >> >> Signed-off-by: Anup Patel 
> >> >> Reviewed-by: Alistair Francis 
> >> >> ---
> >> >>  target/riscv/cpu.c|  19 
> >> >>  target/riscv/cpu.h|  12 ++
> >> >>  target/riscv/cpu_helper.c | 231
> ++
> >> >>  target/riscv/machine.c|   3 +
> >> >>  4 files changed, 244 insertions(+), 21 deletions(-)
> >> >>
> >> >> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> >> >> index 9f1a4d1088..9ad26035e1 100644
> >> >> --- a/target/riscv/cpu.c
> >> >> +++ b/target/riscv/cpu.c
> >> >> @@ -348,6 +348,10 @@ void restore_state_to_opc(CPURISCVState *env,
> TranslationBlock *tb,
> >> >>
> >> >>  static void riscv_cpu_reset(DeviceState *dev)
> >> >>  {
> >> >> +#ifndef CONFIG_USER_ONLY
> >> >> +uint8_t iprio;
> >> >> +int i, irq, rdzero;
> >> >> +#endif
> >> >>  CPUState *cs = CPU(dev);
> >> >>  RISCVCPU *cpu = RISCV_CPU(cs);
> >> >>  RISCVCPUClass *mcc = RISCV_CPU_GET_CLASS(cpu);
> >> >> @@ -370,6 +374,21 @@ static void riscv_cpu_reset(DeviceState *dev)
> >> >>  env->miclaim = MIP_SGEIP;
> >> >>  env->pc = env->resetvec;
> >> >>  env->two_stage_lookup = false;
> >> >> +
> >> >> +/* Initialized default priorities of local interrupts. */
> >> >> +for (i = 0; i < ARRAY_SIZE(env->miprio); i++) {
> >> >> +iprio = riscv_cpu_default_priority(i);
> >> >> +env->miprio[i] = (i == IRQ_M_EXT) ? 0 : iprio;
> >> >> +env->siprio[i] = (i == IRQ_S_EXT) ? 0 : iprio;
> >> >> +env->hviprio[i] = 0;
> >> >> +}
> >> >> +i = 0;
> >> >> +while (!riscv_cpu_hviprio_index2irq(i, &irq, &rdzero)) {
> >> >> +if (!rdzero) {
> >> >> +env->hviprio[irq] = env->miprio[irq];
> >> >> +}
> >> >> +i++;
> >> >> +}
> >> >>  /* mmte is supposed to have pm.current hardwired to 1 */
> >> >>  env->mmte |= (PM_EXT_INITIAL | MMTE_M_PM_CURRENT);
> >> >>  #endif
> >> >> diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
> >> >> index 02f3ef2c3c..140fabfdf9 100644
> >> >> --- a/target/riscv/cpu.h
> >> >> +++ b/target/riscv/cpu.h
> >> >> @@ -182,6 +182,10 @@ struct CPURISCVState {
> >> >>  target_ulong mcause;
> >> >>  target_ulong mtval;  /* since: priv-1.10.0 */
> >> >>
> >> >> +/* Machine and Supervisor interrupt priorities */
> >> >> +uint8_t miprio[64];
> >> >> +uint8_t siprio[64];
> >> >> +
> >> >>  /* Hypervisor CSRs */
> >> >>  target_ulong hstatus;
> >> >>  target_ulong hedeleg;
> >> >> @@ -194,6 +198,9 @@ struct CPURISCVState {
> >> >>  target_ulong hgeip;
> >> >>  uint64_t htimedelta;
> >> >>
> >> >> +/* Hypervisor controlled virtual interrupt priorities */
> >> >> +uint8_t hviprio[64];
> >> >> +
> >> >>  /* Virtual CSRs */
> >> >>  /*
> >> >>   * For RV32 this is 32-bit vsstatus and 32-bit vsstatush.
> >> >> @@ -379,6 +386,11 @@ int
> riscv_cpu_write_elf32_note(WriteCoreDumpFunction f, CPUState *cs,
> >> >> int cpuid, void *opaque);
> >> >>  int riscv_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int
> reg);
> >> >>  int riscv_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int
> reg);
> >> >> +int riscv_cpu_hviprio_index2irq(int index, int *out_irq, int
> *out_rdzero);
> >> >> +uint8_t riscv_cpu_default_priority(int irq);
> >> >> +int riscv_cpu_mirq_pending(CPURISCVState *env);
> >> >> +int riscv_cpu_sirq_pending(CPURISCVState *env);
> >> >> +int riscv_cpu_vsirq_pending(CPURISCVState *env);
> >> >>  bool riscv_cpu_fp_enabled(CPURISCVState *env);
> >> >>  target_ulong riscv_cpu_get_geilen(CPURISCVState *env);
> >> >>  void riscv_cpu_set_geilen(CPURISCVState *env, target_ulong geilen);
> >> >> diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
> >> >> index f94a36fa89..e3532de4cf 100644
> >> >> --- a/target/riscv/cpu_helper.c
> >> >> +++ b/target/riscv/cpu_helper.c
> >> >> @@ -151,36 +151,225 @@ void cpu_get_tb_cpu_state(CPURISCVState *env,
> target_ulong *pc,
> >> >>  }
> >> >>
> >> >>  #ifndef CONFIG_USER_ONLY
> >> >> -static int riscv_cpu_local_irq_pending(CPURISCVState *env)
> >> >> +
> >> >> +/*
> >> >> + * The HS-mode is allowed to configure priority only for the
> >> >> + * following VS-mode local interrupts:
> >> >> + *
> >> >> + * 0  (Res

Re: [PATCH v6 02/23] target/riscv: Implement SGEIP bit in hip and hie CSRs

[Frank Chang]

Anup Patel  於 2021年12月30日 週四 下午8:36寫道：

> From: Anup Patel 
>
> A hypervisor can optionally take guest external interrupts using
> SGEIP bit of hip and hie CSRs.
>
> Signed-off-by: Anup Patel 
> Signed-off-by: Anup Patel 
> Reviewed-by: Alistair Francis 
> ---
>  target/riscv/cpu.c  |  3 ++-
>  target/riscv/cpu_bits.h |  3 +++
>  target/riscv/csr.c  | 18 +++---
>  3 files changed, 16 insertions(+), 8 deletions(-)
>
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index 6ef3314bce..7d92ce7555 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -372,6 +372,7 @@ static void riscv_cpu_reset(DeviceState *dev)
>  env->mstatus = set_field(env->mstatus, MSTATUS64_UXL,
> env->misa_mxl);
>  }
>  env->mcause = 0;
> +env->miclaim = MIP_SGEIP;
>  env->pc = env->resetvec;
>  env->two_stage_lookup = false;
>  /* mmte is supposed to have pm.current hardwired to 1 */
> @@ -610,7 +611,7 @@ static void riscv_cpu_init(Object *obj)
>  cpu_set_cpustate_pointers(cpu);
>
>  #ifndef CONFIG_USER_ONLY
> -qdev_init_gpio_in(DEVICE(cpu), riscv_cpu_set_irq, 12);
> +qdev_init_gpio_in(DEVICE(cpu), riscv_cpu_set_irq, IRQ_LOCAL_MAX);
>  #endif /* CONFIG_USER_ONLY */
>  }
>
> diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
> index 1e31f4d35f..fe276d4b34 100644
> --- a/target/riscv/cpu_bits.h
> +++ b/target/riscv/cpu_bits.h
> @@ -534,6 +534,8 @@ typedef enum RISCVException {
>  #define IRQ_S_EXT  9
>  #define IRQ_VS_EXT 10
>  #define IRQ_M_EXT  11
> +#define IRQ_S_GEXT 12
> +#define IRQ_LOCAL_MAX  16
>
>  /* mip masks */
>  #define MIP_USIP   (1 << IRQ_U_SOFT)
> @@ -548,6 +550,7 @@ typedef enum RISCVException {
>  #define MIP_SEIP   (1 << IRQ_S_EXT)
>  #define MIP_VSEIP  (1 << IRQ_VS_EXT)
>  #define MIP_MEIP   (1 << IRQ_M_EXT)
> +#define MIP_SGEIP  (1 << IRQ_S_GEXT)
>
>  /* sip masks */
>  #define SIP_SSIP   MIP_SSIP
> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> index fd7110c38b..a4028f28e0 100644
> --- a/target/riscv/csr.c
> +++ b/target/riscv/csr.c
> @@ -446,12 +446,13 @@ static RISCVException read_timeh(CPURISCVState *env,
> int csrno,
>  #define M_MODE_INTERRUPTS  (MIP_MSIP | MIP_MTIP | MIP_MEIP)
>  #define S_MODE_INTERRUPTS  (MIP_SSIP | MIP_STIP | MIP_SEIP)
>  #define VS_MODE_INTERRUPTS (MIP_VSSIP | MIP_VSTIP | MIP_VSEIP)
> +#define HS_MODE_INTERRUPTS (MIP_SGEIP | VS_MODE_INTERRUPTS)
>
>  static const target_ulong delegable_ints = S_MODE_INTERRUPTS |
> VS_MODE_INTERRUPTS;
>  static const target_ulong vs_delegable_ints = VS_MODE_INTERRUPTS;
>  static const target_ulong all_ints = M_MODE_INTERRUPTS |
> S_MODE_INTERRUPTS |
> - VS_MODE_INTERRUPTS;
> + HS_MODE_INTERRUPTS;
>  #define DELEGABLE_EXCPS ((1ULL << (RISCV_EXCP_INST_ADDR_MIS)) | \
>   (1ULL << (RISCV_EXCP_INST_ACCESS_FAULT)) | \
>   (1ULL << (RISCV_EXCP_ILLEGAL_INST)) | \
> @@ -712,7 +713,7 @@ static RISCVException write_mideleg(CPURISCVState
> *env, int csrno,
>  {
>  env->mideleg = (env->mideleg & ~delegable_ints) | (val &
> delegable_ints);
>  if (riscv_has_ext(env, RVH)) {
> -env->mideleg |= VS_MODE_INTERRUPTS;
> +env->mideleg |= HS_MODE_INTERRUPTS;
>  }
>  return RISCV_EXCP_NONE;
>  }
> @@ -728,6 +729,9 @@ static RISCVException write_mie(CPURISCVState *env,
> int csrno,
>  target_ulong val)
>  {
>  env->mie = (env->mie & ~all_ints) | (val & all_ints);
> +if (!riscv_has_ext(env, RVH)) {
> +env->mie &= ~MIP_SGEIP;
> +}
>  return RISCV_EXCP_NONE;
>  }
>
> @@ -1023,7 +1027,7 @@ static RISCVException rmw_sip(CPURISCVState *env,
> int csrno,
>  }
>
>  if (ret_value) {
> -*ret_value &= env->mideleg;
> +*ret_value &= env->mideleg & S_MODE_INTERRUPTS;
>  }
>  return ret;
>  }
> @@ -1141,7 +1145,7 @@ static RISCVException rmw_hvip(CPURISCVState *env,
> int csrno,
>write_mask & hvip_writable_mask);
>
>  if (ret_value) {
> -*ret_value &= hvip_writable_mask;
> +*ret_value &= VS_MODE_INTERRUPTS;
>  }
>  return ret;
>  }
> @@ -1154,7 +1158,7 @@ static RISCVException rmw_hip(CPURISCVState *env,
> int csrno,
>write_mask & hip_writable_mask);
>
>  if (ret_value) {
> -*ret_value &= hip_writable_mask;
> +*ret_value &= HS_MODE_INTERRUPTS;
>  }
>  return ret;
>  }
> @@ -1162,14 +1166,14 @@ static RISCVException rmw_hip(CPURISCVState *env,
> int csrno,
>  static RISCVException read_hie(CPURISCVState *env, int csrno,
> target

Re: [PATCH 1/2] tpm: CRB: Use ram_device for "tpm-crb-cmd" region

[Eric Auger]

Hi Stefan,

On 1/13/22 3:06 PM, Stefan Berger wrote:
>
> On 1/13/22 05:37, Eric Auger wrote:
>> Representing the CRB cmd/response buffer as a standard
>> RAM region causes some trouble when the device is used
>> with VFIO. Indeed VFIO attempts to DMA_MAP this region
>> as usual RAM but this latter does not have a valid page
>> size alignment causing such an error report:
>> "vfio_listener_region_add received unaligned region".
>> To allow VFIO to detect that failing dma mapping
>> this region is not an issue, let's use a ram_device
>> memory region type instead.
>>
>> The change in meson.build is required to include the
>> cpu.h header.
>>
>> Signed-off-by: Eric Auger 
>> ---
>>   hw/tpm/meson.build |  2 +-
>>   hw/tpm/tpm_crb.c   | 10 --
>>   2 files changed, 9 insertions(+), 3 deletions(-)
>>
>> diff --git a/hw/tpm/meson.build b/hw/tpm/meson.build
>> index 1c68d81d6a..3e74df945b 100644
>> --- a/hw/tpm/meson.build
>> +++ b/hw/tpm/meson.build
>> @@ -1,8 +1,8 @@
>>   softmmu_ss.add(when: 'CONFIG_TPM_TIS', if_true:
>> files('tpm_tis_common.c'))
>>   softmmu_ss.add(when: 'CONFIG_TPM_TIS_ISA', if_true:
>> files('tpm_tis_isa.c'))
>>   softmmu_ss.add(when: 'CONFIG_TPM_TIS_SYSBUS', if_true:
>> files('tpm_tis_sysbus.c'))
>> -softmmu_ss.add(when: 'CONFIG_TPM_CRB', if_true: files('tpm_crb.c'))
>>
>> +specific_ss.add(when: 'CONFIG_TPM_CRB', if_true: files('tpm_crb.c'))
>>   specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TPM_TIS'],
>> if_true: files('tpm_ppi.c'))
>>   specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TPM_CRB'],
>> if_true: files('tpm_ppi.c'))
>>   specific_ss.add(when: 'CONFIG_TPM_SPAPR', if_true:
>> files('tpm_spapr.c'))
>> diff --git a/hw/tpm/tpm_crb.c b/hw/tpm/tpm_crb.c
>> index 58ebd1469c..25f8e685e4 100644
>> --- a/hw/tpm/tpm_crb.c
>> +++ b/hw/tpm/tpm_crb.c
>> @@ -25,6 +25,7 @@
>>   #include "sysemu/tpm_backend.h"
>>   #include "sysemu/tpm_util.h"
>>   #include "sysemu/reset.h"
>> +#include "cpu.h"
>>   #include "tpm_prop.h"
>>   #include "tpm_ppi.h"
>>   #include "trace.h"
>> @@ -43,6 +44,7 @@ struct CRBState {
>>
>>   bool ppi_enabled;
>>   TPMPPI ppi;
>> +    uint8_t *crb_cmd_buf;
>>   };
>>   typedef struct CRBState CRBState;
>>
>> @@ -291,10 +293,14 @@ static void tpm_crb_realize(DeviceState *dev,
>> Error **errp)
>>   return;
>>   }
>>
>> +    s->crb_cmd_buf = qemu_memalign(qemu_real_host_page_size,
>> +    HOST_PAGE_ALIGN(CRB_CTRL_CMD_SIZE));
>> +
>
> Do we need an unrealize function now to qemu_vfree() this memory?
I would say it is needed if the device can be hot-unplugged.
tpmppi->buf is not freeed either.

Thanks

Eric

>
>
>>   memory_region_init_io(&s->mmio, OBJECT(s), &tpm_crb_memory_ops, s,
>>   "tpm-crb-mmio", sizeof(s->regs));
>> -    memory_region_init_ram(&s->cmdmem, OBJECT(s),
>> -    "tpm-crb-cmd", CRB_CTRL_CMD_SIZE, errp);
>> +    memory_region_init_ram_device_ptr(&s->cmdmem, OBJECT(s),
>> "tpm-crb-cmd",
>> +  CRB_CTRL_CMD_SIZE,
>> s->crb_cmd_buf);
>> +    vmstate_register_ram(&s->cmdmem, DEVICE(s));
>>   memory_region_add_subregion(get_system_memory(),
>>   TPM_CRB_ADDR_BASE, &s->mmio);
>

[PATCH V2 for-6.2 0/2] fixes for bdrv_co_block_status

[Peter Lieven]

V1->V2:
 Patch 1: Treat a hole just like an unallocated area. [Ilya]
 Patch 2: Apply workaround only for pre-Quincy librbd versions and
  ensure default striping and non child images. [Ilya]

Peter Lieven (2):
  block/rbd: fix handling of holes in .bdrv_co_block_status
  block/rbd: workaround for ceph issue #53784

 block/rbd.c | 52 +---
 1 file changed, 45 insertions(+), 7 deletions(-)

-- 
2.25.1

[PATCH V2 for-6.2 1/2] block/rbd: fix handling of holes in .bdrv_co_block_status

[Peter Lieven]

the assumption that we can't hit a hole if we do not diff against a snapshot 
was wrong.

We can see a hole in an image if we diff against base if there exists an older 
snapshot
of the image and we have discarded blocks in the image where the snapshot has 
data.

Fix this by simply handling a hole like an unallocated area. There are no 
callbacks
for unallocated areas so just bail out if we hit a hole.

Fixes: 0347a8fd4c3faaedf119be04c197804be40a384b
Suggested-by: Ilya Dryomov 
Cc: qemu-sta...@nongnu.org
Signed-off-by: Peter Lieven 
---
 block/rbd.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/block/rbd.c b/block/rbd.c
index def96292e0..20bb896c4a 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -1279,11 +1279,11 @@ static int qemu_rbd_diff_iterate_cb(uint64_t offs, 
size_t len,
 RBDDiffIterateReq *req = opaque;
 
 assert(req->offs + req->bytes <= offs);
-/*
- * we do not diff against a snapshot so we should never receive a callback
- * for a hole.
- */
-assert(exists);
+
+/* treat a hole like an unallocated area and bail out */
+if (!exists) {
+return 0;
+}
 
 if (!req->exists && offs > req->offs) {
 /*
-- 
2.25.1

[PATCH V2 for-6.2 2/2] block/rbd: workaround for ceph issue #53784

[Peter Lieven]

librbd had a bug until early 2022 that affected all versions of ceph that
supported fast-diff. This bug results in reporting of incorrect offsets
if the offset parameter to rbd_diff_iterate2 is not object aligned.

This patch works around this bug for pre Quincy versions of librbd.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Peter Lieven 
---
 block/rbd.c | 42 --
 1 file changed, 40 insertions(+), 2 deletions(-)

diff --git a/block/rbd.c b/block/rbd.c
index 20bb896c4a..d174d51659 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -1320,6 +1320,7 @@ static int coroutine_fn 
qemu_rbd_co_block_status(BlockDriverState *bs,
 int status, r;
 RBDDiffIterateReq req = { .offs = offset };
 uint64_t features, flags;
+uint64_t head = 0;
 
 assert(offset + bytes <= s->image_size);
 
@@ -1347,7 +1348,43 @@ static int coroutine_fn 
qemu_rbd_co_block_status(BlockDriverState *bs,
 return status;
 }
 
-r = rbd_diff_iterate2(s->image, NULL, offset, bytes, true, true,
+#if LIBRBD_VERSION_CODE < LIBRBD_VERSION(1, 17, 0)
+/*
+ * librbd had a bug until early 2022 that affected all versions of ceph 
that
+ * supported fast-diff. This bug results in reporting of incorrect offsets
+ * if the offset parameter to rbd_diff_iterate2 is not object aligned.
+ * Work around this bug by rounding down the offset to object boundaries.
+ * This is OK because we call rbd_diff_iterate2 with whole_object = true.
+ * However, this workaround only works for non cloned images with default
+ * striping.
+ *
+ * See: https://tracker.ceph.com/issues/53784
+ */
+
+/*  check if RBD image has non-default striping enabled */
+if (features & RBD_FEATURE_STRIPINGV2) {
+return status;
+}
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+/*
+ * check if RBD image is a clone (= has a parent).
+ *
+ * rbd_get_parent_info is deprecated from Nautilus onwards, but the
+ * replacement rbd_get_parent is not present in Luminous and Mimic.
+ */
+if (rbd_get_parent_info(s->image, NULL, 0, NULL, 0, NULL, 0) != -ENOENT) {
+return status;
+}
+#pragma GCC diagnostic pop
+
+head = req.offs & (s->object_size - 1);
+req.offs -= head;
+bytes += head;
+#endif
+
+r = rbd_diff_iterate2(s->image, NULL, req.offs, bytes, true, true,
   qemu_rbd_diff_iterate_cb, &req);
 if (r < 0 && r != QEMU_RBD_EXIT_DIFF_ITERATE2) {
 return status;
@@ -1366,7 +1403,8 @@ static int coroutine_fn 
qemu_rbd_co_block_status(BlockDriverState *bs,
 status = BDRV_BLOCK_ZERO | BDRV_BLOCK_OFFSET_VALID;
 }
 
-*pnum = req.bytes;
+assert(req.bytes > head);
+*pnum = req.bytes - head;
 return status;
 }
 
-- 
2.25.1

[PATCH 1/2] printer: Introduce printer subsystem

[Ruien Zhang]

From: zhangruien 

This patch describes the skeleton of QEMU printer subsystem with a
dummy builtin driver.

Signed-off-by: zhangruien 
---
 MAINTAINERS   |   7 ++
 include/printer/printer.h |  42 ++
 meson.build   |  12 ++-
 meson_options.txt |   3 +
 printer/builtin.c |  61 +++
 printer/meson.build   |  14 
 printer/printer.c | 191 ++
 printer/trace-events  |   5 ++
 printer/trace.h   |   1 +
 qapi/meson.build  |   1 +
 qapi/printer.json |  47 
 qapi/qapi-schema.json |   1 +
 qemu-options.hx   |   8 ++
 softmmu/vl.c  |   4 +
 14 files changed, 396 insertions(+), 1 deletion(-)
 create mode 100644 include/printer/printer.h
 create mode 100644 printer/builtin.c
 create mode 100644 printer/meson.build
 create mode 100644 printer/printer.c
 create mode 100644 printer/trace-events
 create mode 100644 printer/trace.h
 create mode 100644 qapi/printer.json

diff --git a/MAINTAINERS b/MAINTAINERS
index c98a61caee..689f20d740 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3086,6 +3086,13 @@ F: hw/core/clock-vmstate.c
 F: hw/core/qdev-clock.c
 F: docs/devel/clocks.rst
 
+Printer Subsystem
+M: Ruien Zhang 
+S: Maintained
+F: include/printer
+F: printer
+F: qapi/printer.json
+
 Usermode Emulation
 --
 Overall usermode emulation
diff --git a/include/printer/printer.h b/include/printer/printer.h
new file mode 100644
index 00..c8afbc64c8
--- /dev/null
+++ b/include/printer/printer.h
@@ -0,0 +1,42 @@
+/*
+ * QEMU Printer subsystem header
+ *
+ * Copyright (c) 2022 ByteDance, Inc.
+ *
+ * Author:
+ *   Ruien Zhang 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef QEMU_PRINTER_H
+#define QEMU_PRINTER_H
+
+#include "hw/qdev-properties.h"
+#include "hw/qdev-properties-system.h"
+#include "qapi/qapi-types-printer.h"
+
+#define TYPE_PRINTERDEV "printerdev"
+
+struct QEMUPrinter {
+Object  *parent_obj;
+
+char *model;
+Printerdev *dev;
+
+QLIST_ENTRY(QEMUPrinter) list;
+};
+
+OBJECT_DECLARE_TYPE(QEMUPrinter, QEMUPrinterClass, PRINTERDEV)
+
+struct QEMUPrinterClass {
+ObjectClass parent_class;
+};
+
+void qemu_printer_new_from_opts(const char *opt);
+void qemu_printer_del(QEMUPrinter *printer);
+const char *qemu_printer_id(QEMUPrinter *printer);
+QEMUPrinter *qemu_printer_by_id(const char *id);
+
+#endif /* QEMU_PRINTER_H */
diff --git a/meson.build b/meson.build
index c1b1db1e28..b3db26190d 100644
--- a/meson.build
+++ b/meson.build
@@ -2397,6 +2397,7 @@ genh += hxdep
 authz_ss = ss.source_set()
 blockdev_ss = ss.source_set()
 block_ss = ss.source_set()
+printer_ss = ss.source_set()
 chardev_ss = ss.source_set()
 common_ss = ss.source_set()
 common_user_ss = ss.source_set()
@@ -2455,6 +2456,7 @@ if have_system
 'audio',
 'backends',
 'backends/tpm',
+'printer',
 'chardev',
 'ebpf',
 'hw/9pfs',
@@ -2574,6 +2576,7 @@ endif
 
 subdir('audio')
 subdir('io')
+subdir('printer')
 subdir('chardev')
 subdir('fsdev')
 subdir('dump')
@@ -2843,6 +2846,13 @@ libqmp = static_library('qmp', qmp_ss.sources() + genh,
 
 qmp = declare_dependency(link_whole: [libqmp])
 
+printer_ss = printer_ss.apply(config_host, strict: false)
+libprinter = static_library('printer', printer_ss.sources() + genh,
+name_suffix: 'fa',
+build_by_default: false)
+
+printer = declare_dependency(link_whole: libprinter)
+
 libchardev = static_library('chardev', chardev_ss.sources() + genh,
 name_suffix: 'fa',
 dependencies: [gnutls],
@@ -2869,7 +2879,7 @@ foreach m : block_mods + softmmu_mods
 install_dir: qemu_moddir)
 endforeach
 
-softmmu_ss.add(authz, blockdev, chardev, crypto, io, qmp)
+softmmu_ss.add(authz, blockdev, printer, chardev, crypto, io, qmp)
 common_ss.add(qom, qemuutil)
 
 common_ss.add_all(when: 'CONFIG_SOFTMMU', if_true: [softmmu_ss])
diff --git a/meson_options.txt b/meson_options.txt
index 921967eddb..5b3b502798 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -208,3 +208,6 @@ option('fdt', type: 'combo', value: 'auto',
 
 option('selinux', type: 'feature', value: 'auto',
description: 'SELinux support in qemu-nbd')
+
+option('printer', type: 'feature', value: 'auto',
+   description: 'Printer subsystem support')
diff --git a/printer/builtin.c b/printer/builtin.c
new file mode 100644
index 00..bc33a1d363
--- /dev/null
+++ b/printer/builtin.c
@@ -0,0 +1,61 @@
+/*
+ * QEMU Builtin printer backend
+ *
+ * Copyright (c) 2022 ByteDance, Inc.
+ *
+ * Author:
+ *   Ruien Zhang 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qe

[PATCH 0/2] Introduce printer subsystem and USB printer device

[Ruien Zhang]

From: zhangruien 

Currently, printer support in QEMU can generally be considered with these
approaches:

1) USB passthrough & redirection, with the limitation of flexibility and
   transport-specific issues that come along with.

2) Network reachability with network printers, which is also driver-specific,
   thus less friendly to small systems.

Driverless Printing [1] may or may not be network-dependent, the former is the
general case while the latter imposes less restraints on cloud environments, and
it doesn't necessarily mean that we have to follow the methods in 1) to achieve
this. Transport protocols targeted at devices such as USB printer class [2] with
the extension of IPP-over-USB [3] and many others can be integrated into QEMU,
presenting more flexibility and functionality.

This patchset introduces:

1) Skeleton of QEMU printer subsystem with a dummy builtin driver.

2) USB printer device emulation, with definitions in the extension of IPP-over-
   USB [3].

WIP:

1) QEMU printer subsystem interfaces, which will be finalized with a concrete
   backend driver.

2) IPP-over-USB implementation.

[1]: https://openprinting.github.io/driverless
[2]: https://www.usb.org/sites/default/files/usbprint11a021811.pdf
[3]: https://www.usb.org/document-library/ipp-protocol-10

zhangruien (2):
  printer: Introduce printer subsystem
  usb-printer: Introduce USB printer class

 MAINTAINERS |   7 +
 docs/system/devices/usb.rst |   3 +
 hw/usb/Kconfig  |   5 +
 hw/usb/dev-printer.c| 423 
 hw/usb/meson.build  |   1 +
 hw/usb/trace-events |  11 ++
 include/hw/usb/printer.h|  93 ++
 include/printer/printer.h   |  42 +
 meson.build |  12 +-
 meson_options.txt   |   3 +
 printer/builtin.c   |  61 +++
 printer/meson.build |  14 ++
 printer/printer.c   | 191 
 printer/trace-events|   5 +
 printer/trace.h |   1 +
 qapi/meson.build|   1 +
 qapi/printer.json   |  47 +
 qapi/qapi-schema.json   |   1 +
 qemu-options.hx |   8 +
 softmmu/vl.c|   4 +
 20 files changed, 932 insertions(+), 1 deletion(-)
 create mode 100644 hw/usb/dev-printer.c
 create mode 100644 include/hw/usb/printer.h
 create mode 100644 include/printer/printer.h
 create mode 100644 printer/builtin.c
 create mode 100644 printer/meson.build
 create mode 100644 printer/printer.c
 create mode 100644 printer/trace-events
 create mode 100644 printer/trace.h
 create mode 100644 qapi/printer.json

-- 
2.11.0

[PATCH 2/2] usb-printer: Introduce USB printer class

[Ruien Zhang]

From: zhangruien 

The USB printer device emulation is currently provided with:

1) Definitions and corresponding action handlers of class-specific
   requests with essential descriptors in USB Printer Class
   Specification 1.1 [1].

2) Extended definitions of interface protocol and class-specific
   descriptors in IPP-over-USB protocol 1.0 [2].

A usb printer device can be assembled with the following example of
command-line arguments:

-device piix4-usb-uhci,id=uhci,bus=pci.0 \
-device 
usb-printer,id=usb-printer0,printerdev=printer0,bus=uhci.0,terminal=printer \
-printerdev builtin,id=printer0

[1]: https://www.usb.org/sites/default/files/usbprint11a021811.pdf
[2]: https://www.usb.org/document-library/ipp-protocol-10

Signed-off-by: zhangruien 
---
 docs/system/devices/usb.rst |   3 +
 hw/usb/Kconfig  |   5 +
 hw/usb/dev-printer.c| 423 
 hw/usb/meson.build  |   1 +
 hw/usb/trace-events |  11 ++
 include/hw/usb/printer.h|  93 ++
 6 files changed, 536 insertions(+)
 create mode 100644 hw/usb/dev-printer.c
 create mode 100644 include/hw/usb/printer.h

diff --git a/docs/system/devices/usb.rst b/docs/system/devices/usb.rst
index afb7d6c226..6e87c3be11 100644
--- a/docs/system/devices/usb.rst
+++ b/docs/system/devices/usb.rst
@@ -199,6 +199,9 @@ option or the ``device_add`` monitor command. Available 
devices are:
 ``u2f-{emulated,passthru}``
Universal Second Factor device
 
+``usb-printer``
+   USB printer device
+
 Physical port addressing
 
 
diff --git a/hw/usb/Kconfig b/hw/usb/Kconfig
index 53f8283ffd..1b5a953cae 100644
--- a/hw/usb/Kconfig
+++ b/hw/usb/Kconfig
@@ -133,3 +133,8 @@ config XLNX_USB_SUBSYS
 bool
 default y if XLNX_VERSAL
 select USB_DWC3
+
+config USB_PRINTER
+bool
+default y
+depends on USB
diff --git a/hw/usb/dev-printer.c b/hw/usb/dev-printer.c
new file mode 100644
index 00..5905615961
--- /dev/null
+++ b/hw/usb/dev-printer.c
@@ -0,0 +1,423 @@
+/*
+ * USB Printer Device emulation
+ *
+ * Copyright (c) 2022 ByteDance, Inc.
+ *
+ * Author:
+ *   Ruien Zhang 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+/*
+ * References:
+ *   Universal Serial Bus Device Class Definition for Printing Devices,
+ *   version 1.1
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/module.h"
+#include "qemu/log.h"
+#include "qom/object.h"
+#include "qapi/error.h"
+#include "migration/vmstate.h"
+#include "hw/qdev-properties.h"
+#include "hw/usb.h"
+#include "hw/usb/printer.h"
+#include "printer/printer.h"
+#include "desc.h"
+#include "trace.h"
+
+#define USBPRINTER_VENDOR_NUM 0x46f4 /* CRC16() of "QEMU" */
+#define USBPRINTER_PRODUCT_NUM0xa1f3
+
+enum {
+STR_MANUFACTURER = 1,
+STR_PRODUCT,
+STR_SERIALNUMBER,
+STR_CONFIG_FULL,
+STR_CONFIG_HIGH,
+};
+
+static const USBDescStrings desc_strings = {
+[STR_MANUFACTURER] = "QEMU",
+[STR_PRODUCT]  = "QEMU USB Printer",
+[STR_SERIALNUMBER] = "1",
+[STR_CONFIG_FULL]  = "Full speed config (usb 1.1)",
+[STR_CONFIG_HIGH]  = "High speed config (usb 2.0)",
+};
+
+/*
+ * 5. Standard Descriptors
+ *
+ * "Printer Class devices support the following standard USB descriptors:
+ *  - Device. Each printer has one device descriptor.
+ *  - Configuration. Each device has one default configuration descriptor which
+ *supports at least one interface.
+ *  - Interface. A printer device has a single data interface with possible
+ *alternates.
+ *  - Endpoint. A printer device supports the following endpoints:
+ *  - Bulk OUT endpoint. Used for transfer of PDL/PCP data.
+ *  - Optional Bulk IN endpoint. Provides status and other return information."
+ */
+static const USBDescIface desc_iface_full = {
+.bInterfaceNumber  = 0,
+.bNumEndpoints = EP_NUMS_2,
+.bInterfaceClass   = USB_CLASS_PRINTER,
+.bInterfaceSubClass= SC_PRINTERS,
+.bInterfaceProtocol= PC_PROTOCOL_BIDIR_1284_4,
+.eps = (USBDescEndpoint[]) {
+{
+.bEndpointAddress  = USB_DIR_OUT | EP_NUM_BULK_OUT,
+.bmAttributes  = USB_ENDPOINT_XFER_BULK,
+.wMaxPacketSize= 64,
+},{
+.bEndpointAddress  = USB_DIR_IN | EP_NUM_BULK_IN,
+.bmAttributes  = USB_ENDPOINT_XFER_BULK,
+.wMaxPacketSize= 64,
+},
+},
+};
+
+static const USBDescDevice desc_device_full = {
+.bcdUSB= 0x0200,
+.bMaxPacketSize0   = 8,
+.bNumConfigurations= 1,
+.confs = (USBDescConfig[]) {
+{
+.bNumInterfaces= 1,
+.bConfigurationValue   = 1,
+.iConfiguration= STR_CONFIG_FULL,
+.bmAttributes  = USB_CFG_A

Re: [PATCH 3/4] acpi: fix OEM ID/OEM Table ID padding

[Dmitry V. Orekhov]

On 1/13/22 13:22, Ani Sinha wrote:


On Thu, 13 Jan 2022, Dmitry V. Orekhov wrote:

I can't apply the patch to the qemu-6.1.0 source code on my own.
There is no acpi_table_begin function in the qemu-6.1.0 source code
(hw/acpi/aml-buld.c).


Try the following patch :

 From 10620c384bf05f0a7561c1afd0ec8ad5af9b7c0f Mon Sep 17 00:00:00 2001
From: Ani Sinha 
Date: Thu, 13 Jan 2022 15:48:16 +0530
Subject: [PATCH] acpi: fix OEM ID/OEM Table ID padding for qemu 6.1.1

Replace whitespace padding with '\0' padding in accordance with spec
and expectations of guest OS.

Signed-off-by: Ani Sinha 
---
  hw/acpi/aml-build.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index d5103e6..0df053c 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1703,9 +1703,9 @@ build_header(BIOSLinker *linker, GArray *table_data,
  h->length = cpu_to_le32(len);
  h->revision = rev;

-strpadcpy((char *)h->oem_id, sizeof h->oem_id, oem_id, ' ');
+strpadcpy((char *)h->oem_id, sizeof h->oem_id, oem_id, '\0');
  strpadcpy((char *)h->oem_table_id, sizeof h->oem_table_id,
-  oem_table_id, ' ');
+  oem_table_id, '\0');

  h->oem_revision = cpu_to_le32(1);
  memcpy(h->asl_compiler_id, ACPI_BUILD_APPNAME8, 4);


The problem has been solved. Thanks.

Tested-by: Dmitry V. Orekhov dima.orek...@gmail.com

[PATCH v12 2/7] net/vmnet: add vmnet backends to qapi/net

[Vladislav Yaroshchuk]

Create separate netdevs for each vmnet operating mode:
- vmnet-host
- vmnet-shared
- vmnet-bridged

Signed-off-by: Vladislav Yaroshchuk 
---
 net/clients.h   |  11 
 net/meson.build |   7 +++
 net/net.c   |  10 
 net/vmnet-bridged.m |  25 +
 net/vmnet-common.m  |  20 +++
 net/vmnet-host.c|  24 
 net/vmnet-shared.c  |  25 +
 net/vmnet_int.h |  25 +
 qapi/net.json   | 133 +++-
 9 files changed, 278 insertions(+), 2 deletions(-)
 create mode 100644 net/vmnet-bridged.m
 create mode 100644 net/vmnet-common.m
 create mode 100644 net/vmnet-host.c
 create mode 100644 net/vmnet-shared.c
 create mode 100644 net/vmnet_int.h

diff --git a/net/clients.h b/net/clients.h
index 92f9b59aed..c9157789f2 100644
--- a/net/clients.h
+++ b/net/clients.h
@@ -63,4 +63,15 @@ int net_init_vhost_user(const Netdev *netdev, const char 
*name,
 
 int net_init_vhost_vdpa(const Netdev *netdev, const char *name,
 NetClientState *peer, Error **errp);
+#ifdef CONFIG_VMNET
+int net_init_vmnet_host(const Netdev *netdev, const char *name,
+  NetClientState *peer, Error **errp);
+
+int net_init_vmnet_shared(const Netdev *netdev, const char *name,
+  NetClientState *peer, Error **errp);
+
+int net_init_vmnet_bridged(const Netdev *netdev, const char *name,
+  NetClientState *peer, Error **errp);
+#endif /* CONFIG_VMNET */
+
 #endif /* QEMU_NET_CLIENTS_H */
diff --git a/net/meson.build b/net/meson.build
index 847bc2ac85..00a88c4951 100644
--- a/net/meson.build
+++ b/net/meson.build
@@ -42,4 +42,11 @@ softmmu_ss.add(when: 'CONFIG_POSIX', if_true: 
files(tap_posix))
 softmmu_ss.add(when: 'CONFIG_WIN32', if_true: files('tap-win32.c'))
 softmmu_ss.add(when: 'CONFIG_VHOST_NET_VDPA', if_true: files('vhost-vdpa.c'))
 
+vmnet_files = files(
+  'vmnet-common.m',
+  'vmnet-bridged.m',
+  'vmnet-host.c',
+  'vmnet-shared.c'
+)
+softmmu_ss.add(when: vmnet, if_true: vmnet_files)
 subdir('can')
diff --git a/net/net.c b/net/net.c
index f0d14dbfc1..1dbb64b935 100644
--- a/net/net.c
+++ b/net/net.c
@@ -1021,6 +1021,11 @@ static int (* const 
net_client_init_fun[NET_CLIENT_DRIVER__MAX])(
 #ifdef CONFIG_L2TPV3
 [NET_CLIENT_DRIVER_L2TPV3]= net_init_l2tpv3,
 #endif
+#ifdef CONFIG_VMNET
+[NET_CLIENT_DRIVER_VMNET_HOST] = net_init_vmnet_host,
+[NET_CLIENT_DRIVER_VMNET_SHARED] = net_init_vmnet_shared,
+[NET_CLIENT_DRIVER_VMNET_BRIDGED] = net_init_vmnet_bridged,
+#endif /* CONFIG_VMNET */
 };
 
 
@@ -1106,6 +,11 @@ void show_netdevs(void)
 #endif
 #ifdef CONFIG_VHOST_VDPA
 "vhost-vdpa",
+#endif
+#ifdef CONFIG_VMNET
+"vmnet-host",
+"vmnet-shared",
+"vmnet-bridged",
 #endif
 };
 
diff --git a/net/vmnet-bridged.m b/net/vmnet-bridged.m
new file mode 100644
index 00..4e42a90391
--- /dev/null
+++ b/net/vmnet-bridged.m
@@ -0,0 +1,25 @@
+/*
+ * vmnet-bridged.m
+ *
+ * Copyright(c) 2021 Vladislav Yaroshchuk 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/qapi-types-net.h"
+#include "vmnet_int.h"
+#include "clients.h"
+#include "qemu/error-report.h"
+#include "qapi/error.h"
+
+#include 
+
+int net_init_vmnet_bridged(const Netdev *netdev, const char *name,
+   NetClientState *peer, Error **errp)
+{
+  error_setg(errp, "vmnet-bridged is not implemented yet");
+  return -1;
+}
diff --git a/net/vmnet-common.m b/net/vmnet-common.m
new file mode 100644
index 00..532d152840
--- /dev/null
+++ b/net/vmnet-common.m
@@ -0,0 +1,20 @@
+/*
+ * vmnet-common.m - network client wrapper for Apple vmnet.framework
+ *
+ * Copyright(c) 2021 Vladislav Yaroshchuk 
+ * Copyright(c) 2021 Phillip Tennen 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/qapi-types-net.h"
+#include "vmnet_int.h"
+#include "clients.h"
+#include "qemu/error-report.h"
+#include "qapi/error.h"
+
+#include 
+
diff --git a/net/vmnet-host.c b/net/vmnet-host.c
new file mode 100644
index 00..4a5ef99dc7
--- /dev/null
+++ b/net/vmnet-host.c
@@ -0,0 +1,24 @@
+/*
+ * vmnet-host.c
+ *
+ * Copyright(c) 2021 Vladislav Yaroshchuk 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/qapi-types-net.h"
+#include "vmnet_int.h"
+#include "clients.h"
+#include "qemu/error-report.h"
+#include "qapi/error.h"
+
+#include 
+
+int net_init_vmnet_host(const Netdev *netdev, const char *name,
+NetClientState *peer, Error **errp) {
+  error_setg(errp, "vmnet-host is not implemented yet");
+  return -1;
+}

Re: [PATCH 3/4] acpi: fix OEM ID/OEM Table ID padding

[Dmitry V. Orekhov]

On 1/12/22 16:03, Igor Mammedov wrote:

Commit [2] broke original '\0' padding of OEM ID and OEM Table ID
fields in headers of ACPI tables. While it doesn't have impact on
default values since QEMU uses 6 and 8 characters long values
respectively, it broke usecase where IDs are provided on QEMU CLI.
It shouldn't affect guest (but may cause licensing verification
issues in guest OS).
One of the broken usecases is user supplied SLIC table with IDs
shorter than max possible length, where [2] mangles IDs with extra
spaces in RSDT and FADT tables whereas guest OS expects those to
mirror the respective values of the used SLIC table.

Fix it by replacing whitespace padding with '\0' padding in
accordance with [1] and expectations of guest OS

1) ACPI spec, v2.0b
17.2 AML Grammar Definition
...
//OEM ID of up to 6 characters. If the OEM ID is
//shorter than 6 characters, it can be terminated
//with a NULL character.

2)
Fixes: 602b458201 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
Resolves:https://gitlab.com/qemu-project/qemu/-/issues/707
Reported-by: Dmitry V. Orekhov
Signed-off-by: Igor Mammedov
Cc:qemu-sta...@nongnu.org
---
  hw/acpi/aml-build.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index b3b3310df3..65148d5b9d 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1724,9 +1724,9 @@ void acpi_table_begin(AcpiTable *desc, GArray *array)
  build_append_int_noprefix(array, 0, 4); /* Length */
  build_append_int_noprefix(array, desc->rev, 1); /* Revision */
  build_append_int_noprefix(array, 0, 1); /* Checksum */
-build_append_padded_str(array, desc->oem_id, 6, ' '); /* OEMID */
+build_append_padded_str(array, desc->oem_id, 6, '\0'); /* OEMID */
  /* OEM Table ID */
-build_append_padded_str(array, desc->oem_table_id, 8, ' ');
+build_append_padded_str(array, desc->oem_table_id, 8, '\0');
  build_append_int_noprefix(array, 1, 4); /* OEM Revision */
  g_array_append_vals(array, ACPI_BUILD_APPNAME8, 4); /* Creator ID */
  build_append_int_noprefix(array, 1, 4); /* Creator Revision */


I can't apply the patch to the qemu-6.1.0 source code on my own.
There is no acpi_table_begin function in the qemu-6.1.0 source code 
(hw/acpi/aml-buld.c).

[PATCH v12 0/7] Add vmnet.framework based network backend

[Vladislav Yaroshchuk]

macOS provides networking API for VMs called 'vmnet.framework':
https://developer.apple.com/documentation/vmnet

We can provide its support as the new QEMU network backends which
represent three different vmnet.framework interface usage modes:

  * `vmnet-shared`:
allows the guest to communicate with other guests in shared mode and
also with external network (Internet) via NAT. Has (macOS-provided)
DHCP server; subnet mask and IP range can be configured;

  * `vmnet-host`:
allows the guest to communicate with other guests in host mode.
By default has enabled DHCP as `vmnet-shared`, but providing
network unique id (uuid) can make `vmnet-host` interfaces isolated
from each other and also disables DHCP.

  * `vmnet-bridged`:
bridges the guest with a physical network interface.

This backends cannot work on macOS Catalina 10.15 cause we use
vmnet.framework API provided only with macOS 11 and newer. Seems
that it is not a problem, because QEMU guarantees to work on two most
recent versions of macOS which now are Big Sur (11) and Monterey (12).

Also, we have one inconvenient restriction: vmnet.framework interfaces
can create only privileged user:
`$ sudo qemu-system-x86_64 -nic vmnet-shared`

Attempt of `vmnet-*` netdev creation being unprivileged user fails with
vmnet's 'general failure'.

This happens because vmnet.framework requires `com.apple.vm.networking`
entitlement which is: "restricted to developers of virtualization software.
To request this entitlement, contact your Apple representative." as Apple
documentation says:
https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_vm_networking

One more note: we still have quite useful but not supported
'vmnet.framework' features as creating port forwarding rules, IPv6
NAT prefix specifying and so on.

Nevertheless, new backends work fine and tested within `qemu-system-x86-64`
on macOS Bir Sur 11.5.2 host with such nic models:
  * e1000-82545em
  * virtio-net-pci
  * vmxnet3

The guests were:
  * macOS 10.15.7
  * Ubuntu Bionic (server cloudimg)


This series partially reuses patches by Phillip Tennen:
https://patchew.org/QEMU/20210218134947.1860-1-phillip.en...@gmail.com/
So I included them signed-off line into one of the commit messages and
also here.

v1 -> v2:
 Since v1 minor typos were fixed, patches rebased onto latest master,
 redundant changes removed (small commits squashed)
v2 -> v3:
 - QAPI style fixes
 - Typos fixes in comments
 - `#include`'s updated to be in sync with recent master
v3 -> v4:
 - Support vmnet interfaces isolation feature
 - Support vmnet-host network uuid setting feature
 - Refactored sources a bit
v4 -> v5:
 - Missed 6.2 boat, now 7.0 candidate
 - Fix qapi netdev descriptions and styles
   (@subnetmask -> @subnet-mask)
 - Support vmnet-shared IPv6 prefix setting feature
v5 -> v6
 - provide detailed commit messages for commits of
   many changes
 - rename properties @dhcpstart and @dhcpend to
   @start-address and @end-address
 - improve qapi documentation about isolation
   features (@isolated, @net-uuid)
v6 -> v7:
 - update MAINTAINERS list
v7 -> v8
 - QAPI code style fixes
v8 -> v9
 - Fix building on Linux: add missing qapi
   `'if': 'CONFIG_VMNET'` statement to Netdev union
v9 -> v10
 - Disable vmnet feature for macOS < 11.0: add
   vmnet.framework API probe into meson.build.
   This fixes QEMU building on macOS < 11.0:
   https://patchew.org/QEMU/20220110034000.20221-1-jasow...@redhat.com/
v10 -> v11
 - Enable vmnet for macOS 10.15 with subset of available
   features. Disable vmnet for macOS < 10.15.
 - Fix typos
v11 -> v12
 - use more general macOS version check with
   MAC_OS_VERSION_11_0 instead of manual
   definition creating.

Vladislav Yaroshchuk (7):
  net/vmnet: add vmnet dependency and customizable option
  net/vmnet: add vmnet backends to qapi/net
  net/vmnet: implement shared mode (vmnet-shared)
  net/vmnet: implement host mode (vmnet-host)
  net/vmnet: implement bridged mode (vmnet-bridged)
  net/vmnet: update qemu-options.hx
  net/vmnet: update MAINTAINERS list

 MAINTAINERS   |   5 +
 meson.build   |  16 +-
 meson_options.txt |   2 +
 net/clients.h |  11 ++
 net/meson.build   |   7 +
 net/net.c |  10 +
 net/vmnet-bridged.m   | 120 
 net/vmnet-common.m| 333 ++
 net/vmnet-host.c  | 122 +
 net/vmnet-shared.c| 100 ++
 net/vmnet_int.h   |  48 +
 qapi/net.json | 133 +-
 qemu-options.hx   |  25 +++
 scripts/meson-buildoptions.sh |   3 +
 14 files changed, 932 insertions(+), 3 deletions(-)
 create mode 100644 net/vmnet-bridged.m
 create mode 100644 net/vmnet-common.m
 create mode 100644 net/vmnet-host.c
 create mode 100644 net/vmnet-shared.c
 create mode 100644 net/vmnet_int.h

-- 
2.23.0

[PATCH v12 1/7] net/vmnet: add vmnet dependency and customizable option

[Vladislav Yaroshchuk]

vmnet.framework dependency is added with 'vmnet' option
to enable or disable it. Default value is 'auto'.

vmnet features to be used are available since macOS 11.0,
corresponding probe is created into meson.build.

Signed-off-by: Vladislav Yaroshchuk 
---
 meson.build   | 16 +++-
 meson_options.txt |  2 ++
 scripts/meson-buildoptions.sh |  3 +++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/meson.build b/meson.build
index c1b1db1e28..285fb7bc41 100644
--- a/meson.build
+++ b/meson.build
@@ -496,6 +496,18 @@ if cocoa.found() and get_option('gtk').enabled()
   error('Cocoa and GTK+ cannot be enabled at the same time')
 endif
 
+vmnet = dependency('appleframeworks', modules: 'vmnet', required: 
get_option('vmnet'))
+if vmnet.found() and not cc.has_header_symbol('vmnet/vmnet.h',
+  'VMNET_BRIDGED_MODE',
+  dependencies: vmnet)
+  vmnet = not_found
+  if get_option('vmnet').enabled()
+error('vmnet.framework API is outdated')
+  else
+warning('vmnet.framework API is outdated, disabling')
+  endif
+endif
+
 seccomp = not_found
 if not get_option('seccomp').auto() or have_system or have_tools
   seccomp = dependency('libseccomp', version: '>=2.3.0',
@@ -1492,6 +1504,7 @@ config_host_data.set('CONFIG_SECCOMP', seccomp.found())
 config_host_data.set('CONFIG_SNAPPY', snappy.found())
 config_host_data.set('CONFIG_USB_LIBUSB', libusb.found())
 config_host_data.set('CONFIG_VDE', vde.found())
+config_host_data.set('CONFIG_VMNET', vmnet.found())
 config_host_data.set('CONFIG_VHOST_USER_BLK_SERVER', 
have_vhost_user_blk_server)
 config_host_data.set('CONFIG_VNC', vnc.found())
 config_host_data.set('CONFIG_VNC_JPEG', jpeg.found())
@@ -3406,7 +3419,8 @@ summary(summary_info, bool_yn: true, section: 'Crypto')
 # Libraries
 summary_info = {}
 if targetos == 'darwin'
-  summary_info += {'Cocoa support':   cocoa}
+  summary_info += {'Cocoa support':   cocoa}
+  summary_info += {'vmnet.framework support': vmnet}
 endif
 summary_info += {'SDL support':   sdl}
 summary_info += {'SDL image support': sdl_image}
diff --git a/meson_options.txt b/meson_options.txt
index 921967eddb..701e1381f9 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -151,6 +151,8 @@ option('netmap', type : 'feature', value : 'auto',
description: 'netmap network backend support')
 option('vde', type : 'feature', value : 'auto',
description: 'vde network backend support')
+option('vmnet', type : 'feature', value : 'auto',
+   description: 'vmnet.framework network backend support')
 option('virglrenderer', type : 'feature', value : 'auto',
description: 'virgl rendering support')
 option('vnc', type : 'feature', value : 'auto',
diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh
index 50bd7bed4d..cdcece4b05 100644
--- a/scripts/meson-buildoptions.sh
+++ b/scripts/meson-buildoptions.sh
@@ -84,6 +84,7 @@ meson_options_help() {
   printf "%s\n" '  u2f U2F emulation support'
   printf "%s\n" '  usb-redir   libusbredir support'
   printf "%s\n" '  vde vde network backend support'
+  printf "%s\n" '  vmnet   vmnet.framework network backend support'
   printf "%s\n" '  vhost-user-blk-server'
   printf "%s\n" '  build vhost-user-blk server'
   printf "%s\n" '  virglrenderer   virgl rendering support'
@@ -248,6 +249,8 @@ _meson_option_parse() {
 --disable-usb-redir) printf "%s" -Dusb_redir=disabled ;;
 --enable-vde) printf "%s" -Dvde=enabled ;;
 --disable-vde) printf "%s" -Dvde=disabled ;;
+--enable-vmnet) printf "%s" -Dvmnet=enabled ;;
+--disable-vmnet) printf "%s" -Dvmnet=disabled ;;
 --enable-vhost-user-blk-server) printf "%s" 
-Dvhost_user_blk_server=enabled ;;
 --disable-vhost-user-blk-server) printf "%s" 
-Dvhost_user_blk_server=disabled ;;
 --enable-virglrenderer) printf "%s" -Dvirglrenderer=enabled ;;
-- 
2.23.0

[PATCH v12 5/7] net/vmnet: implement bridged mode (vmnet-bridged)

[Vladislav Yaroshchuk]

Signed-off-by: Vladislav Yaroshchuk 
---
 net/vmnet-bridged.m | 105 +---
 1 file changed, 100 insertions(+), 5 deletions(-)

diff --git a/net/vmnet-bridged.m b/net/vmnet-bridged.m
index 4e42a90391..f528af036c 100644
--- a/net/vmnet-bridged.m
+++ b/net/vmnet-bridged.m
@@ -10,16 +10,111 @@
 
 #include "qemu/osdep.h"
 #include "qapi/qapi-types-net.h"
-#include "vmnet_int.h"
-#include "clients.h"
-#include "qemu/error-report.h"
 #include "qapi/error.h"
+#include "clients.h"
+#include "vmnet_int.h"
 
 #include 
 
+typedef struct VmnetBridgedState {
+  VmnetCommonState cs;
+} VmnetBridgedState;
+
+static bool validate_ifname(const char *ifname)
+{
+xpc_object_t shared_if_list = vmnet_copy_shared_interface_list();
+__block bool match = false;
+
+xpc_array_apply(
+shared_if_list,
+^bool(size_t index, xpc_object_t value) {
+  if (strcmp(xpc_string_get_string_ptr(value), ifname) == 0) {
+  match = true;
+  return false;
+  }
+  return true;
+});
+
+return match;
+}
+
+static const char *get_valid_ifnames(void)
+{
+xpc_object_t shared_if_list = vmnet_copy_shared_interface_list();
+__block char *if_list = NULL;
+
+xpc_array_apply(
+shared_if_list,
+^bool(size_t index, xpc_object_t value) {
+  if_list = g_strconcat(xpc_string_get_string_ptr(value),
+" ",
+if_list,
+NULL);
+  return true;
+});
+
+if (if_list) {
+return if_list;
+}
+return "[no interfaces]";
+}
+
+static xpc_object_t create_if_desc(const Netdev *netdev, Error **errp)
+{
+const NetdevVmnetBridgedOptions *options = &(netdev->u.vmnet_bridged);
+xpc_object_t if_desc = xpc_dictionary_create(NULL, NULL, 0);
+
+xpc_dictionary_set_uint64(
+if_desc,
+vmnet_operation_mode_key,
+VMNET_BRIDGED_MODE
+);
+
+#if defined(MAC_OS_VERSION_11_0) && \
+MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_VERSION_11_0
+xpc_dictionary_set_bool(
+if_desc,
+vmnet_enable_isolation_key,
+options->isolated
+);
+#else
+if (options->has_isolated) {
+error_setg(errp,
+   "vmnet-bridged.isolated feature is "
+   "unavailable: outdated vmnet.framework API");
+}
+#endif
+
+if (validate_ifname(options->ifname)) {
+xpc_dictionary_set_string(if_desc,
+  vmnet_shared_interface_name_key,
+  options->ifname);
+} else {
+return NULL;
+}
+return if_desc;
+}
+
+static NetClientInfo net_vmnet_bridged_info = {
+.type = NET_CLIENT_DRIVER_VMNET_BRIDGED,
+.size = sizeof(VmnetBridgedState),
+.receive = vmnet_receive_common,
+.cleanup = vmnet_cleanup_common,
+};
+
 int net_init_vmnet_bridged(const Netdev *netdev, const char *name,
NetClientState *peer, Error **errp)
 {
-  error_setg(errp, "vmnet-bridged is not implemented yet");
-  return -1;
+NetClientState *nc = qemu_new_net_client(&net_vmnet_bridged_info,
+ peer, "vmnet-bridged", name);
+xpc_object_t if_desc = create_if_desc(netdev, errp);;
+
+if (!if_desc) {
+error_setg(errp,
+   "unsupported ifname, should be one of: %s",
+   get_valid_ifnames());
+return -1;
+}
+
+return vmnet_if_create(nc, if_desc, errp, NULL);
 }
-- 
2.23.0

[PATCH v12 4/7] net/vmnet: implement host mode (vmnet-host)

[Vladislav Yaroshchuk]

Signed-off-by: Vladislav Yaroshchuk 
---
 net/vmnet-host.c | 110 ---
 1 file changed, 104 insertions(+), 6 deletions(-)

diff --git a/net/vmnet-host.c b/net/vmnet-host.c
index 4a5ef99dc7..90430dcb1a 100644
--- a/net/vmnet-host.c
+++ b/net/vmnet-host.c
@@ -9,16 +9,114 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/uuid.h"
 #include "qapi/qapi-types-net.h"
-#include "vmnet_int.h"
-#include "clients.h"
-#include "qemu/error-report.h"
 #include "qapi/error.h"
+#include "clients.h"
+#include "vmnet_int.h"
 
 #include 
 
+typedef struct VmnetHostState {
+  VmnetCommonState cs;
+  QemuUUID network_uuid;
+} VmnetHostState;
+
+static xpc_object_t create_if_desc(const Netdev *netdev,
+   NetClientState *nc,
+   Error **errp)
+{
+const NetdevVmnetHostOptions *options = &(netdev->u.vmnet_host);
+
+xpc_object_t if_desc = xpc_dictionary_create(NULL, NULL, 0);
+
+xpc_dictionary_set_uint64(
+if_desc,
+vmnet_operation_mode_key,
+VMNET_HOST_MODE
+);
+
+#if defined(MAC_OS_VERSION_11_0) && \
+MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_VERSION_11_0
+
+VmnetCommonState *cs = DO_UPCAST(VmnetCommonState, nc, nc);
+VmnetHostState *hs = DO_UPCAST(VmnetHostState, cs, cs);
+
+xpc_dictionary_set_bool(
+if_desc,
+vmnet_enable_isolation_key,
+options->isolated
+);
+
+if (options->has_net_uuid) {
+if (qemu_uuid_parse(options->net_uuid, &hs->network_uuid) < 0) {
+error_setg(errp, "Invalid UUID provided in 'net-uuid'");
+}
+
+xpc_dictionary_set_uuid(
+if_desc,
+vmnet_network_identifier_key,
+hs->network_uuid.data
+);
+}
+#else
+if (options->has_isolated) {
+error_setg(errp,
+   "vmnet-host.isolated feature is "
+   "unavailable: outdated vmnet.framework API");
+}
+
+if (options->has_net_uuid) {
+error_setg(errp,
+   "vmnet-host.net-uuid feature is "
+   "unavailable: outdated vmnet.framework API");
+}
+#endif
+
+if (options->has_start_address ||
+options->has_end_address ||
+options->has_subnet_mask) {
+
+if (options->has_start_address &&
+options->has_end_address &&
+options->has_subnet_mask) {
+
+xpc_dictionary_set_string(if_desc,
+  vmnet_start_address_key,
+  options->start_address);
+xpc_dictionary_set_string(if_desc,
+  vmnet_end_address_key,
+  options->end_address);
+xpc_dictionary_set_string(if_desc,
+  vmnet_subnet_mask_key,
+  options->subnet_mask);
+} else {
+error_setg(
+errp,
+"'start-address', 'end-address', 'subnet-mask' "
+"should be provided together"
+);
+}
+}
+
+return if_desc;
+}
+
+static NetClientInfo net_vmnet_host_info = {
+.type = NET_CLIENT_DRIVER_VMNET_HOST,
+.size = sizeof(VmnetHostState),
+.receive = vmnet_receive_common,
+.cleanup = vmnet_cleanup_common,
+};
+
 int net_init_vmnet_host(const Netdev *netdev, const char *name,
-NetClientState *peer, Error **errp) {
-  error_setg(errp, "vmnet-host is not implemented yet");
-  return -1;
+NetClientState *peer, Error **errp)
+{
+NetClientState *nc;
+xpc_object_t if_desc;
+
+nc = qemu_new_net_client(&net_vmnet_host_info,
+ peer, "vmnet-host", name);
+if_desc = create_if_desc(netdev, nc, errp);
+return vmnet_if_create(nc, if_desc, errp, NULL);
 }
-- 
2.23.0

[PATCH v12 3/7] net/vmnet: implement shared mode (vmnet-shared)

[Vladislav Yaroshchuk]

Interaction with vmnet.framework in different modes
differs only on configuration stage, so we can create
common `send`, `receive`, etc. procedures and reuse them.

vmnet.framework supports iov, but writing more than
one iov into vmnet interface fails with
'VMNET_INVALID_ARGUMENT'. Collecting provided iovs into
one and passing it to vmnet works fine. That's the
reason why receive_iov() left unimplemented. But it still
works with good enough performance having .receive()
implemented only.

Also, there is no way to unsubscribe from vmnet packages
receiving except registering and unregistering event
callback or simply drop packages just ignoring and
not processing them when related flag is set. Here we do
using the second way.

Signed-off-by: Phillip Tennen 
Signed-off-by: Vladislav Yaroshchuk 
---
 net/vmnet-common.m | 313 +
 net/vmnet-shared.c |  83 +++-
 net/vmnet_int.h|  23 
 3 files changed, 415 insertions(+), 4 deletions(-)

diff --git a/net/vmnet-common.m b/net/vmnet-common.m
index 532d152840..45c983ac7f 100644
--- a/net/vmnet-common.m
+++ b/net/vmnet-common.m
@@ -10,6 +10,8 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/main-loop.h"
+#include "qemu/log.h"
 #include "qapi/qapi-types-net.h"
 #include "vmnet_int.h"
 #include "clients.h"
@@ -17,4 +19,315 @@
 #include "qapi/error.h"
 
 #include 
+#include 
 
+#ifdef DEBUG
+#define D(x) x
+#define D_LOG(...) qemu_log(__VA_ARGS__)
+#else
+#define D(x) do { } while (0)
+#define D_LOG(...) do { } while (0)
+#endif
+
+typedef struct vmpktdesc vmpktdesc_t;
+typedef struct iovec iovec_t;
+
+static void vmnet_set_send_enabled(VmnetCommonState *s, bool enable)
+{
+s->send_enabled = enable;
+}
+
+
+static void vmnet_send_completed(NetClientState *nc, ssize_t len)
+{
+VmnetCommonState *s = DO_UPCAST(VmnetCommonState, nc, nc);
+vmnet_set_send_enabled(s, true);
+}
+
+
+static void vmnet_send(NetClientState *nc,
+   interface_event_t event_id,
+   xpc_object_t event)
+{
+assert(event_id == VMNET_INTERFACE_PACKETS_AVAILABLE);
+
+VmnetCommonState *s;
+uint64_t packets_available;
+
+struct iovec *iov;
+struct vmpktdesc *packets;
+int pkt_cnt;
+int i;
+
+vmnet_return_t if_status;
+ssize_t size;
+
+s = DO_UPCAST(VmnetCommonState, nc, nc);
+
+packets_available = xpc_dictionary_get_uint64(
+event,
+vmnet_estimated_packets_available_key
+);
+
+pkt_cnt = (packets_available < VMNET_PACKETS_LIMIT) ?
+  packets_available :
+  VMNET_PACKETS_LIMIT;
+
+
+iov = s->iov_buf;
+packets = s->packets_buf;
+
+for (i = 0; i < pkt_cnt; ++i) {
+packets[i].vm_pkt_size = s->max_packet_size;
+packets[i].vm_pkt_iovcnt = 1;
+packets[i].vm_flags = 0;
+}
+
+if_status = vmnet_read(s->vmnet_if, packets, &pkt_cnt);
+if (if_status != VMNET_SUCCESS) {
+error_printf("vmnet: read failed: %s\n",
+ vmnet_status_map_str(if_status));
+}
+qemu_mutex_lock_iothread();
+for (i = 0; i < pkt_cnt; ++i) {
+size = qemu_send_packet_async(nc,
+  iov[i].iov_base,
+  packets[i].vm_pkt_size,
+  vmnet_send_completed);
+if (size == 0) {
+vmnet_set_send_enabled(s, false);
+} else if (size < 0) {
+break;
+}
+}
+qemu_mutex_unlock_iothread();
+
+}
+
+
+static void vmnet_register_event_callback(VmnetCommonState *s)
+{
+dispatch_queue_t avail_pkt_q = dispatch_queue_create(
+"org.qemu.vmnet.if_queue",
+DISPATCH_QUEUE_SERIAL
+);
+
+vmnet_interface_set_event_callback(
+s->vmnet_if,
+VMNET_INTERFACE_PACKETS_AVAILABLE,
+avail_pkt_q,
+^(interface_event_t event_id, xpc_object_t event) {
+  if (s->send_enabled) {
+  vmnet_send(&s->nc, event_id, event);
+  }
+});
+}
+
+
+static void vmnet_bufs_init(VmnetCommonState *s)
+{
+int i;
+struct vmpktdesc *packets;
+struct iovec *iov;
+
+packets = s->packets_buf;
+iov = s->iov_buf;
+
+for (i = 0; i < VMNET_PACKETS_LIMIT; ++i) {
+iov[i].iov_len = s->max_packet_size;
+iov[i].iov_base = g_malloc0(iov[i].iov_len);
+packets[i].vm_pkt_iov = iov + i;
+}
+}
+
+
+const char *vmnet_status_map_str(vmnet_return_t status)
+{
+switch (status) {
+case VMNET_SUCCESS:
+return "success";
+case VMNET_FAILURE:
+return "general failure";
+case VMNET_MEM_FAILURE:
+return "memory allocation failure";
+case VMNET_INVALID_ARGUMENT:
+return "invalid argument specified";
+case VMNET_SETUP_INCOMPLETE:
+return "interface setup is not complete";
+case VMNET_INVALID_ACCESS:
+return "invalid access, permission denied";
+case VMNET_PACKET_TOO_BIG:
+  

[PATCH v12 7/7] net/vmnet: update MAINTAINERS list

[Vladislav Yaroshchuk]

Signed-off-by: Vladislav Yaroshchuk 
---
 MAINTAINERS | 5 +
 1 file changed, 5 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index c98a61caee..638d129305 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2641,6 +2641,11 @@ W: http://info.iet.unipi.it/~luigi/netmap/
 S: Maintained
 F: net/netmap.c
 
+Apple vmnet network backends
+M: Vladislav Yaroshchuk 
+S: Maintained
+F: net/vmnet*
+
 Host Memory Backends
 M: David Hildenbrand 
 M: Igor Mammedov 
-- 
2.23.0

[PATCH v12 6/7] net/vmnet: update qemu-options.hx

[Vladislav Yaroshchuk]

Signed-off-by: Vladislav Yaroshchuk 
---
 qemu-options.hx | 25 +
 1 file changed, 25 insertions(+)

diff --git a/qemu-options.hx b/qemu-options.hx
index ec90505d84..81dd34f550 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2732,6 +2732,25 @@ DEF("netdev", HAS_ARG, QEMU_OPTION_netdev,
 #ifdef __linux__
 "-netdev vhost-vdpa,id=str,vhostdev=/path/to/dev\n"
 "configure a vhost-vdpa network,Establish a vhost-vdpa 
netdev\n"
+#endif
+#ifdef CONFIG_VMNET
+"-netdev vmnet-host,id=str[,isolated=on|off][,net-uuid=uuid]\n"
+" [,start-address=addr,end-address=addr,subnet-mask=mask]\n"
+"configure a vmnet network backend in host mode with ID 
'str',\n"
+"isolate this interface from others with 'isolated',\n"
+"configure the address range and choose a subnet mask,\n"
+"specify network UUID 'uuid' to disable DHCP and interact 
with\n"
+"vmnet-host interfaces within this isolated network\n"
+"-netdev vmnet-shared,id=str[,isolated=on|off][,nat66-prefix=addr]\n"
+" [,start-address=addr,end-address=addr,subnet-mask=mask]\n"
+"configure a vmnet network backend in shared mode with ID 
'str',\n"
+"configure the address range and choose a subnet mask,\n"
+"set IPv6 ULA prefix (of length 64) to use for internal 
network,\n"
+"isolate this interface from others with 'isolated'\n"
+"-netdev vmnet-bridged,id=str,ifname=name[,isolated=on|off]\n"
+"configure a vmnet network backend in bridged mode with ID 
'str',\n"
+"use 'ifname=name' to select a physical network interface 
to be bridged,\n"
+"isolate this interface from others with 'isolated'\n"
 #endif
 "-netdev hubport,id=str,hubid=n[,netdev=nd]\n"
 "configure a hub port on the hub with ID 'n'\n", 
QEMU_ARCH_ALL)
@@ -2751,6 +2770,9 @@ DEF("nic", HAS_ARG, QEMU_OPTION_nic,
 #endif
 #ifdef CONFIG_POSIX
 "vhost-user|"
+#endif
+#ifdef CONFIG_VMNET
+"vmnet-host|vmnet-shared|vmnet-bridged|"
 #endif
 "socket][,option][,...][mac=macaddr]\n"
 "initialize an on-board / default host NIC (using MAC 
address\n"
@@ -2773,6 +2795,9 @@ DEF("net", HAS_ARG, QEMU_OPTION_net,
 #endif
 #ifdef CONFIG_NETMAP
 "netmap|"
+#endif
+#ifdef CONFIG_VMNET
+"vmnet-host|vmnet-shared|vmnet-bridged|"
 #endif
 "socket][,option][,option][,...]\n"
 "old way to initialize a host network interface\n"
-- 
2.23.0

[PATCH] ppc/ppc405: Fix TLB flushing

[Cédric Le Goater]

Commit cd0c6f473532 did not take into account 405 CPUs when adding
support to batching of TCG tlb flushes. Set the TLB_NEED_LOCAL_FLUSH
flags when the SPR_40x_PID is switched and when the TLB updated.

Cc: Thomas Huth 
Cc: Christophe Leroy 
Cc: Fabiano Rosas 
Fixes: cd0c6f473532 ("ppc: Do some batching of TCG tlb flushes")
Signed-off-by: Cédric Le Goater 
---
 target/ppc/mmu_helper.c | 2 ++
 1 file changed, 2 insertions(+)

It's alive ! Thanks to all :) 

...
printk: console [ttyS0] enabled
ef600300.serial: ttyS1 at MMIO 0xef600300 (irq = 17, base_baud = 119047) is 
a 16550
brd: module loaded
libphy: Fixed MDIO Bus: probed
e1000: Intel(R) PRO/1000 Network Driver
e1000: Copyright (c) 1999-2006 Intel Corporation.
e1000 0008:00:01.0: enabling device ( -> 0003)
e1000 0008:00:01.0 eth0: (PCI:33MHz:32-bit) 52:54:00:12:34:56
e1000 0008:00:01.0 eth0: Intel(R) PRO/1000 Network Connection
drmem: No dynamic reconfiguration memory found
Freeing unused kernel image (initmem) memory: 152K
Kernel memory protection not selected by kernel config.
Run /init as init process
process '/bin/busybox' started with executable stack
Starting syslogd: OK
Starting klogd: OK
Running sysctl: OK
Saving random seed: random: dd: uninitialized urandom read (512 bytes read)
OK
Starting network: e1000 0008:00:01.0 eth0: Unable to allocate interrupt 
Error: -22
ip: SIOCSIFFLAGS: Invalid argument
FAIL

Welcome to Buildroot
buildroot login: root
Jan  1 00:00:18 login[123]: root login on 'ttyS0'
# cat /proc/cpuinfo
processor: 0
cpu: 405EP
clock: 133.33MHz
revision: 9.80 (pvr 5121 0950)
bogomips: 266.66

timebase: 1
platform: PowerPC 40x Platform
model: est,hotfoot
Memory: 128 MB
# poweroff
# Stopping network: ifdown: interface eth0 not configured
OK
Saving random seed: random: dd: uninitialized urandom read (512 bytes read)
OK
Stopping klogd: OK
Stopping syslogd: start-stop-daemon: warning: killing process 45: No such 
process
FAIL
umount: devtmpfs busy - remounted read-only
umount: can't unmount /: Invalid argument
The system is going down NOW!
Sent SIGTERM to all processes
Sent SIGKILL to all processes
Requesting system poweroff
reboot: System halted
System Halted, OK to turn off power
QEMU 6.2.50 monitor - type 'help' for more information


diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
index 59df6952aea1..ccca16979965 100644
--- a/target/ppc/mmu_helper.c
+++ b/target/ppc/mmu_helper.c
@@ -682,6 +682,7 @@ target_ulong helper_4xx_tlbre_hi(CPUPPCState *env, 
target_ulong entry)
 }
 ret |= size << PPC4XX_TLBHI_SIZE_SHIFT;
 env->spr[SPR_40x_PID] = tlb->PID;
+env->tlb_need_flush |= TLB_NEED_LOCAL_FLUSH;
 return ret;
 }
 
@@ -794,6 +795,7 @@ void helper_4xx_tlbwe_lo(CPUPPCState *env, target_ulong 
entry,
   tlb->prot & PAGE_WRITE ? 'w' : '-',
   tlb->prot & PAGE_EXEC ? 'x' : '-',
   tlb->prot & PAGE_VALID ? 'v' : '-', (int)tlb->PID);
+env->tlb_need_flush |= TLB_NEED_LOCAL_FLUSH;
 }
 
 target_ulong helper_4xx_tlbsx(CPUPPCState *env, target_ulong address)
-- 
2.31.1

Re: [PULL v2 21/36] backends: move dbus-vmstate1.xml to backends/

[Peter Maydell]

On Tue, 21 Dec 2021 at 07:04,  wrote:
>
> From: Marc-André Lureau 
>
> Although not used by the backend itself, use a common location for
> documentation and sharing purposes.
>
> Signed-off-by: Marc-André Lureau 
> Acked-by: Gerd Hoffmann 
> ---
>  {tests/qtest => backends}/dbus-vmstate1.xml | 0
>  tests/qtest/meson.build | 2 +-
>  2 files changed, 1 insertion(+), 1 deletion(-)
>  rename {tests/qtest => backends}/dbus-vmstate1.xml (100%)
>
> diff --git a/tests/qtest/dbus-vmstate1.xml b/backends/dbus-vmstate1.xml
> similarity index 100%
> rename from tests/qtest/dbus-vmstate1.xml
> rename to backends/dbus-vmstate1.xml
> diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
> index ebeac59b3f95..913e987409d5 100644
> --- a/tests/qtest/meson.build
> +++ b/tests/qtest/meson.build
> @@ -98,7 +98,7 @@ if dbus_daemon.found() and 
> config_host.has_key('GDBUS_CODEGEN')
>#qtests_i386 += ['dbus-vmstate-test']
>dbus_vmstate1 = custom_target('dbus-vmstate description',
>  output: ['dbus-vmstate1.h', 
> 'dbus-vmstate1.c'],
> -input: files('dbus-vmstate1.xml'),
> +input: meson.source_root() / 
> 'backends/dbus-vmstate1.xml',
>  command: [config_host['GDBUS_CODEGEN'],
>'@INPUT@',
>'--interface-prefix', 'org.qemu',

This use of meson.source_root() makes meson complain:

WARNING: Project targeting '>=0.58.2' but tried to use feature
deprecated since '0.56.0': meson.source_root. use
meson.project_source_root() or meson.global_source_root() instead.
[...]
WARNING: Deprecated features used:
 * 0.56.0: {'meson.source_root'}

I'm not sure which of the two suggested replacements is correct here,
but could you find out and send a patch, please ?

thanks
-- PMM

Re: [PATCH] docs/can: convert to restructuredText

[Lucas Ramage]

Hi Peter,

Thanks for that.

The next on the list is docs/ccid.txt, should this go in the same "Device 
Emulation / Emulated Devices" section? It mentions USB at the top.

Regards,

‐‐‐ Original Message ‐‐‐

On Thursday, January 13th, 2022 at 6:37 AM, Peter Maydell 
 wrote:

> On Wed, 5 Jan 2022 at 20:56, oxr...@gmx.us wrote:
>
> > From: Lucas Ramage lucas.ram...@infinite-omicron.com
> >
> > Buglink: https://gitlab.com/qemu-project/qemu/-/issues/527
> >
> > Signed-off-by: Lucas Ramage lucas.ram...@infinite-omicron.com
> > -
> >
> > docs/{can.txt => system/can.rst} | 92 ++--
> >
> > docs/system/index.rst | 1 +
> >
> > 2 files changed, 42 insertions(+), 51 deletions(-)
> >
> > rename docs/{can.txt => system/can.rst} (68%)
>
> Hi Lucas; thanks for this docs-conversion patch. It looks
>
> good to me, except that I think that rather than putting
>
> the new document in the top-level index of the system manual
>
> it would fit better in the "Device Emulation / Emulated Devices"
>
> subsection, where we already document things like USB devices.
>
> Rather than ask you to respin the patch again for what is
>
> basically just a "git mv", I'm going to take this patch via
>
> my target-arm tree and make that change there.
>
> Thanks
>
> -- PMM

[PATCH v8] isa-applesmc: provide OSK forwarding on Apple hosts

[Vladislav Yaroshchuk]

On Apple hosts we can read AppleSMC OSK key directly from host's
SMC and forward this value to QEMU Guest.

New 'hostosk' property is added:
* `-device isa-applesmc,hostosk=on`
The property is set to 'on' by default for machine version > 6.2

Apple licence allows use and run up to two additional copies
or instances of macOS operating system within virtual operating system
environments on each Apple-branded computer that is already running
the Apple Software, for purposes of:
 * software development
 * testing during software development
 * using macOS Server
 * personal, non-commercial use

Guest macOS requires AppleSMC with correct OSK. The most legal
way to pass it to the Guest is to forward the key from host SMC
without any value exposion.

Based on 
https://web.archive.org/web/20200103161737/osxbook.com/book/bonus/chapter7/tpmdrmmyth/

Signed-off-by: Vladislav Yaroshchuk 
---
 hw/core/machine.c  |   4 +-
 hw/misc/applesmc.c | 125 +++--
 2 files changed, 125 insertions(+), 4 deletions(-)

diff --git a/hw/core/machine.c b/hw/core/machine.c
index debcdc0e70..ea70be0270 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -37,7 +37,9 @@
 #include "hw/virtio/virtio.h"
 #include "hw/virtio/virtio-pci.h"
 
-GlobalProperty hw_compat_6_2[] = {};
+GlobalProperty hw_compat_6_2[] = {
+{ "isa-applesmc", "hostosk", "off" }
+};
 const size_t hw_compat_6_2_len = G_N_ELEMENTS(hw_compat_6_2);
 
 GlobalProperty hw_compat_6_1[] = {
diff --git a/hw/misc/applesmc.c b/hw/misc/applesmc.c
index 1b9acaf1d3..99bcc937f9 100644
--- a/hw/misc/applesmc.c
+++ b/hw/misc/applesmc.c
@@ -37,6 +37,11 @@
 #include "qemu/module.h"
 #include "qemu/timer.h"
 #include "qom/object.h"
+#include "qapi/error.h"
+
+#if defined(__APPLE__) && defined(__MACH__)
+#include 
+#endif
 
 /* #define DEBUG_SMC */
 
@@ -80,7 +85,7 @@ enum {
 #define smc_debug(...) do { } while (0)
 #endif
 
-static char default_osk[64] = "This is a dummy key. Enter the real key "
+static char default_osk[65] = "This is a dummy key. Enter the real key "
   "using the -osk parameter";
 
 struct AppleSMCData {
@@ -109,6 +114,7 @@ struct AppleSMCState {
 uint8_t data_pos;
 uint8_t data[255];
 char *osk;
+bool hostosk;
 QLIST_HEAD(, AppleSMCData) data_def;
 };
 
@@ -312,6 +318,101 @@ static const MemoryRegionOps applesmc_err_io_ops = {
 },
 };
 
+#if defined(__APPLE__) && defined(__MACH__)
+/*
+ * Based on
+ * 
https://web.archive.org/web/20200103161737/osxbook.com/book/bonus/chapter7/tpmdrmmyth/
+ */
+enum {
+SMC_HANDLE_EVENT = 2,
+SMC_READ_KEY = 5
+};
+
+struct AppleSMCParam {
+uint32_t key;
+uint8_t pad0[22];
+IOByteCount data_size;
+uint8_t pad1[10];
+uint8_t command;
+uint32_t pad2;
+uint8_t bytes[32];
+};
+
+static bool applesmc_read_host_osk(char *host_osk, Error **errp)
+{
+assert(host_osk != NULL);
+
+io_service_t hostsmc_service = IO_OBJECT_NULL;
+io_connect_t hostsmc_connect = IO_OBJECT_NULL;
+size_t smc_param_size = sizeof(struct AppleSMCParam);
+IOReturn status = kIOReturnError;
+int i;
+
+struct AppleSMCParam smc_param[2] = {
+ {
+ .key = ('OSK0'),
+ .data_size = sizeof(smc_param[0].bytes),
+ .command = SMC_READ_KEY,
+ }, {
+ .key = ('OSK1'),
+ .data_size = sizeof(smc_param[0].bytes),
+ .command = SMC_READ_KEY,
+ },
+};
+
+hostsmc_service = IOServiceGetMatchingService(
+kIOMasterPortDefault,
+IOServiceMatching("AppleSMC"));
+if (hostsmc_service == IO_OBJECT_NULL) {
+error_setg(errp, "Unable to get host-AppleSMC service");
+goto error;
+}
+
+status = IOServiceOpen(hostsmc_service,
+   mach_task_self(),
+   0,
+   &hostsmc_connect);
+if (status != kIOReturnSuccess || hostsmc_connect == IO_OBJECT_NULL) {
+error_setg(errp, "Unable to open host-AppleSMC service");
+goto error;
+}
+
+for (i = 0; i < ARRAY_SIZE(smc_param); ++i) {
+status = IOConnectCallStructMethod(
+hostsmc_connect,
+SMC_HANDLE_EVENT,
+&smc_param[i],
+sizeof(struct AppleSMCParam),
+&smc_param[i],
+&smc_param_size
+);
+
+if (status != kIOReturnSuccess) {
+error_setg(errp, "Unable to read OSK from host-AppleSMC");
+goto error;
+}
+}
+
+memcpy(host_osk, smc_param[0].bytes, 32);
+memcpy(host_osk + 32, smc_param[1].bytes, 32);
+
+IOServiceClose(hostsmc_connect);
+IOObjectRelease(hostsmc_service);
+return true;
+
+error:
+IOServiceClose(hostsmc_connect);
+IOObjectRelease(hostsmc_service);
+return false;
+}
+#else
+static bool applesmc_read_host_osk(char *host_osk, Error **errp)
+{
+error_setg(errp, "OSK

Re: [PATCH v4 2/5] target/s390x: Fix SRDA CC calculation

[David Hildenbrand]

On 12.01.22 17:50, Ilya Leoshkevich wrote:
> SRDA uses r1_D32 for binding the first operand and s64 for setting CC.
> cout_s64() relies on o->out being the shift result, however,
> wout_r1_D32() clobbers it.
> 
> Fix by using a temporary.
> 
> Fixes: a79ba3398a0a ("target-s390: Convert SHIFT DOUBLE")
> Signed-off-by: Ilya Leoshkevich 
> ---
>  target/s390x/tcg/translate.c | 6 --
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
> index f180853e7a..766b4c87b2 100644
> --- a/target/s390x/tcg/translate.c
> +++ b/target/s390x/tcg/translate.c
> @@ -5420,9 +5420,11 @@ static void wout_r1_P32(DisasContext *s, DisasOps *o)
>  static void wout_r1_D32(DisasContext *s, DisasOps *o)
>  {
>  int r1 = get_field(s, r1);
> +TCGv_i64 t = tcg_temp_new_i64();
>  store_reg32_i64(r1 + 1, o->out);
> -tcg_gen_shri_i64(o->out, o->out, 32);
> -store_reg32_i64(r1, o->out);
> +tcg_gen_shri_i64(t, o->out, 32);
> +store_reg32_i64(r1, t);
> +tcg_temp_free_i64(t);
>  }
>  #define SPEC_wout_r1_D32 SPEC_r1_even
>  

Reviewed-by: David Hildenbrand 

-- 
Thanks,

David / dhildenb

[PATCH v2] virtiofsd: Do not support blocking flock

[Sebastian Hasler]

With the current implementation, blocking flock can lead to
deadlock. Thus, it's better to return EOPNOTSUPP if a user attempts
to perform a blocking flock request.

Signed-off-by: Sebastian Hasler 
---
 tools/virtiofsd/passthrough_ll.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 64b5b4fbb1..faa62278c5 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -2442,6 +2442,15 @@ static void lo_flock(fuse_req_t req, fuse_ino_t ino, 
struct fuse_file_info *fi,
 int res;
 (void)ino;
 
+if (!(op & LOCK_NB)) {
+/*
+ * Blocking flock can deadlock as there is only one thread
+ * serving the queue.
+ */
+fuse_reply_err(req, EOPNOTSUPP);
+return;
+}
+
 res = flock(lo_fi_fd(req, fi), op);
 
 fuse_reply_err(req, res == -1 ? errno : 0);
-- 
2.33.1

Re: [PATCH v11 1/7] net/vmnet: add vmnet dependency and customizable option

[Vladislav Yaroshchuk]

Fixed in v12. Thank you!

ср, 12 янв. 2022 г. в 19:53, Roman Bolshakov :

> On Wed, Jan 12, 2022 at 03:21:44PM +0300, Vladislav Yaroshchuk wrote:
> > vmnet.framework dependency is added with 'vmnet' option
> > to enable or disable it. Default value is 'auto'.
> >
> > vmnet features to be used are available since macOS 11.0,
> > corresponding probe is created into meson.build.
> >
> > Signed-off-by: Vladislav Yaroshchuk 
> > ---
> >  meson.build   | 23 ++-
> >  meson_options.txt |  2 ++
> >  scripts/meson-buildoptions.sh |  3 +++
> >  3 files changed, 27 insertions(+), 1 deletion(-)
> >
> > diff --git a/meson.build b/meson.build
> > index c1b1db1e28..b912c9cb91 100644
> > --- a/meson.build
> > +++ b/meson.build
> > @@ -496,6 +496,24 @@ if cocoa.found() and get_option('gtk').enabled()
> >error('Cocoa and GTK+ cannot be enabled at the same time')
> >  endif
> >
> > +vmnet = dependency('appleframeworks', modules: 'vmnet', required:
> get_option('vmnet'))
> > +vmnet_11_0_api = false
> > +if vmnet.found() and not cc.has_header_symbol('vmnet/vmnet.h',
> > +  'VMNET_BRIDGED_MODE',
> > +  dependencies: vmnet)
> > +  vmnet = not_found
> > +  if get_option('vmnet').enabled()
> > +error('vmnet.framework API is outdated')
> > +  else
> > +warning('vmnet.framework API is outdated, disabling')
> > +  endif
> > +endif
> > +if vmnet.found() and cc.has_header_symbol('vmnet/vmnet.h',
> > +  'VMNET_SHARING_SERVICE_BUSY',
> > +  dependencies: vmnet)
> > +  vmnet_11_0_api = true
> > +endif
> > +
> >  seccomp = not_found
> >  if not get_option('seccomp').auto() or have_system or have_tools
> >seccomp = dependency('libseccomp', version: '>=2.3.0',
> > @@ -1492,6 +1510,8 @@ config_host_data.set('CONFIG_SECCOMP',
> seccomp.found())
> >  config_host_data.set('CONFIG_SNAPPY', snappy.found())
> >  config_host_data.set('CONFIG_USB_LIBUSB', libusb.found())
> >  config_host_data.set('CONFIG_VDE', vde.found())
> > +config_host_data.set('CONFIG_VMNET', vmnet.found())
> > +config_host_data.set('CONFIG_VMNET_11_0_API', vmnet_11_0_api)
>
> Hi Vladislav,
>
> There might be more functionality coming in the next macOS versions but
> we likely don't want to add them as extra CONFIG defines. Instead we
> wrap new symbols/functions/code that are avaialble above Big Sur in the
> code as:
>
> #if defined(MAC_OS_VERSION_11_0) && \
> MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_VERSION_11_0
>
> xpc_dictionary_set_bool(
> if_desc,
> vmnet_enable_isolation_key,
> options->isolated
> );
>
> #endif
>
> Please see similar thread here:
> https://lists.gnu.org/archive/html/qemu-devel/2022-01/msg01915.html
>
> Thanks,
> Roman
>
> >  config_host_data.set('CONFIG_VHOST_USER_BLK_SERVER',
> have_vhost_user_blk_server)
> >  config_host_data.set('CONFIG_VNC', vnc.found())
> >  config_host_data.set('CONFIG_VNC_JPEG', jpeg.found())
> > @@ -3406,7 +3426,8 @@ summary(summary_info, bool_yn: true, section:
> 'Crypto')
> >  # Libraries
> >  summary_info = {}
> >  if targetos == 'darwin'
> > -  summary_info += {'Cocoa support':   cocoa}
> > +  summary_info += {'Cocoa support':   cocoa}
> > +  summary_info += {'vmnet.framework support': vmnet}
> >  endif
> >  summary_info += {'SDL support':   sdl}
> >  summary_info += {'SDL image support': sdl_image}
> > diff --git a/meson_options.txt b/meson_options.txt
> > index 921967eddb..701e1381f9 100644
> > --- a/meson_options.txt
> > +++ b/meson_options.txt
> > @@ -151,6 +151,8 @@ option('netmap', type : 'feature', value : 'auto',
> > description: 'netmap network backend support')
> >  option('vde', type : 'feature', value : 'auto',
> > description: 'vde network backend support')
> > +option('vmnet', type : 'feature', value : 'auto',
> > +   description: 'vmnet.framework network backend support')
> >  option('virglrenderer', type : 'feature', value : 'auto',
> > description: 'virgl rendering support')
> >  option('vnc', type : 'feature', value : 'auto',
> > diff --git a/scripts/meson-buildoptions.sh
> b/scripts/meson-buildoptions.sh
> > index 50bd7bed4d..cdcece4b05 100644
> > --- a/scripts/meson-buildoptions.sh
> > +++ b/scripts/meson-buildoptions.sh
> > @@ -84,6 +84,7 @@ meson_options_help() {
> >printf "%s\n" '  u2f U2F emulation support'
> >printf "%s\n" '  usb-redir   libusbredir support'
> >printf "%s\n" '  vde vde network backend support'
> > +  printf "%s\n" '  vmnet   vmnet.framework network backend
> support'
> >printf "%s\n" '  vhost-user-blk-server'
> >printf "%s\n" '  build vhost-user-blk server'
> >printf "%s\n" '  virglrenderer   virgl rendering support'
> > @@ -248,6 +249,8 @@ _meson_option_parse() {
> >  --disable-usb-redir) printf "%s" -Dusb_

Re: [PATCH 1/2] tpm: CRB: Use ram_device for "tpm-crb-cmd" region

[Stefan Berger]

On 1/13/22 09:40, Eric Auger wrote:


Hi Stefan,

On 1/13/22 3:06 PM, Stefan Berger wrote:

On 1/13/22 05:37, Eric Auger wrote:

Representing the CRB cmd/response buffer as a standard
RAM region causes some trouble when the device is used
with VFIO. Indeed VFIO attempts to DMA_MAP this region
as usual RAM but this latter does not have a valid page
size alignment causing such an error report:
"vfio_listener_region_add received unaligned region".
To allow VFIO to detect that failing dma mapping
this region is not an issue, let's use a ram_device
memory region type instead.

The change in meson.build is required to include the
cpu.h header.

Signed-off-by: Eric Auger 
---
   hw/tpm/meson.build |  2 +-
   hw/tpm/tpm_crb.c   | 10 --
   2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/hw/tpm/meson.build b/hw/tpm/meson.build
index 1c68d81d6a..3e74df945b 100644
--- a/hw/tpm/meson.build
+++ b/hw/tpm/meson.build
@@ -1,8 +1,8 @@
   softmmu_ss.add(when: 'CONFIG_TPM_TIS', if_true:
files('tpm_tis_common.c'))
   softmmu_ss.add(when: 'CONFIG_TPM_TIS_ISA', if_true:
files('tpm_tis_isa.c'))
   softmmu_ss.add(when: 'CONFIG_TPM_TIS_SYSBUS', if_true:
files('tpm_tis_sysbus.c'))
-softmmu_ss.add(when: 'CONFIG_TPM_CRB', if_true: files('tpm_crb.c'))

+specific_ss.add(when: 'CONFIG_TPM_CRB', if_true: files('tpm_crb.c'))
   specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TPM_TIS'],
if_true: files('tpm_ppi.c'))
   specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TPM_CRB'],
if_true: files('tpm_ppi.c'))
   specific_ss.add(when: 'CONFIG_TPM_SPAPR', if_true:
files('tpm_spapr.c'))
diff --git a/hw/tpm/tpm_crb.c b/hw/tpm/tpm_crb.c
index 58ebd1469c..25f8e685e4 100644
--- a/hw/tpm/tpm_crb.c
+++ b/hw/tpm/tpm_crb.c
@@ -25,6 +25,7 @@
   #include "sysemu/tpm_backend.h"
   #include "sysemu/tpm_util.h"
   #include "sysemu/reset.h"
+#include "cpu.h"
   #include "tpm_prop.h"
   #include "tpm_ppi.h"
   #include "trace.h"
@@ -43,6 +44,7 @@ struct CRBState {

   bool ppi_enabled;
   TPMPPI ppi;
+    uint8_t *crb_cmd_buf;
   };
   typedef struct CRBState CRBState;

@@ -291,10 +293,14 @@ static void tpm_crb_realize(DeviceState *dev,
Error **errp)
   return;
   }

+    s->crb_cmd_buf = qemu_memalign(qemu_real_host_page_size,
+    HOST_PAGE_ALIGN(CRB_CTRL_CMD_SIZE));
+

Do we need an unrealize function now to qemu_vfree() this memory?

I would say it is needed if the device can be hot-unplugged.
tpmppi->buf is not freeed either.



Correct about PPI. My main concern would be the CRB related test cases 
that likely currently run without PPI but now could complain about a 
memory leak upon shutdown. I tried to compile with --enable-sanitizers 
and run the tests but it doesn't compile when the sanitizers are enabled.



FAILED: libcommon.fa.p/disas_i386.c.o
cc -m64 -mcx16 -Ilibcommon.fa.p -I../capstone/include/capstone 
-I../dtc/libfdt -I../slirp -I../slirp/src -I/usr/include/pixman-1 
-I/usr/include/p11-kit-1 -I/usr/include/glib-2.0 
-I/usr/lib64/glib-2.0/include -I/usr/include/sysprof-4 
-I/usr/include/libmount -I/usr/include/blkid -I/usr/include/gio-unix-2.0 
-fdiagnostics-color=auto -Wall -Winvalid-pch -Werror -std=gnu11 -O2 -g 
-isystem /home/stefanb/dev/qemu/linux-headers -isystem linux-headers 
-iquote . -iquote /home/stefanb/dev/qemu -iquote 
/home/stefanb/dev/qemu/include -iquote 
/home/stefanb/dev/qemu/disas/libvixl -iquote 
/home/stefanb/dev/qemu/tcg/i386 -pthread -fsanitize=undefined 
-fsanitize=address -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE 
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
-Wredundant-decls -Wundef -Wwrite-strings -Wmissing-prototypes 
-fno-strict-aliasing -fno-common -fwrapv -Wold-style-declaration 
-Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k 
-Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs 
-Wendif-labels -Wexpansion-to-defined -Wimplicit-fallthrough=2 
-Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi 
-fstack-protector-strong -fPIE -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 
-DNCURSES_WIDECHAR=1 -DSTRUCT_IOVEC_DEFINED -MD -MQ 
libcommon.fa.p/disas_i386.c.o -MF libcommon.fa.p/disas_i386.c.o.d -o 
libcommon.fa.p/disas_i386.c.o -c ../disas/i386.c

In file included from /usr/include/string.h:519,
 from /home/stefanb/dev/qemu/include/qemu/osdep.h:87,
 from ../disas/i386.c:34:
In function ?strcpy?,
    inlined from ?PNI_Fixup? at ../disas/i386.c:6434:4,
    inlined from ?PNI_Fixup? at ../disas/i386.c:6400:1:
/usr/include/bits/string_fortified.h:79:10: error: ?__builtin_memcpy? 
offset [0, 7] is out of the bounds [0, 0] [-Werror=array-bounds]
   79 |   return __builtin___strcpy_chk (__dest, __src, __glibc_objsize 
(__dest));

  | ^~~~
In function ?strcpy?,
    inlined from ?PNI_Fixup? at ../disas/i386.c:6427:4,
    inlined from ?PNI_Fixup? at ../disas/i386.c:6400:1:
/usr/include/bits/string_fortif

Re: [PATCH] docs/can: convert to restructuredText

[Peter Maydell]

On Thu, 13 Jan 2022 at 15:26, Lucas Ramage
 wrote:
>
> Hi Peter,
>
> Thanks for that.
>
> The next on the list is docs/ccid.txt, should this go in the same "Device 
> Emulation / Emulated Devices" section? It mentions USB at the top.


Yes, please.

thanks
-- PMM