Re: [RFC v4 1/3] rcu: introduce rcu_read_locked()

[Chuang Xu]

On 2023/1/4 下午10:20, Alex Bennée wrote:
> Chuang Xu writes:
>
>> add rcu_read_locked() to detect holding of rcu lock.
>>
>> Signed-off-by: Chuang Xu
>> ---
>> include/qemu/rcu.h | 7 +++
>> 1 file changed, 7 insertions(+)
>>
>> diff --git a/include/qemu/rcu.h b/include/qemu/rcu.h
>> index b063c6fde8..42cbd0080f 100644
>> --- a/include/qemu/rcu.h
>> +++ b/include/qemu/rcu.h
>> @@ -119,6 +119,13 @@ static inline void rcu_read_unlock(void)
>> }
>> }
>>
>> +static inline bool rcu_read_locked(void)
> We use the locked suffix to indicate functions that should be called
> with a lock held. Perhaps renaming this to rcu_read_is_locked() would
> make the intent of the function clearer?

Yes, rcu_read_is_locked() do make the intent of the function clearer.
I'll rename the function in v5.

Thanks!

>> +{
>> + struct rcu_reader_data *p_rcu_reader = get_ptr_rcu_reader();
>> +
>> + return p_rcu_reader->depth > 0;
>> +}
>> +
>> extern void synchronize_rcu(void);
>>
>> /*
>

Re: [PATCH v3 1/6] migration: Allow immutable device state to be migrated early (i.e., before RAM)

[David Hildenbrand]

On 05.01.23 02:27, Michael S. Tsirkin wrote:

On Fri, Dec 23, 2022 at 10:34:36AM +0100, David Hildenbrand wrote:

On 22.12.22 12:02, David Hildenbrand wrote:

For virtio-mem, we want to have the plugged/unplugged state of memory
blocks available before migrating any actual RAM content. This
information is immutable on the migration source while migration is active,

For example, we want to use this information for proper preallocation
support with migration: currently, we don't preallocate memory on the
migration target, and especially with hugetlb, we can easily run out of
hugetlb pages during RAM migration and will crash (SIGBUS) instead of
catching this gracefully via preallocation.

Migrating device state before we start iterating is currently impossible.
Introduce and use qemu_savevm_state_start_precopy(), and use
a new special migration priority -- MIG_PRI_POST_SETUP -- to decide whether
state will be saved in qemu_savevm_state_start_precopy() or in
qemu_savevm_state_complete_precopy_*().

We have to take care of properly including the early device state in the
vmdesc. Relying on migrate_get_current() to temporarily store the vmdesc is
a bit sub-optimal, but we use that explicitly or implicitly all over the
place already, so this barely matters in practice.

Note that only very selected devices (i.e., ones seriously messing with
RAM setup) are supposed to make use of that.

Signed-off-by: David Hildenbrand 


[...]


   if (inactivate_disks) {
@@ -1427,6 +1474,10 @@ int 
qemu_savevm_state_complete_precopy_non_iterable(QEMUFile *f,
   qemu_put_buffer(f, (uint8_t *)json_writer_get(vmdesc), vmdesc_len);
   }
+/* Free it now to detect any inconsistencies. */
+g_free(vmdesc);


Missed to convert that to a json_writer_free().



I get it you will post v4?


Yes, once the discussions on this version are done.

--
Thanks,

David / dhildenb

Re: [PATCH] .gitlab-ci.d/windows: Work-around timeout and OpenGL problems of the MSYS2 jobs

[Thomas Huth]

On 04/01/2023 23.01, Peter Maydell wrote:

On Wed, 4 Jan 2023 at 12:36, Thomas Huth  wrote:


The windows jobs (especially the 32-bit job) recently started to
hit the timeout limit. Bump it a little bit to ease the situation
(80 minutes is quite long already - OTOH, these jobs do not have to
wait for a job from the container stage to finish, so this should
still be OK).

Additionally, some update on the container side recently enabled
OpenGL in these jobs - but the corresponding code fails to compile.
Thus disable OpenGL here for the time being until someone figured
out the proper fix in the shader code for this.

Signed-off-by: Thomas Huth 
---
  Now that the timeout and OpenGL problems are gone, the 64-bit is
  working fine for me again. However, I'm still seeing random issues
  with the 32-bit job ... not sure whether it's a problem on the
  QEMU side or whether the builders are currently instable, since
  the issues do not reproduce reliably...

  .gitlab-ci.d/windows.yml | 7 ---
  1 file changed, 4 insertions(+), 3 deletions(-)


Thanks; applied to master on the assumption it will improve the
CI situation. I found that the msys2-32bit job still timed out
at 1h20, though:

https://gitlab.com/qemu-project/qemu/-/jobs/3555245586


I just gave it a try again, too, and for me, it finished within 65 minutes:

 https://gitlab.com/thuth/qemu/-/jobs/3557600268

... let's keep looking for a while, maybe it's ok in most cases now, but if 
not, we have to consider something else.


 Thomas

Re: [PATCH v3 1/6] migration: Allow immutable device state to be migrated early (i.e., before RAM)

[David Hildenbrand]

On 04.01.23 18:23, Peter Xu wrote:

On Thu, Dec 22, 2022 at 12:02:10PM +0100, David Hildenbrand wrote:

Migrating device state before we start iterating is currently impossible.
Introduce and use qemu_savevm_state_start_precopy(), and use
a new special migration priority -- MIG_PRI_POST_SETUP -- to decide whether
state will be saved in qemu_savevm_state_start_precopy() or in
qemu_savevm_state_complete_precopy_*().


Can something like this be done in qemu_savevm_state_setup()?


Hi Peter,

Do you mean

(a) Moving qemu_savevm_state_start_precopy() effectively into
qemu_savevm_state_setup()

(b) Using se->ops->save_setup()

I first tried going via (b), but decided to go the current way of using 
a proper vmstate with properties (instead of e.g., filling the stream 
manually), which also made vmdesc handling possible (and significantly 
cleaner).


Regarding (a), I decided to not move logic of 
qemu_savevm_state_start_precopy() into qemu_savevm_state_setup(), 
because it looked cleaner to save device state with the BQL held and for 
background snapshots, the VM has been stopped. To decouple device state 
saving from the setup path, just like we do it right now for all vmstates.


Having that said, for virtio-mem, it would still work because that state 
is immutable once migration starts, but it felt cleaner to separate the 
setup() phase from actual device state saving.


Thanks!

--
Thanks,

David / dhildenb

Re: [PATCH 1/5] confidential guest support: Introduce a 'check' class handler

[Thomas Huth]

On 04/01/2023 12.51, Cédric Le Goater wrote:

From: Cédric Le Goater 

Some machines have specific requirements to activate confidential
guest support. Add a class handler to the confidential guest support
interface to let the arch implementation perform extra checks.

Cc: Eduardo Habkost 
Cc: Marcel Apfelbaum 
Cc: "Philippe Mathieu-Daudé" 
Cc: Yanan Wang 
Signed-off-by: Cédric Le Goater 
---
  include/exec/confidential-guest-support.h |  4 +++-
  hw/core/machine.c | 11 ++-
  2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/include/exec/confidential-guest-support.h 
b/include/exec/confidential-guest-support.h
index ba2dd4b5df..9e6d362b26 100644
--- a/include/exec/confidential-guest-support.h
+++ b/include/exec/confidential-guest-support.h
@@ -23,7 +23,8 @@
  #include "qom/object.h"
  
  #define TYPE_CONFIDENTIAL_GUEST_SUPPORT "confidential-guest-support"

-OBJECT_DECLARE_SIMPLE_TYPE(ConfidentialGuestSupport, 
CONFIDENTIAL_GUEST_SUPPORT)
+OBJECT_DECLARE_TYPE(ConfidentialGuestSupport, ConfidentialGuestSupportClass,
+CONFIDENTIAL_GUEST_SUPPORT)
  
  struct ConfidentialGuestSupport {

  Object parent;
@@ -55,6 +56,7 @@ struct ConfidentialGuestSupport {
  
  typedef struct ConfidentialGuestSupportClass {

  ObjectClass parent;
+bool (*check)(const Object *obj, Error **errp);
  } ConfidentialGuestSupportClass;
  
  #endif /* !CONFIG_USER_ONLY */

diff --git a/hw/core/machine.c b/hw/core/machine.c
index f589b92909..bab43cd675 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -502,11 +502,12 @@ static void 
machine_check_confidential_guest_support(const Object *obj,
   Object *new_target,
   Error **errp)
  {
-/*
- * So far the only constraint is that the target has the
- * TYPE_CONFIDENTIAL_GUEST_SUPPORT interface, and that's checked
- * by the QOM core
- */
+ConfidentialGuestSupportClass *cgsc =
+CONFIDENTIAL_GUEST_SUPPORT_GET_CLASS(new_target);
+
+if (cgsc->check) {
+cgsc->check(obj, errp);


I assume the caller is checking *errp, so it's ok to ignore the return value 
of the check function here?



+}
  }
  
  static bool machine_get_nvdimm(Object *obj, Error **errp)


Reviewed-by: Thomas Huth 

Re: [PATCH] acpi: cpuhp: fix guest-visible maximum access size to the legacy reg block

[Philippe Mathieu-Daudé]

On 5/1/23 08:13, Laszlo Ersek wrote:

On 1/4/23 13:35, Michael S. Tsirkin wrote:

On Wed, Jan 04, 2023 at 10:01:38AM +0100, Laszlo Ersek wrote:

[...]


To make things *even more* complicated, the breakage was (and remains, as
of today) visible with TCG acceleration only.  Commit 5d971f9e6725 makes
no difference with KVM acceleration -- the DWORD accesses still work,
despite "valid.max_access_size = 1".


BTW do you happen to know why that's the case for KVM? Because if kvm
ignores valid.max_access_size generally then commit 5d971f9e6725 is
incomplete, and we probably have some related kvm-only bugs.


It remains a mystery for me why KVM accel does not enforce
"valid.max_access_size".

In the thread I started earlier (which led to this patch), at

   "IO port write width clamping differs between TCG and KVM"
   https://lists.gnu.org/archive/html/qemu-devel/2023-01/msg00199.html


[...]


So, I think the bug is somehow "distributed" between
flatview_write_continue(), flatview_access_allowed(), and
memory_access_size(). flatview_access_allowed() does not care about "l"
at all, when it should (maybe?) compare it against
"mr->ops->valid.max_access_size". In turn, memory_access_size()
*silently* reduces the access width, based on
"->ops->valid.max_access_size".

And all this this *precedes* the call to memory_region_access_valid(),
which is only called from within memory_region_dispatch_write(), which
already gets the reduced width only.

Now, flatview_access_allowed() is from commit 3ab6fdc91b72
("softmmu/physmem: Introduce MemTxAttrs::memory field and
MEMTX_ACCESS_ERROR", 2022-03-21), and the fact it does not check "len"
seems intentional -- it only takes "len" for logging.

Hmm. After digging a lot more, I find the issue may have been introduced
over three commits:

- 82f2563fc815 ("exec: introduce memory_access_size", 2013-05-29), which
   (IIUC) was the first step towards automatically reducing the address
   width, but at first only based on alignment,

- 23326164ae6f ("exec: Support 64-bit operations in address_space_rw",
   2013-07-14), which extended the splitting based on
   "MemoryRegionOps.impl",

- e1622f4b1539 ("exec: fix incorrect assumptions in memory_access_size",
   2013-07-18), which flipped the splitting basis to
   "MemoryRegionOps.valid".

To me, 23326164ae6f seems *vaguely* correct ("vague" is not criticism
for the commit, it's criticism for my understanding :)); after all we're
on our way towards the device model, and the device model exposes via
"MemoryRegionOps.impl" what it can handle. Plus, commit 5d971f9e6725
does direct us towards "MemoryRegionOps.impl"!

But clearly there must have been something wrong with 23326164ae6f,
according to e1622f4b1539...


Maybe the long-standing unaligned access problem? Could be fixed by:
https://lore.kernel.org/qemu-devel/20210619172626.875885-15-richard.hender...@linaro.org/


The latter is what introduced the current "silent splitting of access
based on 'valid'". The message of commit e1622f4b1539 says, almost like
an afterthought:


 access_size_max can be mr->ops->valid.max_access_size because memory.c
 can and will still break accesses bigger than
 mr->ops->impl.max_access_size.


I think this argument may have been wrong: if "impl.max_access_size" is
large (such as: unset), but "valid.max_access_size" is small, that just
means:

   the implementation is flexible and can deal with any access widths (so
   "memory.c" *need not* break up accesses for the device model's sake),
   but the device should restrict the *guest* to small accesses. So if
   the guest tries something larger, we shouldn't silently accommodate
   that.


Indeed. '.impl' is a software thing for the device modeller, ideally one
will chose a value that allows the simplest implementation. I.e. if a
device only allows 8-bit access, use 8-bit registers aligned on a 64-bit
boundary, the model might use:

  .impl.min_access_size = 8,
  .impl.max_access_size = 1,

Also we need to keep in mind that even if most MemoryRegionOps structs
are 'static const', such structure can be dynamically created. I.e.:
https://lore.kernel.org/qemu-devel/20200817161853.593247-5-f4...@amsat.org/


I have zero idea how to fix this, but I feel that the quoted argument
from commit e1622f4b1539 is the reason why KVM accel is so lenient that
it sort of "de-fangs" commit 5d971f9e6725.

Laszlo

Re: [PULL 47/47] tests/tcg/multiarch: add vma-pthread.c

[Alex Bennée]

Richard Henderson  writes:

> On 1/4/23 16:37, Richard Henderson wrote:
>> On 1/4/23 16:26, Richard Henderson wrote:
>>>  From the failures I see on the gitlab merge job, I think I need to
>>> resubmit with this new test adjusted to loop less,
>>>
 +    for (i = 0; i < 5; i++) {
>>>
>>> here.
>>>
>>> The failing jobs are --enable-debug, and take about 115 seconds to
>>> run manually on our aarch64 test host, exceeding the 90 second
>>> timeout.
>>>
>>> I'll cut this down to 1 loops and double-check times before 
>>> resubmitting.
>> Hmm.  Even this only reduced the runtime to 98 seconds.
>
> Bah.  The testcase didn't rebuild as expected.  Building from clean,
> the 10k loop completes in 20 seconds with optimization disabled.
>
> I do wonder what the build time / test time trade-off is here, and
> whether we should be doing much -O0 testing in CI...

I think the main argument for --enable-debug is less about the -O0 and
more about the extra asserts. Can we have -O3 with --enable-debug-tcg?

>
>
> r~


-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro

[PULL 03/51] vdpa: handle VIRTIO_NET_CTRL_ANNOUNCE in vhost_vdpa_net_handle_ctrl_avail

[Michael S. Tsirkin]

From: Eugenio Pérez 

Since this capability is emulated by qemu shadowed CVQ cannot forward it
to the device. Process all that command within qemu.

Signed-off-by: Eugenio Pérez 
Message-Id: <20221221115015.1400889-4-epere...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Acked-by: Jason Wang 
---
 net/vhost-vdpa.c | 15 ---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index d36664f33a..41de76376f 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -616,9 +616,18 @@ static int 
vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
 out.iov_len = iov_to_buf(elem->out_sg, elem->out_num, 0,
  s->cvq_cmd_out_buffer,
  vhost_vdpa_net_cvq_cmd_len());
-dev_written = vhost_vdpa_net_cvq_add(s, out.iov_len, sizeof(status));
-if (unlikely(dev_written < 0)) {
-goto out;
+if (*(uint8_t *)s->cvq_cmd_out_buffer == VIRTIO_NET_CTRL_ANNOUNCE) {
+/*
+ * Guest announce capability is emulated by qemu, so don't forward to
+ * the device.
+ */
+dev_written = sizeof(status);
+*s->status = VIRTIO_NET_OK;
+} else {
+dev_written = vhost_vdpa_net_cvq_add(s, out.iov_len, sizeof(status));
+if (unlikely(dev_written < 0)) {
+goto out;
+}
 }
 
 if (unlikely(dev_written < sizeof(status))) {
-- 
MST

[PULL 06/51] hw/acpi/Kconfig: Add missing dependencies to ACPI_ICH9

[Michael S. Tsirkin]

From: Bernhard Beschow 

ich9_lpc_realize() uses apm_init() and ich9_smbus_realize() uses
pm_smbus_init(), so both APM and ACPI_SMBUS are provided by the device
models managed by ACPI_ICH9.

Signed-off-by: Bernhard Beschow 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20221216130355.41667-3-shen...@gmail.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/acpi/Kconfig | 2 ++
 hw/isa/Kconfig  | 1 -
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/acpi/Kconfig b/hw/acpi/Kconfig
index 14694c75b4..704cbc6236 100644
--- a/hw/acpi/Kconfig
+++ b/hw/acpi/Kconfig
@@ -15,7 +15,9 @@ config ACPI_X86
 
 config ACPI_ICH9
 bool
+select ACPI_SMBUS
 select ACPI_X86
+select APM
 
 config ACPI_CPU_HOTPLUG
 bool
diff --git a/hw/isa/Kconfig b/hw/isa/Kconfig
index 01f330d941..0a6a04947c 100644
--- a/hw/isa/Kconfig
+++ b/hw/isa/Kconfig
@@ -77,5 +77,4 @@ config LPC_ICH9
 # for ICH9.
 select I8257
 select ISA_BUS
-select ACPI_SMBUS
 select ACPI_ICH9
-- 
MST

[PULL 12/51] vhost-user: Refactor vhost acked features saving

[Michael S. Tsirkin]

From: Hyman Huang(黄勇) 

Abstract vhost acked features saving into
vhost_user_save_acked_features, export it as util function.

Signed-off-by: Hyman Huang(黄勇) 
Signed-off-by: Guoyi Tu 
Message-Id: 
<50dc9b09b0635e3052551efcc1046c2a85332fcb.1671627406.git.huang...@chinatelecom.cn>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/net/vhost-user.h |  1 +
 net/vhost-user.c | 21 +++--
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/include/net/vhost-user.h b/include/net/vhost-user.h
index 5bcd8a6285..35bf619709 100644
--- a/include/net/vhost-user.h
+++ b/include/net/vhost-user.h
@@ -14,5 +14,6 @@
 struct vhost_net;
 struct vhost_net *vhost_user_get_vhost_net(NetClientState *nc);
 uint64_t vhost_user_get_acked_features(NetClientState *nc);
+void vhost_user_save_acked_features(NetClientState *nc);
 
 #endif /* VHOST_USER_H */
diff --git a/net/vhost-user.c b/net/vhost-user.c
index 3a6b90da86..f5cb095d5c 100644
--- a/net/vhost-user.c
+++ b/net/vhost-user.c
@@ -45,10 +45,23 @@ uint64_t vhost_user_get_acked_features(NetClientState *nc)
 return s->acked_features;
 }
 
-static void vhost_user_stop(int queues, NetClientState *ncs[])
+void vhost_user_save_acked_features(NetClientState *nc)
 {
 NetVhostUserState *s;
+
+s = DO_UPCAST(NetVhostUserState, nc, nc);
+if (s->vhost_net) {
+uint64_t features = vhost_net_get_acked_features(s->vhost_net);
+if (features) {
+s->acked_features = features;
+}
+}
+}
+
+static void vhost_user_stop(int queues, NetClientState *ncs[])
+{
 int i;
+NetVhostUserState *s;
 
 for (i = 0; i < queues; i++) {
 assert(ncs[i]->info->type == NET_CLIENT_DRIVER_VHOST_USER);
@@ -56,11 +69,7 @@ static void vhost_user_stop(int queues, NetClientState 
*ncs[])
 s = DO_UPCAST(NetVhostUserState, nc, ncs[i]);
 
 if (s->vhost_net) {
-/* save acked features */
-uint64_t features = vhost_net_get_acked_features(s->vhost_net);
-if (features) {
-s->acked_features = features;
-}
+vhost_user_save_acked_features(ncs[i]);
 vhost_net_cleanup(s->vhost_net);
 }
 }
-- 
MST

[PULL 08/51] hw/acpi/Kconfig: Add missing dependencies to ACPI_PIIX4

[Michael S. Tsirkin]

From: Bernhard Beschow 

piix4_pm_realize() uses apm_init() and pm_smbus_init(), so both APM and
ACPI_SMBUS are provided by the device model managed by ACPI_PIIX4.

The ACPIREGS are also provided by ACPI_PIIX4, so needs to select ACPI.

Signed-off-by: Bernhard Beschow 
Message-Id: <20221216130355.41667-5-shen...@gmail.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/acpi/Kconfig | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/acpi/Kconfig b/hw/acpi/Kconfig
index b7006e18c8..1f7803fdab 100644
--- a/hw/acpi/Kconfig
+++ b/hw/acpi/Kconfig
@@ -31,7 +31,9 @@ config ACPI_NVDIMM
 
 config ACPI_PIIX4
 bool
-depends on ACPI
+select ACPI
+select ACPI_SMBUS
+select APM
 
 config ACPI_PCIHP
 bool
-- 
MST

[PULL 04/51] vdpa: do not handle VIRTIO_NET_F_GUEST_ANNOUNCE in vhost-vdpa

[Michael S. Tsirkin]

From: Eugenio Pérez 

So qemu emulates it even in case the device does not support it.

Signed-off-by: Eugenio Pérez 
Acked-by: Jason Wang 
Message-Id: <20221221115015.1400889-5-epere...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 net/vhost-vdpa.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index 41de76376f..b0c6109230 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -74,7 +74,6 @@ const int vdpa_feature_bits[] = {
 VIRTIO_F_RING_RESET,
 VIRTIO_NET_F_RSS,
 VIRTIO_NET_F_HASH_REPORT,
-VIRTIO_NET_F_GUEST_ANNOUNCE,
 VIRTIO_NET_F_STATUS,
 VHOST_INVALID_FEATURE_BIT
 };
-- 
MST

[PULL 16/51] virtio-pci: decouple notifier from interrupt process

[Michael S. Tsirkin]

From: Cindy Lu 

To reuse the notifier process. We add the virtio_pci_get_notifier
to get the notifier and vector. The INPUT for this function is IDX,
The OUTPUT is the notifier and the vector

Signed-off-by: Cindy Lu 
Message-Id: <20221222070451.936503-3-l...@redhat.com>
Acked-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio-pci.c | 88 +++---
 1 file changed, 57 insertions(+), 31 deletions(-)

diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 70639300aa..68d04928db 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -813,29 +813,41 @@ static void 
kvm_virtio_pci_vq_vector_release(VirtIOPCIProxy *proxy,
 }
 
 static int kvm_virtio_pci_irqfd_use(VirtIOPCIProxy *proxy,
- unsigned int queue_no,
+ EventNotifier *n,
  unsigned int vector)
 {
 VirtIOIRQFD *irqfd = &proxy->vector_irqfd[vector];
-VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-VirtQueue *vq = virtio_get_queue(vdev, queue_no);
-EventNotifier *n = virtio_queue_get_guest_notifier(vq);
 return kvm_irqchip_add_irqfd_notifier_gsi(kvm_state, n, NULL, irqfd->virq);
 }
 
 static void kvm_virtio_pci_irqfd_release(VirtIOPCIProxy *proxy,
-  unsigned int queue_no,
+  EventNotifier *n ,
   unsigned int vector)
 {
-VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-VirtQueue *vq = virtio_get_queue(vdev, queue_no);
-EventNotifier *n = virtio_queue_get_guest_notifier(vq);
 VirtIOIRQFD *irqfd = &proxy->vector_irqfd[vector];
 int ret;
 
 ret = kvm_irqchip_remove_irqfd_notifier_gsi(kvm_state, n, irqfd->virq);
 assert(ret == 0);
 }
+static int virtio_pci_get_notifier(VirtIOPCIProxy *proxy, int queue_no,
+  EventNotifier **n, unsigned int *vector)
+{
+VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+VirtQueue *vq;
+
+if (queue_no == VIRTIO_CONFIG_IRQ_IDX) {
+return -1;
+} else {
+if (!virtio_queue_get_num(vdev, queue_no)) {
+return -1;
+}
+*vector = virtio_queue_vector(vdev, queue_no);
+vq = virtio_get_queue(vdev, queue_no);
+*n = virtio_queue_get_guest_notifier(vq);
+}
+return 0;
+}
 
 static int kvm_virtio_pci_vector_use(VirtIOPCIProxy *proxy, int nvqs)
 {
@@ -844,12 +856,15 @@ static int kvm_virtio_pci_vector_use(VirtIOPCIProxy 
*proxy, int nvqs)
 VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
 unsigned int vector;
 int ret, queue_no;
-
+EventNotifier *n;
 for (queue_no = 0; queue_no < nvqs; queue_no++) {
 if (!virtio_queue_get_num(vdev, queue_no)) {
 break;
 }
-vector = virtio_queue_vector(vdev, queue_no);
+ret = virtio_pci_get_notifier(proxy, queue_no, &n, &vector);
+if (ret < 0) {
+break;
+}
 if (vector >= msix_nr_vectors_allocated(dev)) {
 continue;
 }
@@ -861,7 +876,7 @@ static int kvm_virtio_pci_vector_use(VirtIOPCIProxy *proxy, 
int nvqs)
  * Otherwise, delay until unmasked in the frontend.
  */
 if (vdev->use_guest_notifier_mask && k->guest_notifier_mask) {
-ret = kvm_virtio_pci_irqfd_use(proxy, queue_no, vector);
+ret = kvm_virtio_pci_irqfd_use(proxy, n, vector);
 if (ret < 0) {
 kvm_virtio_pci_vq_vector_release(proxy, vector);
 goto undo;
@@ -877,7 +892,11 @@ undo:
 continue;
 }
 if (vdev->use_guest_notifier_mask && k->guest_notifier_mask) {
-kvm_virtio_pci_irqfd_release(proxy, queue_no, vector);
+ret = virtio_pci_get_notifier(proxy, queue_no, &n, &vector);
+if (ret < 0) {
+break;
+}
+kvm_virtio_pci_irqfd_release(proxy, n, vector);
 }
 kvm_virtio_pci_vq_vector_release(proxy, vector);
 }
@@ -891,12 +910,16 @@ static void kvm_virtio_pci_vector_release(VirtIOPCIProxy 
*proxy, int nvqs)
 unsigned int vector;
 int queue_no;
 VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
-
+EventNotifier *n;
+int ret ;
 for (queue_no = 0; queue_no < nvqs; queue_no++) {
 if (!virtio_queue_get_num(vdev, queue_no)) {
 break;
 }
-vector = virtio_queue_vector(vdev, queue_no);
+ret = virtio_pci_get_notifier(proxy, queue_no, &n, &vector);
+if (ret < 0) {
+break;
+}
 if (vector >= msix_nr_vectors_allocated(dev)) {
 continue;
 }
@@ -904,21 +927,20 @@ static void kvm_virtio_pci_vector_release(VirtIOPCIProxy 
*proxy, int nvqs)
  * Otherwise, it was cleaned when masked in the frontend.
  */

[PULL 30/51] include/hw/pci: Clean up a few things checkpatch.pl would flag

[Michael S. Tsirkin]

From: Markus Armbruster 

Fix a few style violations so that checkpatch.pl won't complain when I
move this code.

Signed-off-by: Markus Armbruster 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20221222100330.380143-5-arm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/pci/pci.h | 17 ++---
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
index 954f260f84..5ca2a9df58 100644
--- a/include/hw/pci/pci.h
+++ b/include/hw/pci/pci.h
@@ -284,8 +284,10 @@ struct PCIDevice {
 /* PCI config space */
 uint8_t *config;
 
-/* Used to enable config checks on load. Note that writable bits are
- * never checked even if set in cmask. */
+/*
+ * Used to enable config checks on load. Note that writable bits are
+ * never checked even if set in cmask.
+ */
 uint8_t *cmask;
 
 /* Used to implement R/W bytes */
@@ -299,10 +301,11 @@ struct PCIDevice {
 
 /* the following fields are read only */
 int32_t devfn;
-/* Cached device to fetch requester ID from, to avoid the PCI
- * tree walking every time we invoke PCI request (e.g.,
- * MSI). For conventional PCI root complex, this field is
- * meaningless. */
+/*
+ * Cached device to fetch requester ID from, to avoid the PCI tree
+ * walking every time we invoke PCI request (e.g., MSI). For
+ * conventional PCI root complex, this field is meaningless.
+ */
 PCIReqIDCache requester_id_cache;
 char name[64];
 PCIIORegion io_regions[PCI_NUM_REGIONS];
@@ -943,7 +946,7 @@ extern const VMStateDescription vmstate_pci_device;
 .name   = (stringify(_field)),   \
 .size   = sizeof(PCIDevice), \
 .vmsd   = &vmstate_pci_device,   \
-.flags  = VMS_STRUCT|VMS_POINTER,\
+.flags  = VMS_STRUCT | VMS_POINTER,  \
 .offset = vmstate_offset_pointer(_state, _field, PCIDevice), \
 }
 
-- 
MST

[PULL 29/51] include/hw/cxl: Include hw/cxl/*.h where needed

[Michael S. Tsirkin]

From: Markus Armbruster 

hw/cxl/cxl_component.h needs CDATObject from hw/cxl/cxl_cdat.h.

hw/cxl/cxl_device.h needs CXLComponentState from
hw/cxl/cxl_component.h.

Signed-off-by: Markus Armbruster 
Acked-by: Jonathan Cameron 
Message-Id: <20221222100330.380143-4-arm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/cxl/cxl_component.h | 1 +
 include/hw/cxl/cxl_device.h| 1 +
 2 files changed, 2 insertions(+)

diff --git a/include/hw/cxl/cxl_component.h b/include/hw/cxl/cxl_component.h
index 34075cfb72..5dca21e95b 100644
--- a/include/hw/cxl/cxl_component.h
+++ b/include/hw/cxl/cxl_component.h
@@ -18,6 +18,7 @@
 #include "qemu/compiler.h"
 #include "qemu/range.h"
 #include "qemu/typedefs.h"
+#include "hw/cxl/cxl_cdat.h"
 #include "hw/register.h"
 #include "qapi/error.h"
 
diff --git a/include/hw/cxl/cxl_device.h b/include/hw/cxl/cxl_device.h
index fd475b947b..3f91969db0 100644
--- a/include/hw/cxl/cxl_device.h
+++ b/include/hw/cxl/cxl_device.h
@@ -10,6 +10,7 @@
 #ifndef CXL_DEVICE_H
 #define CXL_DEVICE_H
 
+#include "hw/cxl/cxl_component.h"
 #include "hw/pci/pci.h"
 #include "hw/register.h"
 
-- 
MST

[PULL 10/51] i386, mips: Resolve redundant ACPI and APM dependencies

[Michael S. Tsirkin]

From: Bernhard Beschow 

Now that all ACPI controllers select the ACPI and APM dependencies
themselves, these explicit dependencies became redundant. Remove them.

Signed-off-by: Bernhard Beschow 
Message-Id: <20221216130355.41667-7-shen...@gmail.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Philippe Mathieu-Daudé 
---
 configs/devices/mips-softmmu/common.mak | 3 ---
 hw/i386/Kconfig | 2 --
 2 files changed, 5 deletions(-)

diff --git a/configs/devices/mips-softmmu/common.mak 
b/configs/devices/mips-softmmu/common.mak
index 416161f833..88aff94625 100644
--- a/configs/devices/mips-softmmu/common.mak
+++ b/configs/devices/mips-softmmu/common.mak
@@ -17,9 +17,7 @@ CONFIG_I8254=y
 CONFIG_PCSPK=y
 CONFIG_PCKBD=y
 CONFIG_FDC=y
-CONFIG_ACPI=y
 CONFIG_ACPI_PIIX4=y
-CONFIG_APM=y
 CONFIG_I8257=y
 CONFIG_PIIX4=y
 CONFIG_IDE_ISA=y
@@ -32,6 +30,5 @@ CONFIG_MIPS_ITU=y
 CONFIG_MALTA=y
 CONFIG_PCNET_PCI=y
 CONFIG_MIPSSIM=y
-CONFIG_ACPI_SMBUS=y
 CONFIG_SMBUS_EEPROM=y
 CONFIG_TEST_DEVICES=y
diff --git a/hw/i386/Kconfig b/hw/i386/Kconfig
index 3a92566701..c4fb5b49bd 100644
--- a/hw/i386/Kconfig
+++ b/hw/i386/Kconfig
@@ -51,7 +51,6 @@ config PC_PCI
 bool
 select APIC
 select IOAPIC
-select APM
 select PC
 
 config PC_ACPI
@@ -72,7 +71,6 @@ config I440FX
 select ACPI_PIIX4
 select PC_PCI
 select PC_ACPI
-select ACPI_SMBUS
 select PCI_I440FX
 select PIIX3
 select IDE_PIIX
-- 
MST

[PULL 07/51] hw/acpi/Kconfig: Do not needlessly build TYPE_PIIX4_PM in non-PC/Malta machines

[Michael S. Tsirkin]

From: Bernhard Beschow 

TYPE_PIIX4_PM is only used in machines where PIIX chipsets are used
which is currently PC and Malta. There is no point building it for the
other ACPI_X86 machines.

Note that this also removes unneeded ACPI_PIIX4 from PEGASOS2.

Signed-off-by: Bernhard Beschow 
Message-Id: <20221216130355.41667-4-shen...@gmail.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: BALATON Zoltan 
---
 hw/acpi/Kconfig | 1 -
 hw/i386/Kconfig | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/acpi/Kconfig b/hw/acpi/Kconfig
index 704cbc6236..b7006e18c8 100644
--- a/hw/acpi/Kconfig
+++ b/hw/acpi/Kconfig
@@ -9,7 +9,6 @@ config ACPI_X86
 select ACPI_CPU_HOTPLUG
 select ACPI_MEMORY_HOTPLUG
 select ACPI_HMAT
-select ACPI_PIIX4
 select ACPI_PCIHP
 select ACPI_ERST
 
diff --git a/hw/i386/Kconfig b/hw/i386/Kconfig
index d22ac4a4b9..3a92566701 100644
--- a/hw/i386/Kconfig
+++ b/hw/i386/Kconfig
@@ -69,6 +69,7 @@ config I440FX
 imply E1000_PCI
 imply VMPORT
 imply VMMOUSE
+select ACPI_PIIX4
 select PC_PCI
 select PC_ACPI
 select ACPI_SMBUS
-- 
MST

[PULL 25/51] hw/virtio: Rename virtio_device_find() -> qmp_find_virtio_device()

[Michael S. Tsirkin]

From: Philippe Mathieu-Daudé 

To emphasize this function is QMP related, rename it.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20221222080005.27616-2-phi...@linaro.org>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 6ff797e1cf..e08443e3bf 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -3855,7 +3855,7 @@ VirtioInfoList *qmp_x_query_virtio(Error **errp)
 return list;
 }
 
-static VirtIODevice *virtio_device_find(const char *path)
+static VirtIODevice *qmp_find_virtio_device(const char *path)
 {
 VirtIODevice *vdev;
 
@@ -3896,7 +3896,7 @@ VirtioStatus *qmp_x_query_virtio_status(const char *path, 
Error **errp)
 VirtIODevice *vdev;
 VirtioStatus *status;
 
-vdev = virtio_device_find(path);
+vdev = qmp_find_virtio_device(path);
 if (vdev == NULL) {
 error_setg(errp, "Path %s is not a VirtIODevice", path);
 return NULL;
@@ -3972,7 +3972,7 @@ VirtVhostQueueStatus 
*qmp_x_query_virtio_vhost_queue_status(const char *path,
 VirtIODevice *vdev;
 VirtVhostQueueStatus *status;
 
-vdev = virtio_device_find(path);
+vdev = qmp_find_virtio_device(path);
 if (vdev == NULL) {
 error_setg(errp, "Path %s is not a VirtIODevice", path);
 return NULL;
@@ -4016,7 +4016,7 @@ VirtQueueStatus *qmp_x_query_virtio_queue_status(const 
char *path,
 VirtIODevice *vdev;
 VirtQueueStatus *status;
 
-vdev = virtio_device_find(path);
+vdev = qmp_find_virtio_device(path);
 if (vdev == NULL) {
 error_setg(errp, "Path %s is not a VirtIODevice", path);
 return NULL;
@@ -4109,7 +4109,7 @@ VirtioQueueElement 
*qmp_x_query_virtio_queue_element(const char *path,
 VirtQueue *vq;
 VirtioQueueElement *element = NULL;
 
-vdev = virtio_device_find(path);
+vdev = qmp_find_virtio_device(path);
 if (vdev == NULL) {
 error_setg(errp, "Path %s is not a VirtIO device", path);
 return NULL;
-- 
MST

[PULL 42/51] vdpa: commit all host notifier MRs in a single MR transaction

[Michael S. Tsirkin]

From: Longpeng 

This allows the vhost-vdpa device to batch the setup of all its MRs of
host notifiers.

This significantly reduces the device starting time, e.g. the time spend
on setup the host notifier MRs reduce from 423ms to 32ms for a VM with
64 vCPUs and 3 vhost-vDPA generic devices (vdpa_sim_blk, 64vq per device).

Signed-off-by: Longpeng 
Message-Id: <20221227072015.3134-4-longpe...@huawei.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/virtio/vhost-vdpa.c | 25 +++--
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index c295a8c917..542e003101 100644
--- a/hw/virtio/vhost-vdpa.c
+++ b/hw/virtio/vhost-vdpa.c
@@ -519,9 +519,18 @@ static void vhost_vdpa_host_notifiers_uninit(struct 
vhost_dev *dev, int n)
 {
 int i;
 
+/*
+ * Pack all the changes to the memory regions in a single
+ * transaction to avoid a few updating of the address space
+ * topology.
+ */
+memory_region_transaction_begin();
+
 for (i = dev->vq_index; i < dev->vq_index + n; i++) {
 vhost_vdpa_host_notifier_uninit(dev, i);
 }
+
+memory_region_transaction_commit();
 }
 
 static void vhost_vdpa_host_notifiers_init(struct vhost_dev *dev)
@@ -534,17 +543,21 @@ static void vhost_vdpa_host_notifiers_init(struct 
vhost_dev *dev)
 return;
 }
 
+/*
+ * Pack all the changes to the memory regions in a single
+ * transaction to avoid a few updating of the address space
+ * topology.
+ */
+memory_region_transaction_begin();
+
 for (i = dev->vq_index; i < dev->vq_index + dev->nvqs; i++) {
 if (vhost_vdpa_host_notifier_init(dev, i)) {
-goto err;
+vhost_vdpa_host_notifiers_uninit(dev, i - dev->vq_index);
+break;
 }
 }
 
-return;
-
-err:
-vhost_vdpa_host_notifiers_uninit(dev, i - dev->vq_index);
-return;
+memory_region_transaction_commit();
 }
 
 static void vhost_vdpa_svq_cleanup(struct vhost_dev *dev)
-- 
MST

[PULL 40/51] vhost: simplify vhost_dev_enable_notifiers

[Michael S. Tsirkin]

From: Longpeng 

Simplify the error path in vhost_dev_enable_notifiers by using
vhost_dev_disable_notifiers directly.

Signed-off-by: Longpeng 
Message-Id: <20221227072015.3134-2-longpe...@huawei.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/vhost.c | 20 
 1 file changed, 4 insertions(+), 16 deletions(-)

diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index 2c566dc539..87c49fa679 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -1551,7 +1551,7 @@ void vhost_dev_cleanup(struct vhost_dev *hdev)
 int vhost_dev_enable_notifiers(struct vhost_dev *hdev, VirtIODevice *vdev)
 {
 BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(vdev)));
-int i, r, e;
+int i, r;
 
 /* We will pass the notifiers to the kernel, make sure that QEMU
  * doesn't interfere.
@@ -1559,7 +1559,7 @@ int vhost_dev_enable_notifiers(struct vhost_dev *hdev, 
VirtIODevice *vdev)
 r = virtio_device_grab_ioeventfd(vdev);
 if (r < 0) {
 error_report("binding does not support host notifiers");
-goto fail;
+return r;
 }
 
 for (i = 0; i < hdev->nvqs; ++i) {
@@ -1567,24 +1567,12 @@ int vhost_dev_enable_notifiers(struct vhost_dev *hdev, 
VirtIODevice *vdev)
  true);
 if (r < 0) {
 error_report("vhost VQ %d notifier binding failed: %d", i, -r);
-goto fail_vq;
+vhost_dev_disable_notifiers(hdev, vdev);
+return r;
 }
 }
 
 return 0;
-fail_vq:
-while (--i >= 0) {
-e = virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), hdev->vq_index + i,
- false);
-if (e < 0) {
-error_report("vhost VQ %d notifier cleanup error: %d", i, -r);
-}
-assert (e >= 0);
-virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), hdev->vq_index + i);
-}
-virtio_device_release_ioeventfd(vdev);
-fail:
-return r;
 }
 
 /* Stop processing guest IO notifications in vhost.
-- 
MST

[PULL 31/51] include/hw/pci: Split pci_device.h off pci.h

[Michael S. Tsirkin]

From: Markus Armbruster 

PCIDeviceClass and PCIDevice are defined in pci.h.  Many users of the
header don't actually need them.  Similar structs live in their own
headers: PCIBusClass and PCIBus in pci_bus.h, PCIBridge in
pci_bridge.h, PCIHostBridgeClass and PCIHostState in pci_host.h,
PCIExpressHost in pcie_host.h, and PCIERootPortClass, PCIEPort, and
PCIESlot in pcie_port.h.

Move PCIDeviceClass and PCIDeviceClass to new pci_device.h, along with
the code that needs them.  Adjust include directives.

This also enables the next commit.

Signed-off-by: Markus Armbruster 
Message-Id: <20221222100330.380143-6-arm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/display/ati_int.h |   2 +-
 hw/display/qxl.h |   3 +-
 hw/ide/ahci_internal.h   |   2 +-
 hw/net/vmxnet3_defs.h|   2 +-
 hw/nvme/nvme.h   |   2 +-
 hw/rdma/vmw/pvrdma.h |   1 +
 hw/scsi/mptsas.h |   2 +-
 hw/usb/hcd-ehci.h|   2 +-
 hw/usb/hcd-uhci.h|   2 +-
 hw/usb/hcd-xhci-pci.h|   1 +
 hw/vfio/pci.h|   2 +-
 include/hw/acpi/piix4.h  |   2 +-
 include/hw/arm/allwinner-a10.h   |   1 +
 include/hw/cxl/cxl_device.h  |   2 +-
 include/hw/ide/pci.h |   2 +-
 include/hw/misc/macio/macio.h|   2 +-
 include/hw/pci-host/gpex.h   |   2 +-
 include/hw/pci-host/i440fx.h |   2 +-
 include/hw/pci-host/q35.h|   2 +-
 include/hw/pci-host/sabre.h  |   2 +-
 include/hw/pci/msi.h |   2 +-
 include/hw/pci/pci.h | 344 --
 include/hw/pci/pci_bridge.h  |   2 +-
 include/hw/pci/pci_device.h  | 350 +++
 include/hw/pci/pcie_port.h   |   1 +
 include/hw/pci/shpc.h|   2 +-
 include/hw/remote/iohub.h|   2 +-
 include/hw/remote/proxy.h|   2 +-
 include/hw/sd/sdhci.h|   2 +-
 include/hw/southbridge/piix.h|   3 +-
 include/hw/xen/xen_common.h  |   2 +-
 hw/acpi/erst.c   |   2 +-
 hw/audio/ac97.c  |   2 +-
 hw/audio/es1370.c|   2 +-
 hw/audio/via-ac97.c  |   2 +-
 hw/char/serial-pci-multi.c   |   2 +-
 hw/char/serial-pci.c |   2 +-
 hw/core/qdev-properties-system.c |   1 +
 hw/display/bochs-display.c   |   2 +-
 hw/display/cirrus_vga.c  |   2 +-
 hw/display/sm501.c   |   2 +-
 hw/display/vga-pci.c |   2 +-
 hw/display/vmware_vga.c  |   2 +-
 hw/i386/xen/xen_pvdevice.c   |   2 +-
 hw/ipack/tpci200.c   |   2 +-
 hw/ipmi/pci_ipmi_bt.c|   2 +-
 hw/ipmi/pci_ipmi_kcs.c   |   2 +-
 hw/isa/i82378.c  |   2 +-
 hw/mips/gt64xxx_pci.c|   2 +-
 hw/misc/pci-testdev.c|   2 +-
 hw/misc/pvpanic-pci.c|   2 +-
 hw/net/can/can_kvaser_pci.c  |   2 +-
 hw/net/can/can_mioe3680_pci.c|   2 +-
 hw/net/can/can_pcm3680_pci.c |   2 +-
 hw/net/can/ctucan_pci.c  |   2 +-
 hw/net/e1000.c   |   2 +-
 hw/net/e1000x_common.c   |   2 +-
 hw/net/eepro100.c|   2 +-
 hw/net/ne2000-pci.c  |   2 +-
 hw/net/net_tx_pkt.c  |   2 +-
 hw/net/pcnet-pci.c   |   2 +-
 hw/net/rocker/rocker.c   |   2 +-
 hw/net/rocker/rocker_desc.c  |   2 +-
 hw/net/rtl8139.c |   2 +-
 hw/net/sungem.c  |   2 +-
 hw/net/sunhme.c  |   2 +-
 hw/net/tulip.c   |   2 +-
 hw/net/virtio-net.c  |   2 +-
 hw/pci-host/bonito.c |   2 +-
 hw/pci-host/dino.c   |   2 +-
 hw/pci-host/grackle.c|   2 +-
 hw/pci-host/mv64361.c|   2 +-
 hw/pci-host/ppce500.c|   2 +-
 hw/pci-host/raven.c  |   2 +-
 hw/pci-host/sh_pci.c |   2 +-
 hw/pci-host/uninorth.c   |   2 +-
 hw/pci-host/versatile.c  |   2 +-
 hw/pci/pci-hmp-cmds.c|   1 +
 hw/pci/pcie_host.c   |   2 +-
 hw/pci/pcie_sriov.c  |   2 +-
 hw/pci/slotid_cap.c  |   2 +-
 hw/ppc/ppc440_pcix.c |   2 +-
 hw/ppc/ppc4xx_pci.c  |   2 +-
 hw/ppc/spapr_pci_vfio.c  |   1 +
 hw/rdma/rdma_utils.c |   2 +-
 hw/s390x/s390-pci-inst.c |   1 +
 hw/scsi/esp-pci.c|   2 +-
 hw/scsi/lsi53c895a.c |   2 +-
 hw/smbios/smbios.c   |   1 +
 hw/usb/hcd-ohci-pci.c|   2 +-
 hw/watchdog/wdt_i6300esb.c   |   2 +-
 tests/qtest/fuzz/generic_fuzz.c  |   1 +
 ui/util.c|   2 +-
 93 files changed, 441 insertions(+), 427 deletions(-)
 create mode 100644 include/hw/pci/pci_device.h

diff --git a/hw/display/ati_int.h b/hw/display/ati_int.h
index 8acb9c7466..e8d3c7af75 100644
--- a/hw/display/ati_int.h
+++ b/hw/display/ati_in

[PULL 44/51] tests: virt: Allow changes to PPTT test table

[Michael S. Tsirkin]

From: Yicong Yang 

Allow changes to test/data/acpi/virt/PPTT*, prepare to change the
building policy of the cluster topology.

Reviewed-by: Yanan Wang 
Signed-off-by: Yicong Yang 
Message-Id: <20221229065513.55652-2-yangyic...@huawei.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/qtest/bios-tables-test-allowed-diff.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/qtest/bios-tables-test-allowed-diff.h 
b/tests/qtest/bios-tables-test-allowed-diff.h
index dfb8523c8b..fc12cd8c5c 100644
--- a/tests/qtest/bios-tables-test-allowed-diff.h
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
@@ -1 +1,3 @@
 /* List of comma-separated changed AML files to ignore */
+"tests/data/acpi/virt/PPTT",
+"tests/data/acpi/virt/PPTT.acpihmatvirt",
-- 
MST

[PULL 36/51] include: Don't include qemu/osdep.h

[Michael S. Tsirkin]

From: Markus Armbruster 

docs/devel/style.rst mandates:

The "qemu/osdep.h" header contains preprocessor macros that affect
the behavior of core system headers like .  It must be
the first include so that core system headers included by external
libraries get the preprocessor macros that QEMU depends on.

Do not include "qemu/osdep.h" from header files since the .c file
will have already included it.

A few violations have crept in.  Fix them.

Signed-off-by: Markus Armbruster 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Bin Meng 
Reviewed-by: Taylor Simpson 
Reviewed-by: Alistair Francis 
Message-Id: <20221222120813.727830-4-arm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 bsd-user/qemu.h | 1 -
 crypto/block-luks-priv.h| 1 -
 include/hw/cxl/cxl_host.h   | 1 -
 include/hw/input/pl050.h| 1 -
 include/hw/tricore/triboard.h   | 1 -
 include/qemu/userfaultfd.h  | 1 -
 net/vmnet_int.h | 1 -
 qga/cutils.h| 1 -
 target/hexagon/hex_arch_types.h | 1 -
 target/hexagon/mmvec/macros.h   | 1 -
 target/riscv/pmu.h  | 1 -
 qga/cutils.c| 3 ++-
 12 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
index be6105385e..0ceecfb6df 100644
--- a/bsd-user/qemu.h
+++ b/bsd-user/qemu.h
@@ -17,7 +17,6 @@
 #ifndef QEMU_H
 #define QEMU_H
 
-#include "qemu/osdep.h"
 #include "cpu.h"
 #include "qemu/units.h"
 #include "exec/cpu_ldst.h"
diff --git a/crypto/block-luks-priv.h b/crypto/block-luks-priv.h
index 90a20d432b..1066df0307 100644
--- a/crypto/block-luks-priv.h
+++ b/crypto/block-luks-priv.h
@@ -18,7 +18,6 @@
  *
  */
 
-#include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qemu/bswap.h"
 
diff --git a/include/hw/cxl/cxl_host.h b/include/hw/cxl/cxl_host.h
index a1b662ce40..c9bc9c7c50 100644
--- a/include/hw/cxl/cxl_host.h
+++ b/include/hw/cxl/cxl_host.h
@@ -7,7 +7,6 @@
  * COPYING file in the top-level directory.
  */
 
-#include "qemu/osdep.h"
 #include "hw/cxl/cxl.h"
 #include "hw/boards.h"
 
diff --git a/include/hw/input/pl050.h b/include/hw/input/pl050.h
index 89ec4fafc9..4cb8985f31 100644
--- a/include/hw/input/pl050.h
+++ b/include/hw/input/pl050.h
@@ -10,7 +10,6 @@
 #ifndef HW_PL050_H
 #define HW_PL050_H
 
-#include "qemu/osdep.h"
 #include "hw/sysbus.h"
 #include "migration/vmstate.h"
 #include "hw/input/ps2.h"
diff --git a/include/hw/tricore/triboard.h b/include/hw/tricore/triboard.h
index 094c8bd563..4fdd2d7d97 100644
--- a/include/hw/tricore/triboard.h
+++ b/include/hw/tricore/triboard.h
@@ -18,7 +18,6 @@
  * License along with this library; if not, see .
  */
 
-#include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "hw/boards.h"
 #include "sysemu/sysemu.h"
diff --git a/include/qemu/userfaultfd.h b/include/qemu/userfaultfd.h
index 6b74f92792..55c95998e8 100644
--- a/include/qemu/userfaultfd.h
+++ b/include/qemu/userfaultfd.h
@@ -13,7 +13,6 @@
 #ifndef USERFAULTFD_H
 #define USERFAULTFD_H
 
-#include "qemu/osdep.h"
 #include "exec/hwaddr.h"
 #include 
 
diff --git a/net/vmnet_int.h b/net/vmnet_int.h
index adf6e8c20d..d0b90594f2 100644
--- a/net/vmnet_int.h
+++ b/net/vmnet_int.h
@@ -10,7 +10,6 @@
 #ifndef VMNET_INT_H
 #define VMNET_INT_H
 
-#include "qemu/osdep.h"
 #include "vmnet_int.h"
 #include "clients.h"
 
diff --git a/qga/cutils.h b/qga/cutils.h
index f0f30a7d28..2bfaf554a8 100644
--- a/qga/cutils.h
+++ b/qga/cutils.h
@@ -1,7 +1,6 @@
 #ifndef CUTILS_H_
 #define CUTILS_H_
 
-#include "qemu/osdep.h"
 
 int qga_open_cloexec(const char *name, int flags, mode_t mode);
 
diff --git a/target/hexagon/hex_arch_types.h b/target/hexagon/hex_arch_types.h
index 885f68f760..52a7f2b2f3 100644
--- a/target/hexagon/hex_arch_types.h
+++ b/target/hexagon/hex_arch_types.h
@@ -18,7 +18,6 @@
 #ifndef HEXAGON_HEX_ARCH_TYPES_H
 #define HEXAGON_HEX_ARCH_TYPES_H
 
-#include "qemu/osdep.h"
 #include "mmvec/mmvec.h"
 #include "qemu/int128.h"
 
diff --git a/target/hexagon/mmvec/macros.h b/target/hexagon/mmvec/macros.h
index 8c864e8c68..1201d778d0 100644
--- a/target/hexagon/mmvec/macros.h
+++ b/target/hexagon/mmvec/macros.h
@@ -18,7 +18,6 @@
 #ifndef HEXAGON_MMVEC_MACROS_H
 #define HEXAGON_MMVEC_MACROS_H
 
-#include "qemu/osdep.h"
 #include "qemu/host-utils.h"
 #include "arch.h"
 #include "mmvec/system_ext_mmvec.h"
diff --git a/target/riscv/pmu.h b/target/riscv/pmu.h
index 3004ce37b6..0c819ca983 100644
--- a/target/riscv/pmu.h
+++ b/target/riscv/pmu.h
@@ -16,7 +16,6 @@
  * this program.  If not, see .
  */
 
-#include "qemu/osdep.h"
 #include "qemu/log.h"
 #include "cpu.h"
 #include "qemu/main-loop.h"
diff --git a/qga/cutils.c b/qga/cutils.c
index b8e142ef64..b21bcf3683 100644
--- a/qga/cutils.c
+++ b/qga/cutils.c
@@ -2,8 +2,9 @@
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level direct

[PULL 26/51] hw/virtio: Extract QMP QOM-specific functions to virtio-qmp.c

[Michael S. Tsirkin]

From: Philippe Mathieu-Daudé 

virtio.c is big enough, extract more QMP related code to virtio-qmp.c.
To do so, expose qmp_find_virtio_device() and declar virtio_list in
the internal virtio-qmp.h header.

Note we have to leave qmp_x_query_virtio_queue_status() and
qmp_x_query_virtio_queue_element(), because they access VirtQueue
internal fields, and VirtQueue is only declared within virtio.c.

Suggested-by: Jonah Palmer 
Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20221222080005.27616-3-phi...@linaro.org>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio-qmp.h |   9 ++
 hw/virtio/virtio-qmp.c | 192 -
 hw/virtio/virtio.c | 191 +---
 3 files changed, 201 insertions(+), 191 deletions(-)

diff --git a/hw/virtio/virtio-qmp.h b/hw/virtio/virtio-qmp.h
index 075fc27030..59681082e5 100644
--- a/hw/virtio/virtio-qmp.h
+++ b/hw/virtio/virtio-qmp.h
@@ -12,7 +12,16 @@
 #define HW_VIRTIO_QMP_H
 
 #include "qapi/qapi-types-virtio.h"
+#include "hw/virtio/virtio.h"
 
+#include "qemu/queue.h"
+
+typedef QTAILQ_HEAD(QmpVirtIODeviceList, VirtIODevice) QmpVirtIODeviceList;
+
+/* QAPI list of realized VirtIODevices */
+extern QmpVirtIODeviceList virtio_list;
+
+VirtIODevice *qmp_find_virtio_device(const char *path);
 VirtioDeviceStatus *qmp_decode_status(uint8_t bitmap);
 VhostDeviceProtocols *qmp_decode_protocols(uint64_t bitmap);
 VirtioDeviceFeatures *qmp_decode_features(uint16_t device_id, uint64_t bitmap);
diff --git a/hw/virtio/virtio-qmp.c b/hw/virtio/virtio-qmp.c
index 8e7282658f..e4d4bece2d 100644
--- a/hw/virtio/virtio-qmp.c
+++ b/hw/virtio/virtio-qmp.c
@@ -10,9 +10,14 @@
  */
 
 #include "qemu/osdep.h"
-#include "hw/virtio/virtio.h"
 #include "virtio-qmp.h"
 
+#include "qapi/error.h"
+#include "qapi/qapi-commands-virtio.h"
+#include "qapi/qapi-commands-qom.h"
+#include "qapi/qmp/qobject.h"
+#include "qapi/qmp/qjson.h"
+
 #include "standard-headers/linux/virtio_ids.h"
 #include "standard-headers/linux/vhost_types.h"
 #include "standard-headers/linux/virtio_blk.h"
@@ -657,3 +662,188 @@ VirtioDeviceFeatures *qmp_decode_features(uint16_t 
device_id, uint64_t bitmap)
 
 return features;
 }
+
+VirtioInfoList *qmp_x_query_virtio(Error **errp)
+{
+VirtioInfoList *list = NULL;
+VirtioInfoList *node;
+VirtIODevice *vdev;
+
+QTAILQ_FOREACH(vdev, &virtio_list, next) {
+DeviceState *dev = DEVICE(vdev);
+Error *err = NULL;
+QObject *obj = qmp_qom_get(dev->canonical_path, "realized", &err);
+
+if (err == NULL) {
+GString *is_realized = qobject_to_json_pretty(obj, true);
+/* virtio device is NOT realized, remove it from list */
+if (!strncmp(is_realized->str, "false", 4)) {
+QTAILQ_REMOVE(&virtio_list, vdev, next);
+} else {
+node = g_new0(VirtioInfoList, 1);
+node->value = g_new(VirtioInfo, 1);
+node->value->path = g_strdup(dev->canonical_path);
+node->value->name = g_strdup(vdev->name);
+QAPI_LIST_PREPEND(list, node->value);
+}
+   g_string_free(is_realized, true);
+}
+qobject_unref(obj);
+}
+
+return list;
+}
+
+VirtIODevice *qmp_find_virtio_device(const char *path)
+{
+VirtIODevice *vdev;
+
+QTAILQ_FOREACH(vdev, &virtio_list, next) {
+DeviceState *dev = DEVICE(vdev);
+
+if (strcmp(dev->canonical_path, path) != 0) {
+continue;
+}
+
+Error *err = NULL;
+QObject *obj = qmp_qom_get(dev->canonical_path, "realized", &err);
+if (err == NULL) {
+GString *is_realized = qobject_to_json_pretty(obj, true);
+/* virtio device is NOT realized, remove it from list */
+if (!strncmp(is_realized->str, "false", 4)) {
+g_string_free(is_realized, true);
+qobject_unref(obj);
+QTAILQ_REMOVE(&virtio_list, vdev, next);
+return NULL;
+}
+g_string_free(is_realized, true);
+} else {
+/* virtio device doesn't exist in QOM tree */
+QTAILQ_REMOVE(&virtio_list, vdev, next);
+qobject_unref(obj);
+return NULL;
+}
+/* device exists in QOM tree & is realized */
+qobject_unref(obj);
+return vdev;
+}
+return NULL;
+}
+
+VirtioStatus *qmp_x_query_virtio_status(const char *path, Error **errp)
+{
+VirtIODevice *vdev;
+VirtioStatus *status;
+
+vdev = qmp_find_virtio_device(path);
+if (vdev == NULL) {
+error_setg(errp, "Path %s is not a VirtIODevice", path);
+return NULL;
+}
+
+status = g_new0(VirtioStatus, 1);
+status->name = g_strdup(vdev->name);
+status->device_id = vdev->device_id;
+status->vhost_started = vdev->vhost_started;
+status->guest_features = qmp_decode_featur

[PULL 28/51] include/hw/cxl: Move typedef PXBDev to cxl.h, and put it to use

[Michael S. Tsirkin]

From: Markus Armbruster 

hw/cxl/cxl.h uses the PXBDev structure tag instead of the typedef
name.  The typedef name is defined in hw/pci/pci_bridge.h.  Its
inclusion was dropped in the previous commit to break an inclusion
loop.

Move the typedef to hw/cxl/cxl.h, and use it there.  Delete an extra
typedef in hw/pci-bridge/pci_expander_bridge.c.

Signed-off-by: Markus Armbruster 
Message-Id: <20221222100330.380143-3-arm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/cxl/cxl.h| 4 +++-
 include/hw/pci/pci_bridge.h | 1 -
 hw/pci-bridge/pci_expander_bridge.c | 1 -
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/hw/cxl/cxl.h b/include/hw/cxl/cxl.h
index 5129557bee..b161be59b7 100644
--- a/include/hw/cxl/cxl.h
+++ b/include/hw/cxl/cxl.h
@@ -23,10 +23,12 @@
 
 #define CXL_WINDOW_MAX 10
 
+typedef struct PXBDev PXBDev;
+
 typedef struct CXLFixedWindow {
 uint64_t size;
 char **targets;
-struct PXBDev *target_hbs[8];
+PXBDev *target_hbs[8];
 uint8_t num_targets;
 uint8_t enc_int_ways;
 uint8_t enc_int_gran;
diff --git a/include/hw/pci/pci_bridge.h b/include/hw/pci/pci_bridge.h
index ca6caf487e..58a3fb0c2c 100644
--- a/include/hw/pci/pci_bridge.h
+++ b/include/hw/pci/pci_bridge.h
@@ -97,7 +97,6 @@ struct PXBDev {
 } cxl;
 };
 
-typedef struct PXBDev PXBDev;
 #define TYPE_PXB_CXL_DEVICE "pxb-cxl"
 DECLARE_INSTANCE_CHECKER(PXBDev, PXB_CXL_DEV,
  TYPE_PXB_CXL_DEVICE)
diff --git a/hw/pci-bridge/pci_expander_bridge.c 
b/hw/pci-bridge/pci_expander_bridge.c
index c9e817aa58..870d9bab11 100644
--- a/hw/pci-bridge/pci_expander_bridge.c
+++ b/hw/pci-bridge/pci_expander_bridge.c
@@ -50,7 +50,6 @@ struct PXBBus {
 };
 
 #define TYPE_PXB_DEVICE "pxb"
-typedef struct PXBDev PXBDev;
 DECLARE_INSTANCE_CHECKER(PXBDev, PXB_DEV,
  TYPE_PXB_DEVICE)
 
-- 
MST

[PULL 13/51] vhost-user: Refactor the chr_closed_bh

[Michael S. Tsirkin]

From: Hyman Huang(黄勇) 

Use vhost_user_save_acked_features to implemente acked features
saving.

Signed-off-by: Hyman Huang(黄勇) 
Signed-off-by: Guoyi Tu 
Message-Id: 
<6699ee88687b62fb8152fe021e576cd2f468d7ca.1671627406.git.huang...@chinatelecom.cn>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 net/vhost-user.c | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/net/vhost-user.c b/net/vhost-user.c
index f5cb095d5c..5993e4afca 100644
--- a/net/vhost-user.c
+++ b/net/vhost-user.c
@@ -260,11 +260,7 @@ static void chr_closed_bh(void *opaque)
 s = DO_UPCAST(NetVhostUserState, nc, ncs[0]);
 
 for (i = queues -1; i >= 0; i--) {
-s = DO_UPCAST(NetVhostUserState, nc, ncs[i]);
-
-if (s->vhost_net) {
-s->acked_features = vhost_net_get_acked_features(s->vhost_net);
-}
+vhost_user_save_acked_features(ncs[i]);
 }
 
 qmp_set_link(name, false, &err);
-- 
MST

[PULL 27/51] include/hw/pci: Break inclusion loop pci_bridge.h and cxl.h

[Michael S. Tsirkin]

From: Markus Armbruster 

hw/pci/pci_bridge.h and hw/cxl/cxl.h include each other.

Fortunately, breaking the loop is merely a matter of deleting
unnecessary includes from headers, and adding them back in places
where they are now missing.

Signed-off-by: Markus Armbruster 
Message-Id: <20221222100330.380143-2-arm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/alpha/alpha_sys.h  | 1 -
 hw/rdma/rdma_utils.h  | 1 -
 hw/rdma/vmw/pvrdma.h  | 1 -
 hw/usb/hcd-ehci.h | 1 -
 hw/xen/xen_pt.h   | 1 -
 include/hw/cxl/cxl.h  | 1 -
 include/hw/cxl/cxl_cdat.h | 1 +
 include/hw/cxl/cxl_device.h   | 1 +
 include/hw/cxl/cxl_pci.h  | 2 --
 include/hw/i386/ich9.h| 4 
 include/hw/i386/x86-iommu.h   | 1 -
 include/hw/isa/vt82c686.h | 1 -
 include/hw/pci-host/designware.h  | 3 ---
 include/hw/pci-host/i440fx.h  | 2 +-
 include/hw/pci-host/ls7a.h| 2 --
 include/hw/pci-host/pnv_phb3.h| 2 --
 include/hw/pci-host/pnv_phb4.h| 3 +--
 include/hw/pci-host/xilinx-pcie.h | 1 -
 include/hw/pci/pcie.h | 1 -
 include/hw/virtio/virtio-scsi.h   | 1 -
 hw/alpha/pci.c| 1 +
 hw/alpha/typhoon.c| 2 +-
 hw/i386/acpi-build.c  | 2 +-
 hw/pci-bridge/i82801b11.c | 2 +-
 hw/rdma/rdma_utils.c  | 1 +
 hw/scsi/virtio-scsi.c | 1 +
 26 files changed, 10 insertions(+), 30 deletions(-)

diff --git a/hw/alpha/alpha_sys.h b/hw/alpha/alpha_sys.h
index 2263e821da..a303c58438 100644
--- a/hw/alpha/alpha_sys.h
+++ b/hw/alpha/alpha_sys.h
@@ -5,7 +5,6 @@
 
 #include "target/alpha/cpu-qom.h"
 #include "hw/pci/pci.h"
-#include "hw/pci/pci_host.h"
 #include "hw/boards.h"
 #include "hw/intc/i8259.h"
 
diff --git a/hw/rdma/rdma_utils.h b/hw/rdma/rdma_utils.h
index 0c6414e7e0..54e4f56edd 100644
--- a/hw/rdma/rdma_utils.h
+++ b/hw/rdma/rdma_utils.h
@@ -18,7 +18,6 @@
 #define RDMA_UTILS_H
 
 #include "qemu/error-report.h"
-#include "hw/pci/pci.h"
 #include "sysemu/dma.h"
 
 #define rdma_error_report(fmt, ...) \
diff --git a/hw/rdma/vmw/pvrdma.h b/hw/rdma/vmw/pvrdma.h
index d08965d3e2..0caf95ede8 100644
--- a/hw/rdma/vmw/pvrdma.h
+++ b/hw/rdma/vmw/pvrdma.h
@@ -18,7 +18,6 @@
 
 #include "qemu/units.h"
 #include "qemu/notify.h"
-#include "hw/pci/pci.h"
 #include "hw/pci/msix.h"
 #include "chardev/char-fe.h"
 #include "hw/net/vmxnet3_defs.h"
diff --git a/hw/usb/hcd-ehci.h b/hw/usb/hcd-ehci.h
index a173707d9b..4d4b2830b7 100644
--- a/hw/usb/hcd-ehci.h
+++ b/hw/usb/hcd-ehci.h
@@ -23,7 +23,6 @@
 #include "sysemu/dma.h"
 #include "hw/pci/pci.h"
 #include "hw/sysbus.h"
-#include "qom/object.h"
 
 #ifndef EHCI_DEBUG
 #define EHCI_DEBUG   0
diff --git a/hw/xen/xen_pt.h b/hw/xen/xen_pt.h
index e7c4316a7d..cf10fc7bbf 100644
--- a/hw/xen/xen_pt.h
+++ b/hw/xen/xen_pt.h
@@ -2,7 +2,6 @@
 #define XEN_PT_H
 
 #include "hw/xen/xen_common.h"
-#include "hw/pci/pci.h"
 #include "xen-host-pci-device.h"
 #include "qom/object.h"
 
diff --git a/include/hw/cxl/cxl.h b/include/hw/cxl/cxl.h
index 38e0e271d5..5129557bee 100644
--- a/include/hw/cxl/cxl.h
+++ b/include/hw/cxl/cxl.h
@@ -13,7 +13,6 @@
 
 #include "qapi/qapi-types-machine.h"
 #include "qapi/qapi-visit-machine.h"
-#include "hw/pci/pci_bridge.h"
 #include "hw/pci/pci_host.h"
 #include "cxl_pci.h"
 #include "cxl_component.h"
diff --git a/include/hw/cxl/cxl_cdat.h b/include/hw/cxl/cxl_cdat.h
index e9eda00142..7f67638685 100644
--- a/include/hw/cxl/cxl_cdat.h
+++ b/include/hw/cxl/cxl_cdat.h
@@ -11,6 +11,7 @@
 #define CXL_CDAT_H
 
 #include "hw/cxl/cxl_pci.h"
+#include "hw/pci/pcie_doe.h"
 
 /*
  * Reference:
diff --git a/include/hw/cxl/cxl_device.h b/include/hw/cxl/cxl_device.h
index 449b0edfe9..fd475b947b 100644
--- a/include/hw/cxl/cxl_device.h
+++ b/include/hw/cxl/cxl_device.h
@@ -10,6 +10,7 @@
 #ifndef CXL_DEVICE_H
 #define CXL_DEVICE_H
 
+#include "hw/pci/pci.h"
 #include "hw/register.h"
 
 /*
diff --git a/include/hw/cxl/cxl_pci.h b/include/hw/cxl/cxl_pci.h
index 3cb79eca1e..aca14845ab 100644
--- a/include/hw/cxl/cxl_pci.h
+++ b/include/hw/cxl/cxl_pci.h
@@ -11,8 +11,6 @@
 #define CXL_PCI_H
 
 #include "qemu/compiler.h"
-#include "hw/pci/pci.h"
-#include "hw/pci/pcie.h"
 #include "hw/cxl/cxl_cdat.h"
 
 #define CXL_VENDOR_ID 0x1e98
diff --git a/include/hw/i386/ich9.h b/include/hw/i386/ich9.h
index 23ee8e371b..222781e8b9 100644
--- a/include/hw/i386/ich9.h
+++ b/include/hw/i386/ich9.h
@@ -5,12 +5,8 @@
 #include "hw/sysbus.h"
 #include "hw/i386/pc.h"
 #include "hw/isa/apm.h"
-#include "hw/pci/pci.h"
-#include "hw/pci/pcie_host.h"
-#include "hw/pci/pci_bridge.h"
 #include "hw/acpi/acpi.h"
 #include "hw/acpi/ich9.h"
-#include "hw/pci/pci_bus.h"
 #include "qom/object.h"
 
 void ich9_lpc_set_irq(void *opaque, int irq_num, int level);
diff --git a/include/hw/i386/x86-iommu.h b/include/hw/i386/x86-iommu.h
index 7637edb430..8d8d53b18b 100644
--- a/include/hw/i386/x86-iommu.h
+

[PULL 41/51] vhost: configure all host notifiers in a single MR transaction

[Michael S. Tsirkin]

From: Longpeng 

This allows the vhost device to batch the setup of all its host notifiers.
This significantly reduces the device starting time, e.g. the time spend
on enabling notifiers reduce from 376ms to 9.1ms for a VM with 64 vCPUs
and 3 vhost-vDPA generic devices (vdpa_sim_blk, 64vq per device)

Signed-off-by: Longpeng 
Message-Id: <20221227072015.3134-3-longpe...@huawei.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/virtio/vhost.c | 24 
 1 file changed, 24 insertions(+)

diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index 87c49fa679..eb8c4c378c 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -1562,16 +1562,25 @@ int vhost_dev_enable_notifiers(struct vhost_dev *hdev, 
VirtIODevice *vdev)
 return r;
 }
 
+/*
+ * Batch all the host notifiers in a single transaction to avoid
+ * quadratic time complexity in address_space_update_ioeventfds().
+ */
+memory_region_transaction_begin();
+
 for (i = 0; i < hdev->nvqs; ++i) {
 r = virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), hdev->vq_index + i,
  true);
 if (r < 0) {
 error_report("vhost VQ %d notifier binding failed: %d", i, -r);
+memory_region_transaction_commit();
 vhost_dev_disable_notifiers(hdev, vdev);
 return r;
 }
 }
 
+memory_region_transaction_commit();
+
 return 0;
 }
 
@@ -1585,6 +1594,12 @@ void vhost_dev_disable_notifiers(struct vhost_dev *hdev, 
VirtIODevice *vdev)
 BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(vdev)));
 int i, r;
 
+/*
+ * Batch all the host notifiers in a single transaction to avoid
+ * quadratic time complexity in address_space_update_ioeventfds().
+ */
+memory_region_transaction_begin();
+
 for (i = 0; i < hdev->nvqs; ++i) {
 r = virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), hdev->vq_index + i,
  false);
@@ -1592,6 +1607,15 @@ void vhost_dev_disable_notifiers(struct vhost_dev *hdev, 
VirtIODevice *vdev)
 error_report("vhost VQ %d notifier cleanup failed: %d", i, -r);
 }
 assert (r >= 0);
+}
+
+/*
+ * The transaction expects the ioeventfds to be open when it
+ * commits. Do it now, before the cleanup loop.
+ */
+memory_region_transaction_commit();
+
+for (i = 0; i < hdev->nvqs; ++i) {
 virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), hdev->vq_index + i);
 }
 virtio_device_release_ioeventfd(vdev);
-- 
MST

[PULL 21/51] vhost: add support for configure interrupt

[Michael S. Tsirkin]

From: Cindy Lu 

Add functions to support configure interrupt.
The configure interrupt process will start in vhost_dev_start
and stop in vhost_dev_stop.

Also add the functions to support vhost_config_pending and
vhost_config_mask.

Signed-off-by: Cindy Lu 
Message-Id: <20221222070451.936503-8-l...@redhat.com>
Acked-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/virtio/vhost.h |  4 ++
 hw/virtio/vhost.c | 78 ++-
 2 files changed, 81 insertions(+), 1 deletion(-)

diff --git a/include/hw/virtio/vhost.h b/include/hw/virtio/vhost.h
index 1cafa0d776..a52f273347 100644
--- a/include/hw/virtio/vhost.h
+++ b/include/hw/virtio/vhost.h
@@ -33,6 +33,7 @@ struct vhost_virtqueue {
 unsigned used_size;
 EventNotifier masked_notifier;
 EventNotifier error_notifier;
+EventNotifier masked_config_notifier;
 struct vhost_dev *dev;
 };
 
@@ -41,6 +42,7 @@ typedef unsigned long vhost_log_chunk_t;
 #define VHOST_LOG_BITS (8 * sizeof(vhost_log_chunk_t))
 #define VHOST_LOG_CHUNK (VHOST_LOG_PAGE * VHOST_LOG_BITS)
 #define VHOST_INVALID_FEATURE_BIT   (0xff)
+#define VHOST_QUEUE_NUM_CONFIG_INR 0
 
 struct vhost_log {
 unsigned long long size;
@@ -187,6 +189,8 @@ int vhost_dev_enable_notifiers(struct vhost_dev *hdev, 
VirtIODevice *vdev);
  * Disable direct notifications to vhost device.
  */
 void vhost_dev_disable_notifiers(struct vhost_dev *hdev, VirtIODevice *vdev);
+bool vhost_config_pending(struct vhost_dev *hdev);
+void vhost_config_mask(struct vhost_dev *hdev, VirtIODevice *vdev, bool mask);
 
 /**
  * vhost_dev_is_started() - report status of vhost device
diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index fdcd1a8fdf..2c566dc539 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -1640,7 +1640,68 @@ void vhost_virtqueue_mask(struct vhost_dev *hdev, 
VirtIODevice *vdev, int n,
 file.index = hdev->vhost_ops->vhost_get_vq_index(hdev, n);
 r = hdev->vhost_ops->vhost_set_vring_call(hdev, &file);
 if (r < 0) {
-VHOST_OPS_DEBUG(r, "vhost_set_vring_call failed");
+error_report("vhost_set_vring_call failed %d", -r);
+}
+}
+
+bool vhost_config_pending(struct vhost_dev *hdev)
+{
+assert(hdev->vhost_ops);
+if ((hdev->started == false) ||
+(hdev->vhost_ops->vhost_set_config_call == NULL)) {
+return false;
+}
+
+EventNotifier *notifier =
+&hdev->vqs[VHOST_QUEUE_NUM_CONFIG_INR].masked_config_notifier;
+return event_notifier_test_and_clear(notifier);
+}
+
+void vhost_config_mask(struct vhost_dev *hdev, VirtIODevice *vdev, bool mask)
+{
+int fd;
+int r;
+EventNotifier *notifier =
+&hdev->vqs[VHOST_QUEUE_NUM_CONFIG_INR].masked_config_notifier;
+EventNotifier *config_notifier = &vdev->config_notifier;
+assert(hdev->vhost_ops);
+
+if ((hdev->started == false) ||
+(hdev->vhost_ops->vhost_set_config_call == NULL)) {
+return;
+}
+if (mask) {
+assert(vdev->use_guest_notifier_mask);
+fd = event_notifier_get_fd(notifier);
+} else {
+fd = event_notifier_get_fd(config_notifier);
+}
+r = hdev->vhost_ops->vhost_set_config_call(hdev, fd);
+if (r < 0) {
+error_report("vhost_set_config_call failed %d", -r);
+}
+}
+
+static void vhost_stop_config_intr(struct vhost_dev *dev)
+{
+int fd = -1;
+assert(dev->vhost_ops);
+if (dev->vhost_ops->vhost_set_config_call) {
+dev->vhost_ops->vhost_set_config_call(dev, fd);
+}
+}
+
+static void vhost_start_config_intr(struct vhost_dev *dev)
+{
+int r;
+
+assert(dev->vhost_ops);
+int fd = event_notifier_get_fd(&dev->vdev->config_notifier);
+if (dev->vhost_ops->vhost_set_config_call) {
+r = dev->vhost_ops->vhost_set_config_call(dev, fd);
+if (!r) {
+event_notifier_set(&dev->vdev->config_notifier);
+}
 }
 }
 
@@ -1880,6 +1941,16 @@ int vhost_dev_start(struct vhost_dev *hdev, VirtIODevice 
*vdev, bool vrings)
 }
 }
 
+r = event_notifier_init(
+&hdev->vqs[VHOST_QUEUE_NUM_CONFIG_INR].masked_config_notifier, 0);
+if (r < 0) {
+return r;
+}
+event_notifier_test_and_clear(
+&hdev->vqs[VHOST_QUEUE_NUM_CONFIG_INR].masked_config_notifier);
+if (!vdev->use_guest_notifier_mask) {
+vhost_config_mask(hdev, vdev, true);
+}
 if (hdev->log_enabled) {
 uint64_t log_base;
 
@@ -1918,6 +1989,7 @@ int vhost_dev_start(struct vhost_dev *hdev, VirtIODevice 
*vdev, bool vrings)
 vhost_device_iotlb_miss(hdev, vq->used_phys, true);
 }
 }
+vhost_start_config_intr(hdev);
 return 0;
 fail_start:
 if (vrings) {
@@ -1947,6 +2019,9 @@ void vhost_dev_stop(struct vhost_dev *hdev, VirtIODevice 
*vdev, bool vrings)
 
 /* should only be called after backend is connected */
 assert(hdev->vhost_ops);
+event_notifier_test_and_clear(
+&hdev->vqs

[PULL 09/51] hw/isa/Kconfig: Add missing dependency to VT82C686

[Michael S. Tsirkin]

From: Bernhard Beschow 

The ACPIREGS are provided by TYPE_VIA_PM, so needs to select ACPI.

Signed-off-by: Bernhard Beschow 
Message-Id: <20221216130355.41667-6-shen...@gmail.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: BALATON Zoltan 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/isa/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/isa/Kconfig b/hw/isa/Kconfig
index 0a6a04947c..0156a66889 100644
--- a/hw/isa/Kconfig
+++ b/hw/isa/Kconfig
@@ -52,6 +52,7 @@ config PIIX4
 config VT82C686
 bool
 select ISA_SUPERIO
+select ACPI
 select ACPI_SMBUS
 select SERIAL_ISA
 select FDC_ISA
-- 
MST

[PULL 47/51] tests: acpi: Add and whitelist *.topology blobs

[Michael S. Tsirkin]

From: Yicong Yang 

Add and whitelist *.topology blobs, prepares for the aarch64's ACPI
topology building test.

Reviewed-by: Yanan Wang 
Signed-off-by: Yicong Yang 
Message-Id: <20221229065513.55652-5-yangyic...@huawei.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/qtest/bios-tables-test-allowed-diff.h | 3 +++
 tests/data/acpi/virt/APIC.topology  | 0
 tests/data/acpi/virt/DSDT.topology  | 0
 tests/data/acpi/virt/PPTT.topology  | 0
 4 files changed, 3 insertions(+)
 create mode 100644 tests/data/acpi/virt/APIC.topology
 create mode 100644 tests/data/acpi/virt/DSDT.topology
 create mode 100644 tests/data/acpi/virt/PPTT.topology

diff --git a/tests/qtest/bios-tables-test-allowed-diff.h 
b/tests/qtest/bios-tables-test-allowed-diff.h
index dfb8523c8b..90f53f9c1d 100644
--- a/tests/qtest/bios-tables-test-allowed-diff.h
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
@@ -1 +1,4 @@
 /* List of comma-separated changed AML files to ignore */
+"tests/data/acpi/virt/APIC.topology",
+"tests/data/acpi/virt/DSDT.topology",
+"tests/data/acpi/virt/PPTT.topology",
diff --git a/tests/data/acpi/virt/APIC.topology 
b/tests/data/acpi/virt/APIC.topology
new file mode 100644
index 00..e69de29bb2
diff --git a/tests/data/acpi/virt/DSDT.topology 
b/tests/data/acpi/virt/DSDT.topology
new file mode 100644
index 00..e69de29bb2
diff --git a/tests/data/acpi/virt/PPTT.topology 
b/tests/data/acpi/virt/PPTT.topology
new file mode 100644
index 00..e69de29bb2
-- 
MST

[PULL 38/51] vdpa-dev: get iova range explicitly

[Michael S. Tsirkin]

From: Longpeng 

In commit a585fad26b ("vdpa: request iova_range only once") we remove
GET_IOVA_RANGE form vhost_vdpa_init, the generic vdpa device will start
without iova_range populated, so the device won't work. Let's call
GET_IOVA_RANGE ioctl explicitly.

Fixes: a585fad26b2e6ccc ("vdpa: request iova_range only once")
Signed-off-by: Longpeng 
Message-Id: <20221224114848.3062-2-longpe...@huawei.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Acked-by: Jason Wang 
---
 include/hw/virtio/vhost-vdpa.h | 2 ++
 hw/virtio/vdpa-dev.c   | 9 +
 hw/virtio/vhost-vdpa.c | 7 +++
 net/vhost-vdpa.c   | 8 
 4 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/include/hw/virtio/vhost-vdpa.h b/include/hw/virtio/vhost-vdpa.h
index 45b969a311..7997f09a8d 100644
--- a/include/hw/virtio/vhost-vdpa.h
+++ b/include/hw/virtio/vhost-vdpa.h
@@ -51,6 +51,8 @@ typedef struct vhost_vdpa {
 VhostVDPAHostNotifier notifier[VIRTIO_QUEUE_MAX];
 } VhostVDPA;
 
+int vhost_vdpa_get_iova_range(int fd, struct vhost_vdpa_iova_range 
*iova_range);
+
 int vhost_vdpa_dma_map(struct vhost_vdpa *v, uint32_t asid, hwaddr iova,
hwaddr size, void *vaddr, bool readonly);
 int vhost_vdpa_dma_unmap(struct vhost_vdpa *v, uint32_t asid, hwaddr iova,
diff --git a/hw/virtio/vdpa-dev.c b/hw/virtio/vdpa-dev.c
index db6ba61152..01b41eb0f1 100644
--- a/hw/virtio/vdpa-dev.c
+++ b/hw/virtio/vdpa-dev.c
@@ -53,6 +53,7 @@ static void vhost_vdpa_device_realize(DeviceState *dev, Error 
**errp)
 {
 VirtIODevice *vdev = VIRTIO_DEVICE(dev);
 VhostVdpaDevice *v = VHOST_VDPA_DEVICE(vdev);
+struct vhost_vdpa_iova_range iova_range;
 uint16_t max_queue_size;
 struct vhost_virtqueue *vqs;
 int i, ret;
@@ -108,6 +109,14 @@ static void vhost_vdpa_device_realize(DeviceState *dev, 
Error **errp)
 v->dev.backend_features = 0;
 v->started = false;
 
+ret = vhost_vdpa_get_iova_range(v->vhostfd, &iova_range);
+if (ret < 0) {
+error_setg(errp, "vhost-vdpa-device: get iova range failed: %s",
+   strerror(-ret));
+goto free_vqs;
+}
+v->vdpa.iova_range = iova_range;
+
 ret = vhost_dev_init(&v->dev, &v->vdpa, VHOST_BACKEND_TYPE_VDPA, 0, NULL);
 if (ret < 0) {
 error_setg(errp, "vhost-vdpa-device: vhost initialization failed: %s",
diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index fcb1e96316..c295a8c917 100644
--- a/hw/virtio/vhost-vdpa.c
+++ b/hw/virtio/vhost-vdpa.c
@@ -378,6 +378,13 @@ static int vhost_vdpa_add_status(struct vhost_dev *dev, 
uint8_t status)
 return 0;
 }
 
+int vhost_vdpa_get_iova_range(int fd, struct vhost_vdpa_iova_range *iova_range)
+{
+int ret = ioctl(fd, VHOST_VDPA_GET_IOVA_RANGE, iova_range);
+
+return ret < 0 ? -errno : 0;
+}
+
 /*
  * The use of this function is for requests that only need to be
  * applied once. Typically such request occurs at the beginning
diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index b0c6109230..b6e1e84ed2 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -710,14 +710,6 @@ static NetClientState *net_vhost_vdpa_init(NetClientState 
*peer,
 return nc;
 }
 
-static int vhost_vdpa_get_iova_range(int fd,
- struct vhost_vdpa_iova_range *iova_range)
-{
-int ret = ioctl(fd, VHOST_VDPA_GET_IOVA_RANGE, iova_range);
-
-return ret < 0 ? -errno : 0;
-}
-
 static int vhost_vdpa_get_features(int fd, uint64_t *features, Error **errp)
 {
 int ret = ioctl(fd, VHOST_GET_FEATURES, features);
-- 
MST

[PULL 24/51] virtio-pci: add support for configure interrupt

[Michael S. Tsirkin]

From: Cindy Lu 

Add process to handle the configure interrupt, The function's
logic is the same with vq interrupt.Add extra process to check
the configure interrupt

Signed-off-by: Cindy Lu 
Message-Id: <20221222070451.936503-11-l...@redhat.com>
Acked-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/virtio/virtio-pci.h |   4 +-
 hw/virtio/virtio-pci.c | 118 +++--
 2 files changed, 102 insertions(+), 20 deletions(-)

diff --git a/include/hw/virtio/virtio-pci.h b/include/hw/virtio/virtio-pci.h
index 24fba1604b..ab2051b64b 100644
--- a/include/hw/virtio/virtio-pci.h
+++ b/include/hw/virtio/virtio-pci.h
@@ -261,5 +261,7 @@ void virtio_pci_types_register(const 
VirtioPCIDeviceTypeInfo *t);
  * @fixed_queues.
  */
 unsigned virtio_pci_optimal_num_queues(unsigned fixed_queues);
-
+void virtio_pci_set_guest_notifier_fd_handler(VirtIODevice *vdev, VirtQueue 
*vq,
+  int n, bool assign,
+  bool with_irqfd);
 #endif
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index d7e29b1cdc..7bc60fcf94 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -836,7 +836,8 @@ static int virtio_pci_get_notifier(VirtIOPCIProxy *proxy, 
int queue_no,
 VirtQueue *vq;
 
 if (queue_no == VIRTIO_CONFIG_IRQ_IDX) {
-return -1;
+*n = virtio_config_get_guest_notifier(vdev);
+*vector = vdev->config_vector;
 } else {
 if (!virtio_queue_get_num(vdev, queue_no)) {
 return -1;
@@ -896,7 +897,7 @@ undo:
 }
 return ret;
 }
-static int kvm_virtio_pci_vector_use(VirtIOPCIProxy *proxy, int nvqs)
+static int kvm_virtio_pci_vector_vq_use(VirtIOPCIProxy *proxy, int nvqs)
 {
 int queue_no;
 int ret = 0;
@@ -911,6 +912,10 @@ static int kvm_virtio_pci_vector_use(VirtIOPCIProxy 
*proxy, int nvqs)
 return ret;
 }
 
+static int kvm_virtio_pci_vector_config_use(VirtIOPCIProxy *proxy)
+{
+return kvm_virtio_pci_vector_use_one(proxy, VIRTIO_CONFIG_IRQ_IDX);
+}
 
 static void kvm_virtio_pci_vector_release_one(VirtIOPCIProxy *proxy,
   int queue_no)
@@ -935,7 +940,7 @@ static void 
kvm_virtio_pci_vector_release_one(VirtIOPCIProxy *proxy,
 kvm_virtio_pci_vq_vector_release(proxy, vector);
 }
 
-static void kvm_virtio_pci_vector_release(VirtIOPCIProxy *proxy, int nvqs)
+static void kvm_virtio_pci_vector_vq_release(VirtIOPCIProxy *proxy, int nvqs)
 {
 int queue_no;
 VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
@@ -948,6 +953,11 @@ static void kvm_virtio_pci_vector_release(VirtIOPCIProxy 
*proxy, int nvqs)
 }
 }
 
+static void kvm_virtio_pci_vector_config_release(VirtIOPCIProxy *proxy)
+{
+kvm_virtio_pci_vector_release_one(proxy, VIRTIO_CONFIG_IRQ_IDX);
+}
+
 static int virtio_pci_one_vector_unmask(VirtIOPCIProxy *proxy,
unsigned int queue_no,
unsigned int vector,
@@ -1029,9 +1039,19 @@ static int virtio_pci_vector_unmask(PCIDevice *dev, 
unsigned vector,
 }
 vq = virtio_vector_next_queue(vq);
 }
-
+/* unmask config intr */
+if (vector == vdev->config_vector) {
+n = virtio_config_get_guest_notifier(vdev);
+ret = virtio_pci_one_vector_unmask(proxy, VIRTIO_CONFIG_IRQ_IDX, 
vector,
+   msg, n);
+if (ret < 0) {
+goto undo_config;
+}
+}
 return 0;
-
+undo_config:
+n = virtio_config_get_guest_notifier(vdev);
+virtio_pci_one_vector_mask(proxy, VIRTIO_CONFIG_IRQ_IDX, vector, n);
 undo:
 vq = virtio_vector_first_queue(vdev, vector);
 while (vq && unmasked >= 0) {
@@ -1065,6 +1085,11 @@ static void virtio_pci_vector_mask(PCIDevice *dev, 
unsigned vector)
 }
 vq = virtio_vector_next_queue(vq);
 }
+
+if (vector == vdev->config_vector) {
+n = virtio_config_get_guest_notifier(vdev);
+virtio_pci_one_vector_mask(proxy, VIRTIO_CONFIG_IRQ_IDX, vector, n);
+}
 }
 
 static void virtio_pci_vector_poll(PCIDevice *dev,
@@ -1096,6 +1121,34 @@ static void virtio_pci_vector_poll(PCIDevice *dev,
 msix_set_pending(dev, vector);
 }
 }
+/* poll the config intr */
+ret = virtio_pci_get_notifier(proxy, VIRTIO_CONFIG_IRQ_IDX, ¬ifier,
+  &vector);
+if (ret < 0) {
+return;
+}
+if (vector < vector_start || vector >= vector_end ||
+!msix_is_masked(dev, vector)) {
+return;
+}
+if (k->guest_notifier_pending) {
+if (k->guest_notifier_pending(vdev, VIRTIO_CONFIG_IRQ_IDX)) {
+msix_set_pending(dev, vector);
+}
+} else if (event_notifier_test_and_clear(notifier)) {
+msix_set_pending(dev, vector);
+}
+}
+
+void virtio_pci_set_guest_notifier_fd_handler(VirtIODe

[PULL 00/51] virtio,pc,pci: features, cleanups, fixes

[Michael S. Tsirkin]

The following changes since commit cb9c6a8e5ad6a1f0ce164d352e3102df46986e22:

  .gitlab-ci.d/windows: Work-around timeout and OpenGL problems of the MSYS2 
jobs (2023-01-04 18:58:33 +)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream

for you to fetch changes up to 6529cb46fa76bb4b4f217d6fcc68b61b543062c4:

  vhost-scsi: fix memleak of vsc->inflight (2023-01-05 04:07:39 -0500)


virtio,pc,pci: features, cleanups, fixes

mostly vhost-vdpa:
guest announce feature emulation when using shadow virtqueue
support for configure interrupt
startup speed ups

an acpi change to only generate cluster node in PPTT when specified for arm

misc fixes, cleanups

Signed-off-by: Michael S. Tsirkin 



Note: linux-user build is failing for me on master, I just
disabled it for now as nothing I'm doing should affect linux-user.
Didn't debug yet.


Bernhard Beschow (7):
  hw/acpi/Kconfig: Rename ACPI_X86_ICH to ACPI_ICH9
  hw/acpi/Kconfig: Add missing dependencies to ACPI_ICH9
  hw/acpi/Kconfig: Do not needlessly build TYPE_PIIX4_PM in non-PC/Malta 
machines
  hw/acpi/Kconfig: Add missing dependencies to ACPI_PIIX4
  hw/isa/Kconfig: Add missing dependency to VT82C686
  i386, mips: Resolve redundant ACPI and APM dependencies
  hw/ppc/Kconfig: Remove unused dependencies from PEGASOS2

Cindy Lu (10):
  virtio: introduce macro VIRTIO_CONFIG_IRQ_IDX
  virtio-pci: decouple notifier from interrupt process
  virtio-pci: decouple the single vector from the interrupt process
  vhost: introduce new VhostOps vhost_set_config_call
  vhost-vdpa: add support for config interrupt
  virtio: add support for configure interrupt
  vhost: add support for configure interrupt
  virtio-net: add support for configure interrupt
  virtio-mmio: add support for configure interrupt
  virtio-pci: add support for configure interrupt

Dongli Zhang (1):
  vhost-scsi: fix memleak of vsc->inflight

Eugenio Pérez (4):
  virtio_net: Modify virtio_net_get_config to early return
  virtio_net: copy VIRTIO_NET_S_ANNOUNCE if device model has it
  vdpa: handle VIRTIO_NET_CTRL_ANNOUNCE in vhost_vdpa_net_handle_ctrl_avail
  vdpa: do not handle VIRTIO_NET_F_GUEST_ANNOUNCE in vhost-vdpa

Hyman Huang (3):
  vhost-user: Refactor vhost acked features saving
  vhost-user: Refactor the chr_closed_bh
  vhost-user: Fix the virtio features negotiation flaw

Laszlo Ersek (1):
  acpi: cpuhp: fix guest-visible maximum access size to the legacy reg block

Longpeng (Mike) (5):
  vdpa-dev: get iova range explicitly
  vdpa: harden the error path if get_iova_range failed
  vhost: simplify vhost_dev_enable_notifiers
  vhost: configure all host notifiers in a single MR transaction
  vdpa: commit all host notifier MRs in a single MR transaction

Markus Armbruster (11):
  include/hw/pci: Break inclusion loop pci_bridge.h and cxl.h
  include/hw/cxl: Move typedef PXBDev to cxl.h, and put it to use
  include/hw/cxl: Include hw/cxl/*.h where needed
  include/hw/pci: Clean up a few things checkpatch.pl would flag
  include/hw/pci: Split pci_device.h off pci.h
  include/hw/pci: Include hw/pci/pci.h where needed
  include/hw/cxl: Break inclusion loop cxl_pci.h and cxl_cdat_h
  include/hw/virtio: Break inclusion loop
  include: Include headers where needed
  include: Don't include qemu/osdep.h
  docs/devel: Rules on #include in headers

Philippe Mathieu-Daudé (2):
  hw/virtio: Rename virtio_device_find() -> qmp_find_virtio_device()
  hw/virtio: Extract QMP QOM-specific functions to virtio-qmp.c

Yicong Yang (6):
  tests: virt: Allow changes to PPTT test table
  hw/acpi/aml-build: Only generate cluster node in PPTT when specified
  tests: virt: Update expected ACPI tables for virt test
  tests: acpi: Add and whitelist *.topology blobs
  tests: acpi: aarch64: Add topology test for aarch64
  tests: acpi: aarch64: Add *.topology tables

leixiang (1):
  virtio-pci: fix proxy->vector_irqfd leak in virtio_pci_set_guest_notifiers

 configs/devices/mips-softmmu/common.mak |   3 -
 bsd-user/qemu.h |   1 -
 crypto/block-luks-priv.h|   1 -
 hw/alpha/alpha_sys.h|   1 -
 hw/display/ati_int.h|   2 +-
 hw/display/qxl.h|   3 +-
 hw/ide/ahci_internal.h  |   2 +-
 hw/net/vmxnet3_defs.h   |   2 +-
 hw/nvme/nvme.h  |   2 +-
 hw/rdma/rdma_utils.h|   1 -
 hw/rdma/vmw/pvrdma.h|   2 +-
 hw/scsi/mptsas.h|   2 +-
 hw/usb/hcd-ehci.h  

[PULL 33/51] include/hw/cxl: Break inclusion loop cxl_pci.h and cxl_cdat_h

[Michael S. Tsirkin]

From: Markus Armbruster 

hw/cxl/cxl_pci.h and hw/cxl/cxl_cdat.h include each other.  The former
doesn't actually need the latter, so drop that inclusion to break the
loop.

Signed-off-by: Markus Armbruster 
Message-Id: <20221222100330.380143-8-arm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/cxl/cxl_pci.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/include/hw/cxl/cxl_pci.h b/include/hw/cxl/cxl_pci.h
index aca14845ab..01e15ed5b4 100644
--- a/include/hw/cxl/cxl_pci.h
+++ b/include/hw/cxl/cxl_pci.h
@@ -11,7 +11,6 @@
 #define CXL_PCI_H
 
 #include "qemu/compiler.h"
-#include "hw/cxl/cxl_cdat.h"
 
 #define CXL_VENDOR_ID 0x1e98
 
-- 
MST

[PULL 37/51] docs/devel: Rules on #include in headers

[Michael S. Tsirkin]

From: Markus Armbruster 

Rules for headers were proposed a long time ago, and generally liked:

Message-ID: <87h9g8j57d@blackfin.pond.sub.org>
https://lists.nongnu.org/archive/html/qemu-devel/2016-03/msg03345.html

Wortk them into docs/devel/style.rst.

Suggested-by: Bernhard Beschow 
Signed-off-by: Markus Armbruster 
Message-Id: <20221222120813.727830-5-arm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Alex Bennée 
Reviewed-by: Bernhard Beschow 
---
 docs/devel/style.rst | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/docs/devel/style.rst b/docs/devel/style.rst
index 7ddd42b6c2..68aa776930 100644
--- a/docs/devel/style.rst
+++ b/docs/devel/style.rst
@@ -293,6 +293,13 @@ that QEMU depends on.
 Do not include "qemu/osdep.h" from header files since the .c file will have
 already included it.
 
+Headers should normally include everything they need beyond osdep.h.
+If exceptions are needed for some reason, they must be documented in
+the header.  If all that's needed from a header is typedefs, consider
+putting those into qemu/typedefs.h instead of including the header.
+
+Cyclic inclusion is forbidden.
+
 C types
 ===
 
-- 
MST

[PULL 01/51] virtio_net: Modify virtio_net_get_config to early return

[Michael S. Tsirkin]

From: Eugenio Pérez 

Next patches introduce more code on vhost-vdpa branch, with already have
too much indentation.

Signed-off-by: Eugenio Pérez 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Michael S. Tsirkin 
Acked-by: Jason Wang 
Message-Id: <20221221115015.1400889-2-epere...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/net/virtio-net.c | 28 +++-
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 9cbdfa5547..b30038d130 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -168,20 +168,22 @@ static void virtio_net_get_config(VirtIODevice *vdev, 
uint8_t *config)
 if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) {
 ret = vhost_net_get_config(get_vhost_net(nc->peer), (uint8_t *)&netcfg,
n->config_size);
-if (ret != -1) {
-/*
- * Some NIC/kernel combinations present 0 as the mac address.  As
- * that is not a legal address, try to proceed with the
- * address from the QEMU command line in the hope that the
- * address has been configured correctly elsewhere - just not
- * reported by the device.
- */
-if (memcmp(&netcfg.mac, &zero, sizeof(zero)) == 0) {
-info_report("Zero hardware mac address detected. Ignoring.");
-memcpy(netcfg.mac, n->mac, ETH_ALEN);
-}
-memcpy(config, &netcfg, n->config_size);
+if (ret == -1) {
+return;
 }
+
+/*
+ * Some NIC/kernel combinations present 0 as the mac address.  As that
+ * is not a legal address, try to proceed with the address from the
+ * QEMU command line in the hope that the address has been configured
+ * correctly elsewhere - just not reported by the device.
+ */
+if (memcmp(&netcfg.mac, &zero, sizeof(zero)) == 0) {
+info_report("Zero hardware mac address detected. Ignoring.");
+memcpy(netcfg.mac, n->mac, ETH_ALEN);
+}
+
+memcpy(config, &netcfg, n->config_size);
 }
 }
 
-- 
MST

[PULL 32/51] include/hw/pci: Include hw/pci/pci.h where needed

[Michael S. Tsirkin]

From: Markus Armbruster 

hw/pci/pcie_sriov.h needs PCI_NUM_REGIONS.  Without the previous
commit, this would close an inclusion loop: hw/pci/pci.h used to
include hw/pci/pcie.h for PCIExpressDevice, which includes
pcie_sriov.h for PCIESriovPF, which now includes hw/pci/pci.h for
PCI_NUM_REGIONS.

Signed-off-by: Markus Armbruster 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20221222100330.380143-7-arm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/pci/pcie_sriov.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/hw/pci/pcie_sriov.h b/include/hw/pci/pcie_sriov.h
index 80f5c84e75..96cc743309 100644
--- a/include/hw/pci/pcie_sriov.h
+++ b/include/hw/pci/pcie_sriov.h
@@ -13,6 +13,8 @@
 #ifndef QEMU_PCIE_SRIOV_H
 #define QEMU_PCIE_SRIOV_H
 
+#include "hw/pci/pci.h"
+
 struct PCIESriovPF {
 uint16_t num_vfs;   /* Number of virtual functions created */
 uint8_t vf_bar_type[PCI_NUM_REGIONS];   /* Store type for each VF bar */
-- 
MST

[PULL 11/51] hw/ppc/Kconfig: Remove unused dependencies from PEGASOS2

[Michael S. Tsirkin]

From: Bernhard Beschow 

Removes the following dependencies from ppc-softmmu:
- CONFIG_ACPI_CPU_HOTPLUG
- CONFIG_ACPI_CXL
- CONFIG_ACPI_HMAT
- CONFIG_ACPI_MEMORY_HOTPLUG
- CONFIG_ACPI_NVDIMM
- CONFIG_ACPI_PCIHP
- CONFIG_ACPI_X86
- CONFIG_MEM_DEVICE

Signed-off-by: Bernhard Beschow 
Message-Id: <20221216130355.41667-8-shen...@gmail.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: BALATON Zoltan 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/ppc/Kconfig | 2 --
 1 file changed, 2 deletions(-)

diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
index 72a311edcb..c898021b5f 100644
--- a/hw/ppc/Kconfig
+++ b/hw/ppc/Kconfig
@@ -76,8 +76,6 @@ config PEGASOS2
 select VT82C686
 select SMBUS_EEPROM
 select VOF
-# This should come with VT82C686
-select ACPI_X86
 
 config PREP
 bool
-- 
MST

[PULL 46/51] tests: virt: Update expected ACPI tables for virt test

[Michael S. Tsirkin]

From: Yicong Yang 

Update the ACPI tables according to the acpi aml_build change, also
empty bios-tables-test-allowed-diff.h.

The disassembled differences between actual and expected PPTT:

  /*
   * Intel ACPI Component Architecture
   * AML/ASL+ Disassembler version 20180105 (64-bit version)
   * Copyright (c) 2000 - 2018 Intel Corporation
   *
 - * Disassembly of tests/data/acpi/virt/PPTT, Tue Nov  1 09:29:12 2022
 + * Disassembly of /tmp/aml-DIIGV1, Tue Nov  1 09:29:12 2022
   *
   * ACPI Data Table [PPTT]
   *
   * Format: [HexOffset DecimalOffset ByteLength]  FieldName : FieldValue
   */

  [000h    4]Signature : "PPTT"[Processor 
Properties Topology Table]
 -[004h 0004   4] Table Length : 0060
 +[004h 0004   4] Table Length : 004C
  [008h 0008   1] Revision : 02
 -[009h 0009   1] Checksum : 48
 +[009h 0009   1] Checksum : A8
  [00Ah 0010   6]   Oem ID : "BOCHS "
  [010h 0016   8] Oem Table ID : "BXPC"
  [018h 0024   4] Oem Revision : 0001
  [01Ch 0028   4]  Asl Compiler ID : "BXPC"
  [020h 0032   4]Asl Compiler Revision : 0001

  [024h 0036   1]Subtable Type : 00 [Processor Hierarchy Node]
  [025h 0037   1]   Length : 14
  [026h 0038   2] Reserved : 
  [028h 0040   4]Flags (decoded below) : 0001
  Physical package : 1
   ACPI Processor ID valid : 0
  [02Ch 0044   4]   Parent : 
  [030h 0048   4]ACPI Processor ID : 
  [034h 0052   4]  Private Resource Number : 

  [038h 0056   1]Subtable Type : 00 [Processor Hierarchy Node]
  [039h 0057   1]   Length : 14
  [03Ah 0058   2] Reserved : 
 -[03Ch 0060   4]Flags (decoded below) : 
 +[03Ch 0060   4]Flags (decoded below) : 000A
  Physical package : 0
 - ACPI Processor ID valid : 0
 + ACPI Processor ID valid : 1
  [040h 0064   4]   Parent : 0024
  [044h 0068   4]ACPI Processor ID : 
  [048h 0072   4]  Private Resource Number : 

 -[04Ch 0076   1]Subtable Type : 00 [Processor Hierarchy Node]
 -[04Dh 0077   1]   Length : 14
 -[04Eh 0078   2] Reserved : 
 -[050h 0080   4]Flags (decoded below) : 000A
 -Physical package : 0
 - ACPI Processor ID valid : 1
 -[054h 0084   4]   Parent : 0038
 -[058h 0088   4]ACPI Processor ID : 
 -[05Ch 0092   4]  Private Resource Number : 
 -
 -Raw Table Data: Length 96 (0x60)
 +Raw Table Data: Length 76 (0x4C)

 -  : 50 50 54 54 60 00 00 00 02 48 42 4F 43 48 53 20  // PPTT`HBOCHS
 +  : 50 50 54 54 4C 00 00 00 02 A8 42 4F 43 48 53 20  // PPTTL.BOCHS
0010: 42 58 50 43 20 20 20 20 01 00 00 00 42 58 50 43  // BXPCBXPC
0020: 01 00 00 00 00 14 00 00 01 00 00 00 00 00 00 00  // 
 -  0030: 00 00 00 00 00 00 00 00 00 14 00 00 00 00 00 00  // 
 -  0040: 24 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00  // $...
 -  0050: 0A 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00  // 8...
 +  0030: 00 00 00 00 00 00 00 00 00 14 00 00 0A 00 00 00  // 
 +  0040: 24 00 00 00 00 00 00 00 00 00 00 00  // $...

PPTT.acpihmatvirt is also updated:
  /*
   * Intel ACPI Component Architecture
   * AML/ASL+ Disassembler version 20180105 (64-bit version)
   * Copyright (c) 2000 - 2018 Intel Corporation
   *
 - * Disassembly of tests/data/acpi/virt/PPTT.acpihmatvirt, Wed Dec 28 15:36:06 
2022
 + * Disassembly of /tmp/aml-IPKJX1, Wed Dec 28 15:36:06 2022
   *
   * ACPI Data Table [PPTT]
   *
   * Format: [HexOffset DecimalOffset ByteLength]  FieldName : FieldValue
   */

  [000h    4]Signature : "PPTT"[Processor 
Properties Topology Table]
 -[004h 0004   4] Table Length : 00C4
 +[004h 0004   4] Table Length : 009C
  [008h 0008   1] Revision : 02
 -[009h 0009   1] Checksum : 9E
 +[009h 0009   1] Checksum : FE
  [00Ah 0010   6]   Oem ID : "BOCHS "
  [010h 0016   8] Oem Table ID : "BXPC"
  [018h 0024   4] Oem Revision : 0001
  [01Ch 0028   4]  Asl Compiler ID : "BXPC"
  [020h 0032   4]Asl Compiler Revision : 0001

  [024h 0036   1]Subtable Type : 00 [Processor Hierarchy Node]
  [025h 0037   1]   Length : 14
  [026h 0038   2]

[PULL 50/51] acpi: cpuhp: fix guest-visible maximum access size to the legacy reg block

[Michael S. Tsirkin]

From: Laszlo Ersek 

The modern ACPI CPU hotplug interface was introduced in the following
series (aa1dd39ca307..679dd1a957df), released in v2.7.0:

  1  abd49bc2ed2f docs: update ACPI CPU hotplug spec with new protocol
  2  16bcab97eb9f pc: piix4/ich9: add 'cpu-hotplug-legacy' property
  3  5e1b5d93887b acpi: cpuhp: add CPU devices AML with _STA method
  4  ac35f13ba8f8 pc: acpi: introduce AcpiDeviceIfClass.madt_cpu hook
  5  d2238cb6781d acpi: cpuhp: implement hot-add parts of CPU hotplug
  interface
  6  8872c25a26cc acpi: cpuhp: implement hot-remove parts of CPU hotplug
  interface
  7  76623d00ae57 acpi: cpuhp: add cpu._OST handling
  8  679dd1a957df pc: use new CPU hotplug interface since 2.7 machine type

Before patch#1, "docs/specs/acpi_cpu_hotplug.txt" only specified 1-byte
accesses for the hotplug register block.  Patch#1 preserved the same
restriction for the legacy register block, but:

- it specified DWORD accesses for some of the modern registers,

- in particular, the switch from the legacy block to the modern block
  would require a DWORD write to the *legacy* block.

The latter functionality was then implemented in cpu_status_write()
[hw/acpi/cpu_hotplug.c], in patch#8.

Unfortunately, all DWORD accesses depended on a dormant bug: the one
introced in earlier commit a014ed07bd5a ("memory: accept mismatching sizes
in memory_region_access_valid", 2013-05-29); first released in v1.6.0.
Due to commit a014ed07bd5a, the DWORD accesses to the *legacy* CPU hotplug
register block would work in spite of the above series *not* relaxing
"valid.max_access_size = 1" in "hw/acpi/cpu_hotplug.c":

> static const MemoryRegionOps AcpiCpuHotplug_ops = {
> .read = cpu_status_read,
> .write = cpu_status_write,
> .endianness = DEVICE_LITTLE_ENDIAN,
> .valid = {
> .min_access_size = 1,
> .max_access_size = 1,
> },
> };

Later, in commits e6d0c3ce6895 ("acpi: cpuhp: introduce 'Command data 2'
field", 2020-01-22) and ae340aa3d256 ("acpi: cpuhp: spec: add typical
usecases", 2020-01-22), first released in v5.0.0, the modern CPU hotplug
interface (including the documentation) was extended with another DWORD
*read* access, namely to the "Command data 2" register, which would be
important for the guest to confirm whether it managed to switch the
register block from legacy to modern.

This functionality too silently depended on the bug from commit
a014ed07bd5a.

In commit 5d971f9e6725 ('memory: Revert "memory: accept mismatching sizes
in memory_region_access_valid"', 2020-06-26), first released in v5.1.0,
the bug from commit a014ed07bd5a was fixed (the commit was reverted).
That swiftly exposed the bug in "AcpiCpuHotplug_ops", still present from
the v2.7.0 series quoted at the top -- namely the fact that
"valid.max_access_size = 1" didn't match what the guest was supposed to
do, according to the spec ("docs/specs/acpi_cpu_hotplug.txt").

The symptom is that the "modern interface negotiation protocol"
described in commit ae340aa3d256:

> +  Use following steps to detect and enable modern CPU hotplug interface:
> +1. Store 0x0 to the 'CPU selector' register,
> +   attempting to switch to modern mode
> +2. Store 0x0 to the 'CPU selector' register,
> +   to ensure valid selector value
> +3. Store 0x0 to the 'Command field' register,
> +4. Read the 'Command data 2' register.
> +   If read value is 0x0, the modern interface is enabled.
> +   Otherwise legacy or no CPU hotplug interface available

falls apart for the guest: steps 1 and 2 are lost, because they are DWORD
writes; so no switching happens.  Step 3 (a single-byte write) is not
lost, but it has no effect; see the condition in cpu_status_write() in
patch#8.  And step 4 *misleads* the guest into thinking that the switch
worked: the DWORD read is lost again -- it returns zero to the guest
without ever reaching the device model, so the guest never learns the
switch didn't work.

This means that guest behavior centered on the "Command data 2" register
worked *only* in the v5.0.0 release; it got effectively regressed in
v5.1.0.

To make things *even more* complicated, the breakage was (and remains, as
of today) visible with TCG acceleration only.  Commit 5d971f9e6725 makes
no difference with KVM acceleration -- the DWORD accesses still work,
despite "valid.max_access_size = 1".

As commit 5d971f9e6725 suggests, fix the problem by raising
"valid.max_access_size" to 4 -- the spec now clearly instructs the guest
to perform DWORD accesses to the legacy register block too, for enabling
(and verifying!) the modern block.  In order to keep compatibility for the
device model implementation though, set "impl.max_access_size = 1", so
that wide accesses be split before they reach the legacy read/write
handlers, like they always have been on KVM, and like they were on TCG
before 5d971f9e6725 (v5.1.0).

Tested with:

- OVMF IA32 + qemu-system-i386, CPU 

[PULL 23/51] virtio-mmio: add support for configure interrupt

[Michael S. Tsirkin]

From: Cindy Lu 

Add configure interrupt support in virtio-mmio bus.
add function to set configure guest notifier.

Signed-off-by: Cindy Lu 
Message-Id: <20221222070451.936503-10-l...@redhat.com>
Acked-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio-mmio.c | 27 +++
 1 file changed, 27 insertions(+)

diff --git a/hw/virtio/virtio-mmio.c b/hw/virtio/virtio-mmio.c
index d240efef97..103260ec15 100644
--- a/hw/virtio/virtio-mmio.c
+++ b/hw/virtio/virtio-mmio.c
@@ -670,7 +670,30 @@ static int virtio_mmio_set_guest_notifier(DeviceState *d, 
int n, bool assign,
 
 return 0;
 }
+static int virtio_mmio_set_config_guest_notifier(DeviceState *d, bool assign,
+ bool with_irqfd)
+{
+VirtIOMMIOProxy *proxy = VIRTIO_MMIO(d);
+VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev);
+EventNotifier *notifier = virtio_config_get_guest_notifier(vdev);
+int r = 0;
 
+if (assign) {
+r = event_notifier_init(notifier, 0);
+if (r < 0) {
+return r;
+}
+virtio_config_set_guest_notifier_fd_handler(vdev, assign, with_irqfd);
+} else {
+virtio_config_set_guest_notifier_fd_handler(vdev, assign, with_irqfd);
+event_notifier_cleanup(notifier);
+}
+if (vdc->guest_notifier_mask && vdev->use_guest_notifier_mask) {
+vdc->guest_notifier_mask(vdev, VIRTIO_CONFIG_IRQ_IDX, !assign);
+}
+return r;
+}
 static int virtio_mmio_set_guest_notifiers(DeviceState *d, int nvqs,
bool assign)
 {
@@ -692,6 +715,10 @@ static int virtio_mmio_set_guest_notifiers(DeviceState *d, 
int nvqs,
 goto assign_error;
 }
 }
+r = virtio_mmio_set_config_guest_notifier(d, assign, with_irqfd);
+if (r < 0) {
+goto assign_error;
+}
 
 return 0;
 
-- 
MST

[PULL 49/51] tests: acpi: aarch64: Add *.topology tables

[Michael S. Tsirkin]

From: Yicong Yang 

Add *.topology tables for the aarch64's topology test and empty
bios-tables-test-allowed-diff.h

The disassembled differences between actual and expected
PPTT (the table which we actually care about):

 +/*
 + * Intel ACPI Component Architecture
 + * AML/ASL+ Disassembler version 20180105 (64-bit version)
 + * Copyright (c) 2000 - 2018 Intel Corporation
 + *
 + * Disassembly of /tmp/aml-WUN4U1, Tue Nov  1 09:51:52 2022
 + *
 + * ACPI Data Table [PPTT]
 + *
 + * Format: [HexOffset DecimalOffset ByteLength]  FieldName : FieldValue
 + */
 +
 +[000h    4]Signature : "PPTT"[Processor 
Properties Topology Table]
 +[004h 0004   4] Table Length : 0150
 +[008h 0008   1] Revision : 02
 +[009h 0009   1] Checksum : 7C
 +[00Ah 0010   6]   Oem ID : "BOCHS "
 +[010h 0016   8] Oem Table ID : "BXPC"
 +[018h 0024   4] Oem Revision : 0001
 +[01Ch 0028   4]  Asl Compiler ID : "BXPC"
 +[020h 0032   4]Asl Compiler Revision : 0001
 +
 +
 +[024h 0036   1]Subtable Type : 00 [Processor Hierarchy Node]
 +[025h 0037   1]   Length : 14
 +[026h 0038   2] Reserved : 
 +[028h 0040   4]Flags (decoded below) : 0001
 +Physical package : 1
 + ACPI Processor ID valid : 0
 +[02Ch 0044   4]   Parent : 
 +[030h 0048   4]ACPI Processor ID : 
 +[034h 0052   4]  Private Resource Number : 
 +
 +[038h 0056   1]Subtable Type : 00 [Processor Hierarchy Node]
 +[039h 0057   1]   Length : 14
 +[03Ah 0058   2] Reserved : 
 +[03Ch 0060   4]Flags (decoded below) : 
 +Physical package : 0
 + ACPI Processor ID valid : 0
 +[040h 0064   4]   Parent : 0024
 +[044h 0068   4]ACPI Processor ID : 
 +[048h 0072   4]  Private Resource Number : 
 +
 +[04Ch 0076   1]Subtable Type : 00 [Processor Hierarchy Node]
 +[04Dh 0077   1]   Length : 14
 +[04Eh 0078   2] Reserved : 
 +[050h 0080   4]Flags (decoded below) : 
 +Physical package : 0
 + ACPI Processor ID valid : 0
 +[054h 0084   4]   Parent : 0038
 +[058h 0088   4]ACPI Processor ID : 
 +[05Ch 0092   4]  Private Resource Number : 
 +
 +[060h 0096   1]Subtable Type : 00 [Processor Hierarchy Node]
 +[061h 0097   1]   Length : 14
 +[062h 0098   2] Reserved : 
 +[064h 0100   4]Flags (decoded below) : 000E
 +Physical package : 0
 + ACPI Processor ID valid : 1
 +[068h 0104   4]   Parent : 004C
 +[06Ch 0108   4]ACPI Processor ID : 
 +[070h 0112   4]  Private Resource Number : 
 +
 +[074h 0116   1]Subtable Type : 00 [Processor Hierarchy Node]
 +[075h 0117   1]   Length : 14
 +[076h 0118   2] Reserved : 
 +[078h 0120   4]Flags (decoded below) : 000E
 +Physical package : 0
 + ACPI Processor ID valid : 1
 +[07Ch 0124   4]   Parent : 004C
 +[080h 0128   4]ACPI Processor ID : 0001
 +[084h 0132   4]  Private Resource Number : 
 +
 +[088h 0136   1]Subtable Type : 00 [Processor Hierarchy Node]
 +[089h 0137   1]   Length : 14
 +[08Ah 0138   2] Reserved : 
 +[08Ch 0140   4]Flags (decoded below) : 
 +Physical package : 0
 + ACPI Processor ID valid : 0
 +[090h 0144   4]   Parent : 0038
 +[094h 0148   4]ACPI Processor ID : 0001
 +[098h 0152   4]  Private Resource Number : 
 +
 +[09Ch 0156   1]Subtable Type : 00 [Processor Hierarchy Node]
 +[09Dh 0157   1]   Length : 14
 +[09Eh 0158   2] Reserved : 
 +[0A0h 0160   4]Flags (decoded below) : 000E
 +Physical package : 0
 + ACPI Processor ID valid : 1
 +[0A4h 0164   4]   Parent : 0088
 +[0A8h 0168   4]ACPI Processor ID : 0002
 +[0ACh 0172   4]  Private Resource Number : 
 +
 +[0B0h 0176   1]Subtable Type : 00 [Processor Hierarchy Node]
 +[0B1h 0177   1]   Length : 14
 +[0B2h 0178   2] Reserved : 
 +[0B4h 0180   4]Flags (decoded 

[PULL 17/51] virtio-pci: decouple the single vector from the interrupt process

[Michael S. Tsirkin]

From: Cindy Lu 

To reuse the interrupt process in configure interrupt
Need to decouple the single vector from the interrupt process.
We add new function kvm_virtio_pci_vector_use_one and _release_one.
These functions are used for the single vector, the whole process will
finish in the loop with vq number.

Signed-off-by: Cindy Lu 
Message-Id: <20221222070451.936503-4-l...@redhat.com>
Acked-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio-pci.c | 131 +++--
 1 file changed, 73 insertions(+), 58 deletions(-)

diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 68d04928db..d7e29b1cdc 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -784,7 +784,6 @@ static uint32_t virtio_read_config(PCIDevice *pci_dev,
 }
 
 static int kvm_virtio_pci_vq_vector_use(VirtIOPCIProxy *proxy,
-unsigned int queue_no,
 unsigned int vector)
 {
 VirtIOIRQFD *irqfd = &proxy->vector_irqfd[vector];
@@ -849,87 +848,103 @@ static int virtio_pci_get_notifier(VirtIOPCIProxy 
*proxy, int queue_no,
 return 0;
 }
 
-static int kvm_virtio_pci_vector_use(VirtIOPCIProxy *proxy, int nvqs)
+static int kvm_virtio_pci_vector_use_one(VirtIOPCIProxy *proxy, int queue_no)
 {
+unsigned int vector;
+int ret;
+EventNotifier *n;
 PCIDevice *dev = &proxy->pci_dev;
 VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
 VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
-unsigned int vector;
-int ret, queue_no;
-EventNotifier *n;
-for (queue_no = 0; queue_no < nvqs; queue_no++) {
-if (!virtio_queue_get_num(vdev, queue_no)) {
-break;
-}
-ret = virtio_pci_get_notifier(proxy, queue_no, &n, &vector);
-if (ret < 0) {
-break;
-}
-if (vector >= msix_nr_vectors_allocated(dev)) {
-continue;
-}
-ret = kvm_virtio_pci_vq_vector_use(proxy, queue_no, vector);
+
+ret = virtio_pci_get_notifier(proxy, queue_no, &n, &vector);
+if (ret < 0) {
+return ret;
+}
+if (vector >= msix_nr_vectors_allocated(dev)) {
+return 0;
+}
+ret = kvm_virtio_pci_vq_vector_use(proxy, vector);
+if (ret < 0) {
+goto undo;
+}
+/*
+ * If guest supports masking, set up irqfd now.
+ * Otherwise, delay until unmasked in the frontend.
+ */
+if (vdev->use_guest_notifier_mask && k->guest_notifier_mask) {
+ret = kvm_virtio_pci_irqfd_use(proxy, n, vector);
 if (ret < 0) {
+kvm_virtio_pci_vq_vector_release(proxy, vector);
 goto undo;
 }
-/* If guest supports masking, set up irqfd now.
- * Otherwise, delay until unmasked in the frontend.
- */
-if (vdev->use_guest_notifier_mask && k->guest_notifier_mask) {
-ret = kvm_virtio_pci_irqfd_use(proxy, n, vector);
-if (ret < 0) {
-kvm_virtio_pci_vq_vector_release(proxy, vector);
-goto undo;
-}
-}
 }
-return 0;
 
+return 0;
 undo:
-while (--queue_no >= 0) {
-vector = virtio_queue_vector(vdev, queue_no);
-if (vector >= msix_nr_vectors_allocated(dev)) {
-continue;
+
+vector = virtio_queue_vector(vdev, queue_no);
+if (vector >= msix_nr_vectors_allocated(dev)) {
+return ret;
+}
+if (vdev->use_guest_notifier_mask && k->guest_notifier_mask) {
+ret = virtio_pci_get_notifier(proxy, queue_no, &n, &vector);
+if (ret < 0) {
+return ret;
 }
-if (vdev->use_guest_notifier_mask && k->guest_notifier_mask) {
-ret = virtio_pci_get_notifier(proxy, queue_no, &n, &vector);
-if (ret < 0) {
-break;
-}
-kvm_virtio_pci_irqfd_release(proxy, n, vector);
+kvm_virtio_pci_irqfd_release(proxy, n, vector);
+}
+return ret;
+}
+static int kvm_virtio_pci_vector_use(VirtIOPCIProxy *proxy, int nvqs)
+{
+int queue_no;
+int ret = 0;
+VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+
+for (queue_no = 0; queue_no < nvqs; queue_no++) {
+if (!virtio_queue_get_num(vdev, queue_no)) {
+return -1;
 }
-kvm_virtio_pci_vq_vector_release(proxy, vector);
+ret = kvm_virtio_pci_vector_use_one(proxy, queue_no);
 }
 return ret;
 }
 
-static void kvm_virtio_pci_vector_release(VirtIOPCIProxy *proxy, int nvqs)
+
+static void kvm_virtio_pci_vector_release_one(VirtIOPCIProxy *proxy,
+  int queue_no)
 {
-PCIDevice *dev = &proxy->pci_dev;
 VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
 unsigned int vector;
-int queue_no;
-VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
 EventNotifier *n;
-int ret ;
+

[PULL 22/51] virtio-net: add support for configure interrupt

[Michael S. Tsirkin]

From: Cindy Lu 

Add functions to support configure interrupt in virtio_net
Add the functions to support vhost_net_config_pending
and vhost_net_config_mask.

Signed-off-by: Cindy Lu 
Message-Id: <20221222070451.936503-9-l...@redhat.com>
Acked-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/net/vhost_net.h | 2 ++
 hw/net/vhost_net-stub.c | 9 +
 hw/net/vhost_net.c  | 9 +
 hw/net/virtio-net.c | 4 ++--
 4 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/include/net/vhost_net.h b/include/net/vhost_net.h
index dfb13756cd..c37aba35e6 100644
--- a/include/net/vhost_net.h
+++ b/include/net/vhost_net.h
@@ -39,6 +39,8 @@ int vhost_net_set_config(struct vhost_net *net, const uint8_t 
*data,
 bool vhost_net_virtqueue_pending(VHostNetState *net, int n);
 void vhost_net_virtqueue_mask(VHostNetState *net, VirtIODevice *dev,
   int idx, bool mask);
+bool vhost_net_config_pending(VHostNetState *net);
+void vhost_net_config_mask(VHostNetState *net, VirtIODevice *dev, bool mask);
 int vhost_net_notify_migration_done(VHostNetState *net, char* mac_addr);
 VHostNetState *get_vhost_net(NetClientState *nc);
 
diff --git a/hw/net/vhost_net-stub.c b/hw/net/vhost_net-stub.c
index 66ed5f0b98..72df6d757e 100644
--- a/hw/net/vhost_net-stub.c
+++ b/hw/net/vhost_net-stub.c
@@ -82,6 +82,15 @@ void vhost_net_virtqueue_mask(VHostNetState *net, 
VirtIODevice *dev,
 {
 }
 
+bool vhost_net_config_pending(VHostNetState *net)
+{
+return false;
+}
+
+void vhost_net_config_mask(VHostNetState *net, VirtIODevice *dev, bool mask)
+{
+}
+
 int vhost_net_notify_migration_done(struct vhost_net *net, char* mac_addr)
 {
 return -1;
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index 984b130e8f..c4eecc6f36 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -487,6 +487,15 @@ void vhost_net_virtqueue_mask(VHostNetState *net, 
VirtIODevice *dev,
 vhost_virtqueue_mask(&net->dev, dev, idx, mask);
 }
 
+bool vhost_net_config_pending(VHostNetState *net)
+{
+return vhost_config_pending(&net->dev);
+}
+
+void vhost_net_config_mask(VHostNetState *net, VirtIODevice *dev, bool mask)
+{
+vhost_config_mask(&net->dev, dev, mask);
+}
 VHostNetState *get_vhost_net(NetClientState *nc)
 {
 VHostNetState *vhost_net = 0;
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 0bfe454c23..f191e3037f 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -3332,7 +3332,7 @@ static bool 
virtio_net_guest_notifier_pending(VirtIODevice *vdev, int idx)
  */
 
 if (idx == VIRTIO_CONFIG_IRQ_IDX) {
-return false;
+return vhost_net_config_pending(get_vhost_net(nc->peer));
 }
 return vhost_net_virtqueue_pending(get_vhost_net(nc->peer), idx);
 }
@@ -3364,9 +3364,9 @@ static void virtio_net_guest_notifier_mask(VirtIODevice 
*vdev, int idx,
  */
 
 if (idx == VIRTIO_CONFIG_IRQ_IDX) {
+vhost_net_config_mask(get_vhost_net(nc->peer), vdev, mask);
 return;
 }
-
 vhost_net_virtqueue_mask(get_vhost_net(nc->peer), vdev, idx, mask);
 }
 
-- 
MST

[PULL 18/51] vhost: introduce new VhostOps vhost_set_config_call

[Michael S. Tsirkin]

From: Cindy Lu 

This patch introduces new VhostOps vhost_set_config_call.
This function allows the qemu to set the config
event fd to kernel driver.

Signed-off-by: Cindy Lu 
Message-Id: <20221222070451.936503-5-l...@redhat.com>
Acked-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/virtio/vhost-backend.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/hw/virtio/vhost-backend.h 
b/include/hw/virtio/vhost-backend.h
index eab46d7f0b..c5ab49051e 100644
--- a/include/hw/virtio/vhost-backend.h
+++ b/include/hw/virtio/vhost-backend.h
@@ -128,6 +128,8 @@ typedef int (*vhost_get_device_id_op)(struct vhost_dev 
*dev, uint32_t *dev_id);
 
 typedef bool (*vhost_force_iommu_op)(struct vhost_dev *dev);
 
+typedef int (*vhost_set_config_call_op)(struct vhost_dev *dev,
+   int fd);
 typedef struct VhostOps {
 VhostBackendType backend_type;
 vhost_backend_init vhost_backend_init;
@@ -174,6 +176,7 @@ typedef struct VhostOps {
 vhost_vq_get_addr_op  vhost_vq_get_addr;
 vhost_get_device_id_op vhost_get_device_id;
 vhost_force_iommu_op vhost_force_iommu;
+vhost_set_config_call_op vhost_set_config_call;
 } VhostOps;
 
 int vhost_backend_update_device_iotlb(struct vhost_dev *dev,
-- 
MST

[PULL 15/51] virtio: introduce macro VIRTIO_CONFIG_IRQ_IDX

[Michael S. Tsirkin]

From: Cindy Lu 

To support configure interrupt for vhost-vdpa
Introduce VIRTIO_CONFIG_IRQ_IDX -1 as configure interrupt's queue index,
Then we can reuse the functions guest_notifier_mask and guest_notifier_pending.
Add the check of queue index in these drivers, if the driver does not support
configure interrupt, the function will just return

Signed-off-by: Cindy Lu 
Message-Id: <20221222070451.936503-2-l...@redhat.com>
Acked-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/virtio/virtio.h |  3 +++
 hw/display/vhost-user-gpu.c| 18 ++
 hw/net/virtio-net.c| 22 --
 hw/virtio/vhost-user-fs.c  | 18 ++
 hw/virtio/vhost-user-gpio.c| 10 ++
 hw/virtio/vhost-vsock-common.c | 18 ++
 hw/virtio/virtio-crypto.c  | 18 ++
 7 files changed, 105 insertions(+), 2 deletions(-)

diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
index 24561e933a..8266d240cc 100644
--- a/include/hw/virtio/virtio.h
+++ b/include/hw/virtio/virtio.h
@@ -79,6 +79,9 @@ typedef struct VirtQueueElement
 
 #define VIRTIO_NO_VECTOR 0x
 
+/* special index value used internally for config irqs */
+#define VIRTIO_CONFIG_IRQ_IDX -1
+
 #define TYPE_VIRTIO_DEVICE "virtio-device"
 OBJECT_DECLARE_TYPE(VirtIODevice, VirtioDeviceClass, VIRTIO_DEVICE)
 
diff --git a/hw/display/vhost-user-gpu.c b/hw/display/vhost-user-gpu.c
index 19c0e20103..4380a5e672 100644
--- a/hw/display/vhost-user-gpu.c
+++ b/hw/display/vhost-user-gpu.c
@@ -486,6 +486,15 @@ vhost_user_gpu_guest_notifier_pending(VirtIODevice *vdev, 
int idx)
 {
 VhostUserGPU *g = VHOST_USER_GPU(vdev);
 
+/*
+ * Add the check for configure interrupt, Use VIRTIO_CONFIG_IRQ_IDX -1
+ * as the Marco of configure interrupt's IDX, If this driver does not
+ * support, the function will return
+ */
+
+if (idx == VIRTIO_CONFIG_IRQ_IDX) {
+return false;
+}
 return vhost_virtqueue_pending(&g->vhost->dev, idx);
 }
 
@@ -494,6 +503,15 @@ vhost_user_gpu_guest_notifier_mask(VirtIODevice *vdev, int 
idx, bool mask)
 {
 VhostUserGPU *g = VHOST_USER_GPU(vdev);
 
+/*
+ * Add the check for configure interrupt, Use VIRTIO_CONFIG_IRQ_IDX -1
+ * as the Marco of configure interrupt's IDX, If this driver does not
+ * support, the function will return
+ */
+
+if (idx == VIRTIO_CONFIG_IRQ_IDX) {
+return;
+}
 vhost_virtqueue_mask(&g->vhost->dev, vdev, idx, mask);
 }
 
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index b342d66160..0bfe454c23 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -3325,6 +3325,15 @@ static bool 
virtio_net_guest_notifier_pending(VirtIODevice *vdev, int idx)
 } else {
 nc = qemu_get_subqueue(n->nic, vq2q(idx));
 }
+/*
+ * Add the check for configure interrupt, Use VIRTIO_CONFIG_IRQ_IDX -1
+ * as the Marco of configure interrupt's IDX, If this driver does not
+ * support, the function will return false
+ */
+
+if (idx == VIRTIO_CONFIG_IRQ_IDX) {
+return false;
+}
 return vhost_net_virtqueue_pending(get_vhost_net(nc->peer), idx);
 }
 
@@ -3348,8 +3357,17 @@ static void virtio_net_guest_notifier_mask(VirtIODevice 
*vdev, int idx,
 } else {
 nc = qemu_get_subqueue(n->nic, vq2q(idx));
 }
-vhost_net_virtqueue_mask(get_vhost_net(nc->peer),
- vdev, idx, mask);
+/*
+ *Add the check for configure interrupt, Use VIRTIO_CONFIG_IRQ_IDX -1
+ * as the Marco of configure interrupt's IDX, If this driver does not
+ * support, the function will return
+ */
+
+if (idx == VIRTIO_CONFIG_IRQ_IDX) {
+return;
+}
+
+vhost_net_virtqueue_mask(get_vhost_net(nc->peer), vdev, idx, mask);
 }
 
 static void virtio_net_set_config_size(VirtIONet *n, uint64_t host_features)
diff --git a/hw/virtio/vhost-user-fs.c b/hw/virtio/vhost-user-fs.c
index d97b179e6f..f5049735ac 100644
--- a/hw/virtio/vhost-user-fs.c
+++ b/hw/virtio/vhost-user-fs.c
@@ -159,6 +159,15 @@ static void vuf_guest_notifier_mask(VirtIODevice *vdev, 
int idx,
 {
 VHostUserFS *fs = VHOST_USER_FS(vdev);
 
+/*
+ * Add the check for configure interrupt, Use VIRTIO_CONFIG_IRQ_IDX -1
+ * as the Marco of configure interrupt's IDX, If this driver does not
+ * support, the function will return
+ */
+
+if (idx == VIRTIO_CONFIG_IRQ_IDX) {
+return;
+}
 vhost_virtqueue_mask(&fs->vhost_dev, vdev, idx, mask);
 }
 
@@ -166,6 +175,15 @@ static bool vuf_guest_notifier_pending(VirtIODevice *vdev, 
int idx)
 {
 VHostUserFS *fs = VHOST_USER_FS(vdev);
 
+/*
+ * Add the check for configure interrupt, Use VIRTIO_CONFIG_IRQ_IDX -1
+ * as the Marco of configure interrupt's IDX, If this driver does not
+ * support, the function will return
+ */
+
+if (idx == VIRTIO_CONFIG_IRQ_IDX) {
+retur

[PULL 02/51] virtio_net: copy VIRTIO_NET_S_ANNOUNCE if device model has it

[Michael S. Tsirkin]

From: Eugenio Pérez 

Status part of the emulated feature. It will follow device model, so we
must copy it as long as NIC device model has it set.

Signed-off-by: Eugenio Pérez 
Message-Id: <20221221115015.1400889-3-epere...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Acked-by: Jason Wang 
---
 hw/net/virtio-net.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index b30038d130..122eac25ee 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -183,6 +183,8 @@ static void virtio_net_get_config(VirtIODevice *vdev, 
uint8_t *config)
 memcpy(netcfg.mac, n->mac, ETH_ALEN);
 }
 
+netcfg.status |= virtio_tswap16(vdev,
+n->status & VIRTIO_NET_S_ANNOUNCE);
 memcpy(config, &netcfg, n->config_size);
 }
 }
-- 
MST

[PULL 35/51] include: Include headers where needed

[Michael S. Tsirkin]

From: Markus Armbruster 

A number of headers neglect to include everything they need.  They
compile only if the headers they need are already included from
elsewhere.  Fix that.

Signed-off-by: Markus Armbruster 
Reviewed-by: Alistair Francis 
Message-Id: <20221222120813.727830-3-arm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/exec/plugin-gen.h   | 1 +
 include/hw/acpi/erst.h  | 3 +++
 include/hw/char/cmsdk-apb-uart.h| 1 +
 include/hw/char/goldfish_tty.h  | 1 +
 include/hw/char/xilinx_uartlite.h   | 1 +
 include/hw/cris/etraxfs.h   | 1 +
 include/hw/display/macfb.h  | 3 ++-
 include/hw/dma/sifive_pdma.h| 2 ++
 include/hw/i386/ioapic_internal.h   | 1 +
 include/hw/i386/sgx-epc.h   | 1 +
 include/hw/intc/goldfish_pic.h  | 2 ++
 include/hw/intc/loongarch_pch_msi.h | 2 ++
 include/hw/intc/loongarch_pch_pic.h | 2 ++
 include/hw/intc/nios2_vic.h | 2 ++
 include/hw/misc/mchp_pfsoc_dmc.h| 2 ++
 include/hw/misc/mchp_pfsoc_ioscb.h  | 2 ++
 include/hw/misc/mchp_pfsoc_sysreg.h | 2 ++
 include/hw/misc/pvpanic.h   | 1 +
 include/hw/misc/sifive_e_prci.h | 3 ++-
 include/hw/misc/sifive_u_otp.h  | 3 ++-
 include/hw/misc/sifive_u_prci.h | 3 ++-
 include/hw/misc/virt_ctrl.h | 2 ++
 include/hw/misc/xlnx-versal-pmc-iou-slcr.h  | 1 +
 include/hw/net/lasi_82596.h | 2 +-
 include/hw/net/xlnx-zynqmp-can.h| 1 +
 include/hw/ppc/pnv_psi.h| 2 +-
 include/hw/riscv/boot_opensbi.h | 2 ++
 include/hw/riscv/microchip_pfsoc.h  | 3 +++
 include/hw/riscv/numa.h | 1 +
 include/hw/riscv/sifive_u.h | 2 ++
 include/hw/riscv/spike.h| 2 +-
 include/hw/riscv/virt.h | 2 +-
 include/hw/ssi/sifive_spi.h | 3 +++
 include/hw/timer/sse-timer.h| 1 +
 include/hw/usb/hcd-dwc3.h   | 1 +
 include/hw/usb/hcd-musb.h   | 2 ++
 include/hw/usb/xlnx-usb-subsystem.h | 2 ++
 include/hw/usb/xlnx-versal-usb2-ctrl-regs.h | 3 +++
 include/hw/virtio/virtio-mmio.h | 2 +-
 include/qemu/plugin-memory.h| 3 +++
 include/sysemu/dirtyrate.h  | 2 ++
 include/sysemu/dump.h   | 1 +
 include/user/syscall-trace.h| 1 +
 43 files changed, 71 insertions(+), 9 deletions(-)

diff --git a/include/exec/plugin-gen.h b/include/exec/plugin-gen.h
index 5004728c61..5f5506f1cc 100644
--- a/include/exec/plugin-gen.h
+++ b/include/exec/plugin-gen.h
@@ -12,6 +12,7 @@
 #ifndef QEMU_PLUGIN_GEN_H
 #define QEMU_PLUGIN_GEN_H
 
+#include "exec/cpu_ldst.h"
 #include "qemu/plugin.h"
 #include "tcg/tcg.h"
 
diff --git a/include/hw/acpi/erst.h b/include/hw/acpi/erst.h
index b747fe7739..b2ff663ddc 100644
--- a/include/hw/acpi/erst.h
+++ b/include/hw/acpi/erst.h
@@ -11,6 +11,9 @@
 #ifndef HW_ACPI_ERST_H
 #define HW_ACPI_ERST_H
 
+#include "hw/acpi/bios-linker-loader.h"
+#include "qom/object.h"
+
 void build_erst(GArray *table_data, BIOSLinker *linker, Object *erst_dev,
 const char *oem_id, const char *oem_table_id);
 
diff --git a/include/hw/char/cmsdk-apb-uart.h b/include/hw/char/cmsdk-apb-uart.h
index 9daff0..64b0a3d534 100644
--- a/include/hw/char/cmsdk-apb-uart.h
+++ b/include/hw/char/cmsdk-apb-uart.h
@@ -15,6 +15,7 @@
 #include "hw/qdev-properties.h"
 #include "hw/sysbus.h"
 #include "chardev/char-fe.h"
+#include "qapi/error.h"
 #include "qom/object.h"
 
 #define TYPE_CMSDK_APB_UART "cmsdk-apb-uart"
diff --git a/include/hw/char/goldfish_tty.h b/include/hw/char/goldfish_tty.h
index 7503d2fa1e..d59733e5ae 100644
--- a/include/hw/char/goldfish_tty.h
+++ b/include/hw/char/goldfish_tty.h
@@ -12,6 +12,7 @@
 
 #include "qemu/fifo8.h"
 #include "chardev/char-fe.h"
+#include "hw/sysbus.h"
 
 #define TYPE_GOLDFISH_TTY "goldfish_tty"
 OBJECT_DECLARE_SIMPLE_TYPE(GoldfishTTYState, GOLDFISH_TTY)
diff --git a/include/hw/char/xilinx_uartlite.h 
b/include/hw/char/xilinx_uartlite.h
index bb32d0fcb3..dd09c06801 100644
--- a/include/hw/char/xilinx_uartlite.h
+++ b/include/hw/char/xilinx_uartlite.h
@@ -17,6 +17,7 @@
 
 #include "hw/qdev-properties.h"
 #include "hw/sysbus.h"
+#include "qapi/error.h"
 
 static inline DeviceState *xilinx_uartlite_create(hwaddr addr,
 qemu_irq irq,
diff --git a/include/hw/cris/etraxfs.h b/include/hw/cris/etraxfs.h
index 8b01ed67d3..467b529dc0 100644
--- a/include/hw/cris/etraxfs.h
+++ b/include/hw/cris/etraxfs.h
@@ -29,6 +29,7 @@
 #include "hw/cris/etraxfs_dma.h"
 #include "hw/qdev-properties.h"
 #include "hw/sysbus.h"
+#include "qapi/error.h"
 
 DeviceState *etraxfs_eth_init(NICInfo *nd, hwaddr base, int phyaddr,

[PULL 45/51] hw/acpi/aml-build: Only generate cluster node in PPTT when specified

[Michael S. Tsirkin]

From: Yicong Yang 

Currently we'll always generate a cluster node no matter user has
specified '-smp clusters=X' or not. Cluster is an optional level
and will participant the building of Linux scheduling domains and
only appears on a few platforms. It's unncessary to always build
it when it cannot reflect the real topology on platforms having no
cluster implementation and to avoid affecting the linux scheduling
domains in the VM. So only generate the cluster topology in ACPI
PPTT when the user has specified it explicitly in -smp.

Tested qemu-system-aarch64 with `-smp 8` and linux 6.1-rc1, without
this patch:
estuary:/sys/devices/system/cpu/cpu0/topology$ cat cluster_*
ff  # cluster_cpus
0-7 # cluster_cpus_list
56  # cluster_id

with this patch:
estuary:/sys/devices/system/cpu/cpu0/topology$ cat cluster_*
ff  # cluster_cpus
0-7 # cluster_cpus_list
36  # cluster_id, with no cluster node kernel will make it to
  physical package id

Acked-by: Michael S. Tsirkin 
Reviewed-by: Yanan Wang 
Tested-by: Yanan Wang 
Signed-off-by: Yicong Yang 
Message-Id: <20221229065513.55652-3-yangyic...@huawei.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/boards.h   | 3 +++
 hw/acpi/aml-build.c   | 2 +-
 hw/core/machine-smp.c | 2 ++
 qemu-options.hx   | 3 +++
 4 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/include/hw/boards.h b/include/hw/boards.h
index d18d6d0073..b0abbdd5dc 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -130,11 +130,14 @@ typedef struct {
  * @prefer_sockets - whether sockets are preferred over cores in smp parsing
  * @dies_supported - whether dies are supported by the machine
  * @clusters_supported - whether clusters are supported by the machine
+ * @has_clusters - whether clusters are explicitly specified in the user
+ * provided SMP configuration
  */
 typedef struct {
 bool prefer_sockets;
 bool dies_supported;
 bool clusters_supported;
+bool has_clusters;
 } SMPCompatProps;
 
 /**
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 42feb4d4d7..ea331a20d1 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -2030,7 +2030,7 @@ void build_pptt(GArray *table_data, BIOSLinker *linker, 
MachineState *ms,
 0, socket_id, NULL, 0);
 }
 
-if (mc->smp_props.clusters_supported) {
+if (mc->smp_props.clusters_supported && mc->smp_props.has_clusters) {
 if (cpus->cpus[n].props.cluster_id != cluster_id) {
 assert(cpus->cpus[n].props.cluster_id > cluster_id);
 cluster_id = cpus->cpus[n].props.cluster_id;
diff --git a/hw/core/machine-smp.c b/hw/core/machine-smp.c
index b39ed21e65..c3dab007da 100644
--- a/hw/core/machine-smp.c
+++ b/hw/core/machine-smp.c
@@ -158,6 +158,8 @@ void machine_parse_smp_config(MachineState *ms,
 ms->smp.threads = threads;
 ms->smp.max_cpus = maxcpus;
 
+mc->smp_props.has_clusters = config->has_clusters;
+
 /* sanity-check of the computed topology */
 if (sockets * dies * clusters * cores * threads != maxcpus) {
 g_autofree char *topo_msg = cpu_hierarchy_to_string(ms);
diff --git a/qemu-options.hx b/qemu-options.hx
index 7f99d15b23..8662568324 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -343,6 +343,9 @@ SRST
 ::
 
 -smp 2
+
+Note: The cluster topology will only be generated in ACPI and exposed
+to guest if it's explicitly specified in -smp.
 ERST
 
 DEF("numa", HAS_ARG, QEMU_OPTION_numa,
-- 
MST

[PULL 19/51] vhost-vdpa: add support for config interrupt

[Michael S. Tsirkin]

From: Cindy Lu 

Add new call back function in vhost-vdpa, The function
vhost_set_config_call can set the event fd to kernel.
This function will be called in the vhost_dev_start
and vhost_dev_stop

Signed-off-by: Cindy Lu 
Message-Id: <20221222070451.936503-6-l...@redhat.com>
Acked-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/vhost-vdpa.c | 8 
 hw/virtio/trace-events | 1 +
 2 files changed, 9 insertions(+)

diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index fd0c33b0e1..fcb1e96316 100644
--- a/hw/virtio/vhost-vdpa.c
+++ b/hw/virtio/vhost-vdpa.c
@@ -716,6 +716,13 @@ static int vhost_vdpa_set_vring_ready(struct vhost_dev 
*dev)
 return 0;
 }
 
+static int vhost_vdpa_set_config_call(struct vhost_dev *dev,
+   int fd)
+{
+trace_vhost_vdpa_set_config_call(dev, fd);
+return vhost_vdpa_call(dev, VHOST_VDPA_SET_CONFIG_CALL, &fd);
+}
+
 static void vhost_vdpa_dump_config(struct vhost_dev *dev, const uint8_t 
*config,
uint32_t config_len)
 {
@@ -1298,4 +1305,5 @@ const VhostOps vdpa_ops = {
 .vhost_get_device_id = vhost_vdpa_get_device_id,
 .vhost_vq_get_addr = vhost_vdpa_vq_get_addr,
 .vhost_force_iommu = vhost_vdpa_force_iommu,
+.vhost_set_config_call = vhost_vdpa_set_config_call,
 };
diff --git a/hw/virtio/trace-events b/hw/virtio/trace-events
index 96da58a41f..a87c5f39a2 100644
--- a/hw/virtio/trace-events
+++ b/hw/virtio/trace-events
@@ -62,6 +62,7 @@ vhost_vdpa_get_features(void *dev, uint64_t features) "dev: 
%p features: 0x%"PRI
 vhost_vdpa_set_owner(void *dev) "dev: %p"
 vhost_vdpa_vq_get_addr(void *dev, void *vq, uint64_t desc_user_addr, uint64_t 
avail_user_addr, uint64_t used_user_addr) "dev: %p vq: %p desc_user_addr: 
0x%"PRIx64" avail_user_addr: 0x%"PRIx64" used_user_addr: 0x%"PRIx64
 vhost_vdpa_get_iova_range(void *dev, uint64_t first, uint64_t last) "dev: %p 
first: 0x%"PRIx64" last: 0x%"PRIx64
+vhost_vdpa_set_config_call(void *dev, int fd)"dev: %p fd: %d"
 
 # virtio.c
 virtqueue_alloc_element(void *elem, size_t sz, unsigned in_num, unsigned 
out_num) "elem %p size %zd in_num %u out_num %u"
-- 
MST

[PULL 43/51] virtio-pci: fix proxy->vector_irqfd leak in virtio_pci_set_guest_notifiers

[Michael S. Tsirkin]

From: leixiang 

proxy->vector_irqfd did not free when kvm_virtio_pci_vector_use or
msix_set_vector_notifiers failed in virtio_pci_set_guest_notifiers.

Fixes: 7d37d351

Signed-off-by: Lei Xiang 
Tested-by: Zeng Chi 
Suggested-by: Xie Ming 
Message-Id: <20221227081604.806415-1-leixi...@kylinos.cn>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio-pci.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 7bc60fcf94..247325c193 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1291,6 +1291,8 @@ assign_error:
 while (--n >= 0) {
 virtio_pci_set_guest_notifier(d, n, !assign, with_irqfd);
 }
+g_free(proxy->vector_irqfd);
+proxy->vector_irqfd = NULL;
 return r;
 }
 
-- 
MST

[PULL 34/51] include/hw/virtio: Break inclusion loop

[Michael S. Tsirkin]

From: Markus Armbruster 

hw/virtio/virtio.h and hw/virtio/vhost.h include each other.  The
former doesn't actually need the latter, so drop that inclusion to
break the loop.

Signed-off-by: Markus Armbruster 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Reviewed-by: Stefano Garzarella 
Message-Id: <20221222120813.727830-2-arm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Acked-by: Jason Wang 
Reviewed-by: Edgar E. Iglesias 
---
 hw/virtio/virtio-qmp.h | 1 +
 include/hw/virtio/virtio.h | 1 -
 hw/virtio/virtio.c | 1 +
 3 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/virtio/virtio-qmp.h b/hw/virtio/virtio-qmp.h
index 59681082e5..8af5f5e65a 100644
--- a/hw/virtio/virtio-qmp.h
+++ b/hw/virtio/virtio-qmp.h
@@ -13,6 +13,7 @@
 
 #include "qapi/qapi-types-virtio.h"
 #include "hw/virtio/virtio.h"
+#include "hw/virtio/vhost.h"
 
 #include "qemu/queue.h"
 
diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
index 4219968fd8..77c6c55929 100644
--- a/include/hw/virtio/virtio.h
+++ b/include/hw/virtio/virtio.h
@@ -22,7 +22,6 @@
 #include "standard-headers/linux/virtio_config.h"
 #include "standard-headers/linux/virtio_ring.h"
 #include "qom/object.h"
-#include "hw/virtio/vhost.h"
 
 /*
  * A guest should never accept this. It implies negotiation is broken
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 02a49d9fa1..f35178f5fc 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -22,6 +22,7 @@
 #include "qom/object_interfaces.h"
 #include "hw/core/cpu.h"
 #include "hw/virtio/virtio.h"
+#include "hw/virtio/vhost.h"
 #include "migration/qemu-file-types.h"
 #include "qemu/atomic.h"
 #include "hw/virtio/virtio-bus.h"
-- 
MST

[PULL 05/51] hw/acpi/Kconfig: Rename ACPI_X86_ICH to ACPI_ICH9

[Michael S. Tsirkin]

From: Bernhard Beschow 

Although the ICH9 ACPI controller may currently be tied to x86 it
doesn't have to. Furthermore, the source files this configuration switch
manages contain a '9', so this name fits more.

Signed-off-by: Bernhard Beschow 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20221216130355.41667-2-shen...@gmail.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/acpi/Kconfig | 2 +-
 hw/acpi/meson.build | 2 +-
 hw/i2c/meson.build  | 2 +-
 hw/isa/Kconfig  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/acpi/Kconfig b/hw/acpi/Kconfig
index 3703aca212..14694c75b4 100644
--- a/hw/acpi/Kconfig
+++ b/hw/acpi/Kconfig
@@ -13,7 +13,7 @@ config ACPI_X86
 select ACPI_PCIHP
 select ACPI_ERST
 
-config ACPI_X86_ICH
+config ACPI_ICH9
 bool
 select ACPI_X86
 
diff --git a/hw/acpi/meson.build b/hw/acpi/meson.build
index 2ed29ae94c..30054a8cdc 100644
--- a/hw/acpi/meson.build
+++ b/hw/acpi/meson.build
@@ -22,7 +22,7 @@ acpi_ss.add(when: 'CONFIG_ACPI_PIIX4', if_true: 
files('piix4.c'))
 acpi_ss.add(when: 'CONFIG_ACPI_PCIHP', if_true: files('pcihp.c'))
 acpi_ss.add(when: 'CONFIG_ACPI_PCIHP', if_false: 
files('acpi-pci-hotplug-stub.c'))
 acpi_ss.add(when: 'CONFIG_ACPI_VIOT', if_true: files('viot.c'))
-acpi_ss.add(when: 'CONFIG_ACPI_X86_ICH', if_true: files('ich9.c', 
'ich9_tco.c'))
+acpi_ss.add(when: 'CONFIG_ACPI_ICH9', if_true: files('ich9.c', 'ich9_tco.c'))
 acpi_ss.add(when: 'CONFIG_ACPI_ERST', if_true: files('erst.c'))
 acpi_ss.add(when: 'CONFIG_IPMI', if_true: files('ipmi.c'), if_false: 
files('ipmi-stub.c'))
 acpi_ss.add(when: 'CONFIG_PC', if_false: files('acpi-x86-stub.c'))
diff --git a/hw/i2c/meson.build b/hw/i2c/meson.build
index d3df273251..6e7340aaac 100644
--- a/hw/i2c/meson.build
+++ b/hw/i2c/meson.build
@@ -2,7 +2,7 @@ i2c_ss = ss.source_set()
 i2c_ss.add(when: 'CONFIG_I2C', if_true: files('core.c'))
 i2c_ss.add(when: 'CONFIG_SMBUS', if_true: files('smbus_slave.c', 
'smbus_master.c'))
 i2c_ss.add(when: 'CONFIG_ACPI_SMBUS', if_true: files('pm_smbus.c'))
-i2c_ss.add(when: 'CONFIG_ACPI_X86_ICH', if_true: files('smbus_ich9.c'))
+i2c_ss.add(when: 'CONFIG_ACPI_ICH9', if_true: files('smbus_ich9.c'))
 i2c_ss.add(when: 'CONFIG_ASPEED_SOC', if_true: files('aspeed_i2c.c'))
 i2c_ss.add(when: 'CONFIG_BITBANG_I2C', if_true: files('bitbang_i2c.c'))
 i2c_ss.add(when: 'CONFIG_EXYNOS4', if_true: files('exynos4210_i2c.c'))
diff --git a/hw/isa/Kconfig b/hw/isa/Kconfig
index 18b5c6bf3f..01f330d941 100644
--- a/hw/isa/Kconfig
+++ b/hw/isa/Kconfig
@@ -78,4 +78,4 @@ config LPC_ICH9
 select I8257
 select ISA_BUS
 select ACPI_SMBUS
-select ACPI_X86_ICH
+select ACPI_ICH9
-- 
MST

[PATCH v5] tests/qtest: netdev: test stream and dgram backends

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Acked-by: Michael S. Tsirkin 
---

Notes:
v5:
  - disable test_stream_fd and  test_dgram_fd on windows as socketpair()
is not defined.
  - enable test_stream_unix_abstract only on linux as "abstract"
unix socket parameter is only defined on linux.

v4:
  - rework EXPECT_STATE()
  - use g_dir_make_tmp()

v3:
- Add "-M none" to avoid error:
  "No machine specified, and there is no default"

v2:
- Fix ipv6 free port allocation
- Check for IPv4, IPv6, AF_UNIX
- Use g_mkdtemp() rather than g_file_open_tmp()
- Use socketpair() in test_stream_fd()

v1: compared to v14 of "qapi: net: add unix socket type support to netdev 
backend":
- use IP addresses 127.0.0.1 and ::1 rather than localhost

 tests/qtest/meson.build |   2 +
 tests/qtest/netdev-socket.c | 444 
 2 files changed, 446 insertions(+)
 create mode 100644 tests/qtest/netdev-socket.c

diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
index f0ebb5fac603..d752304711e2 100644
--- a/tests/qtest/meson.build
+++ b/tests/qtest/meson.build
@@ -21,6 +21,7 @@ qtests_generic = [
   'test-hmp',
   'qos-test',
   'readconfig-test',
+  'netdev-socket',
 ]
 if config_host.has_key('CONFIG_MODULES')
   qtests_generic += [ 'modules-test' ]
@@ -298,6 +299,7 @@ qtests = {
   'tpm-tis-device-swtpm-test': [io, tpmemu_files, 'tpm-tis-util.c'],
   'tpm-tis-device-test': [io, tpmemu_files, 'tpm-tis-util.c'],
   'vmgenid-test': files('boot-sector.c', 'acpi-utils.c'),
+  'netdev-socket': files('netdev-socket.c', '../unit/socket-helpers.c'),
 }
 
 gvnc = dependency('gvnc-1.0', required: false)
diff --git a/tests/qtest/netdev-socket.c b/tests/qtest/netdev-socket.c
new file mode 100644
index ..a9db9fa06e79
--- /dev/null
+++ b/tests/qtest/netdev-socket.c
@@ -0,0 +1,444 @@
+/*
+ * QTest testcase for netdev stream and dgram
+ *
+ * Copyright (c) 2022 Red Hat, Inc.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include 
+#include "../unit/socket-helpers.h"
+#include "libqtest.h"
+
+#define CONNECTION_TIMEOUT5
+
+#define EXPECT_STATE(q, e, t) \
+do {  \
+char *resp = NULL;\
+g_test_timer_start(); \
+do {  \
+g_free(resp); \
+resp = qtest_hmp(q, "info network");  \
+if (t) {  \
+strrchr(resp, t)[0] = 0;  \
+} \
+if (g_str_equal(resp, e)) {   \
+break;\
+} \
+} while (g_test_timer_elapsed() < CONNECTION_TIMEOUT); \
+g_assert_cmpstr(resp, ==, e); \
+g_free(resp); \
+} while (0)
+
+static gchar *tmpdir;
+
+static int inet_get_free_port_socket_ipv4(int sock)
+{
+struct sockaddr_in addr;
+socklen_t len;
+
+memset(&addr, 0, sizeof(addr));
+addr.sin_family = AF_INET;
+addr.sin_addr.s_addr = INADDR_ANY;
+addr.sin_port = 0;
+if (bind(sock, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
+return -1;
+}
+
+len = sizeof(addr);
+if (getsockname(sock,  (struct sockaddr *)&addr, &len) < 0) {
+return -1;
+}
+
+return ntohs(addr.sin_port);
+}
+
+static int inet_get_free_port_socket_ipv6(int sock)
+{
+struct sockaddr_in6 addr;
+socklen_t len;
+
+memset(&addr, 0, sizeof(addr));
+addr.sin6_family = AF_INET6;
+addr.sin6_addr = in6addr_any;
+addr.sin6_port = 0;
+if (bind(sock, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
+return -1;
+}
+
+len = sizeof(addr);
+if (getsockname(sock,  (struct sockaddr *)&addr, &len) < 0) {
+return -1;
+}
+
+return ntohs(addr.sin6_port);
+}
+
+static int inet_get_free_port_multiple(int nb, int *port, bool ipv6)
+{
+int sock[nb];
+int i;
+
+for (i = 0; i < nb; i++) {
+sock[i] = socket(ipv6 ? AF_INET6 : AF_INET, SOCK_STREAM, 0);
+if (sock[i] < 0) {
+break;
+}
+port[i] = ipv6 ? inet_get_free_port_socket_ipv6(sock[i]) :
+ inet_get_free_port_socket_ipv4(sock[i]);
+if (port[i] == -1) {
+break;
+}
+}
+
+nb = i;
+for (i = 0; i < nb; i++) {
+closesocket(sock[i]);
+}
+
+return nb;
+}
+
+static int inet_get_free_port(bool ipv6)
+{
+int nb, port;
+
+nb = inet_get_free_port_multiple(1, &port, ipv6);
+g_assert_cmpint(nb, ==, 1);
+
+return port;
+}
+
+static void test_stream_inet_ipv4(v

[PULL 48/51] tests: acpi: aarch64: Add topology test for aarch64

[Michael S. Tsirkin]

From: Yicong Yang 

Add test for aarch64's ACPI topology building for all the supported
levels.

Acked-by: Michael S. Tsirkin 
Reviewed-by: Yanan Wang 
Tested-by: Yanan Wang 
Signed-off-by: Yicong Yang 
Message-Id: <20221229065513.55652-6-yangyic...@huawei.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/qtest/bios-tables-test.c | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c
index 395d441212..e954a9cb39 100644
--- a/tests/qtest/bios-tables-test.c
+++ b/tests/qtest/bios-tables-test.c
@@ -1720,6 +1720,24 @@ static void test_acpi_virt_tcg(void)
 free_test_data(&data);
 }
 
+static void test_acpi_virt_tcg_topology(void)
+{
+test_data data = {
+.machine = "virt",
+.variant = ".topology",
+.tcg_only = true,
+.uefi_fl1 = "pc-bios/edk2-aarch64-code.fd",
+.uefi_fl2 = "pc-bios/edk2-arm-vars.fd",
+.cd = "tests/data/uefi-boot-images/bios-tables-test.aarch64.iso.qcow2",
+.ram_start = 0x4000ULL,
+.scan_len = 128ULL * 1024 * 1024,
+};
+
+test_acpi_one("-cpu cortex-a57 "
+  "-smp sockets=1,clusters=2,cores=2,threads=2", &data);
+free_test_data(&data);
+}
+
 static void test_acpi_q35_viot(void)
 {
 test_data data = {
@@ -2057,6 +2075,7 @@ int main(int argc, char *argv[])
 qtest_add_func("acpi/virt", test_acpi_virt_tcg);
 qtest_add_func("acpi/virt/acpihmatvirt",
 test_acpi_virt_tcg_acpi_hmat);
+qtest_add_func("acpi/virt/topology", test_acpi_virt_tcg_topology);
 qtest_add_func("acpi/virt/numamem", test_acpi_virt_tcg_numamem);
 qtest_add_func("acpi/virt/memhp", test_acpi_virt_tcg_memhp);
 qtest_add_func("acpi/virt/pxb", test_acpi_virt_tcg_pxb);
-- 
MST

[PULL 39/51] vdpa: harden the error path if get_iova_range failed

[Michael S. Tsirkin]

From: Longpeng 

We should stop if the GET_IOVA_RANGE ioctl failed.

Signed-off-by: Longpeng 
Message-Id: <20221224114848.3062-3-longpe...@huawei.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Acked-by: Jason Wang 
---
 net/vhost-vdpa.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index b6e1e84ed2..1a13a34d35 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -805,7 +805,13 @@ int net_init_vhost_vdpa(const Netdev *netdev, const char 
*name,
 return queue_pairs;
 }
 
-vhost_vdpa_get_iova_range(vdpa_device_fd, &iova_range);
+r = vhost_vdpa_get_iova_range(vdpa_device_fd, &iova_range);
+if (unlikely(r < 0)) {
+error_setg(errp, "vhost-vdpa: get iova range failed: %s",
+   strerror(-r));
+goto err;
+}
+
 if (opts->x_svq) {
 if (!vhost_vdpa_net_valid_svq_features(features, errp)) {
 goto err_svq;
-- 
MST

[PULL 20/51] virtio: add support for configure interrupt

[Michael S. Tsirkin]

From: Cindy Lu 

Add the functions to support the configure interrupt in virtio
The function virtio_config_guest_notifier_read will notify the
guest if there is an configure interrupt.
The function virtio_config_set_guest_notifier_fd_handler is
to set the fd hander for the notifier

Signed-off-by: Cindy Lu 
Message-Id: <20221222070451.936503-7-l...@redhat.com>
Acked-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/virtio/virtio.h |  4 
 hw/virtio/virtio.c | 29 +
 2 files changed, 33 insertions(+)

diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
index 8266d240cc..4219968fd8 100644
--- a/include/hw/virtio/virtio.h
+++ b/include/hw/virtio/virtio.h
@@ -155,6 +155,7 @@ struct VirtIODevice
 AddressSpace *dma_as;
 QLIST_HEAD(, VirtQueue) *vector_queues;
 QTAILQ_ENTRY(VirtIODevice) next;
+EventNotifier config_notifier;
 };
 
 struct VirtioDeviceClass {
@@ -377,6 +378,9 @@ void 
virtio_queue_aio_attach_host_notifier_no_poll(VirtQueue *vq, AioContext *ct
 void virtio_queue_aio_detach_host_notifier(VirtQueue *vq, AioContext *ctx);
 VirtQueue *virtio_vector_first_queue(VirtIODevice *vdev, uint16_t vector);
 VirtQueue *virtio_vector_next_queue(VirtQueue *vq);
+EventNotifier *virtio_config_get_guest_notifier(VirtIODevice *vdev);
+void virtio_config_set_guest_notifier_fd_handler(VirtIODevice *vdev,
+ bool assign, bool with_irqfd);
 
 static inline void virtio_add_feature(uint64_t *features, unsigned int fbit)
 {
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 289eb71045..6ff797e1cf 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -3417,7 +3417,14 @@ static void 
virtio_queue_guest_notifier_read(EventNotifier *n)
 virtio_irq(vq);
 }
 }
+static void virtio_config_guest_notifier_read(EventNotifier *n)
+{
+VirtIODevice *vdev = container_of(n, VirtIODevice, config_notifier);
 
+if (event_notifier_test_and_clear(n)) {
+virtio_notify_config(vdev);
+}
+}
 void virtio_queue_set_guest_notifier_fd_handler(VirtQueue *vq, bool assign,
 bool with_irqfd)
 {
@@ -3434,6 +3441,23 @@ void 
virtio_queue_set_guest_notifier_fd_handler(VirtQueue *vq, bool assign,
 }
 }
 
+void virtio_config_set_guest_notifier_fd_handler(VirtIODevice *vdev,
+ bool assign, bool with_irqfd)
+{
+EventNotifier *n;
+n = &vdev->config_notifier;
+if (assign && !with_irqfd) {
+event_notifier_set_handler(n, virtio_config_guest_notifier_read);
+} else {
+event_notifier_set_handler(n, NULL);
+}
+if (!assign) {
+/* Test and clear notifier before closing it,*/
+/* in case poll callback didn't have time to run. */
+virtio_config_guest_notifier_read(n);
+}
+}
+
 EventNotifier *virtio_queue_get_guest_notifier(VirtQueue *vq)
 {
 return &vq->guest_notifier;
@@ -3514,6 +3538,11 @@ EventNotifier *virtio_queue_get_host_notifier(VirtQueue 
*vq)
 return &vq->host_notifier;
 }
 
+EventNotifier *virtio_config_get_guest_notifier(VirtIODevice *vdev)
+{
+return &vdev->config_notifier;
+}
+
 void virtio_queue_set_host_notifier_enabled(VirtQueue *vq, bool enabled)
 {
 vq->host_notifier_enabled = enabled;
-- 
MST

[PULL 14/51] vhost-user: Fix the virtio features negotiation flaw

[Michael S. Tsirkin]

From: Hyman Huang(黄勇) 

This patch aims to fix unexpected negotiation features for
vhost-user netdev interface.

When openvswitch reconnect Qemu after an unexpected disconnection
and Qemu therefore start the vhost_dev, acked_features field in
vhost_dev is initialized with value fetched from acked_features
field in NetVhostUserState, which should be up-to-date at that
moment but Qemu could not make it actually during the time window
of virtio features negotiation.

So we save the acked_features right after being configured by
guest virtio driver so it can be used to restore acked_features
field in vhost_dev correctly.

Signed-off-by: Hyman Huang(黄勇) 
Signed-off-by: Guoyi Tu 
Signed-off-by: Liuxiangdong 
Message-Id: 

Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/net/vhost_net.h | 2 ++
 hw/net/vhost_net-stub.c | 5 +
 hw/net/vhost_net.c  | 9 +
 hw/net/virtio-net.c | 6 ++
 4 files changed, 22 insertions(+)

diff --git a/include/net/vhost_net.h b/include/net/vhost_net.h
index 40b9a40074..dfb13756cd 100644
--- a/include/net/vhost_net.h
+++ b/include/net/vhost_net.h
@@ -52,4 +52,6 @@ void vhost_net_virtqueue_reset(VirtIODevice *vdev, 
NetClientState *nc,
int vq_index);
 int vhost_net_virtqueue_restart(VirtIODevice *vdev, NetClientState *nc,
 int vq_index);
+
+void vhost_net_save_acked_features(NetClientState *nc);
 #endif
diff --git a/hw/net/vhost_net-stub.c b/hw/net/vhost_net-stub.c
index 9f7daae99c..66ed5f0b98 100644
--- a/hw/net/vhost_net-stub.c
+++ b/hw/net/vhost_net-stub.c
@@ -113,3 +113,8 @@ int vhost_net_virtqueue_restart(VirtIODevice *vdev, 
NetClientState *nc,
 {
 return 0;
 }
+
+void vhost_net_save_acked_features(NetClientState *nc)
+{
+
+}
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index 043058ff43..984b130e8f 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -144,6 +144,15 @@ uint64_t vhost_net_get_acked_features(VHostNetState *net)
 return net->dev.acked_features;
 }
 
+void vhost_net_save_acked_features(NetClientState *nc)
+{
+#ifdef CONFIG_VHOST_NET_USER
+if (nc->info->type == NET_CLIENT_DRIVER_VHOST_USER) {
+vhost_user_save_acked_features(nc);
+}
+#endif
+}
+
 static int vhost_net_get_fd(NetClientState *backend)
 {
 switch (backend->info->type) {
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 122eac25ee..b342d66160 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -984,6 +984,12 @@ static void virtio_net_set_features(VirtIODevice *vdev, 
uint64_t features)
 continue;
 }
 vhost_net_ack_features(get_vhost_net(nc->peer), features);
+
+/*
+ * keep acked_features in NetVhostUserState up-to-date so it
+ * can't miss any features configured by guest virtio driver.
+ */
+vhost_net_save_acked_features(nc->peer);
 }
 
 if (virtio_has_feature(features, VIRTIO_NET_F_CTRL_VLAN)) {
-- 
MST

Re: [PATCH] hw/core: Introduce proxy-pic

[Bernhard Beschow]

Am 4. Januar 2023 22:22:01 UTC schrieb Mark Cave-Ayland 
:
>On 04/01/2023 19:53, Bernhard Beschow wrote:
>
>> Having a proxy PIC allows for ISA PICs to be created and wired up in
>> southbridges. This is especially useful for PIIX3 for two reasons:
>> First, the southbridge doesn't need to care about the virtualization
>> technology used (KVM, TCG, Xen) due to in-IRQs (where devices get
>> attached) and out-IRQs (which will trigger the IRQs of the respective
>> virtualization technology) are separated. Second, since the in-IRQs are
>> populated with fully initialized qemu_irq's, they can already be wired
>> up inside PIIX3.
>> 
>> Signed-off-by: Bernhard Beschow 
>> Reviewed-by: Michael S. Tsirkin 
>> Message-Id: <20221022150508.26830-15-shen...@gmail.com>
>> ---
>> Changes since v4:
>> * Change license to GPL-2.0-or-later and use SPDX-License-Identifier
>> * Fix typo in commit message
>> ---
>>   include/hw/core/proxy-pic.h | 38 ++
>>   hw/core/proxy-pic.c | 54 +
>>   MAINTAINERS |  2 ++
>>   hw/core/Kconfig |  3 +++
>>   hw/core/meson.build |  1 +
>>   5 files changed, 98 insertions(+)
>>   create mode 100644 include/hw/core/proxy-pic.h
>>   create mode 100644 hw/core/proxy-pic.c
>> 
>> diff --git a/include/hw/core/proxy-pic.h b/include/hw/core/proxy-pic.h
>> new file mode 100644
>> index 00..32bc7936bd
>> --- /dev/null
>> +++ b/include/hw/core/proxy-pic.h
>> @@ -0,0 +1,38 @@
>> +/*
>> + * SPDX-License-Identifier: GPL-2.0-or-later
>> + *
>> + * Proxy interrupt controller device.
>> + *
>> + * Copyright (c) 2022 Bernhard Beschow 
>> + */
>> +
>> +#ifndef HW_PROXY_PIC_H
>> +#define HW_PROXY_PIC_H
>> +
>> +#include "hw/qdev-core.h"
>> +#include "qom/object.h"
>> +#include "hw/irq.h"
>> +
>> +#define TYPE_PROXY_PIC "proxy-pic"
>> +OBJECT_DECLARE_SIMPLE_TYPE(ProxyPICState, PROXY_PIC)
>> +
>> +#define MAX_PROXY_PIC_LINES 16
>> +
>> +/**
>> + * This is a simple device which has 16 pairs of GPIO input and output 
>> lines.
>> + * Any change on an input line is forwarded to the respective output.
>> + *
>> + * QEMU interface:
>> + *  + 16 unnamed GPIO inputs: the input lines
>> + *  + 16 unnamed GPIO outputs: the output lines
>> + */
>
>Re-reading this as a standalone patch, I can understand now why Phil was 
>asking about device properties etc. because aside from the commit message, it 
>isn't particularly clear that this is a workaround for QEMU's PIC devices and 
>accelerator implementations not (yet) supporting direct wiring with qdev 
>gpios. I would definitely argue that it is a special purpose and not a generic 
>device.
>
>I apologise that this is quite late in the review process, however given that 
>this wasn't immediately clear I do think it is worth making a few minor 
>changes. Perhaps something like:
>
>- Update the comment above in proxy_pic.h clarifying that this is only for 
>wiring up
>  ISA PICs (similar to the commit message) until gpios can be used

Will do.

>- Move the .c and .h files from hw/core/proxy-pic.c and 
>include/hw/core/proxy_pic.h
>  to hw/i386/proxy-pic.c and include/hw/i386/proxy_pic.h to provide a strong 
> hint
>  that the device is restricted to x86-only

The device gets used in PIIX4 as well, i.e. MIPS, too. I therefore think it is 
not x86 but rather PIC specific. I propose to move it back to hw/intc/i8259 
where it was implemented until v2: 
https://patchew.org/QEMU/20221022150508.26830-1-shen...@gmail.com/20221022150508.26830-15-shen...@gmail.com/
 . I can also rename the device back to isa-pic to make things more obvious.

What do you think?

Best regards,
Bernhard

>
>I think this makes it more obvious what the device is doing, and also prevent 
>its usage leaking into other places in the codebase. In fact in its current 
>form there is no need for device properties to configure the PIC lines, since 
>legacy x86 PICs always have 16 (ISA) IRQ lines.
>
>> +struct ProxyPICState {
>> +/*< private >*/
>> +struct DeviceState parent_obj;
>> +/*< public >*/
>> +
>> +qemu_irq in_irqs[MAX_PROXY_PIC_LINES];
>> +qemu_irq out_irqs[MAX_PROXY_PIC_LINES];
>> +};
>> +
>> +#endif /* HW_PROXY_PIC_H */
>> diff --git a/hw/core/proxy-pic.c b/hw/core/proxy-pic.c
>> new file mode 100644
>> index 00..40fd70b9e2
>> --- /dev/null
>> +++ b/hw/core/proxy-pic.c
>> @@ -0,0 +1,54 @@
>> +/*
>> + * SPDX-License-Identifier: GPL-2.0-or-later
>> + *
>> + * Proxy interrupt controller device.
>> + *
>> + * Copyright (c) 2022 Bernhard Beschow 
>> + */
>> +
>> +#include "qemu/osdep.h"
>> +#include "hw/core/proxy-pic.h"
>> +
>> +static void proxy_pic_set_irq(void *opaque, int irq, int level)
>> +{
>> +ProxyPICState *s = opaque;
>> +
>> +qemu_set_irq(s->out_irqs[irq], level);
>> +}
>> +
>> +static void proxy_pic_realize(DeviceState *dev, Error **errp)
>> +{
>> +ProxyPICState *s = PROXY_PIC(dev);
>> +
>> +qdev_init_gpio_in(DEVICE(s), proxy_pic_set_irq, MA

[PULL 51/51] vhost-scsi: fix memleak of vsc->inflight

[Michael S. Tsirkin]

From: Dongli Zhang 

This is below memleak detected when to quit the qemu-system-x86_64 (with
vhost-scsi-pci).

(qemu) quit

=
==15568==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7f00aec57917 in __interceptor_calloc (/lib64/libasan.so.6+0xb4917)
#1 0x7f00ada0d7b5 in g_malloc0 (/lib64/libglib-2.0.so.0+0x517b5)
#2 0x5648ffd38bac in vhost_scsi_start ../hw/scsi/vhost-scsi.c:92
#3 0x5648ffd38d52 in vhost_scsi_set_status ../hw/scsi/vhost-scsi.c:131
#4 0x5648ffda340e in virtio_set_status ../hw/virtio/virtio.c:2036
#5 0x5648ff8de281 in virtio_ioport_write ../hw/virtio/virtio-pci.c:431
#6 0x5648ff8deb29 in virtio_pci_config_write ../hw/virtio/virtio-pci.c:576
#7 0x5648ffe5c0c2 in memory_region_write_accessor ../softmmu/memory.c:493
#8 0x5648ffe5c424 in access_with_adjusted_size ../softmmu/memory.c:555
#9 0x5648ffe6428f in memory_region_dispatch_write ../softmmu/memory.c:1515
#10 0x5648ffe8613d in flatview_write_continue ../softmmu/physmem.c:2825
#11 0x5648ffe86490 in flatview_write ../softmmu/physmem.c:2867
#12 0x5648ffe86d9f in address_space_write ../softmmu/physmem.c:2963
#13 0x5648ffe86e57 in address_space_rw ../softmmu/physmem.c:2973
#14 0x5648fffbfb3d in kvm_handle_io ../accel/kvm/kvm-all.c:2639
#15 0x5648fffc0e0d in kvm_cpu_exec ../accel/kvm/kvm-all.c:2890
#16 0x5648fffc90a7 in kvm_vcpu_thread_fn ../accel/kvm/kvm-accel-ops.c:51
#17 0x56490042400a in qemu_thread_start ../util/qemu-thread-posix.c:505
#18 0x7f00ac3b6ea4 in start_thread (/lib64/libpthread.so.0+0x7ea4)

Free the vsc->inflight at the 'stop' path.

Fixes: b82526c7ee ("vhost-scsi: support inflight io track")
Cc: Joe Jin 
Cc: Li Feng 
Signed-off-by: Dongli Zhang 
Message-Id: <20230104160433.21353-1-dongli.zh...@oracle.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/scsi/vhost-scsi-common.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/scsi/vhost-scsi-common.c b/hw/scsi/vhost-scsi-common.c
index 18ea5dcfa1..a06f01af26 100644
--- a/hw/scsi/vhost-scsi-common.c
+++ b/hw/scsi/vhost-scsi-common.c
@@ -113,6 +113,7 @@ void vhost_scsi_common_stop(VHostSCSICommon *vsc)
 
 if (vsc->inflight) {
 vhost_dev_free_inflight(vsc->inflight);
+g_free(vsc->inflight);
 vsc->inflight = NULL;
 }
 
-- 
MST

Re: [PATCH] acpi: cpuhp: fix guest-visible maximum access size to the legacy reg block

[Michael S. Tsirkin]

On Thu, Jan 05, 2023 at 10:00:00AM +0100, Philippe Mathieu-Daudé wrote:
> On 5/1/23 08:13, Laszlo Ersek wrote:
> > On 1/4/23 13:35, Michael S. Tsirkin wrote:
> > > On Wed, Jan 04, 2023 at 10:01:38AM +0100, Laszlo Ersek wrote:
> [...]
> 
> > > > To make things *even more* complicated, the breakage was (and remains, 
> > > > as
> > > > of today) visible with TCG acceleration only.  Commit 5d971f9e6725 makes
> > > > no difference with KVM acceleration -- the DWORD accesses still work,
> > > > despite "valid.max_access_size = 1".
> > > 
> > > BTW do you happen to know why that's the case for KVM? Because if kvm
> > > ignores valid.max_access_size generally then commit 5d971f9e6725 is
> > > incomplete, and we probably have some related kvm-only bugs.
> > 
> > It remains a mystery for me why KVM accel does not enforce
> > "valid.max_access_size".
> > 
> > In the thread I started earlier (which led to this patch), at
> > 
> >"IO port write width clamping differs between TCG and KVM"
> >https://lists.gnu.org/archive/html/qemu-devel/2023-01/msg00199.html
> 
> [...]
> 
> > So, I think the bug is somehow "distributed" between
> > flatview_write_continue(), flatview_access_allowed(), and
> > memory_access_size(). flatview_access_allowed() does not care about "l"
> > at all, when it should (maybe?) compare it against
> > "mr->ops->valid.max_access_size". In turn, memory_access_size()
> > *silently* reduces the access width, based on
> > "->ops->valid.max_access_size".
> > 
> > And all this this *precedes* the call to memory_region_access_valid(),
> > which is only called from within memory_region_dispatch_write(), which
> > already gets the reduced width only.
> > 
> > Now, flatview_access_allowed() is from commit 3ab6fdc91b72
> > ("softmmu/physmem: Introduce MemTxAttrs::memory field and
> > MEMTX_ACCESS_ERROR", 2022-03-21), and the fact it does not check "len"
> > seems intentional -- it only takes "len" for logging.
> > 
> > Hmm. After digging a lot more, I find the issue may have been introduced
> > over three commits:
> > 
> > - 82f2563fc815 ("exec: introduce memory_access_size", 2013-05-29), which
> >(IIUC) was the first step towards automatically reducing the address
> >width, but at first only based on alignment,
> > 
> > - 23326164ae6f ("exec: Support 64-bit operations in address_space_rw",
> >2013-07-14), which extended the splitting based on
> >"MemoryRegionOps.impl",
> > 
> > - e1622f4b1539 ("exec: fix incorrect assumptions in memory_access_size",
> >2013-07-18), which flipped the splitting basis to
> >"MemoryRegionOps.valid".
> > 
> > To me, 23326164ae6f seems *vaguely* correct ("vague" is not criticism
> > for the commit, it's criticism for my understanding :)); after all we're
> > on our way towards the device model, and the device model exposes via
> > "MemoryRegionOps.impl" what it can handle. Plus, commit 5d971f9e6725
> > does direct us towards "MemoryRegionOps.impl"!
> > 
> > But clearly there must have been something wrong with 23326164ae6f,
> > according to e1622f4b1539...
> 
> Maybe the long-standing unaligned access problem? Could be fixed by:
> https://lore.kernel.org/qemu-devel/20210619172626.875885-15-richard.hender...@linaro.org/

indeed. want to dust it up and post?

> > The latter is what introduced the current "silent splitting of access
> > based on 'valid'". The message of commit e1622f4b1539 says, almost like
> > an afterthought:
> > 
> > >  access_size_max can be mr->ops->valid.max_access_size because 
> > > memory.c
> > >  can and will still break accesses bigger than
> > >  mr->ops->impl.max_access_size.
> > 
> > I think this argument may have been wrong: if "impl.max_access_size" is
> > large (such as: unset), but "valid.max_access_size" is small, that just
> > means:
> > 
> >the implementation is flexible and can deal with any access widths (so
> >"memory.c" *need not* break up accesses for the device model's sake),
> >but the device should restrict the *guest* to small accesses. So if
> >the guest tries something larger, we shouldn't silently accommodate
> >that.
> 
> Indeed. '.impl' is a software thing for the device modeller, ideally one
> will chose a value that allows the simplest implementation. I.e. if a
> device only allows 8-bit access, use 8-bit registers aligned on a 64-bit
> boundary, the model might use:
> 
>   .impl.min_access_size = 8,
>   .impl.max_access_size = 1,
> 
> Also we need to keep in mind that even if most MemoryRegionOps structs
> are 'static const', such structure can be dynamically created. I.e.:
> https://lore.kernel.org/qemu-devel/20200817161853.593247-5-f4...@amsat.org/
> 
> > I have zero idea how to fix this, but I feel that the quoted argument
> > from commit e1622f4b1539 is the reason why KVM accel is so lenient that
> > it sort of "de-fangs" commit 5d971f9e6725.
> > 
> > Laszlo
> > 

Re: [PULL 00/51] virtio,pc,pci: features, cleanups, fixes

[Michael S. Tsirkin]

On Thu, Jan 05, 2023 at 04:14:20AM -0500, Michael S. Tsirkin wrote:
> The following changes since commit cb9c6a8e5ad6a1f0ce164d352e3102df46986e22:
> 
>   .gitlab-ci.d/windows: Work-around timeout and OpenGL problems of the MSYS2 
> jobs (2023-01-04 18:58:33 +)
> 
> are available in the Git repository at:
> 
>   https://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
> 
> for you to fetch changes up to 6529cb46fa76bb4b4f217d6fcc68b61b543062c4:

7c77271205339d3b161bdf925f5ead799b582e47 now - I dropped one patch
as v2 is forthcoming.


>   vhost-scsi: fix memleak of vsc->inflight (2023-01-05 04:07:39 -0500)
> 
> 
> virtio,pc,pci: features, cleanups, fixes
> 
> mostly vhost-vdpa:
> guest announce feature emulation when using shadow virtqueue
> support for configure interrupt
> startup speed ups
> 
> an acpi change to only generate cluster node in PPTT when specified for arm
> 
> misc fixes, cleanups
> 
> Signed-off-by: Michael S. Tsirkin 
> 
> 
> 
> Note: linux-user build is failing for me on master, I just
> disabled it for now as nothing I'm doing should affect linux-user.
> Didn't debug yet.
> 
> 
> Bernhard Beschow (7):
>   hw/acpi/Kconfig: Rename ACPI_X86_ICH to ACPI_ICH9
>   hw/acpi/Kconfig: Add missing dependencies to ACPI_ICH9
>   hw/acpi/Kconfig: Do not needlessly build TYPE_PIIX4_PM in non-PC/Malta 
> machines
>   hw/acpi/Kconfig: Add missing dependencies to ACPI_PIIX4
>   hw/isa/Kconfig: Add missing dependency to VT82C686
>   i386, mips: Resolve redundant ACPI and APM dependencies
>   hw/ppc/Kconfig: Remove unused dependencies from PEGASOS2
> 
> Cindy Lu (10):
>   virtio: introduce macro VIRTIO_CONFIG_IRQ_IDX
>   virtio-pci: decouple notifier from interrupt process
>   virtio-pci: decouple the single vector from the interrupt process
>   vhost: introduce new VhostOps vhost_set_config_call
>   vhost-vdpa: add support for config interrupt
>   virtio: add support for configure interrupt
>   vhost: add support for configure interrupt
>   virtio-net: add support for configure interrupt
>   virtio-mmio: add support for configure interrupt
>   virtio-pci: add support for configure interrupt
> 
> Dongli Zhang (1):
>   vhost-scsi: fix memleak of vsc->inflight
> 
> Eugenio Pérez (4):
>   virtio_net: Modify virtio_net_get_config to early return
>   virtio_net: copy VIRTIO_NET_S_ANNOUNCE if device model has it
>   vdpa: handle VIRTIO_NET_CTRL_ANNOUNCE in 
> vhost_vdpa_net_handle_ctrl_avail
>   vdpa: do not handle VIRTIO_NET_F_GUEST_ANNOUNCE in vhost-vdpa
> 
> Hyman Huang (3):
>   vhost-user: Refactor vhost acked features saving
>   vhost-user: Refactor the chr_closed_bh
>   vhost-user: Fix the virtio features negotiation flaw
> 
> Laszlo Ersek (1):
>   acpi: cpuhp: fix guest-visible maximum access size to the legacy reg 
> block
> 
> Longpeng (Mike) (5):
>   vdpa-dev: get iova range explicitly
>   vdpa: harden the error path if get_iova_range failed
>   vhost: simplify vhost_dev_enable_notifiers
>   vhost: configure all host notifiers in a single MR transaction
>   vdpa: commit all host notifier MRs in a single MR transaction
> 
> Markus Armbruster (11):
>   include/hw/pci: Break inclusion loop pci_bridge.h and cxl.h
>   include/hw/cxl: Move typedef PXBDev to cxl.h, and put it to use
>   include/hw/cxl: Include hw/cxl/*.h where needed
>   include/hw/pci: Clean up a few things checkpatch.pl would flag
>   include/hw/pci: Split pci_device.h off pci.h
>   include/hw/pci: Include hw/pci/pci.h where needed
>   include/hw/cxl: Break inclusion loop cxl_pci.h and cxl_cdat_h
>   include/hw/virtio: Break inclusion loop
>   include: Include headers where needed
>   include: Don't include qemu/osdep.h
>   docs/devel: Rules on #include in headers
> 
> Philippe Mathieu-Daudé (2):
>   hw/virtio: Rename virtio_device_find() -> qmp_find_virtio_device()
>   hw/virtio: Extract QMP QOM-specific functions to virtio-qmp.c
> 
> Yicong Yang (6):
>   tests: virt: Allow changes to PPTT test table
>   hw/acpi/aml-build: Only generate cluster node in PPTT when specified
>   tests: virt: Update expected ACPI tables for virt test
>   tests: acpi: Add and whitelist *.topology blobs
>   tests: acpi: aarch64: Add topology test for aarch64
>   tests: acpi: aarch64: Add *.topology tables
> 
> leixiang (1):
>   virtio-pci: fix proxy->vector_irqfd leak in 
> virtio_pci_set_guest_notifiers
> 
>  configs/devices/mips-softmmu/common.mak |   3 -
>  bsd-user/qemu.h |   1 -
>  crypto/block-luks-priv.h|   1 -
>  hw/alpha/alpha_sys.h|   1 -
>  hw/display/ati_int.h|   2 +-
>  hw/display/qxl.h  

Re: [PULL 50/51] acpi: cpuhp: fix guest-visible maximum access size to the legacy reg block

[Michael S. Tsirkin]

On Thu, Jan 05, 2023 at 04:17:06AM -0500, Michael S. Tsirkin wrote:
> From: Laszlo Ersek 

I noticed v2 is forthcoming. dropped now.

[PATCH] MAINTAINERS: update email of Peter Lieven

[Peter Lieven]

I will leave KAMP in the next days. Update email to stay reachable.

Signed-off-by: Peter Lieven 
---
 MAINTAINERS | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index b270eb8e5b..995f1156f9 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3428,7 +3428,7 @@ F: block/vmdk.c

 RBD
 M: Ilya Dryomov 
-R: Peter Lieven 
+R: Peter Lieven 
 L: qemu-bl...@nongnu.org
 S: Supported
 F: block/rbd.c
@@ -3454,7 +3454,7 @@ F: block/blkio.c
 iSCSI
 M: Ronnie Sahlberg 
 M: Paolo Bonzini 
-M: Peter Lieven 
+M: Peter Lieven 
 L: qemu-bl...@nongnu.org
 S: Odd Fixes
 F: block/iscsi.c
@@ -3477,7 +3477,7 @@ T: git https://repo.or.cz/qemu/ericb.git nbd
 T: git https://gitlab.com/vsementsov/qemu.git block

 NFS
-M: Peter Lieven 
+M: Peter Lieven 
 L: qemu-bl...@nongnu.org
 S: Maintained
 F: block/nfs.c
--
2.34.1





KAMP Netzwerkdienste GmbH
Vestische Straße 89-91 | 46117 Oberhausen

Fon:+49 (0) 208 89 402-0
Fax:+49 (0) 208 89 402-40
WWW:http://www.kamp.de

Geschäftsführer: Michael Lante | Falk Brockerhoff | Daniel Hagemeier | Marcel 
Chorengel | Dr. Claus Boyens
Amtsgericht Duisburg | HRB Nr. 12154 | USt-IdNr.: DE120607556

HINWEIS: UNSERE HINWEISE ZUM UMGANG MIT PERSONENBEZOGENEN DATEN FINDEN SIE IN 
UNSERER DATENSCHUTZERKLÄRUNG UNTER 
HTTPS://WWW.KAMP.DE/DATENSCHUTZ.HTML

DIESE NACHRICHT IST NUR FÜR DEN ADRESSATEN BESTIMMT. ES IST NICHT ERLAUBT, 
DIESE NACHRICHT ZU KOPIEREN ODER DRITTEN ZUGÄNGLICH ZU MACHEN. SOLLTEN SIE 
IRRTÜMLICH DIESE NACHRICHT ERHALTEN HABEN, BITTE ICH UM IHRE MITTEILUNG PER 
E-MAIL ODER UNTER DER OBEN ANGEGEBENEN TELEFONNUMMER.

[PATCH v3] Hexagon (target/hexagon) implement mutability mask for GPRs

[Marco Liebel]

Some registers are defined to have immutable bits, this commit
will implement that behavior.

Signed-off-by: Marco Liebel 
---
 target/hexagon/genptr.c   |  44 -
 tests/tcg/hexagon/Makefile.target |   1 +
 tests/tcg/hexagon/reg_mut.c   | 152 ++
 3 files changed, 195 insertions(+), 2 deletions(-)
 create mode 100644 tests/tcg/hexagon/reg_mut.c

diff --git a/target/hexagon/genptr.c b/target/hexagon/genptr.c
index 6cf2e0ed43..94420d9e5a 100644
--- a/target/hexagon/genptr.c
+++ b/target/hexagon/genptr.c
@@ -43,6 +43,33 @@ TCGv gen_read_preg(TCGv pred, uint8_t num)
 return pred;
 }
 
+#define IMMUTABLE (~0)
+
+static const target_ulong reg_immut_masks[TOTAL_PER_THREAD_REGS] = {
+[HEX_REG_USR] = 0xc13000c0,
+[HEX_REG_PC] = IMMUTABLE,
+[HEX_REG_GP] = 0x3f,
+[HEX_REG_UPCYCLELO] = IMMUTABLE,
+[HEX_REG_UPCYCLEHI] = IMMUTABLE,
+[HEX_REG_UTIMERLO] = IMMUTABLE,
+[HEX_REG_UTIMERHI] = IMMUTABLE,
+};
+
+static inline void gen_masked_reg_write(TCGv new_val, TCGv cur_val,
+target_ulong reg_mask)
+{
+if (reg_mask) {
+TCGv tmp = tcg_temp_new();
+
+/* new_val = (new_val & ~reg_mask) | (cur_val & reg_mask) */
+tcg_gen_andi_tl(new_val, new_val, ~reg_mask);
+tcg_gen_andi_tl(tmp, cur_val, reg_mask);
+tcg_gen_or_tl(new_val, new_val, tmp);
+
+tcg_temp_free(tmp);
+}
+}
+
 static inline void gen_log_predicated_reg_write(int rnum, TCGv val,
 uint32_t slot)
 {
@@ -69,6 +96,9 @@ static inline void gen_log_predicated_reg_write(int rnum, 
TCGv val,
 
 void gen_log_reg_write(int rnum, TCGv val)
 {
+const target_ulong reg_mask = reg_immut_masks[rnum];
+
+gen_masked_reg_write(val, hex_gpr[rnum], reg_mask);
 tcg_gen_mov_tl(hex_new_value[rnum], val);
 if (HEX_DEBUG) {
 /* Do this so HELPER(debug_commit_end) will know */
@@ -114,19 +144,29 @@ static void gen_log_predicated_reg_write_pair(int rnum, 
TCGv_i64 val,
 
 static void gen_log_reg_write_pair(int rnum, TCGv_i64 val)
 {
+const target_ulong reg_mask_low = reg_immut_masks[rnum];
+const target_ulong reg_mask_high = reg_immut_masks[rnum + 1];
+TCGv val32 = tcg_temp_new();
+
 /* Low word */
-tcg_gen_extrl_i64_i32(hex_new_value[rnum], val);
+tcg_gen_extrl_i64_i32(val32, val);
+gen_masked_reg_write(val32, hex_gpr[rnum], reg_mask_low);
+tcg_gen_mov_tl(hex_new_value[rnum], val32);
 if (HEX_DEBUG) {
 /* Do this so HELPER(debug_commit_end) will know */
 tcg_gen_movi_tl(hex_reg_written[rnum], 1);
 }
 
 /* High word */
-tcg_gen_extrh_i64_i32(hex_new_value[rnum + 1], val);
+tcg_gen_extrh_i64_i32(val32, val);
+gen_masked_reg_write(val32, hex_gpr[rnum + 1], reg_mask_high);
+tcg_gen_mov_tl(hex_new_value[rnum + 1], val32);
 if (HEX_DEBUG) {
 /* Do this so HELPER(debug_commit_end) will know */
 tcg_gen_movi_tl(hex_reg_written[rnum + 1], 1);
 }
+
+tcg_temp_free(val32);
 }
 
 void gen_log_pred_write(DisasContext *ctx, int pnum, TCGv val)
diff --git a/tests/tcg/hexagon/Makefile.target 
b/tests/tcg/hexagon/Makefile.target
index 9ee1faa1e1..e8a647d94e 100644
--- a/tests/tcg/hexagon/Makefile.target
+++ b/tests/tcg/hexagon/Makefile.target
@@ -43,6 +43,7 @@ HEX_TESTS += load_align
 HEX_TESTS += atomics
 HEX_TESTS += fpstuff
 HEX_TESTS += overflow
+HEX_TESTS += reg_mut
 
 HEX_TESTS += test_abs
 HEX_TESTS += test_bitcnt
diff --git a/tests/tcg/hexagon/reg_mut.c b/tests/tcg/hexagon/reg_mut.c
new file mode 100644
index 00..910e663ace
--- /dev/null
+++ b/tests/tcg/hexagon/reg_mut.c
@@ -0,0 +1,152 @@
+
+/*
+ *  Copyright(c) 2022 Qualcomm Innovation Center, Inc. All Rights Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include 
+#include 
+
+static int err;
+
+#define check(N, EXPECT) \
+do { \
+uint64_t value = N; \
+uint64_t expect = EXPECT; \
+if (value != EXPECT) { \
+printf("ERROR: \"%s\" 0x%04llx != 0x%04llx at %s:%d\n", #N, value, 
\
+   expect, __FILE__, __LINE__); \
+err++; \
+} \
+} while (0)
+
+#define check_ne(N, EXPECT) \
+do { \
+uint64_t value = N; \
+uint64_t expect = EXPECT; \
+if (value == EXPECT) { \
+pr

Re: [PATCH 1/5] confidential guest support: Introduce a 'check' class handler

[Philippe Mathieu-Daudé]

On 5/1/23 09:46, Thomas Huth wrote:

On 04/01/2023 12.51, Cédric Le Goater wrote:

From: Cédric Le Goater 

Some machines have specific requirements to activate confidential
guest support. Add a class handler to the confidential guest support
interface to let the arch implementation perform extra checks.

Cc: Eduardo Habkost 
Cc: Marcel Apfelbaum 
Cc: "Philippe Mathieu-Daudé" 
Cc: Yanan Wang 
Signed-off-by: Cédric Le Goater 
---
  include/exec/confidential-guest-support.h |  4 +++-
  hw/core/machine.c | 11 ++-
  2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/include/exec/confidential-guest-support.h 
b/include/exec/confidential-guest-support.h

index ba2dd4b5df..9e6d362b26 100644
--- a/include/exec/confidential-guest-support.h
+++ b/include/exec/confidential-guest-support.h
@@ -23,7 +23,8 @@
  #include "qom/object.h"
  #define TYPE_CONFIDENTIAL_GUEST_SUPPORT "confidential-guest-support"
-OBJECT_DECLARE_SIMPLE_TYPE(ConfidentialGuestSupport, 
CONFIDENTIAL_GUEST_SUPPORT)
+OBJECT_DECLARE_TYPE(ConfidentialGuestSupport, 
ConfidentialGuestSupportClass,

+    CONFIDENTIAL_GUEST_SUPPORT)
  struct ConfidentialGuestSupport {
  Object parent;
@@ -55,6 +56,7 @@ struct ConfidentialGuestSupport {
  typedef struct ConfidentialGuestSupportClass {
  ObjectClass parent;
+    bool (*check)(const Object *obj, Error **errp);
  } ConfidentialGuestSupportClass;
  #endif /* !CONFIG_USER_ONLY */
diff --git a/hw/core/machine.c b/hw/core/machine.c
index f589b92909..bab43cd675 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -502,11 +502,12 @@ static void 
machine_check_confidential_guest_support(const Object *obj,
   Object 
*new_target,

   Error **errp)
  {
-    /*
- * So far the only constraint is that the target has the
- * TYPE_CONFIDENTIAL_GUEST_SUPPORT interface, and that's checked
- * by the QOM core
- */
+    ConfidentialGuestSupportClass *cgsc =
+    CONFIDENTIAL_GUEST_SUPPORT_GET_CLASS(new_target);
+
+    if (cgsc->check) {
+    cgsc->check(obj, errp);


I assume the caller is checking *errp, so it's ok to ignore the return 
value of the check function here?


Agreed, can we change by:

  if (cgsc->check && !cgsc->check(obj, errp)) {
  return;
  }

?

Also since the handler name is not very self-descriptive, can we
add a comment in its declaration in ConfidentialGuestSupportClass?


+    }
  }

[PATCH 4/4] Makefile: explicitly disable -net for our -M virt runs

[Alex Bennée]

At some points in the bisect history this stops the default virtio-net
complaining when it can't find "efi-virtio.rom".

Signed-off-by: Alex Bennée 
---
 Makefile | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Makefile b/Makefile
index 6905b8d..a8cae07 100644
--- a/Makefile
+++ b/Makefile
@@ -126,22 +126,22 @@ run-usertest-a64: usertest-a64
$(QEMU_AARCH64) usertest-a64
 
 run-systest-a32: systest-a32.axf
-   $(QEMU_SYSTEM_ARM) -M virt --display none --semihosting -kernel $^
+   $(QEMU_SYSTEM_ARM) -M virt -net none --display none --semihosting 
-kernel $^
 
 run-systest-t32: systest-t32.axf
-   $(QEMU_SYSTEM_ARM) -M virt --display none --semihosting -kernel $^
+   $(QEMU_SYSTEM_ARM) -M virt -net none --display none --semihosting 
-kernel $^
 
 run-systest-a32-hlt: systest-a32-hlt.axf
-   $(QEMU_SYSTEM_ARM) -M virt --display none --semihosting -kernel $^
+   $(QEMU_SYSTEM_ARM) -M virt -net none --display none --semihosting 
-kernel $^
 
 run-systest-t32-hlt: systest-t32-hlt.axf
-   $(QEMU_SYSTEM_ARM) -M virt --display none --semihosting -kernel $^
+   $(QEMU_SYSTEM_ARM) -M virt -net none --display none --semihosting 
-kernel $^
 
 run-systest-t32-bkpt: systest-t32-bkpt.axf
$(QEMU_SYSTEM_ARM) -M microbit --display none --semihosting -kernel $^
 
 run-systest-a64: systest-a64.axf
-   $(QEMU_SYSTEM_AARCH64) -M virt --display none --semihosting \
+   $(QEMU_SYSTEM_AARCH64) -M virt -net none --display none --semihosting \
-cpu cortex-a57 -kernel $^
 
 run: run-usertest-a32 run-usertest-t32 run-usertest-a64 \
-- 
2.34.1

[PATCH 1/4] semihosting-tests: add timeout support

[Alex Bennée]

If you break semihosting in a way that hangs you need to be able to
detect that. Add support for a timeout.

Signed-off-by: Alex Bennée 
---
 Makefile | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 1296fde..f58b79e 100644
--- a/Makefile
+++ b/Makefile
@@ -57,10 +57,14 @@ SYSGDB := -gdb tcp::$(GDBPORT)
 USRGDB := -g $(GDBPORT)
 endif
 
+ifdef TIMEOUT
+SYSTIMEOUT := timeout --foreground 10s
+endif
+
 QEMU_ARM = $(QEMU_BUILDDIR)/arm-linux-user/qemu-arm $(USRGDB)
 QEMU_AARCH64 = $(QEMU_BUILDDIR)/aarch64-linux-user/qemu-aarch64 $(USRGDB)
-QEMU_SYSTEM_ARM = $(QEMU_BUILDDIR)/arm-softmmu/qemu-system-arm $(SYSGDB)
-QEMU_SYSTEM_AARCH64 = $(QEMU_BUILDDIR)/aarch64-softmmu/qemu-system-aarch64 
$(SYSGDB)
+QEMU_SYSTEM_ARM = $(SYSTIMEOUT) $(QEMU_BUILDDIR)/arm-softmmu/qemu-system-arm 
$(SYSGDB)
+QEMU_SYSTEM_AARCH64 = $(SYSTIMEOUT) 
$(QEMU_BUILDDIR)/aarch64-softmmu/qemu-system-aarch64 $(SYSGDB)
 
 all: usertest-a32 usertest-a64 usertest-t32 \
systest-a32.axf systest-t32.axf \
-- 
2.34.1

[PATCH 0/4] Some tweaks for semihosting-tests

[Alex Bennée]

Hi Peter,

I discovered that semihosting syscall support got broken and while
preparing to bisect I ran into a few warts.

 Alex Bennée (4):
   semihosting-tests: add timeout support
   Makefile: drop microbit.lds from the sources
   Makefile: simplify path to QEMU binaries
   Makefile: explicitly disable -net for our -M virt runs

Alex Bennée (4):
  semihosting-tests: add timeout support
  Makefile: drop microbit.lds from the sources
  Makefile: simplify path to QEMU binaries
  Makefile: explicitly disable -net for our -M virt runs

 Makefile | 24 ++--
 1 file changed, 14 insertions(+), 10 deletions(-)

-- 
2.34.1

[PATCH 3/4] Makefile: simplify path to QEMU binaries

[Alex Bennée]

We've had the new build layout for a while now.

Signed-off-by: Alex Bennée 
---
 Makefile | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 7b9a5f4..6905b8d 100644
--- a/Makefile
+++ b/Makefile
@@ -61,10 +61,10 @@ ifdef TIMEOUT
 SYSTIMEOUT := timeout --foreground 10s
 endif
 
-QEMU_ARM = $(QEMU_BUILDDIR)/arm-linux-user/qemu-arm $(USRGDB)
-QEMU_AARCH64 = $(QEMU_BUILDDIR)/aarch64-linux-user/qemu-aarch64 $(USRGDB)
-QEMU_SYSTEM_ARM = $(SYSTIMEOUT) $(QEMU_BUILDDIR)/arm-softmmu/qemu-system-arm 
$(SYSGDB)
-QEMU_SYSTEM_AARCH64 = $(SYSTIMEOUT) 
$(QEMU_BUILDDIR)/aarch64-softmmu/qemu-system-aarch64 $(SYSGDB)
+QEMU_ARM = $(QEMU_BUILDDIR)/qemu-arm $(USRGDB)
+QEMU_AARCH64 = $(QEMU_BUILDDIR)/qemu-aarch64 $(USRGDB)
+QEMU_SYSTEM_ARM = $(SYSTIMEOUT) $(QEMU_BUILDDIR)/qemu-system-arm $(SYSGDB)
+QEMU_SYSTEM_AARCH64 = $(SYSTIMEOUT) $(QEMU_BUILDDIR)/qemu-system-aarch64 
$(SYSGDB)
 
 all: usertest-a32 usertest-a64 usertest-t32 \
systest-a32.axf systest-t32.axf \
-- 
2.34.1

[PATCH 2/4] Makefile: drop microbit.lds from the sources

[Alex Bennée]

Otherwise the compiler will complain about the lds file being included
more than once as we include all the dependencies in the compile step.

Signed-off-by: Alex Bennée 
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index f58b79e..7b9a5f4 100644
--- a/Makefile
+++ b/Makefile
@@ -75,7 +75,7 @@ all: usertest-a32 usertest-a64 usertest-t32 \
 usertest-srcs = usertest.c semihosting.c semicall.S printf/printf.c
 
 systest-srcs = start.S string.c $(usertest-srcs)
-microbit-systest-srcs = microbit.lds start-microbit.S string.c $(usertest-srcs)
+microbit-systest-srcs = start-microbit.S string.c $(usertest-srcs)
 
 usertest-a32: $(usertest-srcs)
$(A32GCC) --static -o $@ $^
-- 
2.34.1

Re: [PATCH v10 3/9] KVM: Extend the memslot to support fd-based private memory

[Jarkko Sakkinen]

On Fri, Dec 02, 2022 at 02:13:41PM +0800, Chao Peng wrote:
> In memory encryption usage, guest memory may be encrypted with special
> key and can be accessed only by the guest itself. We call such memory
> private memory. It's valueless and sometimes can cause problem to allow
> userspace to access guest private memory. This new KVM memslot extension
> allows guest private memory being provided through a restrictedmem
> backed file descriptor(fd) and userspace is restricted to access the
> bookmarked memory in the fd.
> 
> This new extension, indicated by the new flag KVM_MEM_PRIVATE, adds two
> additional KVM memslot fields restricted_fd/restricted_offset to allow
> userspace to instruct KVM to provide guest memory through restricted_fd.
> 'guest_phys_addr' is mapped at the restricted_offset of restricted_fd
> and the size is 'memory_size'.
> 
> The extended memslot can still have the userspace_addr(hva). When use, a
> single memslot can maintain both private memory through restricted_fd
> and shared memory through userspace_addr. Whether the private or shared
> part is visible to guest is maintained by other KVM code.
> 
> A restrictedmem_notifier field is also added to the memslot structure to
> allow the restricted_fd's backing store to notify KVM the memory change,
> KVM then can invalidate its page table entries or handle memory errors.
> 
> Together with the change, a new config HAVE_KVM_RESTRICTED_MEM is added
> and right now it is selected on X86_64 only.
> 
> To make future maintenance easy, internally use a binary compatible
> alias struct kvm_user_mem_region to handle both the normal and the
> '_ext' variants.

Feels bit hacky IMHO, and more like a completely new feature than
an extension.

Why not just add a new ioctl? The commit message does not address
the most essential design here.

BR, Jarkko

Re: [PATCH] block-backend: fix virtio-scsi assertion failure with blk_drain_noref()

[Stefan Hajnoczi]

On Wed, Jan 04, 2023 at 10:37:34PM +0100, Paolo Bonzini wrote:
> blk_root_drained_end is not thread-safe too. I started looking at that with
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg925670.html; that's
> certainly a prerequisite for this patch to be a full fix, but I have not
> checked if it's enough because I don't have the QEMU sources at hand right
> now.

Thanks for letting me know.

Do you think blk_drain_noref() makes sense at all, or should
scsi_purge_requests() avoid calling blk_drain() somehow?

Stefan


signature.asc
Description: PGP signature

Re: [PATCH 2/5] s390x/pv: Implement CGS check handler

[Thomas Huth]

On 04/01/2023 12.51, Cédric Le Goater wrote:

From: Cédric Le Goater 

When a protected VM is started with the maximum number of CPUs (248),
the service call providing information on the CPUs requires more
buffer space than allocated and QEMU disgracefully aborts :

 LOADPARM=[]
 Using virtio-blk.
 Using SCSI scheme.
 
...
 qemu-system-s390x: KVM_S390_MEM_OP failed: Argument list too long

Implement a test for this limitation in the ConfidentialGuestSupportClass
check handler and provide some valid information to the user before the
machine starts.

Signed-off-by: Cédric Le Goater 
---
  hw/s390x/pv.c | 23 +++
  1 file changed, 23 insertions(+)

diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c
index 8dfe92d8df..3a7ec70634 100644
--- a/hw/s390x/pv.c
+++ b/hw/s390x/pv.c
@@ -266,6 +266,26 @@ int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error 
**errp)
  return 0;
  }
  
+static bool s390_pv_check_cpus(Error **errp)

+{
+MachineState *ms = MACHINE(qdev_get_machine());
+MachineClass *mc = MACHINE_GET_CLASS(ms);
+uint32_t pv_max_cpus = mc->max_cpus - 1;


Not sure whether "mc->max_cpus - 1" is the right approach here. I think it 
would be better to calculate the amount of CPUs that we can support.


So AFAIK the problem is that SCLP information that is gathered during 
read_SCP_info() in hw/s390x/sclp.c. If protected virtualization is enabled, 
everything has to fit in one page (i.e. 4096 bytes) there.


So we have space for

 (TARGET_PAGE_SIZE - offset_cpu) / sizeof(CPUEntry)

CPUs.

With S390_FEAT_EXTENDED_LENGTH_SCCB enabled, offset_cpu is 144 (see struct 
ReadInfo in sclp.h), otherwise it is 128.


That means, with S390_FEAT_EXTENDED_LENGTH_SCCB we can have a maximum of:

 (4096 - 144) / 16 = 247 CPUs

which is what you were trying to check with the mc->max_cpus - 1 here.

But with "-cpu els=off", it sounds like we could fit all 248 also with 
protected VMs? Could you please give it a try?


Anyway, instead of using "pv_max_cpus = mc->max_cpus - 1" I'd suggest to use 
something like this instead:


 int offset_cpu = s390_has_feat(S390_FEAT_EXTENDED_LENGTH_SCCB) ?
 offsetof(ReadInfo, entries) :
 SCLP_READ_SCP_INFO_FIXED_CPU_OFFSET;
 pv_max_cpus = (TARGET_PAGE_SIZE - offset_cpu) /sizeof(CPUEntry);

  Thomas

[RFC PATCH] target/arm: fix handling of HLT semihosting in system mode

[Alex Bennée]

The check semihosting_enabled() wants to know if the guest is
currently in user mode. Unlike the other cases the test was inverted
causing us to block semihosting calls in non-EL0 modes.

Fixes: 19b26317e9 (target/arm: Honour -semihosting-config userspace=on)
Signed-off-by: Alex Bennée 
---
 target/arm/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index 74a903072f..1dcaefb8e7 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -1184,7 +1184,7 @@ static inline void gen_hlt(DisasContext *s, int imm)
  * semihosting, to provide some semblance of security
  * (and for consistency with our 32-bit semihosting).
  */
-if (semihosting_enabled(s->current_el != 0) &&
+if (semihosting_enabled(s->current_el == 0) &&
 (imm == (s->thumb ? 0x3c : 0xf000))) {
 gen_exception_internal_insn(s, EXCP_SEMIHOST);
 return;
-- 
2.34.1

Re: [PATCH 3/5] s390x/pv: Check for support on the host

[Thomas Huth]

On 04/01/2023 12.51, Cédric Le Goater wrote:

From: Cédric Le Goater 

Support for protected VMs should have been enabled on the host with
the kernel parameter 'prot_virt=1'. If the hardware supports the
feature, it is reflected under sysfs.

Signed-off-by: Cédric Le Goater 
---
  hw/s390x/pv.c | 23 ++-
  1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c
index 3a7ec70634..8d0d3f4adc 100644
--- a/hw/s390x/pv.c
+++ b/hw/s390x/pv.c
@@ -14,6 +14,7 @@
  #include 
  
  #include "qapi/error.h"

+#include "qemu/cutils.h"
  #include "qemu/error-report.h"
  #include "sysemu/kvm.h"
  #include "qom/object_interfaces.h"
@@ -281,9 +282,29 @@ static bool s390_pv_check_cpus(Error **errp)
  return true;
  }
  
+#define S390_PV_HOST "/sys/firmware/uv/prot_virt_host"

+
+static bool s390_pv_check_host(Error **errp)
+{
+gchar *s = NULL;
+uint64_t pv_host = 0;
+
+if (g_file_get_contents(S390_PV_HOST, &s, NULL, NULL)) {
+pv_host = g_ascii_strtoull(s, NULL, 10);
+}
+g_free(s);
+
+if (pv_host != 1) {
+error_setg(errp, "Host does not support protected VMs");
+return false;
+}
+
+return true;
+}
+
  static bool s390_pv_guest_check(const Object *obj, Error **errp)
  {
-return s390_pv_check_cpus(errp);
+return s390_pv_check_cpus(errp) && s390_pv_check_host(errp);
  }
  
  OBJECT_DEFINE_TYPE_WITH_INTERFACES(S390PVGuest,


Reviewed-by: Thomas Huth 

Re: [RFC PATCH] target/arm: fix handling of HLT semihosting in system mode

[Peter Maydell]

On Thu, 5 Jan 2023 at 11:43, Alex Bennée  wrote:
>
> The check semihosting_enabled() wants to know if the guest is
> currently in user mode. Unlike the other cases the test was inverted
> causing us to block semihosting calls in non-EL0 modes.
>
> Fixes: 19b26317e9 (target/arm: Honour -semihosting-config userspace=on)
> Signed-off-by: Alex Bennée 

Whoops. I guess I must have only tested SVC AA32 semihosting
or something. We should

Cc: qemu-sta...@nongnu.org

Reviewed-by: Peter Maydell 

and applied to target-arm.next.

-- PMM

Re: [PATCH] block-backend: fix virtio-scsi assertion failure with blk_drain_noref()

[Paolo Bonzini]

Il gio 5 gen 2023, 12:35 Stefan Hajnoczi  ha scritto:

> On Wed, Jan 04, 2023 at 10:37:34PM +0100, Paolo Bonzini wrote:
> > blk_root_drained_end is not thread-safe too. I started looking at that
> with
> > https://www.mail-archive.com/qemu-devel@nongnu.org/msg925670.html;
> that's
> > certainly a prerequisite for this patch to be a full fix, but I have not
> > checked if it's enough because I don't have the QEMU sources at hand
> right
> > now.
>
> Thanks for letting me know.
>
> Do you think blk_drain_noref() makes sense at all, or should
> scsi_purge_requests() avoid calling blk_drain() somehow?
>

I think it makes sense as a stop gap measure.

Perhaps these iothread unrefs could also be changed to happen in a
main-loop BH, but I wouldn't rush that. Unref is also the main culprit for
functions that end up calling aio_poll from coroutine context (which should
be prohibited!) and Kevin was looking at that.

Paolo


> Stefan
>

Re: [PATCH v7 5/7] mac_newworld: Deprecate mac99 with G5 CPU

[BALATON Zoltan]

On Thu, 5 Jan 2023, Philippe Mathieu-Daudé wrote:

On 4/1/23 22:59, BALATON Zoltan wrote:

Besides resolving the confusing behaviour mentioned in previous commit
this might also allow unifying qemu-system-ppc and qemu-system-ppc64
in the future.

Signed-off-by: BALATON Zoltan 
---
  hw/ppc/mac_newworld.c | 6 ++
  1 file changed, 6 insertions(+)

diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index 3f5d1ec097..f07c37328b 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -165,6 +165,12 @@ static void ppc_core99_init(MachineState *machine)
  qemu_register_reset(ppc_core99_reset, cpu);
  }
  +if (object_property_find(OBJECT(machine), "via")) {
+if (PPC_INPUT(env) == PPC_FLAGS_INPUT_970) {
+warn_report("mac99 with G5 CPU is deprecated, "
+"use powermac7_3 instead");


"mac99 machine with G5 CPU is deprecated, prefer the powermac7_3 machine 
instead"?


I don't mind what the text is but this seems unnecessarily long where my 
version conveys the message in a more concise way. But if others prefer 
something else I'm OK to change it as you like. I expect these last 
patches may need to be repartitioned so I'm waiting for review to see 
what's preferred.


Regards,
BALATON Zoltan


+}
+}
  /* allocate RAM */
  if (machine->ram_size > 2 * GiB) {
  error_report("RAM size more than 2 GiB is not supported");

Re: [PATCH qemu.git v3 1/8] hw/timer/imx_epit: improve comments

[Peter Maydell]

On Thu, 1 Dec 2022 at 15:42, ~axelheider  wrote:
>
> From: Axel Heider 
>
> Fix typos, add background information
>
> Signed-off-by: Axel Heider 

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [PATCH qemu.git v3 2/8] hw/timer/imx_epit: cleanup CR defines

[Peter Maydell]

On Thu, 1 Dec 2022 at 15:42, ~axelheider  wrote:
>
> From: Axel Heider 
>
> remove unused defines, add needed defines
>
> Signed-off-by: Axel Heider 
> ---


Reviewed-by: Peter Maydell 

thanks
-- PMM

[PATCH] hw/display/xlnx_dp: fix underflow in xlnx_dp_aux_pop_tx_fifo()

[Qiang Liu]

Fixes: 58ac482a66de ("introduce xlnx-dp")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1418
Reported-by: Qiang Liu 
Signed-off-by: Qiang Liu 
---
 hw/display/xlnx_dp.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c
index 407518c870..322e2faadd 100644
--- a/hw/display/xlnx_dp.c
+++ b/hw/display/xlnx_dp.c
@@ -520,6 +520,10 @@ static void xlnx_dp_aux_set_command(XlnxDPState *s, 
uint32_t value)
 case WRITE_AUX:
 case WRITE_I2C:
 case WRITE_I2C_MOT:
+if (nbytes > fifo8_num_used(&s->tx_fifo)) {
+qemu_log_mask(LOG_GUEST_ERROR, "xlnx_dp: TX length > fifo data 
length");
+nbytes = fifo8_num_used(&s->tx_fifo);
+}
 for (i = 0; i < nbytes; i++) {
 buf[i] = xlnx_dp_aux_pop_tx_fifo(s);
 }
-- 
2.25.1

Re: [PATCH qemu.git v3 3/8] hw/timer/imx_epit: define SR_OCIF

[Peter Maydell]

On Thu, 1 Dec 2022 at 15:42, ~axelheider  wrote:
>
> From: Axel Heider 
>
> ---

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [PATCH qemu.git v3 4/8] hw/timer/imx_epit: update interrupt state on CR write access

[Peter Maydell]

On Thu, 1 Dec 2022 at 15:42, ~axelheider  wrote:
>
> From: Axel Heider 
>
> The interrupt state can change due to:
> - reset clears both SR.OCIF and CR.OCIE
> - write to CR.EN or CR.OCIE
>
> Signed-off-by: Axel Heider 

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [PATCH v7 7/7] mac_newworld: Document deprecation

[BALATON Zoltan]

On Thu, 5 Jan 2023, Philippe Mathieu-Daudé wrote:

On 4/1/23 22:59, BALATON Zoltan wrote:

Also update PowerMac family docs with some more recent info.

Signed-off-by: BALATON Zoltan 
---
  docs/about/deprecated.rst|  7 +++
  docs/system/ppc/powermac.rst | 12 
  2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 93affe3669..07661af7fe 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -248,6 +248,13 @@ These old machine types are quite neglected nowadays 
and thus might have

  various pitfalls with regards to live migration. Use a newer machine type
  instead.
  +``mac99`` variants other than the default qemu-system-ppc version (since 
7.2)

+'
+
+The ``mac99`` machine emulates different hardware depending on using
+qemu-system-ppc64 or ``via`` property. To avoid confusion new machine
+types has been added for these variants which are now preferred over
+``mac99``.


^ this part is OK,

but below is part of patch 4/7 "Add different mac99 machine types".


Not really, as that patch does not add these. It's already the current 
state which this patch just documents so this is just updating docs. If 
anything then the above part about deprecating mac99 may be squashed with 
patch 5 and 6 to make a single deprecation patch but I'll see what the 
maintainer prefers because whatever I come up with is usually not what he 
likes so to avoid wasted effort I'd rather wait for clear instructions 
before making more changes.


Regards,
BALATON Zoltan


diff --git a/docs/system/ppc/powermac.rst b/docs/system/ppc/powermac.rst
index 04334ba210..d4a47a6881 100644
--- a/docs/system/ppc/powermac.rst
+++ b/docs/system/ppc/powermac.rst
@@ -4,8 +4,12 @@ PowerMac family boards (``g3beige``, ``mac99``)
  Use the executable ``qemu-system-ppc`` to simulate a complete PowerMac
  PowerPC system.
  -- ``g3beige``  Heathrow based PowerMAC
-- ``mac99``Mac99 based PowerMAC
+- ``g3beige``   Heathrow based old world Power Macintosh G3
+- ``mac99`` Core99 based generic PowerMac
+- ``powermac3_1``   Power Mac G4 AGP (Sawtooth)
+- ``powerbook3_2``  PowerBook G4 Titanium (Mercury)
+- ``powermac7_3``   Power Mac G5 (Niagara) (only in 
``qemu-system-ppc64``)

+
Supported devices
  -
@@ -15,9 +19,9 @@ QEMU emulates the following PowerMac peripherals:
   *  UniNorth or Grackle PCI Bridge
   *  PCI VGA compatible card with VESA Bochs Extensions
   *  2 PMAC IDE interfaces with hard disk and CD-ROM support
- *  NE2000 PCI adapters
+ *  Sungem PCI network adapter
   *  Non Volatile RAM
- *  VIA-CUDA with ADB keyboard and mouse.
+ *  VIA-CUDA or VIA-PMU99 with or without ADB or USB keyboard and mouse.
  Missing devices

Re: [PATCH qemu.git v3 6/8] hw/timer/imx_epit: factor out register write handlers

[Peter Maydell]

On Thu, 1 Dec 2022 at 15:42, ~axelheider  wrote:
>
> From: Axel Heider 
>
> Signed-off-by: Axel Heider 

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [PATCH qemu.git v3 5/8] hw/timer/imx_epit: hard reset initializes CR with 0

[Peter Maydell]

On Thu, 1 Dec 2022 at 15:42, ~axelheider  wrote:
>
> From: Axel Heider 
>
> Signed-off-by: Axel Heider 
> ---
>  hw/timer/imx_epit.c | 20 ++--
>  1 file changed, 14 insertions(+), 6 deletions(-)

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [PATCH qemu.git v3 7/8] hw/timer/imx_epit: remove explicit fields cnt and freq

[Peter Maydell]

On Thu, 1 Dec 2022 at 15:42, ~axelheider  wrote:
>
> From: Axel Heider 
>
> The CNT register is a read-only register. There is no need to
> store it's value, it can be calculated on demand.
> The calculated frequency is needed temporarily only.
>
> Note that this is a migration compatibility break for all boards
> types that use the EPIT peripheral.

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [PATCH qemu.git v3 8/8] hw/timer/imx_epit: fix compare timer handling

[Peter Maydell]

On Thu, 1 Dec 2022 at 15:42, ~axelheider  wrote:
>
> From: Axel Heider 
>
> - fix #1263 for CR writes
> - rework compare time handling
>   - The compare timer has to run even if CR.OCIEN is not set,
> as SR.OCIF must be updated.
>   - The compare timer fires exactly once when the
> compare value is less than the current value, but the
> reload values is less than the compare value.
>   - The compare timer will never fire if the reload value is
> less than the compare value. Disable it in this case.
>
> Signed-off-by: Axel Heider 

There's a couple of minor code-style issues here (block comment
format, variable declarations in the middle of a block); rather
than asking you to re-roll the series I'll just squash in the
fixes for those:

diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
index 663907f9cf9..f63d3a20830 100644
--- a/hw/timer/imx_epit.c
+++ b/hw/timer/imx_epit.c
@@ -161,7 +161,8 @@ static void imx_epit_update_compare_timer(IMXEPITState *s)
 {
 uint64_t counter = 0;
 bool is_oneshot = false;
-/* The compare timer only has to run if the timer peripheral is active
+/*
+ * The compare timer only has to run if the timer peripheral is active
  * and there is an input clock, Otherwise it can be switched off.
  */
 bool is_active = (s->cr & CR_EN) && imx_epit_get_freq(s);
@@ -233,19 +234,22 @@ static void imx_epit_write_cr(IMXEPITState *s,
uint32_t value)
  */
 imx_epit_reset(s, false);
 } else {
-ptimer_transaction_begin(s->timer_cmp);
-ptimer_transaction_begin(s->timer_reload);
-uint32_t freq = imx_epit_get_freq(s);
-if (freq) {
-ptimer_set_freq(s->timer_reload, freq);
-ptimer_set_freq(s->timer_cmp, freq);
-}
+uint32_t freq;
 uint32_t toggled_cr_bits = oldcr ^ s->cr;
 /* re-initialize the limits if CR.RLD has changed */
 bool set_limit = toggled_cr_bits & CR_RLD;
 /* set the counter if the timer got just enabled and CR.ENMOD is set */
 bool is_switched_on = (toggled_cr_bits & s->cr) & CR_EN;
 bool set_counter = is_switched_on && (s->cr & CR_ENMOD);
+
+ptimer_transaction_begin(s->timer_cmp);
+ptimer_transaction_begin(s->timer_reload);
+freq = imx_epit_get_freq(s);
+if (freq) {
+ptimer_set_freq(s->timer_reload, freq);
+ptimer_set_freq(s->timer_cmp, freq);
+}
+
 if (set_limit || set_counter) {
 uint64_t limit = (s->cr & CR_RLD) ? s->lr : EPIT_TIMER_MAX;
 ptimer_set_limit(s->timer_reload, limit, set_counter ? 1 : 0);

Otherwise
Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [PATCH qemu.git v3 0/8] hw/timer/imx_epit: improve and fix EPIT compare timer

[Peter Maydell]

On Thu, 1 Dec 2022 at 15:42, ~axelheider  wrote:
>
> This patch set improves the i.MX EPIT emulation:
> - fix #1263 for writes to CR
> - ensure SR_OCIF is set properly even if CR_OCIEN is off
> - hardware reset initialized CR to 0
> - interrupt state update on CR writes (e.g. software reset)
> - remove explicit fields cnt and freq (they are redundant)
> - general code and documentation improvements
>
> v3 addresses the comments from the previous iterations, but still keeps
> the scope of this patchset limited to addressing the obvious bugs in the
> behavior. It does not try to improve the timer accuracy, thus the
> following remarks remain to be fixed in a future patch after this one is
> merged:
> - don't use PTIMER_POLICY_LEGACY. Fine tuning this requires more
>   time and currently this is not a major concern, because the timer is
>   working reasonably well.
> - replace the modestly harmful sequence
> counter = ptimer_get_count(s->timer_reload);
> ...
> ptimer_set_count(s->timer_cmp, counter);
>   by something better that does not lose or gain time. The current
>   patchset does not introduce this sequence, it has been there
>   before already. Again,  the current lack of accuracy here is not a
>   major concern because the timer is working reasonably well.

Applied to target-arm.next, thanks. Sorry it took me so long to
get to this.

-- PMM

Re: [PATCH 0/6] target/arm: general cleanups

[Peter Maydell]

On Tue, 13 Dec 2022 at 19:08, Fabiano Rosas  wrote:
>
> Hi folks,
>
> I'm splitting this big series from Claudio from last year into more
> manageable chunks (at least for me):
>
> https://lore.kernel.org/r/20210416162824.25131-1-cfont...@suse.de
>
> This is the first chunk with only the most trivial patches that make
> sense even without the kvm/tcg and sysemu/user splits.



Applied to target-arm.next, thanks.

-- PMM

Re: [PATCH 4/5] s390x/pv: Introduce a s390_pv_check() helper for runtime

[Thomas Huth]

On 04/01/2023 12.51, Cédric Le Goater wrote:

From: Cédric Le Goater 

If a secure kernel is started in a non-protected VM, the OS will hang
during boot without giving a proper error message to the user.

Perform the checks on Confidential Guest support at runtime with an
helper called from the service call switching the guest to protected
mode.

Signed-off-by: Cédric Le Goater 
---
  include/hw/s390x/pv.h |  2 ++
  hw/s390x/pv.c | 14 ++
  target/s390x/diag.c   |  7 +++
  3 files changed, 23 insertions(+)

diff --git a/include/hw/s390x/pv.h b/include/hw/s390x/pv.h
index 9360aa1091..ca7dac2e20 100644
--- a/include/hw/s390x/pv.h
+++ b/include/hw/s390x/pv.h
@@ -55,6 +55,7 @@ int kvm_s390_dump_init(void);
  int kvm_s390_dump_cpu(S390CPU *cpu, void *buff);
  int kvm_s390_dump_mem_state(uint64_t addr, size_t len, void *dest);
  int kvm_s390_dump_completion_data(void *buff);
+bool s390_pv_check(Error **errp);
  #else /* CONFIG_KVM */
  static inline bool s390_is_pv(void) { return false; }
  static inline int s390_pv_query_info(void) { return 0; }
@@ -75,6 +76,7 @@ static inline int kvm_s390_dump_cpu(S390CPU *cpu, void *buff) 
{ return 0; }
  static inline int kvm_s390_dump_mem_state(uint64_t addr, size_t len,
void *dest) { return 0; }
  static inline int kvm_s390_dump_completion_data(void *buff) { return 0; }
+static inline bool s390_pv_check(Error **errp) { return false; }
  #endif /* CONFIG_KVM */
  
  int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp);

diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c
index 8d0d3f4adc..96c0728ec9 100644
--- a/hw/s390x/pv.c
+++ b/hw/s390x/pv.c
@@ -307,6 +307,20 @@ static bool s390_pv_guest_check(const Object *obj, Error 
**errp)
  return s390_pv_check_cpus(errp) && s390_pv_check_host(errp);
  }
  
+bool s390_pv_check(Error **errp)

+{
+MachineState *ms = MACHINE(qdev_get_machine());
+Object *obj = OBJECT(ms->cgs);
+
+if (!obj) {
+error_setg(errp, "Protected VM started without a Confidential"
+   " Guest support interface");
+return false;
+}
+
+return s390_pv_guest_check(obj, errp);
+}
+
  OBJECT_DEFINE_TYPE_WITH_INTERFACES(S390PVGuest,
 s390_pv_guest,
 S390_PV_GUEST,
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 76b01dcd68..9b16e25930 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -79,6 +79,7 @@ void handle_diag_308(CPUS390XState *env, uint64_t r1, 
uint64_t r3, uintptr_t ra)
  uint64_t addr =  env->regs[r1];
  uint64_t subcode = env->regs[r3];
  IplParameterBlock *iplb;
+Error *local_err = NULL;
  
  if (env->psw.mask & PSW_MASK_PSTATE) {

  s390_program_interrupt(env, PGM_PRIVILEGED, ra);
@@ -176,6 +177,12 @@ out:
  return;
  }
  
+if (!s390_pv_check(&local_err)) {

+error_report_err(local_err);
+env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;


I hope someone from IBM can double-check whether that return code is fine in 
this case here.


If so, the patch looks fine to me.

 Thomas



+return;
+}
+
  s390_ipl_reset_request(cs, S390_RESET_PV);
  break;
  default:

Re: [PATCH 5/5] s390x/pv: Move check on hugepage under s390_pv_guest_check()

[Thomas Huth]

On 04/01/2023 12.51, Cédric Le Goater wrote:

From: Cédric Le Goater 

Signed-off-by: Cédric Le Goater 
---
  hw/s390x/pv.c   | 14 +-
  target/s390x/diag.c |  7 ---
  2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c
index 96c0728ec9..4e1f991d98 100644
--- a/hw/s390x/pv.c
+++ b/hw/s390x/pv.c
@@ -302,9 +302,21 @@ static bool s390_pv_check_host(Error **errp)
  return true;
  }
  
+static bool s390_pv_check_hpage(Error **errp)

+{
+if (kvm_s390_get_hpage_1m()) {
+error_setg(errp, "Protected VMs can currently not be backed with "
+   "huge pages");
+return false;
+}
+
+return true;
+}
+
  static bool s390_pv_guest_check(const Object *obj, Error **errp)
  {
-return s390_pv_check_cpus(errp) && s390_pv_check_host(errp);
+return s390_pv_check_cpus(errp) && s390_pv_check_host(errp) &&
+s390_pv_check_hpage(errp);
  }
  
  bool s390_pv_check(Error **errp)

diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 9b16e25930..28f4350aed 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -170,13 +170,6 @@ out:
  return;
  }
  
-if (kvm_enabled() && kvm_s390_get_hpage_1m()) {

-error_report("Protected VMs can currently not be backed with "
- "huge pages");
-env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;
-return;
-}
-
  if (!s390_pv_check(&local_err)) {
  error_report_err(local_err);
  env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;


Reviewed-by: Thomas Huth 

[PATCH v1 4/5] migration/ram: Rely on used_length for uffd_change_protection()

[David Hildenbrand]

ram_mig_ram_block_resized() will abort migration (including background
snapshots) when resizing a RAMBlock. ram_block_populate_read() will only
populate RAM up to used_length, so at least for anonymous memory
protecting everything between used_length and max_length won't
actually be protected and is just a NOP.

So let's only protect everything up to used_length.

Note: it still makes sense to register uffd-wp for max_length, such
that RAM_UF_WRITEPROTECT is independent of a changing used_length.

Signed-off-by: David Hildenbrand 
---
 migration/ram.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migration/ram.c b/migration/ram.c
index 6a3dbee2c3..73a443f683 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -1901,7 +1901,7 @@ int ram_write_tracking_start(void)
 
 /* Apply UFFD write protection to the block memory range */
 if (uffd_change_protection(rs->uffdio_fd, block->host,
-block->max_length, true, false)) {
+   block->used_length, true, false)) {
 goto fail;
 }
 
-- 
2.39.0

[PATCH v1 0/5] migration/ram: background snapshot fixes and optimiations

[David Hildenbrand]

Playing with background snapshots in combination with hugetlb and
virtio-mem, I found two issues and some reasonable optimizations (skip
unprotecting when unregistering).

With virtio-mem (RamDiscardManager), we now won't be allocating unnecessary
page tables for unplugged ranges when using uffd-wp with shmem/hugetlb.

Cc: Juan Quintela  (maintainer:Migration)
Cc: "Dr. David Alan Gilbert"  (maintainer:Migration)
Cc: Peter Xu 
Cc: Andrey Gruzdev 

David Hildenbrand (5):
  migration/ram: Fix populate_read_range()
  migration/ram: Fix error handling in ram_write_tracking_start()
  migration/ram: Don't explicitly unprotect when unregistering uffd-wp
  migration/ram: Rely on used_length for uffd_change_protection()
  migration/ram: Optimize ram_write_tracking_start() for
RamDiscardManager

 migration/ram.c | 54 -
 1 file changed, 40 insertions(+), 14 deletions(-)

-- 
2.39.0

[PATCH v1 5/5] migration/ram: Optimize ram_write_tracking_start() for RamDiscardManager

[David Hildenbrand]

ram_block_populate_read() already optimizes for RamDiscardManager.
However, ram_write_tracking_start() will still try protecting discarded
memory ranges.

Let's optimize, because discarded ranges don't map any pages and

(1) For anonymous memory, trying to protect using uffd-wp without a mapped
page is ignored by the kernel and consequently a NOP.

(2) For shared/file-backed memory, we will fill present page tables in the
range with PTE markers. However, we will even allocate page tables
just to fill them with unnecessary PTE markers and effectively
waste memory.

So let's exclude these ranges, just like ram_block_populate_read()
already does.

Signed-off-by: David Hildenbrand 
---
 migration/ram.c | 36 ++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/migration/ram.c b/migration/ram.c
index 73a443f683..50ee1fa147 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -1865,6 +1865,39 @@ void ram_write_tracking_prepare(void)
 }
 }
 
+static inline int uffd_protect_section(MemoryRegionSection *section,
+   void *opaque)
+{
+const hwaddr size = int128_get64(section->size);
+const hwaddr offset = section->offset_within_region;
+RAMBlock *rb = section->mr->ram_block;
+int uffd_fd = (uintptr_t)opaque;
+
+return uffd_change_protection(uffd_fd, rb->host + offset, size, true,
+  false);
+}
+
+static int ram_block_uffd_protect(RAMBlock *rb, int uffd_fd)
+{
+assert(rb->flags & RAM_UF_WRITEPROTECT);
+
+/* See ram_block_populate_read() */
+if (rb->mr && memory_region_has_ram_discard_manager(rb->mr)) {
+RamDiscardManager *rdm = memory_region_get_ram_discard_manager(rb->mr);
+MemoryRegionSection section = {
+.mr = rb->mr,
+.offset_within_region = 0,
+.size = rb->mr->size,
+};
+
+return ram_discard_manager_replay_populated(rdm, §ion,
+uffd_protect_section,
+(void 
*)(uintptr_t)uffd_fd);
+}
+return uffd_change_protection(uffd_fd, rb->host,
+  rb->used_length, true, false);
+}
+
 /*
  * ram_write_tracking_start: start UFFD-WP memory tracking
  *
@@ -1900,8 +1933,7 @@ int ram_write_tracking_start(void)
 memory_region_ref(block->mr);
 
 /* Apply UFFD write protection to the block memory range */
-if (uffd_change_protection(rs->uffdio_fd, block->host,
-   block->used_length, true, false)) {
+if (ram_block_uffd_protect(block, uffd_fd)) {
 goto fail;
 }
 
-- 
2.39.0

[PATCH v1 1/5] migration/ram: Fix populate_read_range()

[David Hildenbrand]

Unfortunately, commit f7b9dcfbcf44 broke populate_read_range(): the loop
end condition is very wrong, resulting in that function not populating the
full range. Lets' fix that.

Fixes: f7b9dcfbcf44 ("migration/ram: Factor out populating pages readable in 
ram_block_populate_pages()")
Cc: qemu-sta...@nongnu.org
Signed-off-by: David Hildenbrand 
---
 migration/ram.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/migration/ram.c b/migration/ram.c
index 334309f1c6..b8f58d2a40 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -1774,13 +1774,15 @@ out:
 static inline void populate_read_range(RAMBlock *block, ram_addr_t offset,
ram_addr_t size)
 {
+const ram_addr_t end = offset + size;
+
 /*
  * We read one byte of each page; this will preallocate page tables if
  * required and populate the shared zeropage on MAP_PRIVATE anonymous 
memory
  * where no page was populated yet. This might require adaption when
  * supporting other mappings, like shmem.
  */
-for (; offset < size; offset += block->page_size) {
+for (; offset < end; offset += block->page_size) {
 char tmp = *((char *)block->host + offset);
 
 /* Don't optimize the read out */
-- 
2.39.0

[PATCH v1 3/5] migration/ram: Don't explicitly unprotect when unregistering uffd-wp

[David Hildenbrand]

When unregistering uffd-wp, older kernels before commit f369b07c86143
("mm/uffd:reset write protection when unregister with wp-mode") won't
clear the uffd-wp PTE bit. When re-registering uffd-wp, the previous
uffd-wp PTE bits would trigger again. With above commit, the kernel will
clear the uffd-wp PTE bits when unregistering itself.

Consequently, we'll clear the uffd-wp PTE bits now twice -- whereby we
don't care about clearing them at all: a new background snapshot will
re-register uffd-wp and re-protect all memory either way.

So let's skip the manual clearing of uffd-wp. If ever relevant, we
could clear conditionally in uffd_unregister_memory() -- we just need a
way to figure out more recent kernels.

Signed-off-by: David Hildenbrand 
---
 migration/ram.c | 9 -
 1 file changed, 9 deletions(-)

diff --git a/migration/ram.c b/migration/ram.c
index 6e4e41952a..6a3dbee2c3 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -1918,12 +1918,6 @@ fail:
 if ((block->flags & RAM_UF_WRITEPROTECT) == 0) {
 continue;
 }
-/*
- * In case some memory block failed to be write-protected
- * remove protection and unregister all succeeded RAM blocks
- */
-uffd_change_protection(rs->uffdio_fd, block->host, block->max_length,
-false, false);
 uffd_unregister_memory(rs->uffdio_fd, block->host, block->max_length);
 /* Cleanup flags and remove reference */
 block->flags &= ~RAM_UF_WRITEPROTECT;
@@ -1949,9 +1943,6 @@ void ram_write_tracking_stop(void)
 if ((block->flags & RAM_UF_WRITEPROTECT) == 0) {
 continue;
 }
-/* Remove protection and unregister all affected RAM blocks */
-uffd_change_protection(rs->uffdio_fd, block->host, block->max_length,
-false, false);
 uffd_unregister_memory(rs->uffdio_fd, block->host, block->max_length);
 
 trace_ram_write_tracking_ramblock_stop(block->idstr, block->page_size,
-- 
2.39.0

[PATCH v1 2/5] migration/ram: Fix error handling in ram_write_tracking_start()

[David Hildenbrand]

If something goes wrong during uffd_change_protection(), we would miss
to unregister uffd-wp and not release our reference. Fix it by
performing the uffd_change_protection(true) last.

Note that a uffd_change_protection(false) on the recovery path without a
prior uffd_change_protection(false) is fine.

Fixes: 278e2f551a09 ("migration: support UFFD write fault processing in 
ram_save_iterate()")
Cc: qemu-sta...@nongnu.org
Signed-off-by: David Hildenbrand 
---
 migration/ram.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/migration/ram.c b/migration/ram.c
index b8f58d2a40..6e4e41952a 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -1896,13 +1896,14 @@ int ram_write_tracking_start(void)
 block->max_length, UFFDIO_REGISTER_MODE_WP, NULL)) {
 goto fail;
 }
+block->flags |= RAM_UF_WRITEPROTECT;
+memory_region_ref(block->mr);
+
 /* Apply UFFD write protection to the block memory range */
 if (uffd_change_protection(rs->uffdio_fd, block->host,
 block->max_length, true, false)) {
 goto fail;
 }
-block->flags |= RAM_UF_WRITEPROTECT;
-memory_region_ref(block->mr);
 
 trace_ram_write_tracking_ramblock_start(block->idstr, block->page_size,
 block->host, block->max_length);
-- 
2.39.0