[PATCH] contrib/plugins: ensure build does not pick up a system copy of plugin header

[Brad Smith]

contrib/plugins: ensure build does not pick up a system copy of plugin header

With the ordering of the header path if a copy of QEMU is installed it
will pickup the system copy of the header before the build paths copy
and the build will fail.

Signed-off-by: Brad Smith 
---
 contrib/plugins/Makefile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/contrib/plugins/Makefile b/contrib/plugins/Makefile
index 05a2a45c5c..52fc390376 100644
--- a/contrib/plugins/Makefile
+++ b/contrib/plugins/Makefile
@@ -41,9 +41,10 @@ SONAMES := $(addsuffix $(SO_SUFFIX),$(addprefix 
lib,$(NAMES)))
 
 # The main QEMU uses Glib extensively so it is perfectly fine to use it
 # in plugins (which many example do).
-PLUGIN_CFLAGS := $(shell $(PKG_CONFIG) --cflags glib-2.0)
-PLUGIN_CFLAGS += -fPIC -Wall
+GLIB_CFLAGS := $(shell $(PKG_CONFIG) --cflags glib-2.0)
 PLUGIN_CFLAGS += -I$(TOP_SRC_PATH)/include/qemu
+PLUGIN_CFLAGS += $(GLIB_CFLAGS)
+PLUGIN_CFLAGS += -fPIC -Wall
 
 # Helper that honours V=1 so we get some output when compiling
 quiet-@ = $(if $(V),,@$(if $1,printf "  %-7s %s\n" "$(strip $1)" "$(strip $2)" 
&& ))
-- 
2.46.1

Re: [PATCH v2] target-i386: Walk NPT in guest real mode

[Richard Henderson]

On 9/20/24 18:10, Alexander Graf wrote:

+/* No paging (real mode), let's assemble a fake 1:1 1GiB PTE */


Comment is out of date.  :-)

Otherwise,
Reviewed-by: Richard Henderson 

r~

Re: [PATCH v3] i386/cpu: fixup number of addressable IDs for logical processors in the physical package

[Igor Mammedov]

On Fri, 20 Sep 2024 02:29:46 +0800
Zhao Liu  wrote:

> Hi Chuang and Igor,
> 
> Sorry for late reply,
> 
> On Wed, Sep 18, 2024 at 09:18:15PM +0800, Chuang Xu wrote:
> > Date: Wed, 18 Sep 2024 21:18:15 +0800
> > From: Chuang Xu 
> > Subject: [PATCH v3] i386/cpu: fixup number of addressable IDs for logical
> >  processors in the physical package
> > X-Mailer: git-send-email 2.24.3 (Apple Git-128)
> > 
> > When QEMU is started with:
> > -cpu host,migratable=on,host-cache-info=on,l3-cache=off
> > -smp 180,sockets=2,dies=1,cores=45,threads=2
> > 
> > Try to execute "cpuid -1 -l 1 -r" in guest, we'll obtain a value of 90 for
> > CPUID.01H.EBX[23:16], while the expected value is 128. And Try to
> > execute "cpuid -1 -l 4 -r" in guest, we'll obtain a value of 63 for
> > CPUID.04H.EAX[31:26] as expected.
> > 
> > As (1+CPUID.04H.EAX[31:26]) round up to the nearest power-of-2 integer,
> > we'd beter round up CPUID.01H.EBX[23:16] to the nearest power-of-2
> > integer too. Otherwise we may encounter unexpected results in guest.
> > 
> > For example, when QEMU is started with CLI above and xtopology is disabled,
> > guest kernel 5.15.120 uses CPUID.01H.EBX[23:16]/(1+CPUID.04H.EAX[31:26]) to
> > calculate threads-per-core in detect_ht(). Then guest will get "90/(1+63)=1"
> > as the result, even though theads-per-core should actually be 2.
> > 
> > So let us round up CPUID.01H.EBX[23:16] to the nearest power-of-2 integer
> > to solve the unexpected result.
> > 
> > Signed-off-by: Guixiong Wei 
> > Signed-off-by: Yipeng Yin 
> > Signed-off-by: Chuang Xu 
> > ---
> >  target/i386/cpu.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> > index 4c2e6f3a71..3710ae5283 100644
> > --- a/target/i386/cpu.c
> > +++ b/target/i386/cpu.c
> > @@ -6417,7 +6417,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
> > uint32_t count,
> >  }
> >  *edx = env->features[FEAT_1_EDX];
> >  if (threads_per_pkg > 1) {
> > -*ebx |= threads_per_pkg << 16;
> > +*ebx |= pow2ceil(threads_per_pkg) << 16;  
> 
> Yes, the fix is right.
> 
> About the "Maximum number of addressable IDs", the commit 88dd4ca06c83
> ("i386/cpu: Use APIC ID info to encode cache topo in CPUID[4]")
> introduced the new way to calculate.
> 
> The pow2ceil() works for current SMP topology, but may be wrong on
> hybrid topology, as the reason I listed in the commit message:
> 
> > The nearest power-of-2 integer can be calculated by pow2ceil() or by
> > using APIC ID offset/width (like L3 topology using 1 << die_offset [3]).  
> 
> > But in fact, CPUID.04H:EAX[bits 25:14] and CPUID.04H:EAX[bits 31:26]
> > are associated with APIC ID. For example, in linux kernel, the field
> > "num_threads_sharing" (Bits 25 - 14) is parsed with APIC ID. And for
> > another example, on Alder Lake P, the CPUID.04H:EAX[bits 31:26] is not
> > matched with actual core numbers and it's calculated by:
> > "(1 << (pkg_offset - core_offset)) - 1".  
> 
> Using APIC ID offset to calculate is the hardware's approach, so I tried
> to use APIC ID instead of pow2ceil() and replaced all pow2ceil() case.

Well, hybrid case needs some more explanation then.

'pow2ceil(threads_per_pkg) << 16' - does exactly what SDM says for 
CPUID.01H.EBX[23:16]

Can you point to a spec that confirms that above is wrong and
explain in more details how hybrid case is supposed to work
and where it's documented?
 


> 
> Hi Igor, do you agree? :-)
> 
> Best Regards,
> Zhao
> 

[PULL 09/22] hw/display: Fix mirrored output in dm163

[Michael Tokarev]

From: Inès Varhol 

DM163 is an emulated 8x8 LED matrix. This commit flips the image
horizontally so it's rendered the same way as on the hardware.

Signed-off-by: Inès Varhol 
Signed-off-by: Michael Tokarev 
---
 hw/display/dm163.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/display/dm163.c b/hw/display/dm163.c
index f92aee371d..75a91f62bd 100644
--- a/hw/display/dm163.c
+++ b/hw/display/dm163.c
@@ -271,7 +271,7 @@ static uint32_t *update_display_of_row(DM163State *s, 
uint32_t *dest,
unsigned row)
 {
 for (unsigned _ = 0; _ < LED_SQUARE_SIZE; _++) {
-for (int x = 0; x < RGB_MATRIX_NUM_COLS * LED_SQUARE_SIZE; x++) {
+for (int x = RGB_MATRIX_NUM_COLS * LED_SQUARE_SIZE - 1; x >= 0; x--) {
 /* UI layer guarantees that there's 32 bits per pixel (Mar 2024) */
 *dest++ = s->buffer[s->buffer_idx_of_row[row]][x / 
LED_SQUARE_SIZE];
 }
-- 
2.39.5

[PULL 20/22] license: Update deprecated SPDX tag LGPL-2.0+ to LGPL-2.0-or-later

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

The 'LGPL-2.0+' license identifier has been deprecated since license
list version 2.0rc2 [1] and replaced by the 'LGPL-2.0-or-later' [2]
tag.

[1] https://spdx.org/licenses/LGPL-2.0+.html
[2] https://spdx.org/licenses/LGPL-2.0-or-later.html

Mechanical patch running:

  $ sed -i -e s/LGPL-2.0+/LGPL-2.0-or-later/ \
$(git grep -l 'SPDX-License-Identifier: LGPL-2.0+$')

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
Reviewed-by: Richard Henderson 
Signed-off-by: Michael Tokarev 
---
 gdbstub/gdbstub.c | 2 +-
 gdbstub/syscalls.c| 2 +-
 gdbstub/system.c  | 2 +-
 gdbstub/user-target.c | 2 +-
 gdbstub/user.c| 2 +-
 include/gdbstub/syscalls.h| 2 +-
 include/gdbstub/user.h| 2 +-
 target/alpha/cpu-param.h  | 2 +-
 target/arm/cpu-param.h| 2 +-
 target/hppa/cpu-param.h   | 2 +-
 target/i386/cpu-param.h   | 2 +-
 target/m68k/cpu-param.h   | 2 +-
 target/microblaze/cpu-param.h | 2 +-
 target/mips/cpu-param.h   | 2 +-
 target/openrisc/cpu-param.h   | 2 +-
 target/ppc/cpu-param.h| 2 +-
 target/sh4/cpu-param.h| 2 +-
 target/sparc/cpu-param.h  | 2 +-
 target/sparc/insns.decode | 2 +-
 19 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/gdbstub/gdbstub.c b/gdbstub/gdbstub.c
index d08568cea0..b1def7e71d 100644
--- a/gdbstub/gdbstub.c
+++ b/gdbstub/gdbstub.c
@@ -20,7 +20,7 @@
  * You should have received a copy of the GNU Lesser General Public
  * License along with this library; if not, see .
  *
- * SPDX-License-Identifier: LGPL-2.0+
+ * SPDX-License-Identifier: LGPL-2.0-or-later
  */
 
 #include "qemu/osdep.h"
diff --git a/gdbstub/syscalls.c b/gdbstub/syscalls.c
index 4e1295b782..4ddd5cae06 100644
--- a/gdbstub/syscalls.c
+++ b/gdbstub/syscalls.c
@@ -7,7 +7,7 @@
  * Copyright (c) 2003-2005 Fabrice Bellard
  * Copyright (c) 2023 Linaro Ltd
  *
- * SPDX-License-Identifier: LGPL-2.0+
+ * SPDX-License-Identifier: LGPL-2.0-or-later
  */
 
 #include "qemu/osdep.h"
diff --git a/gdbstub/system.c b/gdbstub/system.c
index 1ad87fe7fd..c9f236e94f 100644
--- a/gdbstub/system.c
+++ b/gdbstub/system.c
@@ -7,7 +7,7 @@
  * Copyright (c) 2003-2005 Fabrice Bellard
  * Copyright (c) 2022 Linaro Ltd
  *
- * SPDX-License-Identifier: LGPL-2.0+
+ * SPDX-License-Identifier: LGPL-2.0-or-later
  */
 
 #include "qemu/osdep.h"
diff --git a/gdbstub/user-target.c b/gdbstub/user-target.c
index b5e01fd8b0..22bf4008c0 100644
--- a/gdbstub/user-target.c
+++ b/gdbstub/user-target.c
@@ -4,7 +4,7 @@
  * Copyright (c) 2003-2005 Fabrice Bellard
  * Copyright (c) 2022 Linaro Ltd
  *
- * SPDX-License-Identifier: LGPL-2.0+
+ * SPDX-License-Identifier: LGPL-2.0-or-later
  */
 
 #include "qemu/osdep.h"
diff --git a/gdbstub/user.c b/gdbstub/user.c
index b36033bc7a..0b4bfa9c48 100644
--- a/gdbstub/user.c
+++ b/gdbstub/user.c
@@ -6,7 +6,7 @@
  * Copyright (c) 2003-2005 Fabrice Bellard
  * Copyright (c) 2022 Linaro Ltd
  *
- * SPDX-License-Identifier: LGPL-2.0+
+ * SPDX-License-Identifier: LGPL-2.0-or-later
  */
 
 #include "qemu/osdep.h"
diff --git a/include/gdbstub/syscalls.h b/include/gdbstub/syscalls.h
index 54ff7245a1..d63228e96b 100644
--- a/include/gdbstub/syscalls.h
+++ b/include/gdbstub/syscalls.h
@@ -3,7 +3,7 @@
  *
  * Copyright (c) 2023 Linaro Ltd
  *
- * SPDX-License-Identifier: LGPL-2.0+
+ * SPDX-License-Identifier: LGPL-2.0-or-later
  */
 
 #ifndef _SYSCALLS_H_
diff --git a/include/gdbstub/user.h b/include/gdbstub/user.h
index 3b8358e3da..654986d483 100644
--- a/include/gdbstub/user.h
+++ b/include/gdbstub/user.h
@@ -3,7 +3,7 @@
  *
  * Copyright (c) 2022 Linaro Ltd
  *
- * SPDX-License-Identifier: LGPL-2.0+
+ * SPDX-License-Identifier: LGPL-2.0-or-later
  */
 
 #ifndef GDBSTUB_USER_H
diff --git a/target/alpha/cpu-param.h b/target/alpha/cpu-param.h
index 5ce213a9a1..c21ddf1afd 100644
--- a/target/alpha/cpu-param.h
+++ b/target/alpha/cpu-param.h
@@ -2,7 +2,7 @@
  * Alpha cpu parameters for qemu.
  *
  * Copyright (c) 2007 Jocelyn Mayer
- * SPDX-License-Identifier: LGPL-2.0+
+ * SPDX-License-Identifier: LGPL-2.0-or-later
  */
 
 #ifndef ALPHA_CPU_PARAM_H
diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index fa6cae0e3a..bed29613c8 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -2,7 +2,7 @@
  * ARM cpu parameters for qemu.
  *
  * Copyright (c) 2003 Fabrice Bellard
- * SPDX-License-Identifier: LGPL-2.0+
+ * SPDX-License-Identifier: LGPL-2.0-or-later
  */
 
 #ifndef ARM_CPU_PARAM_H
diff --git a/target/hppa/cpu-param.h b/target/hppa/cpu-param.h
index 473d489f01..ef3200f0f3 100644
--- a/target/hppa/cpu-param.h
+++ b/target/hppa/cpu-param.h
@@ -2,7 +2,7 @@
  * PA-RISC cpu parameters for qemu.
  *
  * Copyright (c) 2016 Richard Henderson 
- * SPDX-License-Identifier: LGPL-2.0+
+ * SPDX-License-Identifier: LGPL-2.0-or-later
  */
 
 #ifndef HPPA_CPU_PARAM_H
diff --git a/target/i386/cpu-param.h b/target/i386/cpu-param.

[PULL 12/22] util/cutils: Remove unused qemu_get_exec_dir

[Michael Tokarev]

From: "Dr. David Alan Gilbert" 

qemu_get_exec_dir has been unused since commit:
  5bebe03f51 ("util/cutils: Clean up global variable shadowing in 
get_relocated_path()")

Remove it, and fix up a comment that pointed to it.

Signed-off-by: Dr. David Alan Gilbert 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 include/qemu/cutils.h | 5 +
 util/cutils.c | 5 -
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/include/qemu/cutils.h b/include/qemu/cutils.h
index da15547bfb..34a9b9b220 100644
--- a/include/qemu/cutils.h
+++ b/include/qemu/cutils.h
@@ -241,13 +241,10 @@ int uleb128_decode_small(const uint8_t *in, uint32_t *n);
 int qemu_pstrcmp0(const char **str1, const char **str2);
 
 /* Find program directory, and save it for later usage with
- * qemu_get_exec_dir().
+ * get_relocated_path().
  * Try OS specific API first, if not working, parse from argv0. */
 void qemu_init_exec_dir(const char *argv0);
 
-/* Get the saved exec dir.  */
-const char *qemu_get_exec_dir(void);
-
 /**
  * get_relocated_path:
  * @dir: the directory (typically a `CONFIG_*DIR` variable) to be relocated.
diff --git a/util/cutils.c b/util/cutils.c
index 42364039a5..9803f11a59 100644
--- a/util/cutils.c
+++ b/util/cutils.c
@@ -1144,11 +1144,6 @@ void qemu_init_exec_dir(const char *argv0)
 #endif
 }
 
-const char *qemu_get_exec_dir(void)
-{
-return exec_dir;
-}
-
 char *get_relocated_path(const char *dir)
 {
 size_t prefix_len = strlen(CONFIG_PREFIX);
-- 
2.39.5

[PATCH V3] arm/kvm: add support for MTE

[Ganapatrao Kulkarni]

Extend the 'mte' property for the virt machine to cover KVM as
well. For KVM, we don't allocate tag memory, but instead enable
the capability.

If MTE has been enabled, we need to disable migration, as we do not
yet have a way to migrate the tags as well. Therefore, MTE will stay
off with KVM unless requested explicitly.

This patch is rework of commit b320e21c48ce64853904bea6631c0158cc2ef227
which broke TCG since it made the TCG -cpu max
report the presence of MTE to the guest even if the board hadn't
enabled MTE by wiring up the tag RAM. This meant that if the guest
then tried to use MTE QEMU would segfault accessing the
non-existent tag RAM.

Signed-off-by: Cornelia Huck 
Signed-off-by: Ganapatrao Kulkarni 
---

Changes since V2:
Updated with review comments.

Changes since V1:
Added code to enable MTE before reading register
id_aa64pfr1 (unmasked MTE bits).

This patch is boot tested on ARM64 with KVM and on X86 with TCG for mte=on
and default case(i.e, no mte).

 hw/arm/virt.c| 72 ++--
 target/arm/cpu.c | 11 +--
 target/arm/cpu.h |  2 ++
 target/arm/kvm.c | 57 +++
 target/arm/kvm_arm.h | 19 
 5 files changed, 129 insertions(+), 32 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 7934b23651..a33af7d996 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -2211,7 +2211,7 @@ static void machvirt_init(MachineState *machine)
 exit(1);
 }
 
-if (vms->mte && (kvm_enabled() || hvf_enabled())) {
+if (vms->mte && hvf_enabled()) {
 error_report("mach-virt: %s does not support providing "
  "MTE to the guest CPU",
  current_accel_name());
@@ -2281,39 +2281,51 @@ static void machvirt_init(MachineState *machine)
 }
 
 if (vms->mte) {
-/* Create the memory region only once, but link to all cpus. */
-if (!tag_sysmem) {
-/*
- * The property exists only if MemTag is supported.
- * If it is, we must allocate the ram to back that up.
- */
-if (!object_property_find(cpuobj, "tag-memory")) {
-error_report("MTE requested, but not supported "
- "by the guest CPU");
-exit(1);
+if (tcg_enabled()) {
+/* Create the memory region only once, but link to all cpus. */
+if (!tag_sysmem) {
+/*
+ * The property exists only if MemTag is supported.
+ * If it is, we must allocate the ram to back that up.
+ */
+if (!object_property_find(cpuobj, "tag-memory")) {
+error_report("MTE requested, but not supported "
+ "by the guest CPU");
+exit(1);
+}
+
+tag_sysmem = g_new(MemoryRegion, 1);
+memory_region_init(tag_sysmem, OBJECT(machine),
+   "tag-memory", UINT64_MAX / 32);
+
+if (vms->secure) {
+secure_tag_sysmem = g_new(MemoryRegion, 1);
+memory_region_init(secure_tag_sysmem, OBJECT(machine),
+   "secure-tag-memory",
+   UINT64_MAX / 32);
+
+/* As with ram, secure-tag takes precedence over tag. 
*/
+memory_region_add_subregion_overlap(secure_tag_sysmem,
+0, tag_sysmem, -1);
+}
 }
 
-tag_sysmem = g_new(MemoryRegion, 1);
-memory_region_init(tag_sysmem, OBJECT(machine),
-   "tag-memory", UINT64_MAX / 32);
-
+object_property_set_link(cpuobj, "tag-memory",
+ OBJECT(tag_sysmem), &error_abort);
 if (vms->secure) {
-secure_tag_sysmem = g_new(MemoryRegion, 1);
-memory_region_init(secure_tag_sysmem, OBJECT(machine),
-   "secure-tag-memory", UINT64_MAX / 32);
-
-/* As with ram, secure-tag takes precedence over tag.  */
-memory_region_add_subregion_overlap(secure_tag_sysmem, 0,
-tag_sysmem, -1);
+object_property_set_link(cpuobj, "secure-tag-memory",
+ OBJECT(secure_tag_sysmem),
+ &error_abort);
 }
-}
-
-object_property_set_link(cpuobj, "tag-memory", OBJECT(tag_sysmem),
- &error_abo

Re: [PATCH] tests/qemu-iotests/testenv: Use the "r2d" machine for sh4/sh4eb

[Thomas Huth]

On 20/09/2024 10.06, Yoshinori Sato wrote:

On Wed, 18 Sep 2024 04:43:50 +0900,
Thomas Huth wrote:


Commit 0ea0538fae516f9b4 removed the default machine of the sh4
binaries, so a lot of iotests are failing now without such a default
machine. Teach the iotest harness to use the "r2d" machine instead
to fix this problem.

Signed-off-by: Thomas Huth 
---
  tests/qemu-iotests/testenv.py | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/tests/qemu-iotests/testenv.py b/tests/qemu-iotests/testenv.py
index 0b32eec119..6326e46b7b 100644
--- a/tests/qemu-iotests/testenv.py
+++ b/tests/qemu-iotests/testenv.py
@@ -244,6 +244,8 @@ def __init__(self, source_dir: str, build_dir: str,
  ('riscv32', 'virt'),
  ('riscv64', 'virt'),
  ('rx', 'gdbsim-r5f562n8'),
+('sh4', 'r2d'),
+('sh4eb', 'r2d'),
  ('tricore', 'tricore_testboard')
  )
  for suffix, machine in machine_map:
--
2.46.0



r2d is works only sh4 little endian mode.


Oh, that's interesting - since there is no other machine left for sh4/sh4eb.


There was probably no other hardware that ran in big endian.


There used to be the "shix" machine, but it got removed, I assume that one 
worked in big endian mode, too?


Anyway, if the r2d machine only works in little endian mode, and there is 
apparently no other machine available anymore, I think we can disable the 
sh4eb target completely since it is of no use now? Or is there a reason to 
still keep it around?


 Thomas

[PATCH v6 0/1] linux-user: add openat2 support in linux-user

[Michael Vogt]

Hi,

This is v6 of the openat2 support in linux-user. Thanks agan for the
excellent feedback from Laurent Vivier on v5.

This version is very close to v5 and only fixes the small details
that I overlooked in my previous patch (sorry for that). This time
I hopefully also fixed my git send email setup.

Thanks again,
 Michael

v5 -> v6
- do not use get_errno(fd) in do_guest_openat()
- do not put declarations in the middle of the code
- do not return early in do_openat2() when we get a faked file

v4 -> v5
- drop "*use_returned_fd" from maybe_do_fake_open() and use return value
  -2 to signal to the caller to continue
- keep "pathname" in parameter to do_guest_openat() for a cleaner diff
- fix two missing get_errno(fd)

v3 -> v4:
- fix typos in the commit message

v2 -> v3:
- fix coding style (braches)
- improve argument args/naming in do_openat2()
- merge do_openat2/do_guest_openat2
- do size checks first in do_openat2
- add "copy_struct_from_user" and use in "do_openat2()"
- drop using openat2.h and create "struct open_how_v0"
- log if open_how guest struct is bigger than our supported struct

v1 -> v2:
- do not include 
- drop do_guest_openat2 from qemu.h and make static
- drop "safe" from do_guest_openat2
- ensure maybe_do_fake_open() is correct about when the result should
  be used or not
- Extract do_openat2() helper from do_syscall1()
- Call user_unlock* if a lock call fails
- Fix silly incorrect use of "target_open_how" when "open_how" is required
- Fix coding style comments
- Fix validation of arg4 in openat2
- Fix missing zero initialization of open_how
- Define target_open_how with abi_* types
- Warn about unimplemented size if "size" of openat2 is bigger than
  target_open_how


Michael Vogt (1):
  linux-user: add openat2 support in linux-user

 linux-user/syscall.c  | 108 +-
 linux-user/syscall_defs.h |   7 +++
 2 files changed, 113 insertions(+), 2 deletions(-)

-- 
2.45.2

[PATCH v6 1/1] linux-user: add openat2 support in linux-user

[Michael Vogt]

This commit adds support for the `openat2()` syscall in the
`linux-user` userspace emulator.

It is implemented by extracting a new helper `maybe_do_fake_open()`
out of the exiting `do_guest_openat()` and share that with the
new `do_guest_openat2()`. Unfortunately we cannot just make
do_guest_openat2() a superset of do_guest_openat() because the
openat2() syscall is stricter with the argument checking and
will return an error for invalid flags or mode combinations (which
open()/openat() will ignore).

The implementation is similar to SYSCALL_DEFINE(openat2), i.e.
a new `copy_struct_from_user()` is used that works the same
as the kernels version to support backwards-compatibility
for struct syscall argument.

Instead of including openat2.h we create a copy of `open_how`
as `open_how_ver0` to ensure that if the structure grows we
can log a LOG_UNIMP warning.

Note that in this commit using openat2() for a "faked" file in
/proc will ignore the "resolve" flags. This is not great but it
seems similar to the exiting behavior when openat() is called
with a dirfd to "/proc". Here too the fake file lookup may
not catch the special file because "realpath()" is used to
determine if the path is in /proc. Alternatively to ignoring
we could simply fail with `-TARGET_ENOSYS` (or similar) if
`resolve` flags are passed and we found something that looks
like a file in /proc that needs faking.

Signed-off-by: Michael Vogt 
Buglink: https://github.com/osbuild/bootc-image-builder/issues/619
---
 linux-user/syscall.c  | 108 +-
 linux-user/syscall_defs.h |   7 +++
 2 files changed, 113 insertions(+), 2 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index b693aeff5b..68ebda4ec8 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -602,6 +602,34 @@ static int check_zeroed_user(abi_long addr, size_t ksize, 
size_t usize)
 return 1;
 }
 
+/*
+ * Copies a target struct to a host struct, in a way that guarantees
+ * backwards-compatibility for struct syscall arguments.
+ *
+ * Similar to kernels uaccess.h:copy_struct_from_user()
+ */
+static int
+copy_struct_from_user(void *dst, size_t ksize, abi_ptr src, size_t usize)
+{
+size_t size = MIN(ksize, usize);
+size_t rest = MAX(ksize, usize) - size;
+
+/* Deal with trailing bytes. */
+if (usize < ksize) {
+memset(dst + size, 0, rest);
+} else if (usize > ksize) {
+int ret = check_zeroed_user(src, ksize, usize);
+if (ret <= 0) {
+return ret ?: -TARGET_E2BIG;
+}
+}
+/* Copy the interoperable parts of the struct. */
+if (copy_from_user(dst, src, size)) {
+return -TARGET_EFAULT;
+}
+return 0;
+}
+
 #define safe_syscall0(type, name) \
 static type safe_##name(void) \
 { \
@@ -653,6 +681,15 @@ safe_syscall3(ssize_t, read, int, fd, void *, buff, 
size_t, count)
 safe_syscall3(ssize_t, write, int, fd, const void *, buff, size_t, count)
 safe_syscall4(int, openat, int, dirfd, const char *, pathname, \
   int, flags, mode_t, mode)
+
+struct open_how_ver0 {
+__u64 flags;
+__u64 mode;
+__u64 resolve;
+};
+safe_syscall4(int, openat2, int, dirfd, const char *, pathname, \
+  const struct open_how_ver0 *, how, size_t, size)
+
 #if defined(TARGET_NR_wait4) || defined(TARGET_NR_waitpid)
 safe_syscall4(pid_t, wait4, pid_t, pid, int *, status, int, options, \
   struct rusage *, rusage)
@@ -8334,8 +8371,9 @@ static int open_net_route(CPUArchState *cpu_env, int fd)
 }
 #endif
 
-int do_guest_openat(CPUArchState *cpu_env, int dirfd, const char *fname,
-int flags, mode_t mode, bool safe)
+static int maybe_do_fake_open(CPUArchState *cpu_env, int dirfd,
+  const char *fname, int flags, mode_t mode,
+  bool safe)
 {
 g_autofree char *proc_name = NULL;
 const char *pathname;
@@ -8418,6 +8456,17 @@ int do_guest_openat(CPUArchState *cpu_env, int dirfd, 
const char *fname,
 return fd;
 }
 
+return -2;
+}
+
+int do_guest_openat(CPUArchState *cpu_env, int dirfd, const char *pathname,
+int flags, mode_t mode, bool safe)
+{
+int fd = maybe_do_fake_open(cpu_env, dirfd, pathname, flags, mode, safe);
+if (fd > -2) {
+return fd;
+}
+
 if (safe) {
 return safe_openat(dirfd, path(pathname), flags, mode);
 } else {
@@ -8425,6 +8474,56 @@ int do_guest_openat(CPUArchState *cpu_env, int dirfd, 
const char *fname,
 }
 }
 
+
+static int do_openat2(CPUArchState *cpu_env, abi_long dirfd,
+  abi_ptr guest_pathname, abi_ptr guest_open_how,
+  abi_long guest_size)
+{
+struct open_how_ver0 how = {0};
+char *pathname;
+int ret;
+
+if (guest_size < sizeof(struct target_open_how_ver0)) {
+return -TARGET_EINVAL;
+}
+ret = copy_struct_from_user(&how, sizeof(how), guest_open_how, guest_size);
+if (

Re: [PATCH] target/ppc: Fix lxvx/stxvx facility check

[Ilya Leoshkevich]

On Thu, 2024-09-19 at 13:36 +0200, Claudio Fontana wrote:
> ping, adding Richard.
> 
> We will need to include this downstream because of the breakage its
> lack causes.
> It is already reviewed by me, but some TCG maintainer indicating it
> will be included in some queue would help,
> 
> Thanks,
> 
> Claudio
> 
> On 9/18/24 17:11, Claudio Fontana wrote:
> > Adding Ilya FYI.
> > 
> > Ciao,
> > 
> > Claudio
> > 
> > On 9/11/24 18:19, Claudio Fontana wrote:
> > > On 9/11/24 16:16, Fabiano Rosas wrote:
> > > > The XT check for the lxvx/stxvx instructions is currently
> > > > inverted. This was introduced during the move to decodetree.
> > > > 
> > > > From the ISA:
> > > >   Chapter 7. Vector-Scalar Extension Facility
> > > >   Load VSX Vector Indexed X-form
> > > > 
> > > >   lxvx XT,RA,RB
> > > >   if TX=0 & MSR.VSX=0 then VSX_Unavailable()
> > > >   if TX=1 & MSR.VEC=0 then Vector_Unavailable()
> > > >   ...
> > > >   Let XT be the value 32×TX + T.
> > > > 
> > > > The code currently does the opposite:
> > > > 
> > > >     if (paired || a->rt >= 32) {
> > > >     REQUIRE_VSX(ctx);
> > > >     } else {
> > > >     REQUIRE_VECTOR(ctx);
> > > >     }
> > > > 
> > > > This was already fixed for lxv/stxv at commit "2cc0e449d1
> > > > (target/ppc:
> > > > Fix lxv/stxv MSR facility check)", but the indexed forms were
> > > > missed.
> > > > 
> > > > Cc: qemu-sta...@nongnu.org
> > > > Fixes: 70426b5bb7 ("target/ppc: moved stxvx and lxvx from
> > > > legacy to decodtree")
> > > > Signed-off-by: Fabiano Rosas 
> > > > ---
> > > >  target/ppc/translate/vsx-impl.c.inc | 2 +-
> > > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > > > 
> > > > diff --git a/target/ppc/translate/vsx-impl.c.inc
> > > > b/target/ppc/translate/vsx-impl.c.inc
> > > > index 40a87ddc4a..a869f30e86 100644
> > > > --- a/target/ppc/translate/vsx-impl.c.inc
> > > > +++ b/target/ppc/translate/vsx-impl.c.inc
> > > > @@ -2244,7 +2244,7 @@ static bool do_lstxv_PLS_D(DisasContext
> > > > *ctx, arg_PLS_D *a,
> > > >  
> > > >  static bool do_lstxv_X(DisasContext *ctx, arg_X *a, bool
> > > > store, bool paired)
> > > >  {
> > > > -    if (paired || a->rt >= 32) {
> > > > +    if (paired || a->rt < 32) {
> > > >  REQUIRE_VSX(ctx);
> > > >  } else {
> > > >  REQUIRE_VECTOR(ctx);
> > > 
> > > Reviewed-by: Claudio Fontana 

FWIW

Acked-by: Ilya Leoshkevich 

But I'm not a maintainer, I guess Richard will need to pick it up.

Re: [PATCH v5 0/3] vhost-user-blk: live resize additional APIs

[Vladimir Sementsov-Ogievskiy]

On 11.09.24 12:51, Michael S. Tsirkin wrote:

On Tue, Jun 25, 2024 at 03:18:40PM +0300, Vladimir Sementsov-Ogievskiy wrote:

v5:
03: drop extra check on is is runstate running


Causes build failures when generating qdoc.

https://gitlab.com/mstredhat/qemu/-/jobs/7792086965




Sorry for a delay, I'll send a v6 soon with fix for that.

--
Best regards,
Vladimir

[PATCH v6 1/3] qdev-monitor: add option to report GenericError from find_device_state

[Vladimir Sementsov-Ogievskiy]

Here we just prepare for the following patch, making possible to report
GenericError as recommended.

This patch doesn't aim to prevent further use of DeviceNotFound by
future interfaces:

 - find_device_state() is used in blk_by_qdev_id() and qmp_get_blk()
   functions, which may lead to spread of DeviceNotFound anyway
 - also, nothing prevent simply copy-pasting find_device_state() calls
   with false argument

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Reviewed-by: Markus Armbruster 
Acked-by: Raphael Norwitz 
---
 system/qdev-monitor.c | 15 +++
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/system/qdev-monitor.c b/system/qdev-monitor.c
index 44994ea0e1..6671137a91 100644
--- a/system/qdev-monitor.c
+++ b/system/qdev-monitor.c
@@ -885,13 +885,20 @@ void qmp_device_add(QDict *qdict, QObject **ret_data, 
Error **errp)
 object_unref(OBJECT(dev));
 }
 
-static DeviceState *find_device_state(const char *id, Error **errp)
+/*
+ * Note that creating new APIs using error classes other than GenericError is
+ * not recommended. Set use_generic_error=true for new interfaces.
+ */
+static DeviceState *find_device_state(const char *id, bool use_generic_error,
+  Error **errp)
 {
 Object *obj = object_resolve_path_at(qdev_get_peripheral(), id);
 DeviceState *dev;
 
 if (!obj) {
-error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
+error_set(errp,
+  (use_generic_error ?
+   ERROR_CLASS_GENERIC_ERROR : ERROR_CLASS_DEVICE_NOT_FOUND),
   "Device '%s' not found", id);
 return NULL;
 }
@@ -956,7 +963,7 @@ void qdev_unplug(DeviceState *dev, Error **errp)
 
 void qmp_device_del(const char *id, Error **errp)
 {
-DeviceState *dev = find_device_state(id, errp);
+DeviceState *dev = find_device_state(id, false, errp);
 if (dev != NULL) {
 if (dev->pending_deleted_event &&
 (dev->pending_deleted_expires_ms == 0 ||
@@ -1076,7 +1083,7 @@ BlockBackend *blk_by_qdev_id(const char *id, Error **errp)
 
 GLOBAL_STATE_CODE();
 
-dev = find_device_state(id, errp);
+dev = find_device_state(id, false, errp);
 if (dev == NULL) {
 return NULL;
 }
-- 
2.34.1

[PATCH v6 3/3] qapi: introduce device-sync-config

[Vladimir Sementsov-Ogievskiy]

Add command to sync config from vhost-user backend to the device. It
may be helpful when VHOST_USER_SLAVE_CONFIG_CHANGE_MSG failed or not
triggered interrupt to the guest or just not available (not supported
by vhost-user server).

Command result is racy if allow it during migration. Let's not allow
that.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Reviewed-by: Markus Armbruster 
Acked-by: Raphael Norwitz 
---
 hw/block/vhost-user-blk.c |  1 +
 hw/virtio/virtio-pci.c|  9 +
 include/hw/qdev-core.h|  6 ++
 qapi/qdev.json| 24 
 system/qdev-monitor.c | 38 ++
 5 files changed, 78 insertions(+)

diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 48b3dabb8d..7996e49821 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -591,6 +591,7 @@ static void vhost_user_blk_class_init(ObjectClass *klass, 
void *data)
 
 device_class_set_props(dc, vhost_user_blk_properties);
 dc->vmsd = &vmstate_vhost_user_blk;
+dc->sync_config = vhost_user_blk_sync_config;
 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
 vdc->realize = vhost_user_blk_device_realize;
 vdc->unrealize = vhost_user_blk_device_unrealize;
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 4d832fe845..c5a809b956 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -2385,6 +2385,14 @@ static void virtio_pci_dc_realize(DeviceState *qdev, 
Error **errp)
 vpciklass->parent_dc_realize(qdev, errp);
 }
 
+static int virtio_pci_sync_config(DeviceState *dev, Error **errp)
+{
+VirtIOPCIProxy *proxy = VIRTIO_PCI(dev);
+VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+
+return qdev_sync_config(DEVICE(vdev), errp);
+}
+
 static void virtio_pci_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -2401,6 +2409,7 @@ static void virtio_pci_class_init(ObjectClass *klass, 
void *data)
 device_class_set_parent_realize(dc, virtio_pci_dc_realize,
 &vpciklass->parent_dc_realize);
 rc->phases.hold = virtio_pci_bus_reset_hold;
+dc->sync_config = virtio_pci_sync_config;
 }
 
 static const TypeInfo virtio_pci_info = {
diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
index aa97c34a4b..94914858d8 100644
--- a/include/hw/qdev-core.h
+++ b/include/hw/qdev-core.h
@@ -95,6 +95,7 @@ typedef void (*DeviceUnrealize)(DeviceState *dev);
 typedef void (*DeviceReset)(DeviceState *dev);
 typedef void (*BusRealize)(BusState *bus, Error **errp);
 typedef void (*BusUnrealize)(BusState *bus);
+typedef int (*DeviceSyncConfig)(DeviceState *dev, Error **errp);
 
 /**
  * struct DeviceClass - The base class for all devices.
@@ -103,6 +104,9 @@ typedef void (*BusUnrealize)(BusState *bus);
  * property is changed to %true.
  * @unrealize: Callback function invoked when the #DeviceState:realized
  * property is changed to %false.
+ * @sync_config: Callback function invoked when QMP command device-sync-config
+ * is called. Should synchronize device configuration from host to guest part
+ * and notify the guest about the change.
  * @hotpluggable: indicates if #DeviceClass is hotpluggable, available
  * as readonly "hotpluggable" property of #DeviceState instance
  *
@@ -162,6 +166,7 @@ struct DeviceClass {
 DeviceReset legacy_reset;
 DeviceRealize realize;
 DeviceUnrealize unrealize;
+DeviceSyncConfig sync_config;
 
 /**
  * @vmsd: device state serialisation description for
@@ -547,6 +552,7 @@ bool qdev_hotplug_allowed(DeviceState *dev, Error **errp);
  */
 HotplugHandler *qdev_get_hotplug_handler(DeviceState *dev);
 void qdev_unplug(DeviceState *dev, Error **errp);
+int qdev_sync_config(DeviceState *dev, Error **errp);
 void qdev_simple_device_unplug_cb(HotplugHandler *hotplug_dev,
   DeviceState *dev, Error **errp);
 void qdev_machine_creation_done(void);
diff --git a/qapi/qdev.json b/qapi/qdev.json
index 53d147c7b4..2a581129c9 100644
--- a/qapi/qdev.json
+++ b/qapi/qdev.json
@@ -163,3 +163,27 @@
 ##
 { 'event': 'DEVICE_UNPLUG_GUEST_ERROR',
   'data': { '*device': 'str', 'path': 'str' } }
+
+##
+# @device-sync-config:
+#
+# Synchronize device configuration from host to guest part.  First,
+# copy the configuration from the host part (backend) to the guest
+# part (frontend).  Then notify guest software that device
+# configuration changed.
+#
+# The command may be used to notify the guest about block device
+# capcity change.  Currently only vhost-user-blk device supports
+# this.
+#
+# @id: the device's ID or QOM path
+#
+# Features:
+#
+# @unstable: The command is experimental.
+#
+# Since: 9.1
+##
+{ 'command': 'device-sync-config',
+  'features': [ 'unstable' ],
+  'data': {'id': 'str'} }
diff --git a/system/qdev-monitor.c b/system/qdev-monitor.c
index 6671137a91..127456080b 100644
--- a/system/qdev-monitor.c
+++ b/system/qdev-monitor

[PATCH v6 0/3] vhost-user-blk: live resize additional APIs

[Vladimir Sementsov-Ogievskiy]

v6: tiny fix: add document comment for sync_config field to fix qdoc
generation. Also, add r-b and a-b marks.

Vladimir Sementsov-Ogievskiy (3):
  qdev-monitor: add option to report GenericError from find_device_state
  vhost-user-blk: split vhost_user_blk_sync_config()
  qapi: introduce device-sync-config

 hw/block/vhost-user-blk.c | 27 ++--
 hw/virtio/virtio-pci.c|  9 +++
 include/hw/qdev-core.h|  6 +
 qapi/qdev.json| 24 ++
 system/qdev-monitor.c | 53 ---
 5 files changed, 108 insertions(+), 11 deletions(-)

-- 
2.34.1

[PULL 10/22] envlist: Remove unused envlist_parse

[Michael Tokarev]

From: "Dr. David Alan Gilbert" 

envlist_parse, envlist_parse_set, envlist_parse_unset were added
in 2009 but never used, see:
  04a6dfebb6 ("linux-user: Add generic env variable handling")

Remove them.

Signed-off-by: Dr. David Alan Gilbert 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 include/qemu/envlist.h |  2 --
 util/envlist.c | 69 --
 2 files changed, 71 deletions(-)

diff --git a/include/qemu/envlist.h b/include/qemu/envlist.h
index 6006dfae44..b2883f6659 100644
--- a/include/qemu/envlist.h
+++ b/include/qemu/envlist.h
@@ -7,8 +7,6 @@ envlist_t *envlist_create(void);
 void envlist_free(envlist_t *);
 int envlist_setenv(envlist_t *, const char *);
 int envlist_unsetenv(envlist_t *, const char *);
-int envlist_parse_set(envlist_t *, const char *);
-int envlist_parse_unset(envlist_t *, const char *);
 char **envlist_to_environ(const envlist_t *, size_t *);
 
 #endif /* ENVLIST_H */
diff --git a/util/envlist.c b/util/envlist.c
index db937c0427..15fdbb109d 100644
--- a/util/envlist.c
+++ b/util/envlist.c
@@ -12,9 +12,6 @@ struct envlist {
 size_t el_count;/* number of entries */
 };
 
-static int envlist_parse(envlist_t *envlist,
-const char *env, int (*)(envlist_t *, const char *));
-
 /*
  * Allocates new envlist and returns pointer to it.
  */
@@ -51,72 +48,6 @@ envlist_free(envlist_t *envlist)
 g_free(envlist);
 }
 
-/*
- * Parses comma separated list of set/modify environment
- * variable entries and updates given enlist accordingly.
- *
- * For example:
- * envlist_parse(el, "HOME=foo,SHELL=/bin/sh");
- *
- * inserts/sets environment variables HOME and SHELL.
- *
- * Returns 0 on success, errno otherwise.
- */
-int
-envlist_parse_set(envlist_t *envlist, const char *env)
-{
-return (envlist_parse(envlist, env, &envlist_setenv));
-}
-
-/*
- * Parses comma separated list of unset environment variable
- * entries and removes given variables from given envlist.
- *
- * Returns 0 on success, errno otherwise.
- */
-int
-envlist_parse_unset(envlist_t *envlist, const char *env)
-{
-return (envlist_parse(envlist, env, &envlist_unsetenv));
-}
-
-/*
- * Parses comma separated list of set, modify or unset entries
- * and calls given callback for each entry.
- *
- * Returns 0 in case of success, errno otherwise.
- */
-static int
-envlist_parse(envlist_t *envlist, const char *env,
-int (*callback)(envlist_t *, const char *))
-{
-char *tmpenv, *envvar;
-char *envsave = NULL;
-int ret = 0;
-assert(callback != NULL);
-
-if ((envlist == NULL) || (env == NULL))
-return (EINVAL);
-
-tmpenv = g_strdup(env);
-envsave = tmpenv;
-
-do {
-envvar = strchr(tmpenv, ',');
-if (envvar != NULL) {
-*envvar = '\0';
-}
-if ((*callback)(envlist, tmpenv) != 0) {
-ret = errno;
-break;
-}
-tmpenv = envvar + 1;
-} while (envvar != NULL);
-
-g_free(envsave);
-return ret;
-}
-
 /*
  * Sets environment value to envlist in similar manner
  * than putenv(3).
-- 
2.39.5

qemu-devel@nongnu.org

[Michael Tokarev]

Since we are always building with LFS enabled, in particular
with -D_FILE_OFFSET_BITS=64, we should always have struct flock
mapped to the 64bit variant (with off64_t), and F_GETLK mapped
to F_GETLK64 etc, automatically.

So there should be no need to explicitly use the "64" suffix
for these things anymore.

Also fix a misleading comment near safe_fcntl telling us to
always use flock64 (since v2.6.0-1311-g435da5e7092a "linux-user:
Use safe_syscall wrapper for fcntl").

Reference: https://gitlab.com/qemu-project/qemu/-/issues/2215
Signed-off-by: Michael Tokarev 
Reviewed-by: Richard Henderson 
---
 linux-user/syscall.c | 62 +---
 1 file changed, 30 insertions(+), 32 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index b693aeff5b..48c459e515 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -759,10 +759,8 @@ safe_syscall6(ssize_t, copy_file_range, int, infd, loff_t 
*, pinoff,
  * the libc function.
  */
 #define safe_ioctl(...) safe_syscall(__NR_ioctl, __VA_ARGS__)
-/* Similarly for fcntl. Note that callers must always:
- *  pass the F_GETLK64 etc constants rather than the unsuffixed F_GETLK
- *  use the flock64 struct rather than unsuffixed flock
- * This will then work and use a 64-bit offset for both 32-bit and 64-bit 
hosts.
+/* Similarly for fcntl. Since we always build with LFS enabled,
+ * we should be using the 64-bit structures automatically.
  */
 #ifdef __NR_fcntl64
 #define safe_fcntl(...) safe_syscall(__NR_fcntl64, __VA_ARGS__)
@@ -6722,13 +6720,13 @@ static int target_to_host_fcntl_cmd(int cmd)
 ret = cmd;
 break;
 case TARGET_F_GETLK:
-ret = F_GETLK64;
+ret = F_GETLK;
 break;
 case TARGET_F_SETLK:
-ret = F_SETLK64;
+ret = F_SETLK;
 break;
 case TARGET_F_SETLKW:
-ret = F_SETLKW64;
+ret = F_SETLKW;
 break;
 case TARGET_F_GETOWN:
 ret = F_GETOWN;
@@ -6744,13 +6742,13 @@ static int target_to_host_fcntl_cmd(int cmd)
 break;
 #if TARGET_ABI_BITS == 32
 case TARGET_F_GETLK64:
-ret = F_GETLK64;
+ret = F_GETLK;
 break;
 case TARGET_F_SETLK64:
-ret = F_SETLK64;
+ret = F_SETLK;
 break;
 case TARGET_F_SETLKW64:
-ret = F_SETLKW64;
+ret = F_SETLKW;
 break;
 #endif
 case TARGET_F_SETLEASE:
@@ -6804,8 +6802,8 @@ static int target_to_host_fcntl_cmd(int cmd)
  * them to 5, 6 and 7 before making the syscall(). Since we make the
  * syscall directly, adjust to what is supported by the kernel.
  */
-if (ret >= F_GETLK64 && ret <= F_SETLKW64) {
-ret -= F_GETLK64 - 5;
+if (ret >= F_GETLK && ret <= F_SETLKW) {
+ret -= F_GETLK - 5;
 }
 #endif
 
@@ -6838,7 +6836,7 @@ static int host_to_target_flock(int type)
 return type;
 }
 
-static inline abi_long copy_from_user_flock(struct flock64 *fl,
+static inline abi_long copy_from_user_flock(struct flock *fl,
 abi_ulong target_flock_addr)
 {
 struct target_flock *target_fl;
@@ -6863,7 +6861,7 @@ static inline abi_long copy_from_user_flock(struct 
flock64 *fl,
 }
 
 static inline abi_long copy_to_user_flock(abi_ulong target_flock_addr,
-  const struct flock64 *fl)
+  const struct flock *fl)
 {
 struct target_flock *target_fl;
 short l_type;
@@ -6882,8 +6880,8 @@ static inline abi_long copy_to_user_flock(abi_ulong 
target_flock_addr,
 return 0;
 }
 
-typedef abi_long from_flock64_fn(struct flock64 *fl, abi_ulong target_addr);
-typedef abi_long to_flock64_fn(abi_ulong target_addr, const struct flock64 
*fl);
+typedef abi_long from_flock64_fn(struct flock *fl, abi_ulong target_addr);
+typedef abi_long to_flock64_fn(abi_ulong target_addr, const struct flock *fl);
 
 #if defined(TARGET_ARM) && TARGET_ABI_BITS == 32
 struct target_oabi_flock64 {
@@ -6894,7 +6892,7 @@ struct target_oabi_flock64 {
 abi_int   l_pid;
 } QEMU_PACKED;
 
-static inline abi_long copy_from_user_oabi_flock64(struct flock64 *fl,
+static inline abi_long copy_from_user_oabi_flock64(struct flock *fl,
abi_ulong target_flock_addr)
 {
 struct target_oabi_flock64 *target_fl;
@@ -6919,7 +6917,7 @@ static inline abi_long copy_from_user_oabi_flock64(struct 
flock64 *fl,
 }
 
 static inline abi_long copy_to_user_oabi_flock64(abi_ulong target_flock_addr,
- const struct flock64 *fl)
+ const struct flock *fl)
 {
 struct target_oabi_flock64 *target_fl;
 short l_type;
@@ -6939,7 +6937,7 @@ static inline abi_long 
copy_to_user_oabi_flock64(abi_ulong target_flock_addr,
 }
 #endif
 
-static inline abi_long copy_from_user_flock64(struct flock64 *fl,
+static inline abi_long copy_from_user_flock64(struct floc

[PULL 11/22] hw/sysbus: Remove unused sysbus_mmio_unmap

[Michael Tokarev]

From: "Dr. David Alan Gilbert" 

The last use of sysbus_mmio_unmap was removed by
  981b1c6266 ("spapr/xive: rework the mapping the KVM memory regions")

Remove it.

Signed-off-by: Dr. David Alan Gilbert 
Reviewed-by: Daniel P. Berrangé 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 hw/core/sysbus.c| 10 --
 include/hw/sysbus.h |  1 -
 2 files changed, 11 deletions(-)

diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c
index ad34fb7344..e64d99c8ed 100644
--- a/hw/core/sysbus.c
+++ b/hw/core/sysbus.c
@@ -154,16 +154,6 @@ static void sysbus_mmio_map_common(SysBusDevice *dev, int 
n, hwaddr addr,
 }
 }
 
-void sysbus_mmio_unmap(SysBusDevice *dev, int n)
-{
-assert(n >= 0 && n < dev->num_mmio);
-
-if (dev->mmio[n].addr != (hwaddr)-1) {
-memory_region_del_subregion(get_system_memory(), dev->mmio[n].memory);
-dev->mmio[n].addr = (hwaddr)-1;
-}
-}
-
 void sysbus_mmio_map(SysBusDevice *dev, int n, hwaddr addr)
 {
 sysbus_mmio_map_common(dev, n, addr, false, 0);
diff --git a/include/hw/sysbus.h b/include/hw/sysbus.h
index 3cb29a480e..c9b1e0e90e 100644
--- a/include/hw/sysbus.h
+++ b/include/hw/sysbus.h
@@ -82,7 +82,6 @@ qemu_irq sysbus_get_connected_irq(SysBusDevice *dev, int n);
 void sysbus_mmio_map(SysBusDevice *dev, int n, hwaddr addr);
 void sysbus_mmio_map_overlap(SysBusDevice *dev, int n, hwaddr addr,
  int priority);
-void sysbus_mmio_unmap(SysBusDevice *dev, int n);
 
 bool sysbus_realize(SysBusDevice *dev, Error **errp);
 bool sysbus_realize_and_unref(SysBusDevice *dev, Error **errp);
-- 
2.39.5

[PULL 01/22] mark with for-crc32 in a consistent manner

[Michael Tokarev]

in many cases,  is only included for crc32 function,
and in some of them, there's a comment saying that, but in
a different way.  In one place (hw/net/rtl8139.c), there was
another #include added between the comment and  include.

Make all such comments to be on the same line as #include, make
it consistent, and also add a few missing comments, including
hw/nvram/mac_nvram.c which uses adler32 instead.

There's no code changes.

Signed-off-by: Michael Tokarev 
---
 hw/net/cadence_gem.c | 2 +-
 hw/net/dp8393x.c | 2 +-
 hw/net/ftgmac100.c   | 3 +--
 hw/net/i82596.c  | 2 +-
 hw/net/imx_fec.c | 3 +--
 hw/net/lan9118.c | 3 +--
 hw/net/mcf_fec.c | 3 +--
 hw/net/npcm7xx_emc.c | 3 +--
 hw/net/rtl8139.c | 4 +---
 hw/net/smc91c111.c   | 3 +--
 hw/net/stellaris_enet.c  | 2 +-
 hw/nvram/mac_nvram.c | 2 +-
 target/arm/helper.c  | 2 +-
 target/arm/tcg/helper-a64.c  | 2 +-
 target/loongarch/tcg/op_helper.c | 2 +-
 15 files changed, 15 insertions(+), 23 deletions(-)

diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index 44a5e65b8f..526739887c 100644
--- a/hw/net/cadence_gem.c
+++ b/hw/net/cadence_gem.c
@@ -23,7 +23,7 @@
  */
 
 #include "qemu/osdep.h"
-#include  /* For crc32 */
+#include  /* for crc32 */
 
 #include "hw/irq.h"
 #include "hw/net/cadence_gem.h"
diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index 09d708f989..c0977308ba 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -27,7 +27,7 @@
 #include "qapi/error.h"
 #include "qemu/module.h"
 #include "qemu/timer.h"
-#include 
+#include  /* for crc32 */
 #include "qom/object.h"
 #include "trace.h"
 
diff --git a/hw/net/ftgmac100.c b/hw/net/ftgmac100.c
index 178a11675d..478356ee3e 100644
--- a/hw/net/ftgmac100.c
+++ b/hw/net/ftgmac100.c
@@ -24,8 +24,7 @@
 #include "hw/qdev-properties.h"
 #include "migration/vmstate.h"
 
-/* For crc32 */
-#include 
+#include  /* for crc32 */
 
 /*
  * FTGMAC100 registers
diff --git a/hw/net/i82596.c b/hw/net/i82596.c
index 6cc8292a65..d786086a51 100644
--- a/hw/net/i82596.c
+++ b/hw/net/i82596.c
@@ -19,7 +19,7 @@
 #include "qemu/module.h"
 #include "trace.h"
 #include "i82596.h"
-#include/* For crc32 */
+#include  /* for crc32 */
 
 #if defined(ENABLE_DEBUG)
 #define DBG(x)  x
diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index f9265de18b..6294d29202 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -33,8 +33,7 @@
 #include "net/eth.h"
 #include "trace.h"
 
-/* For crc32 */
-#include 
+#include  /* for crc32 */
 
 #define IMX_MAX_DESC1024
 
diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c
index 5a49601497..db28a0ef30 100644
--- a/hw/net/lan9118.c
+++ b/hw/net/lan9118.c
@@ -22,8 +22,7 @@
 #include "qapi/error.h"
 #include "qemu/log.h"
 #include "qemu/module.h"
-/* For crc32 */
-#include 
+#include  /* for crc32 */
 #include "qom/object.h"
 
 //#define DEBUG_LAN9118
diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
index 2898ad22d8..037cd2028e 100644
--- a/hw/net/mcf_fec.c
+++ b/hw/net/mcf_fec.c
@@ -16,8 +16,7 @@
 #include "hw/net/mii.h"
 #include "hw/qdev-properties.h"
 #include "hw/sysbus.h"
-/* For crc32 */
-#include 
+#include  /* for crc32 */
 
 //#define DEBUG_FEC 1
 
diff --git a/hw/net/npcm7xx_emc.c b/hw/net/npcm7xx_emc.c
index 31e488d138..7307a13400 100644
--- a/hw/net/npcm7xx_emc.c
+++ b/hw/net/npcm7xx_emc.c
@@ -29,8 +29,7 @@
 
 #include "qemu/osdep.h"
 
-/* For crc32 */
-#include 
+#include  /* for crc32 */
 
 #include "hw/irq.h"
 #include "hw/qdev-clock.h"
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index 1b78deb14c..bc56075c0d 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -48,10 +48,8 @@
  *  2011-Mar-22  Benjamin Poirier:  Implemented VLAN offloading
  */
 
-/* For crc32 */
-
 #include "qemu/osdep.h"
-#include 
+#include  /* for crc32 */
 
 #include "hw/pci/pci_device.h"
 #include "hw/qdev-properties.h"
diff --git a/hw/net/smc91c111.c b/hw/net/smc91c111.c
index c5338dd49e..180ba5c791 100644
--- a/hw/net/smc91c111.c
+++ b/hw/net/smc91c111.c
@@ -17,8 +17,7 @@
 #include "qapi/error.h"
 #include "qemu/log.h"
 #include "qemu/module.h"
-/* For crc32 */
-#include 
+#include  /* for crc32 */
 #include "qom/object.h"
 
 /* Number of 2k memory pages available.  */
diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c
index 08e5393151..9ebff296c4 100644
--- a/hw/net/stellaris_enet.c
+++ b/hw/net/stellaris_enet.c
@@ -15,7 +15,7 @@
 #include "net/net.h"
 #include "qemu/log.h"
 #include "qemu/module.h"
-#include 
+#include  /* for crc32 */
 #include "qom/object.h"
 
 //#define DEBUG_STELLARIS_ENET 1
diff --git a/hw/nvram/mac_nvram.c b/hw/nvram/mac_nvram.c
index fef34e7f41..e47e52a677 100644
--- a/hw/nvram/mac_nvram.c
+++ b/hw/nvram/mac_nvram.c
@@ -35,7 +35,7 @@
 #include "qemu/module.h"
 #include "qemu/error-report.h"
 #include "trace.h"
-#include 
+#include  /* for adler32 */
 
 #define DEF_

[PULL 00/22] Trivial patches for 2024-09-20

[Michael Tokarev]

The following changes since commit 01dc65a3bc262ab1bec8fe89775e9bbfa627becb:

  Merge tag 'pull-target-arm-20240919' of 
https://git.linaro.org/people/pmaydell/qemu-arm into staging (2024-09-19 
14:15:15 +0100)

are available in the Git repository at:

  https://gitlab.com/mjt0k/qemu.git tags/pull-trivial-patches

for you to fetch changes up to 06e2329636f9c05b046ccf8aa1b245bbdfb01263:

  license: Update deprecated SPDX tag GPL-2.0 to GPL-2.0-only (2024-09-20 
10:11:59 +0300)


trivial patches for 2024-09-20

Various things.  Including explicit-LFS usage removal for linux-user
which allows qemu to be built on musl, some minor tests fixes, removals
of unused functions, license tag fixes, and others.


Bibo Mao (1):
  hw/loongarch/virt: Add description for virt machine type

Dr. David Alan Gilbert (3):
  envlist: Remove unused envlist_parse
  hw/sysbus: Remove unused sysbus_mmio_unmap
  util/cutils: Remove unused qemu_get_exec_dir

Inès Varhol (1):
  hw/display: Fix mirrored output in dm163

Mark Cave-Ayland (1):
  hw/mips/jazz: fix typo in in-built NIC alias

Michael Tokarev (3):
  mark  with for-crc32 in a consistent manner
  linux-user/syscall.c: drop 64 suffix from flock64 &Co
  linux-user/syscall.c: eliminate other explicit LFS usages

Philippe Mathieu-Daudé (8):
  tests/unit: Really build pbkdf test on macOS
  target/hexagon: Rename macros.inc -> macros.h.inc
  tests/bench: Rename test_akcipher_keys.inc -> test_akcipher_keys.c.inc
  tests/functional: Correct typo in test_netdev_ethtool.py SPDX tag
  license: Simplify GPL-2.0-or-later license descriptions
  license: Update deprecated SPDX tag LGPL-2.0+ to LGPL-2.0-or-later
  license: Update deprecated SPDX tag GPL-2.0+ to GPL-2.0-or-later
  license: Update deprecated SPDX tag GPL-2.0 to GPL-2.0-only

Tejas Vipin (1):
  ppc: fix incorrect spelling of PowerMac

Thomas Huth (4):
  hw/virtio/Kconfig: Include vhost-user-scmi only on arm targets
  tests/qemu-iotests/testenv: Use the "virt" machine for or1k
  tests/qemu-iotests/testenv: Use the "r2d" machine for sh4/sh4eb
  tests/functional: Put the or1k_sim test into the slow category

 block/vdi.c|  4 +-
 docs/system/ppc/powermac.rst   |  4 +-
 gdbstub/gdbstub.c  |  2 +-
 gdbstub/syscalls.c |  2 +-
 gdbstub/system.c   |  2 +-
 gdbstub/user-target.c  |  2 +-
 gdbstub/user.c |  2 +-
 hw/core/sysbus.c   | 10 ---
 hw/core/uboot_image.h  |  2 +-
 hw/display/dm163.c |  2 +-
 hw/loongarch/virt.c|  1 +
 hw/m68k/bootinfo.h |  2 +-
 hw/mips/jazz.c |  2 +-
 hw/net/cadence_gem.c   |  2 +-
 hw/net/dp8393x.c   |  2 +-
 hw/net/eepro100.c  |  4 +-
 hw/net/ftgmac100.c |  3 +-
 hw/net/i82596.c|  2 +-
 hw/net/igb_regs.h  |  2 +-
 hw/net/imx_fec.c   |  3 +-
 hw/net/lan9118.c   |  3 +-
 hw/net/mcf_fec.c   |  3 +-
 hw/net/npcm7xx_emc.c   |  3 +-
 hw/net/rtl8139.c   |  4 +-
 hw/net/smc91c111.c |  3 +-
 hw/net/stellaris_enet.c|  2 +-
 hw/nvram/fw_cfg-acpi.c |  2 +-
 hw/nvram/mac_nvram.c   |  2 +-
 hw/ppc/mac_newworld.c  |  2 +-
 hw/ppc/mac_oldworld.c  |  2 +-
 hw/ppc/rs6000_mc.c |  4 +-
 hw/virtio/Kconfig  |  2 +-
 hw/virtio/virtio-acpi.c|  2 +-
 include/gdbstub/syscalls.h |  2 +-
 include/gdbstub/user.h |  2 +-
 include/hw/nvram/fw_cfg_acpi.h |  2 +-
 include/hw/sysbus.h|  1 -
 include/hw/usb/dwc2-regs.h |  2 +-
 include/hw/virtio/virtio-acpi.h|  2 +-
 include/qemu/crc-ccitt.h   |  2 +-
 include/qemu/cutils.h  |  5 +-
 include/qemu/envlist.h |  2 -
 include/qemu/timed-average.h   |  4 +-
 linux-user/alpha/syscall.tbl   |  2 +-
 linux-user/alpha/syscall

Re: [PATCH v6 1/1] linux-user: add openat2 support in linux-user

[Laurent Vivier]

Le 20/09/2024 à 11:22, Michael Vogt a écrit :

This commit adds support for the `openat2()` syscall in the
`linux-user` userspace emulator.

It is implemented by extracting a new helper `maybe_do_fake_open()`
out of the exiting `do_guest_openat()` and share that with the
new `do_guest_openat2()`. Unfortunately we cannot just make
do_guest_openat2() a superset of do_guest_openat() because the
openat2() syscall is stricter with the argument checking and
will return an error for invalid flags or mode combinations (which
open()/openat() will ignore).

The implementation is similar to SYSCALL_DEFINE(openat2), i.e.
a new `copy_struct_from_user()` is used that works the same
as the kernels version to support backwards-compatibility
for struct syscall argument.

Instead of including openat2.h we create a copy of `open_how`
as `open_how_ver0` to ensure that if the structure grows we
can log a LOG_UNIMP warning.

Note that in this commit using openat2() for a "faked" file in
/proc will ignore the "resolve" flags. This is not great but it
seems similar to the exiting behavior when openat() is called
with a dirfd to "/proc". Here too the fake file lookup may
not catch the special file because "realpath()" is used to
determine if the path is in /proc. Alternatively to ignoring
we could simply fail with `-TARGET_ENOSYS` (or similar) if
`resolve` flags are passed and we found something that looks
like a file in /proc that needs faking.

Signed-off-by: Michael Vogt 
Buglink: https://github.com/osbuild/bootc-image-builder/issues/619
---
  linux-user/syscall.c  | 108 +-
  linux-user/syscall_defs.h |   7 +++
  2 files changed, 113 insertions(+), 2 deletions(-)



Reviewed-by: Laurent Vivier 

[PATCH v6] ptp: Add support for the AMZNC10C 'vmclock' device

[David Woodhouse]

From: David Woodhouse 

The vmclock device addresses the problem of live migration with
precision clocks. The tolerances of a hardware counter (e.g. TSC) are
typically around ±50PPM. A guest will use NTP/PTP/PPS to discipline that
counter against an external source of 'real' time, and track the precise
frequency of the counter as it changes with environmental conditions.

When a guest is live migrated, anything it knows about the frequency of
the underlying counter becomes invalid. It may move from a host where
the counter running at -50PPM of its nominal frequency, to a host where
it runs at +50PPM. There will also be a step change in the value of the
counter, as the correctness of its absolute value at migration is
limited by the accuracy of the source and destination host's time
synchronization.

In its simplest form, the device merely advertises a 'disruption_marker'
which indicates that the guest should throw away any NTP synchronization
it thinks it has, and start again.

Because the shared memory region can be exposed all the way to userspace
through the /dev/vmclock0 node, applications can still use time from a
fast vDSO 'system call', and check the disruption marker to be sure that
their timestamp is indeed truthful.

The structure also allows for the precise time, as known by the host, to
be exposed directly to guests so that they don't have to wait for NTP to
resync from scratch. The PTP driver consumes this information if present.
Like the KVM PTP clock, this PTP driver can convert TSC-based cross
timestamps into KVM clock values. Unlike the KVM PTP clock, it does so
only when such is actually helpful.

The values and fields are based on the nascent virtio-rtc specification,
and the intent is that a version (hopefully precisely this version) of
this structure will be included as an optional part of that spec. In the
meantime, this driver supports the simple ACPI form of the device which
is being shipped in certain commercial hypervisors (and submitted for
inclusion in QEMU).

Signed-off-by: David Woodhouse 
---


QEMU implementation at
https://git.infradead.org/users/dwmw2/qemu.git/shortlog/refs/heads/vmclock

v6:
 • Checkpatch trivia.

v5:
 • Rewrite commit message based on the more informative QEMU one.
 • Fix missing le32_to_cpu() in VMCLOCK_FIELD_PRESENT() macro.
 • Remove obsolete comment about "if __int128 isn't available'.

v4:
 • Make it all explicitly little-endian.
 • Fix duplicate 'the the' in comment.

v3:
 • Fix stray backtick from space→tab conversion.
 • Switch to assigned AMZNC10C HID.

v2:
 • Match "AMZNVCLK" HID instead of CID (QEMU patch updated accordingly)
 • Be more flexible about struct size to allow expansion
 • Remove 'inline'
 • Comment read barriers, other cosmetics.

v1:
 • Change absolute error fields to nanoseconds
 • Update leap second definition to match virtio-rtc intentions in
   
https://lore.kernel.org/all/85c93b42-41a2-42c4-a168-55079bbff...@opensynergy.com

RFC v4:
 • Add esterror fields, MONOTONIC flag.
 • Reduce seq_count to 32 bits
 • Expand size to permit 64KiB pages
 • Align with virtio-rtc fields, values and leap handling
 • Drop gettime() method (since we have gettimex())
 • Add leap second smearing hint
 • Use a real _CRS on the ACPI device

RFC v3: (wrong patch sent)

RFC v2:
 • Add gettimex64() support
 • Convert TSC values to KVM clock when appropriate
 • Require int128 support
 • Add counter_period_shift
 • Add timeout when seq_count is invalid
 • Add flags field
 • Better comments in vmclock ABI structure
 • Explicitly forbid smearing (as clock rates would need to change)


 drivers/ptp/Kconfig  |  13 +
 drivers/ptp/Makefile |   1 +
 drivers/ptp/ptp_vmclock.c| 615 +++
 include/uapi/linux/vmclock-abi.h | 182 +
 4 files changed, 811 insertions(+)
 create mode 100644 drivers/ptp/ptp_vmclock.c
 create mode 100644 include/uapi/linux/vmclock-abi.h

diff --git a/drivers/ptp/Kconfig b/drivers/ptp/Kconfig
index 604541dcb320..e98c9767e0ef 100644
--- a/drivers/ptp/Kconfig
+++ b/drivers/ptp/Kconfig
@@ -131,6 +131,19 @@ config PTP_1588_CLOCK_KVM
  To compile this driver as a module, choose M here: the module
  will be called ptp_kvm.
 
+config PTP_1588_CLOCK_VMCLOCK
+   tristate "Virtual machine PTP clock"
+   depends on X86_TSC || ARM_ARCH_TIMER
+   depends on PTP_1588_CLOCK && ACPI && ARCH_SUPPORTS_INT128
+   default y
+   help
+ This driver adds support for using a virtual precision clock
+ advertised by the hypervisor. This clock is only useful in virtual
+ machines where such a device is present.
+
+ To compile this driver as a module, choose M here: the module
+ will be called ptp_vmclock.
+
 config PTP_1588_CLOCK_IDT82P33
tristate "IDT 82P33xxx PTP clock"
depends on PTP_1588_CLOCK && I2C
diff --git a/drivers/ptp/Makefile b/drivers/ptp/Makefile
index 68bf02078053..01b5cd91eb61 100644
--- a/driv

Re: [RFC] Virtualizing tagged disaggregated memory capacity (app specific, multi host shared)

[Gregory Price]

> > 2. Coarse grained memory increases for 'normal' memory.
> > Can use memory hot-plug. Recovery of capacity likely to only be 
> > possible on
> > VM shutdown.
> 
> Is there are reason "movable" (ZONE_MOVABLE) is not an option, at least in
> some setups? If not, why?
>


This seems like a bit of a muddied conversation.

"'normal' memory" has no defined meaning - so lets clear this up a bit

There is:
* System-RAM (memory managed by kernel allocators)
* Special Purpose Memory (generally presented as DAX)

System-RAM is managed as zones - the relevant ones are
* ZONE_NORMAL allows both movable and non-movable allocations
* ZONE_MOVABLE only allows non-movable allocations
  (Caveat: this generally only applies to allocation, you can
   violate this with stuff like pinning)

Hotplug can be thought of as two discrete mechanisms
* Exposing capacity to the kernel (CXL DCD Transactions)
* Exposing capacity to allocators (mm/memory-hotplug.c)

1) if the intent is to primarily utilize dynamic capacity for VMs, then
   the host does not need (read: should not need) to map the memory as
   System-RAM in the host. The VMM should be made to consume it directly
   via DAX or otherwise.

   That capacity is almost by definition "Capital G Guaranteed" to be
   reclaimable regardless of what the guest does. A VMM can force a guest
   to let go of resources - that's its job.

2) if the intent is to provide dynamic capacity to a host as System-RAM, then
   recoverability is dictated by system usage of that capacity. If onlined
   into ZONE_MOVABLE, then if the system has avoided doing things like pinning
   those pages it should *generally* be recoverable (but not guaranteed).


For the virtualization discussion:

Hotplug and recoverability is a non-issue.  The capacity should never be
exposed to system allocators and the VMM should be made to consume special
purpose memory directly. That's on the VMM/orchestration software to get right.


For the host System-RAM discussion:

Auto-onlined hotplug capacity presently defaults to ZONE_NORMAL, but we
discussed (yesterday, at Plumbers) changing this default to ZONE_MOVABLE.

The only concern is when insufficient ZONE_NORMAL exists to support
ZONE_MOVABLE capacity - but this is unlikely to be the general scenario AND
can be mitigated w/ existing mechanisms.

Manually onlined capacity defaults to ZONE_MOVABLE.

It would be nice to make this behavior consistent, since the general opinion
appears to be that this capacity should default to ZONE_MOVABLE.

~Gregory

[PATCH 08/10] hw/intc/loongarch_extioi: Inherit from loongarch_extioi_common

[Bibo Mao]

Set TYPE_LOONGARCH_EXTIOI inherit from TYPE_LOONGARCH_EXTIOI_COMMON
object, it shares vmsate and property of TYPE_LOONGARCH_EXTIOI_COMMON,
and has its own realize() function.

Signed-off-by: Bibo Mao 
---
 hw/intc/loongarch_extioi.c| 37 ++---
 hw/intc/loongarch_extioi_common.c | 39 ++-
 hw/intc/meson.build   |  2 +-
 include/hw/intc/loongarch_extioi.h| 17 --
 include/hw/intc/loongarch_extioi_common.h | 13 
 5 files changed, 84 insertions(+), 24 deletions(-)

diff --git a/hw/intc/loongarch_extioi.c b/hw/intc/loongarch_extioi.c
index a6f489b885..adaf9dc2c5 100644
--- a/hw/intc/loongarch_extioi.c
+++ b/hw/intc/loongarch_extioi.c
@@ -323,17 +323,15 @@ static const MemoryRegionOps extioi_virt_ops = {
 .endianness = DEVICE_LITTLE_ENDIAN,
 };
 
-static int vmstate_extioi_post_load(void *opaque, int version_id);
-#include "loongarch_extioi_common.c"
-
 static void loongarch_extioi_realize(DeviceState *dev, Error **errp)
 {
-LoongArchExtIOI *s = LOONGARCH_EXTIOI(dev);
+LoongArchExtIOICommonState *s = LOONGARCH_EXTIOI_COMMON(dev);
+LoongArchExtIOIClass *lec = LOONGARCH_EXTIOI_GET_CLASS(dev);
 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 Error *local_err = NULL;
 int i, pin;
 
-loongarch_extioi_common_realize(dev, &local_err);
+lec->parent_realize(dev, &local_err);
 if (local_err) {
 error_propagate(errp, local_err);
 return;
@@ -404,24 +402,23 @@ static int vmstate_extioi_post_load(void *opaque, int 
version_id)
 static void loongarch_extioi_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
+LoongArchExtIOIClass *lec = LOONGARCH_EXTIOI_CLASS(klass);
+LoongArchExtIOICommonClass *lecc = LOONGARCH_EXTIOI_COMMON_CLASS(klass);
 
-dc->realize = loongarch_extioi_realize;
-dc->unrealize = loongarch_extioi_unrealize;
+device_class_set_parent_realize(dc, loongarch_extioi_realize,
+&lec->parent_realize);
+device_class_set_parent_unrealize(dc, loongarch_extioi_unrealize,
+  &lec->parent_unrealize);
 device_class_set_legacy_reset(dc, loongarch_extioi_reset);
-device_class_set_props(dc, extioi_properties);
-dc->vmsd = &vmstate_loongarch_extioi;
+lecc->post_load = vmstate_extioi_post_load;
 }
 
-static const TypeInfo loongarch_extioi_info = {
-.name  = TYPE_LOONGARCH_EXTIOI,
-.parent= TYPE_SYS_BUS_DEVICE,
-.instance_size = sizeof(struct LoongArchExtIOI),
-.class_init= loongarch_extioi_class_init,
+static const TypeInfo loongarch_extioi_types[] = {
+{
+.name = TYPE_LOONGARCH_EXTIOI,
+.parent   = TYPE_LOONGARCH_EXTIOI_COMMON,
+.class_init   = loongarch_extioi_class_init,
+}
 };
 
-static void loongarch_extioi_register_types(void)
-{
-type_register_static(&loongarch_extioi_info);
-}
-
-type_init(loongarch_extioi_register_types)
+DEFINE_TYPES(loongarch_extioi_types)
diff --git a/hw/intc/loongarch_extioi_common.c 
b/hw/intc/loongarch_extioi_common.c
index 13f02fc5ab..af15ec3531 100644
--- a/hw/intc/loongarch_extioi_common.c
+++ b/hw/intc/loongarch_extioi_common.c
@@ -3,6 +3,12 @@
  * Loongson extioi interrupt controller emulation
  * Copyright (C) 2024 Loongson Technology Corporation Limited
  */
+#include "qemu/osdep.h"
+#include "qemu/module.h"
+#include "qapi/error.h"
+#include "hw/qdev-properties.h"
+#include "hw/intc/loongarch_extioi_common.h"
+#include "migration/vmstate.h"
 
 static void loongarch_extioi_common_realize(DeviceState *dev, Error **errp)
 {
@@ -16,7 +22,14 @@ static void loongarch_extioi_common_realize(DeviceState 
*dev, Error **errp)
 
 static int loongarch_extioi_common_post_load(void *opaque, int version_id)
 {
-return vmstate_extioi_post_load(opaque, version_id);
+LoongArchExtIOICommonState *s = (LoongArchExtIOICommonState *)opaque;
+LoongArchExtIOICommonClass *lecc = LOONGARCH_EXTIOI_COMMON_GET_CLASS(s);
+
+if (lecc->post_load) {
+return lecc->post_load(s, version_id);
+}
+
+return 0;
 }
 
 static const VMStateDescription vmstate_extioi_core = {
@@ -61,3 +74,27 @@ static Property extioi_properties[] = {
 features, EXTIOI_HAS_VIRT_EXTENSION, 0),
 DEFINE_PROP_END_OF_LIST(),
 };
+
+static void loongarch_extioi_common_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+LoongArchExtIOICommonClass *lecc = LOONGARCH_EXTIOI_COMMON_CLASS(klass);
+
+device_class_set_parent_realize(dc, loongarch_extioi_common_realize,
+&lecc->parent_realize);
+device_class_set_props(dc, extioi_properties);
+dc->vmsd = &vmstate_loongarch_extioi;
+}
+
+static const TypeInfo loongarch_extioi_common_types[] = {
+{
+.name   = TYPE_LOONGARCH_EXTIOI_COMMON,
+.parent = TYPE

[PATCH 01/10] include: Add loongarch_extioi_common header file

[Bibo Mao]

Add common header file include/hw/intc/loongarch_extioi_common.h, and
move some macro definition from include/hw/intc/loongarch_extioi.h to
the common header file.

Signed-off-by: Bibo Mao 
---
 include/hw/intc/loongarch_extioi.h| 50 +--
 include/hw/intc/loongarch_extioi_common.h | 58 +++
 2 files changed, 59 insertions(+), 49 deletions(-)
 create mode 100644 include/hw/intc/loongarch_extioi_common.h

diff --git a/include/hw/intc/loongarch_extioi.h 
b/include/hw/intc/loongarch_extioi.h
index 626a37dfa1..b1f87cd246 100644
--- a/include/hw/intc/loongarch_extioi.h
+++ b/include/hw/intc/loongarch_extioi.h
@@ -5,58 +5,10 @@
  * Copyright (C) 2021 Loongson Technology Corporation Limited
  */
 
-#include "hw/sysbus.h"
-#include "hw/loongarch/virt.h"
-
 #ifndef LOONGARCH_EXTIOI_H
 #define LOONGARCH_EXTIOI_H
 
-#define LS3A_INTC_IP   8
-#define EXTIOI_IRQS(256)
-#define EXTIOI_IRQS_BITMAP_SIZE(256 / 8)
-/* irq from EXTIOI is routed to no more than 4 cpus */
-#define EXTIOI_CPUS(4)
-/* map to ipnum per 32 irqs */
-#define EXTIOI_IRQS_IPMAP_SIZE (256 / 32)
-#define EXTIOI_IRQS_COREMAP_SIZE   256
-#define EXTIOI_IRQS_NODETYPE_COUNT  16
-#define EXTIOI_IRQS_GROUP_COUNT8
-
-#define APIC_OFFSET  0x400
-#define APIC_BASE(0x1000ULL + APIC_OFFSET)
-
-#define EXTIOI_NODETYPE_START(0x4a0 - APIC_OFFSET)
-#define EXTIOI_NODETYPE_END  (0x4c0 - APIC_OFFSET)
-#define EXTIOI_IPMAP_START   (0x4c0 - APIC_OFFSET)
-#define EXTIOI_IPMAP_END (0x4c8 - APIC_OFFSET)
-#define EXTIOI_ENABLE_START  (0x600 - APIC_OFFSET)
-#define EXTIOI_ENABLE_END(0x620 - APIC_OFFSET)
-#define EXTIOI_BOUNCE_START  (0x680 - APIC_OFFSET)
-#define EXTIOI_BOUNCE_END(0x6a0 - APIC_OFFSET)
-#define EXTIOI_ISR_START (0x700 - APIC_OFFSET)
-#define EXTIOI_ISR_END   (0x720 - APIC_OFFSET)
-#define EXTIOI_COREISR_START (0x800 - APIC_OFFSET)
-#define EXTIOI_COREISR_END   (0xB20 - APIC_OFFSET)
-#define EXTIOI_COREMAP_START (0xC00 - APIC_OFFSET)
-#define EXTIOI_COREMAP_END   (0xD00 - APIC_OFFSET)
-#define EXTIOI_SIZE  0x800
-
-#define EXTIOI_VIRT_BASE (0x4000)
-#define EXTIOI_VIRT_SIZE (0x1000)
-#define EXTIOI_VIRT_FEATURES (0x0)
-#define  EXTIOI_HAS_VIRT_EXTENSION   (0)
-#define  EXTIOI_HAS_ENABLE_OPTION(1)
-#define  EXTIOI_HAS_INT_ENCODE   (2)
-#define  EXTIOI_HAS_CPU_ENCODE   (3)
-#define  EXTIOI_VIRT_HAS_FEATURES(BIT(EXTIOI_HAS_VIRT_EXTENSION)  \
-  | BIT(EXTIOI_HAS_ENABLE_OPTION) \
-  | BIT(EXTIOI_HAS_CPU_ENCODE))
-#define EXTIOI_VIRT_CONFIG   (0x4)
-#define  EXTIOI_ENABLE   (1)
-#define  EXTIOI_ENABLE_INT_ENCODE(2)
-#define  EXTIOI_ENABLE_CPU_ENCODE(3)
-#define EXTIOI_VIRT_COREMAP_START(0x40)
-#define EXTIOI_VIRT_COREMAP_END  (0x240)
+#include "hw/intc/loongarch_extioi_common.h"
 
 typedef struct ExtIOICore {
 uint32_t coreisr[EXTIOI_IRQS_GROUP_COUNT];
diff --git a/include/hw/intc/loongarch_extioi_common.h 
b/include/hw/intc/loongarch_extioi_common.h
new file mode 100644
index 00..09e2b760f3
--- /dev/null
+++ b/include/hw/intc/loongarch_extioi_common.h
@@ -0,0 +1,58 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * LoongArch 3A5000 ext interrupt controller definitions
+ * Copyright (C) 2024 Loongson Technology Corporation Limited
+ */
+
+#ifndef LOONGARCH_EXTIOI_COMMON_H
+#define LOONGARCH_EXTIOI_COMMON_H
+
+#include "hw/sysbus.h"
+#include "hw/loongarch/virt.h"
+
+#define LS3A_INTC_IP 8
+#define EXTIOI_IRQS  (256)
+#define EXTIOI_IRQS_BITMAP_SIZE  (256 / 8)
+/* irq from EXTIOI is routed to no more than 4 cpus */
+#define EXTIOI_CPUS  (4)
+/* map to ipnum per 32 irqs */
+#define EXTIOI_IRQS_IPMAP_SIZE   (256 / 32)
+#define EXTIOI_IRQS_COREMAP_SIZE 256
+#define EXTIOI_IRQS_NODETYPE_COUNT   16
+#define EXTIOI_IRQS_GROUP_COUNT  8
+
+#define APIC_OFFSET  0x400
+#define APIC_BASE(0x1000ULL + APIC_OFFSET)
+#define EXTIOI_NODETYPE_START(0x4a0 - APIC_OFFSET)
+#define EXTIOI_NODETYPE_END  (0x4c0 - APIC_OFFSET)
+#define EXTIOI_IPMAP_START   (0x4c0 - APIC_OFFSET)
+#define EXTIOI_IPMAP_END (0x4c8 - APIC_OFFSET)
+#define EXTIOI_ENABLE_START  (0x600 - APIC_OFFSET)
+#define EXTIOI_ENABLE_END(0x620 - APIC_OFFSET)
+#define EXTIOI_BOUNCE_START  (0x680 - APIC_OFFSET)
+#define EXTIOI_BOUNCE_END(0x6a0 - APIC_OFFSET)
+#define EXTIOI_ISR_START (0x700 - APIC_OFFSET)
+#define EXTIOI_ISR_END   (0x720 - APIC_OFFSET)
+#define EXTIOI_COREISR_START (0x800 - APIC_OFFSET)
+#define EXTIOI_COREISR_END   (0xB20 - APIC_OFFSET)
+#define E

[PATCH 05/10] hw/intc/loongarch_extioi: Add common realize interface

[Bibo Mao]

Add common realize function, it is only to check validity of property.

Signed-off-by: Bibo Mao 
---
 hw/intc/loongarch_extioi.c | 17 +++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/hw/intc/loongarch_extioi.c b/hw/intc/loongarch_extioi.c
index 409d4a85da..8ac246c2e6 100644
--- a/hw/intc/loongarch_extioi.c
+++ b/hw/intc/loongarch_extioi.c
@@ -323,14 +323,27 @@ static const MemoryRegionOps extioi_virt_ops = {
 .endianness = DEVICE_LITTLE_ENDIAN,
 };
 
+static void loongarch_extioi_common_realize(DeviceState *dev, Error **errp)
+{
+LoongArchExtIOICommonState *s = (LoongArchExtIOICommonState *)dev;
+SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+
+if (s->num_cpu == 0) {
+error_setg(errp, "num-cpu must be at least 1");
+return;
+}
+}
+
 static void loongarch_extioi_realize(DeviceState *dev, Error **errp)
 {
 LoongArchExtIOI *s = LOONGARCH_EXTIOI(dev);
 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+Error *local_err = NULL;
 int i, pin;
 
-if (s->num_cpu == 0) {
-error_setg(errp, "num-cpu must be at least 1");
+loongarch_extioi_common_realize(dev, &local_err);
+if (local_err) {
+error_propagate(errp, local_err);
 return;
 }
 
-- 
2.39.3

[PATCH 09/10] hw/intc/loongarch_extioi: Add pre_save interface

[Bibo Mao]

Add vmstate pre_save interface, which can be used extioi kvm driver
in future.

Signed-off-by: Bibo Mao 
---
 hw/intc/loongarch_extioi_common.c | 13 +
 include/hw/intc/loongarch_extioi_common.h |  1 +
 2 files changed, 14 insertions(+)

diff --git a/hw/intc/loongarch_extioi_common.c 
b/hw/intc/loongarch_extioi_common.c
index af15ec3531..b3cbba81e1 100644
--- a/hw/intc/loongarch_extioi_common.c
+++ b/hw/intc/loongarch_extioi_common.c
@@ -20,6 +20,18 @@ static void loongarch_extioi_common_realize(DeviceState 
*dev, Error **errp)
 }
 }
 
+static int loongarch_extioi_common_pre_save(void *opaque)
+{
+LoongArchExtIOICommonState *s = (LoongArchExtIOICommonState *)opaque;
+LoongArchExtIOICommonClass *lecc = LOONGARCH_EXTIOI_COMMON_GET_CLASS(s);
+
+if (lecc->pre_save) {
+return lecc->pre_save(s);
+}
+
+return 0;
+}
+
 static int loongarch_extioi_common_post_load(void *opaque, int version_id)
 {
 LoongArchExtIOICommonState *s = (LoongArchExtIOICommonState *)opaque;
@@ -46,6 +58,7 @@ static const VMStateDescription vmstate_loongarch_extioi = {
 .name = "loongarch.extioi",
 .version_id = 3,
 .minimum_version_id = 3,
+.pre_save  = loongarch_extioi_common_pre_save,
 .post_load = loongarch_extioi_common_post_load,
 .fields = (const VMStateField[]) {
 VMSTATE_UINT32_ARRAY(bounce, LoongArchExtIOICommonState,
diff --git a/include/hw/intc/loongarch_extioi_common.h 
b/include/hw/intc/loongarch_extioi_common.h
index 91947c81db..c926efaca3 100644
--- a/include/hw/intc/loongarch_extioi_common.h
+++ b/include/hw/intc/loongarch_extioi_common.h
@@ -93,6 +93,7 @@ struct LoongArchExtIOICommonClass {
 
 DeviceRealize parent_realize;
 DeviceUnrealize parent_unrealize;
+int (*pre_save)(void *s);
 int (*post_load)(void *s, int version_id);
 };
 #endif /* LOONGARCH_EXTIOI_H */
-- 
2.39.3

[PATCH 03/10] include: Rename LoongArchExtIOI with LoongArchExtIOICommonState

[Bibo Mao]

Rename structure LoongArchExtIOI with LoongArchExtIOICommonState,
since it is defined in file loongarch_extioi_common.h

Signed-off-by: Bibo Mao 
---
 include/hw/intc/loongarch_extioi.h| 1 +
 include/hw/intc/loongarch_extioi_common.h | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/hw/intc/loongarch_extioi.h 
b/include/hw/intc/loongarch_extioi.h
index 64924f5a0a..d6747046b4 100644
--- a/include/hw/intc/loongarch_extioi.h
+++ b/include/hw/intc/loongarch_extioi.h
@@ -10,6 +10,7 @@
 
 #include "hw/intc/loongarch_extioi_common.h"
 
+#define LoongArchExtIOI LoongArchExtIOICommonState
 #define TYPE_LOONGARCH_EXTIOI "loongarch.extioi"
 OBJECT_DECLARE_SIMPLE_TYPE(LoongArchExtIOI, LOONGARCH_EXTIOI)
 #endif /* LOONGARCH_EXTIOI_H */
diff --git a/include/hw/intc/loongarch_extioi_common.h 
b/include/hw/intc/loongarch_extioi_common.h
index 1eb8780549..51243b8092 100644
--- a/include/hw/intc/loongarch_extioi_common.h
+++ b/include/hw/intc/loongarch_extioi_common.h
@@ -62,7 +62,7 @@ typedef struct ExtIOICore {
 qemu_irq parent_irq[LS3A_INTC_IP];
 } ExtIOICore;
 
-struct LoongArchExtIOI {
+struct LoongArchExtIOICommonState {
 SysBusDevice parent_obj;
 uint32_t num_cpu;
 uint32_t features;
-- 
2.39.3

[PATCH 06/10] hw/intc/loongarch_extioi: Add unrealize interface

[Bibo Mao]

For loongarch extioi emulation driver, add unrealize interface and
remove instance_finalize interface and move the code to unrealize
interface.

Signed-off-by: Bibo Mao 
---
 hw/intc/loongarch_extioi.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/intc/loongarch_extioi.c b/hw/intc/loongarch_extioi.c
index 8ac246c2e6..f17ff39254 100644
--- a/hw/intc/loongarch_extioi.c
+++ b/hw/intc/loongarch_extioi.c
@@ -378,9 +378,9 @@ static void loongarch_extioi_realize(DeviceState *dev, 
Error **errp)
 }
 }
 
-static void loongarch_extioi_finalize(Object *obj)
+static void loongarch_extioi_unrealize(DeviceState *dev)
 {
-LoongArchExtIOI *s = LOONGARCH_EXTIOI(obj);
+LoongArchExtIOICommonState *s = LOONGARCH_EXTIOI(dev);
 
 g_free(s->cpu);
 }
@@ -462,6 +462,7 @@ static void loongarch_extioi_class_init(ObjectClass *klass, 
void *data)
 DeviceClass *dc = DEVICE_CLASS(klass);
 
 dc->realize = loongarch_extioi_realize;
+dc->unrealize = loongarch_extioi_unrealize;
 device_class_set_legacy_reset(dc, loongarch_extioi_reset);
 device_class_set_props(dc, extioi_properties);
 dc->vmsd = &vmstate_loongarch_extioi;
@@ -472,7 +473,6 @@ static const TypeInfo loongarch_extioi_info = {
 .parent= TYPE_SYS_BUS_DEVICE,
 .instance_size = sizeof(struct LoongArchExtIOI),
 .class_init= loongarch_extioi_class_init,
-.instance_finalize = loongarch_extioi_finalize,
 };
 
 static void loongarch_extioi_register_types(void)
-- 
2.39.3

[PATCH 04/10] hw/intc/loongarch_extioi: Rename LoongArchExtIOI with LoongArchExtIOICommonState

[Bibo Mao]

With some structure such as vmstate and property, rename LoongArchExtIOI
with LoongArchExtIOICommonState, these common structure will be moved
to common file.

Signed-off-by: Bibo Mao 
---
 hw/intc/loongarch_extioi.c | 41 +++---
 1 file changed, 25 insertions(+), 16 deletions(-)

diff --git a/hw/intc/loongarch_extioi.c b/hw/intc/loongarch_extioi.c
index 02dc4e6db3..409d4a85da 100644
--- a/hw/intc/loongarch_extioi.c
+++ b/hw/intc/loongarch_extioi.c
@@ -396,6 +396,11 @@ static int vmstate_extioi_post_load(void *opaque, int 
version_id)
 return 0;
 }
 
+static int loongarch_extioi_common_post_load(void *opaque, int version_id)
+{
+return vmstate_extioi_post_load(opaque, version_id);
+}
+
 static const VMStateDescription vmstate_extioi_core = {
 .name = "extioi-core",
 .version_id = 1,
@@ -407,31 +412,35 @@ static const VMStateDescription vmstate_extioi_core = {
 };
 
 static const VMStateDescription vmstate_loongarch_extioi = {
-.name = TYPE_LOONGARCH_EXTIOI,
+.name = "loongarch.extioi",
 .version_id = 3,
 .minimum_version_id = 3,
-.post_load = vmstate_extioi_post_load,
+.post_load = loongarch_extioi_common_post_load,
 .fields = (const VMStateField[]) {
-VMSTATE_UINT32_ARRAY(bounce, LoongArchExtIOI, EXTIOI_IRQS_GROUP_COUNT),
-VMSTATE_UINT32_ARRAY(nodetype, LoongArchExtIOI,
+VMSTATE_UINT32_ARRAY(bounce, LoongArchExtIOICommonState,
+ EXTIOI_IRQS_GROUP_COUNT),
+VMSTATE_UINT32_ARRAY(nodetype, LoongArchExtIOICommonState,
  EXTIOI_IRQS_NODETYPE_COUNT / 2),
-VMSTATE_UINT32_ARRAY(enable, LoongArchExtIOI, EXTIOI_IRQS / 32),
-VMSTATE_UINT32_ARRAY(isr, LoongArchExtIOI, EXTIOI_IRQS / 32),
-VMSTATE_UINT32_ARRAY(ipmap, LoongArchExtIOI, EXTIOI_IRQS_IPMAP_SIZE / 
4),
-VMSTATE_UINT32_ARRAY(coremap, LoongArchExtIOI, EXTIOI_IRQS / 4),
-
-VMSTATE_STRUCT_VARRAY_POINTER_UINT32(cpu, LoongArchExtIOI, num_cpu,
- vmstate_extioi_core, ExtIOICore),
-VMSTATE_UINT32(features, LoongArchExtIOI),
-VMSTATE_UINT32(status, LoongArchExtIOI),
+VMSTATE_UINT32_ARRAY(enable, LoongArchExtIOICommonState,
+ EXTIOI_IRQS / 32),
+VMSTATE_UINT32_ARRAY(isr, LoongArchExtIOICommonState,
+ EXTIOI_IRQS / 32),
+VMSTATE_UINT32_ARRAY(ipmap, LoongArchExtIOICommonState,
+ EXTIOI_IRQS_IPMAP_SIZE / 4),
+VMSTATE_UINT32_ARRAY(coremap, LoongArchExtIOICommonState,
+ EXTIOI_IRQS / 4),
+VMSTATE_STRUCT_VARRAY_POINTER_UINT32(cpu, LoongArchExtIOICommonState,
+ num_cpu, vmstate_extioi_core, ExtIOICore),
+VMSTATE_UINT32(features, LoongArchExtIOICommonState),
+VMSTATE_UINT32(status, LoongArchExtIOICommonState),
 VMSTATE_END_OF_LIST()
 }
 };
 
 static Property extioi_properties[] = {
-DEFINE_PROP_UINT32("num-cpu", LoongArchExtIOI, num_cpu, 1),
-DEFINE_PROP_BIT("has-virtualization-extension", LoongArchExtIOI, features,
-EXTIOI_HAS_VIRT_EXTENSION, 0),
+DEFINE_PROP_UINT32("num-cpu", LoongArchExtIOICommonState, num_cpu, 1),
+DEFINE_PROP_BIT("has-virtualization-extension", LoongArchExtIOICommonState,
+features, EXTIOI_HAS_VIRT_EXTENSION, 0),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
2.39.3

[PATCH 00/10] hw/intc/loongarch_extioi: Split into extioi common and extioi

[Bibo Mao]

In order to support irqchip_in_kenrel method, split loongarch extioi
emulation driver into two parts, extioi common and extioi TCG driver.
LoongArch extioi common driver includes vmstate and property interface,
also vmstate load and store interface is defined in extioi common driver.

In future LoongArch extioi kvm driver can inherit from extioi common
driver.

Bibo Mao (10):
  include: Add loongarch_extioi_common header file
  include: Move struct LoongArchExtIOI to header file
loongarch_extioi_common
  include: Rename LoongArchExtIOI with LoongArchExtIOICommonState
  hw/intc/loongarch_extioi: Rename LoongArchExtIOI with
LoongArchExtIOICommonState
  hw/intc/loongarch_extioi: Add common realize interface
  hw/intc/loongarch_extioi: Add unrealize interface
  hw/intc/loongarch_extioi: Add common file loongarch_extioi_common
  hw/intc/loongarch_extioi: Inherit from loongarch_extioi_common
  hw/intc/loongarch_extioi: Add pre_save interface
  hw/intc/loongarch_extioi: Code cleanup about loongarch_extioi

 hw/intc/loongarch_extioi.c| 110 +++--
 hw/intc/loongarch_extioi_common.c | 113 ++
 hw/intc/meson.build   |   2 +-
 include/hw/intc/loongarch_extioi.h|  84 +++-
 include/hw/intc/loongarch_extioi_common.h |  99 +++
 5 files changed, 259 insertions(+), 149 deletions(-)
 create mode 100644 hw/intc/loongarch_extioi_common.c
 create mode 100644 include/hw/intc/loongarch_extioi_common.h


base-commit: 01dc65a3bc262ab1bec8fe89775e9bbfa627becb
-- 
2.39.3

[PATCH 10/10] hw/intc/loongarch_extioi: Code cleanup about loongarch_extioi

[Bibo Mao]

Remove definition about LoongArchExtIOI and LOONGARCH_EXTIOI, and
replace them with LoongArchExtIOICommonState and macro
LOONGARCH_EXTIOI_COMMON separately. Also remove unnecessary header
files.

Signed-off-by: Bibo Mao 
---
 hw/intc/loongarch_extioi.c | 31 ++
 include/hw/intc/loongarch_extioi.h |  2 --
 2 files changed, 14 insertions(+), 19 deletions(-)

diff --git a/hw/intc/loongarch_extioi.c b/hw/intc/loongarch_extioi.c
index adaf9dc2c5..e4b05d4363 100644
--- a/hw/intc/loongarch_extioi.c
+++ b/hw/intc/loongarch_extioi.c
@@ -10,16 +10,13 @@
 #include "qemu/log.h"
 #include "qapi/error.h"
 #include "hw/irq.h"
-#include "hw/sysbus.h"
 #include "hw/loongarch/virt.h"
-#include "hw/qdev-properties.h"
 #include "exec/address-spaces.h"
 #include "hw/intc/loongarch_extioi.h"
-#include "migration/vmstate.h"
 #include "trace.h"
 
 
-static void extioi_update_irq(LoongArchExtIOI *s, int irq, int level)
+static void extioi_update_irq(LoongArchExtIOICommonState *s, int irq, int 
level)
 {
 int ipnum, cpu, found, irq_index, irq_mask;
 
@@ -54,7 +51,7 @@ static void extioi_update_irq(LoongArchExtIOI *s, int irq, 
int level)
 
 static void extioi_setirq(void *opaque, int irq, int level)
 {
-LoongArchExtIOI *s = LOONGARCH_EXTIOI(opaque);
+LoongArchExtIOICommonState *s = LOONGARCH_EXTIOI_COMMON(opaque);
 trace_loongarch_extioi_setirq(irq, level);
 if (level) {
 /*
@@ -72,7 +69,7 @@ static void extioi_setirq(void *opaque, int irq, int level)
 static MemTxResult extioi_readw(void *opaque, hwaddr addr, uint64_t *data,
 unsigned size, MemTxAttrs attrs)
 {
-LoongArchExtIOI *s = LOONGARCH_EXTIOI(opaque);
+LoongArchExtIOICommonState *s = LOONGARCH_EXTIOI_COMMON(opaque);
 unsigned long offset = addr & 0x;
 uint32_t index, cpu;
 
@@ -111,7 +108,7 @@ static MemTxResult extioi_readw(void *opaque, hwaddr addr, 
uint64_t *data,
 return MEMTX_OK;
 }
 
-static inline void extioi_enable_irq(LoongArchExtIOI *s, int index,\
+static inline void extioi_enable_irq(LoongArchExtIOICommonState *s, int index,\
  uint32_t mask, int level)
 {
 uint32_t val;
@@ -130,8 +127,8 @@ static inline void extioi_enable_irq(LoongArchExtIOI *s, 
int index,\
 }
 }
 
-static inline void extioi_update_sw_coremap(LoongArchExtIOI *s, int irq,
-uint64_t val, bool notify)
+static inline void extioi_update_sw_coremap(LoongArchExtIOICommonState *s,
+int irq, uint64_t val, bool notify)
 {
 int i, cpu;
 
@@ -167,8 +164,8 @@ static inline void extioi_update_sw_coremap(LoongArchExtIOI 
*s, int irq,
 }
 }
 
-static inline void extioi_update_sw_ipmap(LoongArchExtIOI *s, int index,
-  uint64_t val)
+static inline void extioi_update_sw_ipmap(LoongArchExtIOICommonState *s,
+  int index, uint64_t val)
 {
 int i;
 uint8_t ipnum;
@@ -191,7 +188,7 @@ static MemTxResult extioi_writew(void *opaque, hwaddr addr,
   uint64_t val, unsigned size,
   MemTxAttrs attrs)
 {
-LoongArchExtIOI *s = LOONGARCH_EXTIOI(opaque);
+LoongArchExtIOICommonState *s = LOONGARCH_EXTIOI_COMMON(opaque);
 int cpu, index, old_data, irq;
 uint32_t offset;
 
@@ -271,7 +268,7 @@ static const MemoryRegionOps extioi_ops = {
 static MemTxResult extioi_virt_readw(void *opaque, hwaddr addr, uint64_t *data,
  unsigned size, MemTxAttrs attrs)
 {
-LoongArchExtIOI *s = LOONGARCH_EXTIOI(opaque);
+LoongArchExtIOICommonState *s = LOONGARCH_EXTIOI_COMMON(opaque);
 
 switch (addr) {
 case EXTIOI_VIRT_FEATURES:
@@ -291,7 +288,7 @@ static MemTxResult extioi_virt_writew(void *opaque, hwaddr 
addr,
   uint64_t val, unsigned size,
   MemTxAttrs attrs)
 {
-LoongArchExtIOI *s = LOONGARCH_EXTIOI(opaque);
+LoongArchExtIOICommonState *s = LOONGARCH_EXTIOI_COMMON(opaque);
 
 switch (addr) {
 case EXTIOI_VIRT_FEATURES:
@@ -370,21 +367,21 @@ static void loongarch_extioi_realize(DeviceState *dev, 
Error **errp)
 
 static void loongarch_extioi_unrealize(DeviceState *dev)
 {
-LoongArchExtIOICommonState *s = LOONGARCH_EXTIOI(dev);
+LoongArchExtIOICommonState *s = LOONGARCH_EXTIOI_COMMON(dev);
 
 g_free(s->cpu);
 }
 
 static void loongarch_extioi_reset(DeviceState *d)
 {
-LoongArchExtIOI *s = LOONGARCH_EXTIOI(d);
+LoongArchExtIOICommonState *s = LOONGARCH_EXTIOI_COMMON(d);
 
 s->status = 0;
 }
 
 static int vmstate_extioi_post_load(void *opaque, int version_id)
 {
-LoongArchExtIOI *s = LOONGARCH_EXTIOI(opaque);
+LoongArchExtIOICommonState *s = LOONGARCH_EXTIOI_COMMON(opaque);
 int i, start_irq;
 
 for (i = 0; i < (EXTIOI_IRQS / 4); i++) {
diff --git a/include/hw/intc/loongarch_extioi.h 
b

[PATCH 07/10] hw/intc/loongarch_extioi: Add common file loongarch_extioi_common

[Bibo Mao]

Add new common file loongarch_extioi_common.c, and move vmstate
and property structure to common file.

Signed-off-by: Bibo Mao 
---
 hw/intc/loongarch_extioi.c| 60 +
 hw/intc/loongarch_extioi_common.c | 63 +++
 2 files changed, 65 insertions(+), 58 deletions(-)
 create mode 100644 hw/intc/loongarch_extioi_common.c

diff --git a/hw/intc/loongarch_extioi.c b/hw/intc/loongarch_extioi.c
index f17ff39254..a6f489b885 100644
--- a/hw/intc/loongarch_extioi.c
+++ b/hw/intc/loongarch_extioi.c
@@ -323,16 +323,8 @@ static const MemoryRegionOps extioi_virt_ops = {
 .endianness = DEVICE_LITTLE_ENDIAN,
 };
 
-static void loongarch_extioi_common_realize(DeviceState *dev, Error **errp)
-{
-LoongArchExtIOICommonState *s = (LoongArchExtIOICommonState *)dev;
-SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
-
-if (s->num_cpu == 0) {
-error_setg(errp, "num-cpu must be at least 1");
-return;
-}
-}
+static int vmstate_extioi_post_load(void *opaque, int version_id);
+#include "loongarch_extioi_common.c"
 
 static void loongarch_extioi_realize(DeviceState *dev, Error **errp)
 {
@@ -409,54 +401,6 @@ static int vmstate_extioi_post_load(void *opaque, int 
version_id)
 return 0;
 }
 
-static int loongarch_extioi_common_post_load(void *opaque, int version_id)
-{
-return vmstate_extioi_post_load(opaque, version_id);
-}
-
-static const VMStateDescription vmstate_extioi_core = {
-.name = "extioi-core",
-.version_id = 1,
-.minimum_version_id = 1,
-.fields = (const VMStateField[]) {
-VMSTATE_UINT32_ARRAY(coreisr, ExtIOICore, EXTIOI_IRQS_GROUP_COUNT),
-VMSTATE_END_OF_LIST()
-}
-};
-
-static const VMStateDescription vmstate_loongarch_extioi = {
-.name = "loongarch.extioi",
-.version_id = 3,
-.minimum_version_id = 3,
-.post_load = loongarch_extioi_common_post_load,
-.fields = (const VMStateField[]) {
-VMSTATE_UINT32_ARRAY(bounce, LoongArchExtIOICommonState,
- EXTIOI_IRQS_GROUP_COUNT),
-VMSTATE_UINT32_ARRAY(nodetype, LoongArchExtIOICommonState,
- EXTIOI_IRQS_NODETYPE_COUNT / 2),
-VMSTATE_UINT32_ARRAY(enable, LoongArchExtIOICommonState,
- EXTIOI_IRQS / 32),
-VMSTATE_UINT32_ARRAY(isr, LoongArchExtIOICommonState,
- EXTIOI_IRQS / 32),
-VMSTATE_UINT32_ARRAY(ipmap, LoongArchExtIOICommonState,
- EXTIOI_IRQS_IPMAP_SIZE / 4),
-VMSTATE_UINT32_ARRAY(coremap, LoongArchExtIOICommonState,
- EXTIOI_IRQS / 4),
-VMSTATE_STRUCT_VARRAY_POINTER_UINT32(cpu, LoongArchExtIOICommonState,
- num_cpu, vmstate_extioi_core, ExtIOICore),
-VMSTATE_UINT32(features, LoongArchExtIOICommonState),
-VMSTATE_UINT32(status, LoongArchExtIOICommonState),
-VMSTATE_END_OF_LIST()
-}
-};
-
-static Property extioi_properties[] = {
-DEFINE_PROP_UINT32("num-cpu", LoongArchExtIOICommonState, num_cpu, 1),
-DEFINE_PROP_BIT("has-virtualization-extension", LoongArchExtIOICommonState,
-features, EXTIOI_HAS_VIRT_EXTENSION, 0),
-DEFINE_PROP_END_OF_LIST(),
-};
-
 static void loongarch_extioi_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
diff --git a/hw/intc/loongarch_extioi_common.c 
b/hw/intc/loongarch_extioi_common.c
new file mode 100644
index 00..13f02fc5ab
--- /dev/null
+++ b/hw/intc/loongarch_extioi_common.c
@@ -0,0 +1,63 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * Loongson extioi interrupt controller emulation
+ * Copyright (C) 2024 Loongson Technology Corporation Limited
+ */
+
+static void loongarch_extioi_common_realize(DeviceState *dev, Error **errp)
+{
+LoongArchExtIOICommonState *s = (LoongArchExtIOICommonState *)dev;
+
+if (s->num_cpu == 0) {
+error_setg(errp, "num-cpu must be at least 1");
+return;
+}
+}
+
+static int loongarch_extioi_common_post_load(void *opaque, int version_id)
+{
+return vmstate_extioi_post_load(opaque, version_id);
+}
+
+static const VMStateDescription vmstate_extioi_core = {
+.name = "extioi-core",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (const VMStateField[]) {
+VMSTATE_UINT32_ARRAY(coreisr, ExtIOICore, EXTIOI_IRQS_GROUP_COUNT),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static const VMStateDescription vmstate_loongarch_extioi = {
+.name = "loongarch.extioi",
+.version_id = 3,
+.minimum_version_id = 3,
+.post_load = loongarch_extioi_common_post_load,
+.fields = (const VMStateField[]) {
+VMSTATE_UINT32_ARRAY(bounce, LoongArchExtIOICommonState,
+ EXTIOI_IRQS_GROUP_COUNT),
+VMSTATE_UINT32_ARRAY(nodetype, LoongArchExtIOICommonState,
+ EXTIOI_IRQS_NODETYPE_COUNT / 2),
+VM

[PATCH 02/10] include: Move struct LoongArchExtIOI to header file loongarch_extioi_common

[Bibo Mao]

Move definiton of structure LoongArchExtIOI from header file loongarch_extioi.h
to file loongarch_extioi_common.h.

Signed-off-by: Bibo Mao 
---
 include/hw/intc/loongarch_extioi.h| 26 --
 include/hw/intc/loongarch_extioi_common.h | 27 +++
 2 files changed, 27 insertions(+), 26 deletions(-)

diff --git a/include/hw/intc/loongarch_extioi.h 
b/include/hw/intc/loongarch_extioi.h
index b1f87cd246..64924f5a0a 100644
--- a/include/hw/intc/loongarch_extioi.h
+++ b/include/hw/intc/loongarch_extioi.h
@@ -10,32 +10,6 @@
 
 #include "hw/intc/loongarch_extioi_common.h"
 
-typedef struct ExtIOICore {
-uint32_t coreisr[EXTIOI_IRQS_GROUP_COUNT];
-DECLARE_BITMAP(sw_isr[LS3A_INTC_IP], EXTIOI_IRQS);
-qemu_irq parent_irq[LS3A_INTC_IP];
-} ExtIOICore;
-
 #define TYPE_LOONGARCH_EXTIOI "loongarch.extioi"
 OBJECT_DECLARE_SIMPLE_TYPE(LoongArchExtIOI, LOONGARCH_EXTIOI)
-struct LoongArchExtIOI {
-SysBusDevice parent_obj;
-uint32_t num_cpu;
-uint32_t features;
-uint32_t status;
-/* hardware state */
-uint32_t nodetype[EXTIOI_IRQS_NODETYPE_COUNT / 2];
-uint32_t bounce[EXTIOI_IRQS_GROUP_COUNT];
-uint32_t isr[EXTIOI_IRQS / 32];
-uint32_t enable[EXTIOI_IRQS / 32];
-uint32_t ipmap[EXTIOI_IRQS_IPMAP_SIZE / 4];
-uint32_t coremap[EXTIOI_IRQS / 4];
-uint32_t sw_pending[EXTIOI_IRQS / 32];
-uint8_t  sw_ipmap[EXTIOI_IRQS_IPMAP_SIZE];
-uint8_t  sw_coremap[EXTIOI_IRQS];
-qemu_irq irq[EXTIOI_IRQS];
-ExtIOICore *cpu;
-MemoryRegion extioi_system_mem;
-MemoryRegion virt_extend;
-};
 #endif /* LOONGARCH_EXTIOI_H */
diff --git a/include/hw/intc/loongarch_extioi_common.h 
b/include/hw/intc/loongarch_extioi_common.h
index 09e2b760f3..1eb8780549 100644
--- a/include/hw/intc/loongarch_extioi_common.h
+++ b/include/hw/intc/loongarch_extioi_common.h
@@ -55,4 +55,31 @@
 #define  EXTIOI_ENABLE_CPU_ENCODE(3)
 #define EXTIOI_VIRT_COREMAP_START(0x40)
 #define EXTIOI_VIRT_COREMAP_END  (0x240)
+
+typedef struct ExtIOICore {
+uint32_t coreisr[EXTIOI_IRQS_GROUP_COUNT];
+DECLARE_BITMAP(sw_isr[LS3A_INTC_IP], EXTIOI_IRQS);
+qemu_irq parent_irq[LS3A_INTC_IP];
+} ExtIOICore;
+
+struct LoongArchExtIOI {
+SysBusDevice parent_obj;
+uint32_t num_cpu;
+uint32_t features;
+uint32_t status;
+/* hardware state */
+uint32_t nodetype[EXTIOI_IRQS_NODETYPE_COUNT / 2];
+uint32_t bounce[EXTIOI_IRQS_GROUP_COUNT];
+uint32_t isr[EXTIOI_IRQS / 32];
+uint32_t enable[EXTIOI_IRQS / 32];
+uint32_t ipmap[EXTIOI_IRQS_IPMAP_SIZE / 4];
+uint32_t coremap[EXTIOI_IRQS / 4];
+uint32_t sw_pending[EXTIOI_IRQS / 32];
+uint8_t  sw_ipmap[EXTIOI_IRQS_IPMAP_SIZE];
+uint8_t  sw_coremap[EXTIOI_IRQS];
+qemu_irq irq[EXTIOI_IRQS];
+ExtIOICore *cpu;
+MemoryRegion extioi_system_mem;
+MemoryRegion virt_extend;
+};
 #endif /* LOONGARCH_EXTIOI_H */
-- 
2.39.3

Re: [PATCH v3 0/5] license: Fix typos and update SPDX tags

[Michael Tokarev]

On 11.09.2024 18:12, Philippe Mathieu-Daudé wrote:

Series fully reviewed (thanks Thomas & Richard)

Since v2:
. Updated few missed "2 | 3+" expressions

Since v1:
. Updated regex to cover all GPL-2.0* cases.

- Fix a pair of typos
- Upgrade the deprecated GPL-2.0+/LGPL-2.0+ SPDX tags
   to GPL-2.0-only / GPL-2.0-or-later / LGPL-2.0-or-later.

Philippe Mathieu-Daudé (5):
   tests/functional: Correct typo in test_netdev_ethtool.py SPDX tag
   license: Simplify GPL-2.0-or-later license descriptions
   license: Update deprecated SPDX tag LGPL-2.0+ to LGPL-2.0-or-later
   license: Update deprecated SPDX tag GPL-2.0+ to GPL-2.0-or-later
   license: Update deprecated SPDX tag GPL-2.0 to GPL-2.0-only


Picked up for the trivial-patches tree, minus the cris hunk in 3/5.

Thanks,

/mjt

[PULL 16/22] target/hexagon: Rename macros.inc -> macros.h.inc

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Since commits 139c1837db ("meson: rename included C source files
to .c.inc") and 0979ed017f ("meson: rename .inc.h files to .h.inc"),
EMU standard procedure for included header files is to use *.h.inc.

Besides, since commit 6a0057aa22 ("docs/devel: make a statement
about includes") this is documented in the Coding Style:

  If you do use template header files they should be named with
  the ``.c.inc`` or ``.h.inc`` suffix to make it clear they are
  being included for expansion.

Therefore rename "macros.inc" as "macros.h.inc".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Brian Cain 
Reviewed-by: Anton Johansson 
Reviewed-by: Richard Henderson 
Signed-off-by: Michael Tokarev 
---
 target/hexagon/gen_idef_parser_funcs.py | 2 +-
 target/hexagon/idef-parser/README.rst   | 4 ++--
 target/hexagon/idef-parser/{macros.inc => macros.h.inc} | 0
 target/hexagon/meson.build  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)
 rename target/hexagon/idef-parser/{macros.inc => macros.h.inc} (100%)

diff --git a/target/hexagon/gen_idef_parser_funcs.py 
b/target/hexagon/gen_idef_parser_funcs.py
index eb494abba8..72f11c68ca 100644
--- a/target/hexagon/gen_idef_parser_funcs.py
+++ b/target/hexagon/gen_idef_parser_funcs.py
@@ -50,7 +50,7 @@ def main():
 tagimms = hex_common.get_tagimms()
 
 with open(sys.argv[-1], "w") as f:
-f.write('#include "macros.inc"\n\n')
+f.write('#include "macros.h.inc"\n\n')
 
 for tag in hex_common.tags:
 ## Skip the priv instructions
diff --git a/target/hexagon/idef-parser/README.rst 
b/target/hexagon/idef-parser/README.rst
index d0aa34309b..7199177ee3 100644
--- a/target/hexagon/idef-parser/README.rst
+++ b/target/hexagon/idef-parser/README.rst
@@ -138,7 +138,7 @@ we obtain the pseudo code
 with macros such as ``fJUMPR`` intact.
 
 The second step is to expand macros into a form suitable for our parser.
-These macros are defined in ``idef-parser/macros.inc`` and the step is
+These macros are defined in ``idef-parser/macros.h.inc`` and the step is
 carried out by the ``prepare`` script which runs the C preprocessor on
 ``idef_parser_input.h.inc`` to produce
 ``idef_parser_input.preprocessed.h.inc``.
@@ -266,7 +266,7 @@ in plain C is defined as
 #define fABS(A) (((A) < 0) ? (-(A)) : (A))
 
 and returns the absolute value of the argument ``A``. This macro is not 
included
-in ``idef-parser/macros.inc`` and as such is not expanded and kept as a "call"
+in ``idef-parser/macros.h.inc`` and as such is not expanded and kept as a 
"call"
 ``fABS(...)``. Reason being, that ``fABS`` is easier to match and map to
 ``tcg_gen_abs_``, compared to the full ternary expression above. Loads 
of
 macros in ``macros.h`` are kept unexpanded to aid in parsing, as seen in the
diff --git a/target/hexagon/idef-parser/macros.inc 
b/target/hexagon/idef-parser/macros.h.inc
similarity index 100%
rename from target/hexagon/idef-parser/macros.inc
rename to target/hexagon/idef-parser/macros.h.inc
diff --git a/target/hexagon/meson.build b/target/hexagon/meson.build
index 9ea1f4fc59..f1723778a6 100644
--- a/target/hexagon/meson.build
+++ b/target/hexagon/meson.build
@@ -284,7 +284,7 @@ if idef_parser_enabled and 'hexagon-linux-user' in 
target_dirs
 'idef_parser_input.preprocessed.h.inc',
 output: 'idef_parser_input.preprocessed.h.inc',
 input: idef_parser_input_generated,
-depend_files: [idef_parser_dir / 'macros.inc'],
+depend_files: [idef_parser_dir / 'macros.h.inc'],
 command: [idef_parser_dir / 'prepare', '@INPUT@', '-I' + 
idef_parser_dir, '-o', '@OUTPUT@'],
 )
 
-- 
2.39.5

Re: [PATCH] target/arm: Correct ID_AA64ISAR1_EL1 value for neoverse-v1

[Michael Tokarev]

On 20.09.2024 11:10, Marcin Juszkiewicz wrote:

W dniu 17.09.2024 o 18:13, Peter Maydell pisze:

The Neoverse-V1 TRM is a bit confused about the layout of the
ID_AA64ISAR1_EL1 register, and so its table 3-6 has the wrong value
for this ID register.  Trust instead section 3.2.74's list of which
fields are set.

This means that we stop incorrectly reporting FEAT_XS as present, and
now report the presence of FEAT_BF16.

Cc: qemu-sta...@nongnu.org

...

I think that it would nice to have it backported to stable branches. It 
applies to stable-8.1 and above.


Since it has Cc: qemu-stable@, I already picked it up for 8.2, 9.0 and
9.1.


In master it is 8676007eff04bb4e454bcdf92fab3f855bcc59b3 commit.


Thank you!

/mjt

Re: [PATCH v4 02/12] tcg/riscv: Add basic support for vector

[Markus Armbruster]

Daniel Henrique Barboza  writes:

> Hi Zhiwei,
>
> As Rixchard already pointed out, we must have a "Signed-off-by" tag with the 
> "author" of
> the patch, and it must be the exact spelling. So in this case:
>
> Signed-off-by: Swung0x48 

I'm afraid we need a legal name here, not a nickname.

> More info here:
>
> https://www.qemu.org/docs/master/devel/submitting-a-patch.html

[...]

Re: [PATCH v4 02/12] tcg/riscv: Add basic support for vector

[LIU Zhiwei]

On 2024/9/20 12:01, 0x48 Swung wrote:

Hey everyone! Late to the party. Life happens sometimes ;)
Just discovered this patch and this mail list, and I'd like to provide 
some background story here.
I originally provided my initial implementation in a downstream repo 
last year, namely 
https://github.com/plctlab/plct-qemu/tree/plct-riscv-backend-rvv .
I'm new to contributing to qemu and also take part in the open-source 
community upstreaming process as a whole, so I may make mistakes in my 
following claims, but I see some confusion here:
1. The PLCT branch (which includes my original commits) is 
open-sourced using GPLv2, which follows QEMU's upstream repo. So 
according to the license, my modification should be EXPLICITLY shown 
in the patch, but I haven't seen any.
2. I do consent upstreaming my patch last year, in the form of a patch 
submitted with modifications from T-head, and on behalf of them. And 
it was agreed back in the days that I can be mentioned as one of the 
authors. But it turnsout that there's no "sign-off", "author", 
"co-author" line mentioning me. If I don't speak out in this 
situation, does it imply that this patch is purely LIU Zhiwei's work 
and have nothing to do with me?


I'd like LIU to separate my patch and his modification to two separate 
patches, and explicitly name where are those patches coming from, so 
that this patch can comply to GPLv2 license and can we clarify those 
misunderstandings.


I don't want to take it personally , but I do smell something's wrong 
going on here...


I think there was a misunderstanding. But I will not explain it too much 
here. If you agree, please don't block this work and send the tag as 
Daniel and Markus point out.


Thanks,
Zhiwei



Best Regards,
Swung0x48 (aka. Huang Shiyuan)

Get Outlook for Android 

*From:* Richard Henderson 
*Sent:* Wednesday, September 18, 2024 10:27:16 PM
*To:* LIU Zhiwei ; qemu-devel@nongnu.org 

*Cc:* qemu-ri...@nongnu.org ; 
pal...@dabbelt.com ; alistair.fran...@wdc.com 
; dbarb...@ventanamicro.com 
; liwei1...@gmail.com 
; bmeng...@gmail.com ; 
Swung0x48 ; TANG Tiancheng 


*Subject:* Re: [PATCH v4 02/12] tcg/riscv: Add basic support for vector
On 9/18/24 12:43, LIU Zhiwei wrote:
>
> On 2024/9/18 18:11, Richard Henderson wrote:
>> On 9/18/24 07:17, LIU Zhiwei wrote:
>>>
>>> On 2024/9/12 2:41, Richard Henderson wrote:
 On 9/11/24 06:26, LIU Zhiwei wrote:
> From: Swung0x48
>
> The RISC-V vector instruction set utilizes the LMUL field to group
> multiple registers, enabling variable-length vector registers. This
> implementation uses only the first register number of each group 
while

> reserving the other register numbers within the group.
>
> In TCG, each VEC_IR can have 3 types (TCG_TYPE_V64/128/256), and the
> host runtime needs to adjust LMUL based on the type to use different
> register groups.
>
> This presents challenges for TCG's register allocation. 
Currently, we
> avoid modifying the register allocation part of TCG and only 
expose the

> minimum number of vector registers.
>
> For example, when the host vlen is 64 bits and type is 
TCG_TYPE_V256, with
> LMUL equal to 4, we use 4 vector registers as one register 
group. We can
> use a maximum of 8 register groups, but the V0 register number 
is reserved
> as a mask register, so we can effectively use at most 7 register 
groups.
> Moreover, when type is smaller than TCG_TYPE_V256, only 7 
registers are
> forced to be used. This is because TCG cannot yet dynamically 
constrain

> registers with type; likewise, when the host vlen is 128 bits and
> TCG_TYPE_V256, we can use at most 15 registers.
>
> There is not much pressure on vector register allocation in TCG 
now, so
> using 7 registers is feasible and will not have a major impact 
on code

> generation.
>
> This patch:
> 1. Reserves vector register 0 for use as a mask register.
> 2. When using register groups, reserves the additional registers 
within

>     each group.
>
> Signed-off-by: TANG Tiancheng
> Co-authored-by: TANG Tiancheng

 If there is a co-author, there should be another Signed-off-by.
>>>
>>> This patch has added a tag:
>>>
>>> Signed-off-by: TANG Tiancheng
>>>
>>>
>>> Do you mean we should add the same tag twice?
>>
>> The from line is "Swung0x48 ".
>> If this is an alternate email for TANG Tiancheng,
>
> No, Swung0x48 is another author.

Then we need a proper Signed-off-by line from that author.


r~

Re: [PATCH] hw/ppc: fix decrementer with BookE timers

[Clément Chigot]

Hi Cédric,

On Tue, Aug 27, 2024 at 7:40 PM Cédric Le Goater  wrote:
>
> Hello Clément,
>
> On 7/15/24 10:46, Clément Chigot wrote:
> > The BookE decrementer stops at 0, meaning that it won't decremented
> > towards "negative" values.
> > However, the current logic is inverted: decr is updated solely when
> > the resulting value would be negative.
>
> How did you hit the issue ? which machine ? I didn't see any error
> when booting Linux 6.6.3 on mpc8544ds, e500mc, e5500 and e6500.
>
> > Signed-off-by: Clément Chigot 
> > Fixed: 8e0a5ac87800 ("hw/ppc: Avoid decrementer rounding errors")
>
> LGTM,
>
> Reviewed-by: Cédric Le Goater 

Unless I'm wrong this patch has not been queued yet. Is there any
reason for this ?
I just want to make sure it hasn't been forgotten.

Thanks,
Clément

> We have some automated tests with the ppce500 machine which it would be
> interesting  to extend to have a better coverage of booke.
>
> Thanks,
>
> C.
>
>
>
> > ---
> >   hw/ppc/ppc.c | 4 +++-
> >   1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
> > index e6fa5580c0..9fc85c7de0 100644
> > --- a/hw/ppc/ppc.c
> > +++ b/hw/ppc/ppc.c
> > @@ -729,7 +729,9 @@ static inline int64_t __cpu_ppc_load_decr(CPUPPCState 
> > *env, int64_t now,
> >   int64_t decr;
> >
> >   n = ns_to_tb(tb_env->decr_freq, now);
> > -if (next > n && tb_env->flags & PPC_TIMER_BOOKE) {
> > +
> > +/* BookE timers stop when reaching 0.  */
> > +if (next < n && tb_env->flags & PPC_TIMER_BOOKE) {
> >   decr = 0;
> >   } else {
> >   decr = next - n;
>
>

Re: [PATCH v2 08/17] migration: Add load_finish handler and associated functions

[Maciej S. Szmigiero]

On 19.09.2024 23:11, Peter Xu wrote:

On Thu, Sep 19, 2024 at 09:49:10PM +0200, Maciej S. Szmigiero wrote:

On 9.09.2024 22:03, Peter Xu wrote:

On Tue, Aug 27, 2024 at 07:54:27PM +0200, Maciej S. Szmigiero wrote:

From: "Maciej S. Szmigiero" 

load_finish SaveVMHandler allows migration code to poll whether
a device-specific asynchronous device state loading operation had finished.

In order to avoid calling this handler needlessly the device is supposed
to notify the migration code of its possible readiness via a call to
qemu_loadvm_load_finish_ready_broadcast() while holding
qemu_loadvm_load_finish_ready_lock.

Signed-off-by: Maciej S. Szmigiero 
---
   include/migration/register.h | 21 +++
   migration/migration.c|  6 +
   migration/migration.h|  3 +++
   migration/savevm.c   | 52 
   migration/savevm.h   |  4 +++
   5 files changed, 86 insertions(+)

diff --git a/include/migration/register.h b/include/migration/register.h
index 4a578f140713..44d8cf5192ae 100644
--- a/include/migration/register.h
+++ b/include/migration/register.h
@@ -278,6 +278,27 @@ typedef struct SaveVMHandlers {
   int (*load_state_buffer)(void *opaque, char *data, size_t data_size,
Error **errp);
+/**
+ * @load_finish
+ *
+ * Poll whether all asynchronous device state loading had finished.
+ * Not called on the load failure path.
+ *
+ * Called while holding the qemu_loadvm_load_finish_ready_lock.
+ *
+ * If this method signals "not ready" then it might not be called
+ * again until qemu_loadvm_load_finish_ready_broadcast() is invoked
+ * while holding qemu_loadvm_load_finish_ready_lock.


[1]


+ *
+ * @opaque: data pointer passed to register_savevm_live()
+ * @is_finished: whether the loading had finished (output parameter)
+ * @errp: pointer to Error*, to store an error if it happens.
+ *
+ * Returns zero to indicate success and negative for error
+ * It's not an error that the loading still hasn't finished.
+ */
+int (*load_finish)(void *opaque, bool *is_finished, Error **errp);


The load_finish() semantics is a bit weird, especially above [1] on "only
allowed to be called once if ..." and also on the locks.


The point of this remark is that a driver needs to call
qemu_loadvm_load_finish_ready_broadcast() if it wants for the migration
core to call its load_finish handler again.


It looks to me vfio_load_finish() also does the final load of the device.

I wonder whether that final load can be done in the threads,


Here, the problem is that current VFIO VMState has to be loaded from the main
migration thread as it internally calls QEMU core address space modification
methods which explode if called from another thread(s).


Ahh, I see.  I'm trying to make dest qemu loadvm in a thread too and yield
BQL if possible, when that's ready then in your case here IIUC you can
simply take BQL in whichever thread that loads it.. but yeah it's not ready
at least..


Yeah, long term we might want to work on making these QEMU core address space
modification methods somehow callable from multiple threads but that's
definitely not something for the initial patch set.


Would it be possible vfio_save_complete_precopy_async_thread_config_state()
be done in VFIO's save_live_complete_precopy() through the main channel
somehow?  IOW, does it rely on iterative data to be fetched first from
kernel, or completely separate states? 


The device state data needs to be fully loaded first before "activating"
the device by loading its config state.


And just curious: how large is it
normally (and I suppose this decides whether it's applicable to be sent via
the main channel at all..)?


Config data is *much* smaller than device state data - as far as I remember
it was on order of kilobytes.




then after
everything loaded the device post a semaphore telling the main thread to
continue.  See e.g.:

  if (migrate_switchover_ack()) {
  qemu_loadvm_state_switchover_ack_needed(mis);
  }

IIUC, VFIO can register load_complete_ack similarly so it only sem_post()
when all things are loaded?  We can then get rid of this slightly awkward
interface.  I had a feeling that things can be simplified (e.g., if the
thread will take care of loading the final vmstate then the mutex is also
not needed? etc.).


With just a single call to switchover_ack_needed per VFIO device it would
need to do a blocking wait for the device buffers and config state load
to finish, therefore blocking other VFIO devices from potentially loading
their config state if they are ready to begin this operation earlier.


I am not sure I get you here, loading VFIO device states (I mean, the
non-iterable part) will need to be done sequentially IIUC due to what you
said and should rely on BQL, so I don't know how that could happen
concurrently for now.  But I think indeed BQL is a prob

Re: [PATCH v2 06/17] migration: Add save_live_complete_precopy_{begin,end} handlers

[Maciej S. Szmigiero]

On 19.09.2024 22:54, Peter Xu wrote:

On Thu, Sep 19, 2024 at 09:47:53PM +0200, Maciej S. Szmigiero wrote:

On 9.09.2024 21:08, Peter Xu wrote:

On Mon, Sep 09, 2024 at 08:32:45PM +0200, Maciej S. Szmigiero wrote:

On 9.09.2024 19:59, Peter Xu wrote:

On Thu, Sep 05, 2024 at 04:45:48PM +0300, Avihai Horon wrote:


On 27/08/2024 20:54, Maciej S. Szmigiero wrote:

External email: Use caution opening links or attachments


From: "Maciej S. Szmigiero" 

These SaveVMHandlers help device provide its own asynchronous
transmission of the remaining data at the end of a precopy phase.

In this use case the save_live_complete_precopy_begin handler might
be used to mark the stream boundary before proceeding with asynchronous
transmission of the remaining data while the
save_live_complete_precopy_end handler might be used to mark the
stream boundary after performing the asynchronous transmission.

Signed-off-by: Maciej S. Szmigiero 
---
 include/migration/register.h | 36 
 migration/savevm.c   | 35 +++
 2 files changed, 71 insertions(+)

diff --git a/include/migration/register.h b/include/migration/register.h
index f60e797894e5..9de123252edf 100644
--- a/include/migration/register.h
+++ b/include/migration/register.h
@@ -103,6 +103,42 @@ typedef struct SaveVMHandlers {
  */
 int (*save_live_complete_precopy)(QEMUFile *f, void *opaque);

+/**
+ * @save_live_complete_precopy_begin
+ *
+ * Called at the end of a precopy phase, before all
+ * @save_live_complete_precopy handlers and before launching
+ * all @save_live_complete_precopy_thread threads.
+ * The handler might, for example, mark the stream boundary before
+ * proceeding with asynchronous transmission of the remaining data via
+ * @save_live_complete_precopy_thread.
+ * When postcopy is enabled, devices that support postcopy will skip this 
step.
+ *
+ * @f: QEMUFile where the handler can synchronously send data before 
returning
+ * @idstr: this device section idstr
+ * @instance_id: this device section instance_id
+ * @opaque: data pointer passed to register_savevm_live()
+ *
+ * Returns zero to indicate success and negative for error
+ */
+int (*save_live_complete_precopy_begin)(QEMUFile *f,
+char *idstr, uint32_t instance_id,
+void *opaque);
+/**
+ * @save_live_complete_precopy_end
+ *
+ * Called at the end of a precopy phase, after @save_live_complete_precopy
+ * handlers and after all @save_live_complete_precopy_thread threads have
+ * finished. When postcopy is enabled, devices that support postcopy will
+ * skip this step.
+ *
+ * @f: QEMUFile where the handler can synchronously send data before 
returning
+ * @opaque: data pointer passed to register_savevm_live()
+ *
+ * Returns zero to indicate success and negative for error
+ */
+int (*save_live_complete_precopy_end)(QEMUFile *f, void *opaque);


Is this handler necessary now that migration core is responsible for the
threads and joins them? I don't see VFIO implementing it later on.


Right, I spot the same thing.

This series added three hooks: begin, end, precopy_thread.

What I think is it only needs one, which is precopy_async.  My vague memory
was that was what we used to discuss too, so that when migration precopy
flushes the final round of iterable data, it does:

 (1) loop over all complete_precopy_async() and enqueue the tasks if
 existed into the migration worker pool.  Then,

 (2) loop over all complete_precopy() like before.

Optionally, we can enforce one vmstate handler only provides either
complete_precopy_async() or complete_precopy().  In this case VFIO can
update the two hooks during setup() by detecting multifd && !mapped_ram &&
nocomp.



The "_begin" hook is still necessary to mark the end of the device state
sent via the main migration stream (during the phase VM is still running)
since we can't start loading the multifd sent device state until all of
that earlier data finishes loading first.


Ah I remembered some more now, thanks.

If vfio can send data during iterations this new hook will also not be
needed, right?

I remember you mentioned you'd have a look and see the challenges there, is
there any conclusion yet on whether we can use multifd even during that?


Yeah, I looked at that and it wasn't a straightforward thing to introduce.

I am worried that with all the things that already piled up (including the
new thread pool implementation) we risk missing QEMU 9.2 too if this is
included.


Not explicitly required, but IMHO it'll be nice to provide a paragraph in
the new version when repost explaining the challenges of using it during
iterations.  It'll be not only for me but for whoever may want to extend
your solution to iterations.

Re: [PATCH v2 12/17] migration/multifd: Device state transfer support - send side

[Maciej S. Szmigiero]

On 19.09.2024 23:17, Peter Xu wrote:

On Thu, Sep 19, 2024 at 09:49:43PM +0200, Maciej S. Szmigiero wrote:

On 10.09.2024 21:48, Peter Xu wrote:

On Wed, Aug 28, 2024 at 09:41:17PM -0300, Fabiano Rosas wrote:

+size_t multifd_device_state_payload_size(void)
+{
+return sizeof(MultiFDDeviceState_t);
+}


This will not be necessary because the payload size is the same as the
data type. We only need it for the special case where the MultiFDPages_t
is smaller than the total ram payload size.


Today I was thinking maybe we should really clean this up, as the current
multifd_send_data_alloc() is indeed too tricky (blame me.. who requested
that more or less).  Knowing that VFIO can use dynamic buffers with ->idstr
and ->buf (I was thinking it could be buf[1M].. but I was wrong...) made
that feeling stronger.

I think we should change it now perhaps, otherwise we'll need to introduce
other helpers to e.g. reset the device buffers, and that's not only slow
but also not good looking, IMO.

So I went ahead with the idea in previous discussion, that I managed to
change the SendData union into struct; the memory consumption is not super
important yet, IMHO, but we should still stick with the object model where
multifd enqueue thread switch buffer with multifd, as it still sounds a
sane way to do.

Then when that patch is ready, I further tried to make VFIO reuse multifd
buffers just like what we do with MultiFDPages_t->offset[]: in RAM code we
don't allocate it every time we enqueue.

I hope it'll also work for VFIO.  VFIO has a specialty on being able to
dump the config space so it's more complex (and I noticed Maciej's current
design requires the final chunk of VFIO config data be migrated in one
packet.. that is also part of the complexity there).  So I allowed that
part to allocate a buffer but only that.  IOW, I made some API (see below)
that can either reuse preallocated buffer, or use a separate one only for
the final bulk.

In short, could both of you have a look at what I came up with below?  I
did that in patches because I think it's too much to comment, so patches
may work better.  No concern if any of below could be good changes to you,
then either Maciej can squash whatever into existing patches (and I feel
like some existing patches in this series can go away with below design),
or I can post pre-requisite patch but only if any of you prefer that.

Anyway, let me know, the patches apply on top of this whole series applied
first.

I also wonder whether there can be any perf difference already (I tested
all multifd qtest with below, but no VFIO I can run), perhaps not that
much, but just to mention below should avoid both buffer allocations and
one round of copy (so VFIO read() directly writes to the multifd buffers
now).


I am not against making MultiFDSendData a struct and maybe introducing
some pre-allocated buffer.

But to be honest, that manual memory management with having to remember
to call multifd_device_state_finish() on error paths as in your
proposed patch 3 really invites memory leaks.

Will think about some other way to have a reusable buffer.


Sure.  That's patch 3, and I suppose then it looks like patch 1 is still
OK in one way or another.



In terms of not making idstr copy (your proposed patch 2) I am not
100% sure that avoiding such tiny allocation really justifies the risk
of possible use-after-free of a dangling pointer.


Why there's risk?  Someone strdup() on the stack?  That only goes via VFIO
itself, so I thought it wasn't that complicated.  But yeah as I said this
part (patch 2) is optional.


I mean the risk here is somebody providing idstr that somehow gets free'd
or overwritten before the device state buffer gets sent.

With a static idstr that's obviously not an issue, but I see that, for example,
vmstate_register_with_alias_id() generates idstr dynamically and this API
is used by all qdevs that have a VMSD (in device_set_realized()).


Not 100% against it either if you are confident that it will never happen.

By the way, I guess it makes sense to carry these changes in the main patch
set rather than as a separate changes?


Whatever you prefer.

I wrote those patches only because I thought maybe you'd like to run some
perf test to see whether they would help at all, and when the patches are
there it'll be much easier for you, then you can decide whether it's worth
intergrating already, or leave that for later.

If not I'd say they're even lower priority, so feel free to stick with
whatever easier for you.  I'm ok there.

However it'll be always good we can still have patch 1 as I mentioned
before (as part of your series, if you won't disagree), to make the
SendData interface slightly cleaner and easier to follow.



Will try to include these patches in my patch set if they don't cause any
downtime regressions.

Thanks,
Maciej

[PATCH 6/6] linux-user: update syscall.tbl to Linux v6.11

[Laurent Vivier]

Updated running scripts/update-syscalltbl.sh

Signed-off-by: Laurent Vivier 
---
 linux-user/arm/syscall.tbl   | 1 +
 linux-user/i386/syscall_32.tbl   | 7 ---
 linux-user/x86_64/syscall_64.tbl | 8 +---
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/linux-user/arm/syscall.tbl b/linux-user/arm/syscall.tbl
index 2ed7d229c8f9..23c98203c40f 100644
--- a/linux-user/arm/syscall.tbl
+++ b/linux-user/arm/syscall.tbl
@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
 #
 # Linux system call numbers and entry vectors
 #
diff --git a/linux-user/i386/syscall_32.tbl b/linux-user/i386/syscall_32.tbl
index d6ebcab1d8b2..534c74b14fab 100644
--- a/linux-user/i386/syscall_32.tbl
+++ b/linux-user/i386/syscall_32.tbl
@@ -1,8 +1,9 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
 #
 # 32-bit system call numbers and entry vectors
 #
 # The format is:
-# 
+# [ [noreturn]]
 #
 # The __ia32_sys and __ia32_compat_sys stubs are created on-the-fly for
 # sys_*() system calls and compat_sys_*() compat system calls if
@@ -12,7 +13,7 @@
 # The abi is always "i386" for this file.
 #
 0  i386restart_syscall sys_restart_syscall
-1  i386exitsys_exit
+1  i386exitsys_exit-   
noreturn
 2  i386forksys_fork
 3  i386readsys_read
 4  i386write   sys_write
@@ -263,7 +264,7 @@
 249i386io_cancel   sys_io_cancel
 250i386fadvise64   sys_ia32_fadvise64
 # 251 is available for reuse (was briefly sys_set_zone_reclaim)
-252i386exit_group  sys_exit_group
+252i386exit_group  sys_exit_group  -   
noreturn
 253i386lookup_dcookie
 254i386epoll_createsys_epoll_create
 255i386epoll_ctl   sys_epoll_ctl
diff --git a/linux-user/x86_64/syscall_64.tbl b/linux-user/x86_64/syscall_64.tbl
index a396f6e6ab5b..7093ee21c0d1 100644
--- a/linux-user/x86_64/syscall_64.tbl
+++ b/linux-user/x86_64/syscall_64.tbl
@@ -1,8 +1,9 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
 #
 # 64-bit system call numbers and entry vectors
 #
 # The format is:
-#
+# [ [noreturn]]
 #
 # The __x64_sys_*() stubs are created on-the-fly for sys_*() system calls
 #
@@ -68,7 +69,7 @@
 57 common  forksys_fork
 58 common  vfork   sys_vfork
 59 64  execve  sys_execve
-60 common  exitsys_exit
+60 common  exitsys_exit-   
noreturn
 61 common  wait4   sys_wait4
 62 common  killsys_kill
 63 common  uname   sys_newuname
@@ -239,7 +240,7 @@
 228common  clock_gettime   sys_clock_gettime
 229common  clock_getressys_clock_getres
 230common  clock_nanosleep sys_clock_nanosleep
-231common  exit_group  sys_exit_group
+231common  exit_group  sys_exit_group  -   
noreturn
 232common  epoll_wait  sys_epoll_wait
 233common  epoll_ctl   sys_epoll_ctl
 234common  tgkill  sys_tgkill
@@ -343,6 +344,7 @@
 332common  statx   sys_statx
 333common  io_pgetevents   sys_io_pgetevents
 334common  rseqsys_rseq
+335common  uretprobe   sys_uretprobe
 # don't use numbers 387 through 423, add new calls after the last
 # 'common' entry
 424common  pidfd_send_signal   sys_pidfd_send_signal
-- 
2.46.0

Re: [PATCH v2 06/17] migration: Add save_live_complete_precopy_{begin,end} handlers

[Peter Xu]

On Fri, Sep 20, 2024 at 05:22:54PM +0200, Maciej S. Szmigiero wrote:
> On 19.09.2024 22:54, Peter Xu wrote:
> > On Thu, Sep 19, 2024 at 09:47:53PM +0200, Maciej S. Szmigiero wrote:
> > > On 9.09.2024 21:08, Peter Xu wrote:
> > > > On Mon, Sep 09, 2024 at 08:32:45PM +0200, Maciej S. Szmigiero wrote:
> > > > > On 9.09.2024 19:59, Peter Xu wrote:
> > > > > > On Thu, Sep 05, 2024 at 04:45:48PM +0300, Avihai Horon wrote:
> > > > > > > 
> > > > > > > On 27/08/2024 20:54, Maciej S. Szmigiero wrote:
> > > > > > > > External email: Use caution opening links or attachments
> > > > > > > > 
> > > > > > > > 
> > > > > > > > From: "Maciej S. Szmigiero" 
> > > > > > > > 
> > > > > > > > These SaveVMHandlers help device provide its own asynchronous
> > > > > > > > transmission of the remaining data at the end of a precopy 
> > > > > > > > phase.
> > > > > > > > 
> > > > > > > > In this use case the save_live_complete_precopy_begin handler 
> > > > > > > > might
> > > > > > > > be used to mark the stream boundary before proceeding with 
> > > > > > > > asynchronous
> > > > > > > > transmission of the remaining data while the
> > > > > > > > save_live_complete_precopy_end handler might be used to mark the
> > > > > > > > stream boundary after performing the asynchronous transmission.
> > > > > > > > 
> > > > > > > > Signed-off-by: Maciej S. Szmigiero 
> > > > > > > > ---
> > > > > > > >  include/migration/register.h | 36 
> > > > > > > > 
> > > > > > > >  migration/savevm.c   | 35 
> > > > > > > > +++
> > > > > > > >  2 files changed, 71 insertions(+)
> > > > > > > > 
> > > > > > > > diff --git a/include/migration/register.h 
> > > > > > > > b/include/migration/register.h
> > > > > > > > index f60e797894e5..9de123252edf 100644
> > > > > > > > --- a/include/migration/register.h
> > > > > > > > +++ b/include/migration/register.h
> > > > > > > > @@ -103,6 +103,42 @@ typedef struct SaveVMHandlers {
> > > > > > > >   */
> > > > > > > >  int (*save_live_complete_precopy)(QEMUFile *f, void 
> > > > > > > > *opaque);
> > > > > > > > 
> > > > > > > > +/**
> > > > > > > > + * @save_live_complete_precopy_begin
> > > > > > > > + *
> > > > > > > > + * Called at the end of a precopy phase, before all
> > > > > > > > + * @save_live_complete_precopy handlers and before 
> > > > > > > > launching
> > > > > > > > + * all @save_live_complete_precopy_thread threads.
> > > > > > > > + * The handler might, for example, mark the stream 
> > > > > > > > boundary before
> > > > > > > > + * proceeding with asynchronous transmission of the 
> > > > > > > > remaining data via
> > > > > > > > + * @save_live_complete_precopy_thread.
> > > > > > > > + * When postcopy is enabled, devices that support postcopy 
> > > > > > > > will skip this step.
> > > > > > > > + *
> > > > > > > > + * @f: QEMUFile where the handler can synchronously send 
> > > > > > > > data before returning
> > > > > > > > + * @idstr: this device section idstr
> > > > > > > > + * @instance_id: this device section instance_id
> > > > > > > > + * @opaque: data pointer passed to register_savevm_live()
> > > > > > > > + *
> > > > > > > > + * Returns zero to indicate success and negative for error
> > > > > > > > + */
> > > > > > > > +int (*save_live_complete_precopy_begin)(QEMUFile *f,
> > > > > > > > +char *idstr, 
> > > > > > > > uint32_t instance_id,
> > > > > > > > +void *opaque);
> > > > > > > > +/**
> > > > > > > > + * @save_live_complete_precopy_end
> > > > > > > > + *
> > > > > > > > + * Called at the end of a precopy phase, after 
> > > > > > > > @save_live_complete_precopy
> > > > > > > > + * handlers and after all 
> > > > > > > > @save_live_complete_precopy_thread threads have
> > > > > > > > + * finished. When postcopy is enabled, devices that 
> > > > > > > > support postcopy will
> > > > > > > > + * skip this step.
> > > > > > > > + *
> > > > > > > > + * @f: QEMUFile where the handler can synchronously send 
> > > > > > > > data before returning
> > > > > > > > + * @opaque: data pointer passed to register_savevm_live()
> > > > > > > > + *
> > > > > > > > + * Returns zero to indicate success and negative for error
> > > > > > > > + */
> > > > > > > > +int (*save_live_complete_precopy_end)(QEMUFile *f, void 
> > > > > > > > *opaque);
> > > > > > > 
> > > > > > > Is this handler necessary now that migration core is responsible 
> > > > > > > for the
> > > > > > > threads and joins them? I don't see VFIO implementing it later on.
> > > > > > 
> > > > > > Right, I spot the same thing.
> > > > > > 
> > > > > > This series added three hooks: begin, end, precopy_thread.
> > > > > > 
> > > > > > What I think is it only needs one, which is precopy_async.  My 
> > > 

[PATCH v2] target-i386: Walk NPT in guest real mode

[Alexander Graf]

When translating virtual to physical address with a guest CPU that
supports nested paging (NPT), we need to perform every page table walk
access indirectly through the NPT, which we correctly do.

However, we treat real mode (no page table walk) special: In that case,
we currently just skip any walks and translate VA -> PA. With NPT
enabled, we also need to then perform NPT walk to do GVA -> GPA -> HPA
which we fail to do so far.

The net result of that is that TCG VMs with NPT enabled that execute
real mode code (like SeaBIOS) end up with GPA==HPA mappings which means
the guest accesses host code and data. This typically shows as failure
to boot guests.

This patch changes the page walk logic for NPT enabled guests so that we
always perform a GVA -> GPA translation and then skip any logic that
requires an actual PTE.

That way, all remaining logic to walk the NPT stays and we successfully
walk the NPT in real mode.

Fixes: fe441054bb3f0 ("target-i386: Add NPT support")

Signed-off-by: Alexander Graf 
Reported-by: Eduard Vlad 

---

v1 -> v2:

  - Remove hack where we fake a PTE and instead just set the
corresponding resolved variables and jump straight to the
stage2 code.
---
 target/i386/tcg/sysemu/excp_helper.c | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/target/i386/tcg/sysemu/excp_helper.c 
b/target/i386/tcg/sysemu/excp_helper.c
index 8fb05b1f53..4622d45643 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -298,7 +298,7 @@ static bool mmu_translate(CPUX86State *env, const 
TranslateParams *in,
 /* combine pde and pte nx, user and rw protections */
 ptep &= pte ^ PG_NX_MASK;
 page_size = 4096;
-} else {
+} else if (pg_mode) {
 /*
  * Page table level 2
  */
@@ -343,6 +343,12 @@ static bool mmu_translate(CPUX86State *env, const 
TranslateParams *in,
 ptep &= pte | PG_NX_MASK;
 page_size = 4096;
 rsvd_mask = 0;
+} else {
+/* No paging (real mode), let's assemble a fake 1:1 1GiB PTE */
+page_size = 0x4000;
+paddr = in->addr;
+prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+goto stage2;
 }
 
 do_check_protect:
@@ -420,6 +426,7 @@ do_check_protect_pse36:
 
 /* merge offset within page */
 paddr = (pte & PG_ADDRESS_MASK & ~(page_size - 1)) | (addr & (page_size - 
1));
+stage2:
 
 /*
  * Note that NPT is walked (for both paging structures and final guest
@@ -562,7 +569,7 @@ static bool get_physical_address(CPUX86State *env, vaddr 
addr,
 addr = (uint32_t)addr;
 }
 
-if (likely(env->cr[0] & CR0_PG_MASK)) {
+if (likely(env->cr[0] & CR0_PG_MASK || use_stage2)) {
 in.cr3 = env->cr[3];
 in.mmu_idx = mmu_idx;
 in.ptw_idx = use_stage2 ? MMU_NESTED_IDX : MMU_PHYS_IDX;
-- 
2.40.1




Amazon Web Services Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
Sitz: Berlin
Ust-ID: DE 365 538 597

[PATCH] configs: Fix typo in the sh4-softmmu devices config file

[Thomas Huth]

This is the config file for the little endian target, so there
should not be a "eb" in here.

Signed-off-by: Thomas Huth 
---
 configs/devices/sh4-softmmu/default.mak | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configs/devices/sh4-softmmu/default.mak 
b/configs/devices/sh4-softmmu/default.mak
index aa821e4b60..efb401bfb1 100644
--- a/configs/devices/sh4-softmmu/default.mak
+++ b/configs/devices/sh4-softmmu/default.mak
@@ -1,4 +1,4 @@
-# Default configuration for sh4eb-softmmu
+# Default configuration for sh4-softmmu
 
 # Uncomment the following lines to disable these optional devices:
 #
-- 
2.46.0

Re: [PATCH v2 08/17] migration: Add load_finish handler and associated functions

[Peter Xu]

On Fri, Sep 20, 2024 at 05:23:08PM +0200, Maciej S. Szmigiero wrote:
> On 19.09.2024 23:11, Peter Xu wrote:
> > On Thu, Sep 19, 2024 at 09:49:10PM +0200, Maciej S. Szmigiero wrote:
> > > On 9.09.2024 22:03, Peter Xu wrote:
> > > > On Tue, Aug 27, 2024 at 07:54:27PM +0200, Maciej S. Szmigiero wrote:
> > > > > From: "Maciej S. Szmigiero" 
> > > > > 
> > > > > load_finish SaveVMHandler allows migration code to poll whether
> > > > > a device-specific asynchronous device state loading operation had 
> > > > > finished.
> > > > > 
> > > > > In order to avoid calling this handler needlessly the device is 
> > > > > supposed
> > > > > to notify the migration code of its possible readiness via a call to
> > > > > qemu_loadvm_load_finish_ready_broadcast() while holding
> > > > > qemu_loadvm_load_finish_ready_lock.
> > > > > 
> > > > > Signed-off-by: Maciej S. Szmigiero 
> > > > > ---
> > > > >include/migration/register.h | 21 +++
> > > > >migration/migration.c|  6 +
> > > > >migration/migration.h|  3 +++
> > > > >migration/savevm.c   | 52 
> > > > > 
> > > > >migration/savevm.h   |  4 +++
> > > > >5 files changed, 86 insertions(+)
> > > > > 
> > > > > diff --git a/include/migration/register.h 
> > > > > b/include/migration/register.h
> > > > > index 4a578f140713..44d8cf5192ae 100644
> > > > > --- a/include/migration/register.h
> > > > > +++ b/include/migration/register.h
> > > > > @@ -278,6 +278,27 @@ typedef struct SaveVMHandlers {
> > > > >int (*load_state_buffer)(void *opaque, char *data, size_t 
> > > > > data_size,
> > > > > Error **errp);
> > > > > +/**
> > > > > + * @load_finish
> > > > > + *
> > > > > + * Poll whether all asynchronous device state loading had 
> > > > > finished.
> > > > > + * Not called on the load failure path.
> > > > > + *
> > > > > + * Called while holding the qemu_loadvm_load_finish_ready_lock.
> > > > > + *
> > > > > + * If this method signals "not ready" then it might not be called
> > > > > + * again until qemu_loadvm_load_finish_ready_broadcast() is 
> > > > > invoked
> > > > > + * while holding qemu_loadvm_load_finish_ready_lock.
> > > > 
> > > > [1]
> > > > 
> > > > > + *
> > > > > + * @opaque: data pointer passed to register_savevm_live()
> > > > > + * @is_finished: whether the loading had finished (output 
> > > > > parameter)
> > > > > + * @errp: pointer to Error*, to store an error if it happens.
> > > > > + *
> > > > > + * Returns zero to indicate success and negative for error
> > > > > + * It's not an error that the loading still hasn't finished.
> > > > > + */
> > > > > +int (*load_finish)(void *opaque, bool *is_finished, Error 
> > > > > **errp);
> > > > 
> > > > The load_finish() semantics is a bit weird, especially above [1] on 
> > > > "only
> > > > allowed to be called once if ..." and also on the locks.
> > > 
> > > The point of this remark is that a driver needs to call
> > > qemu_loadvm_load_finish_ready_broadcast() if it wants for the migration
> > > core to call its load_finish handler again.
> > > 
> > > > It looks to me vfio_load_finish() also does the final load of the 
> > > > device.
> > > > 
> > > > I wonder whether that final load can be done in the threads,
> > > 
> > > Here, the problem is that current VFIO VMState has to be loaded from the 
> > > main
> > > migration thread as it internally calls QEMU core address space 
> > > modification
> > > methods which explode if called from another thread(s).
> > 
> > Ahh, I see.  I'm trying to make dest qemu loadvm in a thread too and yield
> > BQL if possible, when that's ready then in your case here IIUC you can
> > simply take BQL in whichever thread that loads it.. but yeah it's not ready
> > at least..
> 
> Yeah, long term we might want to work on making these QEMU core address space
> modification methods somehow callable from multiple threads but that's
> definitely not something for the initial patch set.
> 
> > Would it be possible vfio_save_complete_precopy_async_thread_config_state()
> > be done in VFIO's save_live_complete_precopy() through the main channel
> > somehow?  IOW, does it rely on iterative data to be fetched first from
> > kernel, or completely separate states?
> 
> The device state data needs to be fully loaded first before "activating"
> the device by loading its config state.
> 
> > And just curious: how large is it
> > normally (and I suppose this decides whether it's applicable to be sent via
> > the main channel at all..)?
> 
> Config data is *much* smaller than device state data - as far as I remember
> it was on order of kilobytes.
> 
> > > 
> > > > then after
> > > > everything loaded the device post a semaphore telling the main thread to
> > > > continue.  See e.g.:
> > > > 
> > > >   if (migrate_switchover_ack()) {
> > > >   qemu_loadvm_st

Re: [PATCH 2/2] migration/multifd: Fix rb->receivedmap cleanup race

[Elena Ufimtseva]

On Fri, Sep 13, 2024 at 3:07 PM Fabiano Rosas  wrote:

> Fix a segmentation fault in multifd when rb->receivedmap is cleared
> too early.
>
> After commit 5ef7e26bdb ("migration/multifd: solve zero page causing
> multiple page faults"), multifd started using the rb->receivedmap
> bitmap, which belongs to ram.c and is initialized and *freed* from the
> ram SaveVMHandlers.
>
> Multifd threads are live until migration_incoming_state_destroy(),
> which is called after qemu_loadvm_state_cleanup(), leading to a crash
> when accessing rb->receivedmap.
>
> process_incoming_migration_co()...
>   qemu_loadvm_state()  multifd_nocomp_recv()
> qemu_loadvm_state_cleanup()  ramblock_recv_bitmap_set_offset()
>   rb->receivedmap = NULL   set_bit_atomic(...,
> rb->receivedmap)
>   ...
>   migration_incoming_state_destroy()
> multifd_recv_cleanup()
>   multifd_recv_terminate_threads(NULL)
>
> Move the loadvm cleanup into migration_incoming_state_destroy(), after
> multifd_recv_cleanup() to ensure multifd thread have already exited
> when rb->receivedmap is cleared.
>
> The have_listen_thread logic can now be removed because its purpose
> was to delay cleanup until postcopy_ram_listen_thread() had finished.
>
> CC: qemu-sta...@nongnu.org
> Fixes: 5ef7e26bdb ("migration/multifd: solve zero page causing multiple
> page faults")
> Signed-off-by: Fabiano Rosas 
> ---
>  migration/migration.c | 1 +
>  migration/migration.h | 1 -
>  migration/savevm.c| 9 -
>  3 files changed, 1 insertion(+), 10 deletions(-)
>
> diff --git a/migration/migration.c b/migration/migration.c
> index 3dea06d577..b190a574b1 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -378,6 +378,7 @@ void migration_incoming_state_destroy(void)
>  struct MigrationIncomingState *mis = migration_incoming_get_current();
>
>  multifd_recv_cleanup();
> +qemu_loadvm_state_cleanup();
>
>  if (mis->to_src_file) {
>  /* Tell source that we are done */
> diff --git a/migration/migration.h b/migration/migration.h
> index 38aa1402d5..20b0a5b66e 100644
> --- a/migration/migration.h
> +++ b/migration/migration.h
> @@ -101,7 +101,6 @@ struct MigrationIncomingState {
>  /* Set this when we want the fault thread to quit */
>  bool   fault_thread_quit;
>
> -bool   have_listen_thread;
>  QemuThread listen_thread;
>
>  /* For the kernel to send us notifications */
> diff --git a/migration/savevm.c b/migration/savevm.c
> index d0759694fd..532ee5e4b0 100644
> --- a/migration/savevm.c
> +++ b/migration/savevm.c
> @@ -2076,10 +2076,8 @@ static void *postcopy_ram_listen_thread(void
> *opaque)
>   * got a bad migration state).
>   */
>  migration_incoming_state_destroy();
> -qemu_loadvm_state_cleanup();
>
>  rcu_unregister_thread();
> -mis->have_listen_thread = false;
>  postcopy_state_set(POSTCOPY_INCOMING_END);
>
>  object_unref(OBJECT(migr));
> @@ -2130,7 +2128,6 @@ static int
> loadvm_postcopy_handle_listen(MigrationIncomingState *mis)
>  return -1;
>  }
>
> -mis->have_listen_thread = true;
>  postcopy_thread_create(mis, &mis->listen_thread, "mig/dst/listen",
> postcopy_ram_listen_thread,
> QEMU_THREAD_DETACHED);
>  trace_loadvm_postcopy_handle_listen("return");
> @@ -2978,11 +2975,6 @@ int qemu_loadvm_state(QEMUFile *f)
>
>  trace_qemu_loadvm_state_post_main(ret);
>
> -if (mis->have_listen_thread) {
> -/* Listen thread still going, can't clean up yet */
> -return ret;
> -}
> -
>  if (ret == 0) {
>  ret = qemu_file_get_error(f);
>  }
> @@ -3022,7 +3014,6 @@ int qemu_loadvm_state(QEMUFile *f)
>  }
>  }
>
> -qemu_loadvm_state_cleanup();
>  cpu_synchronize_all_post_init();
>


Hi Fabiano

I have a question. By removing  qemu_loadvm_state_cleanup() here, the
failure path that ends up with exit(EXIT_FAILURE)
in process_incoming_migration_co() end up not calling the
qemu_loadvm_state_cleanup(). I am not sure how this is important since
there is exit, but the
vfio, for example, will not call the VF reset.

Another more general question is why destination Qemu has to terminate
there if there was an error detected during live migration?
Could just failing the migration and leave destination running be a more
expected scenario?

Thank you!

 return ret;
> --
> 2.35.3
>
>
>

-- 
Elena

Re: [PATCH v2 0/7] Migration deadcode removal

[Peter Xu]

On Thu, Sep 19, 2024 at 02:46:19PM +0100, d...@treblig.org wrote:
> From: "Dr. David Alan Gilbert" 
> 
>   This is a set of deadcode removal around migration
> found by looking for unused symbols.
> 
> v2
>Don't remove the zero-blocks capability yet
>add Fabiano's deprecation text patch.
>Use the uffd helpers in postcopy rather than
>  removing most of them.
>Remove one.
> 
> Dave
> 
> Dr. David Alan Gilbert (6):
>   migration: Remove migrate_cap_set
>   migration: Remove unused migrate_zero_blocks
>   migration: Remove unused socket_send_channel_create_sync
>   util/userfaultfd: Return -errno on error
>   migration/postcopy: Use uffd helpers
>   util/userfaultfd: Remove unused uffd_poll_events
> 
> Fabiano Rosas (1):
>   migration: Deprecate zero-blocks capability

Tentatively queued.  Markus/others, still feel free to comment or offer
tags, the PR will be at least a few days after people back from forum.

Thanks!

-- 
Peter Xu

Re: [PATCH] hw/ppc: fix decrementer with BookE timers

[Cédric Le Goater]

Hello Clément,


Unless I'm wrong this patch has not been queued yet. Is there any
reason for this ?


I don't think there was a PPC PR yet. We are just starting the
QEMU 9.2 cycle [*]. Since this is a fix that applies on older
releases, may be we could have a PR in not too long.

Thanks,

C.

[*] https://wiki.qemu.org/Planning/9.2

Re: [PATCH] tests/migration-test: Wait for cancellation sooner in multifd cancel

[Peter Xu]

On Fri, Sep 20, 2024 at 06:13:02PM +0200, Juraj Marcin wrote:
> The source QEMU might not finish the cancellation of the migration
> before we start setting up the next attempt. During the setup, the
> test_migrate_start() function and others might need to interact with the
> source in a way that is not possible unless the migration is fully
> canceled. For example, setting capabilities when the migration is still
> running leads to an error.
> 
> By moving the wait before the setup, we ensure this does not happen.
> 
> Cc: Peter Xu 
> Signed-off-by: Juraj Marcin 

+Fabiano, +PeterM.

Some more context: this issue Juraj can only reproduce in one of our
downstream 9.2 branch with some probably over crowded build systems.  But
logically it looks still possible to also happen upstream..

queued, thanks!

> ---
>  tests/qtest/migration-test.c | 12 ++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c
> index 814ec109a6..95e45b5029 100644
> --- a/tests/qtest/migration-test.c
> +++ b/tests/qtest/migration-test.c
> @@ -3267,6 +3267,16 @@ static void test_multifd_tcp_cancel(void)
>  qtest_wait_qemu(to);
>  qtest_quit(to);
>  
> +/*
> + * Ensure the source QEMU finishes its cancellation process before we
> + * proceed with the setup of the next migration. The test_migrate_start()
> + * function and others might want to interact with the source in a way 
> that
> + * is not possible while the migration is not canceled properly. For
> + * example, setting migration capabilities when the migration is still
> + * running leads to an error.
> + */
> +wait_for_migration_status(from, "cancelled", NULL);
> +
>  args = (MigrateStart){
>  .only_target = true,
>  };
> @@ -3282,8 +3292,6 @@ static void test_multifd_tcp_cancel(void)
>  /* Start incoming migration from the 1st socket */
>  migrate_incoming_qmp(to2, "tcp:127.0.0.1:0", "{}");
>  
> -wait_for_migration_status(from, "cancelled", NULL);
> -
>  migrate_ensure_non_converge(from);
>  
>  migrate_qmp(from, to2, NULL, NULL, "{}");
> -- 
> 2.46.1
> 

-- 
Peter Xu

Re: [PATCH 08/25] hw/i2c: add support for flexcomm i2c

[Octavian Purdila]

On Thu, Sep 19, 2024 at 2:36 AM Peter Maydell  wrote:
>
> On Wed, 18 Sept 2024 at 22:31, Corey Minyard  wrote:
> > Generally it's frowned upon to have a ton of extra stuff that's not
> > used.  I would think some is ok, like defining bits in registers that
> > aren't used yet, but I have no idea how all the enums below here
> > actually tie into anything.  I'm guessing these are just bitmasks into
> > registers, but really, it's a lot easier to read if you have something
> > like:
> >
> > /*
> >  * The I2C Master function enable. When disabled, the Master
> >  * configuration settings are not changed, but the Master function is
> >  * internally reset.
> >  */
> > #define FLEXCOMM_I2C_CFG_MSTEN (1 << 4)
>
> The FIELD macro already gives you that:
>   FIELD(FLEXCOMM_I2C_CFG, MSTEN, startbit, len);
> will define an R_FLEXCOMM_I2C_CFG_MSTEN_MASK (which is
> (1 << startbit) for the 'len == 1' case).
>
> You can also set and read a 1 bit field the same as
> any other, with the FIELD_DP32/FIELD_EX32 macros, so
> you don't often need to directly use the MASK macro:
>   s->cfg = FIELD_DP32(s->cfg, CFG, MSTEN, 1);
> and
>   if (FIELD_EX32(s->cfg, CFG, MSTEN)) {
>  ...
>   }
>
> The FIELD() macros are a bit unwieldy sometimes but the
> advantage over ad-hoc #defines is that they're consistent
> for every field in every register.
>
> I agree that providing enums for the possible values for 1-bit
> fields is a bit superfluous.
>

I went ahead and removed those 1-bit enum values and added support to
filter register/fields when generating the code. Also converted the
enums to defines to make these a little bit more compact as I don't
think we have any advantage over the enums?

So with the following invocation:

  run_target('svd-flexcomm-i2c', command: svd_gen_header +
[ '-i', rt595, '-o', '@SOURCE_ROOT@/include/hw/arm/svd/flexcomm_i2c.h',
  '-p', 'I2C0', '-t', 'FLEXCOMM_I2C',
  '--fields', 'CFG TIMEOUT:TOMIN MSTCTL MSTDAT
STAT:MSTPENDING,MSTSTATE INT*:MSTPENDING* SLV*:'])

I am getting the below generated file. Note that the register info is
generated for all registers because this information is used to
initialize the reset values, mask writes appropriately in registers
and trace register access.

Please let me know if this looks good or if there are any other tweaks
I could make.

/*
 * Copyright 2016-2023 NXP SPDX-License-Identifier: BSD-3-Clause
 *
 * Automatically generated by svd-gen-header.py from MIMXRT595S_cm33.xml
 */
#pragma once

#include "hw/register.h"

/* I2C Bus Interface */
#define FLEXCOMM_I2C_REGS_NO (1024)

/* Configuration Register */
REG32(FLEXCOMM_I2C_CFG, 0x800);
/* Master Enable */
FIELD(FLEXCOMM_I2C_CFG, MSTEN, 0, 1);
/* Slave Enable */
FIELD(FLEXCOMM_I2C_CFG, SLVEN, 1, 1);
/* Monitor Enable */
FIELD(FLEXCOMM_I2C_CFG, MONEN, 2, 1);
/* I2C bus Time-out Enable */
FIELD(FLEXCOMM_I2C_CFG, TIMEOUTEN, 3, 1);
/* Monitor function Clock Stretching */
FIELD(FLEXCOMM_I2C_CFG, MONCLKSTR, 4, 1);
/* High Speed mode Capable enable */
FIELD(FLEXCOMM_I2C_CFG, HSCAPABLE, 5, 1);

/* Status Register */
REG32(FLEXCOMM_I2C_STAT, 0x804);
/* Master Pending */
FIELD(FLEXCOMM_I2C_STAT, MSTPENDING, 0, 1);
/* Master State code */
FIELD(FLEXCOMM_I2C_STAT, MSTSTATE, 1, 3);
/* Idle. The Master function is available to be used for a new transaction. */
#define FLEXCOMM_I2C_STAT_MSTSTATE_IDLE 0
/*
 * Receive ready. Received data is available (in Master Receiver mode). Address
 * plus Read was previously sent and Acknowledged by a slave.
 */
#define FLEXCOMM_I2C_STAT_MSTSTATE_RECEIVE_READY 1
/*
 * Transmit ready. Data can be transmitted (in Master Transmitter mode).
 * Address plus Write was previously sent and Acknowledged by a slave.
 */
#define FLEXCOMM_I2C_STAT_MSTSTATE_TRANSMIT_READY 2
/* NACK Address. Slave NACKed address. */
#define FLEXCOMM_I2C_STAT_MSTSTATE_NACK_ADDRESS 3
/* NACK Data. Slave NACKed transmitted data. */
#define FLEXCOMM_I2C_STAT_MSTSTATE_NACK_DATA 4

/* Interrupt Enable Set Register */
REG32(FLEXCOMM_I2C_INTENSET, 0x808);
/* Master Pending interrupt Enable */
FIELD(FLEXCOMM_I2C_INTENSET, MSTPENDINGEN, 0, 1);

/* Interrupt Enable Clear Register */
REG32(FLEXCOMM_I2C_INTENCLR, 0x80C);
/* Master Pending interrupt clear */
FIELD(FLEXCOMM_I2C_INTENCLR, MSTPENDINGCLR, 0, 1);

/* Time-out Register */
REG32(FLEXCOMM_I2C_TIMEOUT, 0x810);
/* Time-out time value, the bottom 4 bits */
FIELD(FLEXCOMM_I2C_TIMEOUT, TOMIN, 0, 4);

/* Interrupt Status Register */
REG32(FLEXCOMM_I2C_INTSTAT, 0x818);
/* Master Pending */
FIELD(FLEXCOMM_I2C_INTSTAT, MSTPENDING, 0, 1);

/* Master Control Register */
REG32(FLEXCOMM_I2C_MSTCTL, 0x820);
/* Master Continue(write-only) */
FIELD(FLEXCOMM_I2C_MSTCTL, MSTCONTINUE, 0, 1);
/* Master Start control(write-only) */
FIELD(FLEXCOMM_I2C_MSTCTL, MSTSTART, 1, 1);
/* Master Stop control(write-only) */
FIELD(FLEXCOMM_I2C_MSTCTL, MSTSTOP, 2, 1);
/* Master DMA enable */
FIELD(FLEXCOMM_I2C_MSTCTL, MSTDMA, 3, 1);

/* Master Data Register */
REG32(FLEXCOMM_I2C_MSTDAT, 0x828);
/* Ma

Re: [PATCH 08/25] hw/i2c: add support for flexcomm i2c

[Corey Minyard]

Thanks, this all looks good to me.  And FIELD() is the right way to
go, as Peter said.

-corey

On Fri, Sep 20, 2024 at 1:03 PM Octavian Purdila  wrote:
>
> On Thu, Sep 19, 2024 at 2:36 AM Peter Maydell  
> wrote:
> >
> > On Wed, 18 Sept 2024 at 22:31, Corey Minyard  wrote:
> > > Generally it's frowned upon to have a ton of extra stuff that's not
> > > used.  I would think some is ok, like defining bits in registers that
> > > aren't used yet, but I have no idea how all the enums below here
> > > actually tie into anything.  I'm guessing these are just bitmasks into
> > > registers, but really, it's a lot easier to read if you have something
> > > like:
> > >
> > > /*
> > >  * The I2C Master function enable. When disabled, the Master
> > >  * configuration settings are not changed, but the Master function is
> > >  * internally reset.
> > >  */
> > > #define FLEXCOMM_I2C_CFG_MSTEN (1 << 4)
> >
> > The FIELD macro already gives you that:
> >   FIELD(FLEXCOMM_I2C_CFG, MSTEN, startbit, len);
> > will define an R_FLEXCOMM_I2C_CFG_MSTEN_MASK (which is
> > (1 << startbit) for the 'len == 1' case).
> >
> > You can also set and read a 1 bit field the same as
> > any other, with the FIELD_DP32/FIELD_EX32 macros, so
> > you don't often need to directly use the MASK macro:
> >   s->cfg = FIELD_DP32(s->cfg, CFG, MSTEN, 1);
> > and
> >   if (FIELD_EX32(s->cfg, CFG, MSTEN)) {
> >  ...
> >   }
> >
> > The FIELD() macros are a bit unwieldy sometimes but the
> > advantage over ad-hoc #defines is that they're consistent
> > for every field in every register.
> >
> > I agree that providing enums for the possible values for 1-bit
> > fields is a bit superfluous.
> >
>
> I went ahead and removed those 1-bit enum values and added support to
> filter register/fields when generating the code. Also converted the
> enums to defines to make these a little bit more compact as I don't
> think we have any advantage over the enums?
>
> So with the following invocation:
>
>   run_target('svd-flexcomm-i2c', command: svd_gen_header +
> [ '-i', rt595, '-o', '@SOURCE_ROOT@/include/hw/arm/svd/flexcomm_i2c.h',
>   '-p', 'I2C0', '-t', 'FLEXCOMM_I2C',
>   '--fields', 'CFG TIMEOUT:TOMIN MSTCTL MSTDAT
> STAT:MSTPENDING,MSTSTATE INT*:MSTPENDING* SLV*:'])
>
> I am getting the below generated file. Note that the register info is
> generated for all registers because this information is used to
> initialize the reset values, mask writes appropriately in registers
> and trace register access.
>
> Please let me know if this looks good or if there are any other tweaks
> I could make.
>
> /*
>  * Copyright 2016-2023 NXP SPDX-License-Identifier: BSD-3-Clause
>  *
>  * Automatically generated by svd-gen-header.py from MIMXRT595S_cm33.xml
>  */
> #pragma once
>
> #include "hw/register.h"
>
> /* I2C Bus Interface */
> #define FLEXCOMM_I2C_REGS_NO (1024)
>
> /* Configuration Register */
> REG32(FLEXCOMM_I2C_CFG, 0x800);
> /* Master Enable */
> FIELD(FLEXCOMM_I2C_CFG, MSTEN, 0, 1);
> /* Slave Enable */
> FIELD(FLEXCOMM_I2C_CFG, SLVEN, 1, 1);
> /* Monitor Enable */
> FIELD(FLEXCOMM_I2C_CFG, MONEN, 2, 1);
> /* I2C bus Time-out Enable */
> FIELD(FLEXCOMM_I2C_CFG, TIMEOUTEN, 3, 1);
> /* Monitor function Clock Stretching */
> FIELD(FLEXCOMM_I2C_CFG, MONCLKSTR, 4, 1);
> /* High Speed mode Capable enable */
> FIELD(FLEXCOMM_I2C_CFG, HSCAPABLE, 5, 1);
>
> /* Status Register */
> REG32(FLEXCOMM_I2C_STAT, 0x804);
> /* Master Pending */
> FIELD(FLEXCOMM_I2C_STAT, MSTPENDING, 0, 1);
> /* Master State code */
> FIELD(FLEXCOMM_I2C_STAT, MSTSTATE, 1, 3);
> /* Idle. The Master function is available to be used for a new transaction. */
> #define FLEXCOMM_I2C_STAT_MSTSTATE_IDLE 0
> /*
>  * Receive ready. Received data is available (in Master Receiver mode). 
> Address
>  * plus Read was previously sent and Acknowledged by a slave.
>  */
> #define FLEXCOMM_I2C_STAT_MSTSTATE_RECEIVE_READY 1
> /*
>  * Transmit ready. Data can be transmitted (in Master Transmitter mode).
>  * Address plus Write was previously sent and Acknowledged by a slave.
>  */
> #define FLEXCOMM_I2C_STAT_MSTSTATE_TRANSMIT_READY 2
> /* NACK Address. Slave NACKed address. */
> #define FLEXCOMM_I2C_STAT_MSTSTATE_NACK_ADDRESS 3
> /* NACK Data. Slave NACKed transmitted data. */
> #define FLEXCOMM_I2C_STAT_MSTSTATE_NACK_DATA 4
>
> /* Interrupt Enable Set Register */
> REG32(FLEXCOMM_I2C_INTENSET, 0x808);
> /* Master Pending interrupt Enable */
> FIELD(FLEXCOMM_I2C_INTENSET, MSTPENDINGEN, 0, 1);
>
> /* Interrupt Enable Clear Register */
> REG32(FLEXCOMM_I2C_INTENCLR, 0x80C);
> /* Master Pending interrupt clear */
> FIELD(FLEXCOMM_I2C_INTENCLR, MSTPENDINGCLR, 0, 1);
>
> /* Time-out Register */
> REG32(FLEXCOMM_I2C_TIMEOUT, 0x810);
> /* Time-out time value, the bottom 4 bits */
> FIELD(FLEXCOMM_I2C_TIMEOUT, TOMIN, 0, 4);
>
> /* Interrupt Status Register */
> REG32(FLEXCOMM_I2C_INTSTAT, 0x818);
> /* Master Pending */
> FIELD(FLEXCOMM_I2C_INTSTAT, MSTPENDING, 0, 1);
>
> /* Master Control Register */
> REG3

[PATCH 2/6] linux-user,openrisc: move to syscalltbl file

[Laurent Vivier]

Since kernel v6.11 openrisc has moved from syscall_nr.h file
to syscall.tbl (See 77122bf9e3df ("openrisc: convert to generic syscall
table"))

Update linux-user scripts to be able to retrieve syscall numbers
from linux syscall.tbl instead of syscall_nr.h.
New syscall.tbl is imported from linux v6.11 using updated
scripts/update-syscalltbl.sh

Signed-off-by: Laurent Vivier 
---
 configs/targets/or1k-linux-user.mak |   2 +
 linux-user/meson.build  |   1 +
 linux-user/openrisc/meson.build |   5 +
 linux-user/openrisc/syscall.tbl | 405 
 linux-user/openrisc/syscall_nr.h| 350 
 linux-user/openrisc/syscallhdr.sh   |  28 ++
 scripts/gensyscalls.sh  |   2 -
 scripts/update-syscalltbl.sh|   1 +
 8 files changed, 442 insertions(+), 352 deletions(-)
 create mode 100644 linux-user/openrisc/meson.build
 create mode 100644 linux-user/openrisc/syscall.tbl
 delete mode 100644 linux-user/openrisc/syscall_nr.h
 create mode 100644 linux-user/openrisc/syscallhdr.sh

diff --git a/configs/targets/or1k-linux-user.mak 
b/configs/targets/or1k-linux-user.mak
index 39558f77ecfe..eecb1e224192 100644
--- a/configs/targets/or1k-linux-user.mak
+++ b/configs/targets/or1k-linux-user.mak
@@ -1,2 +1,4 @@
 TARGET_ARCH=openrisc
 TARGET_BIG_ENDIAN=y
+TARGET_SYSTBL_ABI=common,32,or1k,time32,stat64,rlimit,renameat
+TARGET_SYSTBL=syscall.tbl
diff --git a/linux-user/meson.build b/linux-user/meson.build
index bc41e8c3bca7..cfbaf9741ded 100644
--- a/linux-user/meson.build
+++ b/linux-user/meson.build
@@ -45,6 +45,7 @@ subdir('m68k')
 subdir('microblaze')
 subdir('mips64')
 subdir('mips')
+subdir('openrisc')
 subdir('ppc')
 subdir('riscv')
 subdir('s390x')
diff --git a/linux-user/openrisc/meson.build b/linux-user/openrisc/meson.build
new file mode 100644
index ..273e7a0c38a5
--- /dev/null
+++ b/linux-user/openrisc/meson.build
@@ -0,0 +1,5 @@
+syscall_nr_generators += {
+  'openrisc': generator(sh,
+  arguments: [ meson.current_source_dir() / 
'syscallhdr.sh', '@INPUT@', '@OUTPUT@', '@EXTRA_ARGS@' ],
+  output: '@BASENAME@_nr.h')
+}
diff --git a/linux-user/openrisc/syscall.tbl b/linux-user/openrisc/syscall.tbl
new file mode 100644
index ..845e24eb372e
--- /dev/null
+++ b/linux-user/openrisc/syscall.tbl
@@ -0,0 +1,405 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+#
+# This file contains the system call numbers for all of the
+# more recently added architectures.
+#
+# As a basic principle, no duplication of functionality
+# should be added, e.g. we don't use lseek when llseek
+# is present. New architectures should use this file
+# and implement the less feature-full calls in user space.
+#
+0  common  io_setupsys_io_setup
compat_sys_io_setup
+1  common  io_destroy  sys_io_destroy
+2  common  io_submit   sys_io_submit   
compat_sys_io_submit
+3  common  io_cancel   sys_io_cancel
+4  time32  io_geteventssys_io_getevents_time32
+4  64  io_geteventssys_io_getevents
+5  common  setxattrsys_setxattr
+6  common  lsetxattr   sys_lsetxattr
+7  common  fsetxattr   sys_fsetxattr
+8  common  getxattrsys_getxattr
+9  common  lgetxattr   sys_lgetxattr
+10 common  fgetxattr   sys_fgetxattr
+11 common  listxattr   sys_listxattr
+12 common  llistxattr  sys_llistxattr
+13 common  flistxattr  sys_flistxattr
+14 common  removexattr sys_removexattr
+15 common  lremovexattrsys_lremovexattr
+16 common  fremovexattrsys_fremovexattr
+17 common  getcwd  sys_getcwd
+18 common  lookup_dcookie  sys_ni_syscall
+19 common  eventfd2sys_eventfd2
+20 common  epoll_create1   sys_epoll_create1
+21 common  epoll_ctl   sys_epoll_ctl
+22 common  epoll_pwait sys_epoll_pwait 
compat_sys_epoll_pwait
+23 common  dup sys_dup
+24 common  dup3sys_dup3
+25 32  fcntl64 sys_fcntl64 
compat_sys_fcntl64
+25 64  fcntl   sys_fcntl
+26 common  inotify_init1   sys_inotify_init1
+27 common  inotify_add_watch   sys_inotify_add_watch
+28 common  inotify_rm_watchsys_inotify_rm_watch
+29 common  ioctl   sys_ioctl   
compat_sys_ioctl
+30 common  ioprio_s

Re: [PATCH] tests/functional: Convert the powernv tests from boot_linux_console.py

[Cédric Le Goater]

On 9/20/24 17:03, Thomas Huth wrote:

Move the tests into the already existing test_ppc64_powernv.py
file.

Signed-off-by: Thomas Huth 



Reviewed-by: Cédric Le Goater 

Thanks,

C.



---
  Based-on: 20240919185749.71222-1-th...@redhat.com

  tests/avocado/boot_linux_console.py| 46 --
  tests/functional/test_ppc64_powernv.py | 42 +--
  2 files changed, 39 insertions(+), 49 deletions(-)

diff --git a/tests/avocado/boot_linux_console.py 
b/tests/avocado/boot_linux_console.py
index 759fda9cc8..23d1b3587b 100644
--- a/tests/avocado/boot_linux_console.py
+++ b/tests/avocado/boot_linux_console.py
@@ -907,49 +907,3 @@ def test_arm_ast2600_debian(self):
  self.wait_for_console_pattern("SMP: Total of 2 processors activated")
  self.wait_for_console_pattern("No filesystem could mount root")
  
-def do_test_ppc64_powernv(self, proc):

-self.require_accelerator("tcg")
-images_url = 
('https://github.com/open-power/op-build/releases/download/v2.7/')
-
-kernel_url = images_url + 'zImage.epapr'
-kernel_hash = 
'0ab237df661727e5392cee97460e8674057a883c5f74381a128fa772588d45cd'
-kernel_path = self.fetch_asset(kernel_url, asset_hash=kernel_hash,
-   algorithm='sha256')
-self.vm.set_console()
-self.vm.add_args('-kernel', kernel_path,
- '-append', 'console=tty0 console=hvc0',
- '-device', 
'pcie-pci-bridge,id=bridge1,bus=pcie.1,addr=0x0',
- '-device', 'nvme,bus=pcie.2,addr=0x0,serial=1234',
- '-device', 'e1000e,bus=bridge1,addr=0x3',
- '-device', 'nec-usb-xhci,bus=bridge1,addr=0x2')
-self.vm.launch()
-
-self.wait_for_console_pattern("CPU: " + proc + " generation processor")
-self.wait_for_console_pattern("zImage starting: loaded")
-self.wait_for_console_pattern("Run /init as init process")
-# Device detection output driven by udev probing is sometimes cut off
-# from console output, suspect S14silence-console init script.
-
-def test_ppc_powernv8(self):
-"""
-:avocado: tags=arch:ppc64
-:avocado: tags=machine:powernv8
-:avocado: tags=accel:tcg
-"""
-self.do_test_ppc64_powernv('P8')
-
-def test_ppc_powernv9(self):
-"""
-:avocado: tags=arch:ppc64
-:avocado: tags=machine:powernv9
-:avocado: tags=accel:tcg
-"""
-self.do_test_ppc64_powernv('P9')
-
-def test_ppc_powernv10(self):
-"""
-:avocado: tags=arch:ppc64
-:avocado: tags=machine:powernv10
-:avocado: tags=accel:tcg
-"""
-self.do_test_ppc64_powernv('P10')
diff --git a/tests/functional/test_ppc64_powernv.py 
b/tests/functional/test_ppc64_powernv.py
index 67497d6404..685e2178ed 100755
--- a/tests/functional/test_ppc64_powernv.py
+++ b/tests/functional/test_ppc64_powernv.py
@@ -7,10 +7,10 @@
  # This work is licensed under the terms of the GNU GPL, version 2 or
  # later.  See the COPYING file in the top-level directory.
  
-from qemu_test import QemuSystemTest, Asset

+from qemu_test import LinuxKernelTest, Asset
  from qemu_test import wait_for_console_pattern
  
-class powernvMachine(QemuSystemTest):

+class powernvMachine(LinuxKernelTest):
  
  timeout = 90

  KERNEL_COMMON_COMMAND_LINE = 'printk.time=0 console=hvc0 '
@@ -78,5 +78,41 @@ def test_linux_big_boot(self):
  wait_for_console_pattern(self, console_pattern, self.panic_message)
  wait_for_console_pattern(self, self.good_message, self.panic_message)
  
+

+ASSET_EPAPR_KERNEL = Asset(
+('https://github.com/open-power/op-build/releases/download/v2.7/'
+ 'zImage.epapr'),
+'0ab237df661727e5392cee97460e8674057a883c5f74381a128fa772588d45cd')
+
+def do_test_ppc64_powernv(self, proc):
+self.require_accelerator("tcg")
+kernel_path = self.ASSET_EPAPR_KERNEL.fetch()
+self.vm.set_console()
+self.vm.add_args('-kernel', kernel_path,
+ '-append', 'console=tty0 console=hvc0',
+ '-device', 
'pcie-pci-bridge,id=bridge1,bus=pcie.1,addr=0x0',
+ '-device', 'nvme,bus=pcie.2,addr=0x0,serial=1234',
+ '-device', 'e1000e,bus=bridge1,addr=0x3',
+ '-device', 'nec-usb-xhci,bus=bridge1,addr=0x2')
+self.vm.launch()
+
+self.wait_for_console_pattern("CPU: " + proc + " generation processor")
+self.wait_for_console_pattern("zImage starting: loaded")
+self.wait_for_console_pattern("Run /init as init process")
+# Device detection output driven by udev probing is sometimes cut off
+# from console output, suspect S14silence-console init script.
+
+def test_powernv8(self):
+self.set_machine('powernv8')
+self.do_t

[PATCH] tests/migration-test: Wait for cancellation sooner in multifd cancel

[Juraj Marcin]

The source QEMU might not finish the cancellation of the migration
before we start setting up the next attempt. During the setup, the
test_migrate_start() function and others might need to interact with the
source in a way that is not possible unless the migration is fully
canceled. For example, setting capabilities when the migration is still
running leads to an error.

By moving the wait before the setup, we ensure this does not happen.

Cc: Peter Xu 
Signed-off-by: Juraj Marcin 
---
 tests/qtest/migration-test.c | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c
index 814ec109a6..95e45b5029 100644
--- a/tests/qtest/migration-test.c
+++ b/tests/qtest/migration-test.c
@@ -3267,6 +3267,16 @@ static void test_multifd_tcp_cancel(void)
 qtest_wait_qemu(to);
 qtest_quit(to);
 
+/*
+ * Ensure the source QEMU finishes its cancellation process before we
+ * proceed with the setup of the next migration. The test_migrate_start()
+ * function and others might want to interact with the source in a way that
+ * is not possible while the migration is not canceled properly. For
+ * example, setting migration capabilities when the migration is still
+ * running leads to an error.
+ */
+wait_for_migration_status(from, "cancelled", NULL);
+
 args = (MigrateStart){
 .only_target = true,
 };
@@ -3282,8 +3292,6 @@ static void test_multifd_tcp_cancel(void)
 /* Start incoming migration from the 1st socket */
 migrate_incoming_qmp(to2, "tcp:127.0.0.1:0", "{}");
 
-wait_for_migration_status(from, "cancelled", NULL);
-
 migrate_ensure_non_converge(from);
 
 migrate_qmp(from, to2, NULL, NULL, "{}");
-- 
2.46.1

Re: [PATCH v2 0/5] Interrupt Remap support for emulated amd viommu

[Alejandro Jimenez]

Hi Santosh,


On 9/16/24 10:31, Santosh Shukla wrote:

Series adds following feature support for emulated amd vIOMMU
1) Pass Through(PT) mode
2) Interrupt Remapping(IR) mode

1) PT mode
Introducing the shared 'nodma' memory region that can be aliased
by all the devices in the PT mode. Shared memory with aliasing
approach will help run VM faster when lot of devices attached to
VM.

2) IR mode
Shared IR memory region with aliasing approach proposed for the
reason mentioned in 1). Also add support to invalidate Interrupt
remaping table(IRT).

Series based on ea9cdbcf3a0b8d5497cddf87990f1b39d8f3bb0a

Testing:
1. nvme/fio testing for VM with > 255 vCPU with xtsup=on and x2apic
enabled
2. Windows Server 2022 VM testing for > 255 vCPU.


Tested on EPYC Genoa launching a guest with 380 vCPUs, with VFIO passthrough NIC, using 
"-device amd-iommu,intremap=on,xtsup=on,pt=on"

I pointed out a few minor nits, of which I think the most important is to 
correct the error message on PATCH 5/5. With that addressed:

Reviewed-by: Alejandro Jimenez 

Thank you.



Change History:

V2:
- Fixed non-kvm build issue (Reported by Michael Tsirkin)

V1:
- https://lore.kernel.org/all/20240904100257.184851-3-santosh.shu...@amd.com/T/


Suravee Suthikulpanit (5):
   amd_iommu: Rename variable mmio to mr_mmio
   amd_iommu: Add support for pass though mode
   amd_iommu: Use shared memory region for Interrupt Remapping
   amd_iommu: Send notification when invaldate interrupt entry cache
   amd_iommu: Check APIC ID > 255 for XTSup

  hw/i386/acpi-build.c |  4 +-
  hw/i386/amd_iommu.c  | 98 +++-
  hw/i386/amd_iommu.h  |  5 ++-
  3 files changed, 85 insertions(+), 22 deletions(-)

Re: [PATCH v2 2/5] amd_iommu: Add support for pass though mode

[Alejandro Jimenez]

Hi Santosh,

On 9/16/24 10:31, Santosh Shukla wrote:

From: Suravee Suthikulpanit 

Introduce 'nodma' shared memory region to support PT mode
so that for each device, we only create an alias to shared memory
region when DMA-remapping is disabled.

Signed-off-by: Suravee Suthikulpanit 
Signed-off-by: Santosh Shukla 
---
  hw/i386/amd_iommu.c | 49 -
  hw/i386/amd_iommu.h |  2 ++
  2 files changed, 42 insertions(+), 9 deletions(-)

diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index abb64ea507be..c5f5103f4911 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -60,8 +60,9 @@ struct AMDVIAddressSpace {
  uint8_t bus_num;/* bus number   */
  uint8_t devfn;  /* device function  */
  AMDVIState *iommu_state;/* AMDVI - one per machine  */
-MemoryRegion root;  /* AMDVI Root memory map region */
+MemoryRegion root;  /* AMDVI Root memory map region */
  IOMMUMemoryRegion iommu;/* Device's address translation region  */
+MemoryRegion iommu_nodma;   /* Alias of shared nodma memory region  */
  MemoryRegion iommu_ir;  /* Device's interrupt remapping region  */
  AddressSpace as;/* device's corresponding address space */
  };
@@ -1412,6 +1413,7 @@ static AddressSpace *amdvi_host_dma_iommu(PCIBus *bus, 
void *opaque, int devfn)
  AMDVIState *s = opaque;
  AMDVIAddressSpace **iommu_as, *amdvi_dev_as;
  int bus_num = pci_bus_num(bus);
+X86IOMMUState *x86_iommu = X86_IOMMU_DEVICE(s);
  
  iommu_as = s->address_spaces[bus_num];
  
@@ -1436,13 +1438,13 @@ static AddressSpace *amdvi_host_dma_iommu(PCIBus *bus, void *opaque, int devfn)

   * Memory region relationships looks like (Address range shows
   * only lower 32 bits to make it short in length...):
   *
- * |-+---+--|
- * | Name| Address range | Priority |
- * |-+---+--+
- * | amdvi_root  | - |0 |
- * |  amdvi_iommu| - |1 |
- * |  amdvi_iommu_ir | fee0-feef |   64 |
- * |-+---+--|
+ * |+---+--|
+ * | Name   | Address range | Priority |
+ * |+---+--+
+ * | amdvi-root | - |0 |
+ * | amdvi-iommu_nodma  | - |0 |
+ * | amdvi-iommu_ir | fee0-feef |   64 |
+ * |+---+--|


Minor nit: I would keep the original indentation here to help reinforce the 
concept that iommu_nodma and iommu_ir are meant to be sub-regions under the 
root container. It would also be great if the table could show that they are 
mutually exclusive based on whether passthrough is in use, but that is probably 
too much to include in this format.

Alejandro

+
+if (!x86_iommu->pt_supported) {
+memory_region_set_enabled(&amdvi_dev_as->iommu_nodma, false);
+memory_region_set_enabled(MEMORY_REGION(&amdvi_dev_as->iommu),
+  true);
+} else {
+memory_region_set_enabled(MEMORY_REGION(&amdvi_dev_as->iommu),
+  false);
+memory_region_set_enabled(&amdvi_dev_as->iommu_nodma, true);
+}
  }
  return &iommu_as[devfn]->as;
  }
@@ -1602,6 +1622,17 @@ static void amdvi_sysbus_realize(DeviceState *dev, Error 
**errp)
"amdvi-mmio", AMDVI_MMIO_SIZE);
  memory_region_add_subregion(get_system_memory(), AMDVI_BASE_ADDR,
  &s->mr_mmio);
+
+/* Create the share memory regions by all devices */
+memory_region_init(&s->mr_sys, OBJECT(s), "amdvi-sys", UINT64_MAX);
+
+/* set up the DMA disabled memory region */
+memory_region_init_alias(&s->mr_nodma, OBJECT(s),
+ "amdvi-nodma", get_system_memory(), 0,
+ memory_region_size(get_system_memory()));
+memory_region_add_subregion_overlap(&s->mr_sys, 0,
+&s->mr_nodma, 0);
+
  pci_setup_iommu(bus, &amdvi_iommu_ops, s);
  amdvi_init(s);
  }
diff --git a/hw/i386/amd_iommu.h b/hw/i386/amd_iommu.h
index e5c2ae94f243..be417e51c4dc 100644
--- a/hw/i386/amd_iommu.h
+++ b/hw/i386/amd_iommu.h
@@ -354,6 +354,8 @@ struct AMDVIState {
  uint32_t pprlog_tail;/* ppr log tail */
  
  MemoryRegion mr_mmio;  /* MMIO region  */

+MemoryRegion mr_sys;
+MemoryRegion mr_nodma;
  uint8_t mmior[AMDVI_MMIO_SIZE];/* read/write MMIO

Re: [PATCH v2 4/5] amd_iommu: Send notification when invaldate interrupt entry cache

[Alejandro Jimenez]

In subject:
s/invaldate/invalidate/

On 9/16/24 10:31, Santosh Shukla wrote:

From: Suravee Suthikulpanit 

In order to support AMD IOMMU interrupt remapping emulation with PCI
pass-through devices, QEMU needs to notify VFIO when guest IOMMU driver
updates and invalidate the guest interrupt remapping table (IRT), and
communicate information so that the host IOMMU driver can update
the shadowed interrupt remapping table in the host IOMMU.

Therefore, send notification when guet


s/guet/guest

Alejandro

 IOMMU emulates the IRT invalidation

commands.

Signed-off-by: Suravee Suthikulpanit 
Signed-off-by: Santosh Shukla 
---
  hw/i386/amd_iommu.c | 12 
  1 file changed, 12 insertions(+)

diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index 24fcd561345c..9095146525e6 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -431,6 +431,12 @@ static void amdvi_complete_ppr(AMDVIState *s, uint64_t 
*cmd)
  trace_amdvi_ppr_exec();
  }
  
+static void amdvi_intremap_inval_notify_all(AMDVIState *s, bool global,

+   uint32_t index, uint32_t mask)
+{
+x86_iommu_iec_notify_all(X86_IOMMU_DEVICE(s), global, index, mask);
+}
+
  static void amdvi_inval_all(AMDVIState *s, uint64_t *cmd)
  {
  if (extract64(cmd[0], 0, 60) || cmd[1]) {
@@ -438,6 +444,9 @@ static void amdvi_inval_all(AMDVIState *s, uint64_t *cmd)
 s->cmdbuf + s->cmdbuf_head);
  }
  
+/* Notify global invalidation */

+amdvi_intremap_inval_notify_all(s, true, 0, 0);
+
  amdvi_iotlb_reset(s);
  trace_amdvi_all_inval();
  }
@@ -486,6 +495,9 @@ static void amdvi_inval_inttable(AMDVIState *s, uint64_t 
*cmd)
  return;
  }
  
+/* Notify global invalidation */

+amdvi_intremap_inval_notify_all(s, true, 0, 0);
+
  trace_amdvi_intr_inval();
  }
  

Re: [PATCH v2 5/5] amd_iommu: Check APIC ID > 255 for XTSup

[Alejandro Jimenez]

On 9/16/24 10:31, Santosh Shukla wrote:

From: Suravee Suthikulpanit 

The XTSup mode enables x2APIC support for AMD IOMMU, which is needed
to support vcpu w/ APIC ID > 255.

Signed-off-by: Suravee Suthikulpanit 
Signed-off-by: Santosh Shukla 
---
v2:
- Fixed non-kvm build issue by adding a check for kvm_irqchip_is_split()

  hw/i386/amd_iommu.c | 11 +++
  1 file changed, 11 insertions(+)

diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index 9095146525e6..24eebf053df0 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -32,6 +32,7 @@
  #include "trace.h"
  #include "hw/i386/apic-msidef.h"
  #include "hw/qdev-properties.h"
+#include "kvm/kvm_i386.h"
  
  /* used AMD-Vi MMIO registers */

  const char *amdvi_mmio_low[] = {
@@ -1651,6 +1652,16 @@ static void amdvi_sysbus_realize(DeviceState *dev, Error 
**errp)
  memory_region_add_subregion_overlap(&s->mr_sys, AMDVI_INT_ADDR_FIRST,
  &s->mr_ir, 1);
  
+/* AMD IOMMU with x2APIC mode requires xtsup=on */

+if (x86ms->apic_id_limit > 255 && !s->xtsup) {
+error_report("AMD IOMMU with x2APIC confguration requires xtsup=on");
+exit(EXIT_FAILURE);
+}
+if (s->xtsup && kvm_irqchip_is_split() && !kvm_enable_x2apic()) {
+error_report("AMD IOMMU xt=on requires support on the KVM side");


Use "xtsup=on" on the error message, "xt" is not a valid option IIUC.

Alejandro


+exit(EXIT_FAILURE);
+}
+
  pci_setup_iommu(bus, &amdvi_iommu_ops, s);
  amdvi_init(s);
  }

[PATCH] tests/functional: Convert the powernv tests from boot_linux_console.py

[Thomas Huth]

Move the tests into the already existing test_ppc64_powernv.py
file.

Signed-off-by: Thomas Huth 
---
 Based-on: 20240919185749.71222-1-th...@redhat.com

 tests/avocado/boot_linux_console.py| 46 --
 tests/functional/test_ppc64_powernv.py | 42 +--
 2 files changed, 39 insertions(+), 49 deletions(-)

diff --git a/tests/avocado/boot_linux_console.py 
b/tests/avocado/boot_linux_console.py
index 759fda9cc8..23d1b3587b 100644
--- a/tests/avocado/boot_linux_console.py
+++ b/tests/avocado/boot_linux_console.py
@@ -907,49 +907,3 @@ def test_arm_ast2600_debian(self):
 self.wait_for_console_pattern("SMP: Total of 2 processors activated")
 self.wait_for_console_pattern("No filesystem could mount root")
 
-def do_test_ppc64_powernv(self, proc):
-self.require_accelerator("tcg")
-images_url = 
('https://github.com/open-power/op-build/releases/download/v2.7/')
-
-kernel_url = images_url + 'zImage.epapr'
-kernel_hash = 
'0ab237df661727e5392cee97460e8674057a883c5f74381a128fa772588d45cd'
-kernel_path = self.fetch_asset(kernel_url, asset_hash=kernel_hash,
-   algorithm='sha256')
-self.vm.set_console()
-self.vm.add_args('-kernel', kernel_path,
- '-append', 'console=tty0 console=hvc0',
- '-device', 
'pcie-pci-bridge,id=bridge1,bus=pcie.1,addr=0x0',
- '-device', 'nvme,bus=pcie.2,addr=0x0,serial=1234',
- '-device', 'e1000e,bus=bridge1,addr=0x3',
- '-device', 'nec-usb-xhci,bus=bridge1,addr=0x2')
-self.vm.launch()
-
-self.wait_for_console_pattern("CPU: " + proc + " generation processor")
-self.wait_for_console_pattern("zImage starting: loaded")
-self.wait_for_console_pattern("Run /init as init process")
-# Device detection output driven by udev probing is sometimes cut off
-# from console output, suspect S14silence-console init script.
-
-def test_ppc_powernv8(self):
-"""
-:avocado: tags=arch:ppc64
-:avocado: tags=machine:powernv8
-:avocado: tags=accel:tcg
-"""
-self.do_test_ppc64_powernv('P8')
-
-def test_ppc_powernv9(self):
-"""
-:avocado: tags=arch:ppc64
-:avocado: tags=machine:powernv9
-:avocado: tags=accel:tcg
-"""
-self.do_test_ppc64_powernv('P9')
-
-def test_ppc_powernv10(self):
-"""
-:avocado: tags=arch:ppc64
-:avocado: tags=machine:powernv10
-:avocado: tags=accel:tcg
-"""
-self.do_test_ppc64_powernv('P10')
diff --git a/tests/functional/test_ppc64_powernv.py 
b/tests/functional/test_ppc64_powernv.py
index 67497d6404..685e2178ed 100755
--- a/tests/functional/test_ppc64_powernv.py
+++ b/tests/functional/test_ppc64_powernv.py
@@ -7,10 +7,10 @@
 # This work is licensed under the terms of the GNU GPL, version 2 or
 # later.  See the COPYING file in the top-level directory.
 
-from qemu_test import QemuSystemTest, Asset
+from qemu_test import LinuxKernelTest, Asset
 from qemu_test import wait_for_console_pattern
 
-class powernvMachine(QemuSystemTest):
+class powernvMachine(LinuxKernelTest):
 
 timeout = 90
 KERNEL_COMMON_COMMAND_LINE = 'printk.time=0 console=hvc0 '
@@ -78,5 +78,41 @@ def test_linux_big_boot(self):
 wait_for_console_pattern(self, console_pattern, self.panic_message)
 wait_for_console_pattern(self, self.good_message, self.panic_message)
 
+
+ASSET_EPAPR_KERNEL = Asset(
+('https://github.com/open-power/op-build/releases/download/v2.7/'
+ 'zImage.epapr'),
+'0ab237df661727e5392cee97460e8674057a883c5f74381a128fa772588d45cd')
+
+def do_test_ppc64_powernv(self, proc):
+self.require_accelerator("tcg")
+kernel_path = self.ASSET_EPAPR_KERNEL.fetch()
+self.vm.set_console()
+self.vm.add_args('-kernel', kernel_path,
+ '-append', 'console=tty0 console=hvc0',
+ '-device', 
'pcie-pci-bridge,id=bridge1,bus=pcie.1,addr=0x0',
+ '-device', 'nvme,bus=pcie.2,addr=0x0,serial=1234',
+ '-device', 'e1000e,bus=bridge1,addr=0x3',
+ '-device', 'nec-usb-xhci,bus=bridge1,addr=0x2')
+self.vm.launch()
+
+self.wait_for_console_pattern("CPU: " + proc + " generation processor")
+self.wait_for_console_pattern("zImage starting: loaded")
+self.wait_for_console_pattern("Run /init as init process")
+# Device detection output driven by udev probing is sometimes cut off
+# from console output, suspect S14silence-console init script.
+
+def test_powernv8(self):
+self.set_machine('powernv8')
+self.do_test_ppc64_powernv('P8')
+
+def test_powernv9(self):
+self.set_machine('powernv9')
+self.do_t

[PATCH 1/6] linux-user,aarch64: move to syscalltbl file

[Laurent Vivier]

Since kernel v6.11 aarch64 has moved from syscall_nr.h file
to syscall_64.tbl (See e632bca07c8e ("arm64: generate 64-bit
syscall.tbl"))

Update linux-user scripts to be able to retrieve syscall numbers
from linux syscall_64.tbl instead of syscall_nr.h.
New syscall_64.tbl is imported from linux v6.11 using
updated scripts/update-syscalltbl.sh

Signed-off-by: Laurent Vivier 
---
 configs/targets/aarch64-linux-user.mak|   2 +
 configs/targets/aarch64_be-linux-user.mak |   2 +
 linux-user/aarch64/meson.build|   6 +
 linux-user/aarch64/syscall_64.tbl | 405 ++
 linux-user/aarch64/syscall_nr.h   | 331 +-
 linux-user/aarch64/syscallhdr.sh  |  28 ++
 scripts/gensyscalls.sh|   1 -
 scripts/update-syscalltbl.sh  |   1 +
 8 files changed, 445 insertions(+), 331 deletions(-)
 create mode 100644 linux-user/aarch64/syscall_64.tbl
 create mode 100644 linux-user/aarch64/syscallhdr.sh

diff --git a/configs/targets/aarch64-linux-user.mak 
b/configs/targets/aarch64-linux-user.mak
index 8f0ed21d7645..4c6570f56a2e 100644
--- a/configs/targets/aarch64-linux-user.mak
+++ b/configs/targets/aarch64-linux-user.mak
@@ -4,3 +4,5 @@ TARGET_XML_FILES= gdb-xml/aarch64-core.xml 
gdb-xml/aarch64-fpu.xml gdb-xml/aarch
 TARGET_HAS_BFLT=y
 CONFIG_SEMIHOSTING=y
 CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
+TARGET_SYSTBL_ABI=common,64,renameat,rlimit,memfd_secret
+TARGET_SYSTBL=syscall_64.tbl
diff --git a/configs/targets/aarch64_be-linux-user.mak 
b/configs/targets/aarch64_be-linux-user.mak
index acb5620cdbfa..778d22b2a921 100644
--- a/configs/targets/aarch64_be-linux-user.mak
+++ b/configs/targets/aarch64_be-linux-user.mak
@@ -5,3 +5,5 @@ TARGET_XML_FILES= gdb-xml/aarch64-core.xml 
gdb-xml/aarch64-fpu.xml gdb-xml/aarch
 TARGET_HAS_BFLT=y
 CONFIG_SEMIHOSTING=y
 CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
+TARGET_SYSTBL_ABI=common,64,renameat,rlimit,memfd_secret
+TARGET_SYSTBL=syscall_64.tbl
diff --git a/linux-user/aarch64/meson.build b/linux-user/aarch64/meson.build
index f75bb3cd752a..f25a67a21ef6 100644
--- a/linux-user/aarch64/meson.build
+++ b/linux-user/aarch64/meson.build
@@ -11,3 +11,9 @@ vdso_le_inc = gen_vdso.process('vdso-le.so',
 linux_user_ss.add(when: 'TARGET_AARCH64', if_true: [vdso_be_inc, vdso_le_inc])
 
 linux_user_ss.add(when: 'TARGET_AARCH64', if_true: 
[files('mte_user_helper.c')])
+
+syscall_nr_generators += {
+  'aarch64': generator(sh,
+  arguments: [ meson.current_source_dir() / 
'syscallhdr.sh', '@INPUT@', '@OUTPUT@', '@EXTRA_ARGS@' ],
+  output: '@BASENAME@_nr.h')
+}
diff --git a/linux-user/aarch64/syscall_64.tbl 
b/linux-user/aarch64/syscall_64.tbl
new file mode 100644
index ..845e24eb372e
--- /dev/null
+++ b/linux-user/aarch64/syscall_64.tbl
@@ -0,0 +1,405 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+#
+# This file contains the system call numbers for all of the
+# more recently added architectures.
+#
+# As a basic principle, no duplication of functionality
+# should be added, e.g. we don't use lseek when llseek
+# is present. New architectures should use this file
+# and implement the less feature-full calls in user space.
+#
+0  common  io_setupsys_io_setup
compat_sys_io_setup
+1  common  io_destroy  sys_io_destroy
+2  common  io_submit   sys_io_submit   
compat_sys_io_submit
+3  common  io_cancel   sys_io_cancel
+4  time32  io_geteventssys_io_getevents_time32
+4  64  io_geteventssys_io_getevents
+5  common  setxattrsys_setxattr
+6  common  lsetxattr   sys_lsetxattr
+7  common  fsetxattr   sys_fsetxattr
+8  common  getxattrsys_getxattr
+9  common  lgetxattr   sys_lgetxattr
+10 common  fgetxattr   sys_fgetxattr
+11 common  listxattr   sys_listxattr
+12 common  llistxattr  sys_llistxattr
+13 common  flistxattr  sys_flistxattr
+14 common  removexattr sys_removexattr
+15 common  lremovexattrsys_lremovexattr
+16 common  fremovexattrsys_fremovexattr
+17 common  getcwd  sys_getcwd
+18 common  lookup_dcookie  sys_ni_syscall
+19 common  eventfd2sys_eventfd2
+20 common  epoll_create1   sys_epoll_create1
+21 common  epoll_ctl   sys_epoll_ctl
+22 common  epoll_pwait sys_epoll_pwait 
compat_sys_epoll_pwait
+23 common  dup sys_dup
+24 common  dup3sys_dup3
+25 32  fc

[PATCH 4/6] linux-user,hexagon: move to syscalltbl file

[Laurent Vivier]

Since kernel v6.11 hexagon has moved from syscall_nr.h file
to syscall.tbl (36d69c29759e ("hexagon: use new system call table"))

Update linux-user scripts to be able to retrieve syscall numbers
from linux syscall.tbl instead of syscall_nr.h.
New syscall.tbl is imported from linux v6.11 using updated
scripts/update-syscalltbl.sh

Signed-off-by: Laurent Vivier 
---
 configs/targets/hexagon-linux-user.mak |   2 +
 linux-user/hexagon/meson.build |   6 +
 linux-user/hexagon/syscall.tbl | 405 +
 linux-user/hexagon/syscall_nr.h| 348 -
 linux-user/hexagon/syscallhdr.sh   |  28 ++
 linux-user/meson.build |   1 +
 scripts/gensyscalls.sh |   1 -
 scripts/update-syscalltbl.sh   |   1 +
 8 files changed, 443 insertions(+), 349 deletions(-)
 create mode 100644 linux-user/hexagon/meson.build
 create mode 100644 linux-user/hexagon/syscall.tbl
 delete mode 100644 linux-user/hexagon/syscall_nr.h
 create mode 100644 linux-user/hexagon/syscallhdr.sh

diff --git a/configs/targets/hexagon-linux-user.mak 
b/configs/targets/hexagon-linux-user.mak
index 2765a4c5638d..b912045bd307 100644
--- a/configs/targets/hexagon-linux-user.mak
+++ b/configs/targets/hexagon-linux-user.mak
@@ -1,2 +1,4 @@
 TARGET_ARCH=hexagon
 TARGET_XML_FILES=gdb-xml/hexagon-core.xml gdb-xml/hexagon-hvx.xml
+TARGET_SYSTBL=syscall.tbl
+TARGET_SYSTBL_ABI=common,32,hexagon,time32,stat64,rlimit,renameat
diff --git a/linux-user/hexagon/meson.build b/linux-user/hexagon/meson.build
new file mode 100644
index ..d203c3ec9296
--- /dev/null
+++ b/linux-user/hexagon/meson.build
@@ -0,0 +1,6 @@
+
+syscall_nr_generators += {
+  'hexagon': generator(sh,
+  arguments: [ meson.current_source_dir() / 
'syscallhdr.sh', '@INPUT@', '@OUTPUT@', '@EXTRA_ARGS@' ],
+  output: '@BASENAME@_nr.h')
+}
diff --git a/linux-user/hexagon/syscall.tbl b/linux-user/hexagon/syscall.tbl
new file mode 100644
index ..845e24eb372e
--- /dev/null
+++ b/linux-user/hexagon/syscall.tbl
@@ -0,0 +1,405 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+#
+# This file contains the system call numbers for all of the
+# more recently added architectures.
+#
+# As a basic principle, no duplication of functionality
+# should be added, e.g. we don't use lseek when llseek
+# is present. New architectures should use this file
+# and implement the less feature-full calls in user space.
+#
+0  common  io_setupsys_io_setup
compat_sys_io_setup
+1  common  io_destroy  sys_io_destroy
+2  common  io_submit   sys_io_submit   
compat_sys_io_submit
+3  common  io_cancel   sys_io_cancel
+4  time32  io_geteventssys_io_getevents_time32
+4  64  io_geteventssys_io_getevents
+5  common  setxattrsys_setxattr
+6  common  lsetxattr   sys_lsetxattr
+7  common  fsetxattr   sys_fsetxattr
+8  common  getxattrsys_getxattr
+9  common  lgetxattr   sys_lgetxattr
+10 common  fgetxattr   sys_fgetxattr
+11 common  listxattr   sys_listxattr
+12 common  llistxattr  sys_llistxattr
+13 common  flistxattr  sys_flistxattr
+14 common  removexattr sys_removexattr
+15 common  lremovexattrsys_lremovexattr
+16 common  fremovexattrsys_fremovexattr
+17 common  getcwd  sys_getcwd
+18 common  lookup_dcookie  sys_ni_syscall
+19 common  eventfd2sys_eventfd2
+20 common  epoll_create1   sys_epoll_create1
+21 common  epoll_ctl   sys_epoll_ctl
+22 common  epoll_pwait sys_epoll_pwait 
compat_sys_epoll_pwait
+23 common  dup sys_dup
+24 common  dup3sys_dup3
+25 32  fcntl64 sys_fcntl64 
compat_sys_fcntl64
+25 64  fcntl   sys_fcntl
+26 common  inotify_init1   sys_inotify_init1
+27 common  inotify_add_watch   sys_inotify_add_watch
+28 common  inotify_rm_watchsys_inotify_rm_watch
+29 common  ioctl   sys_ioctl   
compat_sys_ioctl
+30 common  ioprio_set  sys_ioprio_set
+31 common  ioprio_get  sys_ioprio_get
+32 common  flock   sys_flock
+33 common  mknodat sys_mknodat
+34 common  mkdirat  

[PATCH 3/6] linux-user,riscv: move to syscalltbl file

[Laurent Vivier]

Since kernel v6.11 riscv has moved from syscall_nr.h file
to syscall.tbl (3db80c999deb ("riscv: convert to generic syscall
table"))

Update linux-user scripts to be able to retrieve syscall numbers
from linux syscall.tbl instead of syscall_nr.h.
New syscall.tbl is imported from linux v6.11 using updated
scripts/update-syscalltbl.sh

Signed-off-by: Laurent Vivier 
---
 configs/targets/riscv32-linux-user.mak |   3 +
 configs/targets/riscv64-linux-user.mak |   3 +
 linux-user/riscv/cpu_loop.c|   2 +-
 linux-user/riscv/meson.build   |   6 +
 linux-user/riscv/syscall.tbl   | 405 +
 linux-user/riscv/syscall32_nr.h| 325 
 linux-user/riscv/syscall64_nr.h| 331 
 linux-user/riscv/syscall_nr.h  |  15 -
 linux-user/riscv/syscallhdr.sh |  28 ++
 scripts/gensyscalls.sh |   2 -
 scripts/update-syscalltbl.sh   |   1 +
 11 files changed, 447 insertions(+), 674 deletions(-)
 create mode 100644 linux-user/riscv/syscall.tbl
 delete mode 100644 linux-user/riscv/syscall32_nr.h
 delete mode 100644 linux-user/riscv/syscall64_nr.h
 delete mode 100644 linux-user/riscv/syscall_nr.h
 create mode 100644 linux-user/riscv/syscallhdr.sh

diff --git a/configs/targets/riscv32-linux-user.mak 
b/configs/targets/riscv32-linux-user.mak
index 9761618e67f4..0dbaf5210ac8 100644
--- a/configs/targets/riscv32-linux-user.mak
+++ b/configs/targets/riscv32-linux-user.mak
@@ -4,3 +4,6 @@ TARGET_ABI_DIR=riscv
 TARGET_XML_FILES= gdb-xml/riscv-32bit-cpu.xml gdb-xml/riscv-32bit-fpu.xml 
gdb-xml/riscv-64bit-fpu.xml gdb-xml/riscv-32bit-virtual.xml
 CONFIG_SEMIHOSTING=y
 CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
+TARGET_SYSTBL_ABI=32
+TARGET_SYSTBL_ABI=common,32,riscv,memfd_secret
+TARGET_SYSTBL=syscall.tbl
diff --git a/configs/targets/riscv64-linux-user.mak 
b/configs/targets/riscv64-linux-user.mak
index cfd1fd382f92..477cd4523e2b 100644
--- a/configs/targets/riscv64-linux-user.mak
+++ b/configs/targets/riscv64-linux-user.mak
@@ -4,3 +4,6 @@ TARGET_ABI_DIR=riscv
 TARGET_XML_FILES= gdb-xml/riscv-64bit-cpu.xml gdb-xml/riscv-32bit-fpu.xml 
gdb-xml/riscv-64bit-fpu.xml gdb-xml/riscv-64bit-virtual.xml
 CONFIG_SEMIHOSTING=y
 CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
+TARGET_SYSTBL_ABI=64
+TARGET_SYSTBL_ABI=common,64,riscv,rlimit,memfd_secret
+TARGET_SYSTBL=syscall.tbl
diff --git a/linux-user/riscv/cpu_loop.c b/linux-user/riscv/cpu_loop.c
index 52c49c2e4264..0af533e186fd 100644
--- a/linux-user/riscv/cpu_loop.c
+++ b/linux-user/riscv/cpu_loop.c
@@ -47,7 +47,7 @@ void cpu_loop(CPURISCVState *env)
 break;
 case RISCV_EXCP_U_ECALL:
 env->pc += 4;
-if (env->gpr[xA7] == TARGET_NR_arch_specific_syscall + 15) {
+if (env->gpr[xA7] == TARGET_NR_riscv_flush_icache) {
 /* riscv_flush_icache_syscall is a no-op in QEMU as
self-modifying code is automatically detected */
 ret = 0;
diff --git a/linux-user/riscv/meson.build b/linux-user/riscv/meson.build
index beb989a7caac..b2e7df0f4f65 100644
--- a/linux-user/riscv/meson.build
+++ b/linux-user/riscv/meson.build
@@ -5,3 +5,9 @@ vdso_64_inc = gen_vdso.process('vdso-64.so',
 
 linux_user_ss.add(when: 'TARGET_RISCV32', if_true: vdso_32_inc)
 linux_user_ss.add(when: 'TARGET_RISCV64', if_true: vdso_64_inc)
+
+syscall_nr_generators += {
+  'riscv': generator(sh,
+  arguments: [ meson.current_source_dir() / 
'syscallhdr.sh', '@INPUT@', '@OUTPUT@', '@EXTRA_ARGS@' ],
+  output: '@BASENAME@_nr.h')
+}
diff --git a/linux-user/riscv/syscall.tbl b/linux-user/riscv/syscall.tbl
new file mode 100644
index ..845e24eb372e
--- /dev/null
+++ b/linux-user/riscv/syscall.tbl
@@ -0,0 +1,405 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+#
+# This file contains the system call numbers for all of the
+# more recently added architectures.
+#
+# As a basic principle, no duplication of functionality
+# should be added, e.g. we don't use lseek when llseek
+# is present. New architectures should use this file
+# and implement the less feature-full calls in user space.
+#
+0  common  io_setupsys_io_setup
compat_sys_io_setup
+1  common  io_destroy  sys_io_destroy
+2  common  io_submit   sys_io_submit   
compat_sys_io_submit
+3  common  io_cancel   sys_io_cancel
+4  time32  io_geteventssys_io_getevents_time32
+4  64  io_geteventssys_io_getevents
+5  common  setxattrsys_setxattr
+6  common  lsetxattr   sys_lsetxattr
+7  common  fsetxattr   sys_fsetxattr
+8  common  getxattrsys_getxattr
+9  common  lgetxattr   sys_lgetxattr
+10 common  fgetxattr  

[PATCH 0/6] linux-user: move all remaining archs to syscalltbl

[Laurent Vivier]

linux v6.11 has moved all the remaining archs to syscalltbl,
update QEMU accordingly.

Remove scripts/gensyscalls.sh that is now useless.

Update headers to v6.11

Based-on: <20240918074256.720617-1-laur...@vivier.eu>

Laurent Vivier (6):
  linux-user,aarch64: move to syscalltbl file
  linux-user,openrisc: move to syscalltbl file
  linux-user,riscv: move to syscalltbl file
  linux-user,hexagon: move to syscalltbl file
  linux-user,loongarch: move to syscalltbl file
  linux-user: update syscall.tbl to Linux v6.11

 configs/targets/aarch64-linux-user.mak |   2 +
 configs/targets/aarch64_be-linux-user.mak  |   2 +
 configs/targets/hexagon-linux-user.mak |   2 +
 configs/targets/loongarch64-linux-user.mak |   2 +
 configs/targets/or1k-linux-user.mak|   2 +
 configs/targets/riscv32-linux-user.mak |   3 +
 configs/targets/riscv64-linux-user.mak |   3 +
 linux-user/aarch64/meson.build |   6 +
 linux-user/aarch64/syscall_64.tbl  | 405 +
 linux-user/aarch64/syscall_nr.h| 331 +
 linux-user/aarch64/syscallhdr.sh   |  28 ++
 linux-user/arm/syscall.tbl |   1 +
 linux-user/hexagon/meson.build |   6 +
 linux-user/hexagon/syscall.tbl | 405 +
 linux-user/hexagon/syscall_nr.h| 348 --
 linux-user/hexagon/syscallhdr.sh   |  28 ++
 linux-user/i386/syscall_32.tbl |   7 +-
 linux-user/loongarch64/meson.build |   7 +
 linux-user/loongarch64/syscall.tbl | 405 +
 linux-user/loongarch64/syscall_nr.h| 324 -
 linux-user/loongarch64/syscallhdr.sh   |  28 ++
 linux-user/meson.build |   2 +
 linux-user/openrisc/meson.build|   5 +
 linux-user/openrisc/syscall.tbl| 405 +
 linux-user/openrisc/syscall_nr.h   | 350 --
 linux-user/openrisc/syscallhdr.sh  |  28 ++
 linux-user/riscv/cpu_loop.c|   2 +-
 linux-user/riscv/meson.build   |   6 +
 linux-user/riscv/syscall.tbl   | 405 +
 linux-user/riscv/syscall32_nr.h| 325 -
 linux-user/riscv/syscall64_nr.h| 331 -
 linux-user/riscv/syscall_nr.h  |  15 -
 linux-user/riscv/syscallhdr.sh |  28 ++
 linux-user/syscall_defs.h  |   7 +-
 linux-user/x86_64/syscall_64.tbl   |   8 +-
 scripts/gensyscalls.sh | 103 --
 scripts/update-syscalltbl.sh   |   5 +
 37 files changed, 2231 insertions(+), 2139 deletions(-)
 create mode 100644 linux-user/aarch64/syscall_64.tbl
 create mode 100644 linux-user/aarch64/syscallhdr.sh
 create mode 100644 linux-user/hexagon/meson.build
 create mode 100644 linux-user/hexagon/syscall.tbl
 delete mode 100644 linux-user/hexagon/syscall_nr.h
 create mode 100644 linux-user/hexagon/syscallhdr.sh
 create mode 100644 linux-user/loongarch64/syscall.tbl
 delete mode 100644 linux-user/loongarch64/syscall_nr.h
 create mode 100644 linux-user/loongarch64/syscallhdr.sh
 create mode 100644 linux-user/openrisc/meson.build
 create mode 100644 linux-user/openrisc/syscall.tbl
 delete mode 100644 linux-user/openrisc/syscall_nr.h
 create mode 100644 linux-user/openrisc/syscallhdr.sh
 create mode 100644 linux-user/riscv/syscall.tbl
 delete mode 100644 linux-user/riscv/syscall32_nr.h
 delete mode 100644 linux-user/riscv/syscall64_nr.h
 delete mode 100644 linux-user/riscv/syscall_nr.h
 create mode 100644 linux-user/riscv/syscallhdr.sh
 delete mode 100755 scripts/gensyscalls.sh

-- 
2.46.0

[PATCH 5/6] linux-user,loongarch: move to syscalltbl file

[Laurent Vivier]

Since kernel v6.11 loongarch has moved from syscall_nr.h file
to syscall.tbl (26a3b85bac08 ("loongarch: convert to generic syscall
table"))

Update linux-user scripts to be able to retrieve syscall numbers
from linux syscall.tbl instead of syscall_nr.h.
New syscall.tbl is imported from linux v6.11 using updated
scripts/update-syscalltbl.sh

Remove scripts/gensyscalls.sh that is now useless.

Signed-off-by: Laurent Vivier 
---
 configs/targets/loongarch64-linux-user.mak |   2 +
 linux-user/loongarch64/meson.build |   7 +
 linux-user/loongarch64/syscall.tbl | 405 +
 linux-user/loongarch64/syscall_nr.h| 324 -
 linux-user/loongarch64/syscallhdr.sh   |  28 ++
 linux-user/syscall_defs.h  |   7 +-
 scripts/gensyscalls.sh |  97 -
 scripts/update-syscalltbl.sh   |   1 +
 8 files changed, 444 insertions(+), 427 deletions(-)
 create mode 100644 linux-user/loongarch64/syscall.tbl
 delete mode 100644 linux-user/loongarch64/syscall_nr.h
 create mode 100644 linux-user/loongarch64/syscallhdr.sh
 delete mode 100755 scripts/gensyscalls.sh

diff --git a/configs/targets/loongarch64-linux-user.mak 
b/configs/targets/loongarch64-linux-user.mak
index ea9b7e839aa4..dfded79dfa85 100644
--- a/configs/targets/loongarch64-linux-user.mak
+++ b/configs/targets/loongarch64-linux-user.mak
@@ -2,3 +2,5 @@
 TARGET_ARCH=loongarch64
 TARGET_BASE_ARCH=loongarch
 TARGET_XML_FILES=gdb-xml/loongarch-base64.xml gdb-xml/loongarch-fpu.xml 
gdb-xml/loongarch-lsx.xml gdb-xml/loongarch-lasx.xml
+TARGET_SYSTBL=syscall.tbl
+TARGET_SYSTBL_ABI=common,64
diff --git a/linux-user/loongarch64/meson.build 
b/linux-user/loongarch64/meson.build
index 17896535f0fa..64cb537bf9ea 100644
--- a/linux-user/loongarch64/meson.build
+++ b/linux-user/loongarch64/meson.build
@@ -2,3 +2,10 @@ vdso_inc = gen_vdso.process('vdso.so',
 extra_args: ['-r', '__vdso_rt_sigreturn'])
 
 linux_user_ss.add(when: 'TARGET_LOONGARCH64', if_true: vdso_inc)
+
+
+syscall_nr_generators += {
+  'loongarch64': generator(sh,
+  arguments: [ meson.current_source_dir() / 
'syscallhdr.sh', '@INPUT@', '@OUTPUT@', '@EXTRA_ARGS@' ],
+  output: '@BASENAME@_nr.h')
+}
diff --git a/linux-user/loongarch64/syscall.tbl 
b/linux-user/loongarch64/syscall.tbl
new file mode 100644
index ..845e24eb372e
--- /dev/null
+++ b/linux-user/loongarch64/syscall.tbl
@@ -0,0 +1,405 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+#
+# This file contains the system call numbers for all of the
+# more recently added architectures.
+#
+# As a basic principle, no duplication of functionality
+# should be added, e.g. we don't use lseek when llseek
+# is present. New architectures should use this file
+# and implement the less feature-full calls in user space.
+#
+0  common  io_setupsys_io_setup
compat_sys_io_setup
+1  common  io_destroy  sys_io_destroy
+2  common  io_submit   sys_io_submit   
compat_sys_io_submit
+3  common  io_cancel   sys_io_cancel
+4  time32  io_geteventssys_io_getevents_time32
+4  64  io_geteventssys_io_getevents
+5  common  setxattrsys_setxattr
+6  common  lsetxattr   sys_lsetxattr
+7  common  fsetxattr   sys_fsetxattr
+8  common  getxattrsys_getxattr
+9  common  lgetxattr   sys_lgetxattr
+10 common  fgetxattr   sys_fgetxattr
+11 common  listxattr   sys_listxattr
+12 common  llistxattr  sys_llistxattr
+13 common  flistxattr  sys_flistxattr
+14 common  removexattr sys_removexattr
+15 common  lremovexattrsys_lremovexattr
+16 common  fremovexattrsys_fremovexattr
+17 common  getcwd  sys_getcwd
+18 common  lookup_dcookie  sys_ni_syscall
+19 common  eventfd2sys_eventfd2
+20 common  epoll_create1   sys_epoll_create1
+21 common  epoll_ctl   sys_epoll_ctl
+22 common  epoll_pwait sys_epoll_pwait 
compat_sys_epoll_pwait
+23 common  dup sys_dup
+24 common  dup3sys_dup3
+25 32  fcntl64 sys_fcntl64 
compat_sys_fcntl64
+25 64  fcntl   sys_fcntl
+26 common  inotify_init1   sys_inotify_init1
+27 common  inotify_add_watch   sys_inotify_add_watch
+28 common  inotify_rm_watchsys_inotify_r

Re: [PATCH v2 12/17] migration/multifd: Device state transfer support - send side

[Peter Xu]

On Fri, Sep 20, 2024 at 05:23:20PM +0200, Maciej S. Szmigiero wrote:
> On 19.09.2024 23:17, Peter Xu wrote:
> > On Thu, Sep 19, 2024 at 09:49:43PM +0200, Maciej S. Szmigiero wrote:
> > > On 10.09.2024 21:48, Peter Xu wrote:
> > > > On Wed, Aug 28, 2024 at 09:41:17PM -0300, Fabiano Rosas wrote:
> > > > > > +size_t multifd_device_state_payload_size(void)
> > > > > > +{
> > > > > > +return sizeof(MultiFDDeviceState_t);
> > > > > > +}
> > > > > 
> > > > > This will not be necessary because the payload size is the same as the
> > > > > data type. We only need it for the special case where the 
> > > > > MultiFDPages_t
> > > > > is smaller than the total ram payload size.
> > > > 
> > > > Today I was thinking maybe we should really clean this up, as the 
> > > > current
> > > > multifd_send_data_alloc() is indeed too tricky (blame me.. who requested
> > > > that more or less).  Knowing that VFIO can use dynamic buffers with 
> > > > ->idstr
> > > > and ->buf (I was thinking it could be buf[1M].. but I was wrong...) made
> > > > that feeling stronger.
> > > > 
> > > > I think we should change it now perhaps, otherwise we'll need to 
> > > > introduce
> > > > other helpers to e.g. reset the device buffers, and that's not only slow
> > > > but also not good looking, IMO.
> > > > 
> > > > So I went ahead with the idea in previous discussion, that I managed to
> > > > change the SendData union into struct; the memory consumption is not 
> > > > super
> > > > important yet, IMHO, but we should still stick with the object model 
> > > > where
> > > > multifd enqueue thread switch buffer with multifd, as it still sounds a
> > > > sane way to do.
> > > > 
> > > > Then when that patch is ready, I further tried to make VFIO reuse 
> > > > multifd
> > > > buffers just like what we do with MultiFDPages_t->offset[]: in RAM code 
> > > > we
> > > > don't allocate it every time we enqueue.
> > > > 
> > > > I hope it'll also work for VFIO.  VFIO has a specialty on being able to
> > > > dump the config space so it's more complex (and I noticed Maciej's 
> > > > current
> > > > design requires the final chunk of VFIO config data be migrated in one
> > > > packet.. that is also part of the complexity there).  So I allowed that
> > > > part to allocate a buffer but only that.  IOW, I made some API (see 
> > > > below)
> > > > that can either reuse preallocated buffer, or use a separate one only 
> > > > for
> > > > the final bulk.
> > > > 
> > > > In short, could both of you have a look at what I came up with below?  I
> > > > did that in patches because I think it's too much to comment, so patches
> > > > may work better.  No concern if any of below could be good changes to 
> > > > you,
> > > > then either Maciej can squash whatever into existing patches (and I feel
> > > > like some existing patches in this series can go away with below 
> > > > design),
> > > > or I can post pre-requisite patch but only if any of you prefer that.
> > > > 
> > > > Anyway, let me know, the patches apply on top of this whole series 
> > > > applied
> > > > first.
> > > > 
> > > > I also wonder whether there can be any perf difference already (I tested
> > > > all multifd qtest with below, but no VFIO I can run), perhaps not that
> > > > much, but just to mention below should avoid both buffer allocations and
> > > > one round of copy (so VFIO read() directly writes to the multifd buffers
> > > > now).
> > > 
> > > I am not against making MultiFDSendData a struct and maybe introducing
> > > some pre-allocated buffer.
> > > 
> > > But to be honest, that manual memory management with having to remember
> > > to call multifd_device_state_finish() on error paths as in your
> > > proposed patch 3 really invites memory leaks.
> > > 
> > > Will think about some other way to have a reusable buffer.
> > 
> > Sure.  That's patch 3, and I suppose then it looks like patch 1 is still
> > OK in one way or another.
> > 
> > > 
> > > In terms of not making idstr copy (your proposed patch 2) I am not
> > > 100% sure that avoiding such tiny allocation really justifies the risk
> > > of possible use-after-free of a dangling pointer.
> > 
> > Why there's risk?  Someone strdup() on the stack?  That only goes via VFIO
> > itself, so I thought it wasn't that complicated.  But yeah as I said this
> > part (patch 2) is optional.
> 
> I mean the risk here is somebody providing idstr that somehow gets free'd
> or overwritten before the device state buffer gets sent.
> 
> With a static idstr that's obviously not an issue, but I see that, for 
> example,
> vmstate_register_with_alias_id() generates idstr dynamically and this API
> is used by all qdevs that have a VMSD (in device_set_realized()).
> 
> > > Not 100% against it either if you are confident that it will never happen.
> > > 
> > > By the way, I guess it makes sense to carry these changes in the main 
> > > patch
> > > set rather than as a separate changes?
> > 
> > Whatever you prefer.
> > 
> > I wrote those patch

[PATCH v6 2/3] vhost-user-blk: split vhost_user_blk_sync_config()

[Vladimir Sementsov-Ogievskiy]

Split vhost_user_blk_sync_config() out from
vhost_user_blk_handle_config_change(), to be reused in the following
commit.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Acked-by: Raphael Norwitz 
---
 hw/block/vhost-user-blk.c | 26 +++---
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 5b7f46bbb0..48b3dabb8d 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -90,27 +90,39 @@ static void vhost_user_blk_set_config(VirtIODevice *vdev, 
const uint8_t *config)
 s->blkcfg.wce = blkcfg->wce;
 }
 
+static int vhost_user_blk_sync_config(DeviceState *dev, Error **errp)
+{
+int ret;
+VirtIODevice *vdev = VIRTIO_DEVICE(dev);
+VHostUserBlk *s = VHOST_USER_BLK(vdev);
+
+ret = vhost_dev_get_config(&s->dev, (uint8_t *)&s->blkcfg,
+   vdev->config_len, errp);
+if (ret < 0) {
+return ret;
+}
+
+memcpy(vdev->config, &s->blkcfg, vdev->config_len);
+virtio_notify_config(vdev);
+
+return 0;
+}
+
 static int vhost_user_blk_handle_config_change(struct vhost_dev *dev)
 {
 int ret;
-VirtIODevice *vdev = dev->vdev;
-VHostUserBlk *s = VHOST_USER_BLK(dev->vdev);
 Error *local_err = NULL;
 
 if (!dev->started) {
 return 0;
 }
 
-ret = vhost_dev_get_config(dev, (uint8_t *)&s->blkcfg,
-   vdev->config_len, &local_err);
+ret = vhost_user_blk_sync_config(DEVICE(dev->vdev), &local_err);
 if (ret < 0) {
 error_report_err(local_err);
 return ret;
 }
 
-memcpy(dev->vdev->config, &s->blkcfg, vdev->config_len);
-virtio_notify_config(dev->vdev);
-
 return 0;
 }
 
-- 
2.34.1

[PATCH] migration/multifd: receive channel socket needs to be set to non-blocking

[Yuchen]

When the migration network is disconnected, the source
qemu can exit normally with an error, but the destination
qemu is always blocked in recvmsg(), causes the destination
qemu main thread to be blocked.

The destination qemu block stack:
Thread 13 (Thread 0x7f0178bfa640 (LWP 1895906) "multifdrecv_6"):
#0  0x7f041b5af56f in recvmsg ()
#1  0x55573ebd0b42 in qio_channel_socket_readv
#2  0x55573ebce83f in qio_channel_readv
#3  qio_channel_readv_all_eof
#4  0x55573ebce909 in qio_channel_readv_all
#5  0x55573eaa1b1f in multifd_recv_thread
#6  0x55573ec2f0b9 in qemu_thread_start
#7  0x7f041b52bf7a in start_thread
#8  0x7f041b5ae600 in clone3

Thread 1 (Thread 0x7f0410c62240 (LWP 1895156) "kvm"):
#0  0x7f041b528ae2 in __futex_abstimed_wait_common ()
#1  0x7f041b5338b8 in __new_sem_wait_slow64.constprop.0
#2  0x55573ec2fd34 in qemu_sem_wait (sem=0x555742b5a4e0)
#3  0x55573eaa2f09 in multifd_recv_sync_main ()
#4  0x55573e7d590d in ram_load_precopy (f=f@entry=0x555742291c20)
#5  0x55573e7d5cbf in ram_load (opaque=, 
version_id=, f=0x555742291c20)
#6  ram_load_entry (f=0x555742291c20, opaque=, 
version_id=)
#7  0x55573ea932e7 in qemu_loadvm_section_part_end (mis=0x555741136c00, 
f=0x555742291c20)
#8  qemu_loadvm_state_main (f=f@entry=0x555742291c20, 
mis=mis@entry=0x555741136c00)
#9  0x55573ea94418 in qemu_loadvm_state (f=0x555742291c20, 
mode=mode@entry=VMS_MIGRATE)
#10 0x55573ea88be1 in process_incoming_migration_co (opaque=)
#11 0x55573ec43d13 in coroutine_trampoline (i0=, 
i1=)
#12 0x7f041b4f5d90 in ?? () from target:/usr/lib64/libc.so.6
#13 0x7ffc11890270 in ?? ()
#14 0x in ?? ()

Setting the receive channel to non-blocking can solve the problem.

Signed-off-by: YuChen 
---
 migration/multifd.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/migration/multifd.c b/migration/multifd.c
index 9b200f4ad9..7b2a768f05 100644
--- a/migration/multifd.c
+++ b/migration/multifd.c
@@ -1318,6 +1318,8 @@ void multifd_recv_new_channel(QIOChannel *ioc, Error 
**errp)
 id = qatomic_read(&multifd_recv_state->count);
 }

+qio_channel_set_blocking(ioc, false, NULL);
+
 p = &multifd_recv_state->params[id];
 if (p->c != NULL) {
 error_setg(&local_err, "multifd: received id '%d' already setup'",
--
2.30.2
-
本邮件及其附件含有新华三集团的保密信息，仅限于发送给上面地址中列出
的个人或群组。禁止任何其他人以任何形式使用（包括但不限于全部或部分地泄露、复制、
或散发）本邮件中的信息。如果您错收了本邮件，请您立即电话或邮件通知发件人并删除本
邮件！
This e-mail and its attachments contain confidential information from New H3C, 
which is
intended only for the person or entity whose address is listed above. Any use 
of the
information contained herein in any way (including, but not limited to, total 
or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify 
the sender
by phone or email immediately and delete it!

Re: [PATCH 0/2] misc: Rename included template headers using '.inc' suffix

[Michael Tokarev]

On 10.09.2024 14:28, Philippe Mathieu-Daudé wrote:

Follow Coding Style:

   If you do use template header files they should be named with
   the ``.c.inc`` or ``.h.inc`` suffix to make it clear they are
   being included for expansion.

Philippe Mathieu-Daudé (2):
   target/hexagon: Rename macros.inc -> macros.h.inc
   tests/bench: Rename test_akcipher_keys.inc -> test_akcipher_keys.c.inc


Picked up for the trivial-patches tree, thanks!

/mjt

[PULL 03/22] linux-user/syscall.c: eliminate other explicit LFS usages

[Michael Tokarev]

Since we alwasy build with LFS enabled, and with -D_FILE_OFFSET_BITS=64
in particular, there is no need to use 64bit versions of various system
calls and constants, regular ones will do just fine.  Eliminate a few
last uses of the following constructs in linux-user/syscall.c:
  off64_t
  ftruncate64()
  lseek64()
  pread64()
  pwrite64()

This way it can be built on systems where the 64bit variants of
everything is not defined (since the system always uses 64bit
variants), such as on recent MUSL.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2215
Signed-off-by: Michael Tokarev 
Reviewed-by: Richard Henderson 
---
 linux-user/syscall.c | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 48c459e515..a666986189 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -7265,7 +7265,7 @@ static inline abi_long target_truncate64(CPUArchState 
*cpu_env, const char *arg1
 arg2 = arg3;
 arg3 = arg4;
 }
-return get_errno(truncate64(arg1, target_offset64(arg2, arg3)));
+return get_errno(truncate(arg1, target_offset64(arg2, arg3)));
 }
 #endif
 
@@ -7279,7 +7279,7 @@ static inline abi_long target_ftruncate64(CPUArchState 
*cpu_env, abi_long arg1,
 arg2 = arg3;
 arg3 = arg4;
 }
-return get_errno(ftruncate64(arg1, target_offset64(arg2, arg3)));
+return get_errno(ftruncate(arg1, target_offset64(arg2, arg3)));
 }
 #endif
 
@@ -8664,7 +8664,7 @@ static int do_getdents(abi_long dirfd, abi_long arg2, 
abi_long count)
 void *tdirp;
 int hlen, hoff, toff;
 int hreclen, treclen;
-off64_t prev_diroff = 0;
+off_t prev_diroff = 0;
 
 hdirp = g_try_malloc(count);
 if (!hdirp) {
@@ -8717,7 +8717,7 @@ static int do_getdents(abi_long dirfd, abi_long arg2, 
abi_long count)
  * Return what we have, resetting the file pointer to the
  * location of the first record not returned.
  */
-lseek64(dirfd, prev_diroff, SEEK_SET);
+lseek(dirfd, prev_diroff, SEEK_SET);
 break;
 }
 
@@ -8751,7 +8751,7 @@ static int do_getdents64(abi_long dirfd, abi_long arg2, 
abi_long count)
 void *tdirp;
 int hlen, hoff, toff;
 int hreclen, treclen;
-off64_t prev_diroff = 0;
+off_t prev_diroff = 0;
 
 hdirp = g_try_malloc(count);
 if (!hdirp) {
@@ -8793,7 +8793,7 @@ static int do_getdents64(abi_long dirfd, abi_long arg2, 
abi_long count)
  * Return what we have, resetting the file pointer to the
  * location of the first record not returned.
  */
-lseek64(dirfd, prev_diroff, SEEK_SET);
+lseek(dirfd, prev_diroff, SEEK_SET);
 break;
 }
 
@@ -11524,7 +11524,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int 
num, abi_long arg1,
 return -TARGET_EFAULT;
 }
 }
-ret = get_errno(pread64(arg1, p, arg3, target_offset64(arg4, arg5)));
+ret = get_errno(pread(arg1, p, arg3, target_offset64(arg4, arg5)));
 unlock_user(p, arg2, ret);
 return ret;
 case TARGET_NR_pwrite64:
@@ -11541,7 +11541,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int 
num, abi_long arg1,
 return -TARGET_EFAULT;
 }
 }
-ret = get_errno(pwrite64(arg1, p, arg3, target_offset64(arg4, arg5)));
+ret = get_errno(pwrite(arg1, p, arg3, target_offset64(arg4, arg5)));
 unlock_user(p, arg2, 0);
 return ret;
 #endif
-- 
2.39.5

[PULL 08/22] hw/virtio/Kconfig: Include vhost-user-scmi only on arm targets

[Michael Tokarev]

From: Thomas Huth 

The System Control and Management Interface is specific to arm
machines, so don't include this device in non-arm targets.

Signed-off-by: Thomas Huth 
Reviewed-by: Milan Zamazal 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 hw/virtio/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/virtio/Kconfig b/hw/virtio/Kconfig
index aa63ff7fd4..bea5be4d4a 100644
--- a/hw/virtio/Kconfig
+++ b/hw/virtio/Kconfig
@@ -109,4 +109,4 @@ config VHOST_USER_SND
 config VHOST_USER_SCMI
 bool
 default y
-depends on VIRTIO && VHOST_USER
+depends on VIRTIO && VHOST_USER && ARM
-- 
2.39.5

[PULL 18/22] tests/functional: Correct typo in test_netdev_ethtool.py SPDX tag

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Cc: Alex Bennée 
Fixes: 9f95111474 ("tests/avocado: re-factor igb test to avoid timeouts")
Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
Reviewed-by: Richard Henderson 
Signed-off-by: Michael Tokarev 
---
 tests/functional/test_netdev_ethtool.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/functional/test_netdev_ethtool.py 
b/tests/functional/test_netdev_ethtool.py
index d5b911c918..ee1a397bd2 100755
--- a/tests/functional/test_netdev_ethtool.py
+++ b/tests/functional/test_netdev_ethtool.py
@@ -5,7 +5,7 @@
 # This test leverages ethtool's --test sequence to validate network
 # device behaviour.
 #
-# SPDX-License-Identifier: GPL-2.0-or-late
+# SPDX-License-Identifier: GPL-2.0-or-later
 
 from unittest import skip
 from qemu_test import QemuSystemTest, Asset
-- 
2.39.5

[PULL 15/22] tests/functional: Put the or1k_sim test into the slow category

[Michael Tokarev]

From: Thomas Huth 

Looks like a copy-n-paste mistake while adding the or1k_sim test
here: The test downloads an asset from the internet, so it should
be in the thorough category, not in the quick one.

Signed-off-by: Thomas Huth 
Signed-off-by: Michael Tokarev 
---
 tests/functional/meson.build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/functional/meson.build b/tests/functional/meson.build
index 8d5520349d..4352e5919b 100644
--- a/tests/functional/meson.build
+++ b/tests/functional/meson.build
@@ -92,7 +92,7 @@ tests_mips64el_system_thorough = [
   'mips64el_malta',
 ]
 
-tests_or1k_system_quick = [
+tests_or1k_system_thorough = [
   'or1k_sim',
 ]
 
-- 
2.39.5

[PULL 06/22] hw/loongarch/virt: Add description for virt machine type

[Michael Tokarev]

From: Bibo Mao 

The description about virt machine type is removed by mistake, add
new description here. Here is output result with command
"./qemu-system-loongarch64 -M help"

Supported machines are:
none empty machine
virt QEMU LoongArch Virtual Machine (default)
x-remote Experimental remote machine

Without the patch, it shows as follows:
Supported machines are:
none empty machine
virt (null) (default)
x-remote Experimental remote machine

Fixes: ef2f11454c(hw/loongarch/virt: Replace Loongson IPI with LoongArch IPI)
Signed-off-by: Bibo Mao 
Reviewed-by: Thomas Huth 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 hw/loongarch/virt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index 81b1f9486f..75980b6e3c 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -1403,6 +1403,7 @@ static void virt_class_init(ObjectClass *oc, void *data)
 mc->init = virt_init;
 mc->default_cpu_type = LOONGARCH_CPU_TYPE_NAME("la464");
 mc->default_ram_id = "loongarch.ram";
+mc->desc = "QEMU LoongArch Virtual Machine";
 mc->max_cpus = LOONGARCH_MAX_CPUS;
 mc->is_default = 1;
 mc->default_kernel_irqchip_split = false;
-- 
2.39.5

Re: [PATCH] docs/system/cpu-hotplug: Update example's socket-id/core-id

[Igor Mammedov]

On Thu, 19 Sep 2024 13:34:54 +0100
Peter Maydell  wrote:

> On Tue, 10 Sept 2024 at 10:38, Peter Maydell  wrote:
> >
> > On Tue, 10 Sept 2024 at 10:03, Igor Mammedov  wrote:  
> > >
> > > On Mon, 19 Aug 2024 15:43:03 +0100
> > > Peter Maydell  wrote:  
> > > > @@ -83,34 +83,32 @@ vCPU hotplug
> > > >
> > > >(QEMU) query-cpus-fast
> > > >{
> > > > -  "execute": "query-cpus-fast",
> > > >"arguments": {}
> > > > +  "execute": "query-cpus-fast",
> > > >}
> > > >{
> > > >"return": [
> > > >{
> > > > -  "qom-path": "/machine/unattached/device[0]",
> > > > -  "target": "x86_64",
> > > > -  "thread-id": 11534,
> > > >"cpu-index": 0,
> > > >"props": {
> > > > -  "socket-id": 0,
> > > >"core-id": 0,
> > > > +  "socket-id": 0,
> > > >"thread-id": 0
> > > >},
> > > > -  "arch": "x86"
> > > > +  "qom-path": "/machine/unattached/device[0]",
> > > > +  "target": "x86_64",
> > > > +  "thread-id": 28957
> > > >},
> > > >{
> > > > -  "qom-path": "/machine/peripheral/cpu-2",
> > > > -  "target": "x86_64",
> > > > -  "thread-id": 12106,
> > > >"cpu-index": 1,
> > > >"props": {
> > > > -  "socket-id": 1,
> > > > -  "core-id": 0,
> > > > +  "core-id": 1,
> > > > +  "socket-id": 0,
> > > >"thread-id": 0
> > > >},
> > > > -  "arch": "x86"
> > > > +  "qom-path": "/machine/peripheral/cpu-2",
> > > > +  "target": "x86_64",
> > > > +  "thread-id": 29095
> > > >}  
> > >
> > > beside reordering, which seems fine, this hunk also introduces target 
> > > change
> > > perhaps a separate patch for that?  
> >
> > What target change? It all says "target": "x86_64" both before
> > and after. 

my mistake,
I should've said  '"arch": "x86"' instead, which is gone after the patch

> 
> Hi Igor, would you mind clarifying what you meant here?
> I'm happy to respin, but I don't understand what change you're
> asking for.
> 
> thanks
> -- PMM
> 

[PULL 14/22] tests/qemu-iotests/testenv: Use the "r2d" machine for sh4/sh4eb

[Michael Tokarev]

From: Thomas Huth 

Commit 0ea0538fae516f9b4 removed the default machine of the sh4
binaries, so a lot of iotests are failing now without such a default
machine. Teach the iotest harness to use the "r2d" machine instead
to fix this problem.

Signed-off-by: Thomas Huth 
Signed-off-by: Michael Tokarev 
---
 tests/qemu-iotests/testenv.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/qemu-iotests/testenv.py b/tests/qemu-iotests/testenv.py
index 0b32eec119..6326e46b7b 100644
--- a/tests/qemu-iotests/testenv.py
+++ b/tests/qemu-iotests/testenv.py
@@ -244,6 +244,8 @@ def __init__(self, source_dir: str, build_dir: str,
 ('riscv32', 'virt'),
 ('riscv64', 'virt'),
 ('rx', 'gdbsim-r5f562n8'),
+('sh4', 'r2d'),
+('sh4eb', 'r2d'),
 ('tricore', 'tricore_testboard')
 )
 for suffix, machine in machine_map:
-- 
2.39.5

[PULL 04/22] ppc: fix incorrect spelling of PowerMac

[Michael Tokarev]

From: Tejas Vipin 

PowerMac is spelled as PowerMAC (Media Access Control) in some places.
This is misleading.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2297
Signed-off-by: Tejas Vipin 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 docs/system/ppc/powermac.rst | 4 ++--
 hw/ppc/mac_newworld.c| 2 +-
 hw/ppc/mac_oldworld.c| 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/system/ppc/powermac.rst b/docs/system/ppc/powermac.rst
index 04334ba210..3eac81c491 100644
--- a/docs/system/ppc/powermac.rst
+++ b/docs/system/ppc/powermac.rst
@@ -4,8 +4,8 @@ PowerMac family boards (``g3beige``, ``mac99``)
 Use the executable ``qemu-system-ppc`` to simulate a complete PowerMac
 PowerPC system.
 
-- ``g3beige``  Heathrow based PowerMAC
-- ``mac99``Mac99 based PowerMAC
+- ``g3beige``  Heathrow based PowerMac
+- ``mac99``Mac99 based PowerMac
 
 Supported devices
 -
diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index ff9e490c4e..9d249a506c 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -571,7 +571,7 @@ static void core99_machine_class_init(ObjectClass *oc, void 
*data)
 MachineClass *mc = MACHINE_CLASS(oc);
 FWPathProviderClass *fwc = FW_PATH_PROVIDER_CLASS(oc);
 
-mc->desc = "Mac99 based PowerMAC";
+mc->desc = "Mac99 based PowerMac";
 mc->init = ppc_core99_init;
 mc->block_default_type = IF_IDE;
 /* SMP is not supported currently */
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 1981d3d8f6..eef3261002 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -411,7 +411,7 @@ static void heathrow_class_init(ObjectClass *oc, void *data)
 MachineClass *mc = MACHINE_CLASS(oc);
 FWPathProviderClass *fwc = FW_PATH_PROVIDER_CLASS(oc);
 
-mc->desc = "Heathrow based PowerMAC";
+mc->desc = "Heathrow based PowerMac";
 mc->init = ppc_heathrow_init;
 mc->block_default_type = IF_IDE;
 /* SMP is not supported currently */
-- 
2.39.5

[PULL 05/22] hw/mips/jazz: fix typo in in-built NIC alias

[Michael Tokarev]

From: Mark Cave-Ayland 

Commit e104edbb9d ("hw/mips/jazz: use qemu_find_nic_info()") contained a typo
in the NIC alias which caused initialisation of the in-built dp83932 NIC to fail
when using the normal -nic user,model=dp83932 command line.

Fixes: e104edbb9d ("hw/mips/jazz: use qemu_find_nic_info()")
Signed-off-by: Mark Cave-Ayland 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: David Woodhouse 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 hw/mips/jazz.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/mips/jazz.c b/hw/mips/jazz.c
index 1bc17e69d3..0d44e19707 100644
--- a/hw/mips/jazz.c
+++ b/hw/mips/jazz.c
@@ -128,7 +128,7 @@ static void mips_jazz_init_net(IOMMUMemoryRegion 
*rc4030_dma_mr,
 uint8_t *prom;
 NICInfo *nd;
 
-nd = qemu_find_nic_info("dp8393x", true, "dp82932");
+nd = qemu_find_nic_info("dp8393x", true, "dp83932");
 if (!nd) {
 return;
 }
-- 
2.39.5

[PULL 13/22] tests/qemu-iotests/testenv: Use the "virt" machine for or1k

[Michael Tokarev]

From: Thomas Huth 

When compiling QEMU just with "--target-list=or1k-softmmu", there
are 8 iotests failing that try to use PCI devices - but the default
or1k machine does not have a PCI bus. The "virt" machine is better
suited for running the iotests than the or1k default machine since
it provides PCI and thus e.g. support for virtio-blk and virtio-scsi,
too. With this change, there are no failing iotests anymore when
using the qemu-system-or1k binary for running the tests.

Signed-off-by: Thomas Huth 
Reviewed-by: Richard Henderson 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 tests/qemu-iotests/testenv.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/qemu-iotests/testenv.py b/tests/qemu-iotests/testenv.py
index c8848f2ec2..0b32eec119 100644
--- a/tests/qemu-iotests/testenv.py
+++ b/tests/qemu-iotests/testenv.py
@@ -240,6 +240,7 @@ def __init__(self, source_dir: str, build_dir: str,
 ('aarch64', 'virt'),
 ('avr', 'mega2560'),
 ('m68k', 'virt'),
+('or1k', 'virt'),
 ('riscv32', 'virt'),
 ('riscv64', 'virt'),
 ('rx', 'gdbsim-r5f562n8'),
-- 
2.39.5

[PULL 19/22] license: Simplify GPL-2.0-or-later license descriptions

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Since the "2 | 3+" expression can be simplified as "2+",
it is pointless to mention the GPLv3 license.

Add the corresponding SPDX identifier to remove all doubt.

Reviewed-by: Thomas Huth 
Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Michael Tokarev 
---
 block/vdi.c  | 4 +++-
 hw/net/eepro100.c| 4 +++-
 hw/ppc/rs6000_mc.c   | 4 +++-
 include/qemu/timed-average.h | 4 +++-
 qemu.nsi | 4 +++-
 util/timed-average.c | 4 +++-
 6 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/block/vdi.c b/block/vdi.c
index 6363da08ce..149e15c831 100644
--- a/block/vdi.c
+++ b/block/vdi.c
@@ -3,10 +3,12 @@
  *
  * Copyright (c) 2009, 2012 Stefan Weil
  *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation, either version 2 of the License, or
- * (at your option) version 3 or any later version.
+ * (at your option) any later version.
  *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
index d9a70c4544..c8a88b9813 100644
--- a/hw/net/eepro100.c
+++ b/hw/net/eepro100.c
@@ -6,10 +6,12 @@
  * Portions of the code are copies from grub / etherboot eepro100.c
  * and linux e100.c.
  *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation, either version 2 of the License, or
- * (at your option) version 3 or any later version.
+ * (at your option) any later version.
  *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
diff --git a/hw/ppc/rs6000_mc.c b/hw/ppc/rs6000_mc.c
index e6ec4b4c40..07b0b664d9 100644
--- a/hw/ppc/rs6000_mc.c
+++ b/hw/ppc/rs6000_mc.c
@@ -3,10 +3,12 @@
  *
  * Copyright (c) 2017 Hervé Poussineau
  *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation, either version 2 of the License, or
- * (at your option) version 3 or any later version.
+ * (at your option) any later version.
  *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
diff --git a/include/qemu/timed-average.h b/include/qemu/timed-average.h
index 08245e7a10..dfd8d653fa 100644
--- a/include/qemu/timed-average.h
+++ b/include/qemu/timed-average.h
@@ -8,10 +8,12 @@
  *   Benoît Canet 
  *   Alberto Garcia 
  *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation, either version 2 of the License, or
- * (at your option) version 3 or any later version.
+ * (at your option) any later version.
  *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
diff --git a/qemu.nsi b/qemu.nsi
index 564d617d11..b186f223e1 100644
--- a/qemu.nsi
+++ b/qemu.nsi
@@ -7,7 +7,7 @@
 ; This program is free software: you can redistribute it and/or modify
 ; it under the terms of the GNU General Public License as published by
 ; the Free Software Foundation, either version 2 of the License, or
-; (at your option) version 3 or any later version.
+; (at your option) any later version.
 ;
 ; This program is distributed in the hope that it will be useful,
 ; but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -16,6 +16,8 @@
 ;
 ; You should have received a copy of the GNU General Public License
 ; along with this program.  If not, see .
+;
+; SPDX-License-Identifier: GPL-2.0-or-later
 
 ; NSIS_WIN32_MAKENSIS
 
diff --git a/util/timed-average.c b/util/timed-average.c
index 2b49d532ce..5b5c22afd8 100644
--- a/util/timed-average.c
+++ b/util/timed-average.c
@@ -8,10 +8,12 @@
  *   Benoît Canet 
  *   Alberto Garcia 
  *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation, either version 2 of the License, or
- * (at your option) version 3 or any later version.
+ * (at your option) any later version.
  *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
-- 
2.39.5

[PULL 22/22] license: Update deprecated SPDX tag GPL-2.0 to GPL-2.0-only

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

The 'GPL-2.0' license identifier has been deprecated since license
list version 3.0 [1] and replaced by the 'GPL-2.0-only' tag [2].

[1] https://spdx.org/licenses/GPL-2.0.html
[2] https://spdx.org/licenses/GPL-2.0-only.html

Mechanical patch running:

  $ sed -i -e s/GPL-2.0/GPL-2.0-only/ \
$(git grep -l 'SPDX-License-Identifier: GPL-2.0[ $]' \
| egrep -v '^linux-headers|^include/standard-headers')

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
Reviewed-by: Richard Henderson 
Signed-off-by: Michael Tokarev 
---
 hw/m68k/bootinfo.h| 2 +-
 hw/net/igb_regs.h | 2 +-
 include/qemu/crc-ccitt.h  | 2 +-
 linux-user/alpha/syscall.tbl  | 2 +-
 linux-user/alpha/syscallhdr.sh| 2 +-
 linux-user/arm/syscallhdr.sh  | 2 +-
 linux-user/hppa/syscall.tbl   | 2 +-
 linux-user/hppa/syscallhdr.sh | 2 +-
 linux-user/i386/syscallhdr.sh | 2 +-
 linux-user/m68k/syscall.tbl   | 2 +-
 linux-user/m68k/syscallhdr.sh | 2 +-
 linux-user/microblaze/syscall.tbl | 2 +-
 linux-user/microblaze/syscallhdr.sh   | 2 +-
 linux-user/mips/syscall_o32.tbl   | 2 +-
 linux-user/mips/syscallhdr.sh | 2 +-
 linux-user/mips64/syscall_n32.tbl | 2 +-
 linux-user/mips64/syscall_n64.tbl | 2 +-
 linux-user/mips64/syscallhdr.sh   | 2 +-
 linux-user/ppc/syscall.tbl| 2 +-
 linux-user/ppc/syscallhdr.sh  | 2 +-
 linux-user/s390x/syscall.tbl  | 2 +-
 linux-user/s390x/syscallhdr.sh| 2 +-
 linux-user/sh4/syscall.tbl| 2 +-
 linux-user/sh4/syscallhdr.sh  | 2 +-
 linux-user/sparc/syscall.tbl  | 2 +-
 linux-user/sparc/syscallhdr.sh| 2 +-
 linux-user/x86_64/syscallhdr.sh   | 2 +-
 linux-user/xtensa/syscall.tbl | 2 +-
 linux-user/xtensa/syscallhdr.sh   | 2 +-
 scripts/kernel-doc| 2 +-
 tests/tcg/loongarch64/system/regdef.h | 2 +-
 31 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/hw/m68k/bootinfo.h b/hw/m68k/bootinfo.h
index 0e6e3eea87..70c1dc0e8c 100644
--- a/hw/m68k/bootinfo.h
+++ b/hw/m68k/bootinfo.h
@@ -1,5 +1,5 @@
 /*
- * SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+ * SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note
  *
  * Bootinfo tags from linux bootinfo.h and bootinfo-mac.h:
  * This is an easily parsable and extendable structure containing all
diff --git a/hw/net/igb_regs.h b/hw/net/igb_regs.h
index e5a47eab64..4dc4c31da2 100644
--- a/hw/net/igb_regs.h
+++ b/hw/net/igb_regs.h
@@ -1,4 +1,4 @@
-/* SPDX-License-Identifier: GPL-2.0 */
+/* SPDX-License-Identifier: GPL-2.0-only */
 /*
  * This is copied + edited from kernel header files in
  * drivers/net/ethernet/intel/igb
diff --git a/include/qemu/crc-ccitt.h b/include/qemu/crc-ccitt.h
index 8918dafe07..ce28e29720 100644
--- a/include/qemu/crc-ccitt.h
+++ b/include/qemu/crc-ccitt.h
@@ -8,7 +8,7 @@
  *
  * From Linux kernel v5.10 include/linux/crc-ccitt.h
  *
- * SPDX-License-Identifier: GPL-2.0
+ * SPDX-License-Identifier: GPL-2.0-only
  */
 
 #ifndef CRC_CCITT_H
diff --git a/linux-user/alpha/syscall.tbl b/linux-user/alpha/syscall.tbl
index 3000a2e8ee..3fa3ea436d 100644
--- a/linux-user/alpha/syscall.tbl
+++ b/linux-user/alpha/syscall.tbl
@@ -1,4 +1,4 @@
-# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+# SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note
 #
 # system call numbers and entry vectors for alpha
 #
diff --git a/linux-user/alpha/syscallhdr.sh b/linux-user/alpha/syscallhdr.sh
index 55cafe6abf..6da0c957e2 100644
--- a/linux-user/alpha/syscallhdr.sh
+++ b/linux-user/alpha/syscallhdr.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-# SPDX-License-Identifier: GPL-2.0
+# SPDX-License-Identifier: GPL-2.0-only
 
 in="$1"
 out="$2"
diff --git a/linux-user/arm/syscallhdr.sh b/linux-user/arm/syscallhdr.sh
index 4c952b2cfb..692fd6a76e 100644
--- a/linux-user/arm/syscallhdr.sh
+++ b/linux-user/arm/syscallhdr.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-# SPDX-License-Identifier: GPL-2.0
+# SPDX-License-Identifier: GPL-2.0-only
 
 in="$1"
 out="$2"
diff --git a/linux-user/hppa/syscall.tbl b/linux-user/hppa/syscall.tbl
index aabc37f8ca..6361e97974 100644
--- a/linux-user/hppa/syscall.tbl
+++ b/linux-user/hppa/syscall.tbl
@@ -1,4 +1,4 @@
-# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+# SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note
 #
 # system call numbers and entry vectors for parisc
 #
diff --git a/linux-user/hppa/syscallhdr.sh b/linux-user/hppa/syscallhdr.sh
index ac91a95762..bf1c1d4f30 100644
--- a/linux-user/hppa/syscallhdr.sh
+++ b/linux-user/hppa/syscallhdr.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-# SPDX-License-Identifier: GPL-2.0
+# SPDX-License-Identifier: GPL-2.0-only
 
 in="$1"
 out="$2"
diff --git a/linux-user/i386/syscallhdr.sh b/linux-user/i386/syscallhdr.sh
index b2eca96db7..938a793d2a 100644
--- a/linux-user/i386/syscallhdr.sh
+++ b/linux-user/i

[PULL 07/22] tests/unit: Really build pbkdf test on macOS

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Fix a typo to run the pbkdf crypto cipher tests on macOS.

 $ make check-unit
   ...
   87/102 qemu:unit / test-crypto-pbkdf  OK  2.35s   17 subtests passed

Fixes: ebe0302ac8 ("tests/unit: build pbkdf test on macOS")
Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Daniel P. Berrangé 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 tests/unit/test-crypto-pbkdf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/unit/test-crypto-pbkdf.c b/tests/unit/test-crypto-pbkdf.c
index b477cf4e4b..12ee808fbc 100644
--- a/tests/unit/test-crypto-pbkdf.c
+++ b/tests/unit/test-crypto-pbkdf.c
@@ -25,7 +25,7 @@
 #include 
 #endif
 
-#if defined(_WIN32) || defined(RUSAGE_THREAD) || defined(CONFIG_DARWNI)
+#if defined(_WIN32) || defined(RUSAGE_THREAD) || defined(CONFIG_DARWIN)
 #include "crypto/pbkdf.h"
 
 typedef struct QCryptoPbkdfTestData QCryptoPbkdfTestData;
-- 
2.39.5

[PULL 17/22] tests/bench: Rename test_akcipher_keys.inc -> test_akcipher_keys.c.inc

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Since commit 139c1837db ("meson: rename included C source files
to .c.inc"), QEMU standard procedure for included C files is to
use *.c.inc.

Besides, since commit 6a0057aa22 ("docs/devel: make a statement
about includes") this is documented in the Coding Style:

  If you do use template header files they should be named with
  the ``.c.inc`` or ``.h.inc`` suffix to make it clear they are
  being included for expansion.

Rename "test_akcipher_keys.inc" as "test_akcipher_keys.c.inc".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Signed-off-by: Michael Tokarev 
---
 tests/bench/benchmark-crypto-akcipher.c | 2 +-
 .../bench/{test_akcipher_keys.inc => test_akcipher_keys.c.inc}  | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename tests/bench/{test_akcipher_keys.inc => test_akcipher_keys.c.inc} (100%)

diff --git a/tests/bench/benchmark-crypto-akcipher.c 
b/tests/bench/benchmark-crypto-akcipher.c
index 750c7e89ee..0a6e5db1d6 100644
--- a/tests/bench/benchmark-crypto-akcipher.c
+++ b/tests/bench/benchmark-crypto-akcipher.c
@@ -16,7 +16,7 @@
 #include "crypto/akcipher.h"
 #include "standard-headers/linux/virtio_crypto.h"
 
-#include "test_akcipher_keys.inc"
+#include "test_akcipher_keys.c.inc"
 
 static QCryptoAkCipher *create_rsa_akcipher(const uint8_t *priv_key,
 size_t keylen,
diff --git a/tests/bench/test_akcipher_keys.inc 
b/tests/bench/test_akcipher_keys.c.inc
similarity index 100%
rename from tests/bench/test_akcipher_keys.inc
rename to tests/bench/test_akcipher_keys.c.inc
-- 
2.39.5

[PULL 21/22] license: Update deprecated SPDX tag GPL-2.0+ to GPL-2.0-or-later

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

The 'GPL-2.0+' license identifier has been deprecated since license
list version 2.0rc2 [1] and replaced by the 'GPL-2.0-or-later' [2]
tag.

[1] https://spdx.org/licenses/GPL-2.0+.html
[2] https://spdx.org/licenses/GPL-2.0-or-later.html

Mechanical patch running:

  $ sed -i -e s/GPL-2.0+/GPL-2.0-or-later/ \
$(git grep -lP 'SPDX-License-Identifier: \W+GPL-2.0\+[ $]' \
| egrep -v '^linux-headers|^include/standard-headers')

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
Reviewed-by: Richard Henderson 
Signed-off-by: Michael Tokarev 
---
 hw/core/uboot_image.h   | 2 +-
 hw/nvram/fw_cfg-acpi.c  | 2 +-
 hw/virtio/virtio-acpi.c | 2 +-
 include/hw/nvram/fw_cfg_acpi.h  | 2 +-
 include/hw/usb/dwc2-regs.h  | 2 +-
 include/hw/virtio/virtio-acpi.h | 2 +-
 target/riscv/cpu-param.h| 2 +-
 target/s390x/cpu-param.h| 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/hw/core/uboot_image.h b/hw/core/uboot_image.h
index 18ac293359..e4dcfb08f0 100644
--- a/hw/core/uboot_image.h
+++ b/hw/core/uboot_image.h
@@ -1,4 +1,4 @@
-/* SPDX-License-Identifier: GPL-2.0+ */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
 /*
  * (C) Copyright 2008 Semihalf
  *
diff --git a/hw/nvram/fw_cfg-acpi.c b/hw/nvram/fw_cfg-acpi.c
index 58cdcd3121..2e6ef89b98 100644
--- a/hw/nvram/fw_cfg-acpi.c
+++ b/hw/nvram/fw_cfg-acpi.c
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: GPL-2.0+
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Add fw_cfg device in DSDT
  *
diff --git a/hw/virtio/virtio-acpi.c b/hw/virtio/virtio-acpi.c
index 230a669500..85becef03c 100644
--- a/hw/virtio/virtio-acpi.c
+++ b/hw/virtio/virtio-acpi.c
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: GPL-2.0+
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * virtio ACPI Support
  *
diff --git a/include/hw/nvram/fw_cfg_acpi.h b/include/hw/nvram/fw_cfg_acpi.h
index b39eb0490f..dfd2a44ef0 100644
--- a/include/hw/nvram/fw_cfg_acpi.h
+++ b/include/hw/nvram/fw_cfg_acpi.h
@@ -1,4 +1,4 @@
-/* SPDX-License-Identifier: GPL-2.0+ */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
 /*
  * ACPI support for fw_cfg
  *
diff --git a/include/hw/usb/dwc2-regs.h b/include/hw/usb/dwc2-regs.h
index 0bf3f2aa17..523b112c5e 100644
--- a/include/hw/usb/dwc2-regs.h
+++ b/include/hw/usb/dwc2-regs.h
@@ -1,4 +1,4 @@
-/* SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause) */
+/* SPDX-License-Identifier: (GPL-2.0-or-later OR BSD-3-Clause) */
 /*
  * Imported from the Linux kernel file drivers/usb/dwc2/hw.h, commit
  * a89bae709b3492b478480a2c9734e7e9393b279c ("usb: dwc2: Move
diff --git a/include/hw/virtio/virtio-acpi.h b/include/hw/virtio/virtio-acpi.h
index cace2a315f..cdfbd943ae 100644
--- a/include/hw/virtio/virtio-acpi.h
+++ b/include/hw/virtio/virtio-acpi.h
@@ -1,4 +1,4 @@
-/* SPDX-License-Identifier: GPL-2.0+ */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
 /*
  * ACPI support for virtio
  */
diff --git a/target/riscv/cpu-param.h b/target/riscv/cpu-param.h
index 1fbd64939d..25686192c0 100644
--- a/target/riscv/cpu-param.h
+++ b/target/riscv/cpu-param.h
@@ -2,7 +2,7 @@
  * RISC-V cpu parameters for qemu.
  *
  * Copyright (c) 2017-2018 SiFive, Inc.
- * SPDX-License-Identifier: GPL-2.0+
+ * SPDX-License-Identifier: GPL-2.0-or-later
  */
 
 #ifndef RISCV_CPU_PARAM_H
diff --git a/target/s390x/cpu-param.h b/target/s390x/cpu-param.h
index 11d23b600d..a05ffcf78d 100644
--- a/target/s390x/cpu-param.h
+++ b/target/s390x/cpu-param.h
@@ -2,7 +2,7 @@
  * S/390 cpu parameters for qemu.
  *
  * Copyright (c) 2009 Ulrich Hecht
- * SPDX-License-Identifier: GPL-2.0+
+ * SPDX-License-Identifier: GPL-2.0-or-later
  */
 
 #ifndef S390_CPU_PARAM_H
-- 
2.39.5

Re: [PATCH] tests/qemu-iotests/testenv: Use the "r2d" machine for sh4/sh4eb

[Yoshinori Sato]

On Wed, 18 Sep 2024 04:43:50 +0900,
Thomas Huth wrote:
> 
> Commit 0ea0538fae516f9b4 removed the default machine of the sh4
> binaries, so a lot of iotests are failing now without such a default
> machine. Teach the iotest harness to use the "r2d" machine instead
> to fix this problem.
> 
> Signed-off-by: Thomas Huth 
> ---
>  tests/qemu-iotests/testenv.py | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/tests/qemu-iotests/testenv.py b/tests/qemu-iotests/testenv.py
> index 0b32eec119..6326e46b7b 100644
> --- a/tests/qemu-iotests/testenv.py
> +++ b/tests/qemu-iotests/testenv.py
> @@ -244,6 +244,8 @@ def __init__(self, source_dir: str, build_dir: str,
>  ('riscv32', 'virt'),
>  ('riscv64', 'virt'),
>  ('rx', 'gdbsim-r5f562n8'),
> +('sh4', 'r2d'),
> +('sh4eb', 'r2d'),
>  ('tricore', 'tricore_testboard')
>  )
>  for suffix, machine in machine_map:
> -- 
> 2.46.0
> 

r2d is works only sh4 little endian mode.
There was probably no other hardware that ran in big endian.
I think sh4 alone is sufficient for this test.

-- 
Yosinori Sato

Re: [PATCH] target/arm: Correct ID_AA64ISAR1_EL1 value for neoverse-v1

[Marcin Juszkiewicz]

W dniu 17.09.2024 o 18:13, Peter Maydell pisze:

The Neoverse-V1 TRM is a bit confused about the layout of the
ID_AA64ISAR1_EL1 register, and so its table 3-6 has the wrong value
for this ID register.  Trust instead section 3.2.74's list of which
fields are set.

This means that we stop incorrectly reporting FEAT_XS as present, and
now report the presence of FEAT_BF16.

Cc: qemu-sta...@nongnu.org
Reported-by: Marcin Juszkiewicz 
Signed-off-by: Peter Maydell 
---
  target/arm/tcg/cpu64.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c
index b9f34f044d0..01689208286 100644
--- a/target/arm/tcg/cpu64.c
+++ b/target/arm/tcg/cpu64.c
@@ -677,7 +677,7 @@ static void aarch64_neoverse_v1_initfn(Object *obj)
  cpu->isar.id_aa64dfr0  = 0x01f210305519ull;
  cpu->isar.id_aa64dfr1 = 0x;
  cpu->isar.id_aa64isar0 = 0x101110212120ull; /* with FEAT_RNG */
-cpu->isar.id_aa64isar1 = 0x011101211032ull;
+cpu->isar.id_aa64isar1 = 0x001111211032ull;
  cpu->isar.id_aa64mmfr0 = 0x00101125ull;
  cpu->isar.id_aa64mmfr1 = 0x10212122ull;
  cpu->isar.id_aa64mmfr2 = 0x0220011102101011ull;


I think that it would nice to have it backported to stable branches. It 
applies to stable-8.1 and above.


In master it is 8676007eff04bb4e454bcdf92fab3f855bcc59b3 commit.

Re: [PATCH v4 02/12] tcg/riscv: Add basic support for vector

[Daniel Henrique Barboza]

Hi Zhiwei,

On 9/11/24 10:26 AM, LIU Zhiwei wrote:

From: Swung0x48 

The RISC-V vector instruction set utilizes the LMUL field to group
multiple registers, enabling variable-length vector registers. This
implementation uses only the first register number of each group while
reserving the other register numbers within the group.

In TCG, each VEC_IR can have 3 types (TCG_TYPE_V64/128/256), and the
host runtime needs to adjust LMUL based on the type to use different
register groups.

This presents challenges for TCG's register allocation. Currently, we
avoid modifying the register allocation part of TCG and only expose the
minimum number of vector registers.

For example, when the host vlen is 64 bits and type is TCG_TYPE_V256, with
LMUL equal to 4, we use 4 vector registers as one register group. We can
use a maximum of 8 register groups, but the V0 register number is reserved
as a mask register, so we can effectively use at most 7 register groups.
Moreover, when type is smaller than TCG_TYPE_V256, only 7 registers are
forced to be used. This is because TCG cannot yet dynamically constrain
registers with type; likewise, when the host vlen is 128 bits and
TCG_TYPE_V256, we can use at most 15 registers.

There is not much pressure on vector register allocation in TCG now, so
using 7 registers is feasible and will not have a major impact on code
generation.

This patch:
1. Reserves vector register 0 for use as a mask register.
2. When using register groups, reserves the additional registers within
each group.

Signed-off-by: TANG Tiancheng 
Co-authored-by: TANG Tiancheng 
Reviewed-by: Liu Zhiwei 
---



As Rixchard already pointed out, we must have a "Signed-off-by" tag with the 
"author" of
the patch, and it must be the exact spelling. So in this case:

Signed-off-by: Swung0x48 


More info here:

https://www.qemu.org/docs/master/devel/submitting-a-patch.html

-

Your patches must include a Signed-off-by: line. This is a hard requirement
because it’s how you say “I’m legally okay to contribute this and happy for it
to go into QEMU”. The process is modelled after the Linux kernel policy.

If you wrote the patch, make sure your "From:" and "Signed-off-by:"
lines use the same spelling. It's okay if you subscribe or contribute to
the list via more than one address, but using multiple addresses in one
commit just confuses things. If someone else wrote the patch, git will
include a "From:" line in the body of the email (different from your
envelope From:) that will give credit to the correct author; but again,
that author's Signed-off-by: line is mandatory, with the same spelling.

-

However, you can't just amend this tag in the patch though since you're not 
Swung0x48.
We need Swung0x48 to reply here ack indicating that it is ok to add the 
Signed-off-by
as required, as a indication that Swung0x48 is ok with the legal implications of
doing so.


Thanks,

Daniel



  tcg/riscv/tcg-target-con-str.h |   1 +
  tcg/riscv/tcg-target.c.inc | 126 -
  tcg/riscv/tcg-target.h |  78 +++-
  tcg/riscv/tcg-target.opc.h |  12 
  4 files changed, 151 insertions(+), 66 deletions(-)
  create mode 100644 tcg/riscv/tcg-target.opc.h

diff --git a/tcg/riscv/tcg-target-con-str.h b/tcg/riscv/tcg-target-con-str.h
index d5c419dff1..b2b3211bcb 100644
--- a/tcg/riscv/tcg-target-con-str.h
+++ b/tcg/riscv/tcg-target-con-str.h
@@ -9,6 +9,7 @@
   * REGS(letter, register_mask)
   */
  REGS('r', ALL_GENERAL_REGS)
+REGS('v', ALL_VECTOR_REGS)
  
  /*

   * Define constraint letters for constants:
diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
index d334857226..966d1ad981 100644
--- a/tcg/riscv/tcg-target.c.inc
+++ b/tcg/riscv/tcg-target.c.inc
@@ -32,38 +32,14 @@
  
  #ifdef CONFIG_DEBUG_TCG

  static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
-"zero",
-"ra",
-"sp",
-"gp",
-"tp",
-"t0",
-"t1",
-"t2",
-"s0",
-"s1",
-"a0",
-"a1",
-"a2",
-"a3",
-"a4",
-"a5",
-"a6",
-"a7",
-"s2",
-"s3",
-"s4",
-"s5",
-"s6",
-"s7",
-"s8",
-"s9",
-"s10",
-"s11",
-"t3",
-"t4",
-"t5",
-"t6"
+"zero", "ra",  "sp",  "gp",  "tp",  "t0",  "t1",  "t2",
+"s0",   "s1",  "a0",  "a1",  "a2",  "a3",  "a4",  "a5",
+"a6",   "a7",  "s2",  "s3",  "s4",  "s5",  "s6",  "s7",
+"s8",   "s9",  "s10", "s11", "t3",  "t4",  "t5",  "t6",
+"v0",   "v1",  "v2",  "v3",  "v4",  "v5",  "v6",  "v7",
+"v8",   "v9",  "v10", "v11", "v12", "v13", "v14", "v15",
+"v16",  "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+"v24",  "v25", "v26", "v27", "v28", "v29", "v30", "v31",
  };
  #endif
  
@@ -100,6 +76,16 @@ static const int tcg_target_reg_alloc_order[] = {

  TCG_REG_A5,
  TCG_REG_A6,
  TCG_REG_A7,
+
+/* Vector registers and TCG_REG_V0 reserved for mask. */
+TCG_REG_V1,  TCG_REG_V2,  TCG_REG_V3,  TCG_REG_V

Re: [PATCH] migration/multifd: receive channel socket needs to be set to non-blocking

[Peter Xu]

On Fri, Sep 20, 2024 at 10:05:42AM +, Yuchen wrote:
> When the migration network is disconnected, the source
> qemu can exit normally with an error, but the destination
> qemu is always blocked in recvmsg(), causes the destination
> qemu main thread to be blocked.
> 
> The destination qemu block stack:
> Thread 13 (Thread 0x7f0178bfa640 (LWP 1895906) "multifdrecv_6"):
> #0  0x7f041b5af56f in recvmsg ()
> #1  0x55573ebd0b42 in qio_channel_socket_readv
> #2  0x55573ebce83f in qio_channel_readv
> #3  qio_channel_readv_all_eof
> #4  0x55573ebce909 in qio_channel_readv_all
> #5  0x55573eaa1b1f in multifd_recv_thread
> #6  0x55573ec2f0b9 in qemu_thread_start
> #7  0x7f041b52bf7a in start_thread
> #8  0x7f041b5ae600 in clone3
> 
> Thread 1 (Thread 0x7f0410c62240 (LWP 1895156) "kvm"):
> #0  0x7f041b528ae2 in __futex_abstimed_wait_common ()
> #1  0x7f041b5338b8 in __new_sem_wait_slow64.constprop.0
> #2  0x55573ec2fd34 in qemu_sem_wait (sem=0x555742b5a4e0)
> #3  0x55573eaa2f09 in multifd_recv_sync_main ()
> #4  0x55573e7d590d in ram_load_precopy (f=f@entry=0x555742291c20)
> #5  0x55573e7d5cbf in ram_load (opaque=, 
> version_id=, f=0x555742291c20)
> #6  ram_load_entry (f=0x555742291c20, opaque=, 
> version_id=)
> #7  0x55573ea932e7 in qemu_loadvm_section_part_end (mis=0x555741136c00, 
> f=0x555742291c20)
> #8  qemu_loadvm_state_main (f=f@entry=0x555742291c20, 
> mis=mis@entry=0x555741136c00)
> #9  0x55573ea94418 in qemu_loadvm_state (f=0x555742291c20, 
> mode=mode@entry=VMS_MIGRATE)
> #10 0x55573ea88be1 in process_incoming_migration_co (opaque= out>)
> #11 0x55573ec43d13 in coroutine_trampoline (i0=, 
> i1=)
> #12 0x7f041b4f5d90 in ?? () from target:/usr/lib64/libc.so.6
> #13 0x7ffc11890270 in ?? ()
> #14 0x in ?? ()
> 
> Setting the receive channel to non-blocking can solve the problem.

Multifd threads are real threads and there's no coroutine, I'm slightly
confused why it needs to use nonblock.

Why recvmsg() didn't get kicked out when disconnect?  Is it a generic Linux
kernel are you using?

I wonder whether that's the expected behavior for sockets.  E.g., we do
have multifd/cancel test (test_multifd_tcp_cancel) and I think that runs
this path too with it always in block mode as of now..

> 
> Signed-off-by: YuChen 
> ---
>  migration/multifd.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/migration/multifd.c b/migration/multifd.c
> index 9b200f4ad9..7b2a768f05 100644
> --- a/migration/multifd.c
> +++ b/migration/multifd.c
> @@ -1318,6 +1318,8 @@ void multifd_recv_new_channel(QIOChannel *ioc, Error 
> **errp)
>  id = qatomic_read(&multifd_recv_state->count);
>  }
> 
> +qio_channel_set_blocking(ioc, false, NULL);
> +
>  p = &multifd_recv_state->params[id];
>  if (p->c != NULL) {
>  error_setg(&local_err, "multifd: received id '%d' already setup'",
> --
> 2.30.2
> -
> 本邮件及其附件含有新华三集团的保密信息，仅限于发送给上面地址中列出
> 的个人或群组。禁止任何其他人以任何形式使用（包括但不限于全部或部分地泄露、复制、
> 或散发）本邮件中的信息。如果您错收了本邮件，请您立即电话或邮件通知发件人并删除本
> 邮件！
> This e-mail and its attachments contain confidential information from New 
> H3C, which is
> intended only for the person or entity whose address is listed above. Any use 
> of the
> information contained herein in any way (including, but not limited to, total 
> or partial
> disclosure, reproduction, or dissemination) by persons other than the intended
> recipient(s) is prohibited. If you receive this e-mail in error, please 
> notify the sender
> by phone or email immediately and delete it!

-- 
Peter Xu

Re: [PATCH 2/2] hw/sparc/leon3: add second uart with extended interrupt usage

[Nikita Shushura]

Forgot to add 'Signed-off-by', so can be deleted.




Sent with Proton Mail secure email.

On Saturday, September 21st, 2024 at 1:48 AM, Nikita Shushura 
 wrote:

> ---
> hw/sparc/leon3.c | 63 +++-
> 1 file changed, 46 insertions(+), 17 deletions(-)
> 
> diff --git a/hw/sparc/leon3.c b/hw/sparc/leon3.c
> index 6aaa04cb19..c559854e5e 100644
> --- a/hw/sparc/leon3.c
> +++ b/hw/sparc/leon3.c
> @@ -54,10 +54,14 @@
> #define LEON3_PROM_OFFSET (0x)
> #define LEON3_RAM_OFFSET (0x4000)
> 
> -#define MAX_CPUS 4
> +#define MAX_CPUS (4)
> +#define LEON3_EIRQ (12)
> 
> -#define LEON3_UART_OFFSET (0x8100)
> -#define LEON3_UART_IRQ (3)
> +#define LEON3_UART0_OFFSET (0x8100)
> +#define LEON3_UART0_IRQ (2)
> +
> +#define LEON3_UART1_OFFSET (0x80100100)
> +#define LEON3_UART1_IRQ (17)
> 
> #define LEON3_IRQMP_OFFSET (0x8200)
> 
> @@ -65,7 +69,8 @@
> #define LEON3_TIMER_IRQ (6)
> #define LEON3_TIMER_COUNT (2)
> 
> -#define LEON3_APB_PNP_OFFSET (0x800FF000)
> +#define LEON3_APB1_PNP_OFFSET (0x800FF000)
> +#define LEON3_APB2_PNP_OFFSET (0x801FF000)
> #define LEON3_AHB_PNP_OFFSET (0xF000)
> 
> typedef struct ResetData {
> @@ -122,7 +127,8 @@ static void write_bootloader(void ptr, hwaddr kernel_addr)
> 
> / Initialize the UARTs /
> / *UART_CONTROL = UART_RECEIVE_ENABLE | UART_TRANSMIT_ENABLE; /
> - p = gen_store_u32(p, 0x8108, 3);
> + p = gen_store_u32(p, LEON3_UART0_OFFSET + 0x8, 3);
> + p = gen_store_u32(p, LEON3_UART1_OFFSET + 0x8, 3);
> 
> / Initialize the TIMER 0 /
> / *GPTIMER_SCALER_RELOAD = 40 - 1; */
> @@ -271,7 +277,8 @@ static void leon3_generic_hw_init(MachineState *machine)
> DeviceState *dev, *irqmpdev;
> int i;
> AHBPnp *ahb_pnp;
> - APBPnp *apb_pnp;
> + APBPnp *apb1_pnp;
> + APBPnp *apb2_pnp;
> 
> reset_info = g_malloc0(sizeof(ResetData));
> 
> @@ -298,10 +305,19 @@ static void leon3_generic_hw_init(MachineState machine)
> GRLIB_LEON3_DEV, GRLIB_AHB_MASTER,
> GRLIB_CPU_AREA);
> 
> - apb_pnp = GRLIB_APB_PNP(qdev_new(TYPE_GRLIB_APB_PNP));
> - sysbus_realize_and_unref(SYS_BUS_DEVICE(apb_pnp), &error_fatal);
> - sysbus_mmio_map(SYS_BUS_DEVICE(apb_pnp), 0, LEON3_APB_PNP_OFFSET);
> - grlib_ahb_pnp_add_entry(ahb_pnp, LEON3_APB_PNP_OFFSET, 0xFFF,
> + / Initialize APB1 /
> + apb1_pnp = GRLIB_APB_PNP(qdev_new(TYPE_GRLIB_APB_PNP));
> + sysbus_realize_and_unref(SYS_BUS_DEVICE(apb1_pnp), &error_fatal);
> + sysbus_mmio_map(SYS_BUS_DEVICE(apb1_pnp), 0, LEON3_APB1_PNP_OFFSET);
> + grlib_ahb_pnp_add_entry(ahb_pnp, LEON3_APB1_PNP_OFFSET, 0xFFF,
> + GRLIB_VENDOR_GAISLER, GRLIB_APBMST_DEV,
> + GRLIB_AHB_SLAVE, GRLIB_AHBMEM_AREA);
> +
> + / Initialize APB2 */
> + apb2_pnp = GRLIB_APB_PNP(qdev_new(TYPE_GRLIB_APB_PNP));
> + sysbus_realize_and_unref(SYS_BUS_DEVICE(apb2_pnp), &error_fatal);
> + sysbus_mmio_map(SYS_BUS_DEVICE(apb2_pnp), 0, LEON3_APB2_PNP_OFFSET);
> + grlib_ahb_pnp_add_entry(ahb_pnp, LEON3_APB2_PNP_OFFSET, 0xFFF,
> GRLIB_VENDOR_GAISLER, GRLIB_APBMST_DEV,
> GRLIB_AHB_SLAVE, GRLIB_AHBMEM_AREA);
> 
> @@ -309,6 +325,8 @@ static void leon3_generic_hw_init(MachineState *machine)
> irqmpdev = qdev_new(TYPE_GRLIB_IRQMP);
> object_property_set_int(OBJECT(irqmpdev), "ncpus", machine->smp.cpus,
> 
> &error_fatal);
> + /object_property_set_int(OBJECT(irqmpdev), "eirq", LEON3_EIRQ,/
> + /* &error_fatal);*/
> sysbus_realize_and_unref(SYS_BUS_DEVICE(irqmpdev), &error_fatal);
> 
> for (i = 0; i < machine->smp.cpus; i++) {
> 
> @@ -325,7 +343,7 @@ static void leon3_generic_hw_init(MachineState *machine)
> }
> 
> sysbus_mmio_map(SYS_BUS_DEVICE(irqmpdev), 0, LEON3_IRQMP_OFFSET);
> - grlib_apb_pnp_add_entry(apb_pnp, LEON3_IRQMP_OFFSET, 0xFFF,
> + grlib_apb_pnp_add_entry(apb1_pnp, LEON3_IRQMP_OFFSET, 0xFFF,
> GRLIB_VENDOR_GAISLER, GRLIB_IRQMP_DEV,
> 2, 0, GRLIB_APBIO_AREA);
> 
> @@ -417,20 +435,31 @@ static void leon3_generic_hw_init(MachineState machine)
> qdev_get_gpio_in(irqmpdev, LEON3_TIMER_IRQ + i));
> }
> 
> - grlib_apb_pnp_add_entry(apb_pnp, LEON3_TIMER_OFFSET, 0xFFF,
> + grlib_apb_pnp_add_entry(apb1_pnp, LEON3_TIMER_OFFSET, 0xFFF,
> GRLIB_VENDOR_GAISLER, GRLIB_GPTIMER_DEV,
> 0, LEON3_TIMER_IRQ, GRLIB_APBIO_AREA);
> 
> - / Allocate uart /
> + / Allocate UART0 /
> dev = qdev_new(TYPE_GRLIB_APB_UART);
> qdev_prop_set_chr(dev, "chrdev", serial_hd(0));
> sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
> - sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, LEON3_UART_OFFSET);
> + sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, LEON3_UART0_OFFSET);
> + sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0,
> + qdev_get_gpio_in(irqmpdev, LEON3_UART0_IRQ));
> + grlib_apb_pnp_add_entry(apb1_pnp, LEON3_UART0_OFFSET, 0xFFF,
> + GRLIB_VENDOR_GAISLER, GRLIB_APBUART_DEV, 1,
> + LEON3_UART0_IRQ, GRLIB_APBIO_AREA);
> +
> + / Allocate UART1 */
> + dev = qdev_new(TYPE_GRLIB_APB_UART);
> + qdev_prop_set_chr(dev, "chrdev", serial_hd(1));
> + sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
> + sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, LEON3_UART1_OFFSET);
> sysbus_connect_irq(SYS_BUS_DEV

Re: [PATCH 1/2] hw/intc/grlib_irqmp: add support for extended interrupts

[Nikita Shushura]

Forgot to add 'Signed-off-by', so can be deleted.




Sent with Proton Mail secure email.

On Saturday, September 21st, 2024 at 1:48 AM, Nikita Shushura 
 wrote:

> ---
> hw/intc/grlib_irqmp.c | 68 +++
> 1 file changed, 49 insertions(+), 19 deletions(-)
> 
> diff --git a/hw/intc/grlib_irqmp.c b/hw/intc/grlib_irqmp.c
> index 37ac63fd80..2fd76dd1b4 100644
> --- a/hw/intc/grlib_irqmp.c
> +++ b/hw/intc/grlib_irqmp.c
> @@ -1,8 +1,6 @@
> /*
> * QEMU GRLIB IRQMP Emulator
> *
> - * (Extended interrupt not supported)
> - *
> * SPDX-License-Identifier: MIT
> *
> * Copyright (c) 2010-2024 AdaCore
> @@ -38,25 +36,29 @@
> #include "qemu/module.h"
> #include "qom/object.h"
> 
> -#define IRQMP_MAX_CPU 16
> -#define IRQMP_REG_SIZE 256 /* Size of memory mapped registers /
> +#define IRQMP_MAX_CPU (16)
> +#define IRQMP_REG_SIZE (256) / Size of memory mapped registers /
> 
> / Memory mapped register offsets /
> -#define LEVEL_OFFSET 0x00
> -#define PENDING_OFFSET 0x04
> -#define FORCE0_OFFSET 0x08
> -#define CLEAR_OFFSET 0x0C
> -#define MP_STATUS_OFFSET 0x10
> -#define BROADCAST_OFFSET 0x14
> -#define MASK_OFFSET 0x40
> -#define FORCE_OFFSET 0x80
> -#define EXTENDED_OFFSET 0xC0
> +#define LEVEL_OFFSET (0x00)
> +#define PENDING_OFFSET (0x04)
> +#define FORCE0_OFFSET (0x08)
> +#define CLEAR_OFFSET (0x0C)
> +#define MP_STATUS_OFFSET (0x10)
> +#define BROADCAST_OFFSET (0x14)
> +#define MASK_OFFSET (0x40)
> +#define FORCE_OFFSET (0x80)
> +#define EXTENDED_OFFSET (0xC0)
> 
> / Multiprocessor Status Register */
> #define MP_STATUS_CPU_STATUS_MASK ((1 << IRQMP_MAX_CPU)-2)
> -#define MP_STATUS_NCPU_SHIFT 28
> +#define MP_STATUS_NCPU_SHIFT (28)
> +#define MP_STATUS_EIRQ_OFFSET (16)
> +
> +#define MAX_PILS_STD (16)
> +#define MAX_PILS_EXT (32)
> 
> -#define MAX_PILS 16
> +#define DEFAULT_EIRQ (12)
> 
> OBJECT_DECLARE_SIMPLE_TYPE(IRQMP, GRLIB_IRQMP)
> 
> @@ -68,6 +70,7 @@ struct IRQMP {
> MemoryRegion iomem;
> 
> unsigned int ncpus;
> + unsigned int eirq;
> IRQMPState *state;
> qemu_irq start_signal[IRQMP_MAX_CPU];
> qemu_irq irq[IRQMP_MAX_CPU];
> @@ -89,13 +92,25 @@ struct IRQMPState {
> 
> static void grlib_irqmp_check_irqs(IRQMPState *state)
> {
> - int i;
> + int i, j;
> 
> assert(state != NULL);
> assert(state->parent != NULL);
> 
> 
> for (i = 0; i < state->parent->ncpus; i++) {
> 
> uint32_t pend = (state->pending | state->force[i]) & state->mask[i];
> 
> +
> + /*
> + * Check is pending interrupt is extended,
> + * if so set pending to EIRQ and acknowledge extended interrupt"
> + */
> + for (j = MAX_PILS_STD; j <= MAX_PILS_EXT; j++) {
> + if ((pend & (1 << j)) != 0) {
> + pend = (1 << state->parent->eirq);
> 
> + state->extended[i] = (j & 0x);
> 
> + }
> + }
> +
> uint32_t level0 = pend & ~state->level;
> 
> uint32_t level1 = pend & state->level;
> 
> 
> @@ -110,6 +125,10 @@ static void grlib_irqmp_check_irqs(IRQMPState *state)
> static void grlib_irqmp_ack_mask(IRQMPState *state, unsigned int cpu,
> uint32_t mask)
> {
> + if ((mask & (1 << state->parent->eirq)) != 0) {
> 
> + mask |= (1 << state->extended[cpu]);
> 
> + }
> +
> /* Clear registers */
> state->pending &= ~mask;
> 
> state->force[cpu] &= ~mask;
> 
> @@ -144,7 +163,6 @@ static void grlib_irqmp_set_irq(void *opaque, int irq, 
> int level)
> assert(s != NULL);
> assert(s->parent != NULL);
> 
> 
> -
> if (level) {
> trace_grlib_irqmp_set_irq(irq);
> 
> @@ -278,6 +296,9 @@ static void grlib_irqmp_write(void *opaque, hwaddr addr,
> state->mpstatus &= ~(1 << i);
> 
> }
> }
> +
> + /* Writing EIRQ number */
> + state->mpstatus |= (state->parent->eirq << MP_STATUS_EIRQ_OFFSET);
> 
> return;
> 
> case BROADCAST_OFFSET:
> @@ -345,7 +366,8 @@ static void grlib_irqmp_reset(DeviceState *d)
> memset(irqmp->state, 0, sizeof *irqmp->state);
> 
> irqmp->state->parent = irqmp;
> 
> irqmp->state->mpstatus = ((irqmp->ncpus - 1) << MP_STATUS_NCPU_SHIFT) |
> 
> - ((1 << irqmp->ncpus) - 2);
> 
> + ((1 << irqmp->ncpus) - 2) |
> 
> + (irqmp->eirq << MP_STATUS_EIRQ_OFFSET);
> 
> }
> 
> static void grlib_irqmp_realize(DeviceState *dev, Error **errp)
> @@ -359,7 +381,14 @@ static void grlib_irqmp_realize(DeviceState *dev, Error 
> **errp)
> return;
> }
> 
> - qdev_init_gpio_in(dev, grlib_irqmp_set_irq, MAX_PILS);
> + if ((!irqmp->eirq) || (irqmp->eirq >= MAX_PILS_STD)) {
> 
> + error_setg(errp, "Invalid eirq properties: "
> + "%u, must be 0 < eirq < %u.", irqmp->eirq,
> 
> + MAX_PILS_STD);
> + return;
> + }
> +
> + qdev_init_gpio_in(dev, grlib_irqmp_set_irq, MAX_PILS_EXT);
> 
> /*
> * Transitionning from 0 to 1 starts the CPUs. The opposite can't
> @@ -378,6 +407,7 @@ static void grlib_irqmp_realize(DeviceState *dev, Error 
> **errp)
> 
> static Property grlib_irqmp_properties[] = {
> DEFINE_PROP_UINT32("ncpus", IRQMP, ncpus, 1),
> + DEFINE_PROP_UINT32("eirq", IRQMP, eirq, DEFAULT_EIRQ),
> DEFINE_PROP_END_OF_LIST(),
> };
> 
> --
> 2.46.1

[PATCH 1/2] hw/intc/grlib_irqmp: add support for extended interrupts

[Nikita Shushura]

---
 hw/intc/grlib_irqmp.c | 68 +++
 1 file changed, 49 insertions(+), 19 deletions(-)

diff --git a/hw/intc/grlib_irqmp.c b/hw/intc/grlib_irqmp.c
index 37ac63fd80..2fd76dd1b4 100644
--- a/hw/intc/grlib_irqmp.c
+++ b/hw/intc/grlib_irqmp.c
@@ -1,8 +1,6 @@
 /*
  * QEMU GRLIB IRQMP Emulator
  *
- * (Extended interrupt not supported)
- *
  * SPDX-License-Identifier: MIT
  *
  * Copyright (c) 2010-2024 AdaCore
@@ -38,25 +36,29 @@
 #include "qemu/module.h"
 #include "qom/object.h"
 
-#define IRQMP_MAX_CPU 16
-#define IRQMP_REG_SIZE 256  /* Size of memory mapped registers */
+#define IRQMP_MAX_CPU (16)
+#define IRQMP_REG_SIZE (256)/* Size of memory mapped registers */
 
 /* Memory mapped register offsets */
-#define LEVEL_OFFSET 0x00
-#define PENDING_OFFSET   0x04
-#define FORCE0_OFFSET0x08
-#define CLEAR_OFFSET 0x0C
-#define MP_STATUS_OFFSET 0x10
-#define BROADCAST_OFFSET 0x14
-#define MASK_OFFSET  0x40
-#define FORCE_OFFSET 0x80
-#define EXTENDED_OFFSET  0xC0
+#define LEVEL_OFFSET (0x00)
+#define PENDING_OFFSET   (0x04)
+#define FORCE0_OFFSET(0x08)
+#define CLEAR_OFFSET (0x0C)
+#define MP_STATUS_OFFSET (0x10)
+#define BROADCAST_OFFSET (0x14)
+#define MASK_OFFSET  (0x40)
+#define FORCE_OFFSET (0x80)
+#define EXTENDED_OFFSET  (0xC0)
 
 /* Multiprocessor Status Register  */
 #define MP_STATUS_CPU_STATUS_MASK ((1 << IRQMP_MAX_CPU)-2)
-#define MP_STATUS_NCPU_SHIFT  28
+#define MP_STATUS_NCPU_SHIFT  (28)
+#define MP_STATUS_EIRQ_OFFSET (16)
+
+#define MAX_PILS_STD (16)
+#define MAX_PILS_EXT (32)
 
-#define MAX_PILS 16
+#define DEFAULT_EIRQ (12)
 
 OBJECT_DECLARE_SIMPLE_TYPE(IRQMP, GRLIB_IRQMP)
 
@@ -68,6 +70,7 @@ struct IRQMP {
 MemoryRegion iomem;
 
 unsigned int ncpus;
+unsigned int eirq;
 IRQMPState *state;
 qemu_irq start_signal[IRQMP_MAX_CPU];
 qemu_irq irq[IRQMP_MAX_CPU];
@@ -89,13 +92,25 @@ struct IRQMPState {
 
 static void grlib_irqmp_check_irqs(IRQMPState *state)
 {
-int i;
+int i, j;
 
 assert(state != NULL);
 assert(state->parent != NULL);
 
 for (i = 0; i < state->parent->ncpus; i++) {
 uint32_t pend = (state->pending | state->force[i]) & state->mask[i];
+
+/*
+ * Check is pending interrupt is extended,
+ * if so set pending to EIRQ and acknowledge extended interrupt"
+ */
+for (j = MAX_PILS_STD; j <= MAX_PILS_EXT; j++) {
+if ((pend & (1 << j)) != 0) {
+pend = (1 << state->parent->eirq);
+state->extended[i] = (j & 0x);
+}
+}
+
 uint32_t level0 = pend & ~state->level;
 uint32_t level1 = pend &  state->level;
 
@@ -110,6 +125,10 @@ static void grlib_irqmp_check_irqs(IRQMPState *state)
 static void grlib_irqmp_ack_mask(IRQMPState *state, unsigned int cpu,
  uint32_t mask)
 {
+if ((mask & (1 << state->parent->eirq)) != 0) {
+mask |= (1 << state->extended[cpu]);
+}
+
 /* Clear registers */
 state->pending  &= ~mask;
 state->force[cpu] &= ~mask;
@@ -144,7 +163,6 @@ static void grlib_irqmp_set_irq(void *opaque, int irq, int 
level)
 assert(s != NULL);
 assert(s->parent != NULL);
 
-
 if (level) {
 trace_grlib_irqmp_set_irq(irq);
 
@@ -278,6 +296,9 @@ static void grlib_irqmp_write(void *opaque, hwaddr addr,
 state->mpstatus &= ~(1 << i);
 }
 }
+
+/* Writing EIRQ number */
+state->mpstatus |= (state->parent->eirq << MP_STATUS_EIRQ_OFFSET);
 return;
 
 case BROADCAST_OFFSET:
@@ -345,7 +366,8 @@ static void grlib_irqmp_reset(DeviceState *d)
 memset(irqmp->state, 0, sizeof *irqmp->state);
 irqmp->state->parent = irqmp;
 irqmp->state->mpstatus = ((irqmp->ncpus - 1) << MP_STATUS_NCPU_SHIFT) |
-((1 << irqmp->ncpus) - 2);
+((1 << irqmp->ncpus) - 2) |
+(irqmp->eirq << MP_STATUS_EIRQ_OFFSET);
 }
 
 static void grlib_irqmp_realize(DeviceState *dev, Error **errp)
@@ -359,7 +381,14 @@ static void grlib_irqmp_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
-qdev_init_gpio_in(dev, grlib_irqmp_set_irq, MAX_PILS);
+if ((!irqmp->eirq) || (irqmp->eirq >= MAX_PILS_STD)) {
+error_setg(errp, "Invalid eirq properties: "
+   "%u, must be 0 < eirq < %u.", irqmp->eirq,
+   MAX_PILS_STD);
+return;
+}
+
+qdev_init_gpio_in(dev, grlib_irqmp_set_irq, MAX_PILS_EXT);
 
 /*
  * Transitionning from 0 to 1 starts the CPUs. The opposite can't
@@ -378,6 +407,7 @@ static void grlib_irqmp_realize(DeviceState *dev, Error 
**errp)
 
 static Property grlib_irqmp_properties[] = {
 DEFINE_PROP_UINT32("ncpus", IRQMP, ncpus, 1),
+DEFINE_PROP_UINT32("eirq", IRQMP, eirq, DEFAULT_EIRQ),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
2.46.1

[PATCH 2/2] hw/sparc/leon3: add second uart with extended interrupt usage

[Nikita Shushura]

Signed-off-by: Nikita Shushura 
---
 hw/sparc/leon3.c | 63 +++-
 1 file changed, 46 insertions(+), 17 deletions(-)

diff --git a/hw/sparc/leon3.c b/hw/sparc/leon3.c
index 6aaa04cb19..c559854e5e 100644
--- a/hw/sparc/leon3.c
+++ b/hw/sparc/leon3.c
@@ -54,10 +54,14 @@
 #define LEON3_PROM_OFFSET(0x)
 #define LEON3_RAM_OFFSET (0x4000)
 
-#define MAX_CPUS  4
+#define MAX_CPUS  (4)
+#define LEON3_EIRQ (12)
 
-#define LEON3_UART_OFFSET  (0x8100)
-#define LEON3_UART_IRQ (3)
+#define LEON3_UART0_OFFSET  (0x8100)
+#define LEON3_UART0_IRQ (2)
+
+#define LEON3_UART1_OFFSET  (0x80100100)
+#define LEON3_UART1_IRQ (17)
 
 #define LEON3_IRQMP_OFFSET (0x8200)
 
@@ -65,7 +69,8 @@
 #define LEON3_TIMER_IRQ(6)
 #define LEON3_TIMER_COUNT  (2)
 
-#define LEON3_APB_PNP_OFFSET (0x800FF000)
+#define LEON3_APB1_PNP_OFFSET (0x800FF000)
+#define LEON3_APB2_PNP_OFFSET (0x801FF000)
 #define LEON3_AHB_PNP_OFFSET (0xF000)
 
 typedef struct ResetData {
@@ -122,7 +127,8 @@ static void write_bootloader(void *ptr, hwaddr kernel_addr)
 
 /* Initialize the UARTs*/
 /* *UART_CONTROL = UART_RECEIVE_ENABLE | UART_TRANSMIT_ENABLE; */
-p = gen_store_u32(p, 0x8108, 3);
+p = gen_store_u32(p, LEON3_UART0_OFFSET + 0x8, 3);
+p = gen_store_u32(p, LEON3_UART1_OFFSET + 0x8, 3);
 
 /* Initialize the TIMER 0  */
 /* *GPTIMER_SCALER_RELOAD = 40 - 1;*/
@@ -271,7 +277,8 @@ static void leon3_generic_hw_init(MachineState *machine)
 DeviceState *dev, *irqmpdev;
 int i;
 AHBPnp *ahb_pnp;
-APBPnp *apb_pnp;
+APBPnp *apb1_pnp;
+APBPnp *apb2_pnp;
 
 reset_info = g_malloc0(sizeof(ResetData));
 
@@ -298,10 +305,19 @@ static void leon3_generic_hw_init(MachineState *machine)
 GRLIB_LEON3_DEV, GRLIB_AHB_MASTER,
 GRLIB_CPU_AREA);
 
-apb_pnp = GRLIB_APB_PNP(qdev_new(TYPE_GRLIB_APB_PNP));
-sysbus_realize_and_unref(SYS_BUS_DEVICE(apb_pnp), &error_fatal);
-sysbus_mmio_map(SYS_BUS_DEVICE(apb_pnp), 0, LEON3_APB_PNP_OFFSET);
-grlib_ahb_pnp_add_entry(ahb_pnp, LEON3_APB_PNP_OFFSET, 0xFFF,
+/* Initialize APB1 */
+apb1_pnp = GRLIB_APB_PNP(qdev_new(TYPE_GRLIB_APB_PNP));
+sysbus_realize_and_unref(SYS_BUS_DEVICE(apb1_pnp), &error_fatal);
+sysbus_mmio_map(SYS_BUS_DEVICE(apb1_pnp), 0, LEON3_APB1_PNP_OFFSET);
+grlib_ahb_pnp_add_entry(ahb_pnp, LEON3_APB1_PNP_OFFSET, 0xFFF,
+GRLIB_VENDOR_GAISLER, GRLIB_APBMST_DEV,
+GRLIB_AHB_SLAVE, GRLIB_AHBMEM_AREA);
+
+/* Initialize APB2 */
+apb2_pnp = GRLIB_APB_PNP(qdev_new(TYPE_GRLIB_APB_PNP));
+sysbus_realize_and_unref(SYS_BUS_DEVICE(apb2_pnp), &error_fatal);
+sysbus_mmio_map(SYS_BUS_DEVICE(apb2_pnp), 0, LEON3_APB2_PNP_OFFSET);
+grlib_ahb_pnp_add_entry(ahb_pnp, LEON3_APB2_PNP_OFFSET, 0xFFF,
 GRLIB_VENDOR_GAISLER, GRLIB_APBMST_DEV,
 GRLIB_AHB_SLAVE, GRLIB_AHBMEM_AREA);
 
@@ -309,6 +325,8 @@ static void leon3_generic_hw_init(MachineState *machine)
 irqmpdev = qdev_new(TYPE_GRLIB_IRQMP);
 object_property_set_int(OBJECT(irqmpdev), "ncpus", machine->smp.cpus,
 &error_fatal);
+/*object_property_set_int(OBJECT(irqmpdev), "eirq", LEON3_EIRQ,*/
+/*&error_fatal);*/
 sysbus_realize_and_unref(SYS_BUS_DEVICE(irqmpdev), &error_fatal);
 
 for (i = 0; i < machine->smp.cpus; i++) {
@@ -325,7 +343,7 @@ static void leon3_generic_hw_init(MachineState *machine)
 }
 
 sysbus_mmio_map(SYS_BUS_DEVICE(irqmpdev), 0, LEON3_IRQMP_OFFSET);
-grlib_apb_pnp_add_entry(apb_pnp, LEON3_IRQMP_OFFSET, 0xFFF,
+grlib_apb_pnp_add_entry(apb1_pnp, LEON3_IRQMP_OFFSET, 0xFFF,
 GRLIB_VENDOR_GAISLER, GRLIB_IRQMP_DEV,
 2, 0, GRLIB_APBIO_AREA);
 
@@ -417,20 +435,31 @@ static void leon3_generic_hw_init(MachineState *machine)
qdev_get_gpio_in(irqmpdev, LEON3_TIMER_IRQ + i));
 }
 
-grlib_apb_pnp_add_entry(apb_pnp, LEON3_TIMER_OFFSET, 0xFFF,
+grlib_apb_pnp_add_entry(apb1_pnp, LEON3_TIMER_OFFSET, 0xFFF,
 GRLIB_VENDOR_GAISLER, GRLIB_GPTIMER_DEV,
 0, LEON3_TIMER_IRQ, GRLIB_APBIO_AREA);
 
-/* Allocate uart */
+/* Allocate UART0 */
 dev = qdev_new(TYPE_GRLIB_APB_UART);
 qdev_prop_set_chr(dev, "chrdev", serial_hd(0));
 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
-sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, LEON3_UART_OFFSET);
+sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, LEON3_UART0_OFFSET);
+sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0,
+   qdev_get_gpio_in(irqmpdev, LEON3_UART0_IRQ));
+grlib_apb_pnp_add_entry(apb1_pnp, LEON3_UART0_OFFSET,

[PATCH 2/2] hw/sparc/leon3: add second uart with extended interrupt usage

[Nikita Shushura]

---
 hw/sparc/leon3.c | 63 +++-
 1 file changed, 46 insertions(+), 17 deletions(-)

diff --git a/hw/sparc/leon3.c b/hw/sparc/leon3.c
index 6aaa04cb19..c559854e5e 100644
--- a/hw/sparc/leon3.c
+++ b/hw/sparc/leon3.c
@@ -54,10 +54,14 @@
 #define LEON3_PROM_OFFSET(0x)
 #define LEON3_RAM_OFFSET (0x4000)
 
-#define MAX_CPUS  4
+#define MAX_CPUS  (4)
+#define LEON3_EIRQ (12)
 
-#define LEON3_UART_OFFSET  (0x8100)
-#define LEON3_UART_IRQ (3)
+#define LEON3_UART0_OFFSET  (0x8100)
+#define LEON3_UART0_IRQ (2)
+
+#define LEON3_UART1_OFFSET  (0x80100100)
+#define LEON3_UART1_IRQ (17)
 
 #define LEON3_IRQMP_OFFSET (0x8200)
 
@@ -65,7 +69,8 @@
 #define LEON3_TIMER_IRQ(6)
 #define LEON3_TIMER_COUNT  (2)
 
-#define LEON3_APB_PNP_OFFSET (0x800FF000)
+#define LEON3_APB1_PNP_OFFSET (0x800FF000)
+#define LEON3_APB2_PNP_OFFSET (0x801FF000)
 #define LEON3_AHB_PNP_OFFSET (0xF000)
 
 typedef struct ResetData {
@@ -122,7 +127,8 @@ static void write_bootloader(void *ptr, hwaddr kernel_addr)
 
 /* Initialize the UARTs*/
 /* *UART_CONTROL = UART_RECEIVE_ENABLE | UART_TRANSMIT_ENABLE; */
-p = gen_store_u32(p, 0x8108, 3);
+p = gen_store_u32(p, LEON3_UART0_OFFSET + 0x8, 3);
+p = gen_store_u32(p, LEON3_UART1_OFFSET + 0x8, 3);
 
 /* Initialize the TIMER 0  */
 /* *GPTIMER_SCALER_RELOAD = 40 - 1;*/
@@ -271,7 +277,8 @@ static void leon3_generic_hw_init(MachineState *machine)
 DeviceState *dev, *irqmpdev;
 int i;
 AHBPnp *ahb_pnp;
-APBPnp *apb_pnp;
+APBPnp *apb1_pnp;
+APBPnp *apb2_pnp;
 
 reset_info = g_malloc0(sizeof(ResetData));
 
@@ -298,10 +305,19 @@ static void leon3_generic_hw_init(MachineState *machine)
 GRLIB_LEON3_DEV, GRLIB_AHB_MASTER,
 GRLIB_CPU_AREA);
 
-apb_pnp = GRLIB_APB_PNP(qdev_new(TYPE_GRLIB_APB_PNP));
-sysbus_realize_and_unref(SYS_BUS_DEVICE(apb_pnp), &error_fatal);
-sysbus_mmio_map(SYS_BUS_DEVICE(apb_pnp), 0, LEON3_APB_PNP_OFFSET);
-grlib_ahb_pnp_add_entry(ahb_pnp, LEON3_APB_PNP_OFFSET, 0xFFF,
+/* Initialize APB1 */
+apb1_pnp = GRLIB_APB_PNP(qdev_new(TYPE_GRLIB_APB_PNP));
+sysbus_realize_and_unref(SYS_BUS_DEVICE(apb1_pnp), &error_fatal);
+sysbus_mmio_map(SYS_BUS_DEVICE(apb1_pnp), 0, LEON3_APB1_PNP_OFFSET);
+grlib_ahb_pnp_add_entry(ahb_pnp, LEON3_APB1_PNP_OFFSET, 0xFFF,
+GRLIB_VENDOR_GAISLER, GRLIB_APBMST_DEV,
+GRLIB_AHB_SLAVE, GRLIB_AHBMEM_AREA);
+
+/* Initialize APB2 */
+apb2_pnp = GRLIB_APB_PNP(qdev_new(TYPE_GRLIB_APB_PNP));
+sysbus_realize_and_unref(SYS_BUS_DEVICE(apb2_pnp), &error_fatal);
+sysbus_mmio_map(SYS_BUS_DEVICE(apb2_pnp), 0, LEON3_APB2_PNP_OFFSET);
+grlib_ahb_pnp_add_entry(ahb_pnp, LEON3_APB2_PNP_OFFSET, 0xFFF,
 GRLIB_VENDOR_GAISLER, GRLIB_APBMST_DEV,
 GRLIB_AHB_SLAVE, GRLIB_AHBMEM_AREA);
 
@@ -309,6 +325,8 @@ static void leon3_generic_hw_init(MachineState *machine)
 irqmpdev = qdev_new(TYPE_GRLIB_IRQMP);
 object_property_set_int(OBJECT(irqmpdev), "ncpus", machine->smp.cpus,
 &error_fatal);
+/*object_property_set_int(OBJECT(irqmpdev), "eirq", LEON3_EIRQ,*/
+/*&error_fatal);*/
 sysbus_realize_and_unref(SYS_BUS_DEVICE(irqmpdev), &error_fatal);
 
 for (i = 0; i < machine->smp.cpus; i++) {
@@ -325,7 +343,7 @@ static void leon3_generic_hw_init(MachineState *machine)
 }
 
 sysbus_mmio_map(SYS_BUS_DEVICE(irqmpdev), 0, LEON3_IRQMP_OFFSET);
-grlib_apb_pnp_add_entry(apb_pnp, LEON3_IRQMP_OFFSET, 0xFFF,
+grlib_apb_pnp_add_entry(apb1_pnp, LEON3_IRQMP_OFFSET, 0xFFF,
 GRLIB_VENDOR_GAISLER, GRLIB_IRQMP_DEV,
 2, 0, GRLIB_APBIO_AREA);
 
@@ -417,20 +435,31 @@ static void leon3_generic_hw_init(MachineState *machine)
qdev_get_gpio_in(irqmpdev, LEON3_TIMER_IRQ + i));
 }
 
-grlib_apb_pnp_add_entry(apb_pnp, LEON3_TIMER_OFFSET, 0xFFF,
+grlib_apb_pnp_add_entry(apb1_pnp, LEON3_TIMER_OFFSET, 0xFFF,
 GRLIB_VENDOR_GAISLER, GRLIB_GPTIMER_DEV,
 0, LEON3_TIMER_IRQ, GRLIB_APBIO_AREA);
 
-/* Allocate uart */
+/* Allocate UART0 */
 dev = qdev_new(TYPE_GRLIB_APB_UART);
 qdev_prop_set_chr(dev, "chrdev", serial_hd(0));
 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
-sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, LEON3_UART_OFFSET);
+sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, LEON3_UART0_OFFSET);
+sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0,
+   qdev_get_gpio_in(irqmpdev, LEON3_UART0_IRQ));
+grlib_apb_pnp_add_entry(apb1_pnp, LEON3_UART0_OFFSET, 0xFFF,
+   

[PATCH 1/2] hw/intc/grlib_irqmp: add support for extended interrupts

[Nikita Shushura]

Signed-off-by: Nikita Shushura 
---
 hw/intc/grlib_irqmp.c | 68 +++
 1 file changed, 49 insertions(+), 19 deletions(-)

diff --git a/hw/intc/grlib_irqmp.c b/hw/intc/grlib_irqmp.c
index 37ac63fd80..2fd76dd1b4 100644
--- a/hw/intc/grlib_irqmp.c
+++ b/hw/intc/grlib_irqmp.c
@@ -1,8 +1,6 @@
 /*
  * QEMU GRLIB IRQMP Emulator
  *
- * (Extended interrupt not supported)
- *
  * SPDX-License-Identifier: MIT
  *
  * Copyright (c) 2010-2024 AdaCore
@@ -38,25 +36,29 @@
 #include "qemu/module.h"
 #include "qom/object.h"
 
-#define IRQMP_MAX_CPU 16
-#define IRQMP_REG_SIZE 256  /* Size of memory mapped registers */
+#define IRQMP_MAX_CPU (16)
+#define IRQMP_REG_SIZE (256)/* Size of memory mapped registers */
 
 /* Memory mapped register offsets */
-#define LEVEL_OFFSET 0x00
-#define PENDING_OFFSET   0x04
-#define FORCE0_OFFSET0x08
-#define CLEAR_OFFSET 0x0C
-#define MP_STATUS_OFFSET 0x10
-#define BROADCAST_OFFSET 0x14
-#define MASK_OFFSET  0x40
-#define FORCE_OFFSET 0x80
-#define EXTENDED_OFFSET  0xC0
+#define LEVEL_OFFSET (0x00)
+#define PENDING_OFFSET   (0x04)
+#define FORCE0_OFFSET(0x08)
+#define CLEAR_OFFSET (0x0C)
+#define MP_STATUS_OFFSET (0x10)
+#define BROADCAST_OFFSET (0x14)
+#define MASK_OFFSET  (0x40)
+#define FORCE_OFFSET (0x80)
+#define EXTENDED_OFFSET  (0xC0)
 
 /* Multiprocessor Status Register  */
 #define MP_STATUS_CPU_STATUS_MASK ((1 << IRQMP_MAX_CPU)-2)
-#define MP_STATUS_NCPU_SHIFT  28
+#define MP_STATUS_NCPU_SHIFT  (28)
+#define MP_STATUS_EIRQ_OFFSET (16)
+
+#define MAX_PILS_STD (16)
+#define MAX_PILS_EXT (32)
 
-#define MAX_PILS 16
+#define DEFAULT_EIRQ (12)
 
 OBJECT_DECLARE_SIMPLE_TYPE(IRQMP, GRLIB_IRQMP)
 
@@ -68,6 +70,7 @@ struct IRQMP {
 MemoryRegion iomem;
 
 unsigned int ncpus;
+unsigned int eirq;
 IRQMPState *state;
 qemu_irq start_signal[IRQMP_MAX_CPU];
 qemu_irq irq[IRQMP_MAX_CPU];
@@ -89,13 +92,25 @@ struct IRQMPState {
 
 static void grlib_irqmp_check_irqs(IRQMPState *state)
 {
-int i;
+int i, j;
 
 assert(state != NULL);
 assert(state->parent != NULL);
 
 for (i = 0; i < state->parent->ncpus; i++) {
 uint32_t pend = (state->pending | state->force[i]) & state->mask[i];
+
+/*
+ * Check is pending interrupt is extended,
+ * if so set pending to EIRQ and acknowledge extended interrupt"
+ */
+for (j = MAX_PILS_STD; j <= MAX_PILS_EXT; j++) {
+if ((pend & (1 << j)) != 0) {
+pend = (1 << state->parent->eirq);
+state->extended[i] = (j & 0x);
+}
+}
+
 uint32_t level0 = pend & ~state->level;
 uint32_t level1 = pend &  state->level;
 
@@ -110,6 +125,10 @@ static void grlib_irqmp_check_irqs(IRQMPState *state)
 static void grlib_irqmp_ack_mask(IRQMPState *state, unsigned int cpu,
  uint32_t mask)
 {
+if ((mask & (1 << state->parent->eirq)) != 0) {
+mask |= (1 << state->extended[cpu]);
+}
+
 /* Clear registers */
 state->pending  &= ~mask;
 state->force[cpu] &= ~mask;
@@ -144,7 +163,6 @@ static void grlib_irqmp_set_irq(void *opaque, int irq, int 
level)
 assert(s != NULL);
 assert(s->parent != NULL);
 
-
 if (level) {
 trace_grlib_irqmp_set_irq(irq);
 
@@ -278,6 +296,9 @@ static void grlib_irqmp_write(void *opaque, hwaddr addr,
 state->mpstatus &= ~(1 << i);
 }
 }
+
+/* Writing EIRQ number */
+state->mpstatus |= (state->parent->eirq << MP_STATUS_EIRQ_OFFSET);
 return;
 
 case BROADCAST_OFFSET:
@@ -345,7 +366,8 @@ static void grlib_irqmp_reset(DeviceState *d)
 memset(irqmp->state, 0, sizeof *irqmp->state);
 irqmp->state->parent = irqmp;
 irqmp->state->mpstatus = ((irqmp->ncpus - 1) << MP_STATUS_NCPU_SHIFT) |
-((1 << irqmp->ncpus) - 2);
+((1 << irqmp->ncpus) - 2) |
+(irqmp->eirq << MP_STATUS_EIRQ_OFFSET);
 }
 
 static void grlib_irqmp_realize(DeviceState *dev, Error **errp)
@@ -359,7 +381,14 @@ static void grlib_irqmp_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
-qdev_init_gpio_in(dev, grlib_irqmp_set_irq, MAX_PILS);
+if ((!irqmp->eirq) || (irqmp->eirq >= MAX_PILS_STD)) {
+error_setg(errp, "Invalid eirq properties: "
+   "%u, must be 0 < eirq < %u.", irqmp->eirq,
+   MAX_PILS_STD);
+return;
+}
+
+qdev_init_gpio_in(dev, grlib_irqmp_set_irq, MAX_PILS_EXT);
 
 /*
  * Transitionning from 0 to 1 starts the CPUs. The opposite can't
@@ -378,6 +407,7 @@ static void grlib_irqmp_realize(DeviceState *dev, Error 
**errp)
 
 static Property grlib_irqmp_properties[] = {
 DEFINE_PROP_UINT32("ncpus", IRQMP, ncpus, 1),
+DEFINE_PROP_UINT32("eirq", IRQMP, eirq, DEFAULT_EIRQ),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
2.46.1