[PATCH v5 00/29] Support AST2700 A1

[Jamin Lin via]

v1:
 1. Refactor INTC model to support both INTC0 and INTC1.
 2. Support AST2700 A1.
 3. Create ast2700a0-evb machine.
 
v2:
  To streamline the review process, split the following patch series into
  three parts.
  
https://patchwork.kernel.org/project/qemu-devel/cover/20250121070424.2465942-1-jamin_...@aspeedtech.com/
  This patch series focuses on cleaning up the INTC model to
  facilitate future support for the INTC_IO model.

v3:
 1. Update and add functional test for AST2700
 2. Add AST2700 INTC design guidance and its block diagram.
 3. Retaining the INTC naming and introducing a new INTCIO model to support the 
AST2700 A1.
 4. Create ast2700a1-evb machine and rename ast2700a0-evb machine
 5. Fix silicon revision issue and support AST2700 A1.

v4:
 1. rework functional test for AST2700
 2. the initial machine "ast2700-evb" is aliased to "ast2700a0-evb.
 3. intc: Reduce regs array size by adding a register sub-region
 4. intc: split patch for Support setting different register sizes
 5. update ast2700a1-evb machine parent to TYPE_ASPEED_MACHINE

v5:
 1. Rename status_addr and addr to status_reg and reg for clarity
 2. Introduce dynamic allocation for regs array
 3. Sort the memmap table by mapping address
 4. ast27x0.c split patch for Support two levels of INTC controllers for 
AST2700 A1
 5. tests/functional/aspped split patch for Introduce start_ast2700_test API
 6. keep variable naming for reviewer suggestion.
 7. Add reviewer suggestion and split patch to make more readable.
 
With the patch applied, QEMU now supports two machines for running AST2700 SoCs:
ast2700a0-evb: Designed for AST2700 A0
ast2700a1-evb: Designed for AST2700 A1

Test information
1. QEMU version: 
https://github.com/qemu/qemu/commit/50d38b8921837827ea397d4b20c8bc5efe186e53
2. ASPEED SDK v09.05 pre-built image
   https://github.com/AspeedTech-BMC/openbmc/releases/tag/v09.05
   ast2700-default-obmc.tar.gz (AST2700 A1)
   
https://github.com/AspeedTech-BMC/openbmc/releases/download/v09.05/ast2700-default-obmc.tar.gz
   ast2700-a0-default-obmc.tar.gz (AST2700 A0)
   
https://github.com/AspeedTech-BMC/openbmc/releases/download/v09.05/ast2700-a0-default-obmc.tar.gz
   
This patch series depends on the following patch series:
https://patchwork.kernel.org/project/qemu-devel/cover/20250303073547.1145080-1-jamin_...@aspeedtech.com/
https://patchwork.kernel.org/project/qemu-devel/cover/20250225075622.305515-1-jamin_...@aspeedtech.com/

Jamin Lin (29):
  hw/intc/aspeed: Support setting different memory size
  hw/intc/aspeed: Rename status_addr and addr to status_reg and reg for
clarity
  hw/intc/aspeed: Introduce dynamic allocation for regs array
  hw/intc/aspeed: Support setting different register size
  hw/intc/aspeed: Reduce regs array size by adding a register sub-region
  hw/intc/aspeed: Introduce helper functions for enable and status
registers
  hw/intc/aspeed: Add object type name to trace events for better
debugging
  hw/arm/aspeed: Rename IRQ table and machine name for AST2700 A0
  hw/arm/aspeed_ast27x0: Sort the IRQ table by IRQ number
  hw/intc/aspeed: Support different memory region ops
  hw/intc/aspeed: Rename num_ints to num_inpins for clarity
  hw/intc/aspeed: Add support for multiple output pins in INTC
  hw/intc/aspeed: Refactor INTC to support separate input and output pin
indices
  hw/intc/aspeed: Introduce AspeedINTCIRQ structure to save the irq
index and register address
  hw/intc/aspeed: Introduce IRQ handler function to reduce code
duplication
  hw/intc/aspeed: Add Support for Multi-Output IRQ Handling
  hw/intc/aspeed: Add Support for AST2700 INTCIO Controller
  hw/misc/aspeed_scu: Add Support for AST2700/AST2750 A1 Silicon
Revisions
  hw/arm/aspeed_ast27x0.c Support AST2700 A1 GIC Interrupt Mapping
  hw/arm/aspeed_ast27x0: Define an Array of AspeedINTCState with Two
Instances
  hw/arm/aspeed_ast27x0: Support two levels of INTC controllers for
AST2700 A1
  hw/arm/aspeed_ast27x0: Add SoC Support for AST2700 A1
  hw/arm/aspeed: Add Machine Support for AST2700 A1
  hw/arm/aspeed_ast27x0: Sort the memmap table by mapping address
  tests/functional/aspeed: Introduce start_ast2700_test API
  tests/functional/aspeed: Update temperature hwmon path
  tests/functional/aspeed: Update test ASPEED SDK v09.05
  tests/functional/aspeed: Add test case for AST2700 A1
  docs/specs: Add aspeed-intc

 docs/specs/aspeed-intc.rst  | 136 +
 docs/specs/index.rst|   1 +
 include/hw/arm/aspeed_soc.h |   3 +-
 include/hw/intc/aspeed_intc.h   |  36 +-
 include/hw/misc/aspeed_scu.h|   2 +
 hw/arm/aspeed.c |  33 +-
 hw/arm/aspeed_ast27x0.c | 329 
 hw/intc/aspeed_intc.c   | 667 ++--
 hw/misc/aspeed_scu.c|   2 +
 hw/intc/trace-events|  25 +-
 tests/functional/test_aarch64_aspeed.py |  47 +-
 11 files changed, 978 ins

Re: [PATCH v5 26/29] tests/functional/aspeed: Update temperature hwmon path

[Cédric Le Goater]

On 3/6/25 11:38, Jamin Lin wrote:

Modified the temperature hwmon path to use a wildcard to handle different SDK
versions: "cat /sys/bus/i2c/devices/1-004d/hwmon/hwmon*/temp1_input".

Signed-off-by: Jamin Lin 



Reviewed-by: Cédric Le Goater 

Thanks,

C.



---
  tests/functional/test_aarch64_aspeed.py | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/functional/test_aarch64_aspeed.py 
b/tests/functional/test_aarch64_aspeed.py
index e1ad7fd470..07b0c7c1fd 100755
--- a/tests/functional/test_aarch64_aspeed.py
+++ b/tests/functional/test_aarch64_aspeed.py
@@ -83,11 +83,11 @@ def start_ast2700_test(self, name):
  'echo lm75 0x4d > /sys/class/i2c-dev/i2c-1/device/new_device ',
  'i2c i2c-1: new_device: Instantiated device lm75 at 0x4d');
  exec_command_and_wait_for_pattern(self,
-'cat /sys/class/hwmon/hwmon20/temp1_input', '0')
+'cat /sys/bus/i2c/devices/1-004d/hwmon/hwmon*/temp1_input', '0')
  self.vm.cmd('qom-set', path='/machine/peripheral/tmp-test',
  property='temperature', value=18000)
  exec_command_and_wait_for_pattern(self,
-'cat /sys/class/hwmon/hwmon20/temp1_input', '18000')
+'cat /sys/bus/i2c/devices/1-004d/hwmon/hwmon*/temp1_input', 
'18000')
  
  def test_aarch64_ast2700_evb_sdk_v09_03(self):

  self.set_machine('ast2700-evb')

Re: [PATCH 56/57] docs/qapidoc: add intermediate output debugger

[Markus Armbruster]

John Snow  writes:

> Add debugging output for the qapidoc transmogrifier - setting DEBUG=1
> will produce .ir files (one for each qapidoc directive) that write the
> generated rst file to disk to allow for easy debugging and verification
> of the generated document.
>
> Signed-off-by: John Snow 

I understand we generally need to examine these .ir files only when
things go wrong, or maybe to help understanding the transmogrifier.  I
guess few people will care, and only rarely.  But when we care, we
likely care a *lot*.  Sure we want to dig the information on how to get
.ir files out of a commit message then?

Re: [PATCH] doc: add missing 'Asset' type in function test doc

[Thomas Huth]

On 06/03/2025 07.44, Philippe Mathieu-Daudé wrote:

On 6/3/25 07:07, Aditya Gupta wrote:

Seems 'Asset' got missed in the documentation by mistake.

Also fix the one spellcheck issue pointed by spellcheck

Signed-off-by: Aditya Gupta 
---
  docs/devel/testing/functional.rst | 6 --
  1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/devel/testing/functional.rst b/docs/devel/testing/ 
functional.rst

index ecc738922b7c..50fca2a0291e 100644
--- a/docs/devel/testing/functional.rst
+++ b/docs/devel/testing/functional.rst
@@ -251,7 +251,7 @@ Many functional tests download assets (e.g. Linux 
kernels, initrds,

  firmware images, etc.) from the internet to be able to run tests with
  them. This imposes additional challenges to the test framework.
-First there is the the problem that some people might not have an
+First there is the problem that some people might not have an
  unconstrained internet connection, so such tests should not be run by
  default when running ``make check``. To accomplish this situation,
  the tests that download files should only be added to the "thorough"
@@ -274,7 +274,9 @@ the tests are run. This pre-caching is done with the 
qemu_test.Asset

  class. To use it in your test, declare an asset in your test class with
  its URL and SHA256 checksum like this::
-    ASSET_somename = (
+    from qemu_test import Asset
+
+    ASSET_somename = Asset(
  ('https://www.qemu.org/assets/images/qemu_head_200.png'),
  '34b74cad46ea28a2966c1d04e102510daf1fd73e6582b6b74523940d5da029dd')


Reviewed-by: Philippe Mathieu-Daudé 


Thanks, queued!

 Thomas

Re: New git repository for Go bindings

[Daniel P . Berrangé]

On Fri, Mar 07, 2025 at 01:30:38PM +0100, Victor Toso wrote:
> Hi,
> 
> I've been working on and off in having Go bindings for QEMU's
> QAPI specification. The last version [0] seems to be accepted so
> far but we would like not to have that in qemu.git.
> 
> In the past [1], Daniel suggested creating a repo per each
> generated schema: go-qemu.git, go-qga.git, go-qsd.git
>
> While that works well from the point of view of Go applications
> and is neat organized too, afaict they are all bounded to QEMU's
> release schedule so it might be enough to create a single repo
> such as:
> 
> qapi-generators.git
> └── golang
> ├── module.py # The go generator
> ├── qemu  # For qapi/qapi-schema.json
> │   ├── doc.go
> │   ├── gen_iface_command.go
> │   ├── gen_iface_event.go
> │   ├── gen_type_alternate.go
> │   ├── gen_type_command.go
> │   ├── gen_type_enum.go
> │   ├── gen_type_event.go
> │   ├── gen_type_struct.go
> │   ├── gen_type_union.go
> │   ├── go.mod
> │   ├── protocol.go
> │   └── utils.go
> ├── qga # qga/qapi-schema.json
> └── qsd # storage-daemon/qapi/qapi-schema.json
> 
> Or perhaps a per language repo?

I'd suggest we keep the repo dedicated just for 'go' language, as mixed
language repos are more trouble than they are worth when it comes to
dealing with language specific build tools.


With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH v2 0/5] ppc/amigaone patches

[BALATON Zoltan]

On Thu, 27 Feb 2025, BALATON Zoltan wrote:

Hello,

v2:
- change unused read function to g_assert_not_reached()
- new patch to add defines to constants
- added R-b tags


Ping? Will there be a pull request for soft freeze with this series 
included or do I need to do anything with this?


Regards,
BALATON Zoltan


This series adds NVRAM and support for -kernel, -initrd and -append
options to the amigaone machine. This makes it easier to boot AmigaOS
and avoids a crash in the guest when it tries to access NVRAM.

While the -kernel option emulates what U-Boot passes to the kernel,
old Linux kernels for amigaone may not work with it because of two
reasons: these come in legacy U-Boot Multi-File image format that QEMU
cannot read and even after unpacking that and creating a kernel uimage
it won't find PCI devices because it does not initialise them
correctly. This works when booted from U-Boot because U-Boot inits PCI
devices. So does my BBoot loader which can be used to load AmigaOS so
I don't intend to emulate that part of U-Boot.

I'd like this to be merged for the next release please. When merging
please update https://wiki.qemu.org/ChangeLog/10.0 with the following:

amigaone

Added support for NVRAM and -kernel, -initrd, -append command line
options. By default the NVRAM contents are not preserved between
sessions. To make it persistent create a backing file with 'qemu-image
create -f raw nvram.bin 4k' and add -drive
if=mtd,format=raw,file=nvram.bin to keep NVRAM contents in the backing
file so settings stored in it will be preserved between sessions.

To run AmigaOS with BBoot using the -kernel option at least BBoot
version 0.8 is needed. Older BBoot versions only work with -device
loader and cannot be used with -kernel on amigaone.

Regards,

BALATON Zoltan (5):
 ppc/amigaone: Simplify replacement dummy_fw
 ppc/amigaone: Implement NVRAM emulation
 ppc/amigaone: Add default environment
 ppc/amigaone: Add kernel and initrd support
 ppc/amigaone: Add #defines for memory map constants

hw/ppc/amigaone.c | 284 +++---
1 file changed, 271 insertions(+), 13 deletions(-)

[PATCH v3 2/3] bsd-user: Propagate alignment argument to mmap_find_vma()

[Philippe Mathieu-Daudé]

Propagate the alignment to mmap_find_vma(), effectively
embedding mmap_find_vma_aligned() within mmap_find_vma().

Since we ignore the alignment in do_bsd_shmat(), leave a
FIXME comment.

Signed-off-by: Philippe Mathieu-Daudé 
---
 bsd-user/bsd-mem.h |  2 +-
 bsd-user/qemu.h|  2 +-
 bsd-user/mmap.c| 10 ++
 3 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index f5ec0de24ca..87219da2919 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -372,7 +372,7 @@ static inline abi_long do_bsd_shmat(int shmid, abi_ulong 
shmaddr, int shmflg)
 } else {
 abi_ulong mmap_start;
 
-mmap_start = mmap_find_vma(0, shm_info.shm_segsz);
+mmap_start = mmap_find_vma(0, shm_info.shm_segsz, 0 /* FIXME??? 
*/);
 
 if (mmap_start == -1) {
 return -TARGET_ENOMEM;
diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
index 4e97c796318..0b3bd65b180 100644
--- a/bsd-user/qemu.h
+++ b/bsd-user/qemu.h
@@ -242,7 +242,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong 
old_size,
abi_ulong new_addr);
 int target_msync(abi_ulong start, abi_ulong len, int flags);
 extern abi_ulong mmap_next_start;
-abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size);
+abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size, abi_ulong alignment);
 void mmap_reserve(abi_ulong start, abi_ulong size);
 void TSA_NO_TSA mmap_fork_start(void);
 void TSA_NO_TSA mmap_fork_end(int child);
diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c
index 28d7e387a20..da22fcc7c41 100644
--- a/bsd-user/mmap.c
+++ b/bsd-user/mmap.c
@@ -275,8 +275,7 @@ static abi_ulong mmap_find_vma_reserved(abi_ulong start, 
abi_ulong size,
  * It must be called with mmap_lock() held.
  * Return -1 if error.
  */
-static abi_ulong mmap_find_vma_aligned(abi_ulong start, abi_ulong size,
-   abi_ulong alignment)
+abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size, abi_ulong alignment)
 {
 void *ptr, *prev;
 abi_ulong addr;
@@ -395,11 +394,6 @@ static abi_ulong mmap_find_vma_aligned(abi_ulong start, 
abi_ulong size,
 }
 }
 
-abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size)
-{
-return mmap_find_vma_aligned(start, size, 0);
-}
-
 /* NOTE: all the constants are the HOST ones */
 abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
  int flags, int fd, off_t offset)
@@ -496,7 +490,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int 
prot,
 if ((flags & MAP_ALIGNMENT_MASK) != 0) {
 alignment = (flags & MAP_ALIGNMENT_MASK) >> MAP_ALIGNMENT_SHIFT;
 }
-start = mmap_find_vma_aligned(real_start, host_len, alignment);
+start = mmap_find_vma(real_start, host_len, alignment);
 if (start == (abi_ulong)-1) {
 errno = ENOMEM;
 goto fail;
-- 
2.47.1

Re: [PATCH v3 2/3] bsd-user: Propagate alignment argument to mmap_find_vma()

[Richard Henderson]

On 3/7/25 05:09, Philippe Mathieu-Daudé wrote:

Propagate the alignment to mmap_find_vma(), effectively
embedding mmap_find_vma_aligned() within mmap_find_vma().

Since we ignore the alignment in do_bsd_shmat(), leave a
FIXME comment.

Signed-off-by: Philippe Mathieu-Daudé 
---
  bsd-user/bsd-mem.h |  2 +-
  bsd-user/qemu.h|  2 +-
  bsd-user/mmap.c| 10 ++
  3 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index f5ec0de24ca..87219da2919 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -372,7 +372,7 @@ static inline abi_long do_bsd_shmat(int shmid, abi_ulong 
shmaddr, int shmflg)
  } else {
  abi_ulong mmap_start;
  
-mmap_start = mmap_find_vma(0, shm_info.shm_segsz);

+mmap_start = mmap_find_vma(0, shm_info.shm_segsz, 0 /* FIXME??? 
*/);


It's not really ignoring the alignment, but not requiring alignment above page 
size.

Traditionally, the alignment for shmat should be SHMLBA.
But in current freebsd sources,

sys/sys/shm.h:#define SHMLBA  PAGE_SIZE /* Segment low boundary address 
multiple */

there are no crazy broken old architectures to worry about.


r~

Re: [PATCH 3/3] hw/riscv/riscv_iommu: Remove the "bus" property

[Daniel Henrique Barboza]

On 3/2/25 6:12 AM, Jason Chien wrote:

This property was originally intended to set the bus number for non-root
endpoints. However, since the PCIe bus number is assigned and modified
at runtime, setting this property before software execution is incorrect.
Additionally, the property incorrectly assumes that all endpoints share
the same bus, whereas no such restriction exists.

With the IOMMU now retrieving the latest device IDs from memory attributes,
there is no longer a need to set or update device IDs.

Signed-off-by: Jason Chien 
---


Reviewed-by: Daniel Henrique Barboza 


  hw/riscv/riscv-iommu.c | 7 ---
  hw/riscv/riscv-iommu.h | 1 -
  2 files changed, 8 deletions(-)

diff --git a/hw/riscv/riscv-iommu.c b/hw/riscv/riscv-iommu.c
index b72ce8e6d0..1ca85b95ac 100644
--- a/hw/riscv/riscv-iommu.c
+++ b/hw/riscv/riscv-iommu.c
@@ -1197,9 +1197,6 @@ static AddressSpace *riscv_iommu_space(RISCVIOMMUState 
*s, uint32_t devid)
  {
  RISCVIOMMUSpace *as;
  
-/* FIXME: PCIe bus remapping for attached endpoints. */

-devid |= s->bus << 8;
-
  QLIST_FOREACH(as, &s->spaces, list) {
  if (as->devid == devid) {
  break;
@@ -2261,9 +2258,6 @@ static MemTxResult riscv_iommu_trap_write(void *opaque, 
hwaddr addr,
  return MEMTX_ACCESS_ERROR;
  }
  
-/* FIXME: PCIe bus remapping for attached endpoints. */

-devid |= s->bus << 8;
-
  ctx = riscv_iommu_ctx(s, devid, 0, &ref);
  if (ctx == NULL) {
  res = MEMTX_ACCESS_ERROR;
@@ -2498,7 +2492,6 @@ void riscv_iommu_reset(RISCVIOMMUState *s)
  static const Property riscv_iommu_properties[] = {
  DEFINE_PROP_UINT32("version", RISCVIOMMUState, version,
  RISCV_IOMMU_SPEC_DOT_VER),
-DEFINE_PROP_UINT32("bus", RISCVIOMMUState, bus, 0x0),
  DEFINE_PROP_UINT32("ioatc-limit", RISCVIOMMUState, iot_limit,
  LIMIT_CACHE_IOT),
  DEFINE_PROP_BOOL("intremap", RISCVIOMMUState, enable_msi, TRUE),
diff --git a/hw/riscv/riscv-iommu.h b/hw/riscv/riscv-iommu.h
index a31aa62144..655c0e71a8 100644
--- a/hw/riscv/riscv-iommu.h
+++ b/hw/riscv/riscv-iommu.h
@@ -34,7 +34,6 @@ struct RISCVIOMMUState {
  /*< public >*/
  uint32_t version; /* Reported interface version number */
  uint32_t pid_bits;/* process identifier width */
-uint32_t bus; /* PCI bus mapping for non-root endpoints */
  
  uint64_t cap; /* IOMMU supported capabilities */

  uint64_t fctl;/* IOMMU enabled features */

Re: [PATCH v3 2/3] bsd-user: Propagate alignment argument to mmap_find_vma()

[Philippe Mathieu-Daudé]

On 7/3/25 17:08, Richard Henderson wrote:

On 3/7/25 05:09, Philippe Mathieu-Daudé wrote:

Propagate the alignment to mmap_find_vma(), effectively
embedding mmap_find_vma_aligned() within mmap_find_vma().

Since we ignore the alignment in do_bsd_shmat(), leave a
FIXME comment.

Signed-off-by: Philippe Mathieu-Daudé 
---
  bsd-user/bsd-mem.h |  2 +-
  bsd-user/qemu.h    |  2 +-
  bsd-user/mmap.c    | 10 ++
  3 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index f5ec0de24ca..87219da2919 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -372,7 +372,7 @@ static inline abi_long do_bsd_shmat(int shmid, 
abi_ulong shmaddr, int shmflg)

  } else {
  abi_ulong mmap_start;
-    mmap_start = mmap_find_vma(0, shm_info.shm_segsz);
+    mmap_start = mmap_find_vma(0, shm_info.shm_segsz, 0 /* 
FIXME??? */);


It's not really ignoring the alignment, but not requiring alignment 
above page size.


Traditionally, the alignment for shmat should be SHMLBA.
But in current freebsd sources,

sys/sys/shm.h:#define SHMLBA  PAGE_SIZE /* Segment low boundary 
address multiple */


there are no crazy broken old architectures to worry about.


OK, thank you for checking!

[PULL 07/10] qdev: Change values of PropertyInfo member @type to be QAPI types

[Markus Armbruster]

PropertyInfo member @type is externally visible via QMP
device-list-properties and qom-list-properies.

Its meaning is not documented at its definition.

It gets passed as @type argument to object_property_add() and
object_class_property_add().  This argument's documentation isn't of
much help, either:

 * @type: the type name of the property.  This namespace is pretty loosely
 *   defined.  Sub namespaces are constructed by using a prefix and then
 *   to angle brackets.  For instance, the type 'virtio-net-pci' in the
 *   'link' namespace would be 'link'.

The two QMP commands document it as

 # @type: the type of the property.  This will typically come in one of
 # four forms:
 #
 # 1) A primitive type such as 'u8', 'u16', 'bool', 'str', or
 #'double'.  These types are mapped to the appropriate JSON
 #type.
 #
 # 2) A child type in the form 'child' where subtype is a
 #qdev device type name.  Child properties create the
 #composition tree.
 #
 # 3) A link type in the form 'link' where subtype is a
 #qdev device type name.  Link properties form the device model
 #graph.

"Typically come in one of four forms" followed by three items inspires
the level of trust that is appropriate here.

Clean up a bunch of funnies:

* qdev_prop_fdc_drive_type.type is "FdcDriveType".  Its .enum_table
  refers to QAPI type "FloppyDriveType".  So use that.

* qdev_prop_reserved_region is "reserved_region".  Its only user is an
  array property called "reserved-regions".  Its .set() visits str.
  So change @type to "str".

* trng_prop_fault_event_set.type is "uint32:bits".  Its .set() visits
  uint32, so change @type to "uint32".  If we believe mentioning it's
  actually bits is useful, the proper place would be .description.

* ccw_loadparm.type is "ccw_loadparm".  It's users are properties
  called "loadparm".  Its .set() visits str.  So change @type to
  "str".

* qdev_prop_nv_gpudirect_clique.type is "uint4".  Its set() visits
  uint8, so change @type to "uint8".  If we believe mentioning the
  range is useful, the proper place would be .description.

* s390_pci_fid_propinfo.type is "zpci_fid".  Its .set() visits uint32.
  So change type to that, and move the "zpci_fid" to .description.
  This is admittedly a lousy description, but it's still an
  improvement; for instance, output of -device zpci,help changes from

  fid=

  to

  fid=   - zpci_fid

* Similarly for a raft of PropertyInfo in target/riscv/cpu.c.

Signed-off-by: Markus Armbruster 
Message-ID: <20250227085601.4140852-5-arm...@redhat.com>
Reviewed-by: Daniel P. Berrangé 
[Commit message typo fixed]
---
 hw/core/qdev-properties-system.c |  4 +--
 hw/misc/xlnx-versal-trng.c   |  2 +-
 hw/s390x/ccw-device.c|  2 +-
 hw/s390x/s390-pci-bus.c  |  3 ++-
 hw/vfio/pci-quirks.c |  2 +-
 target/riscv/cpu.c   | 44 ++--
 6 files changed, 37 insertions(+), 20 deletions(-)

diff --git a/hw/core/qdev-properties-system.c b/hw/core/qdev-properties-system.c
index 56fe5e25db..0ac1485d54 100644
--- a/hw/core/qdev-properties-system.c
+++ b/hw/core/qdev-properties-system.c
@@ -667,7 +667,7 @@ const PropertyInfo qdev_prop_bios_chs_trans = {
 /* --- FDC default drive types */
 
 const PropertyInfo qdev_prop_fdc_drive_type = {
-.type = "FdcDriveType",
+.type = "FloppyDriveType",
 .description = "FDC drive type, "
"144/288/120/none/auto",
 .enum_table = &FloppyDriveType_lookup,
@@ -801,7 +801,7 @@ out:
 }
 
 const PropertyInfo qdev_prop_reserved_region = {
-.type  = "reserved_region",
+.type  = "str",
 .description = "Reserved Region, example: 0xFEE0:0xFEEF:0",
 .get   = get_reserved_region,
 .set   = set_reserved_region,
diff --git a/hw/misc/xlnx-versal-trng.c b/hw/misc/xlnx-versal-trng.c
index 9a44a90d1e..ba93f93cab 100644
--- a/hw/misc/xlnx-versal-trng.c
+++ b/hw/misc/xlnx-versal-trng.c
@@ -652,7 +652,7 @@ static void trng_prop_fault_event_set(Object *obj, Visitor 
*v,
 }
 
 static const PropertyInfo trng_prop_fault_events = {
-.type = "uint32:bits",
+.type = "uint32",
 .description = "Set to trigger TRNG fault events",
 .set = trng_prop_fault_event_set,
 .realized_set_allowed = true,
diff --git a/hw/s390x/ccw-device.c b/hw/s390x/ccw-device.c
index 5aa6ff8eac..1d4b8ea35c 100644
--- a/hw/s390x/ccw-device.c
+++ b/hw/s390x/ccw-device.c
@@ -74,7 +74,7 @@ static void ccw_device_set_loadparm(Object *obj, Visitor *v,
 }
 
 const PropertyInfo ccw_loadparm = {
-.type  = "ccw_loadparm",
+.type  = "str",
 .description = "Up to 8 chars in set of [A-Za-z0-9. ] to pass"
 " to the guest loader/kernel",
 .get = ccw_device_get_loadparm,
diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index 7f340965c0..04cdd4a11b 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -1495,7 +1495,8 @@ static void s390_pci_set

[PATCH v3 01/10] vfio/igd: Remove GTT write quirk in IO BAR 4

[Tomita Moeko]

The IO BAR4 of IGD devices contains a pair of 32-bit address/data
registers, MMIO_Index (0x0) and MMIO_Data (0x4), which provide access
to the MMIO BAR0 (GTTMMADR) from IO space. These registers are probably
only used by the VBIOS, and are not documented by intel. The observed
layout of MMIO_Index register is:
 31   2   1  0
+---+
|Offset| Rsvd | Sel |
+---+
- Offset: Byte offset in specified region, 4-byte aligned.
- Sel: Region selector
   0: MMIO register region (first half of MMIO BAR0)
   1: GTT region (second half of MMIO BAR0). Pre Gen11 only.

Currently, QEMU implements a quirk that adjusts the guest Data Stolen
Memory (DSM) region address to be (addr - host BDSM + guest BDSM) when
programming GTT entries via IO BAR4, assuming guest still programs GTT
with host DSM address, which is not the case. Guest's BDSM register is
emulated and initialized to 0 at startup by QEMU, then SeaBIOS programs
its value[1]. As result, the address programmed to GTT entries by VBIOS
running in guest are valid GPA, and this unnecessary adjustment brings
inconsistency.

[1] 
https://gitlab.com/qemu-project/seabios/-/blob/1.12-stable/src/fw/pciinit.c#L319-332

Signed-off-by: Tomita Moeko 
---
 hw/vfio/igd.c | 191 +-
 1 file changed, 1 insertion(+), 190 deletions(-)

diff --git a/hw/vfio/igd.c b/hw/vfio/igd.c
index b1a237edd6..ca3a32f4f2 100644
--- a/hw/vfio/igd.c
+++ b/hw/vfio/igd.c
@@ -106,12 +106,6 @@ static int igd_gen(VFIOPCIDevice *vdev)
 return -1;
 }
 
-typedef struct VFIOIGDQuirk {
-struct VFIOPCIDevice *vdev;
-uint32_t index;
-uint64_t bdsm;
-} VFIOIGDQuirk;
-
 #define IGD_GMCH 0x50 /* Graphics Control Register */
 #define IGD_BDSM 0x5c /* Base Data of Stolen Memory */
 #define IGD_BDSM_GEN11 0xc0 /* Base Data of Stolen Memory of gen 11 and later 
*/
@@ -300,129 +294,6 @@ static int vfio_pci_igd_lpc_init(VFIOPCIDevice *vdev,
 return ret;
 }
 
-/*
- * IGD Gen8 and newer support up to 8MB for the GTT and use a 64bit PTE
- * entry, older IGDs use 2MB and 32bit.  Each PTE maps a 4k page.  Therefore
- * we either have 2M/4k * 4 = 2k or 8M/4k * 8 = 16k as the maximum iobar index
- * for programming the GTT.
- *
- * See linux:include/drm/i915_drm.h for shift and mask values.
- */
-static int vfio_igd_gtt_max(VFIOPCIDevice *vdev)
-{
-uint32_t gmch = vfio_pci_read_config(&vdev->pdev, IGD_GMCH, sizeof(gmch));
-int gen = igd_gen(vdev);
-uint64_t ggms_size = igd_gtt_memory_size(gen, gmch);
-
-return (ggms_size / (4 * KiB)) * (gen < 8 ? 4 : 8);
-}
-
-/*
- * The IGD ROM will make use of stolen memory (GGMS) for support of VESA modes.
- * Somehow the host stolen memory range is used for this, but how the ROM gets
- * it is a mystery, perhaps it's hardcoded into the ROM.  Thankfully though, it
- * reprograms the GTT through the IOBAR where we can trap it and transpose the
- * programming to the VM allocated buffer.  That buffer gets reserved by the VM
- * firmware via the fw_cfg entry added below.  Here we're just monitoring the
- * IOBAR address and data registers to detect a write sequence targeting the
- * GTTADR.  This code is developed by observed behavior and doesn't have a
- * direct spec reference, unfortunately.
- */
-static uint64_t vfio_igd_quirk_data_read(void *opaque,
- hwaddr addr, unsigned size)
-{
-VFIOIGDQuirk *igd = opaque;
-VFIOPCIDevice *vdev = igd->vdev;
-
-igd->index = ~0;
-
-return vfio_region_read(&vdev->bars[4].region, addr + 4, size);
-}
-
-static void vfio_igd_quirk_data_write(void *opaque, hwaddr addr,
-  uint64_t data, unsigned size)
-{
-VFIOIGDQuirk *igd = opaque;
-VFIOPCIDevice *vdev = igd->vdev;
-uint64_t val = data;
-int gen = igd_gen(vdev);
-
-/*
- * Programming the GGMS starts at index 0x1 and uses every 4th index (ie.
- * 0x1, 0x5, 0x9, 0xd,...).  For pre-Gen8 each 4-byte write is a whole PTE
- * entry, with 0th bit enable set.  For Gen8 and up, PTEs are 64bit, so
- * entries 0x5 & 0xd are the high dword, in our case zero.  Each PTE points
- * to a 4k page, which we translate to a page from the VM allocated region,
- * pointed to by the BDSM register.  If this is not set, we fail.
- *
- * We trap writes to the full configured GTT size, but we typically only
- * see the vBIOS writing up to (nearly) the 1MB barrier.  In fact it often
- * seems to miss the last entry for an even 1MB GTT.  Doing a gratuitous
- * write of that last entry does work, but is hopefully unnecessary since
- * we clear the previous GTT on initialization.
- */
-if ((igd->index % 4 == 1) && igd->index < vfio_igd_gtt_max(vdev)) {
-if (gen

Re: [PATCH v1 1/1] xen: No need to flush the mapcache for grants

[Anthony PERARD]

On Thu, Feb 06, 2025 at 08:49:15PM +0100, Edgar E. Iglesias wrote:
> From: Stefano Stabellini 
> 
> On IOREQ_TYPE_INVALIDATE we need to invalidate the mapcache for regular
> mappings. Since recently we started reusing the mapcache also to keep
> track of grants mappings. However, there is no need to remove grant
> mappings on IOREQ_TYPE_INVALIDATE requests, we shouldn't do that. So
> remove the function call.
> 
> Fixes: 9ecdd4bf08 (xen: mapcache: Add support for grant mappings)
> Cc: qemu-sta...@nongnu.org
> Reported-by: Olaf Hering 
> Reviewed-by: Edgar E. Iglesias 
> Signed-off-by: Stefano Stabellini 
> Signed-off-by: Edgar E. Iglesias 

Reviewed-by: Anthony PERARD 

Thanks,

-- 
Anthony PERARD

RE: [PATCH 08/38] target/hexagon: Add guest, system reg number defs

[Sid Manning]

> -Original Message-
> From: ltaylorsimp...@gmail.com 
> Sent: Thursday, March 6, 2025 3:30 PM
> To: 'Brian Cain' ; qemu-devel@nongnu.org
> Cc: richard.hender...@linaro.org; phi...@linaro.org; Matheus Bernardino
> (QUIC) ; a...@rev.ng; a...@rev.ng; Marco
> Liebel (QUIC) ; alex.ben...@linaro.org; Mark
> Burton (QUIC) ; Sid Manning
> ; Brian Cain 
> Subject: RE: [PATCH 08/38] target/hexagon: Add guest, system reg number
> defs
> 
> WARNING: This email originated from outside of Qualcomm. Please be wary
> of any links or attachments, and do not enable macros.
> 
> > -Original Message-
> > From: Brian Cain 
> > Sent: Friday, February 28, 2025 11:26 PM
> > To: qemu-devel@nongnu.org
> > Cc: brian.c...@oss.qualcomm.com; richard.hender...@linaro.org;
> > phi...@linaro.org; quic_mathb...@quicinc.com; a...@rev.ng;
> a...@rev.ng;
> > quic_mlie...@quicinc.com; ltaylorsimp...@gmail.com;
> > alex.ben...@linaro.org; quic_mbur...@quicinc.com;
> sidn...@quicinc.com;
> > Brian Cain 
> > Subject: [PATCH 08/38] target/hexagon: Add guest, system reg number
> > defs
> >
> > From: Brian Cain 
> >
> > These registers are defined in the Qualcomm Hexagon V71 Programmer's
> > Reference Manual -
> https://docs.qualcomm.com/bundle/publicresource/80-
> > N2040-51_REV_AB_Hexagon_V71_ProgrammerS_Reference_Manual.pdf
> > Refer to §11.9.1 SYSTEM GUEST, §11.9.2 SYSTEM MONITOR.
> 
> Strange to put this in the checkin description.  See prior conversation about
> doc references.
> 
> >
> > Signed-off-by: Brian Cain 
> > ---
> >  target/hexagon/cpu.h  |   5 ++
> >  target/hexagon/hex_regs.h | 115
> > ++
> >  2 files changed, 120 insertions(+)
> >
> > diff --git a/target/hexagon/cpu.h b/target/hexagon/cpu.h index
> > 79e60d4bfa..20ea0adcca 100644
> > --- a/target/hexagon/cpu.h
> > +++ b/target/hexagon/cpu.h
> > @@ -20,6 +20,11 @@
> >
> >  #include "fpu/softfloat-types.h"
> >
> > +#define NUM_GREGS 32
> > +#define GREG_WRITES_MAX 32
> 
> Can you actually write 32 G registers in a single packet?
> 
> > +#define NUM_SREGS 64
> > +#define SREG_WRITES_MAX 64
> 
> Ditto
[Sid Manning] 
Based on packet constraints the max for GREGS and SREGS would be 2.
In addition, REG_WRITES_MAX should be 10 not 32, 4 pairs + sa0/lc0 when the 
packet has an endloop.

> 
> > +
> >  #include "cpu-qom.h"
> >  #include "exec/cpu-defs.h"
> >  #include "hex_regs.h"
> 

Re: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable nested SMMUv3

[Eric Auger]

Hi Shammeer,


On 2/18/25 7:52 AM, Shameerali Kolothum Thodi wrote:
> Hi Zhenzhong,
>
>> -Original Message-
>> From: Duan, Zhenzhong 
>> Sent: Monday, February 17, 2025 9:17 AM
>> To: Shameerali Kolothum Thodi
>> ; Nicolin Chen
>> ; Donald Dutile 
>> Cc: eric.au...@redhat.com; Peter Maydell ;
>> Jason Gunthorpe ; Daniel P. Berrangé
>> ; qemu-...@nongnu.org; qemu-
>> de...@nongnu.org; Linuxarm ; Wangzhou (B)
>> ; jiangkunkun ;
>> Jonathan Cameron ;
>> zhangfei@linaro.org; Peng, Chao P 
>> Subject: RE: [RFC PATCH 0/5] hw/arm/virt: Add support for user-creatable
>> nested SMMUv3
>>
>> Hi Shameer, Nicolin,
>>
> [...]
>
 Hi Zhenzhong,

 Just wondering what your plans are for the above patches.  If it make
>> sense and
 you
 are fine with it, I think it is a good idea one of us can pick up those 
 from
>> that
 series
 and sent out separately so that it can get some review and take it
>> forward.
>>> Emulated series is merged, I plan to send Intel pass-through series after
>>> Chinese festival vacation, but at least half a month later. So feel free to
>>> pick those patches you need and send for comments.
>> I plan to send vtd nesting series out this week and want to ask about status
>> of "1) HWPT uAPI patches in backends/iommufd.c" series.
>>
>> If you had sent it out, I will do a rebase and bypass them to avoid duplicate
>> review effort in community. Or I can send them in vtd nesting series if you
>> not yet.
> No. It is not send out yet. Please include it in your vtd nesting series. 
> Thanks.
>
> I am currently working on refactoring the SMMUv3 accel series and the
> "Add HW accelerated nesting support for arm SMMUv3" series
so will you send "Add HW accelerated nesting support for arm SMMUv3" or
do you want me to do it? Thanks Eric
> from Nicolin.
>
> Thanks,
> Shameer.
>
>

Re: [PATCH v7 0/5] Allow to enable multifd and postcopy migration together

[Prasad Pandit]

Hello Fabiano,

On Wed, 5 Mar 2025 at 19:26, Fabiano Rosas  wrote:
> Note that none of this is out of the ordinary, you'll find such
> discussions in any thread on this community. It may feel arbitrary to
> you because that's tacit knowledge we gathered along the years.

* I understand. I don't find it arbitrary.

> We need an extra patch that reads:
>
>  migration: Refactor channel discovery mechanism
>
>  The various logical migration channels don't have a standardized way of
>  advertising themselves and their connections may be seen out of order
>  by the migration destination. When a new connection arrives, the
>  incoming migration currently make use of heuristics to determine which
>  channel it belongs to.
>
>  The next few patches will need to change how the multifd and postcopy
>  capabilities interact and that affects the channel discovery heuristic.
>
>  Refactor the channel discovery heuristic to make it less opaque and
>  simplify the subsequent patches.
>
>  
>  ---
>
> You'd move all of the channel discovery code into this patch. Some of it
> will be unreacheable because multifd is not yet allowed with postcopy,
> but that's fine. You can mention it on the commit message.

Please see:
-> 
https://privatebin.net/?dad6f052dd986f9f#FULnfrCV29NkQpvsQyvWuU4HdYjDwFbUPbDtvLro7mwi

* Does this division look okay?

> About moving the code out of migration.c, it was a suggestion that
> you're free to push back. Ideally, doing the work would be faster than
> arguing against it on the mailing list. But that's fine.

* Same here, I'm not against moving that code part to connection.c OR
doing the work. My suggestion has been to do that movement in another
series and not try to do everything in this one series.

> About the hang in the test. It doesn't reproduce often, but once it
> does, it hangs forever (although I haven't waited that long).

* Okay, I'm not seeing it or able to reproduce it across 3 different
machines. One is my laptop and the other 2 are servers wherein I'm
testing migrations of guests with 64G/128G of RAM and guest dirtying
memory to the tune of 68M/128M/256M bytes. I'll keep an eye on it if I
find something.

Thank you.
---
  - Prasad

Re: [PATCH 19/57] docs/qapi-domain: add qapi:event directive

[Markus Armbruster]

John Snow  writes:

> On Fri, Mar 7, 2025 at 5:26 AM Markus Armbruster  wrote:
>
>> John Snow  writes:
>>
>> > Adds the .. qapi:event:: directive, object, and :qapi:event:`name`
>> > cross-referencing role.
>> >
>> > Adds the :memb type name: field list syntax for documenting event data
>> > members. As this syntax and phrasing will be shared with Structs and
>> > Unions as well, add the field list definition to a shared abstract
>> > class.
>>
>> docs/devel/qapi-code-gen.rst calls it "event-specific data".  This is
>> quite a mouthful, so the code usually calls it "arguments".  Not least
>> because events are kind of like commands going in the other direction
>> (client to server), and the code dealing with them is often similar.
>>
>> Both names make more sense to me than "member".  Hmm.  A rename could be
>> done as a follow-up if that's more convenient for you.
>>
>
> Also wish you'd have said sooner :)

Fair again!

> I might punt this one. At least, the next respin probably won't include
> this.
>
> I suppose I think about this in terms of "members of the event object."
> Let's talk and fix later, changing the name outside of a gigantic series is
> not difficult at all.

Agree.

[...]

[PATCH v2 00/18] accel/tcg: Compile more files once

[Philippe Mathieu-Daudé]

Since v1:
- Patches 1-13,16 unmodified
- Restrict GETPC_ADJ()
- Rename accel/tcg/getpc.h
- Guard GETPC() within CONFIG_TCG

Take care of some easy cases in accel/tcg/.
>From here it starts getting harder.  🙂

Philippe Mathieu-Daudé (7):
  exec: Declare tlb_reset_dirty*() in 'exec/cputlb.h'
  exec: Declare tlb_set_page_full() in 'exec/cputlb.h'
  exec: Declare tlb_set_page_with_attrs() in 'exec/cputlb.h'
  exec: Declare tlb_set_page() in 'exec/cputlb.h'
  exec: Declare tlb_hit*() in 'exec/cputlb.h'
  exec: Declare tlb_flush*() in 'exec/cputlb.h'
  accel/tcg: Restrict GETPC_ADJ() to 'tb-internal.h'

Richard Henderson (11):
  include/exec: Move TARGET_PAGE_{SIZE,MASK,BITS} to target_page.h
  include/exec: Split out exec/cpu-interrupt.h
  accel/tcg: Compile watchpoint.c once
  system: Build watchpoint.c once
  accel/tcg: Build tcg-accel-ops.c once
  accel/tcg: Build tcg-accel-ops-icount.c once
  accel/tcg: Build tcg-accel-ops-rr.c once
  accel/tcg: Build tcg-accel-ops-mttcg.c once
  accel/tcg: Split out getpc.h
  accel/tcg: Build tcg-runtime.c once
  accel/tcg: Build tcg-runtime-gvec.c once

 accel/tcg/internal-common.h  |   2 +
 accel/tcg/tb-internal.h  |  13 +-
 include/accel/tcg/getpc.h|  24 +++
 include/exec/cpu-all.h   |  97 +-
 include/exec/cpu-interrupt.h |  70 +++
 include/exec/cputlb.h| 263 ++-
 include/exec/exec-all.h  | 263 +--
 include/exec/poison.h|  17 --
 include/exec/ram_addr.h  |   1 +
 include/exec/target_page.h   |  58 +-
 accel/tcg/cputlb.c   |  23 +++
 accel/tcg/tcg-accel-ops-icount.c |   2 +-
 accel/tcg/tcg-accel-ops-mttcg.c  |   1 -
 accel/tcg/tcg-accel-ops-rr.c |   2 +-
 accel/tcg/tcg-accel-ops.c|   2 +-
 accel/tcg/tcg-runtime-gvec.c |   1 -
 accel/tcg/tcg-runtime.c  |   8 +-
 accel/tcg/watchpoint.c   |   5 +-
 cpu-target.c |   1 +
 hw/intc/armv7m_nvic.c|   2 +-
 hw/ppc/spapr_nested.c|   1 +
 hw/sh4/sh7750.c  |   1 +
 page-target.c|  18 --
 page-vary-target.c   |   2 -
 system/physmem.c |   1 +
 system/watchpoint.c  |   3 +-
 target/alpha/helper.c|   2 +-
 target/alpha/sys_helper.c|   2 +-
 target/arm/helper.c  |   1 +
 target/arm/tcg/tlb-insns.c   |   2 +-
 target/avr/helper.c  |   2 +-
 target/hppa/mem_helper.c |   1 +
 target/i386/helper.c |   2 +-
 target/i386/machine.c|   2 +-
 target/i386/tcg/fpu_helper.c |   2 +-
 target/i386/tcg/misc_helper.c|   2 +-
 target/i386/tcg/system/excp_helper.c |   2 +-
 target/i386/tcg/system/misc_helper.c |   2 +-
 target/i386/tcg/system/svm_helper.c  |   2 +-
 target/loongarch/tcg/csr_helper.c|   2 +-
 target/loongarch/tcg/tlb_helper.c|   1 +
 target/m68k/helper.c |   1 +
 target/microblaze/helper.c   |   2 +-
 target/microblaze/mmu.c  |   2 +-
 target/mips/system/cp0.c |   2 +-
 target/mips/tcg/system/cp0_helper.c  |   2 +-
 target/mips/tcg/system/tlb_helper.c  |   1 +
 target/openrisc/mmu.c|   2 +-
 target/openrisc/sys_helper.c |   1 +
 target/ppc/helper_regs.c |   2 +-
 target/ppc/misc_helper.c |   1 +
 target/ppc/mmu_helper.c  |   1 +
 target/riscv/cpu_helper.c|   1 +
 target/riscv/csr.c   |   1 +
 target/riscv/op_helper.c |   1 +
 target/riscv/pmp.c   |   2 +-
 target/rx/cpu.c  |   2 +-
 target/s390x/gdbstub.c   |   2 +-
 target/s390x/sigp.c  |   1 +
 target/s390x/tcg/excp_helper.c   |   1 +
 target/s390x/tcg/mem_helper.c|   1 +
 target/s390x/tcg/misc_helper.c   |   1 +
 target/sh4/helper.c  |   1 +
 target/sparc/ldst_helper.c   |   1 +
 target/sparc/mmu_helper.c|   2 +-
 target/tricore/helper.c  |   2 +-
 target/xtensa/helper.c   |   2 +-
 target/xtensa/mmu_helper.c   |   1 +
 accel/tcg/meson.build|  14 +-
 system/meson.build   |   2 +-
 70 files changed, 508 insertions(+), 455 deletions(-)
 create mode 100644 include/accel/tcg/getpc.h
 create mode 100644 include/exec/cpu-interrupt.h

-- 
2.47.1

[PATCH v2 17/18] accel/tcg: Build tcg-runtime.c once

[Philippe Mathieu-Daudé]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Reviewed-by: Pierrick Bouvier 
Signed-off-by: Philippe Mathieu-Daudé 
---
 accel/tcg/tcg-runtime.c | 7 +--
 accel/tcg/meson.build   | 2 +-
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/accel/tcg/tcg-runtime.c b/accel/tcg/tcg-runtime.c
index 3d4651b4012..fa7ed9739c7 100644
--- a/accel/tcg/tcg-runtime.c
+++ b/accel/tcg/tcg-runtime.c
@@ -23,13 +23,8 @@
  */
 #include "qemu/osdep.h"
 #include "qemu/host-utils.h"
-#include "cpu.h"
+#include "exec/cpu-common.h"
 #include "exec/helper-proto-common.h"
-#include "exec/cpu_ldst.h"
-#include "exec/exec-all.h"
-#include "disas/disas.h"
-#include "exec/log.h"
-#include "tcg/tcg.h"
 #include "accel/tcg/getpc.h"
 
 #define HELPER_H  "accel/tcg/tcg-runtime.h"
diff --git a/accel/tcg/meson.build b/accel/tcg/meson.build
index 81fb25da5cc..411fe28deac 100644
--- a/accel/tcg/meson.build
+++ b/accel/tcg/meson.build
@@ -1,5 +1,6 @@
 common_ss.add(when: 'CONFIG_TCG', if_true: files(
   'cpu-exec-common.c',
+  'tcg-runtime.c',
 ))
 tcg_specific_ss = ss.source_set()
 tcg_specific_ss.add(files(
@@ -7,7 +8,6 @@ tcg_specific_ss.add(files(
   'cpu-exec.c',
   'tb-maint.c',
   'tcg-runtime-gvec.c',
-  'tcg-runtime.c',
   'translate-all.c',
   'translator.c',
 ))
-- 
2.47.1

[PATCH v2 16/18] accel/tcg: Split out getpc.h

[Philippe Mathieu-Daudé]

From: Richard Henderson 

Split out GETPC to a target-independent header.

Signed-off-by: Richard Henderson 
Reviewed-by: Pierrick Bouvier 
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/accel/tcg/getpc.h | 24 
 include/exec/exec-all.h   | 11 ++-
 accel/tcg/tcg-runtime.c   |  1 +
 3 files changed, 27 insertions(+), 9 deletions(-)
 create mode 100644 include/accel/tcg/getpc.h

diff --git a/include/accel/tcg/getpc.h b/include/accel/tcg/getpc.h
new file mode 100644
index 000..4bb5f7b15cd
--- /dev/null
+++ b/include/accel/tcg/getpc.h
@@ -0,0 +1,24 @@
+/*
+ * Get host pc for helper unwinding.
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ */
+
+#ifndef ACCEL_TCG_GETPC_H
+#define ACCEL_TCG_GETPC_H
+
+#ifndef CONFIG_TCG
+#error Can only include this header with TCG
+#endif
+
+/* GETPC is the true target of the return instruction that we'll execute.  */
+#if defined(CONFIG_TCG_INTERPRETER)
+extern __thread uintptr_t tci_tb_ptr;
+# define GETPC() tci_tb_ptr
+#else
+# define GETPC() \
+((uintptr_t)__builtin_extract_return_addr(__builtin_return_address(0)))
+#endif
+
+#endif /* HELPER_GETPC_H */
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 2ac98e56c41..ce303de8486 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -29,6 +29,8 @@
 
 #if defined(CONFIG_TCG)
 
+#include "accel/tcg/getpc.h"
+
 /**
  * probe_access:
  * @env: CPUArchState
@@ -177,15 +179,6 @@ void tb_phys_invalidate(TranslationBlock *tb, 
tb_page_addr_t page_addr);
 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t last);
 void tb_set_jmp_target(TranslationBlock *tb, int n, uintptr_t addr);
 
-/* GETPC is the true target of the return instruction that we'll execute.  */
-#if defined(CONFIG_TCG_INTERPRETER)
-extern __thread uintptr_t tci_tb_ptr;
-# define GETPC() tci_tb_ptr
-#else
-# define GETPC() \
-((uintptr_t)__builtin_extract_return_addr(__builtin_return_address(0)))
-#endif
-
 #if !defined(CONFIG_USER_ONLY)
 
 /**
diff --git a/accel/tcg/tcg-runtime.c b/accel/tcg/tcg-runtime.c
index 9fa539ad3d7..3d4651b4012 100644
--- a/accel/tcg/tcg-runtime.c
+++ b/accel/tcg/tcg-runtime.c
@@ -30,6 +30,7 @@
 #include "disas/disas.h"
 #include "exec/log.h"
 #include "tcg/tcg.h"
+#include "accel/tcg/getpc.h"
 
 #define HELPER_H  "accel/tcg/tcg-runtime.h"
 #include "exec/helper-info.c.inc"
-- 
2.47.1

[PATCH v2 15/18] accel/tcg: Restrict GETPC_ADJ() to 'tb-internal.h'

[Philippe Mathieu-Daudé]

GETPC_ADJ() is only used within accel/tcg/, no need to
expose it to all the code base.

Signed-off-by: Philippe Mathieu-Daudé 
---
 accel/tcg/tb-internal.h | 11 +++
 include/exec/exec-all.h |  9 -
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/accel/tcg/tb-internal.h b/accel/tcg/tb-internal.h
index 62a59a5307e..68aa8d17f41 100644
--- a/accel/tcg/tb-internal.h
+++ b/accel/tcg/tb-internal.h
@@ -13,6 +13,17 @@
 #include "exec/exec-all.h"
 #include "exec/translation-block.h"
 
+/*
+ * The true return address will often point to a host insn that is part of
+ * the next translated guest insn.  Adjust the address backward to point to
+ * the middle of the call insn.  Subtracting one would do the job except for
+ * several compressed mode architectures (arm, mips) which set the low bit
+ * to indicate the compressed mode; subtracting two works around that.  It
+ * is also the case that there are no host isas that contain a call insn
+ * smaller than 4 bytes, so we don't worry about special-casing this.
+ */
+#define GETPC_ADJ   2
+
 #ifdef CONFIG_SOFTMMU
 
 #define CPU_TLB_DYN_MIN_BITS 6
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index a758b7a8438..2ac98e56c41 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -186,15 +186,6 @@ extern __thread uintptr_t tci_tb_ptr;
 ((uintptr_t)__builtin_extract_return_addr(__builtin_return_address(0)))
 #endif
 
-/* The true return address will often point to a host insn that is part of
-   the next translated guest insn.  Adjust the address backward to point to
-   the middle of the call insn.  Subtracting one would do the job except for
-   several compressed mode architectures (arm, mips) which set the low bit
-   to indicate the compressed mode; subtracting two works around that.  It
-   is also the case that there are no host isas that contain a call insn
-   smaller than 4 bytes, so we don't worry about special-casing this.  */
-#define GETPC_ADJ   2
-
 #if !defined(CONFIG_USER_ONLY)
 
 /**
-- 
2.47.1

[PATCH v2 1/7] hw/hyperv/hv-balloon-stub: common compilation unit

[Pierrick Bouvier]

Signed-off-by: Pierrick Bouvier 
---
 hw/hyperv/meson.build | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/hyperv/meson.build b/hw/hyperv/meson.build
index d3d2668c71a..f4aa0a5ada9 100644
--- a/hw/hyperv/meson.build
+++ b/hw/hyperv/meson.build
@@ -2,4 +2,5 @@ specific_ss.add(when: 'CONFIG_HYPERV', if_true: 
files('hyperv.c'))
 specific_ss.add(when: 'CONFIG_HYPERV_TESTDEV', if_true: 
files('hyperv_testdev.c'))
 specific_ss.add(when: 'CONFIG_VMBUS', if_true: files('vmbus.c'))
 specific_ss.add(when: 'CONFIG_SYNDBG', if_true: files('syndbg.c'))
-specific_ss.add(when: 'CONFIG_HV_BALLOON', if_true: files('hv-balloon.c', 
'hv-balloon-page_range_tree.c', 'hv-balloon-our_range_memslots.c'), if_false: 
files('hv-balloon-stub.c'))
+specific_ss.add(when: 'CONFIG_HV_BALLOON', if_true: files('hv-balloon.c', 
'hv-balloon-page_range_tree.c', 'hv-balloon-our_range_memslots.c'))
+system_ss.add(when: 'CONFIG_HV_BALLOON', if_false: files('hv-balloon-stub.c'))
-- 
2.39.5

Re: [PATCH 09/16] system: Build watchpoint.c once

[Pierrick Bouvier]

On 3/7/25 10:56, Richard Henderson wrote:

Now that watchpoint.c uses cputlb.h instead of exec-all.h,
it can be built once.

Signed-off-by: Richard Henderson 
---
  system/meson.build | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system/meson.build b/system/meson.build
index 4952f4b2c7..c83d80fa24 100644
--- a/system/meson.build
+++ b/system/meson.build
@@ -3,7 +3,6 @@ specific_ss.add(when: 'CONFIG_SYSTEM_ONLY', if_true: [files(
'ioport.c',
'memory.c',
'physmem.c',
-  'watchpoint.c',
  )])
  
  system_ss.add(files(

@@ -24,6 +23,7 @@ system_ss.add(files(
'runstate.c',
'tpm-hmp-cmds.c',
'vl.c',
+  'watchpoint.c',
  ), sdl, libpmem, libdaxctl)
  
  if have_tpm


Reviewed-by: Pierrick Bouvier 

[PATCH v2 05/14] target/i386/hvf: use emul_ops->read_mem in x86_emu.c

[Wei Liu]

No functional change.

Signed-off-by: Wei Liu 
---
 target/i386/hvf/x86_emu.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/target/i386/hvf/x86_emu.c b/target/i386/hvf/x86_emu.c
index e59a73e00d5c..7b816b5a1dab 100644
--- a/target/i386/hvf/x86_emu.c
+++ b/target/i386/hvf/x86_emu.c
@@ -184,7 +184,7 @@ void write_val_ext(CPUX86State *env, target_ulong ptr, 
target_ulong val, int siz
 
 uint8_t *read_mmio(CPUX86State *env, target_ulong ptr, int bytes)
 {
-vmx_read_mem(env_cpu(env), env->emu_mmio_buf, ptr, bytes);
+emul_ops->read_mem(env_cpu(env), env->emu_mmio_buf, ptr, bytes);
 return env->emu_mmio_buf;
 }
 
@@ -510,8 +510,8 @@ static void exec_outs_single(CPUX86State *env, struct 
x86_decode *decode)
 {
 target_ulong addr = decode_linear_addr(env, decode, RSI(env), R_DS);
 
-vmx_read_mem(env_cpu(env), env->emu_mmio_buf, addr,
- decode->operand_size);
+emul_ops->read_mem(env_cpu(env), env->emu_mmio_buf, addr,
+   decode->operand_size);
 emul_ops->handle_io(env_cpu(env), DX(env), env->emu_mmio_buf, 1,
 decode->operand_size, 1);
 
@@ -620,7 +620,7 @@ static void exec_scas_single(CPUX86State *env, struct 
x86_decode *decode)
 addr = linear_addr_size(env_cpu(env), RDI(env),
 decode->addressing_size, R_ES);
 decode->op[1].type = X86_VAR_IMMEDIATE;
-vmx_read_mem(env_cpu(env), &decode->op[1].val, addr, decode->operand_size);
+emul_ops->read_mem(env_cpu(env), &decode->op[1].val, addr, 
decode->operand_size);
 
 EXEC_2OP_FLAGS_CMD(env, decode, -, SET_FLAGS_OSZAPC_SUB, false);
 string_increment_reg(env, R_EDI, decode);
@@ -645,7 +645,7 @@ static void exec_lods_single(CPUX86State *env, struct 
x86_decode *decode)
 target_ulong val = 0;
 
 addr = decode_linear_addr(env, decode, RSI(env), R_DS);
-vmx_read_mem(env_cpu(env), &val, addr,  decode->operand_size);
+emul_ops->read_mem(env_cpu(env), &val, addr,  decode->operand_size);
 write_reg(env, R_EAX, val, decode->operand_size);
 
 string_increment_reg(env, R_ESI, decode);
-- 
2.47.2

[PATCH v2 00/14] Factor out HVF's instruction emulator

[Wei Liu]

Hi,

Microsoft's Linux Systems Group developed a Linux driver for the Microsoft
Hypervisor (MSHV for short). The driver is being upstreamed. The first
supported VMM is Cloud Hypervisor. We want to add QEMU as the second supported
VMM.

The plan is to write an mshv accelerator in QEMU. The accelerator is still in
the works.

MSHV doesn't emulate instructions. VMMs are supposed to bring their own
instruction emulator. The path we've chosen is to reuse what's already in QEMU.
The instruction emulator in HVF looks good for what we need.

This patch series makes the instruction emulator in HVF a common
component for the i386 target. It removes HVF specific code by using a
set of hooks. The new incoming MSHV accelerator will implement the
hooks, and where necessary, enhance the emulator and / or add new hooks.

The patches have been lightly tested by running a Linux VM on an Intel-based
Mac. 

Thanks,
Wei.

Changes in v2:
1. Address comments from Paolo on variable and directory names.
2. Rebase and drop the already applied patches.
3. Add a new entry in MAINTAINERS.

Wei Liu (14):
  target/i386/hvf: introduce x86_emul_ops
  target/i386/hvf: remove HVF specific calls from x86_decode.c
  target/i386/hvf: provide and use handle_io in emul_ops
  target/i386: rename hvf_mmio_buf to emu_mmio_buf
  target/i386/hvf: use emul_ops->read_mem in x86_emu.c
  taret/i386/hvf: provide and use write_mem in emul_ops
  target/i386/hvf: provide and use simulate_{wrmsr,rdmsr} in emul_ops
  target/i386: rename lazy flags field and its type
  target/i386/hvf: drop unused headers
  target/i386/hvf: rename some include guards
  target/i386: add a directory for x86 instruction emulator
  target/i386/emulate: add a panic.h
  target/i386: move x86 instruction emulator out of hvf
  MAINTAINERS: add an entry for the x86 instruction emulator

 MAINTAINERS   |  8 +++
 target/i386/cpu.h |  8 +--
 target/i386/emulate/meson.build   |  5 ++
 target/i386/emulate/panic.h   | 45 
 target/i386/{hvf => emulate}/x86.h|  4 +-
 target/i386/{hvf => emulate}/x86_decode.c | 22 +++-
 target/i386/{hvf => emulate}/x86_decode.h |  4 +-
 target/i386/{hvf => emulate}/x86_emu.c| 62 +++
 target/i386/{hvf => emulate}/x86_emu.h| 15 +-
 target/i386/{hvf => emulate}/x86_flags.c  | 56 ++--
 target/i386/{hvf => emulate}/x86_flags.h  |  6 +--
 target/i386/hvf/hvf-i386.h|  4 +-
 target/i386/hvf/hvf.c | 57 +++--
 target/i386/hvf/meson.build   |  3 --
 target/i386/hvf/vmx.h |  2 +-
 target/i386/hvf/x86.c |  4 +-
 target/i386/hvf/x86_cpuid.c   |  2 +-
 target/i386/hvf/x86_descr.h   |  2 +-
 target/i386/hvf/x86_mmu.c |  2 +-
 target/i386/hvf/x86_task.c|  6 +--
 target/i386/hvf/x86hvf.c  |  2 +-
 target/i386/meson.build   |  1 +
 22 files changed, 203 insertions(+), 117 deletions(-)
 create mode 100644 target/i386/emulate/meson.build
 create mode 100644 target/i386/emulate/panic.h
 rename target/i386/{hvf => emulate}/x86.h (99%)
 rename target/i386/{hvf => emulate}/x86_decode.c (99%)
 rename target/i386/{hvf => emulate}/x86_decode.h (99%)
 rename target/i386/{hvf => emulate}/x86_emu.c (95%)
 rename target/i386/{hvf => emulate}/x86_emu.h (75%)
 rename target/i386/{hvf => emulate}/x86_flags.c (83%)
 rename target/i386/{hvf => emulate}/x86_flags.h (97%)

-- 
2.47.2

[PATCH v2 04/14] target/i386: rename hvf_mmio_buf to emu_mmio_buf

[Wei Liu]

We want to refactor HVF's instruction emulator to a common component. Renaming
hvf_mmio_buf removes the association between HVF and the instruction emulator.

The definition of the field is still guarded by CONFIG_HVF for now, since it is
the only user.

No functional change.

Signed-off-by: Wei Liu 
---
v2: mmio_buf -> emu_mmio_buf per suggestion from Paolo
---
 target/i386/cpu.h |  2 +-
 target/i386/hvf/hvf.c |  4 ++--
 target/i386/hvf/x86_emu.c | 12 ++--
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 7882b63b9b61..cf2bd0e9ada9 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -2109,7 +2109,7 @@ typedef struct CPUArchState {
 #endif
 #if defined(CONFIG_HVF)
 HVFX86LazyFlags hvf_lflags;
-void *hvf_mmio_buf;
+void *emu_mmio_buf;
 #endif
 
 uint64_t mcg_cap;
diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index 7da03f9c0811..1cecb765952b 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -168,7 +168,7 @@ void hvf_arch_vcpu_destroy(CPUState *cpu)
 X86CPU *x86_cpu = X86_CPU(cpu);
 CPUX86State *env = &x86_cpu->env;
 
-g_free(env->hvf_mmio_buf);
+g_free(env->emu_mmio_buf);
 }
 
 static void init_tsc_freq(CPUX86State *env)
@@ -262,7 +262,7 @@ int hvf_arch_init_vcpu(CPUState *cpu)
 if (hvf_state->hvf_caps == NULL) {
 hvf_state->hvf_caps = g_new0(struct hvf_vcpu_caps, 1);
 }
-env->hvf_mmio_buf = g_new(char, 4096);
+env->emu_mmio_buf = g_new(char, 4096);
 
 if (x86cpu->vmware_cpuid_freq) {
 init_tsc_freq(env);
diff --git a/target/i386/hvf/x86_emu.c b/target/i386/hvf/x86_emu.c
index 7b01ccde5d3e..e59a73e00d5c 100644
--- a/target/i386/hvf/x86_emu.c
+++ b/target/i386/hvf/x86_emu.c
@@ -184,8 +184,8 @@ void write_val_ext(CPUX86State *env, target_ulong ptr, 
target_ulong val, int siz
 
 uint8_t *read_mmio(CPUX86State *env, target_ulong ptr, int bytes)
 {
-vmx_read_mem(env_cpu(env), env->hvf_mmio_buf, ptr, bytes);
-return env->hvf_mmio_buf;
+vmx_read_mem(env_cpu(env), env->emu_mmio_buf, ptr, bytes);
+return env->emu_mmio_buf;
 }
 
 
@@ -487,9 +487,9 @@ static void exec_ins_single(CPUX86State *env, struct 
x86_decode *decode)
 target_ulong addr = linear_addr_size(env_cpu(env), RDI(env),
  decode->addressing_size, R_ES);
 
-emul_ops->handle_io(env_cpu(env), DX(env), env->hvf_mmio_buf, 0,
+emul_ops->handle_io(env_cpu(env), DX(env), env->emu_mmio_buf, 0,
 decode->operand_size, 1);
-vmx_write_mem(env_cpu(env), addr, env->hvf_mmio_buf,
+vmx_write_mem(env_cpu(env), addr, env->emu_mmio_buf,
   decode->operand_size);
 
 string_increment_reg(env, R_EDI, decode);
@@ -510,9 +510,9 @@ static void exec_outs_single(CPUX86State *env, struct 
x86_decode *decode)
 {
 target_ulong addr = decode_linear_addr(env, decode, RSI(env), R_DS);
 
-vmx_read_mem(env_cpu(env), env->hvf_mmio_buf, addr,
+vmx_read_mem(env_cpu(env), env->emu_mmio_buf, addr,
  decode->operand_size);
-emul_ops->handle_io(env_cpu(env), DX(env), env->hvf_mmio_buf, 1,
+emul_ops->handle_io(env_cpu(env), DX(env), env->emu_mmio_buf, 1,
 decode->operand_size, 1);
 
 string_increment_reg(env, R_ESI, decode);
-- 
2.47.2

[PATCH v2 06/14] taret/i386/hvf: provide and use write_mem in emul_ops

[Wei Liu]

Signed-off-by: Wei Liu 
---
 target/i386/hvf/hvf.c | 6 ++
 target/i386/hvf/x86_emu.c | 8 
 target/i386/hvf/x86_emu.h | 1 +
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index 1cecb765952b..e4f48a79fb7c 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -242,8 +242,14 @@ static void hvf_read_mem(CPUState *cpu, void *data, 
target_ulong gva, int bytes)
 vmx_read_mem(cpu, data, gva, bytes);
 }
 
+static void hvf_write_mem(CPUState *cpu, void *data, target_ulong gva, int 
bytes)
+{
+vmx_write_mem(cpu, gva, data, bytes);
+}
+
 static const struct x86_emul_ops hvf_x86_emul_ops = {
 .read_mem = hvf_read_mem,
+.write_mem = hvf_write_mem,
 .read_segment_descriptor = hvf_read_segment_descriptor,
 .handle_io = hvf_handle_io,
 };
diff --git a/target/i386/hvf/x86_emu.c b/target/i386/hvf/x86_emu.c
index 7b816b5a1dab..3ff41c35d89a 100644
--- a/target/i386/hvf/x86_emu.c
+++ b/target/i386/hvf/x86_emu.c
@@ -179,7 +179,7 @@ void write_val_ext(CPUX86State *env, target_ulong ptr, 
target_ulong val, int siz
 write_val_to_reg(ptr, val, size);
 return;
 }
-vmx_write_mem(env_cpu(env), ptr, &val, size);
+emul_ops->write_mem(env_cpu(env), &val, ptr, size);
 }
 
 uint8_t *read_mmio(CPUX86State *env, target_ulong ptr, int bytes)
@@ -489,8 +489,8 @@ static void exec_ins_single(CPUX86State *env, struct 
x86_decode *decode)
 
 emul_ops->handle_io(env_cpu(env), DX(env), env->emu_mmio_buf, 0,
 decode->operand_size, 1);
-vmx_write_mem(env_cpu(env), addr, env->emu_mmio_buf,
-  decode->operand_size);
+emul_ops->write_mem(env_cpu(env), env->emu_mmio_buf, addr,
+decode->operand_size);
 
 string_increment_reg(env, R_EDI, decode);
 }
@@ -596,7 +596,7 @@ static void exec_stos_single(CPUX86State *env, struct 
x86_decode *decode)
 addr = linear_addr_size(env_cpu(env), RDI(env),
 decode->addressing_size, R_ES);
 val = read_reg(env, R_EAX, decode->operand_size);
-vmx_write_mem(env_cpu(env), addr, &val, decode->operand_size);
+emul_ops->write_mem(env_cpu(env), &val, addr, decode->operand_size);
 
 string_increment_reg(env, R_EDI, decode);
 }
diff --git a/target/i386/hvf/x86_emu.h b/target/i386/hvf/x86_emu.h
index 40cc786694e1..107c1f1ac866 100644
--- a/target/i386/hvf/x86_emu.h
+++ b/target/i386/hvf/x86_emu.h
@@ -25,6 +25,7 @@
 
 struct x86_emul_ops {
 void (*read_mem)(CPUState *cpu, void *data, target_ulong addr, int bytes);
+void (*write_mem)(CPUState *cpu, void *data, target_ulong addr, int bytes);
 void (*read_segment_descriptor)(CPUState *cpu, struct 
x86_segment_descriptor *desc,
 enum X86Seg seg);
 void (*handle_io)(CPUState *cpu, uint16_t port, void *data, int direction,
-- 
2.47.2

[PATCH v2 11/14] target/i386: add a directory for x86 instruction emulator

[Wei Liu]

Signed-off-by: Wei Liu 
---
v2: name the directory emulate
---
 target/i386/emulate/meson.build | 0
 target/i386/meson.build | 1 +
 2 files changed, 1 insertion(+)
 create mode 100644 target/i386/emulate/meson.build

diff --git a/target/i386/emulate/meson.build b/target/i386/emulate/meson.build
new file mode 100644
index ..e69de29bb2d1
diff --git a/target/i386/meson.build b/target/i386/meson.build
index 2e9c472f49d3..c1aacea61356 100644
--- a/target/i386/meson.build
+++ b/target/i386/meson.build
@@ -31,6 +31,7 @@ subdir('whpx')
 subdir('nvmm')
 subdir('hvf')
 subdir('tcg')
+subdir('emulate')
 
 target_arch += {'i386': i386_ss}
 target_system_arch += {'i386': i386_system_ss}
-- 
2.47.2

RE: [PATCH 15/38] target/hexagon: Add handlers for guest/sysreg r/w

[ltaylorsimpson]

> -Original Message-
> From: Brian Cain 
> Sent: Friday, February 28, 2025 11:26 PM
> To: qemu-devel@nongnu.org
> Cc: brian.c...@oss.qualcomm.com; richard.hender...@linaro.org;
> phi...@linaro.org; quic_mathb...@quicinc.com; a...@rev.ng; a...@rev.ng;
> quic_mlie...@quicinc.com; ltaylorsimp...@gmail.com;
> alex.ben...@linaro.org; quic_mbur...@quicinc.com;
> sidn...@quicinc.com; Brian Cain 
> Subject: [PATCH 15/38] target/hexagon: Add handlers for guest/sysreg r/w
> 
> From: Brian Cain 
> 
> This commit provides handlers to generate TCG for guest and system register
> reads and writes.  They will be leveraged by a future commit.
> 
> Signed-off-by: Brian Cain 
> ---
>  target/hexagon/genptr.c | 159
> 
>  1 file changed, 159 insertions(+)
> 
> diff --git a/target/hexagon/genptr.c b/target/hexagon/genptr.c index
> 2c5e15cfcf..488d0b4b97 100644
> --- a/target/hexagon/genptr.c
> +++ b/target/hexagon/genptr.c
> +G_GNUC_UNUSED
> +static void gen_read_greg(TCGv dst, int reg_num) {
> +gen_helper_greg_read(dst, tcg_env, tcg_constant_tl(reg_num)); }
> +
> +G_GNUC_UNUSED
> +static void gen_read_greg_pair(TCGv_i64 dst, int reg_num) {
> +gen_helper_greg_read_pair(dst, tcg_env, tcg_constant_tl(reg_num));
> +} #endif
> +
> +

This will work, but G'regs 0:3 could be read more efficiently by reading from 
TCGv hex_greg rather than calling the helper.

Otherwise
Reviewed-by: Taylor Simpson 

[PATCH v2 07/14] target/i386/hvf: provide and use simulate_{wrmsr, rdmsr} in emul_ops

[Wei Liu]

Change the first argument's type to be CPUState to match other hooks.

Signed-off-by: Wei Liu 
---
 target/i386/hvf/hvf-i386.h |  4 ++--
 target/i386/hvf/hvf.c  | 18 ++
 target/i386/hvf/x86_emu.c  |  4 ++--
 target/i386/hvf/x86_emu.h  |  2 ++
 4 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/target/i386/hvf/hvf-i386.h b/target/i386/hvf/hvf-i386.h
index 044ad236ae80..8c42ae6b0130 100644
--- a/target/i386/hvf/hvf-i386.h
+++ b/target/i386/hvf/hvf-i386.h
@@ -19,8 +19,8 @@
 uint32_t hvf_get_supported_cpuid(uint32_t func, uint32_t idx, int reg);
 
 void hvf_handle_io(CPUState *, uint16_t, void *, int, int, int);
-void hvf_simulate_rdmsr(CPUX86State *env);
-void hvf_simulate_wrmsr(CPUX86State *env);
+void hvf_simulate_rdmsr(CPUState *cpu);
+void hvf_simulate_wrmsr(CPUState *cpu);
 
 /* Host specific functions */
 int hvf_inject_interrupt(CPUArchState *env, int vector);
diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index e4f48a79fb7c..8c31d2e0cf72 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -252,6 +252,8 @@ static const struct x86_emul_ops hvf_x86_emul_ops = {
 .write_mem = hvf_write_mem,
 .read_segment_descriptor = hvf_read_segment_descriptor,
 .handle_io = hvf_handle_io,
+.simulate_rdmsr = hvf_simulate_rdmsr,
+.simulate_wrmsr = hvf_simulate_wrmsr,
 };
 
 int hvf_arch_init_vcpu(CPUState *cpu)
@@ -506,10 +508,10 @@ void hvf_store_regs(CPUState *cs)
 macvm_set_rip(cs, env->eip);
 }
 
-void hvf_simulate_rdmsr(CPUX86State *env)
+void hvf_simulate_rdmsr(CPUState *cs)
 {
-X86CPU *cpu = env_archcpu(env);
-CPUState *cs = env_cpu(env);
+X86CPU *cpu = X86_CPU(cs);
+CPUX86State *env = &cpu->env;
 uint32_t msr = ECX(env);
 uint64_t val = 0;
 
@@ -611,10 +613,10 @@ void hvf_simulate_rdmsr(CPUX86State *env)
 RDX(env) = (uint32_t)(val >> 32);
 }
 
-void hvf_simulate_wrmsr(CPUX86State *env)
+void hvf_simulate_wrmsr(CPUState *cs)
 {
-X86CPU *cpu = env_archcpu(env);
-CPUState *cs = env_cpu(env);
+X86CPU *cpu = X86_CPU(cs);
+CPUX86State *env = &cpu->env;
 uint32_t msr = ECX(env);
 uint64_t data = ((uint64_t)EDX(env) << 32) | EAX(env);
 
@@ -900,9 +902,9 @@ int hvf_vcpu_exec(CPUState *cpu)
 {
 hvf_load_regs(cpu);
 if (exit_reason == EXIT_REASON_RDMSR) {
-hvf_simulate_rdmsr(env);
+hvf_simulate_rdmsr(cpu);
 } else {
-hvf_simulate_wrmsr(env);
+hvf_simulate_wrmsr(cpu);
 }
 env->eip += ins_len;
 hvf_store_regs(cpu);
diff --git a/target/i386/hvf/x86_emu.c b/target/i386/hvf/x86_emu.c
index 3ff41c35d89a..aec7a8a3fa85 100644
--- a/target/i386/hvf/x86_emu.c
+++ b/target/i386/hvf/x86_emu.c
@@ -672,13 +672,13 @@ void x86_emul_raise_exception(CPUX86State *env, int 
exception_index, int error_c
 
 static void exec_rdmsr(CPUX86State *env, struct x86_decode *decode)
 {
-hvf_simulate_rdmsr(env);
+emul_ops->simulate_rdmsr(env_cpu(env));
 env->eip += decode->len;
 }
 
 static void exec_wrmsr(CPUX86State *env, struct x86_decode *decode)
 {
-hvf_simulate_wrmsr(env);
+emul_ops->simulate_wrmsr(env_cpu(env));
 env->eip += decode->len;
 }
 
diff --git a/target/i386/hvf/x86_emu.h b/target/i386/hvf/x86_emu.h
index 107c1f1ac866..555b567e2c7d 100644
--- a/target/i386/hvf/x86_emu.h
+++ b/target/i386/hvf/x86_emu.h
@@ -30,6 +30,8 @@ struct x86_emul_ops {
 enum X86Seg seg);
 void (*handle_io)(CPUState *cpu, uint16_t port, void *data, int direction,
   int size, int count);
+void (*simulate_rdmsr)(CPUState *cs);
+void (*simulate_wrmsr)(CPUState *cs);
 };
 
 extern const struct x86_emul_ops *emul_ops;
-- 
2.47.2

[PATCH v2 10/14] target/i386/hvf: rename some include guards

[Wei Liu]

These headers will be moved out to its own component.

Signed-off-by: Wei Liu 
---
 target/i386/hvf/x86.h| 4 ++--
 target/i386/hvf/x86_decode.h | 4 ++--
 target/i386/hvf/x86_flags.h  | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/target/i386/hvf/x86.h b/target/i386/hvf/x86.h
index 063cd0b83ec9..73edccfba006 100644
--- a/target/i386/hvf/x86.h
+++ b/target/i386/hvf/x86.h
@@ -16,8 +16,8 @@
  * License along with this program; if not, see .
  */
 
-#ifndef HVF_X86_H
-#define HVF_X86_H
+#ifndef X86_EMU_DEFS_H
+#define X86_EMU_DEFS_H
 
 typedef struct x86_register {
 union {
diff --git a/target/i386/hvf/x86_decode.h b/target/i386/hvf/x86_decode.h
index a2d7a2a27b68..930d965164a4 100644
--- a/target/i386/hvf/x86_decode.h
+++ b/target/i386/hvf/x86_decode.h
@@ -15,8 +15,8 @@
  * License along with this program; if not, see .
  */
 
-#ifndef HVF_X86_DECODE_H
-#define HVF_X86_DECODE_H
+#ifndef X86_EMU_DECODE_H
+#define X86_EMU_DECODE_H
 
 #include "cpu.h"
 #include "x86.h"
diff --git a/target/i386/hvf/x86_flags.h b/target/i386/hvf/x86_flags.h
index 75c2a7feab53..6c175007b571 100644
--- a/target/i386/hvf/x86_flags.h
+++ b/target/i386/hvf/x86_flags.h
@@ -21,8 +21,8 @@
  * x86 eflags functions
  */
 
-#ifndef X86_FLAGS_H
-#define X86_FLAGS_H
+#ifndef X86_EMU_FLAGS_H
+#define X86_EMU_FLAGS_H
 
 #include "cpu.h"
 void lflags_to_rflags(CPUX86State *env);
@@ -78,4 +78,4 @@ void SET_FLAGS_OSZAPC_LOGIC16(CPUX86State *env, uint16_t v1, 
uint16_t v2,
 void SET_FLAGS_OSZAPC_LOGIC8(CPUX86State *env, uint8_t v1, uint8_t v2,
  uint8_t diff);
 
-#endif /* X86_FLAGS_H */
+#endif /* X86_EMU_FLAGS_H */
-- 
2.47.2

[PATCH v2 09/14] target/i386/hvf: drop unused headers

[Wei Liu]

Signed-off-by: Wei Liu 
---
 target/i386/hvf/x86_decode.c | 3 ---
 target/i386/hvf/x86_emu.c| 4 
 2 files changed, 7 deletions(-)

diff --git a/target/i386/hvf/x86_decode.c b/target/i386/hvf/x86_decode.c
index 728e15963817..ddd7b60bcfe1 100644
--- a/target/i386/hvf/x86_decode.c
+++ b/target/i386/hvf/x86_decode.c
@@ -20,10 +20,7 @@
 
 #include "panic.h"
 #include "x86_decode.h"
-#include "vmx.h"
 #include "x86_emu.h"
-#include "x86_mmu.h"
-#include "x86_descr.h"
 
 #define OPCODE_ESCAPE   0xf
 
diff --git a/target/i386/hvf/x86_emu.c b/target/i386/hvf/x86_emu.c
index aec7a8a3fa85..26a4876aac09 100644
--- a/target/i386/hvf/x86_emu.c
+++ b/target/i386/hvf/x86_emu.c
@@ -40,11 +40,7 @@
 #include "x86_decode.h"
 #include "x86.h"
 #include "x86_emu.h"
-#include "x86_mmu.h"
 #include "x86_flags.h"
-#include "vmcs.h"
-#include "vmx.h"
-#include "hvf-i386.h"
 
 #define EXEC_2OP_FLAGS_CMD(env, decode, cmd, FLAGS_FUNC, save_res) \
 {   \
-- 
2.47.2

[PATCH v2 08/14] target/i386: rename lazy flags field and its type

[Wei Liu]

The same structure and code can be used by other accelerators. Drop
the hvf prefix in the type and field name.

No functional change.

Signed-off-by: Wei Liu 
---
 target/i386/cpu.h   |  6 ++--
 target/i386/hvf/x86_flags.c | 56 ++---
 2 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index cf2bd0e9ada9..04ade00abb3d 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1811,10 +1811,10 @@ typedef struct CPUCaches {
 CPUCacheInfo *l3_cache;
 } CPUCaches;
 
-typedef struct HVFX86LazyFlags {
+typedef struct X86LazyFlags {
 target_ulong result;
 target_ulong auxbits;
-} HVFX86LazyFlags;
+} X86LazyFlags;
 
 typedef struct CPUArchState {
 /* standard registers */
@@ -2108,7 +2108,7 @@ typedef struct CPUArchState {
 QemuMutex xen_timers_lock;
 #endif
 #if defined(CONFIG_HVF)
-HVFX86LazyFlags hvf_lflags;
+X86LazyFlags lflags;
 void *emu_mmio_buf;
 #endif
 
diff --git a/target/i386/hvf/x86_flags.c b/target/i386/hvf/x86_flags.c
index 03d6de5efc3e..3c02c9c5632e 100644
--- a/target/i386/hvf/x86_flags.c
+++ b/target/i386/hvf/x86_flags.c
@@ -62,7 +62,7 @@
 #define SET_FLAGS_OSZAPC_SIZE(size, lf_carries, lf_result) { \
 target_ulong temp = ((lf_carries) & (LF_MASK_AF)) | \
 (((lf_carries) >> (size - 2)) << LF_BIT_PO); \
-env->hvf_lflags.result = (target_ulong)(int##size##_t)(lf_result); \
+env->lflags.result = (target_ulong)(int##size##_t)(lf_result); \
 if ((size) == 32) { \
 temp = ((lf_carries) & ~(LF_MASK_PDB | LF_MASK_SD)); \
 } else if ((size) == 16) { \
@@ -72,7 +72,7 @@
 } else { \
 VM_PANIC("unimplemented");  \
 } \
-env->hvf_lflags.auxbits = (target_ulong)(uint32_t)temp; \
+env->lflags.auxbits = (target_ulong)(uint32_t)temp; \
 }
 
 /* carries, result */
@@ -99,10 +99,10 @@
 } else { \
 VM_PANIC("unimplemented");  \
 } \
-env->hvf_lflags.result = (target_ulong)(int##size##_t)(lf_result); \
-target_ulong delta_c = (env->hvf_lflags.auxbits ^ temp) & LF_MASK_CF; \
+env->lflags.result = (target_ulong)(int##size##_t)(lf_result); \
+target_ulong delta_c = (env->lflags.auxbits ^ temp) & LF_MASK_CF; \
 delta_c ^= (delta_c >> 1); \
-env->hvf_lflags.auxbits = (target_ulong)(uint32_t)(temp ^ delta_c); \
+env->lflags.auxbits = (target_ulong)(uint32_t)(temp ^ delta_c); \
 }
 
 /* carries, result */
@@ -116,8 +116,8 @@
 void SET_FLAGS_OC(CPUX86State *env, uint32_t new_of, uint32_t new_cf)
 {
 uint32_t temp_po = new_of ^ new_cf;
-env->hvf_lflags.auxbits &= ~(LF_MASK_PO | LF_MASK_CF);
-env->hvf_lflags.auxbits |= (temp_po << LF_BIT_PO) | (new_cf << LF_BIT_CF);
+env->lflags.auxbits &= ~(LF_MASK_PO | LF_MASK_CF);
+env->lflags.auxbits |= (temp_po << LF_BIT_PO) | (new_cf << LF_BIT_CF);
 }
 
 void SET_FLAGS_OSZAPC_SUB32(CPUX86State *env, uint32_t v1, uint32_t v2,
@@ -213,27 +213,27 @@ void SET_FLAGS_OSZAPC_LOGIC8(CPUX86State *env, uint8_t 
v1, uint8_t v2,
 
 bool get_PF(CPUX86State *env)
 {
-uint32_t temp = (255 & env->hvf_lflags.result);
-temp = temp ^ (255 & (env->hvf_lflags.auxbits >> LF_BIT_PDB));
+uint32_t temp = (255 & env->lflags.result);
+temp = temp ^ (255 & (env->lflags.auxbits >> LF_BIT_PDB));
 temp = (temp ^ (temp >> 4)) & 0x0F;
 return (0x9669U >> temp) & 1;
 }
 
 void set_PF(CPUX86State *env, bool val)
 {
-uint32_t temp = (255 & env->hvf_lflags.result) ^ (!val);
-env->hvf_lflags.auxbits &= ~(LF_MASK_PDB);
-env->hvf_lflags.auxbits |= (temp << LF_BIT_PDB);
+uint32_t temp = (255 & env->lflags.result) ^ (!val);
+env->lflags.auxbits &= ~(LF_MASK_PDB);
+env->lflags.auxbits |= (temp << LF_BIT_PDB);
 }
 
 bool get_OF(CPUX86State *env)
 {
-return ((env->hvf_lflags.auxbits + (1U << LF_BIT_PO)) >> LF_BIT_CF) & 1;
+return ((env->lflags.auxbits + (1U << LF_BIT_PO)) >> LF_BIT_CF) & 1;
 }
 
 bool get_CF(CPUX86State *env)
 {
-return (env->hvf_lflags.auxbits >> LF_BIT_CF) & 1;
+return (env->lflags.auxbits >> LF_BIT_CF) & 1;
 }
 
 void set_OF(CPUX86State *env, bool val)
@@ -250,45 +250,45 @@ void set_CF(CPUX86State *env, bool val)
 
 bool get_AF(CPUX86State *env)
 {
-return (env->hvf_lflags.auxbits >> LF_BIT_AF) & 1;
+return (env->lflags.auxbits >> LF_BIT_AF) & 1;
 }
 
 void set_AF(CPUX86State *env, bool val)
 {
-env->hvf_lflags.auxbits &= ~(LF_MASK_AF);
-env->hvf_lflags.auxbits |= val << LF_BIT_AF;
+env->lflags.auxbits &= ~(LF_MASK_AF);
+env->lflags.auxbits |= val << LF_BIT_AF;
 }
 
 bool get_ZF(CPUX86State *env)
 {
-return !env->hvf_lflags.result;
+return !env->lflags.result;
 }
 
 void set_ZF(CPUX86State *env, bool val)
 {
 if (val) {
-env->hvf_lflags.auxbits ^=
- (((env->hvf_lflags.result >> LF_SIGN_BIT) & 1) << LF_BIT_SD);
+env->lflags.auxbits ^=
+ (((env->lflags.result >> LF_SIGN_BIT) & 1) << LF_BIT_SD);
 /* merge the parity bits into t

[PATCH v2 0/7] hw/hyperv: remove duplication compilation units

[Pierrick Bouvier]

Work towards having a single binary, by removing duplicated object files.

hw/hyperv/hyperv.c was excluded at this time, because it depends on target
dependent symbols:
- from system/kvm.h
- kvm_check_extension
- kvm_vm_ioctl
- from exec/cpu-all.h | memory_ldst_phys.h.inc
- ldq_phys

v2
- remove osdep from header
- use hardcoded buffer size for syndbg, assuming page size is always 4Kb.

Pierrick Bouvier (7):
  hw/hyperv/hv-balloon-stub: common compilation unit
  hw/hyperv/hyperv.h: header cleanup
  hw/hyperv/vmbus: common compilation unit
  hw/hyperv/hyperv-proto: move SYNDBG definition from target/i386
  hw/hyperv/syndbg: common compilation unit
  hw/hyperv/balloon: common balloon compilation units
  hw/hyperv/hyperv_testdev: common compilation unit

 include/hw/hyperv/hyperv-proto.h | 12 
 include/hw/hyperv/hyperv.h   |  3 +-
 target/i386/kvm/hyperv-proto.h   | 12 
 hw/hyperv/syndbg.c   | 10 +--
 hw/hyperv/vmbus.c| 50 
 hw/hyperv/meson.build|  9 +++---
 6 files changed, 51 insertions(+), 45 deletions(-)

-- 
2.39.5

Re: [PATCH 04/57] docs/sphinx: add compat.py module and nested_parse helper

[John Snow]

On Fri, Mar 7, 2025 at 12:46 AM Markus Armbruster  wrote:

> John Snow  writes:
>
> > Create a compat module that handles sphinx cross-version compatibility
> > issues. For the inaugural function, add a nested_parse() helper that
> > handles differences in line number tracking for nested directive body
> > parsing.
> >
> > Spoilers: there are more cross-version hacks to come throughout the
> > series.
> >
> > Signed-off-by: John Snow 
> > ---
> >  docs/sphinx/compat.py | 33 +
> >  1 file changed, 33 insertions(+)
> >  create mode 100644 docs/sphinx/compat.py
> >
> > diff --git a/docs/sphinx/compat.py b/docs/sphinx/compat.py
> > new file mode 100644
> > index 000..792aca10e39
> > --- /dev/null
> > +++ b/docs/sphinx/compat.py
> > @@ -0,0 +1,33 @@
> > +"""
> > +Sphinx cross-version compatibility goop
> > +"""
> > +
> > +from docutils.nodes import Element
> > +
> > +from sphinx.util.docutils import SphinxDirective, switch_source_input
> > +from sphinx.util.nodes import nested_parse_with_titles
> > +
> > +
> > +def nested_parse(directive: SphinxDirective, content_node: Element) ->
> None:
> > +"""
> > +This helper preserves error parsing context across sphinx versions.
> > +"""
> > +
> > +# necessary so that the child nodes get the right source/line set
> > +content_node.document = directive.state.document
> > +
> > +try:
> > +# Modern sphinx (6.2.0+) supports proper offsetting for
> > +# nested parse error context management
> > +nested_parse_with_titles(
> > +directive.state,
> > +directive.content,
> > +content_node,
> > +content_offset=directive.content_offset,
> > +)
> > +except TypeError:
> > +# No content_offset argument. Fall back to SSI method.
> > +with switch_source_input(directive.state, directive.content):
> > +nested_parse_with_titles(
> > +directive.state, directive.content, content_node
> > +)
>
> The function wraps around sphinx.util.nodes.nested_parse_with_titles().
> Would calling it nested_parse_with_titles() reduce readers' cognitive
> load at call sites?
>
> Please do not misinterpret my question as a demand.  It's really just a
> question :)
>

Sure, easy change.

Re: [PATCH 08/14] system/kvm: Expose kvm_irqchip_[add,remove]_change_notifier()

[Richard Henderson]

On 3/7/25 10:03, Philippe Mathieu-Daudé wrote:

Currently kvm_irqchip_add_irqfd_notifier() and
kvm_irqchip_remove_irqfd_notifier() are only declared on
target specific code. There is not particular reason to,
as their prototypes don't use anything target related.

Move their declaration with common prototypes, and
implement their stub.


The description is not accurate, because the new stubs are
*not* for the functions whose declaration you move.

This feels like two different changes.


r~

Re: [PATCH 09/14] hw/vfio/pci: Convert CONFIG_KVM check to runtime one

[Richard Henderson]

On 3/7/25 10:03, Philippe Mathieu-Daudé wrote:

Use the runtime kvm_enabled() helper to check whether
KVM is available or not.

Signed-off-by: Philippe Mathieu-Daudé
---
  hw/vfio/pci.c | 19 +--
  1 file changed, 9 insertions(+), 10 deletions(-)


Reviewed-by: Richard Henderson 

r~

[PATCH 01/16] include/exec: Split out exec/cpu-interrupt.h

[Richard Henderson]

Some of these bits are actually common to all cpus; while the
reset have common reservations for target-specific usage.
While generic code cannot know what the target-specific usage is,
common code can know what to do with the bits, e.g. single-step.

Signed-off-by: Richard Henderson 
---
 include/exec/cpu-all.h   | 53 +--
 include/exec/cpu-interrupt.h | 70 
 include/exec/poison.h| 13 ---
 3 files changed, 71 insertions(+), 65 deletions(-)
 create mode 100644 include/exec/cpu-interrupt.h

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 8f7aebb088..9e6724097c 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -21,6 +21,7 @@
 
 #include "exec/page-protection.h"
 #include "exec/cpu-common.h"
+#include "exec/cpu-interrupt.h"
 #include "exec/memory.h"
 #include "exec/tswap.h"
 #include "hw/core/cpu.h"
@@ -109,58 +110,6 @@ static inline void stl_phys_notdirty(AddressSpace *as, 
hwaddr addr, uint32_t val
 
 CPUArchState *cpu_copy(CPUArchState *env);
 
-/* Flags for use in ENV->INTERRUPT_PENDING.
-
-   The numbers assigned here are non-sequential in order to preserve
-   binary compatibility with the vmstate dump.  Bit 0 (0x0001) was
-   previously used for CPU_INTERRUPT_EXIT, and is cleared when loading
-   the vmstate dump.  */
-
-/* External hardware interrupt pending.  This is typically used for
-   interrupts from devices.  */
-#define CPU_INTERRUPT_HARD0x0002
-
-/* Exit the current TB.  This is typically used when some system-level device
-   makes some change to the memory mapping.  E.g. the a20 line change.  */
-#define CPU_INTERRUPT_EXITTB  0x0004
-
-/* Halt the CPU.  */
-#define CPU_INTERRUPT_HALT0x0020
-
-/* Debug event pending.  */
-#define CPU_INTERRUPT_DEBUG   0x0080
-
-/* Reset signal.  */
-#define CPU_INTERRUPT_RESET   0x0400
-
-/* Several target-specific external hardware interrupts.  Each target/cpu.h
-   should define proper names based on these defines.  */
-#define CPU_INTERRUPT_TGT_EXT_0   0x0008
-#define CPU_INTERRUPT_TGT_EXT_1   0x0010
-#define CPU_INTERRUPT_TGT_EXT_2   0x0040
-#define CPU_INTERRUPT_TGT_EXT_3   0x0200
-#define CPU_INTERRUPT_TGT_EXT_4   0x1000
-
-/* Several target-specific internal interrupts.  These differ from the
-   preceding target-specific interrupts in that they are intended to
-   originate from within the cpu itself, typically in response to some
-   instruction being executed.  These, therefore, are not masked while
-   single-stepping within the debugger.  */
-#define CPU_INTERRUPT_TGT_INT_0   0x0100
-#define CPU_INTERRUPT_TGT_INT_1   0x0800
-#define CPU_INTERRUPT_TGT_INT_2   0x2000
-
-/* First unused bit: 0x4000.  */
-
-/* The set of all bits that should be masked when single-stepping.  */
-#define CPU_INTERRUPT_SSTEP_MASK \
-(CPU_INTERRUPT_HARD  \
- | CPU_INTERRUPT_TGT_EXT_0   \
- | CPU_INTERRUPT_TGT_EXT_1   \
- | CPU_INTERRUPT_TGT_EXT_2   \
- | CPU_INTERRUPT_TGT_EXT_3   \
- | CPU_INTERRUPT_TGT_EXT_4)
-
 #include "cpu.h"
 
 #ifdef CONFIG_USER_ONLY
diff --git a/include/exec/cpu-interrupt.h b/include/exec/cpu-interrupt.h
new file mode 100644
index 00..40715193ca
--- /dev/null
+++ b/include/exec/cpu-interrupt.h
@@ -0,0 +1,70 @@
+/*
+ * Flags for use with cpu_interrupt()
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ */
+
+#ifndef CPU_INTERRUPT_H
+#define CPU_INTERRUPT_H
+
+/*
+ * The numbers assigned here are non-sequential in order to preserve binary
+ * compatibility with the vmstate dump.  Bit 0 (0x0001) was previously used
+ * for CPU_INTERRUPT_EXIT, and is cleared when loading the vmstate dump.
+ */
+
+/*
+ * External hardware interrupt pending.
+ * This is typically used for interrupts from devices.
+ */
+#define CPU_INTERRUPT_HARD0x0002
+
+/*
+ * Exit the current TB.  This is typically used when some system-level device
+ * makes some change to the memory mapping.  E.g. the a20 line change.
+ */
+#define CPU_INTERRUPT_EXITTB  0x0004
+
+/* Halt the CPU.  */
+#define CPU_INTERRUPT_HALT0x0020
+
+/* Debug event pending.  */
+#define CPU_INTERRUPT_DEBUG   0x0080
+
+/* Reset signal.  */
+#define CPU_INTERRUPT_RESET   0x0400
+
+/*
+ * Several target-specific external hardware interrupts.  Each target/cpu.h
+ * should define proper names based on these defines.
+ */
+#define CPU_INTERRUPT_TGT_EXT_0   0x0008
+#define CPU_INTERRUPT_TGT_EXT_1   0x0010
+#define CPU_INTERRUPT_TGT_EXT_2   0x0040
+#define CPU_INTERRUPT_TGT_EXT_3   0x0200
+#define CPU_INTERRUPT_TGT_EXT_4   0x1000
+
+/*
+ * Several target-specific internal interrupts.  These differ from the
+ * preceding target-specific interrupts in that they are intended to
+ * originate from within the cpu itself, typically in response to some
+ * instruction being executed.  These, therefore, are not masked while
+ * single-stepping within the debugger.
+ */
+#define CPU_I

[PATCH 07/16] exec: Declare tlb_hit*() in 'exec/cputlb.h'

[Richard Henderson]

From: Philippe Mathieu-Daudé 

Move CPU TLB related methods to "exec/cputlb.h".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Pierrick Bouvier 
Signed-off-by: Richard Henderson 
Message-ID: <20241114011310.3615-20-phi...@linaro.org>
---
 include/exec/cpu-all.h | 23 ---
 accel/tcg/cputlb.c | 23 +++
 2 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 9e6724097c..8cd6c00cf8 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -179,29 +179,6 @@ static inline int cpu_mmu_index(CPUState *cs, bool ifetch)
 /* The two sets of flags must not overlap. */
 QEMU_BUILD_BUG_ON(TLB_FLAGS_MASK & TLB_SLOW_FLAGS_MASK);
 
-/**
- * tlb_hit_page: return true if page aligned @addr is a hit against the
- * TLB entry @tlb_addr
- *
- * @addr: virtual address to test (must be page aligned)
- * @tlb_addr: TLB entry address (a CPUTLBEntry addr_read/write/code value)
- */
-static inline bool tlb_hit_page(uint64_t tlb_addr, vaddr addr)
-{
-return addr == (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK));
-}
-
-/**
- * tlb_hit: return true if @addr is a hit against the TLB entry @tlb_addr
- *
- * @addr: virtual address to test (need not be page aligned)
- * @tlb_addr: TLB entry address (a CPUTLBEntry addr_read/write/code value)
- */
-static inline bool tlb_hit(uint64_t tlb_addr, vaddr addr)
-{
-return tlb_hit_page(tlb_addr, addr & TARGET_PAGE_MASK);
-}
-
 #endif /* !CONFIG_USER_ONLY */
 
 /* Validate correct placement of CPUArchState. */
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index c8761683a0..fb22048876 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1201,6 +1201,29 @@ void tlb_set_page(CPUState *cpu, vaddr addr,
 prot, mmu_idx, size);
 }
 
+/**
+ * tlb_hit_page: return true if page aligned @addr is a hit against the
+ * TLB entry @tlb_addr
+ *
+ * @addr: virtual address to test (must be page aligned)
+ * @tlb_addr: TLB entry address (a CPUTLBEntry addr_read/write/code value)
+ */
+static inline bool tlb_hit_page(uint64_t tlb_addr, vaddr addr)
+{
+return addr == (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK));
+}
+
+/**
+ * tlb_hit: return true if @addr is a hit against the TLB entry @tlb_addr
+ *
+ * @addr: virtual address to test (need not be page aligned)
+ * @tlb_addr: TLB entry address (a CPUTLBEntry addr_read/write/code value)
+ */
+static inline bool tlb_hit(uint64_t tlb_addr, vaddr addr)
+{
+return tlb_hit_page(tlb_addr, addr & TARGET_PAGE_MASK);
+}
+
 /*
  * Note: tlb_fill_align() can trigger a resize of the TLB.
  * This means that all of the caller's prior references to the TLB table
-- 
2.43.0

[PATCH 05/16] exec: Declare tlb_set_page_with_attrs() in 'exec/cputlb.h'

[Richard Henderson]

From: Philippe Mathieu-Daudé 

Move CPU TLB related methods to "exec/cputlb.h".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Pierrick Bouvier 
Signed-off-by: Richard Henderson 
Message-ID: <20241114011310.3615-17-phi...@linaro.org>
---
 include/exec/cputlb.h| 28 
 include/exec/exec-all.h  | 25 -
 target/i386/tcg/system/excp_helper.c |  2 +-
 target/microblaze/helper.c   |  2 +-
 4 files changed, 30 insertions(+), 27 deletions(-)

diff --git a/include/exec/cputlb.h b/include/exec/cputlb.h
index 733ef012d1..56dd05a148 100644
--- a/include/exec/cputlb.h
+++ b/include/exec/cputlb.h
@@ -21,6 +21,8 @@
 #define CPUTLB_H
 
 #include "exec/cpu-common.h"
+#include "exec/hwaddr.h"
+#include "exec/memattrs.h"
 #include "exec/vaddr.h"
 
 #ifdef CONFIG_TCG
@@ -62,4 +64,30 @@ void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t 
length);
 void tlb_set_page_full(CPUState *cpu, int mmu_idx, vaddr addr,
CPUTLBEntryFull *full);
 
+/**
+ * tlb_set_page_with_attrs:
+ * @cpu: CPU to add this TLB entry for
+ * @addr: virtual address of page to add entry for
+ * @paddr: physical address of the page
+ * @attrs: memory transaction attributes
+ * @prot: access permissions (PAGE_READ/PAGE_WRITE/PAGE_EXEC bits)
+ * @mmu_idx: MMU index to insert TLB entry for
+ * @size: size of the page in bytes
+ *
+ * Add an entry to this CPU's TLB (a mapping from virtual address
+ * @addr to physical address @paddr) with the specified memory
+ * transaction attributes. This is generally called by the target CPU
+ * specific code after it has been called through the tlb_fill()
+ * entry point and performed a successful page table walk to find
+ * the physical address and attributes for the virtual address
+ * which provoked the TLB miss.
+ *
+ * At most one entry for a given virtual address is permitted. Only a
+ * single TARGET_PAGE_SIZE region is mapped; the supplied @size is only
+ * used by tlb_flush_page.
+ */
+void tlb_set_page_with_attrs(CPUState *cpu, vaddr addr,
+ hwaddr paddr, MemTxAttrs attrs,
+ int prot, int mmu_idx, vaddr size);
+
 #endif
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index f43c67366b..62d6300752 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -156,31 +156,6 @@ void tlb_flush_range_by_mmuidx_all_cpus_synced(CPUState 
*cpu,
uint16_t idxmap,
unsigned bits);
 
-/**
- * tlb_set_page_with_attrs:
- * @cpu: CPU to add this TLB entry for
- * @addr: virtual address of page to add entry for
- * @paddr: physical address of the page
- * @attrs: memory transaction attributes
- * @prot: access permissions (PAGE_READ/PAGE_WRITE/PAGE_EXEC bits)
- * @mmu_idx: MMU index to insert TLB entry for
- * @size: size of the page in bytes
- *
- * Add an entry to this CPU's TLB (a mapping from virtual address
- * @addr to physical address @paddr) with the specified memory
- * transaction attributes. This is generally called by the target CPU
- * specific code after it has been called through the tlb_fill()
- * entry point and performed a successful page table walk to find
- * the physical address and attributes for the virtual address
- * which provoked the TLB miss.
- *
- * At most one entry for a given virtual address is permitted. Only a
- * single TARGET_PAGE_SIZE region is mapped; the supplied @size is only
- * used by tlb_flush_page.
- */
-void tlb_set_page_with_attrs(CPUState *cpu, vaddr addr,
- hwaddr paddr, MemTxAttrs attrs,
- int prot, int mmu_idx, vaddr size);
 /* tlb_set_page:
  *
  * This function is equivalent to calling tlb_set_page_with_attrs()
diff --git a/target/i386/tcg/system/excp_helper.c 
b/target/i386/tcg/system/excp_helper.c
index 864e3140e3..6876329de2 100644
--- a/target/i386/tcg/system/excp_helper.c
+++ b/target/i386/tcg/system/excp_helper.c
@@ -20,7 +20,7 @@
 #include "qemu/osdep.h"
 #include "cpu.h"
 #include "exec/cpu_ldst.h"
-#include "exec/exec-all.h"
+#include "exec/cputlb.h"
 #include "exec/page-protection.h"
 #include "tcg/helper-tcg.h"
 
diff --git a/target/microblaze/helper.c b/target/microblaze/helper.c
index 5d3259ce31..27fc929bee 100644
--- a/target/microblaze/helper.c
+++ b/target/microblaze/helper.c
@@ -20,7 +20,7 @@
 
 #include "qemu/osdep.h"
 #include "cpu.h"
-#include "exec/exec-all.h"
+#include "exec/cputlb.h"
 #include "exec/page-protection.h"
 #include "qemu/host-utils.h"
 #include "exec/log.h"
-- 
2.43.0

[PATCH 06/16] exec: Declare tlb_set_page() in 'exec/cputlb.h'

[Richard Henderson]

From: Philippe Mathieu-Daudé 

Move CPU TLB related methods to "exec/cputlb.h".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Pierrick Bouvier 
Signed-off-by: Richard Henderson 
Message-ID: <20241114011310.3615-18-phi...@linaro.org>
---
 include/exec/cputlb.h   | 11 +++
 include/exec/exec-all.h |  9 -
 target/alpha/helper.c   |  2 +-
 target/avr/helper.c |  2 +-
 target/loongarch/tcg/tlb_helper.c   |  1 +
 target/m68k/helper.c|  1 +
 target/mips/tcg/system/tlb_helper.c |  1 +
 target/openrisc/mmu.c   |  2 +-
 target/ppc/mmu_helper.c |  1 +
 target/riscv/cpu_helper.c   |  1 +
 target/rx/cpu.c |  2 +-
 target/s390x/tcg/excp_helper.c  |  1 +
 target/sh4/helper.c |  1 +
 target/tricore/helper.c |  2 +-
 target/xtensa/helper.c  |  2 +-
 15 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/include/exec/cputlb.h b/include/exec/cputlb.h
index 56dd05a148..cdfaf17403 100644
--- a/include/exec/cputlb.h
+++ b/include/exec/cputlb.h
@@ -90,4 +90,15 @@ void tlb_set_page_with_attrs(CPUState *cpu, vaddr addr,
  hwaddr paddr, MemTxAttrs attrs,
  int prot, int mmu_idx, vaddr size);
 
+/**
+ * tlb_set_page:
+ *
+ * This function is equivalent to calling tlb_set_page_with_attrs()
+ * with an @attrs argument of MEMTXATTRS_UNSPECIFIED. It's provided
+ * as a convenience for CPUs which don't use memory transaction attributes.
+ */
+void tlb_set_page(CPUState *cpu, vaddr addr,
+  hwaddr paddr, int prot,
+  int mmu_idx, vaddr size);
+
 #endif
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 62d6300752..a3aa8448d0 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -156,15 +156,6 @@ void tlb_flush_range_by_mmuidx_all_cpus_synced(CPUState 
*cpu,
uint16_t idxmap,
unsigned bits);
 
-/* tlb_set_page:
- *
- * This function is equivalent to calling tlb_set_page_with_attrs()
- * with an @attrs argument of MEMTXATTRS_UNSPECIFIED. It's provided
- * as a convenience for CPUs which don't use memory transaction attributes.
- */
-void tlb_set_page(CPUState *cpu, vaddr addr,
-  hwaddr paddr, int prot,
-  int mmu_idx, vaddr size);
 #else
 static inline void tlb_flush_page(CPUState *cpu, vaddr addr)
 {
diff --git a/target/alpha/helper.c b/target/alpha/helper.c
index 2f1000c99f..57cefcba14 100644
--- a/target/alpha/helper.c
+++ b/target/alpha/helper.c
@@ -20,7 +20,7 @@
 #include "qemu/osdep.h"
 #include "qemu/log.h"
 #include "cpu.h"
-#include "exec/exec-all.h"
+#include "exec/cputlb.h"
 #include "exec/page-protection.h"
 #include "fpu/softfloat-types.h"
 #include "exec/helper-proto.h"
diff --git a/target/avr/helper.c b/target/avr/helper.c
index 9ea6870e44..3412312ad5 100644
--- a/target/avr/helper.c
+++ b/target/avr/helper.c
@@ -23,7 +23,7 @@
 #include "qemu/error-report.h"
 #include "cpu.h"
 #include "accel/tcg/cpu-ops.h"
-#include "exec/exec-all.h"
+#include "exec/cputlb.h"
 #include "exec/page-protection.h"
 #include "exec/cpu_ldst.h"
 #include "exec/address-spaces.h"
diff --git a/target/loongarch/tcg/tlb_helper.c 
b/target/loongarch/tcg/tlb_helper.c
index a323606e5a..f6b63c7224 100644
--- a/target/loongarch/tcg/tlb_helper.c
+++ b/target/loongarch/tcg/tlb_helper.c
@@ -12,6 +12,7 @@
 #include "cpu.h"
 #include "internals.h"
 #include "exec/helper-proto.h"
+#include "exec/cputlb.h"
 #include "exec/exec-all.h"
 #include "exec/page-protection.h"
 #include "exec/cpu_ldst.h"
diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index beefeb7069..0bf574830f 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -20,6 +20,7 @@
 
 #include "qemu/osdep.h"
 #include "cpu.h"
+#include "exec/cputlb.h"
 #include "exec/exec-all.h"
 #include "exec/page-protection.h"
 #include "exec/gdbstub.h"
diff --git a/target/mips/tcg/system/tlb_helper.c 
b/target/mips/tcg/system/tlb_helper.c
index e98bb95951..ca4d6b27bc 100644
--- a/target/mips/tcg/system/tlb_helper.c
+++ b/target/mips/tcg/system/tlb_helper.c
@@ -21,6 +21,7 @@
 
 #include "cpu.h"
 #include "internal.h"
+#include "exec/cputlb.h"
 #include "exec/exec-all.h"
 #include "exec/page-protection.h"
 #include "exec/cpu_ldst.h"
diff --git a/target/openrisc/mmu.c b/target/openrisc/mmu.c
index c632d5230b..47ac783c52 100644
--- a/target/openrisc/mmu.c
+++ b/target/openrisc/mmu.c
@@ -21,7 +21,7 @@
 #include "qemu/osdep.h"
 #include "qemu/log.h"
 #include "cpu.h"
-#include "exec/exec-all.h"
+#include "exec/cputlb.h"
 #include "exec/page-protection.h"
 #include "gdbstub/helpers.h"
 #include "qemu/host-utils.h"
diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
index a802bc9c62..ad9ba8294c 100644
--- a/target/ppc/mmu_helper.c
+++ b/target/ppc/mmu_helper.c

[PATCH 15/16] accel/tcg: Build tcg-runtime.c once

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 accel/tcg/tcg-runtime.c | 8 ++--
 accel/tcg/meson.build   | 2 +-
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/accel/tcg/tcg-runtime.c b/accel/tcg/tcg-runtime.c
index 9fa539ad3d..72c4c6bd31 100644
--- a/accel/tcg/tcg-runtime.c
+++ b/accel/tcg/tcg-runtime.c
@@ -23,13 +23,9 @@
  */
 #include "qemu/osdep.h"
 #include "qemu/host-utils.h"
-#include "cpu.h"
+#include "exec/cpu-common.h"
 #include "exec/helper-proto-common.h"
-#include "exec/cpu_ldst.h"
-#include "exec/exec-all.h"
-#include "disas/disas.h"
-#include "exec/log.h"
-#include "tcg/tcg.h"
+#include "exec/helper-getpc.h"
 
 #define HELPER_H  "accel/tcg/tcg-runtime.h"
 #include "exec/helper-info.c.inc"
diff --git a/accel/tcg/meson.build b/accel/tcg/meson.build
index 81fb25da5c..411fe28dea 100644
--- a/accel/tcg/meson.build
+++ b/accel/tcg/meson.build
@@ -1,5 +1,6 @@
 common_ss.add(when: 'CONFIG_TCG', if_true: files(
   'cpu-exec-common.c',
+  'tcg-runtime.c',
 ))
 tcg_specific_ss = ss.source_set()
 tcg_specific_ss.add(files(
@@ -7,7 +8,6 @@ tcg_specific_ss.add(files(
   'cpu-exec.c',
   'tb-maint.c',
   'tcg-runtime-gvec.c',
-  'tcg-runtime.c',
   'translate-all.c',
   'translator.c',
 ))
-- 
2.43.0

[PATCH 00/16] accel/tcg: Compile more files once

[Richard Henderson]

Take care of some easy cases in accel/tcg/.
>From here it starts getting harder.  :-)


r~


Philippe Mathieu-Daudé (6):
  exec: Declare tlb_reset_dirty*() in 'exec/cputlb.h'
  exec: Declare tlb_set_page_full() in 'exec/cputlb.h'
  exec: Declare tlb_set_page_with_attrs() in 'exec/cputlb.h'
  exec: Declare tlb_set_page() in 'exec/cputlb.h'
  exec: Declare tlb_hit*() in 'exec/cputlb.h'
  exec: Declare tlb_flush*() in 'exec/cputlb.h'

Richard Henderson (10):
  include/exec: Split out exec/cpu-interrupt.h
  accel/tcg: Compile watchpoint.c once
  system: Build watchpoint.c once
  accel/tcg: Build tcg-accel-ops.c once
  accel/tcg: Build tcg-accel-ops-icount.c once
  accel/tcg: Build tcg-accel-ops-rr.c once
  accel/tcg: Build tcg-accel-ops-mttcg.c once
  include/exec: Split out helper-getpc.h
  accel/tcg: Build tcg-runtime.c once
  accel/tcg: Build tcg-runtime-gvec.c once

 accel/tcg/internal-common.h  |   2 +
 accel/tcg/tb-internal.h  |   2 -
 include/exec/cpu-all.h   |  76 +---
 include/exec/cpu-interrupt.h |  70 +++
 include/exec/cputlb.h| 263 ++-
 include/exec/exec-all.h  | 262 +-
 include/exec/helper-getpc.h  |  31 
 include/exec/poison.h|  13 --
 include/exec/ram_addr.h  |   1 +
 accel/tcg/cputlb.c   |  23 +++
 accel/tcg/tcg-accel-ops-icount.c |   2 +-
 accel/tcg/tcg-accel-ops-mttcg.c  |   1 -
 accel/tcg/tcg-accel-ops-rr.c |   2 +-
 accel/tcg/tcg-accel-ops.c|   2 +-
 accel/tcg/tcg-runtime-gvec.c |   1 -
 accel/tcg/tcg-runtime.c  |   8 +-
 accel/tcg/watchpoint.c   |   5 +-
 cpu-target.c |   1 +
 hw/intc/armv7m_nvic.c|   2 +-
 hw/ppc/spapr_nested.c|   1 +
 hw/sh4/sh7750.c  |   1 +
 system/physmem.c |   1 +
 system/watchpoint.c  |   3 +-
 target/alpha/helper.c|   2 +-
 target/alpha/sys_helper.c|   2 +-
 target/arm/helper.c  |   1 +
 target/arm/tcg/tlb-insns.c   |   2 +-
 target/avr/helper.c  |   2 +-
 target/hppa/mem_helper.c |   1 +
 target/i386/helper.c |   2 +-
 target/i386/machine.c|   2 +-
 target/i386/tcg/fpu_helper.c |   2 +-
 target/i386/tcg/misc_helper.c|   2 +-
 target/i386/tcg/system/excp_helper.c |   2 +-
 target/i386/tcg/system/misc_helper.c |   2 +-
 target/i386/tcg/system/svm_helper.c  |   2 +-
 target/loongarch/tcg/csr_helper.c|   2 +-
 target/loongarch/tcg/tlb_helper.c|   1 +
 target/m68k/helper.c |   1 +
 target/microblaze/helper.c   |   2 +-
 target/microblaze/mmu.c  |   2 +-
 target/mips/system/cp0.c |   2 +-
 target/mips/tcg/system/cp0_helper.c  |   2 +-
 target/mips/tcg/system/tlb_helper.c  |   1 +
 target/openrisc/mmu.c|   2 +-
 target/openrisc/sys_helper.c |   1 +
 target/ppc/helper_regs.c |   2 +-
 target/ppc/misc_helper.c |   1 +
 target/ppc/mmu_helper.c  |   1 +
 target/riscv/cpu_helper.c|   1 +
 target/riscv/csr.c   |   1 +
 target/riscv/op_helper.c |   1 +
 target/riscv/pmp.c   |   2 +-
 target/rx/cpu.c  |   2 +-
 target/s390x/gdbstub.c   |   2 +-
 target/s390x/sigp.c  |   1 +
 target/s390x/tcg/excp_helper.c   |   1 +
 target/s390x/tcg/mem_helper.c|   1 +
 target/s390x/tcg/misc_helper.c   |   1 +
 target/sh4/helper.c  |   1 +
 target/sparc/ldst_helper.c   |   1 +
 target/sparc/mmu_helper.c|   2 +-
 target/tricore/helper.c  |   2 +-
 target/xtensa/helper.c   |   2 +-
 target/xtensa/mmu_helper.c   |   1 +
 accel/tcg/meson.build|  14 +-
 system/meson.build   |   2 +-
 67 files changed, 450 insertions(+), 405 deletions(-)
 create mode 100644 include/exec/cpu-interrupt.h
 create mode 100644 include/exec/helper-getpc.h

-- 
2.43.0

[PATCH 02/16] accel/tcg: Compile watchpoint.c once

[Richard Henderson]

Move tb_check_watchpoint declaration from tb-internal.h, which is
still target-specific, to internal-common.h, which isn't.
Otherwise, all that is required to build watchpoint.c once is
to include the new exec/cpu-interrupt.h instead of exec/exec-all.h.

Signed-off-by: Richard Henderson 
---
 accel/tcg/internal-common.h | 2 ++
 accel/tcg/tb-internal.h | 2 --
 accel/tcg/watchpoint.c  | 5 ++---
 accel/tcg/meson.build   | 2 +-
 4 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/accel/tcg/internal-common.h b/accel/tcg/internal-common.h
index 7ef620d963..9b6ab3a8cc 100644
--- a/accel/tcg/internal-common.h
+++ b/accel/tcg/internal-common.h
@@ -72,4 +72,6 @@ void tcg_exec_unrealizefn(CPUState *cpu);
 /* current cflags for hashing/comparison */
 uint32_t curr_cflags(CPUState *cpu);
 
+void tb_check_watchpoint(CPUState *cpu, uintptr_t retaddr);
+
 #endif
diff --git a/accel/tcg/tb-internal.h b/accel/tcg/tb-internal.h
index abd423fcf5..62a59a5307 100644
--- a/accel/tcg/tb-internal.h
+++ b/accel/tcg/tb-internal.h
@@ -75,6 +75,4 @@ void tb_invalidate_phys_range_fast(ram_addr_t ram_addr,
 
 bool tb_invalidate_phys_page_unwind(tb_page_addr_t addr, uintptr_t pc);
 
-void tb_check_watchpoint(CPUState *cpu, uintptr_t retaddr);
-
 #endif
diff --git a/accel/tcg/watchpoint.c b/accel/tcg/watchpoint.c
index 40112b2b2e..ba8c9859cf 100644
--- a/accel/tcg/watchpoint.c
+++ b/accel/tcg/watchpoint.c
@@ -19,11 +19,10 @@
 
 #include "qemu/osdep.h"
 #include "qemu/main-loop.h"
-#include "qemu/error-report.h"
-#include "exec/exec-all.h"
+#include "exec/breakpoint.h"
+#include "exec/cpu-interrupt.h"
 #include "exec/page-protection.h"
 #include "exec/translation-block.h"
-#include "tb-internal.h"
 #include "system/tcg.h"
 #include "system/replay.h"
 #include "accel/tcg/cpu-ops.h"
diff --git a/accel/tcg/meson.build b/accel/tcg/meson.build
index 69f4808ac4..979ce90eb0 100644
--- a/accel/tcg/meson.build
+++ b/accel/tcg/meson.build
@@ -20,7 +20,6 @@ specific_ss.add_all(when: 'CONFIG_TCG', if_true: 
tcg_specific_ss)
 
 specific_ss.add(when: ['CONFIG_SYSTEM_ONLY', 'CONFIG_TCG'], if_true: files(
   'cputlb.c',
-  'watchpoint.c',
   'tcg-accel-ops.c',
   'tcg-accel-ops-mttcg.c',
   'tcg-accel-ops-icount.c',
@@ -30,4 +29,5 @@ specific_ss.add(when: ['CONFIG_SYSTEM_ONLY', 'CONFIG_TCG'], 
if_true: files(
 system_ss.add(when: ['CONFIG_TCG'], if_true: files(
   'icount-common.c',
   'monitor.c',
+  'watchpoint.c',
 ))
-- 
2.43.0

[PATCH 03/16] exec: Declare tlb_reset_dirty*() in 'exec/cputlb.h'

[Richard Henderson]

From: Philippe Mathieu-Daudé 

Move CPU TLB related methods to "exec/cputlb.h".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Pierrick Bouvier 
Message-ID: <20241114011310.3615-14-phi...@linaro.org>
Signed-off-by: Richard Henderson 
---
 include/exec/cputlb.h   | 7 +++
 include/exec/exec-all.h | 3 ---
 include/exec/ram_addr.h | 1 +
 system/physmem.c| 1 +
 4 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/include/exec/cputlb.h b/include/exec/cputlb.h
index ef18642a32..6cac7d530f 100644
--- a/include/exec/cputlb.h
+++ b/include/exec/cputlb.h
@@ -32,4 +32,11 @@ void tlb_unprotect_code(ram_addr_t ram_addr);
 
 #endif /* CONFIG_TCG */
 
+#ifndef CONFIG_USER_ONLY
+
+void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length);
+void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length);
+
+#endif
+
 #endif
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 8eb0df48f9..f24256fb5e 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -486,9 +486,6 @@ static inline tb_page_addr_t 
get_page_addr_code(CPUArchState *env,
 
 #if !defined(CONFIG_USER_ONLY)
 
-void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length);
-void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length);
-
 MemoryRegionSection *
 address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
   hwaddr *xlat, hwaddr *plen,
diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h
index 94bb3ccbe4..3d8df4edf1 100644
--- a/include/exec/ram_addr.h
+++ b/include/exec/ram_addr.h
@@ -23,6 +23,7 @@
 #include "cpu.h"
 #include "system/xen.h"
 #include "system/tcg.h"
+#include "exec/cputlb.h"
 #include "exec/ramlist.h"
 #include "exec/ramblock.h"
 #include "exec/exec-all.h"
diff --git a/system/physmem.c b/system/physmem.c
index 8c1736f84e..a6af555f4b 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -32,6 +32,7 @@
 #endif /* CONFIG_TCG */
 
 #include "exec/exec-all.h"
+#include "exec/cputlb.h"
 #include "exec/page-protection.h"
 #include "exec/target_page.h"
 #include "exec/translation-block.h"
-- 
2.43.0

[PATCH 14/16] include/exec: Split out helper-getpc.h

[Richard Henderson]

Split out GETPC and GETPC_ADJ to a target-independent header.

Signed-off-by: Richard Henderson 
---
 include/exec/exec-all.h | 19 +--
 include/exec/helper-getpc.h | 31 +++
 2 files changed, 32 insertions(+), 18 deletions(-)
 create mode 100644 include/exec/helper-getpc.h

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index a758b7a843..22a99ca502 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -26,6 +26,7 @@
 #endif
 #include "exec/mmu-access-type.h"
 #include "exec/translation-block.h"
+#include "exec/helper-getpc.h"
 
 #if defined(CONFIG_TCG)
 
@@ -177,24 +178,6 @@ void tb_phys_invalidate(TranslationBlock *tb, 
tb_page_addr_t page_addr);
 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t last);
 void tb_set_jmp_target(TranslationBlock *tb, int n, uintptr_t addr);
 
-/* GETPC is the true target of the return instruction that we'll execute.  */
-#if defined(CONFIG_TCG_INTERPRETER)
-extern __thread uintptr_t tci_tb_ptr;
-# define GETPC() tci_tb_ptr
-#else
-# define GETPC() \
-((uintptr_t)__builtin_extract_return_addr(__builtin_return_address(0)))
-#endif
-
-/* The true return address will often point to a host insn that is part of
-   the next translated guest insn.  Adjust the address backward to point to
-   the middle of the call insn.  Subtracting one would do the job except for
-   several compressed mode architectures (arm, mips) which set the low bit
-   to indicate the compressed mode; subtracting two works around that.  It
-   is also the case that there are no host isas that contain a call insn
-   smaller than 4 bytes, so we don't worry about special-casing this.  */
-#define GETPC_ADJ   2
-
 #if !defined(CONFIG_USER_ONLY)
 
 /**
diff --git a/include/exec/helper-getpc.h b/include/exec/helper-getpc.h
new file mode 100644
index 00..1c8bd72c11
--- /dev/null
+++ b/include/exec/helper-getpc.h
@@ -0,0 +1,31 @@
+/*
+ * Get host pc for helper unwinding.
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ */
+
+#ifndef HELPER_GETPC_H
+#define HELPER_GETPC_H
+
+/* GETPC is the true target of the return instruction that we'll execute.  */
+#if defined(CONFIG_TCG_INTERPRETER)
+extern __thread uintptr_t tci_tb_ptr;
+# define GETPC() tci_tb_ptr
+#else
+# define GETPC() \
+((uintptr_t)__builtin_extract_return_addr(__builtin_return_address(0)))
+#endif
+
+/*
+ * The true return address will often point to a host insn that is part of
+ * the next translated guest insn.  Adjust the address backward to point to
+ * the middle of the call insn.  Subtracting one would do the job except for
+ * several compressed mode architectures (arm, mips) which set the low bit
+ * to indicate the compressed mode; subtracting two works around that.  It
+ * is also the case that there are no host isas that contain a call insn
+ * smaller than 4 bytes, so we don't worry about special-casing this.
+ */
+#define GETPC_ADJ   2
+
+#endif /* HELPER_GETPC_H */
-- 
2.43.0

[PATCH 11/16] accel/tcg: Build tcg-accel-ops-icount.c once

[Richard Henderson]

All that is required is to avoid including exec-all.h.

Signed-off-by: Richard Henderson 
---
 accel/tcg/tcg-accel-ops-icount.c | 2 +-
 accel/tcg/meson.build| 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/accel/tcg/tcg-accel-ops-icount.c b/accel/tcg/tcg-accel-ops-icount.c
index d6b472a0b0..27cf1044c7 100644
--- a/accel/tcg/tcg-accel-ops-icount.c
+++ b/accel/tcg/tcg-accel-ops-icount.c
@@ -28,7 +28,7 @@
 #include "system/cpu-timers.h"
 #include "qemu/main-loop.h"
 #include "qemu/guest-random.h"
-#include "exec/exec-all.h"
+#include "hw/core/cpu.h"
 
 #include "tcg-accel-ops.h"
 #include "tcg-accel-ops-icount.h"
diff --git a/accel/tcg/meson.build b/accel/tcg/meson.build
index 70ada21f42..891b724eb6 100644
--- a/accel/tcg/meson.build
+++ b/accel/tcg/meson.build
@@ -21,7 +21,6 @@ specific_ss.add_all(when: 'CONFIG_TCG', if_true: 
tcg_specific_ss)
 specific_ss.add(when: ['CONFIG_SYSTEM_ONLY', 'CONFIG_TCG'], if_true: files(
   'cputlb.c',
   'tcg-accel-ops-mttcg.c',
-  'tcg-accel-ops-icount.c',
   'tcg-accel-ops-rr.c',
 ))
 
@@ -29,5 +28,6 @@ system_ss.add(when: ['CONFIG_TCG'], if_true: files(
   'icount-common.c',
   'monitor.c',
   'tcg-accel-ops.c',
+  'tcg-accel-ops-icount.c',
   'watchpoint.c',
 ))
-- 
2.43.0

[PATCH 13/16] accel/tcg: Build tcg-accel-ops-mttcg.c once

[Richard Henderson]

All that is required is to avoid including exec-all.h.

Signed-off-by: Richard Henderson 
---
 accel/tcg/tcg-accel-ops-mttcg.c | 1 -
 accel/tcg/meson.build   | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/accel/tcg/tcg-accel-ops-mttcg.c b/accel/tcg/tcg-accel-ops-mttcg.c
index ba7cf6819d..bdcc385ae9 100644
--- a/accel/tcg/tcg-accel-ops-mttcg.c
+++ b/accel/tcg/tcg-accel-ops-mttcg.c
@@ -30,7 +30,6 @@
 #include "qemu/main-loop.h"
 #include "qemu/notify.h"
 #include "qemu/guest-random.h"
-#include "exec/exec-all.h"
 #include "hw/boards.h"
 #include "tcg/startup.h"
 #include "tcg-accel-ops.h"
diff --git a/accel/tcg/meson.build b/accel/tcg/meson.build
index 87c1394b62..81fb25da5c 100644
--- a/accel/tcg/meson.build
+++ b/accel/tcg/meson.build
@@ -20,7 +20,6 @@ specific_ss.add_all(when: 'CONFIG_TCG', if_true: 
tcg_specific_ss)
 
 specific_ss.add(when: ['CONFIG_SYSTEM_ONLY', 'CONFIG_TCG'], if_true: files(
   'cputlb.c',
-  'tcg-accel-ops-mttcg.c',
 ))
 
 system_ss.add(when: ['CONFIG_TCG'], if_true: files(
@@ -28,6 +27,7 @@ system_ss.add(when: ['CONFIG_TCG'], if_true: files(
   'monitor.c',
   'tcg-accel-ops.c',
   'tcg-accel-ops-icount.c',
+  'tcg-accel-ops-mttcg.c',
   'tcg-accel-ops-rr.c',
   'watchpoint.c',
 ))
-- 
2.43.0

[PATCH 16/16] accel/tcg: Build tcg-runtime-gvec.c once

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 accel/tcg/tcg-runtime-gvec.c | 1 -
 accel/tcg/meson.build| 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/accel/tcg/tcg-runtime-gvec.c b/accel/tcg/tcg-runtime-gvec.c
index afca89baa1..ff927c5dd8 100644
--- a/accel/tcg/tcg-runtime-gvec.c
+++ b/accel/tcg/tcg-runtime-gvec.c
@@ -19,7 +19,6 @@
 
 #include "qemu/osdep.h"
 #include "qemu/host-utils.h"
-#include "cpu.h"
 #include "exec/helper-proto-common.h"
 #include "tcg/tcg-gvec-desc.h"
 
diff --git a/accel/tcg/meson.build b/accel/tcg/meson.build
index 411fe28dea..38ff227eb0 100644
--- a/accel/tcg/meson.build
+++ b/accel/tcg/meson.build
@@ -1,13 +1,13 @@
 common_ss.add(when: 'CONFIG_TCG', if_true: files(
   'cpu-exec-common.c',
   'tcg-runtime.c',
+  'tcg-runtime-gvec.c',
 ))
 tcg_specific_ss = ss.source_set()
 tcg_specific_ss.add(files(
   'tcg-all.c',
   'cpu-exec.c',
   'tb-maint.c',
-  'tcg-runtime-gvec.c',
   'translate-all.c',
   'translator.c',
 ))
-- 
2.43.0

[PATCH 04/16] exec: Declare tlb_set_page_full() in 'exec/cputlb.h'

[Richard Henderson]

From: Philippe Mathieu-Daudé 

Move CPU TLB related methods to "exec/cputlb.h".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Pierrick Bouvier 
Signed-off-by: Richard Henderson 
Message-ID: <20241114011310.3615-16-phi...@linaro.org>
---
 include/exec/cputlb.h | 23 +++
 include/exec/exec-all.h   | 22 --
 target/sparc/mmu_helper.c |  2 +-
 3 files changed, 24 insertions(+), 23 deletions(-)

diff --git a/include/exec/cputlb.h b/include/exec/cputlb.h
index 6cac7d530f..733ef012d1 100644
--- a/include/exec/cputlb.h
+++ b/include/exec/cputlb.h
@@ -21,6 +21,7 @@
 #define CPUTLB_H
 
 #include "exec/cpu-common.h"
+#include "exec/vaddr.h"
 
 #ifdef CONFIG_TCG
 
@@ -39,4 +40,26 @@ void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t 
length);
 
 #endif
 
+/**
+ * tlb_set_page_full:
+ * @cpu: CPU context
+ * @mmu_idx: mmu index of the tlb to modify
+ * @addr: virtual address of the entry to add
+ * @full: the details of the tlb entry
+ *
+ * Add an entry to @cpu tlb index @mmu_idx.  All of the fields of
+ * @full must be filled, except for xlat_section, and constitute
+ * the complete description of the translated page.
+ *
+ * This is generally called by the target tlb_fill function after
+ * having performed a successful page table walk to find the physical
+ * address and attributes for the translation.
+ *
+ * At most one entry for a given virtual address is permitted. Only a
+ * single TARGET_PAGE_SIZE region is mapped; @full->lg_page_size is only
+ * used by tlb_flush_page.
+ */
+void tlb_set_page_full(CPUState *cpu, int mmu_idx, vaddr addr,
+   CPUTLBEntryFull *full);
+
 #endif
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index f24256fb5e..f43c67366b 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -156,28 +156,6 @@ void tlb_flush_range_by_mmuidx_all_cpus_synced(CPUState 
*cpu,
uint16_t idxmap,
unsigned bits);
 
-/**
- * tlb_set_page_full:
- * @cpu: CPU context
- * @mmu_idx: mmu index of the tlb to modify
- * @addr: virtual address of the entry to add
- * @full: the details of the tlb entry
- *
- * Add an entry to @cpu tlb index @mmu_idx.  All of the fields of
- * @full must be filled, except for xlat_section, and constitute
- * the complete description of the translated page.
- *
- * This is generally called by the target tlb_fill function after
- * having performed a successful page table walk to find the physical
- * address and attributes for the translation.
- *
- * At most one entry for a given virtual address is permitted. Only a
- * single TARGET_PAGE_SIZE region is mapped; @full->lg_page_size is only
- * used by tlb_flush_page.
- */
-void tlb_set_page_full(CPUState *cpu, int mmu_idx, vaddr addr,
-   CPUTLBEntryFull *full);
-
 /**
  * tlb_set_page_with_attrs:
  * @cpu: CPU to add this TLB entry for
diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c
index 9ff06026b8..7548d01777 100644
--- a/target/sparc/mmu_helper.c
+++ b/target/sparc/mmu_helper.c
@@ -20,7 +20,7 @@
 #include "qemu/osdep.h"
 #include "qemu/log.h"
 #include "cpu.h"
-#include "exec/exec-all.h"
+#include "exec/cputlb.h"
 #include "exec/page-protection.h"
 #include "qemu/qemu-print.h"
 #include "trace.h"
-- 
2.43.0

RE: [PATCH 12/38] target/hexagon: Add imported macro, attr defs for sysemu

[ltaylorsimpson]

> -Original Message-
> From: Brian Cain 
> Sent: Friday, February 28, 2025 11:26 PM
> To: qemu-devel@nongnu.org
> Cc: brian.c...@oss.qualcomm.com; richard.hender...@linaro.org;
> phi...@linaro.org; quic_mathb...@quicinc.com; a...@rev.ng; a...@rev.ng;
> quic_mlie...@quicinc.com; ltaylorsimp...@gmail.com;
> alex.ben...@linaro.org; quic_mbur...@quicinc.com;
> sidn...@quicinc.com; Brian Cain 
> Subject: [PATCH 12/38] target/hexagon: Add imported macro, attr defs for
> sysemu
> 
> From: Brian Cain 
> 
> Signed-off-by: Brian Cain 
> ---
>  target/hexagon/attribs_def.h.inc   | 414 +++--
>  target/hexagon/imported/macros.def | 558
> +
>  2 files changed, 942 insertions(+), 30 deletions(-)  mode change 100755 =>
> 100644 target/hexagon/imported/macros.def
> 
> diff --git a/target/hexagon/attribs_def.h.inc
> b/target/hexagon/attribs_def.h.inc
> index 9e3a05f882..e6523a739b 100644
> --- a/target/hexagon/attribs_def.h.inc
> +++ b/target/hexagon/attribs_def.h.inc
> @@ -19,20 +19,41 @@
>  DEF_ATTRIB(AA_DUMMY, "Dummy Zeroth Attribute", "", "")
> 
>  /* Misc */
> +DEF_ATTRIB(FAKEINSN, "Not a real instruction", "", "")
> +DEF_ATTRIB(MAPPING, "Not real -- asm mapped", "", "")
> +DEF_ATTRIB(CONDMAPPING, "Not real -- mapped based on values", "", "")
>  DEF_ATTRIB(EXTENSION, "Extension instruction", "", "")
> +DEF_ATTRIB(SHARED_EXTENSION, "Shared extension instruction", "", "")
> +DEF_ATTRIB(CABAC,
> +   "Cabac Instruction. Used in conjuction with QDSP6_CABAC_PRESENT",
> "",
> +   "")
> +DEF_ATTRIB(EXPERIMENTAL, "This may not work correctly not supported by
> RTL.",
> +   "", "")

Personally, I don't think we should be adding all of these.  Few are needed, 
and we run the risk of having attributes that aren’t used in QEMU and therefore 
aren’t properly implemented in QEMU.  Somewhere down the road, an instruction 
or macro could show up in the imported directory with such an attribute, and it 
will cause unnecessary headaches.  Examples above are CONDMAPPING and 
EXPERIMENTAL.  These should be included in hex_common.tag_ignore.

Better to wait until an instruction in a future version of Hexagon shows up 
that uses an attribute.  These will be few, so it will be simpler to examine 
each new attribute to ensure it is properly implemented in QEMU.

> 
>  /* access to implicit registers */
>  DEF_ATTRIB(IMPLICIT_WRITES_LR, "Writes the link register", "", "UREG.LR")
> +DEF_ATTRIB(IMPLICIT_READS_LR, "Reads the link register", "UREG.LR", "")
> +DEF_ATTRIB(IMPLICIT_READS_LC0, "Reads loop count for loop 0",
> +"UREG.LC0", "") DEF_ATTRIB(IMPLICIT_READS_LC1, "Reads loop count for
> +loop 1", "UREG.LC1", "") DEF_ATTRIB(IMPLICIT_READS_SA0, "Reads start
> +address for loop 0", "UREG.SA0", "") DEF_ATTRIB(IMPLICIT_READS_SA1,
> +"Reads start address for loop 1", "UREG.SA1", "")
> +DEF_ATTRIB(IMPLICIT_WRITES_PC, "Writes the program counter", "",
> +"UREG.PC") DEF_ATTRIB(IMPLICIT_READS_PC, "Reads the program
> counter",
> +"UREG.PC", "")
>  DEF_ATTRIB(IMPLICIT_WRITES_SP, "Writes the stack pointer", "",
> "UREG.SP")
> +DEF_ATTRIB(IMPLICIT_READS_SP, "Reads the stack pointer", "UREG.SP",
> "")
>  DEF_ATTRIB(IMPLICIT_WRITES_FP, "Writes the frame pointer", "",
> "UREG.FP")
> +DEF_ATTRIB(IMPLICIT_READS_FP, "Reads the frame pointer", "UREG.FP",
> "")
> +DEF_ATTRIB(IMPLICIT_WRITES_GP, "Writes the GP register", "",
> "UREG.GP")
> +DEF_ATTRIB(IMPLICIT_READS_GP, "Reads the GP register", "UREG.GP", "")
>  DEF_ATTRIB(IMPLICIT_WRITES_LC0, "Writes loop count for loop 0", "",
> "UREG.LC0")  DEF_ATTRIB(IMPLICIT_WRITES_LC1, "Writes loop count for
> loop 1", "", "UREG.LC1")  DEF_ATTRIB(IMPLICIT_WRITES_SA0, "Writes start
> addr for loop 0", "", "UREG.SA0")  DEF_ATTRIB(IMPLICIT_WRITES_SA1,
> "Writes start addr for loop 1", "", "UREG.SA1")
> +DEF_ATTRIB(IMPLICIT_WRITES_R00, "Writes Register 0", "", "UREG.R00")

The IMPLICIT_READS_* and IMPLICIT_WRITES_* are examples that would need to be 
handled properly if ever used.  Look at IMPLICIT_*_P0 to see how they are used 
in translate.c::analyze_packet.  Imagine a day in the future when an 
instruction gets imported with IMPLICIT_WRITES_R00 attribute.  When that 
instruction is in a packet with an instruction that reads R0, analyze_packet 
will not know there is a conflict and decide it's OK to short-circuit the 
packet semantics.  That bug would go unnoticed for a long time and only show up 
when a large program runs incorrectly on QEMU.

Thanks,
Taylor

[PATCH] rust: pl011: Allow NULL chardev argument to pl011_create()

[Peter Maydell]

It's valid for the caller to pass a NULL chardev to pl011_create();
this means "don't set the chardev property on the device", which
in turn means "act like there's no chardev". All the chardev
frontend APIs (in C, at least) accept a NULL pointer to mean
"do nothing".

This fixes some failures in 'make check-functional' when Rust support
is enabled.

Signed-off-by: Peter Maydell 
---
This is my first Rust related patch for QEMU, so I've
probably got something wrong here :-)
---
 rust/hw/char/pl011/src/device.rs | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/rust/hw/char/pl011/src/device.rs b/rust/hw/char/pl011/src/device.rs
index d0857b470c9..8098f762f4b 100644
--- a/rust/hw/char/pl011/src/device.rs
+++ b/rust/hw/char/pl011/src/device.rs
@@ -713,10 +713,12 @@ pub fn post_load(&self, _version_id: u32) -> Result<(), 
()> {
 // SAFETY: The callers promise that they have owned references.
 // They do not gift them to pl011_create, so use `Owned::from`.
 let irq = unsafe { Ownedfrom(&*irq) };
-let chr = unsafe { Ownedfrom(&*chr) };
 
 let dev = PL011State::new();
-dev.prop_set_chr("chardev", &chr);
+if !chr.is_null() {
+let chr = unsafe { Ownedfrom(&*chr) };
+dev.prop_set_chr("chardev", &chr);
+}
 dev.sysbus_realize();
 dev.mmio_map(0, addr);
 dev.connect_irq(0, &irq);
-- 
2.43.0

[PATCH v2 14/14] MAINTAINERS: add an entry for the x86 instruction emulator

[Wei Liu]

Add myself as a reviewer.

Signed-off-by: Wei Liu 
---
v2: new
---
 MAINTAINERS | 8 
 1 file changed, 8 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 5df6020ed545..02c763e9d14f 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -533,6 +533,14 @@ S: Supported
 F: target/i386/whpx/
 F: include/system/whpx.h
 
+X86 Instruction Emulator
+M: Cameron Esfahani 
+M: Roman Bolshakov 
+R: Phil Dennis-Jordan 
+R: Wei Liu 
+S: Maintained
+F: target/i386/emulate/
+
 Guest CPU Cores (Xen)
 -
 X86 Xen CPUs
-- 
2.47.2

[PATCH v8 10/20] acpi/ghes: add a notifier to notify when error data is ready

[Mauro Carvalho Chehab]

Some error injection notify methods are async, like GPIO
notify. Add a notifier to be used when the error record is
ready to be sent to the guest OS.

Signed-off-by: Mauro Carvalho Chehab 
Reviewed-by: Jonathan Cameron 
Acked-by: Igor Mammedov 
---
 hw/acpi/ghes.c | 5 -
 include/hw/acpi/ghes.h | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/hw/acpi/ghes.c b/hw/acpi/ghes.c
index f49d0d628fc4..0135ac844bcf 100644
--- a/hw/acpi/ghes.c
+++ b/hw/acpi/ghes.c
@@ -510,6 +510,9 @@ static void get_ghes_source_offsets(uint16_t source_id,
 *read_ack_start_addr = le64_to_cpu(*read_ack_start_addr);
 }
 
+NotifierList acpi_generic_error_notifiers =
+NOTIFIER_LIST_INITIALIZER(error_device_notifiers);
+
 void ghes_record_cper_errors(AcpiGhesState *ags, const void *cper, size_t len,
  uint16_t source_id, Error **errp)
 {
@@ -550,7 +553,7 @@ void ghes_record_cper_errors(AcpiGhesState *ags, const void 
*cper, size_t len,
 /* Write the generic error data entry into guest memory */
 cpu_physical_memory_write(cper_addr, cper, len);
 
-return;
+notifier_list_notify(&acpi_generic_error_notifiers, NULL);
 }
 
 int acpi_ghes_memory_errors(AcpiGhesState *ags, uint16_t source_id,
diff --git a/include/hw/acpi/ghes.h b/include/hw/acpi/ghes.h
index 8c4b08433760..390943e46d99 100644
--- a/include/hw/acpi/ghes.h
+++ b/include/hw/acpi/ghes.h
@@ -24,6 +24,9 @@
 
 #include "hw/acpi/bios-linker-loader.h"
 #include "qapi/error.h"
+#include "qemu/notify.h"
+
+extern NotifierList acpi_generic_error_notifiers;
 
 /*
  * Values for Hardware Error Notification Type field
-- 
2.48.1

Re: [PATCH 00/16] accel/tcg: Compile more files once

[Pierrick Bouvier]

On 3/7/25 10:56, Richard Henderson wrote:

Take care of some easy cases in accel/tcg/.
 From here it starts getting harder.  :-)



It would be convenient to work on top of it.
Could you rebase it on top of master?

Thanks,
Pierrick



r~


Philippe Mathieu-Daudé (6):
   exec: Declare tlb_reset_dirty*() in 'exec/cputlb.h'
   exec: Declare tlb_set_page_full() in 'exec/cputlb.h'
   exec: Declare tlb_set_page_with_attrs() in 'exec/cputlb.h'
   exec: Declare tlb_set_page() in 'exec/cputlb.h'
   exec: Declare tlb_hit*() in 'exec/cputlb.h'
   exec: Declare tlb_flush*() in 'exec/cputlb.h'

Richard Henderson (10):
   include/exec: Split out exec/cpu-interrupt.h
   accel/tcg: Compile watchpoint.c once
   system: Build watchpoint.c once
   accel/tcg: Build tcg-accel-ops.c once
   accel/tcg: Build tcg-accel-ops-icount.c once
   accel/tcg: Build tcg-accel-ops-rr.c once
   accel/tcg: Build tcg-accel-ops-mttcg.c once
   include/exec: Split out helper-getpc.h
   accel/tcg: Build tcg-runtime.c once
   accel/tcg: Build tcg-runtime-gvec.c once

  accel/tcg/internal-common.h  |   2 +
  accel/tcg/tb-internal.h  |   2 -
  include/exec/cpu-all.h   |  76 +---
  include/exec/cpu-interrupt.h |  70 +++
  include/exec/cputlb.h| 263 ++-
  include/exec/exec-all.h  | 262 +-
  include/exec/helper-getpc.h  |  31 
  include/exec/poison.h|  13 --
  include/exec/ram_addr.h  |   1 +
  accel/tcg/cputlb.c   |  23 +++
  accel/tcg/tcg-accel-ops-icount.c |   2 +-
  accel/tcg/tcg-accel-ops-mttcg.c  |   1 -
  accel/tcg/tcg-accel-ops-rr.c |   2 +-
  accel/tcg/tcg-accel-ops.c|   2 +-
  accel/tcg/tcg-runtime-gvec.c |   1 -
  accel/tcg/tcg-runtime.c  |   8 +-
  accel/tcg/watchpoint.c   |   5 +-
  cpu-target.c |   1 +
  hw/intc/armv7m_nvic.c|   2 +-
  hw/ppc/spapr_nested.c|   1 +
  hw/sh4/sh7750.c  |   1 +
  system/physmem.c |   1 +
  system/watchpoint.c  |   3 +-
  target/alpha/helper.c|   2 +-
  target/alpha/sys_helper.c|   2 +-
  target/arm/helper.c  |   1 +
  target/arm/tcg/tlb-insns.c   |   2 +-
  target/avr/helper.c  |   2 +-
  target/hppa/mem_helper.c |   1 +
  target/i386/helper.c |   2 +-
  target/i386/machine.c|   2 +-
  target/i386/tcg/fpu_helper.c |   2 +-
  target/i386/tcg/misc_helper.c|   2 +-
  target/i386/tcg/system/excp_helper.c |   2 +-
  target/i386/tcg/system/misc_helper.c |   2 +-
  target/i386/tcg/system/svm_helper.c  |   2 +-
  target/loongarch/tcg/csr_helper.c|   2 +-
  target/loongarch/tcg/tlb_helper.c|   1 +
  target/m68k/helper.c |   1 +
  target/microblaze/helper.c   |   2 +-
  target/microblaze/mmu.c  |   2 +-
  target/mips/system/cp0.c |   2 +-
  target/mips/tcg/system/cp0_helper.c  |   2 +-
  target/mips/tcg/system/tlb_helper.c  |   1 +
  target/openrisc/mmu.c|   2 +-
  target/openrisc/sys_helper.c |   1 +
  target/ppc/helper_regs.c |   2 +-
  target/ppc/misc_helper.c |   1 +
  target/ppc/mmu_helper.c  |   1 +
  target/riscv/cpu_helper.c|   1 +
  target/riscv/csr.c   |   1 +
  target/riscv/op_helper.c |   1 +
  target/riscv/pmp.c   |   2 +-
  target/rx/cpu.c  |   2 +-
  target/s390x/gdbstub.c   |   2 +-
  target/s390x/sigp.c  |   1 +
  target/s390x/tcg/excp_helper.c   |   1 +
  target/s390x/tcg/mem_helper.c|   1 +
  target/s390x/tcg/misc_helper.c   |   1 +
  target/sh4/helper.c  |   1 +
  target/sparc/ldst_helper.c   |   1 +
  target/sparc/mmu_helper.c|   2 +-
  target/tricore/helper.c  |   2 +-
  target/xtensa/helper.c   |   2 +-
  target/xtensa/mmu_helper.c   |   1 +
  accel/tcg/meson.build|  14 +-
  system/meson.build   |   2 +-
  67 files changed, 450 insertions(+), 405 deletions(-)
  create mode 100644 include/exec/cpu-interrupt.h
  create mode 100644 include/exec/helper-getpc.h

[PATCH v3 6/7] hw/hyperv/balloon: common balloon compilation units

[Pierrick Bouvier]

Reviewed-by: Richard Henderson 
Signed-off-by: Pierrick Bouvier 
---
 hw/hyperv/meson.build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/hyperv/meson.build b/hw/hyperv/meson.build
index a9f2045a9af..5acd709bdd5 100644
--- a/hw/hyperv/meson.build
+++ b/hw/hyperv/meson.build
@@ -2,5 +2,5 @@ specific_ss.add(when: 'CONFIG_HYPERV', if_true: 
files('hyperv.c'))
 specific_ss.add(when: 'CONFIG_HYPERV_TESTDEV', if_true: 
files('hyperv_testdev.c'))
 system_ss.add(when: 'CONFIG_VMBUS', if_true: files('vmbus.c'))
 system_ss.add(when: 'CONFIG_SYNDBG', if_true: files('syndbg.c'))
-specific_ss.add(when: 'CONFIG_HV_BALLOON', if_true: files('hv-balloon.c', 
'hv-balloon-page_range_tree.c', 'hv-balloon-our_range_memslots.c'))
+system_ss.add(when: 'CONFIG_HV_BALLOON', if_true: files('hv-balloon.c', 
'hv-balloon-page_range_tree.c', 'hv-balloon-our_range_memslots.c'))
 system_ss.add(when: 'CONFIG_HV_BALLOON', if_false: files('hv-balloon-stub.c'))
-- 
2.39.5

Re: [PATCH 10/14] system/iommufd: Introduce iommufd_builtin() helper

[Pierrick Bouvier]

On 3/7/25 10:03, Philippe Mathieu-Daudé wrote:

iommufd_builtin() can be used to check at runtime whether
the IOMMUFD feature is built in a qemu-system binary.

Signed-off-by: Philippe Mathieu-Daudé 
---
  docs/devel/vfio-iommufd.rst | 2 +-
  include/system/iommufd.h| 8 
  2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/docs/devel/vfio-iommufd.rst b/docs/devel/vfio-iommufd.rst
index 3d1c11f175e..08882094eee 100644
--- a/docs/devel/vfio-iommufd.rst
+++ b/docs/devel/vfio-iommufd.rst
@@ -88,7 +88,7 @@ Step 2: configure QEMU
  --
  
  Interactions with the ``/dev/iommu`` are abstracted by a new iommufd

-object (compiled in with the ``CONFIG_IOMMUFD`` option).
+object (which availability can be checked at runtime using 
``iommufd_builtin()``).
  
  Any QEMU device (e.g. VFIO device) wishing to use ``/dev/iommu`` must

  be linked with an iommufd object. It gets a new optional property
diff --git a/include/system/iommufd.h b/include/system/iommufd.h
index cbab75bfbf6..ce459254025 100644
--- a/include/system/iommufd.h
+++ b/include/system/iommufd.h
@@ -63,4 +63,12 @@ bool iommufd_backend_get_dirty_bitmap(IOMMUFDBackend *be, 
uint32_t hwpt_id,
Error **errp);
  
  #define TYPE_HOST_IOMMU_DEVICE_IOMMUFD TYPE_HOST_IOMMU_DEVICE "-iommufd"

+
+static inline bool iommufd_builtin(void)
+{
+bool ambig = false;
+
+return object_resolve_path_type("", TYPE_IOMMUFD_BACKEND, &ambig) || ambig;
+}
+
  #endif


Reviewed-by: Pierrick Bouvier 

[PULL 02/21] hw/gpio: npcm7xx: fixup out-of-bounds access

[Peter Maydell]

From: Patrick Venture 

The reg isn't validated to be a possible register before
it's dereferenced for one case.  The mmio space registered
for the gpio device is 4KiB but there aren't that many
registers in the struct.

Cc: qemu-sta...@nongnu.org
Fixes: 526dbbe0874 ("hw/gpio: Add GPIO model for Nuvoton NPCM7xx")
Signed-off-by: Patrick Venture 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20250226024603.493148-1-vent...@google.com
Signed-off-by: Peter Maydell 
---
 hw/gpio/npcm7xx_gpio.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/gpio/npcm7xx_gpio.c b/hw/gpio/npcm7xx_gpio.c
index 23e67424c9f..2916056fae6 100644
--- a/hw/gpio/npcm7xx_gpio.c
+++ b/hw/gpio/npcm7xx_gpio.c
@@ -220,8 +220,6 @@ static void npcm7xx_gpio_regs_write(void *opaque, hwaddr 
addr, uint64_t v,
 return;
 }
 
-diff = s->regs[reg] ^ value;
-
 switch (reg) {
 case NPCM7XX_GPIO_TLOCK1:
 case NPCM7XX_GPIO_TLOCK2:
@@ -242,6 +240,7 @@ static void npcm7xx_gpio_regs_write(void *opaque, hwaddr 
addr, uint64_t v,
 case NPCM7XX_GPIO_PU:
 case NPCM7XX_GPIO_PD:
 case NPCM7XX_GPIO_IEM:
+diff = s->regs[reg] ^ value;
 s->regs[reg] = value;
 npcm7xx_gpio_update_pins(s, diff);
 break;
-- 
2.43.0

[PULL 29/42] vfio/migration: Add vfio_add_bytes_transferred()

[Cédric Le Goater]

From: "Maciej S. Szmigiero" 

This way bytes_transferred can also be incremented in other translation
units than migration.c.

Signed-off-by: Maciej S. Szmigiero 
Reviewed-by: Cédric Le Goater 
Link: 
https://lore.kernel.org/qemu-devel/d1fbc27ac2417b49892f354ba20f6c6b3f7209f8.1741124640.git.maciej.szmigi...@oracle.com
Signed-off-by: Cédric Le Goater 
---
 include/hw/vfio/vfio-common.h | 1 +
 hw/vfio/migration.c   | 7 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/include/hw/vfio/vfio-common.h b/include/hw/vfio/vfio-common.h
index 
ac35136a11051b079cd9d04e6becd344a0e0f7e7..5c84ebb0029853bf408ffb7d308a603435bd234b
 100644
--- a/include/hw/vfio/vfio-common.h
+++ b/include/hw/vfio/vfio-common.h
@@ -274,6 +274,7 @@ void vfio_unblock_multiple_devices_migration(void);
 bool vfio_viommu_preset(VFIODevice *vbasedev);
 int64_t vfio_mig_bytes_transferred(void);
 void vfio_reset_bytes_transferred(void);
+void vfio_mig_add_bytes_transferred(unsigned long val);
 bool vfio_device_state_is_running(VFIODevice *vbasedev);
 bool vfio_device_state_is_precopy(VFIODevice *vbasedev);
 
diff --git a/hw/vfio/migration.c b/hw/vfio/migration.c
index 
5532787be63b9925a70202536a7f5796ea1fc8d1..51c056e152aae694ecc1b590c1a94dd8e5277c4a
 100644
--- a/hw/vfio/migration.c
+++ b/hw/vfio/migration.c
@@ -391,7 +391,7 @@ static ssize_t vfio_save_block(QEMUFile *f, VFIOMigration 
*migration)
 qemu_put_be64(f, VFIO_MIG_FLAG_DEV_DATA_STATE);
 qemu_put_be64(f, data_size);
 qemu_put_buffer(f, migration->data_buffer, data_size);
-qatomic_add(&bytes_transferred, data_size);
+vfio_mig_add_bytes_transferred(data_size);
 
 trace_vfio_save_block(migration->vbasedev->name, data_size);
 
@@ -1021,6 +1021,11 @@ void vfio_reset_bytes_transferred(void)
 qatomic_set(&bytes_transferred, 0);
 }
 
+void vfio_mig_add_bytes_transferred(unsigned long val)
+{
+qatomic_add(&bytes_transferred, val);
+}
+
 /*
  * Return true when either migration initialized or blocker registered.
  * Currently only return false when adding blocker fails which will
-- 
2.48.1

[PULL 04/10] qdev: Delete unused qdev_prop_enum

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
Message-ID: <20250227085601.4140852-2-arm...@redhat.com>
Reviewed-by: Daniel P. Berrangé 
---
 include/hw/qdev-properties.h | 1 -
 hw/core/qdev-properties.c| 7 ---
 2 files changed, 8 deletions(-)

diff --git a/include/hw/qdev-properties.h b/include/hw/qdev-properties.h
index bf27375a3c..ae6ec2b990 100644
--- a/include/hw/qdev-properties.h
+++ b/include/hw/qdev-properties.h
@@ -49,7 +49,6 @@ struct PropertyInfo {
 extern const PropertyInfo qdev_prop_bit;
 extern const PropertyInfo qdev_prop_bit64;
 extern const PropertyInfo qdev_prop_bool;
-extern const PropertyInfo qdev_prop_enum;
 extern const PropertyInfo qdev_prop_uint8;
 extern const PropertyInfo qdev_prop_uint16;
 extern const PropertyInfo qdev_prop_uint32;
diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c
index 0b52aad555..2540bd8880 100644
--- a/hw/core/qdev-properties.c
+++ b/hw/core/qdev-properties.c
@@ -122,13 +122,6 @@ void qdev_propinfo_set_default_value_enum(ObjectProperty 
*op,
 qapi_enum_lookup(prop->info->enum_table, prop->defval.i));
 }
 
-const PropertyInfo qdev_prop_enum = {
-.name  = "enum",
-.get   = qdev_propinfo_get_enum,
-.set   = qdev_propinfo_set_enum,
-.set_default_value = qdev_propinfo_set_default_value_enum,
-};
-
 /* Bit */
 
 static uint32_t qdev_get_prop_mask(const Property *prop)
-- 
2.48.1

[PULL 18/42] migration: Add thread pool of optional load threads

[Cédric Le Goater]

From: "Maciej S. Szmigiero" 

Some drivers might want to make use of auxiliary helper threads during VM
state loading, for example to make sure that their blocking (sync) I/O
operations don't block the rest of the migration process.

Add a migration core managed thread pool to facilitate this use case.

The migration core will wait for these threads to finish before
(re)starting the VM at destination.

Reviewed-by: Fabiano Rosas 
Signed-off-by: Maciej S. Szmigiero 
Link: 
https://lore.kernel.org/qemu-devel/b09fd70369b6159c75847e69f235cb908b02570c.1741124640.git.maciej.szmigi...@oracle.com
Signed-off-by: Cédric Le Goater 
---
 include/migration/misc.h |  3 ++
 include/qemu/typedefs.h  |  2 +
 migration/migration.h|  5 +++
 migration/savevm.h   |  2 +-
 migration/migration.c|  2 +-
 migration/savevm.c   | 95 +++-
 6 files changed, 105 insertions(+), 4 deletions(-)

diff --git a/include/migration/misc.h b/include/migration/misc.h
index 
c660be80954abdd768e419d2ab892fc034c7349d..4c171f4e897e2bea9016a1559bef3e89c165b176
 100644
--- a/include/migration/misc.h
+++ b/include/migration/misc.h
@@ -45,9 +45,12 @@ bool migrate_ram_is_ignored(RAMBlock *block);
 /* migration/block.c */
 
 AnnounceParameters *migrate_announce_params(void);
+
 /* migration/savevm.c */
 
 void dump_vmstate_json_to_file(FILE *out_fp);
+void qemu_loadvm_start_load_thread(MigrationLoadThread function,
+   void *opaque);
 
 /* migration/migration.c */
 void migration_object_init(void);
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index 
3d84efcac47a2f1a34f177a1ed0df5aeae04fdb3..fd23ff7771b1bd6cd51f48bbc5be86aa57982307
 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -131,5 +131,7 @@ typedef struct IRQState *qemu_irq;
  * Function types
  */
 typedef void (*qemu_irq_handler)(void *opaque, int n, int level);
+typedef bool (*MigrationLoadThread)(void *opaque, bool *should_quit,
+Error **errp);
 
 #endif /* QEMU_TYPEDEFS_H */
diff --git a/migration/migration.h b/migration/migration.h
index 
7b4278e2a32b2044fad4cf7f7a5defd4435333ea..d53f7cad84d8e4a8bd8546f94d635c9733d71961
 100644
--- a/migration/migration.h
+++ b/migration/migration.h
@@ -43,6 +43,7 @@
 #define  MIGRATION_THREAD_DST_PREEMPT   "mig/dst/preempt"
 
 struct PostcopyBlocktimeContext;
+typedef struct ThreadPool ThreadPool;
 
 #define  MIGRATION_RESUME_ACK_VALUE  (1)
 
@@ -187,6 +188,10 @@ struct MigrationIncomingState {
 Coroutine *colo_incoming_co;
 QemuSemaphore colo_incoming_sem;
 
+/* Optional load threads pool and its thread exit request flag */
+ThreadPool *load_threads;
+bool load_threads_abort;
+
 /*
  * PostcopyBlocktimeContext to keep information for postcopy
  * live migration, to calculate vCPU block time
diff --git a/migration/savevm.h b/migration/savevm.h
index 
cb58434a9437f7f9752ae7ae02981e9927d4ce85..138c39a7f9f97f69957eac63f338e4807bd7e8c5
 100644
--- a/migration/savevm.h
+++ b/migration/savevm.h
@@ -64,7 +64,7 @@ void qemu_savevm_live_state(QEMUFile *f);
 int qemu_save_device_state(QEMUFile *f);
 
 int qemu_loadvm_state(QEMUFile *f);
-void qemu_loadvm_state_cleanup(void);
+void qemu_loadvm_state_cleanup(MigrationIncomingState *mis);
 int qemu_loadvm_state_main(QEMUFile *f, MigrationIncomingState *mis);
 int qemu_load_device_state(QEMUFile *f);
 int qemu_loadvm_approve_switchover(void);
diff --git a/migration/migration.c b/migration/migration.c
index 
0bf70ea9717d73b0816f6ae52b99ae67924e8030..1833cfe3580cd6e587c6c7cb754458c34baf61e8
 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -419,7 +419,7 @@ void migration_incoming_state_destroy(void)
  * BQL and retake unconditionally.
  */
 assert(bql_locked());
-qemu_loadvm_state_cleanup();
+qemu_loadvm_state_cleanup(mis);
 
 if (mis->to_src_file) {
 /* Tell source that we are done */
diff --git a/migration/savevm.c b/migration/savevm.c
index 
3e86b572cfa82c201b1bf935080a2e0ca651be0e..1abc365570e324dd85f8a95adeb1a95f57b73264
 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -54,6 +54,7 @@
 #include "qemu/job.h"
 #include "qemu/main-loop.h"
 #include "block/snapshot.h"
+#include "block/thread-pool.h"
 #include "qemu/cutils.h"
 #include "io/channel-buffer.h"
 #include "io/channel-file.h"
@@ -131,6 +132,35 @@ static struct mig_cmd_args {
  * generic extendable format with an exception for two old entities.
  */
 
+/***/
+/* Optional load threads pool support */
+
+static void qemu_loadvm_thread_pool_create(MigrationIncomingState *mis)
+{
+assert(!mis->load_threads);
+mis->load_threads = thread_pool_new();
+mis->load_threads_abort = false;
+}
+
+static void qemu_loadvm_thread_pool_destroy(MigrationIncomingState *mis)
+{
+qatomic_set(&mis->load_threads_abort, true);
+
+bql_unlock(); /* Load threads might 

Re: [PATCH qemu v2 1/3] hw/s390x: add CPI identifiers to QOM

[shalini]

On 2025-03-05 16:56, Thomas Huth wrote:

On 24/02/2025 13.04, Shalini Chellathurai Saroja wrote:

Add Control-Program Identification (CPI) to the QEMU Object
Model (QOM). The CPI identifiers provide information about
the guest operating system. The CPI identifiers are:
system type, system name, system level and sysplex name.

The system type provides the OS type of the guest (e.g. LINUX).
The system name provides the name of the guest (e.g. TESTVM).
The system level provides the distribution and kernel version
of the guest OS (e.g. 0x50e00).
The sysplex name provides the sysplex name of the guest
(e.g. SYSPLEX).

Signed-off-by: Shalini Chellathurai Saroja 
---
  hw/s390x/s390-virtio-ccw.c | 29 
+

  include/hw/s390x/s390-virtio-ccw.h |  8 
  qapi/machine.json  | 24 
  3 files changed, 61 insertions(+)

diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 51ae0c133d..13ea8db1b0 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -50,6 +50,7 @@
  #include "hw/s390x/virtio-ccw-md.h"
  #include "system/replay.h"
  #include CONFIG_DEVICES
+#include "qapi/qapi-visit-machine.h"
static Error *pv_mig_blocker;
  @@ -803,6 +804,26 @@ static void machine_set_loadparm(Object *obj, 
Visitor *v,

  s390_ipl_fmt_loadparm(ms->loadparm, val, errp);
  }
  +static void machine_get_control_program_id(Object *obj, Visitor *v,
+   const char *name, void 
*opaque,

+   Error **errp)
+{
+S390CcwMachineState *ms = S390_CCW_MACHINE(obj);
+S390ControlProgramId *cpi;
+cpi = &(S390ControlProgramId){
+.system_type = g_strndup((char *) ms->cpi.system_type,
+   sizeof(ms->cpi.system_type)),
+.system_name = g_strndup((char *) ms->cpi.system_name,
+   sizeof(ms->cpi.system_name)),
+.system_level = g_strdup_printf("0x%lx", 
ms->cpi.system_level),

+.sysplex_name = g_strndup((char *) ms->cpi.sysplex_name,
+sizeof(ms->cpi.sysplex_name)),
+.timestamp = ms->cpi.timestamp
+};


Could you please indend the sizeof() lines with the "(" after the
g_strndup in the previous line?



Hello Thomas,

Sure, I have provided a sample code below, please let me know if this is 
incorrect. Thank you.



+cpi = &(S390ControlProgramId){
+.system_type = g_strndup((char *) ms->cpi.system_type,
+ sizeof(ms->cpi.system_type)),




+
+visit_type_S390ControlProgramId(v, name, &cpi, &error_abort);
+}
+
  static void ccw_machine_class_init(ObjectClass *oc, void *data)
  {
  MachineClass *mc = MACHINE_CLASS(oc);
@@ -854,6 +875,14 @@ static void ccw_machine_class_init(ObjectClass 
*oc, void *data)
  "Up to 8 chars in set of [A-Za-z0-9. ] (lower case chars 
converted"
  " to upper case) to pass to machine loader, boot 
manager,"

  " and guest kernel");
+object_class_property_add(oc, "s390-control-program-id",


I think I'd rather drop the "s390-" prefix here. The property is
already part of the s390-virtio-ccw machine, so it should be obvious
that this is related to s390.

ok.




+  "S390ControlProgramId",
+  machine_get_control_program_id,
+  NULL, NULL, NULL);
+object_class_property_set_description(oc, 
"s390-control-program-id",

+"Control-progam identifiers provide data about the guest "


s/progam/program/


ok.


+"operating system");
+
  }
static inline void s390_machine_initfn(Object *obj)


[...]


diff --git a/qapi/machine.json b/qapi/machine.json
index a6b8795b09..c6cbad87e1 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -1898,3 +1898,27 @@
  { 'command': 'x-query-interrupt-controllers',
'returns': 'HumanReadableText',
'features': [ 'unstable' ]}
+
+##
+# @S390ControlProgramId:
+#
+# Control-program identifiers provide data about Linux instance.


If I understood correctly, this could also theoretically be used by
other guest operating systems? If so, please replace "Linux instance"
with "guest operating system".



Yes, that is correct. I will change the description of the attributes 
below based on the comments from you and Daniel, thank you.



+#
+# @system-type: operating system of Linux instance


Replace with:

 @system-type: operating system (e.g. "LINUX")

?


+#
+# @system-name: system name of Linux instance


Name of the VM instance ?


+# @system-level: distribution and kernel version of Linux instance
+#
+# @sysplex-name: sysplex name of Linux instance
+#
+# @timestamp: latest update of CPI data
+#
+# Since: 9.2


9.2 has already been released, so this should be 10.0.



ok.


+##
+{ 'struct': 'S390ControlProgramId', 'data': {
+ 'system-type': 'str',
+ 'system-name': 'str',
+ 'system-level

Re: [PATCH v2 5/7] hw/virtio/virtio-mem: Convert VIRTIO_MEM_USABLE_EXTENT to runtime

[Philippe Mathieu-Daudé]

On 7/3/25 23:39, Philippe Mathieu-Daudé wrote:

Use qemu_arch_available() to check at runtime if a target
architecture is built in.

Consider the maximum extent size of any architecture built in.

Signed-off-by: Philippe Mathieu-Daudé 
---
  hw/virtio/virtio-mem.c | 28 
  1 file changed, 20 insertions(+), 8 deletions(-)




@@ -170,13 +171,24 @@ static bool virtio_mem_has_shared_zeropage(RAMBlock *rb)
   * necessary (as the section size can change). But it's more likely that the
   * section size will rather get smaller and not bigger over time.
   */
-#if defined(TARGET_X86_64) || defined(TARGET_I386) || defined(TARGET_S390X)
-#define VIRTIO_MEM_USABLE_EXTENT (2 * (128 * MiB))
-#elif defined(TARGET_ARM)
-#define VIRTIO_MEM_USABLE_EXTENT (2 * (512 * MiB))
-#else
-#error VIRTIO_MEM_USABLE_EXTENT not defined
-#endif
+static uint64_t virtio_mem_usable_extent_size(void)
+{
+uint64_t size = 0;
+
+assert(qemu_arch_available(QEMU_ARCH_ARM | QEMU_ARCH_I386 | 
QEMU_ARCH_S390X));


I'm not sure this assertion is doing what I thought it'd do.

For example, building with --target-list=aarch64-softmmu,riscv32-softmmu,
this device is now linked in. However, riscv32 machines won't be able
to plug it until they allow TYPE_VIRTIO_MD_PCI in some of their
HotplugHandlerClass handlers. Still I'd like to catch this case here
to avoid bad surprises.


+/*
+ * FIXME: We should use the maximum of instantiated vCPUs ARCH, but
+ *for now it is easier to take the maximum of any ARCH built in.
+ */
+if (qemu_arch_available(QEMU_ARCH_I386 | QEMU_ARCH_S390X)) {
+size = MAX(size, 2 * 128 * MiB);
+}
+if (qemu_arch_available(QEMU_ARCH_ARM)) {
+size = MAX(size, 2 * 512 * MiB);
+}
+
+return size;
+}

Re: [PULL 8/8] migration: Add qtest for migration over RDMA

[Philippe Mathieu-Daudé]

Hi,

On 7/3/25 19:15, Fabiano Rosas wrote:

From: Li Zhijian 

This qtest requires there is a RDMA(RoCE) link in the host.
In order to make the test work smoothly, introduce a
scripts/rdma-migration-helper.sh to
- setup a new Soft-RoCE(aka RXE) if it's root
- detect existing RoCE link

Test will be skipped if there is no available RoCE link.


Is it? Runing as user I'm getting:

  RDMA ERROR: RDMA host is not set!

Apparently called via:

qemu_start_incoming_migration()
  -> rdma_start_incoming_migration()
 -> qemu_rdma_dest_init()


  # Start of rdma tests
  # Running /x86_64/migration/precopy/rdma/plain
  Command 'rdma' is not available, please install it first.
  # To enable the test:
  # (1) Run 'scripts/rdma-migration-helper.sh setup' with root and rerun the 
test
  # or
  # (2) Run the test with root privilege


Could this might be the issue, should we skip if not root, as calling
the script in "detect" mode makes the new_rdma_link() method to succeed.


  #
  ok 1 /x86_64/migration/precopy/rdma/plain # SKIP No rdma link available
  # End of rdma tests

Note: Remove the newly added RXE link by executing 'modprobe -r rdma_rxe'
or by specifying 'clean' within this script.


qtest_add() provides both setup() / teardown() methods.

Test leaving system in different state seems bogus to me.
More even if the information is buried in a commit description...

We shouldn't merge this patch as is IMHO.

Regards,

Phil.


Reviewed-by: Peter Xu 
Signed-off-by: Li Zhijian 
Message-ID: <20250305062825.772629-7-lizhij...@fujitsu.com>
[reformated the message to be under 90 characters]
Signed-off-by: Fabiano Rosas 
---
  MAINTAINERS   |  1 +
  scripts/rdma-migration-helper.sh  | 48 +++
  tests/qtest/migration/precopy-tests.c | 69 +++
  3 files changed, 118 insertions(+)
  create mode 100755 scripts/rdma-migration-helper.sh

diff --git a/MAINTAINERS b/MAINTAINERS
index 5df6020ed5..56e85adcfb 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3517,6 +3517,7 @@ R: Li Zhijian 
  R: Peter Xu 
  S: Odd Fixes
  F: migration/rdma*
+F: scripts/rdma-migration-helper.sh
  
  Migration dirty limit and dirty page rate

  M: Hyman Huang 
diff --git a/scripts/rdma-migration-helper.sh b/scripts/rdma-migration-helper.sh
new file mode 100755
index 00..08e29a52eb
--- /dev/null
+++ b/scripts/rdma-migration-helper.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# Copied from blktests
+get_ipv4_addr()
+{
+ip -4 -o addr show dev "$1" |
+sed -n 's/.*[[:blank:]]inet[[:blank:]]*\([^[:blank:]/]*\).*/\1/p' |
+tr -d '\n'
+}
+
+has_soft_rdma()
+{
+rdma link | grep -q " netdev $1[[:blank:]]*\$"
+}
+
+rdma_rxe_setup_detect()
+{
+(
+cd /sys/class/net &&
+for i in *; do
+[ -e "$i" ] || continue
+[ "$i" = "lo" ] && continue
+[ "$(<"$i/addr_len")" = 6 ] || continue
+[ "$(<"$i/carrier")" = 1 ] || continue
+
+has_soft_rdma "$i" && break
+[ "$operation" = "setup" ] &&
+rdma link add "${i}_rxe" type rxe netdev "$i" && break
+done
+has_soft_rdma "$i" || return
+get_ipv4_addr "$i"
+)
+}
+
+operation=${1:-setup}
+
+command -v rdma >/dev/null || {
+echo "Command 'rdma' is not available, please install it first." >&2
+exit 1
+}
+
+if [ "$operation" == "setup" ] || [ "$operation" == "detect" ]; then
+rdma_rxe_setup_detect
+elif [ "$operation" == "clean" ]; then
+modprobe -r rdma_rxe
+else
+echo "Usage: $0 [setup | detect | clean]"
+fi
diff --git a/tests/qtest/migration/precopy-tests.c 
b/tests/qtest/migration/precopy-tests.c
index ba273d10b9..f1fe34020d 100644
--- a/tests/qtest/migration/precopy-tests.c
+++ b/tests/qtest/migration/precopy-tests.c
@@ -99,6 +99,71 @@ static void test_precopy_unix_dirty_ring(void)
  test_precopy_common(&args);
  }
  
+#ifdef CONFIG_RDMA

+
+#define RDMA_MIGRATION_HELPER "scripts/rdma-migration-helper.sh"
+static int new_rdma_link(char *buffer, bool verbose)
+{
+const char *argument = (geteuid() == 0) ? "setup" : "detect";
+char cmd[1024];
+
+snprintf(cmd, sizeof(cmd), "%s %s %s", RDMA_MIGRATION_HELPER, argument,
+ verbose ? "" : "2>/dev/null");
+
+FILE *pipe = popen(cmd, "r");
+if (pipe == NULL) {
+perror("Failed to run script");
+return -1;
+}
+
+int idx = 0;
+while (fgets(buffer + idx, 128 - idx, pipe) != NULL) {
+idx += strlen(buffer);
+}
+
+int status = pclose(pipe);
+if (status == -1) {
+perror("Error reported by pclose()");
+return -1;
+} else if (WIFEXITED(status)) {
+return WEXITSTATUS(status);
+}
+
+return -1;
+}
+
+static void test_precopy_rdma_plain(void)
+{
+char buffer[128] = {};
+bool verbose = g_getenv("QTEST_LOG");
+
+if (new_rdma_link(buffer, verbose)) {
+g_test_skip("No rdma link available");
+

Re: [PATCH] usb-storage: Allow manually adding SCSI device

[Akihiko Odaki]

On 2025/03/03 21:17, Paolo Bonzini wrote:

On 3/3/25 11:28, Akihiko Odaki wrote:

usb-storage automatically adds a SCSI device, but it limits
configurability of the added SCSI device and causes usability
problems as observed in:
https://gitlab.com/libvirt/libvirt/-/issues/368

Allow manually adding SCSI device when the drive option is not
specified.


I might be misunderstanding what you're doing, but can't you do that 
already with usb-bot?


I wtithdraw this patch.

I wrote patches for libvirt to fix its issue mentioned in the patch 
message according to your suggestion to use usb-bot and it works nicely:

https://lists.libvirt.org/archives/list/de...@lists.libvirt.org/thread/SVXUWW2426H73XBXJXDUMTDJM3YL37QU/

Regards,
Akihiko Odaki



Paolo


Signed-off-by: Akihiko Odaki 
---
  hw/usb/dev-storage-classic.c | 33 -
  1 file changed, 16 insertions(+), 17 deletions(-)

diff --git a/hw/usb/dev-storage-classic.c b/hw/usb/dev-storage-classic.c
index 
56ef39da2e634d1639a07ac4636cdaa000989f5f..33e5a7cfc8bdf3f92b18014e885771aee6d32f5e 100644

--- a/hw/usb/dev-storage-classic.c
+++ b/hw/usb/dev-storage-classic.c
@@ -33,10 +33,9 @@ static void usb_msd_storage_realize(USBDevice *dev, 
Error **errp)

  BlockBackend *blk = s->conf.blk;
  SCSIDevice *scsi_dev;
-    if (!blk) {
-    error_setg(errp, "drive property not set");
-    return;
-    }
+    usb_desc_create_serial(dev);
+    scsi_bus_init(&s->bus, sizeof(s->bus), DEVICE(dev),
+ &usb_msd_scsi_info_storage);
  /*
   * Hack alert: this pretends to be a block device, but it's really
@@ -48,23 +47,23 @@ static void usb_msd_storage_realize(USBDevice 
*dev, Error **errp)

   *
   * The hack is probably a bad idea.
   */
-    blk_ref(blk);
-    blk_detach_dev(blk, DEVICE(s));
-    s->conf.blk = NULL;
+    if (blk) {
+    blk_ref(blk);
+    blk_detach_dev(blk, DEVICE(s));
+    s->conf.blk = NULL;
+
+    scsi_dev = scsi_bus_legacy_add_drive(&s->bus, blk, 0, !!s- 
>removable,
+ &s->conf, dev->serial, 
errp);

+    blk_unref(blk);
+    if (!scsi_dev) {
+    return;
+    }
+    s->scsi_dev = scsi_dev;
+    }
-    usb_desc_create_serial(dev);
  usb_desc_init(dev);
  dev->flags |= (1 << USB_DEV_FLAG_IS_SCSI_STORAGE);
-    scsi_bus_init(&s->bus, sizeof(s->bus), DEVICE(dev),
- &usb_msd_scsi_info_storage);
-    scsi_dev = scsi_bus_legacy_add_drive(&s->bus, blk, 0, !!s- 
>removable,

- &s->conf, dev->serial, errp);
-    blk_unref(blk);
-    if (!scsi_dev) {
-    return;
-    }
  usb_msd_handle_reset(dev);
-    s->scsi_dev = scsi_dev;
  }
  static const Property msd_properties[] = {

---
base-commit: b69801dd6b1eb4d107f7c2f643adf0a4e3ec9124
change-id: 20250301-usb-5dde4bcb1467

Best regards,

Re: [PATCH 15/57] docs/qapi-domain: add "Errors:" field lists

[Markus Armbruster]

John Snow  writes:

> On Fri, Mar 7, 2025 at 2:48 AM Markus Armbruster  wrote:
>
>> John Snow  writes:
>>
>> > ``:error: descr`` can now be used to document error conditions. The
>> > format of the description is not defined here; so the ability to name
>> > specific types is left to the document writer.
>> >
>> > Signed-off-by: John Snow 
>>
>> By convention, the description is a bullet list, but we don't enforce
>> that in software.  Observation, not a suggestion to start enforcing it
>> now.
>>
>
> Right. This commit message is accurate, though: this field list type will
> accept any old thing. I have an idea to fix this to make the aesthetics
> better (fixes the misalignment) and to enforce the bulleted list in one
> shot. Not for this series, sorry. Please accept a raincheck.

You're quite right to resist mission creep.

The commit message could mention the convention, say "The format of the
description is not defined here (we make it a bulleted list, but that's
just convention); ..."  Up to you.

Re: [PATCH 16/57] docs/qapi-domain: add "Returns:" field lists

[Markus Armbruster]

John Snow  writes:

> On Fri, Mar 7, 2025 at 2:58 AM Markus Armbruster  wrote:
>
>> John Snow  writes:
>>
>> > Add "Returns:" field list syntax to QAPI Commands.
>> >
>> > Like "Arguments:" and "Errors:", the type name isn't currently processed
>> > for cross-referencing, but this will be addressed in a forthcoming
>> > commit.
>> >
>> > This patch adds "errors" as a GroupedField, which means that multiple
>>
>> "errors"?
>>
>
> Copy-pasto :)
>
>
>>
>> > return values can be annotated - this is only done because Sphinx does
>> > not seemingly (Maybe I missed it?) support mandatory type arguments to
>> > Ungrouped fields. Because we want to cross-reference this type
>> > information later, we want to make the type argument mandatory. As a
>> > result, you can technically add multiple :return: fields, though I'm not
>> > aware of any circumstance in which you'd need or want
>> > to. Recommendation: "Don't do that, then."
>>
>> scripts/qapi/parser.py rejects duplicate 'Returns:' tags.  So, to do the
>> thing you shouldn't do, you'd have to use the QAPI domain directly.
>> I doubt such shenanigans would survive review :)
>>
>
> Sure, but it's a little weird to be in the headspace of writing a domain
> extension that was based on one which *can* be used directly. I know we
> won't, but I suppose I am still documenting it and treating it as if you
> could.

Valid argument.

Our test suite only covers use via transmogrifier, not direct use.
Fixable.  I'm not asking you to fix it now.

Commit message could mention the emerging new QAPI doc tool chain obeys
"Don't do that, then".  But I figure you have bigger fish to fry.

> More the case, it serves as reference if anyone wants to adjust the
> behavior of the transmogrifier.
>
> So, consider this documentation for me in the future, or whoever touches
> qapidoc if I am felled by an errant spacerock.
>
>
>>
>> > Since this field describes an action/event instead of describing a list
>> > of nouns (arguments, features, errors), I added both the imperative and
>> > indicative forms (:return: and :returns:) to allow doc writers to use
>> > whichever mood "feels right" in the source document. The rendered output
>> > will always use the "Returns:" label, however.
>> >
>> > I'm sure you'll let me know how you feel about that. O:-)
>>
>> My personal taste is imperative mood, always.
>>
>> Sadly, the QAPI schema language uses 'Returns:'.
>>
>> The Sphinx Python Domain appears to use :return:.
>>
>> I recommend to go for consistency with the Python Domain, and ditch
>> :returns:.
>>
>
> Done.

Thanks!  A few instrances of "returns" in later commit messages need
adjustment.

[...]

Re: [PATCH 18/57] docs/qapi-domain: add qapi:alternate directive

[Markus Armbruster]

John Snow  writes:

> On Fri, Mar 7, 2025 at 5:18 AM Markus Armbruster  wrote:
>
>> John Snow  writes:
>>
>> > Add the .. qapi:alternate:: directive, object, and qapi:alt:`name`
>> > cross-reference role.
>> >
>> > Add the "Choices:" field list for describing alternate choices. Like
>> > other field lists that reference QAPI types, a forthcoming commit will
>> > add cross-referencing support to this field.
>>
>> Nothing wrong with the term "choices" per se, but
>> docs/devel/qapi-code-gen.rst and the Python code call these things
>> "alternatives".  I'd prefer consistency.  Could be done as a follow-up
>> if that's more convenient for you.
>>
>
> Done. (Wish you'd said so sooner, though.)

Fair!

[...]

[PATCH v6 00/29] Support AST2700 A1

[Jamin Lin via]

v1:
 1. Refactor INTC model to support both INTC0 and INTC1.
 2. Support AST2700 A1.
 3. Create ast2700a0-evb machine.
 
v2:
  To streamline the review process, split the following patch series into
  three parts.
  
https://patchwork.kernel.org/project/qemu-devel/cover/20250121070424.2465942-1-jamin_...@aspeedtech.com/
  This patch series focuses on cleaning up the INTC model to
  facilitate future support for the INTC_IO model.

v3:
 1. Update and add functional test for AST2700
 2. Add AST2700 INTC design guidance and its block diagram.
 3. Retaining the INTC naming and introducing a new INTCIO model to support the 
AST2700 A1.
 4. Create ast2700a1-evb machine and rename ast2700a0-evb machine
 5. Fix silicon revision issue and support AST2700 A1.

v4:
 1. rework functional test for AST2700
 2. the initial machine "ast2700-evb" is aliased to "ast2700a0-evb.
 3. intc: Reduce regs array size by adding a register sub-region
 4. intc: split patch for Support setting different register sizes
 5. update ast2700a1-evb machine parent to TYPE_ASPEED_MACHINE

v5:
 1. Rename status_addr and addr to status_reg and reg for clarity
 2. Introduce dynamic allocation for regs array
 3. Sort the memmap table by mapping address
 4. ast27x0.c split patch for Support two levels of INTC controllers for 
AST2700 A1
 5. tests/functional/aspped split patch for Introduce start_ast2700_test API
 6. keep variable naming for reviewer suggestion.
 7. Add reviewer suggestion and split patch to make more readable.
 
v6: 
  1. rename reg_size to nr_regs
  2. Fix clean regs size
  3. replace g_malloc with g_new

With the patch applied, QEMU now supports two machines for running AST2700 SoCs:
ast2700a0-evb: Designed for AST2700 A0
ast2700a1-evb: Designed for AST2700 A1

Test information
1. QEMU version: 
https://github.com/qemu/qemu/commit/50d38b8921837827ea397d4b20c8bc5efe186e53
2. ASPEED SDK v09.05 pre-built image
   https://github.com/AspeedTech-BMC/openbmc/releases/tag/v09.05
   ast2700-default-obmc.tar.gz (AST2700 A1)
   
https://github.com/AspeedTech-BMC/openbmc/releases/download/v09.05/ast2700-default-obmc.tar.gz
   ast2700-a0-default-obmc.tar.gz (AST2700 A0)
   
https://github.com/AspeedTech-BMC/openbmc/releases/download/v09.05/ast2700-a0-default-obmc.tar.gz
   
This patch series depends on the following patch series:
https://patchwork.kernel.org/project/qemu-devel/cover/20250304064710.2128993-1-jamin_...@aspeedtech.com/
https://patchwork.kernel.org/project/qemu-devel/cover/20250225075622.305515-1-jamin_...@aspeedtech.com/

Jamin Lin (29):
  hw/intc/aspeed: Support setting different memory size
  hw/intc/aspeed: Rename status_addr and addr to status_reg and reg for
clarity
  hw/intc/aspeed: Introduce dynamic allocation for regs array
  hw/intc/aspeed: Support setting different register size
  hw/intc/aspeed: Reduce regs array size by adding a register sub-region
  hw/intc/aspeed: Introduce helper functions for enable and status
registers
  hw/intc/aspeed: Add object type name to trace events for better
debugging
  hw/arm/aspeed: Rename IRQ table and machine name for AST2700 A0
  hw/arm/aspeed_ast27x0: Sort the IRQ table by IRQ number
  hw/intc/aspeed: Support different memory region ops
  hw/intc/aspeed: Rename num_ints to num_inpins for clarity
  hw/intc/aspeed: Add support for multiple output pins in INTC
  hw/intc/aspeed: Refactor INTC to support separate input and output pin
indices
  hw/intc/aspeed: Introduce AspeedINTCIRQ structure to save the irq
index and register address
  hw/intc/aspeed: Introduce IRQ handler function to reduce code
duplication
  hw/intc/aspeed: Add Support for Multi-Output IRQ Handling
  hw/intc/aspeed: Add Support for AST2700 INTCIO Controller
  hw/misc/aspeed_scu: Add Support for AST2700/AST2750 A1 Silicon
Revisions
  hw/arm/aspeed_ast27x0.c Support AST2700 A1 GIC Interrupt Mapping
  hw/arm/aspeed_ast27x0: Define an Array of AspeedINTCState with Two
Instances
  hw/arm/aspeed_ast27x0: Support two levels of INTC controllers for
AST2700 A1
  hw/arm/aspeed_ast27x0: Add SoC Support for AST2700 A1
  hw/arm/aspeed: Add Machine Support for AST2700 A1
  hw/arm/aspeed_ast27x0: Sort the memmap table by mapping address
  tests/functional/aspeed: Introduce start_ast2700_test API
  tests/functional/aspeed: Update temperature hwmon path
  tests/functional/aspeed: Update test ASPEED SDK v09.05
  tests/functional/aspeed: Add test case for AST2700 A1
  docs/specs: Add aspeed-intc

 docs/specs/aspeed-intc.rst  | 136 +
 docs/specs/index.rst|   1 +
 include/hw/arm/aspeed_soc.h |   3 +-
 include/hw/intc/aspeed_intc.h   |  36 +-
 include/hw/misc/aspeed_scu.h|   2 +
 hw/arm/aspeed.c |  33 +-
 hw/arm/aspeed_ast27x0.c | 329 
 hw/intc/aspeed_intc.c   | 667 ++--
 hw/misc/aspeed_scu.c|   2 +
 hw/intc/trace-events 

Re: [PATCH v3 07/10] vfio/igd: Decouple common quirks from legacy mode

[Tomita Moeko]

On 2025/3/7 6:49, Alex Williamson wrote:
> On Fri,  7 Mar 2025 02:01:27 +0800
> Tomita Moeko  wrote:
> 
>> So far, IGD-specific quirks all require enabling legacy mode, which is
>> toggled by assigning IGD to 00:02.0. However, some quirks, like the BDSM
>> and GGC register quirks, should be applied to all supported IGD devices.
>> A new config option, x-igd-legacy-mode=[on|off|auto], is introduced to
>> control the legacy mode only quirks. The default value is "auto", which
>> keeps current behavior that enables legacy mode implicitly and continues
>> on error when all following conditions are met.
>> * Machine type is i440fx
>> * IGD device is at guest BDF 00:02.0
>>
>> If any one of the conditions above is not met, the default behavior is
>> equivalent to "off", QEMU will fail immediately if any error occurs.
>>
>> Users can also use "on" to force enabling legacy mode. It checks if all
>> the conditions above are met and set up legacy mode. QEMU will also fail
>> immediately on error in this case.
>>
>> Additionally, the hotplug check in legacy mode is removed as hotplugging
>> IGD device is never supported, and it will be checked when enabling the
>> OpRegion quirk.
>>
>> Signed-off-by: Tomita Moeko 
>> ---
>>  hw/vfio/igd.c | 127 +-
>>  hw/vfio/pci.c |   2 +
>>  hw/vfio/pci.h |   1 +
>>  3 files changed, 77 insertions(+), 53 deletions(-)
>>
>> diff --git a/hw/vfio/igd.c b/hw/vfio/igd.c
>> index f5e19f1241..ac096e2eb5 100644
>> --- a/hw/vfio/igd.c
>> +++ b/hw/vfio/igd.c
>> @@ -15,6 +15,7 @@
>>  #include "qemu/error-report.h"
>>  #include "qapi/error.h"
>>  #include "qapi/qmp/qerror.h"
>> +#include "hw/boards.h"
>>  #include "hw/hw.h"
>>  #include "hw/nvram/fw_cfg.h"
>>  #include "pci.h"
>> @@ -432,9 +433,7 @@ void vfio_probe_igd_bar0_quirk(VFIOPCIDevice *vdev, int 
>> nr)
>>   * bus address.
>>   */
>>  if (!vfio_pci_is(vdev, PCI_VENDOR_ID_INTEL, PCI_ANY_ID) ||
>> -!vfio_is_vga(vdev) || nr != 0 ||
>> -&vdev->pdev != pci_find_device(pci_device_root_bus(&vdev->pdev),
>> -   0, PCI_DEVFN(0x2, 0))) {
>> +!vfio_is_vga(vdev) || nr != 0) {
>>  return;
>>  }
>>  
>> @@ -482,14 +481,13 @@ void vfio_probe_igd_bar0_quirk(VFIOPCIDevice *vdev, 
>> int nr)
>>  QLIST_INSERT_HEAD(&vdev->bars[nr].quirks, bdsm_quirk, next);
>>  }
>>  
>> -bool vfio_probe_igd_config_quirk(VFIOPCIDevice *vdev,
>> - Error **errp G_GNUC_UNUSED)
>> +bool vfio_probe_igd_config_quirk(VFIOPCIDevice *vdev, Error **errp)
>>  {
>> -g_autofree struct vfio_region_info *rom = NULL;
>>  int ret, gen;
>>  uint64_t gms_size;
>>  uint64_t *bdsm_size;
>>  uint32_t gmch;
>> +bool legacy_mode_enabled = false;
>>  Error *err = NULL;
>>  
>>  /*
>> @@ -498,9 +496,7 @@ bool vfio_probe_igd_config_quirk(VFIOPCIDevice *vdev,
>>   * PCI bus address.
>>   */
>>  if (!vfio_pci_is(vdev, PCI_VENDOR_ID_INTEL, PCI_ANY_ID) ||
>> -!vfio_is_vga(vdev) ||
>> -&vdev->pdev != pci_find_device(pci_device_root_bus(&vdev->pdev),
>> -   0, PCI_DEVFN(0x2, 0))) {
>> +!vfio_is_vga(vdev)) {
>>  return true;
>>  }
>>  
>> @@ -516,56 +512,67 @@ bool vfio_probe_igd_config_quirk(VFIOPCIDevice *vdev,
>>  return true;
>>  }
>>  
>> -/*
>> - * Most of what we're doing here is to enable the ROM to run, so if
>> - * there's no ROM, there's no point in setting up this quirk.
>> - * NB. We only seem to get BIOS ROMs, so a UEFI VM would need CSM 
>> support.
>> - */
>> -ret = vfio_get_region_info(&vdev->vbasedev,
>> -   VFIO_PCI_ROM_REGION_INDEX, &rom);
>> -if ((ret || !rom->size) && !vdev->pdev.romfile) {
>> -error_report("IGD device %s has no ROM, legacy mode disabled",
>> - vdev->vbasedev.name);
>> -return true;
>> -}
>> -
>> -/*
>> - * Ignore the hotplug corner case, mark the ROM failed, we can't
>> - * create the devices we need for legacy mode in the hotplug scenario.
>> - */
>> -if (vdev->pdev.qdev.hotplugged) {
>> -error_report("IGD device %s hotplugged, ROM disabled, "
>> - "legacy mode disabled", vdev->vbasedev.name);
>> -vdev->rom_read_failed = true;
>> -return true;
>> -}
>> -
>>  gmch = vfio_pci_read_config(&vdev->pdev, IGD_GMCH, 4);
>>  
>>  /*
>> - * If IGD VGA Disable is clear (expected) and VGA is not already 
>> enabled,
>> - * try to enable it.  Probably shouldn't be using legacy mode without 
>> VGA,
>> - * but also no point in us enabling VGA if disabled in hardware.
>> + * For backward compatibilty, enable legacy mode when
>> + * - Machine type is i440fx (pc_piix)
>> + * - IGD device is at guest BDF 00:02.0
>> + * - Not manually disabled by x-igd-legacy-mode=off
>>   */
>> -if (!(gm

Re: [PATCH v2 2/7] hw/hyperv/hyperv.h: header cleanup

[Richard Henderson]

On 3/7/25 11:09, Pierrick Bouvier wrote:

Signed-off-by: Pierrick Bouvier 
---
  include/hw/hyperv/hyperv.h | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/hw/hyperv/hyperv.h b/include/hw/hyperv/hyperv.h
index d717b4e13d4..63a8b65278f 100644
--- a/include/hw/hyperv/hyperv.h
+++ b/include/hw/hyperv/hyperv.h
@@ -10,7 +10,8 @@
  #ifndef HW_HYPERV_HYPERV_H
  #define HW_HYPERV_HYPERV_H
  
-#include "cpu-qom.h"

+#include "exec/hwaddr.h"
+#include "hw/core/cpu.h"


Reviewed-by: Richard Henderson 

r~

RE: [PATCH 14/38] target/hexagon: Add new macro definitions for sysemu

[ltaylorsimpson]

> -Original Message-
> From: Brian Cain 
> Sent: Friday, February 28, 2025 11:26 PM
> To: qemu-devel@nongnu.org
> Cc: brian.c...@oss.qualcomm.com; richard.hender...@linaro.org;
> phi...@linaro.org; quic_mathb...@quicinc.com; a...@rev.ng; a...@rev.ng;
> quic_mlie...@quicinc.com; ltaylorsimp...@gmail.com;
> alex.ben...@linaro.org; quic_mbur...@quicinc.com;
> sidn...@quicinc.com; Brian Cain 
> Subject: [PATCH 14/38] target/hexagon: Add new macro definitions for
> sysemu
> 
> From: Brian Cain 
> 
> Also: add nop TCG overrides for break,unpause,fetchbo,dczeroa

dczeroa is modelled by QEMU.  It writes zero's to the cache line.

> 
> break: this hardware breakpoint instruction is used with the in-silicon
> debugger feature, this is not modeled.
> 
> unpause: this instruction is used to resume hardware threads that are stalled
> by pause instructions.  pause is modeled as a nop, or in RR mode as an
> EXCP_YIELD.  This instruction is safe to ignore.
> 
> Since cache/prefetch functions are not modeled, dczero and fetchbo are
> safe to ignore.

dczero is modelled.

> 
> Signed-off-by: Brian Cain 
> ---
>  target/hexagon/gen_tcg.h|   9 ++
>  target/hexagon/macros.h |  28 -
>  target/hexagon/sys_macros.h | 238
> 
>  target/hexagon/op_helper.c  |   1 +
>  4 files changed, 272 insertions(+), 4 deletions(-)  create mode 100644
> target/hexagon/sys_macros.h
> 
> diff --git a/target/hexagon/gen_tcg.h b/target/hexagon/gen_tcg.h index
> 8a3b801287..71f8a0e2d0 100644
> --- a/target/hexagon/gen_tcg.h
> +++ b/target/hexagon/gen_tcg.h
> @@ -488,6 +488,7 @@
> 
>  /* dczeroa clears the 32 byte cache line at the address given */  #define
> fGEN_TCG_Y2_dczeroa(SHORTCODE) SHORTCODE
> +#define fGEN_TCG_Y2_dczeroa_nt(SHORTCODE) SHORTCODE

Is there a Y2_dczeroa_nt instruction?  If not, remove this.

>  ctx->dczero_addr = tcg_temp_new(); \
>  tcg_gen_mov_tl(ctx->dczero_addr, (REG)); \
>  } while (0)
> +#else
> +#define fDCZEROA(REG) ((void) REG)

This isn't needed because all the instances of fDCZEROA are inside 
QEMU_GENERATE.


>  #endif
> 
> diff --git a/target/hexagon/sys_macros.h b/target/hexagon/sys_macros.h
> new file mode 100644 index 00..3c4c3c7aa5
> --- /dev/null
> +++ b/target/hexagon/sys_macros.h
> +#define READ_SREG(NUM) arch_get_system_reg(env, NUM)
> +#define READ_SGP0()arch_get_system_reg(env, HEX_SREG_SGP0)
> +#define READ_SGP1()arch_get_system_reg(env, HEX_SREG_SGP1)
> +#define READ_SGP10()   ((uint64_t)arch_get_system_reg(env,
> HEX_SREG_SGP0) | \
> +((uint64_t)arch_get_system_reg(env, HEX_SREG_SGP1) << 32))
> +
> +#define WRITE_SREG(NUM, VAL)  log_sreg_write(env, NUM, VAL, slot)
> +#define WRITE_SGP0(VAL)   log_sreg_write(env, HEX_SREG_SGP0,
> VAL, slot)
> +#define WRITE_SGP1(VAL)   log_sreg_write(env, HEX_SREG_SGP1,
> VAL, slot)
> +#define WRITE_SGP10(VAL) \
> +do { \
> +log_sreg_write(env, HEX_SREG_SGP0, (VAL) & 0x, slot); \
> +log_sreg_write(env, HEX_SREG_SGP1, (VAL) >> 32, slot); \
> +} while (0)
> +

READ_SREG and WRITE_SREG look like a hangover for the original generator 
scripts which have been rewritten.  Are they needed?


> +#ifdef QEMU_GENERATE
> +#define GET_SSR_FIELD(RES, FIELD) \
> +GET_FIELD(RES, FIELD, hex_t_sreg[HEX_SREG_SSR]) #else
> +
> +#define GET_SSR_FIELD(FIELD, REGIN) \
> +(uint32_t)GET_FIELD(FIELD, REGIN)
> +#define GET_SYSCFG_FIELD(FIELD, REGIN) \
> +(uint32_t)GET_FIELD(FIELD, REGIN)
> +#define SET_SYSTEM_FIELD(ENV, REG, FIELD, VAL) \
> +do { \
> +uint32_t regval = arch_get_system_reg(ENV, REG); \
> +fINSERT_BITS(regval, reg_field_info[FIELD].width, \
> + reg_field_info[FIELD].offset, (VAL)); \
> +arch_set_system_reg(ENV, REG, regval); \
> +} while (0)
> +#define SET_SSR_FIELD(ENV, FIELD, VAL) \
> +SET_SYSTEM_FIELD(ENV, HEX_SREG_SSR, FIELD, VAL) #define
> +SET_SYSCFG_FIELD(ENV, FIELD, VAL) \
> +SET_SYSTEM_FIELD(ENV, HEX_SREG_SYSCFG, FIELD, VAL)
> +
> +#define CCR_FIELD_SET(ENV, FIELD) \
> +(!!GET_FIELD(FIELD, arch_get_system_reg(ENV, HEX_SREG_CCR)))
> +
> +/*
> + * Direct-to-guest is not implemented yet, continuing would cause
> +unexpected
> + * behavior, so we abort.
> + */
> +#define ASSERT_DIRECT_TO_GUEST_UNSET(ENV, EXCP) \
> +do { \
> +switch (EXCP) { \
> +case HEX_EVENT_TRAP0: \
> +g_assert(!CCR_FIELD_SET(ENV, CCR_GTE)); \
> +break; \
> +case HEX_EVENT_IMPRECISE: \
> +case HEX_EVENT_PRECISE: \
> +case HEX_EVENT_FPTRAP: \
> +g_assert(!CCR_FIELD_SET(ENV, CCR_GEE)); \
> +break; \
> +default: \
> +if ((EXCP) >= HEX_EVENT_INT0) { \
> +g_assert(!CCR_FIELD_SET(ENV, CCR_GIE)); \
> +} \
> +break; \
> +} \
> +} while (0)
> +#endif
> +
> +#define fREAD_ELR() (READ_SREG(HEX_SREG_ELR))
> +
> +#define fLOAD_PHYS(NUM, 

Re: [PATCH 01/14] hw/vfio/common: Include missing 'system/tcg.h' header

[Richard Henderson]

On 3/7/25 10:03, Philippe Mathieu-Daudé wrote:

Always include necessary headers explicitly, to avoid
when refactoring unrelated ones:

   hw/vfio/common.c:1176:45: error: implicit declaration of function 
‘tcg_enabled’;
1176 | tcg_enabled() ? 
DIRTY_CLIENTS_ALL :
 | ^~~

Signed-off-by: Philippe Mathieu-Daudé 
---
  hw/vfio/common.c | 1 +
  1 file changed, 1 insertion(+)


Reviewed-by: Richard Henderson 

r~

[PATCH 10/16] accel/tcg: Build tcg-accel-ops.c once

[Richard Henderson]

Now that tcg-accel-ops.c uses cputlb.h instead of exec-all.h,
it can be built once.

Signed-off-by: Richard Henderson 
---
 accel/tcg/meson.build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/accel/tcg/meson.build b/accel/tcg/meson.build
index 979ce90eb0..70ada21f42 100644
--- a/accel/tcg/meson.build
+++ b/accel/tcg/meson.build
@@ -20,7 +20,6 @@ specific_ss.add_all(when: 'CONFIG_TCG', if_true: 
tcg_specific_ss)
 
 specific_ss.add(when: ['CONFIG_SYSTEM_ONLY', 'CONFIG_TCG'], if_true: files(
   'cputlb.c',
-  'tcg-accel-ops.c',
   'tcg-accel-ops-mttcg.c',
   'tcg-accel-ops-icount.c',
   'tcg-accel-ops-rr.c',
@@ -29,5 +28,6 @@ specific_ss.add(when: ['CONFIG_SYSTEM_ONLY', 'CONFIG_TCG'], 
if_true: files(
 system_ss.add(when: ['CONFIG_TCG'], if_true: files(
   'icount-common.c',
   'monitor.c',
+  'tcg-accel-ops.c',
   'watchpoint.c',
 ))
-- 
2.43.0

[PATCH v8 15/20] arm/virt: Wire up a GED error device for ACPI / GHES

[Mauro Carvalho Chehab]

Adds support to ARM virtualization to allow handling
generic error ACPI Event via GED & error source device.

It is aligned with Linux Kernel patch:
https://lore.kernel.org/lkml/1272350481-27951-8-git-send-email-ying.hu...@intel.com/

Co-authored-by: Mauro Carvalho Chehab 
Co-authored-by: Jonathan Cameron 
Signed-off-by: Jonathan Cameron 
Signed-off-by: Mauro Carvalho Chehab 
Acked-by: Igor Mammedov 
Reviewed-by: Jonathan Cameron 
---
 hw/arm/virt-acpi-build.c |  1 +
 hw/arm/virt.c| 12 +++-
 include/hw/arm/virt.h|  1 +
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 5443615d976d..2bf9118fda55 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -861,6 +861,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, 
VirtMachineState *vms)
 }
 
 acpi_dsdt_add_power_button(scope);
+aml_append(scope, aml_error_device());
 #ifdef CONFIG_TPM
 acpi_dsdt_add_tpm(scope, vms);
 #endif
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 904c698b1406..6fe2c04aaabd 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -687,7 +687,7 @@ static inline DeviceState *create_acpi_ged(VirtMachineState 
*vms)
 DeviceState *dev;
 MachineState *ms = MACHINE(vms);
 int irq = vms->irqmap[VIRT_ACPI_GED];
-uint32_t event = ACPI_GED_PWR_DOWN_EVT;
+uint32_t event = ACPI_GED_PWR_DOWN_EVT | ACPI_GED_ERROR_EVT;
 
 if (ms->ram_slots) {
 event |= ACPI_GED_MEM_HOTPLUG_EVT;
@@ -1019,6 +1019,13 @@ static void virt_powerdown_req(Notifier *n, void *opaque)
 }
 }
 
+static void virt_generic_error_req(Notifier *n, void *opaque)
+{
+VirtMachineState *s = container_of(n, VirtMachineState, 
generic_error_notifier);
+
+acpi_send_event(s->acpi_dev, ACPI_GENERIC_ERROR);
+}
+
 static void create_gpio_keys(char *fdt, DeviceState *pl061_dev,
  uint32_t phandle)
 {
@@ -2413,6 +2420,9 @@ static void machvirt_init(MachineState *machine)
 
 if (has_ged && aarch64 && firmware_loaded && virt_is_acpi_enabled(vms)) {
 vms->acpi_dev = create_acpi_ged(vms);
+vms->generic_error_notifier.notify = virt_generic_error_req;
+notifier_list_add(&acpi_generic_error_notifiers,
+  &vms->generic_error_notifier);
 } else {
 create_gpio_devices(vms, VIRT_GPIO, sysmem);
 }
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index c8e94e6aedc9..f3cf28436770 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -176,6 +176,7 @@ struct VirtMachineState {
 DeviceState *gic;
 DeviceState *acpi_dev;
 Notifier powerdown_notifier;
+Notifier generic_error_notifier;
 PCIBus *bus;
 char *oem_id;
 char *oem_table_id;
-- 
2.48.1

Re: [PATCH v2 3/7] hw/hyperv/vmbus: common compilation unit

[Richard Henderson]

On 3/7/25 11:09, Pierrick Bouvier wrote:

Replace TARGET_PAGE.* by runtime calls.

Signed-off-by: Pierrick Bouvier
---
  hw/hyperv/vmbus.c | 50 +--
  hw/hyperv/meson.build |  2 +-
  2 files changed, 26 insertions(+), 26 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH v2 18/18] hw/rtc: Add Ricoh RS5C372 RTC emulation

[Bernhard Beschow]

Am 4. März 2025 18:53:10 UTC schrieb Bernhard Beschow :
>
>
>Am 23. Februar 2025 11:47:08 UTC schrieb Bernhard Beschow :
>>The implementation just allows Linux to determine date and time.
>>
>>Signed-off-by: Bernhard Beschow 
>>---
>> MAINTAINERS|   2 +
>> hw/rtc/rs5c372.c   | 236 +
>> tests/qtest/rs5c372-test.c |  43 +++
>> hw/rtc/Kconfig |   5 +
>> hw/rtc/meson.build |   1 +
>> hw/rtc/trace-events|   4 +
>> tests/qtest/meson.build|   1 +
>> 7 files changed, 292 insertions(+)
>> create mode 100644 hw/rtc/rs5c372.c
>> create mode 100644 tests/qtest/rs5c372-test.c
>
>Ping for just this patch. I'd like to have it merged for 10.0.

Ping^2 -- just few days left before soft freeze.

AFAICS no open issues and I'd really like to have this RTC merged for 10.0. 
What is holding it back?

Best regards,
Bernhard

>
>Thanks,
>Bernhard
>
>>
>>diff --git a/MAINTAINERS b/MAINTAINERS
>>index 489e426d85..2552cfd65c 100644
>>--- a/MAINTAINERS
>>+++ b/MAINTAINERS
>>@@ -828,10 +828,12 @@ F: hw/arm/imx8mp-evk.c
>> F: hw/arm/fsl-imx8mp.c
>> F: hw/misc/imx8mp_*.c
>> F: hw/pci-host/fsl_imx8m_phy.c
>>+F: hw/rtc/rs5c372.c
>> F: include/hw/arm/fsl-imx8mp.h
>> F: include/hw/misc/imx8mp_*.h
>> F: include/hw/pci-host/fsl_imx8m_phy.h
>> F: pc-bios/imx8mp*
>>+F: tests/qtest/rs5c372-test.c
>> F: docs/system/arm/imx8mp-evk.rst
>> 
>> MPS2 / MPS3
>>diff --git a/hw/rtc/rs5c372.c b/hw/rtc/rs5c372.c
>>new file mode 100644
>>index 00..5542f74085
>>--- /dev/null
>>+++ b/hw/rtc/rs5c372.c
>>@@ -0,0 +1,236 @@
>>+/*
>>+ * Ricoh RS5C372, R222x I2C RTC
>>+ *
>>+ * Copyright (c) 2025 Bernhard Beschow 
>>+ *
>>+ * Based on hw/rtc/ds1338.c
>>+ *
>>+ * SPDX-License-Identifier: GPL-2.0-or-later
>>+ */
>>+
>>+#include "qemu/osdep.h"
>>+#include "hw/i2c/i2c.h"
>>+#include "hw/qdev-properties.h"
>>+#include "hw/resettable.h"
>>+#include "migration/vmstate.h"
>>+#include "qemu/bcd.h"
>>+#include "qom/object.h"
>>+#include "system/rtc.h"
>>+#include "trace.h"
>>+
>>+#define NVRAM_SIZE 0x10
>>+
>>+/* Flags definitions */
>>+#define SECONDS_CH 0x80
>>+#define HOURS_PM   0x20
>>+#define CTRL2_24   0x20
>>+
>>+#define TYPE_RS5C372 "rs5c372"
>>+OBJECT_DECLARE_SIMPLE_TYPE(RS5C372State, RS5C372)
>>+
>>+struct RS5C372State {
>>+I2CSlave parent_obj;
>>+
>>+int64_t offset;
>>+uint8_t wday_offset;
>>+uint8_t nvram[NVRAM_SIZE];
>>+uint8_t ptr;
>>+uint8_t tx_format;
>>+bool addr_byte;
>>+};
>>+
>>+static void capture_current_time(RS5C372State *s)
>>+{
>>+/*
>>+ * Capture the current time into the secondary registers which will be
>>+ * actually read by the data transfer operation.
>>+ */
>>+struct tm now;
>>+qemu_get_timedate(&now, s->offset);
>>+s->nvram[0] = to_bcd(now.tm_sec);
>>+s->nvram[1] = to_bcd(now.tm_min);
>>+if (s->nvram[0xf] & CTRL2_24) {
>>+s->nvram[2] = to_bcd(now.tm_hour);
>>+} else {
>>+int tmp = now.tm_hour;
>>+if (tmp % 12 == 0) {
>>+tmp += 12;
>>+}
>>+if (tmp <= 12) {
>>+s->nvram[2] = to_bcd(tmp);
>>+} else {
>>+s->nvram[2] = HOURS_PM | to_bcd(tmp - 12);
>>+}
>>+}
>>+s->nvram[3] = (now.tm_wday + s->wday_offset) % 7 + 1;
>>+s->nvram[4] = to_bcd(now.tm_mday);
>>+s->nvram[5] = to_bcd(now.tm_mon + 1);
>>+s->nvram[6] = to_bcd(now.tm_year - 100);
>>+}
>>+
>>+static void inc_regptr(RS5C372State *s)
>>+{
>>+s->ptr = (s->ptr + 1) & (NVRAM_SIZE - 1);
>>+}
>>+
>>+static int rs5c372_event(I2CSlave *i2c, enum i2c_event event)
>>+{
>>+RS5C372State *s = RS5C372(i2c);
>>+
>>+switch (event) {
>>+case I2C_START_RECV:
>>+/*
>>+ * In h/w, capture happens on any START condition, not just a
>>+ * START_RECV, but there is no need to actually capture on
>>+ * START_SEND, because the guest can't get at that data
>>+ * without going through a START_RECV which would overwrite it.
>>+ */
>>+capture_current_time(s);
>>+s->ptr = 0xf;
>>+break;
>>+case I2C_START_SEND:
>>+s->addr_byte = true;
>>+break;
>>+default:
>>+break;
>>+}
>>+
>>+return 0;
>>+}
>>+
>>+static uint8_t rs5c372_recv(I2CSlave *i2c)
>>+{
>>+RS5C372State *s = RS5C372(i2c);
>>+uint8_t res;
>>+
>>+res  = s->nvram[s->ptr];
>>+
>>+trace_rs5c372_recv(s->ptr, res);
>>+
>>+inc_regptr(s);
>>+return res;
>>+}
>>+
>>+static int rs5c372_send(I2CSlave *i2c, uint8_t data)
>>+{
>>+RS5C372State *s = RS5C372(i2c);
>>+
>>+if (s->addr_byte) {
>>+s->ptr = data >> 4;
>>+s->tx_format = data & 0xf;
>>+s->addr_byte = false;
>>+return 0;
>>+}
>>+
>>+trace_rs5c372_send(s->ptr, data);
>>+
>>+if (s->ptr < 7) {
>>+/* Time register. */
>>+struct tm now;
>>+qemu_get_timedate(&now, s->offset);
>>+switch (s->ptr) {
>>+case 0:
>>+  

[PATCH v8 11/20] acpi/generic_event_device: Update GHES migration to cover hest addr

[Mauro Carvalho Chehab]

The GHES migration logic should now support HEST table location too.

Signed-off-by: Mauro Carvalho Chehab 
Reviewed-by: Jonathan Cameron 
Reviewed-by: Igor Mammedov 
---
 hw/acpi/generic_event_device.c | 29 +
 1 file changed, 29 insertions(+)

diff --git a/hw/acpi/generic_event_device.c b/hw/acpi/generic_event_device.c
index c85d97ca3776..5346cae573b7 100644
--- a/hw/acpi/generic_event_device.c
+++ b/hw/acpi/generic_event_device.c
@@ -386,6 +386,34 @@ static const VMStateDescription vmstate_ghes_state = {
 }
 };
 
+static const VMStateDescription vmstate_hest = {
+.name = "acpi-hest",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (const VMStateField[]) {
+VMSTATE_UINT64(hest_addr_le, AcpiGhesState),
+VMSTATE_END_OF_LIST()
+},
+};
+
+static bool hest_needed(void *opaque)
+{
+AcpiGedState *s = opaque;
+return s->ghes_state.hest_addr_le;
+}
+
+static const VMStateDescription vmstate_hest_state = {
+.name = "acpi-ged/hest",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = hest_needed,
+.fields = (const VMStateField[]) {
+VMSTATE_STRUCT(ghes_state, AcpiGedState, 1,
+   vmstate_hest, AcpiGhesState),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static const VMStateDescription vmstate_acpi_ged = {
 .name = "acpi-ged",
 .version_id = 1,
@@ -398,6 +426,7 @@ static const VMStateDescription vmstate_acpi_ged = {
 &vmstate_memhp_state,
 &vmstate_cpuhp_state,
 &vmstate_ghes_state,
+&vmstate_hest_state,
 NULL
 }
 };
-- 
2.48.1

Re: [PATCH 10/16] accel/tcg: Build tcg-accel-ops.c once

[Pierrick Bouvier]

On 3/7/25 10:56, Richard Henderson wrote:

Now that tcg-accel-ops.c uses cputlb.h instead of exec-all.h,
it can be built once.

Signed-off-by: Richard Henderson 
---
  accel/tcg/meson.build | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/accel/tcg/meson.build b/accel/tcg/meson.build
index 979ce90eb0..70ada21f42 100644
--- a/accel/tcg/meson.build
+++ b/accel/tcg/meson.build
@@ -20,7 +20,6 @@ specific_ss.add_all(when: 'CONFIG_TCG', if_true: 
tcg_specific_ss)
  
  specific_ss.add(when: ['CONFIG_SYSTEM_ONLY', 'CONFIG_TCG'], if_true: files(

'cputlb.c',
-  'tcg-accel-ops.c',
'tcg-accel-ops-mttcg.c',
'tcg-accel-ops-icount.c',
'tcg-accel-ops-rr.c',
@@ -29,5 +28,6 @@ specific_ss.add(when: ['CONFIG_SYSTEM_ONLY', 'CONFIG_TCG'], 
if_true: files(
  system_ss.add(when: ['CONFIG_TCG'], if_true: files(
'icount-common.c',
'monitor.c',
+  'tcg-accel-ops.c',
'watchpoint.c',
  ))


Reviewed-by: Pierrick Bouvier 

Re: [PATCH v2 4/7] hw/hyperv/hyperv-proto: move SYNDBG definition from target/i386

[Richard Henderson]

On 3/7/25 11:10, Pierrick Bouvier wrote:

Allows them to be available for common compilation units.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Pierrick Bouvier 
---
  include/hw/hyperv/hyperv-proto.h | 12 
  target/i386/kvm/hyperv-proto.h   | 12 
  2 files changed, 12 insertions(+), 12 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH v2 6/7] hw/hyperv/balloon: common balloon compilation units

[Richard Henderson]

On 3/7/25 11:10, Pierrick Bouvier wrote:

Signed-off-by: Pierrick Bouvier
---
  hw/hyperv/meson.build | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Richard Henderson 

r~

Re: [PATCH v2 7/7] hw/hyperv/hyperv_testdev: common compilation unit

[Richard Henderson]

On 3/7/25 11:10, Pierrick Bouvier wrote:

Signed-off-by: Pierrick Bouvier 
---
  hw/hyperv/meson.build | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/hyperv/meson.build b/hw/hyperv/meson.build
index 5acd709bdd5..ef5a596c8ab 100644
--- a/hw/hyperv/meson.build
+++ b/hw/hyperv/meson.build
@@ -1,5 +1,5 @@
  specific_ss.add(when: 'CONFIG_HYPERV', if_true: files('hyperv.c'))
-specific_ss.add(when: 'CONFIG_HYPERV_TESTDEV', if_true: 
files('hyperv_testdev.c'))
+system_ss.add(when: 'CONFIG_HYPERV_TESTDEV', if_true: 
files('hyperv_testdev.c'))
  system_ss.add(when: 'CONFIG_VMBUS', if_true: files('vmbus.c'))
  system_ss.add(when: 'CONFIG_SYNDBG', if_true: files('syndbg.c'))
  system_ss.add(when: 'CONFIG_HV_BALLOON', if_true: files('hv-balloon.c', 
'hv-balloon-page_range_tree.c', 'hv-balloon-our_range_memslots.c'))


Reviewed-by: Richard Henderson 

r~

[PATCH v3 1/7] hw/hyperv/hv-balloon-stub: common compilation unit

[Pierrick Bouvier]

Reviewed-by: Richard Henderson 
Signed-off-by: Pierrick Bouvier 
---
 hw/hyperv/meson.build | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/hyperv/meson.build b/hw/hyperv/meson.build
index d3d2668c71a..f4aa0a5ada9 100644
--- a/hw/hyperv/meson.build
+++ b/hw/hyperv/meson.build
@@ -2,4 +2,5 @@ specific_ss.add(when: 'CONFIG_HYPERV', if_true: 
files('hyperv.c'))
 specific_ss.add(when: 'CONFIG_HYPERV_TESTDEV', if_true: 
files('hyperv_testdev.c'))
 specific_ss.add(when: 'CONFIG_VMBUS', if_true: files('vmbus.c'))
 specific_ss.add(when: 'CONFIG_SYNDBG', if_true: files('syndbg.c'))
-specific_ss.add(when: 'CONFIG_HV_BALLOON', if_true: files('hv-balloon.c', 
'hv-balloon-page_range_tree.c', 'hv-balloon-our_range_memslots.c'), if_false: 
files('hv-balloon-stub.c'))
+specific_ss.add(when: 'CONFIG_HV_BALLOON', if_true: files('hv-balloon.c', 
'hv-balloon-page_range_tree.c', 'hv-balloon-our_range_memslots.c'))
+system_ss.add(when: 'CONFIG_HV_BALLOON', if_false: files('hv-balloon-stub.c'))
-- 
2.39.5

Re: [PATCH v2 5/7] hw/hyperv/syndbg: common compilation unit

[Pierrick Bouvier]

On 3/7/25 11:10, Pierrick Bouvier wrote:

Replace TARGET_PAGE.* by runtime calls

Signed-off-by: Pierrick Bouvier 
---
  hw/hyperv/syndbg.c| 10 +++---
  hw/hyperv/meson.build |  2 +-
  2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/hw/hyperv/syndbg.c b/hw/hyperv/syndbg.c
index d3e39170772..ee91266c070 100644
--- a/hw/hyperv/syndbg.c
+++ b/hw/hyperv/syndbg.c
@@ -14,7 +14,7 @@
  #include "migration/vmstate.h"
  #include "hw/qdev-properties.h"
  #include "hw/loader.h"
-#include "cpu.h"
+#include "exec/target_page.h"
  #include "hw/hyperv/hyperv.h"
  #include "hw/hyperv/vmbus-bridge.h"
  #include "hw/hyperv/hyperv-proto.h"
@@ -183,12 +183,14 @@ static bool create_udp_pkt(HvSynDbg *syndbg, void *pkt, 
uint32_t pkt_len,
  return true;
  }
  
+#define MSG_BUFSZ 4096

+
  static uint16_t handle_recv_msg(HvSynDbg *syndbg, uint64_t outgpa,
  uint32_t count, bool is_raw, uint32_t options,
  uint64_t timeout, uint32_t *retrieved_count)
  {
  uint16_t ret;
-uint8_t data_buf[TARGET_PAGE_SIZE - UDP_PKT_HEADER_SIZE];
+uint8_t data_buf[MSG_BUFSZ];
  hwaddr out_len;
  void *out_data;
  ssize_t recv_byte_count;
@@ -201,7 +203,7 @@ static uint16_t handle_recv_msg(HvSynDbg *syndbg, uint64_t 
outgpa,
  recv_byte_count = 0;
  } else {
  recv_byte_count = recv(syndbg->socket, data_buf,
-   MIN(sizeof(data_buf), count), MSG_WAITALL);
+   MIN(MSG_BUFSZ, count), MSG_WAITALL);
  if (recv_byte_count == -1) {
  return HV_STATUS_INVALID_PARAMETER;
  }
@@ -374,6 +376,8 @@ static const Property hv_syndbg_properties[] = {
  
  static void hv_syndbg_class_init(ObjectClass *klass, void *data)

  {
+g_assert(MSG_BUFSZ > qemu_target_page_size());
+


Should be >= here.


  DeviceClass *dc = DEVICE_CLASS(klass);
  
  device_class_set_props(dc, hv_syndbg_properties);

diff --git a/hw/hyperv/meson.build b/hw/hyperv/meson.build
index c855fdcf04c..a9f2045a9af 100644
--- a/hw/hyperv/meson.build
+++ b/hw/hyperv/meson.build
@@ -1,6 +1,6 @@
  specific_ss.add(when: 'CONFIG_HYPERV', if_true: files('hyperv.c'))
  specific_ss.add(when: 'CONFIG_HYPERV_TESTDEV', if_true: 
files('hyperv_testdev.c'))
  system_ss.add(when: 'CONFIG_VMBUS', if_true: files('vmbus.c'))
-specific_ss.add(when: 'CONFIG_SYNDBG', if_true: files('syndbg.c'))
+system_ss.add(when: 'CONFIG_SYNDBG', if_true: files('syndbg.c'))
  specific_ss.add(when: 'CONFIG_HV_BALLOON', if_true: files('hv-balloon.c', 
'hv-balloon-page_range_tree.c', 'hv-balloon-our_range_memslots.c'))
  system_ss.add(when: 'CONFIG_HV_BALLOON', if_false: files('hv-balloon-stub.c'))

[PATCH v2 03/14] target/i386/hvf: provide and use handle_io in emul_ops

[Wei Liu]

This drops the calls to hvf_handle_io from x86_emu.c.

Signed-off-by: Wei Liu 
---
 target/i386/hvf/hvf.c |  1 +
 target/i386/hvf/x86_emu.c | 29 +++--
 target/i386/hvf/x86_emu.h |  2 ++
 3 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index 03456ffbc705..7da03f9c0811 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -245,6 +245,7 @@ static void hvf_read_mem(CPUState *cpu, void *data, 
target_ulong gva, int bytes)
 static const struct x86_emul_ops hvf_x86_emul_ops = {
 .read_mem = hvf_read_mem,
 .read_segment_descriptor = hvf_read_segment_descriptor,
+.handle_io = hvf_handle_io,
 };
 
 int hvf_arch_init_vcpu(CPUState *cpu)
diff --git a/target/i386/hvf/x86_emu.c b/target/i386/hvf/x86_emu.c
index c15b5a7ca850..7b01ccde5d3e 100644
--- a/target/i386/hvf/x86_emu.c
+++ b/target/i386/hvf/x86_emu.c
@@ -396,18 +396,18 @@ static void exec_out(CPUX86State *env, struct x86_decode 
*decode)
 {
 switch (decode->opcode[0]) {
 case 0xe6:
-hvf_handle_io(env_cpu(env), decode->op[0].val, &AL(env), 1, 1, 1);
+emul_ops->handle_io(env_cpu(env), decode->op[0].val, &AL(env), 1, 1, 
1);
 break;
 case 0xe7:
-hvf_handle_io(env_cpu(env), decode->op[0].val, &RAX(env), 1,
-  decode->operand_size, 1);
+emul_ops->handle_io(env_cpu(env), decode->op[0].val, &RAX(env), 1,
+decode->operand_size, 1);
 break;
 case 0xee:
-hvf_handle_io(env_cpu(env), DX(env), &AL(env), 1, 1, 1);
+emul_ops->handle_io(env_cpu(env), DX(env), &AL(env), 1, 1, 1);
 break;
 case 0xef:
-hvf_handle_io(env_cpu(env), DX(env), &RAX(env), 1,
-  decode->operand_size, 1);
+emul_ops->handle_io(env_cpu(env), DX(env), &RAX(env), 1,
+decode->operand_size, 1);
 break;
 default:
 VM_PANIC("Bad out opcode\n");
@@ -421,10 +421,10 @@ static void exec_in(CPUX86State *env, struct x86_decode 
*decode)
 target_ulong val = 0;
 switch (decode->opcode[0]) {
 case 0xe4:
-hvf_handle_io(env_cpu(env), decode->op[0].val, &AL(env), 0, 1, 1);
+emul_ops->handle_io(env_cpu(env), decode->op[0].val, &AL(env), 0, 1, 
1);
 break;
 case 0xe5:
-hvf_handle_io(env_cpu(env), decode->op[0].val, &val, 0,
+emul_ops->handle_io(env_cpu(env), decode->op[0].val, &val, 0,
   decode->operand_size, 1);
 if (decode->operand_size == 2) {
 AX(env) = val;
@@ -433,10 +433,11 @@ static void exec_in(CPUX86State *env, struct x86_decode 
*decode)
 }
 break;
 case 0xec:
-hvf_handle_io(env_cpu(env), DX(env), &AL(env), 0, 1, 1);
+emul_ops->handle_io(env_cpu(env), DX(env), &AL(env), 0, 1, 1);
 break;
 case 0xed:
-hvf_handle_io(env_cpu(env), DX(env), &val, 0, decode->operand_size, 1);
+emul_ops->handle_io(env_cpu(env), DX(env), &val, 0,
+decode->operand_size, 1);
 if (decode->operand_size == 2) {
 AX(env) = val;
 } else {
@@ -486,8 +487,8 @@ static void exec_ins_single(CPUX86State *env, struct 
x86_decode *decode)
 target_ulong addr = linear_addr_size(env_cpu(env), RDI(env),
  decode->addressing_size, R_ES);
 
-hvf_handle_io(env_cpu(env), DX(env), env->hvf_mmio_buf, 0,
-  decode->operand_size, 1);
+emul_ops->handle_io(env_cpu(env), DX(env), env->hvf_mmio_buf, 0,
+decode->operand_size, 1);
 vmx_write_mem(env_cpu(env), addr, env->hvf_mmio_buf,
   decode->operand_size);
 
@@ -511,8 +512,8 @@ static void exec_outs_single(CPUX86State *env, struct 
x86_decode *decode)
 
 vmx_read_mem(env_cpu(env), env->hvf_mmio_buf, addr,
  decode->operand_size);
-hvf_handle_io(env_cpu(env), DX(env), env->hvf_mmio_buf, 1,
-  decode->operand_size, 1);
+emul_ops->handle_io(env_cpu(env), DX(env), env->hvf_mmio_buf, 1,
+decode->operand_size, 1);
 
 string_increment_reg(env, R_ESI, decode);
 }
diff --git a/target/i386/hvf/x86_emu.h b/target/i386/hvf/x86_emu.h
index 1422d06ea184..40cc786694e1 100644
--- a/target/i386/hvf/x86_emu.h
+++ b/target/i386/hvf/x86_emu.h
@@ -27,6 +27,8 @@ struct x86_emul_ops {
 void (*read_mem)(CPUState *cpu, void *data, target_ulong addr, int bytes);
 void (*read_segment_descriptor)(CPUState *cpu, struct 
x86_segment_descriptor *desc,
 enum X86Seg seg);
+void (*handle_io)(CPUState *cpu, uint16_t port, void *data, int direction,
+  int size, int count);
 };
 
 extern const struct x86_emul_ops *emul_ops;
-- 
2.47.2

Re: [PATCH 14/16] include/exec: Split out helper-getpc.h

[Philippe Mathieu-Daudé]

On 7/3/25 23:00, Philippe Mathieu-Daudé wrote:

On 7/3/25 19:56, Richard Henderson wrote:

Split out GETPC and GETPC_ADJ to a target-independent header.

Signed-off-by: Richard Henderson 
---
  include/exec/exec-all.h | 19 +--
  include/exec/helper-getpc.h | 31 +++
  2 files changed, 32 insertions(+), 18 deletions(-)
  create mode 100644 include/exec/helper-getpc.h


Preferably include/accel/tcg/getpc.h or similar


Also these should be guarded for CONFIG_TCG IMHO, similar to
include/exec/cpu_ldst.h:

  #ifndef CONFIG_TCG
  #error Can only include this header with TCG
  #endif

If cleanups are required, I can deal with them later.


otherwise:

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 

Re: [PATCH v4 0/7] hw/hyperv: remove duplication compilation units

[Philippe Mathieu-Daudé]

Hi Maciej,

On 7/3/25 22:56, Pierrick Bouvier wrote:

Work towards having a single binary, by removing duplicated object files.



Pierrick Bouvier (7):
   hw/hyperv/hv-balloon-stub: common compilation unit
   hw/hyperv/hyperv.h: header cleanup
   hw/hyperv/vmbus: common compilation unit
   hw/hyperv/hyperv-proto: move SYNDBG definition from target/i386
   hw/hyperv/syndbg: common compilation unit
   hw/hyperv/balloon: common balloon compilation units
   hw/hyperv/hyperv_testdev: common compilation unit


If you are happy with this series and provide your Ack-by tag,
I can take it in my next hw-misc pull request if that helps.

Regards,

Phil.

Re: [PATCH v4 0/7] hw/hyperv: remove duplication compilation units

[Maciej S. Szmigiero]

Hi Philippe,

On 7.03.2025 23:25, Philippe Mathieu-Daudé wrote:

Hi Maciej,

On 7/3/25 22:56, Pierrick Bouvier wrote:

Work towards having a single binary, by removing duplicated object files.



Pierrick Bouvier (7):
   hw/hyperv/hv-balloon-stub: common compilation unit
   hw/hyperv/hyperv.h: header cleanup
   hw/hyperv/vmbus: common compilation unit
   hw/hyperv/hyperv-proto: move SYNDBG definition from target/i386
   hw/hyperv/syndbg: common compilation unit
   hw/hyperv/balloon: common balloon compilation units
   hw/hyperv/hyperv_testdev: common compilation unit


If you are happy with this series and provide your Ack-by tag,
I can take it in my next hw-misc pull request if that helps.


There's nothing obviously wrong in the patch set,
but if we can defer this to Monday then I could do
a runtime check with a Windows VM too.


Regards,

Phil.


Thanks,
Maciej

[PATCH 5/5] aio-posix: Separate AioPolledEvent per AioHandler

[Kevin Wolf]

Adaptive polling has a big problem: It doesn't consider that an event
loop can wait for many different events that may have very different
typical latencies.

For example, think of a guest that tends to send a new I/O request soon
after the previous I/O request completes, but the storage on the host is
rather slow. In this case, getting the new request from guest quickly
means that polling is enabled, but the next thing is performing the I/O
request on the backend, which is slow and disables polling again for the
next guest request. This means that in such a scenario, polling could
help for every other event, but is only ever enabled when it can't
succeed.

In order to fix this, keep a separate AioPolledEvent for each
AioHandler. We will then know that the backend file descriptor always
has a high latency and isn't worth polling for, but we also know that
the guest is always fast and we should poll for it. This solves at least
half of the problem, we can now keep polling for those cases where it
makes sense and get the improved performance from it.

Since the event loop doesn't know which event will be next, we still do
some unnecessary polling while we're waiting for the slow disk. I made
some attempts to be more clever than just randomly growing and shrinking
the polling time, and even to let callers be explicit about when they
expect a new event, but so far this hasn't resulted in improved
performance or even caused performance regressions. For now, let's just
fix the part that is easy enough to fix, we can revisit the rest later.

Signed-off-by: Kevin Wolf 
---
 include/block/aio.h |  1 -
 util/aio-posix.h|  1 +
 util/aio-posix.c| 24 +---
 util/async.c|  2 --
 4 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/include/block/aio.h b/include/block/aio.h
index 49f46e01cb..0ef7ce48e3 100644
--- a/include/block/aio.h
+++ b/include/block/aio.h
@@ -233,7 +233,6 @@ struct AioContext {
 int poll_disable_cnt;
 
 /* Polling mode parameters */
-AioPolledEvent poll;
 int64_t poll_max_ns;/* maximum polling time in nanoseconds */
 int64_t poll_grow;  /* polling time growth factor */
 int64_t poll_shrink;/* polling time shrink factor */
diff --git a/util/aio-posix.h b/util/aio-posix.h
index 4264c518be..82a0201ea4 100644
--- a/util/aio-posix.h
+++ b/util/aio-posix.h
@@ -38,6 +38,7 @@ struct AioHandler {
 #endif
 int64_t poll_idle_timeout; /* when to stop userspace polling */
 bool poll_ready; /* has polling detected an event? */
+AioPolledEvent poll;
 };
 
 /* Add a handler to a ready list */
diff --git a/util/aio-posix.c b/util/aio-posix.c
index 259827c7ad..2251871c61 100644
--- a/util/aio-posix.c
+++ b/util/aio-posix.c
@@ -579,13 +579,19 @@ static bool run_poll_handlers(AioContext *ctx, 
AioHandlerList *ready_list,
 static bool try_poll_mode(AioContext *ctx, AioHandlerList *ready_list,
   int64_t *timeout)
 {
+AioHandler *node;
 int64_t max_ns;
 
 if (QLIST_EMPTY_RCU(&ctx->poll_aio_handlers)) {
 return false;
 }
 
-max_ns = qemu_soonest_timeout(*timeout, ctx->poll.ns);
+max_ns = 0;
+QLIST_FOREACH(node, &ctx->poll_aio_handlers, node_poll) {
+max_ns = MAX(max_ns, node->poll.ns);
+}
+max_ns = qemu_soonest_timeout(*timeout, max_ns);
+
 if (max_ns && !ctx->fdmon_ops->need_wait(ctx)) {
 /*
  * Enable poll mode. It pairs with the poll_set_started() in
@@ -721,8 +727,14 @@ bool aio_poll(AioContext *ctx, bool blocking)
 
 /* Adjust polling time */
 if (ctx->poll_max_ns) {
+AioHandler *node;
 int64_t block_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME) - start;
-adjust_polling_time(ctx, &ctx->poll, block_ns);
+
+QLIST_FOREACH(node, &ctx->poll_aio_handlers, node_poll) {
+if (QLIST_IS_INSERTED(node, node_ready)) {
+adjust_polling_time(ctx, &node->poll, block_ns);
+}
+}
 }
 
 progress |= aio_bh_poll(ctx);
@@ -772,10 +784,16 @@ void aio_context_use_g_source(AioContext *ctx)
 void aio_context_set_poll_params(AioContext *ctx, int64_t max_ns,
  int64_t grow, int64_t shrink, Error **errp)
 {
+AioHandler *node;
+
 /* No thread synchronization here, it doesn't matter if an incorrect value
  * is used once.
  */
-ctx->poll.ns = 0;
+qemu_lockcnt_inc(&ctx->list_lock);
+QLIST_FOREACH(node, &ctx->aio_handlers, node) {
+node->poll.ns = 0;
+}
+qemu_lockcnt_dec(&ctx->list_lock);
 
 ctx->poll_max_ns = max_ns;
 ctx->poll_grow = grow;
diff --git a/util/async.c b/util/async.c
index 38667ea091..4124a948fd 100644
--- a/util/async.c
+++ b/util/async.c
@@ -609,8 +609,6 @@ AioContext *aio_context_new(Error **errp)
 qemu_rec_mutex_init(&ctx->lock);
 timerlistgroup_init(&ctx->tlg, aio_timerlist_notify, ctx);
 
-ctx->poll.ns = 0;
-
 ctx->poll_max_ns = 0;
 ctx->poll_grow = 0

[PATCH v4 7/7] hw/hyperv/hyperv_testdev: common compilation unit

[Pierrick Bouvier]

Reviewed-by: Richard Henderson 
Signed-off-by: Pierrick Bouvier 
---
 hw/hyperv/meson.build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/hyperv/meson.build b/hw/hyperv/meson.build
index 5acd709bdd5..ef5a596c8ab 100644
--- a/hw/hyperv/meson.build
+++ b/hw/hyperv/meson.build
@@ -1,5 +1,5 @@
 specific_ss.add(when: 'CONFIG_HYPERV', if_true: files('hyperv.c'))
-specific_ss.add(when: 'CONFIG_HYPERV_TESTDEV', if_true: 
files('hyperv_testdev.c'))
+system_ss.add(when: 'CONFIG_HYPERV_TESTDEV', if_true: 
files('hyperv_testdev.c'))
 system_ss.add(when: 'CONFIG_VMBUS', if_true: files('vmbus.c'))
 system_ss.add(when: 'CONFIG_SYNDBG', if_true: files('syndbg.c'))
 system_ss.add(when: 'CONFIG_HV_BALLOON', if_true: files('hv-balloon.c', 
'hv-balloon-page_range_tree.c', 'hv-balloon-our_range_memslots.c'))
-- 
2.39.5

Re: [PATCH v4 0/7] hw/hyperv: remove duplication compilation units

[Pierrick Bouvier]

On 3/7/25 14:06, Philippe Mathieu-Daudé wrote:

On 7/3/25 22:56, Pierrick Bouvier wrote:

Work towards having a single binary, by removing duplicated object files.

hw/hyperv/hyperv.c was excluded at this time, because it depends on target
dependent symbols:
- from system/kvm.h
  - kvm_check_extension
  - kvm_vm_ioctl


Bug, these should be declared outside of COMPILING_PER_TARGET.



Yes, I noticed you solved it this way on one of your series.
In the end, since QEMU does not have any specific boundaries between 
subsystems (i.e. no proper libraries with private/public symbols), we 
are mostly free to include any symbol we see in an header as long as it 
does not use a target dependent type which changes the signature.



- from exec/cpu-all.h | memory_ldst_phys.h.inc
  - ldq_phys


Yeah, not an easy one.

Re: [PATCH v4 0/7] hw/hyperv: remove duplication compilation units

[Philippe Mathieu-Daudé]

On 7/3/25 23:31, Maciej S. Szmigiero wrote:

Hi Philippe,

On 7.03.2025 23:25, Philippe Mathieu-Daudé wrote:

Hi Maciej,

On 7/3/25 22:56, Pierrick Bouvier wrote:
Work towards having a single binary, by removing duplicated object 
files.



Pierrick Bouvier (7):
   hw/hyperv/hv-balloon-stub: common compilation unit
   hw/hyperv/hyperv.h: header cleanup
   hw/hyperv/vmbus: common compilation unit
   hw/hyperv/hyperv-proto: move SYNDBG definition from target/i386
   hw/hyperv/syndbg: common compilation unit
   hw/hyperv/balloon: common balloon compilation units
   hw/hyperv/hyperv_testdev: common compilation unit


If you are happy with this series and provide your Ack-by tag,
I can take it in my next hw-misc pull request if that helps.


There's nothing obviously wrong in the patch set,
but if we can defer this to Monday then I could do
a runtime check with a Windows VM too.


Thanks, no rush on my side :)

[PATCH v2 6/7] hw/virtio/virtio-mem: Convert VIRTIO_MEM_HAS_LEGACY_GUESTS to runtime

[Philippe Mathieu-Daudé]

Use qemu_arch_available() to check at runtime if a target
architecture is built in.
Register virtio_mem_legacy_guests_properties[] at runtime.
Code churn in virtio_mem_device_realize() is due to re-indentation.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: David Hildenbrand 
---
 hw/virtio/virtio-mem.c | 61 ++
 1 file changed, 32 insertions(+), 29 deletions(-)

diff --git a/hw/virtio/virtio-mem.c b/hw/virtio/virtio-mem.c
index 6ff9dab0f66..5288fe597b3 100644
--- a/hw/virtio/virtio-mem.c
+++ b/hw/virtio/virtio-mem.c
@@ -38,9 +38,10 @@ static const VMStateDescription 
vmstate_virtio_mem_device_early;
  * We only had legacy x86 guests that did not support
  * VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE. Other targets don't have legacy guests.
  */
-#if defined(TARGET_X86_64) || defined(TARGET_I386)
-#define VIRTIO_MEM_HAS_LEGACY_GUESTS
-#endif
+static bool virtio_mem_has_legacy_guests(void)
+{
+return qemu_arch_available(QEMU_ARCH_I386);
+}
 
 /*
  * Let's not allow blocks smaller than 1 MiB, for example, to keep the tracking
@@ -144,7 +145,6 @@ static uint64_t virtio_mem_default_block_size(RAMBlock *rb)
 return MAX(page_size, VIRTIO_MEM_MIN_BLOCK_SIZE);
 }
 
-#if defined(VIRTIO_MEM_HAS_LEGACY_GUESTS)
 static bool virtio_mem_has_shared_zeropage(RAMBlock *rb)
 {
 /*
@@ -155,7 +155,6 @@ static bool virtio_mem_has_shared_zeropage(RAMBlock *rb)
 return !qemu_ram_is_shared(rb) && qemu_ram_get_fd(rb) < 0 &&
qemu_ram_pagesize(rb) == qemu_real_host_page_size();
 }
-#endif /* VIRTIO_MEM_HAS_LEGACY_GUESTS */
 
 /*
  * Size the usable region bigger than the requested size if possible. Esp.
@@ -1009,28 +1008,28 @@ static void virtio_mem_device_realize(DeviceState *dev, 
Error **errp)
 rb = vmem->memdev->mr.ram_block;
 page_size = qemu_ram_pagesize(rb);
 
-#if defined(VIRTIO_MEM_HAS_LEGACY_GUESTS)
-switch (vmem->unplugged_inaccessible) {
-case ON_OFF_AUTO_AUTO:
-if (virtio_mem_has_shared_zeropage(rb)) {
-vmem->unplugged_inaccessible = ON_OFF_AUTO_OFF;
-} else {
-vmem->unplugged_inaccessible = ON_OFF_AUTO_ON;
+if (virtio_mem_has_legacy_guests()) {
+switch (vmem->unplugged_inaccessible) {
+case ON_OFF_AUTO_AUTO:
+if (virtio_mem_has_shared_zeropage(rb)) {
+vmem->unplugged_inaccessible = ON_OFF_AUTO_OFF;
+} else {
+vmem->unplugged_inaccessible = ON_OFF_AUTO_ON;
+}
+break;
+case ON_OFF_AUTO_OFF:
+if (!virtio_mem_has_shared_zeropage(rb)) {
+warn_report("'%s' property set to 'off' with a memdev that 
does"
+" not support the shared zeropage.",
+VIRTIO_MEM_UNPLUGGED_INACCESSIBLE_PROP);
+}
+break;
+default:
+break;
 }
-break;
-case ON_OFF_AUTO_OFF:
-if (!virtio_mem_has_shared_zeropage(rb)) {
-warn_report("'%s' property set to 'off' with a memdev that does"
-" not support the shared zeropage.",
-VIRTIO_MEM_UNPLUGGED_INACCESSIBLE_PROP);
-}
-break;
-default:
-break;
+} else {
+vmem->unplugged_inaccessible = ON_OFF_AUTO_ON;
 }
-#else /* VIRTIO_MEM_HAS_LEGACY_GUESTS */
-vmem->unplugged_inaccessible = ON_OFF_AUTO_ON;
-#endif /* VIRTIO_MEM_HAS_LEGACY_GUESTS */
 
 if (vmem->dynamic_memslots &&
 vmem->unplugged_inaccessible != ON_OFF_AUTO_ON) {
@@ -1723,16 +1722,17 @@ static const Property virtio_mem_properties[] = {
 DEFINE_PROP_BOOL(VIRTIO_MEM_PREALLOC_PROP, VirtIOMEM, prealloc, false),
 DEFINE_PROP_LINK(VIRTIO_MEM_MEMDEV_PROP, VirtIOMEM, memdev,
  TYPE_MEMORY_BACKEND, HostMemoryBackend *),
-#if defined(VIRTIO_MEM_HAS_LEGACY_GUESTS)
-DEFINE_PROP_ON_OFF_AUTO(VIRTIO_MEM_UNPLUGGED_INACCESSIBLE_PROP, VirtIOMEM,
-unplugged_inaccessible, ON_OFF_AUTO_ON),
-#endif
 DEFINE_PROP_BOOL(VIRTIO_MEM_EARLY_MIGRATION_PROP, VirtIOMEM,
  early_migration, true),
 DEFINE_PROP_BOOL(VIRTIO_MEM_DYNAMIC_MEMSLOTS_PROP, VirtIOMEM,
  dynamic_memslots, false),
 };
 
+static const Property virtio_mem_legacy_guests_properties[] = {
+DEFINE_PROP_ON_OFF_AUTO(VIRTIO_MEM_UNPLUGGED_INACCESSIBLE_PROP, VirtIOMEM,
+unplugged_inaccessible, ON_OFF_AUTO_ON),
+};
+
 static uint64_t virtio_mem_rdm_get_min_granularity(const RamDiscardManager 
*rdm,
const MemoryRegion *mr)
 {
@@ -1885,6 +1885,9 @@ static void virtio_mem_class_init(ObjectClass *klass, 
void *data)
 RamDiscardManagerClass *rdmc = RAM_DISCARD_MANAGER_CLASS(klass);
 
 device_class_set_props(dc, virtio_mem_properties);
+if (virtio_mem_has_legacy_guests()) {
+device_class_set_props(dc, virtio_mem_legacy_guests_proper

[PATCH v2 3/7] hw/i386/fw_cfg: Check ACPI availability with acpi_builtin()

[Philippe Mathieu-Daudé]

Replace the compile-time CONFIG_ACPI check by a runtime one.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Ani Sinha 
---
 hw/i386/fw_cfg.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/i386/fw_cfg.c b/hw/i386/fw_cfg.c
index d08aefa0291..a7f1b60b98c 100644
--- a/hw/i386/fw_cfg.c
+++ b/hw/i386/fw_cfg.c
@@ -145,10 +145,10 @@ FWCfgState *fw_cfg_arch_create(MachineState *ms,
  */
 fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, apic_id_limit);
 fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, ms->ram_size);
-#ifdef CONFIG_ACPI
-fw_cfg_add_bytes(fw_cfg, FW_CFG_ACPI_TABLES,
- acpi_tables, acpi_tables_len);
-#endif
+if (acpi_builtin()) {
+fw_cfg_add_bytes(fw_cfg, FW_CFG_ACPI_TABLES,
+ acpi_tables, acpi_tables_len);
+}
 fw_cfg_add_i32(fw_cfg, FW_CFG_IRQ0_OVERRIDE, 1);
 
 fw_cfg_add_bytes(fw_cfg, FW_CFG_HPET, &hpet_fw_cfg, sizeof(hpet_fw_cfg));
-- 
2.47.1

[PATCH v2 5/7] hw/virtio/virtio-mem: Convert VIRTIO_MEM_USABLE_EXTENT to runtime

[Philippe Mathieu-Daudé]

Use qemu_arch_available() to check at runtime if a target
architecture is built in.

Consider the maximum extent size of any architecture built in.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/virtio/virtio-mem.c | 28 
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/hw/virtio/virtio-mem.c b/hw/virtio/virtio-mem.c
index 5f57eccbb66..6ff9dab0f66 100644
--- a/hw/virtio/virtio-mem.c
+++ b/hw/virtio/virtio-mem.c
@@ -15,6 +15,7 @@
 #include "qemu/cutils.h"
 #include "qemu/error-report.h"
 #include "qemu/units.h"
+#include "system/arch_init.h"
 #include "system/numa.h"
 #include "system/system.h"
 #include "system/reset.h"
@@ -170,13 +171,24 @@ static bool virtio_mem_has_shared_zeropage(RAMBlock *rb)
  * necessary (as the section size can change). But it's more likely that the
  * section size will rather get smaller and not bigger over time.
  */
-#if defined(TARGET_X86_64) || defined(TARGET_I386) || defined(TARGET_S390X)
-#define VIRTIO_MEM_USABLE_EXTENT (2 * (128 * MiB))
-#elif defined(TARGET_ARM)
-#define VIRTIO_MEM_USABLE_EXTENT (2 * (512 * MiB))
-#else
-#error VIRTIO_MEM_USABLE_EXTENT not defined
-#endif
+static uint64_t virtio_mem_usable_extent_size(void)
+{
+uint64_t size = 0;
+
+assert(qemu_arch_available(QEMU_ARCH_ARM | QEMU_ARCH_I386 | 
QEMU_ARCH_S390X));
+/*
+ * FIXME: We should use the maximum of instantiated vCPUs ARCH, but
+ *for now it is easier to take the maximum of any ARCH built in.
+ */
+if (qemu_arch_available(QEMU_ARCH_I386 | QEMU_ARCH_S390X)) {
+size = MAX(size, 2 * 128 * MiB);
+}
+if (qemu_arch_available(QEMU_ARCH_ARM)) {
+size = MAX(size, 2 * 512 * MiB);
+}
+
+return size;
+}
 
 static bool virtio_mem_is_busy(void)
 {
@@ -721,7 +733,7 @@ static void virtio_mem_resize_usable_region(VirtIOMEM *vmem,
 bool can_shrink)
 {
 uint64_t newsize = MIN(memory_region_size(&vmem->memdev->mr),
-   requested_size + VIRTIO_MEM_USABLE_EXTENT);
+   requested_size + virtio_mem_usable_extent_size());
 
 /* The usable region size always has to be multiples of the block size. */
 newsize = QEMU_ALIGN_UP(newsize, vmem->block_size);
-- 
2.47.1

Re: [PATCH 11/57] docs/qapi-domain: add qapi:command directive

[John Snow]

On Fri, Mar 7, 2025 at 1:34 AM Markus Armbruster  wrote:

> John Snow  writes:
>
> > This commit adds a stubbed version of QAPICommand that utilizes the
> > QAPIObject class, the qapi:command directive, the :qapi:cmd:
> > cross-reference role, and the "command" object type in the QAPI object
> > registry.
> >
> > This commit also adds the aforementioned generic QAPIObject class for
> > use in documenting various QAPI entities in the Sphinx ecosystem.
> >
> > They don't do anything *particularly* interesting yet, but that will
> > come in forthcoming commits.
> >
> > Note: some versions of mypy get a little confused over the difference
> > between class and instance variables; because sphinx's ObjectDescription
> > does not declare option_spec as a ClassVar (even though it's obvious
> > that it is), mypy may produce this error:
> >
> > qapi-domain.py:125: error: Cannot override instance variable (previously
> > declared on base class "ObjectDescription") with class variable [misc]
> >
> > I can't control that; so silence the error with a pragma.
>
> Is this still accurate?  qapi-domain.py line 125 is a comment.  I can't
> see the pragma.
>
> > Signed-off-by: John Snow 
> > ---
> >  docs/sphinx/qapi_domain.py | 146 -
> >  1 file changed, 144 insertions(+), 2 deletions(-)
> >
> > diff --git a/docs/sphinx/qapi_domain.py b/docs/sphinx/qapi_domain.py
> > index 104bae709f3..6168c23936f 100644
> > --- a/docs/sphinx/qapi_domain.py
> > +++ b/docs/sphinx/qapi_domain.py
> > @@ -21,9 +21,10 @@
> >  from docutils import nodes
> >  from docutils.parsers.rst import directives
> >
> > -from compat import nested_parse
> > +from compat import KeywordNode, SpaceNode, nested_parse
> >  from sphinx import addnodes
> > -from sphinx.addnodes import pending_xref
> > +from sphinx.addnodes import desc_signature, pending_xref
> > +from sphinx.directives import ObjectDescription
> >  from sphinx.domains import (
> >  Domain,
> >  Index,
> > @@ -103,6 +104,144 @@ def process_link(
> >  return title, target
> >
> >
> > +# Alias for the return of handle_signature(), which is used in several
> places.
> > +# (In the Python domain, this is Tuple[str, str] instead.)
> > +Signature = str
> > +
> > +
> > +class QAPIObject(ObjectDescription[Signature]):
> > +"""
> > +Description of a generic QAPI object.
> > +
> > +It's not used directly, but is instead subclassed by specific
> directives.
> > +"""
> > +
> > +# Inherit some standard options from Sphinx's ObjectDescription
> > +option_spec: OptionSpec = (  # type:ignore[misc]
>

Originally, that pointed here.


> > +ObjectDescription.option_spec.copy()
> > +)
> > +option_spec.update(
> > +{
> > +# Borrowed from the Python domain:
>
> This is line 125 mentioned above.
>

Slightly stale.


>
> > +"module": directives.unchanged,  # Override contextual
> module name
> > +}
> > +)
>
> [...]
>
>

[PATCH v2 1/7] system: Replace arch_type global by qemu_arch_available() helper

[Philippe Mathieu-Daudé]

qemu_arch_available() is a bit simpler to understand while
reviewing than the undocumented arch_type variable.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/system/arch_init.h | 2 +-
 hw/scsi/scsi-disk.c| 2 +-
 system/arch_init.c | 5 -
 system/qdev-monitor.c  | 4 ++--
 system/vl.c| 6 +++---
 5 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/include/system/arch_init.h b/include/system/arch_init.h
index d8b77440487..51e24c3091e 100644
--- a/include/system/arch_init.h
+++ b/include/system/arch_init.h
@@ -25,6 +25,6 @@ enum {
 QEMU_ARCH_LOONGARCH = (1 << 23),
 };
 
-extern const uint32_t arch_type;
+bool qemu_arch_available(unsigned qemu_arch_mask);
 
 #endif
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index e7f738b4841..7c87b20e694 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -3165,7 +3165,7 @@ static void scsi_property_add_specifics(DeviceClass *dc)
 ObjectClass *oc = OBJECT_CLASS(dc);
 
 /* The loadparm property is only supported on s390x */
-if (arch_type & QEMU_ARCH_S390X) {
+if (qemu_arch_available(QEMU_ARCH_S390X)) {
 object_class_property_add_str(oc, "loadparm",
   scsi_property_get_loadparm,
   scsi_property_set_loadparm);
diff --git a/system/arch_init.c b/system/arch_init.c
index b1baed18a30..61c6f680c94 100644
--- a/system/arch_init.c
+++ b/system/arch_init.c
@@ -38,4 +38,7 @@ int graphic_height = 600;
 int graphic_depth = 32;
 #endif
 
-const uint32_t arch_type = QEMU_ARCH;
+bool qemu_arch_available(unsigned qemu_arch_mask)
+{
+return qemu_arch_mask & QEMU_ARCH;
+}
diff --git a/system/qdev-monitor.c b/system/qdev-monitor.c
index 856c9e8c32e..5588ed2047d 100644
--- a/system/qdev-monitor.c
+++ b/system/qdev-monitor.c
@@ -132,7 +132,7 @@ static const char *qdev_class_get_alias(DeviceClass *dc)
 
 for (i = 0; qdev_alias_table[i].typename; i++) {
 if (qdev_alias_table[i].arch_mask &&
-!(qdev_alias_table[i].arch_mask & arch_type)) {
+!qemu_arch_available(qdev_alias_table[i].arch_mask)) {
 continue;
 }
 
@@ -218,7 +218,7 @@ static const char *find_typename_by_alias(const char *alias)
 
 for (i = 0; qdev_alias_table[i].alias; i++) {
 if (qdev_alias_table[i].arch_mask &&
-!(qdev_alias_table[i].arch_mask & arch_type)) {
+!qemu_arch_available(qdev_alias_table[i].arch_mask)) {
 continue;
 }
 
diff --git a/system/vl.c b/system/vl.c
index 04f78466c41..ec93988a03a 100644
--- a/system/vl.c
+++ b/system/vl.c
@@ -878,11 +878,11 @@ static void help(int exitcode)
 g_get_prgname());
 
 #define DEF(option, opt_arg, opt_enum, opt_help, arch_mask)\
-if ((arch_mask) & arch_type)   \
+if (qemu_arch_available(arch_mask)) \
 fputs(opt_help, stdout);
 
 #define ARCHHEADING(text, arch_mask) \
-if ((arch_mask) & arch_type)\
+if (qemu_arch_available(arch_mask)) \
 puts(stringify(text));
 
 #define DEFHEADING(text) ARCHHEADING(text, QEMU_ARCH_ALL)
@@ -2929,7 +2929,7 @@ void qemu_init(int argc, char **argv)
 const QEMUOption *popt;
 
 popt = lookup_opt(argc, argv, &optarg, &optind);
-if (!(popt->arch_mask & arch_type)) {
+if (!qemu_arch_available(popt->arch_mask)) {
 error_report("Option not supported for this target");
 exit(1);
 }
-- 
2.47.1

[PATCH v2 2/7] hw/acpi: Introduce acpi_builtin() helper

[Philippe Mathieu-Daudé]

acpi_builtin() can be used to check at runtime whether
the ACPI subsystem is built in a qemu-system binary.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Ani Sinha 
---
 include/hw/acpi/acpi.h | 3 +++
 hw/acpi/acpi-stub.c| 5 +
 hw/acpi/core.c | 5 +
 3 files changed, 13 insertions(+)

diff --git a/include/hw/acpi/acpi.h b/include/hw/acpi/acpi.h
index e0e51e85b41..d1a4fa2af84 100644
--- a/include/hw/acpi/acpi.h
+++ b/include/hw/acpi/acpi.h
@@ -150,6 +150,9 @@ struct ACPIREGS {
 Notifier wakeup;
 };
 
+/* Return whether ACPI subsystem is built in */
+bool acpi_builtin(void);
+
 /* PM_TMR */
 void acpi_pm_tmr_update(ACPIREGS *ar, bool enable);
 void acpi_pm_tmr_calc_overflow_time(ACPIREGS *ar);
diff --git a/hw/acpi/acpi-stub.c b/hw/acpi/acpi-stub.c
index e268ce9b1a9..790bf509e5d 100644
--- a/hw/acpi/acpi-stub.c
+++ b/hw/acpi/acpi-stub.c
@@ -25,3 +25,8 @@ void acpi_table_add(const QemuOpts *opts, Error **errp)
 {
 g_assert_not_reached();
 }
+
+bool acpi_builtin(void)
+{
+return false;
+}
diff --git a/hw/acpi/core.c b/hw/acpi/core.c
index 870391ed7c8..58f8964e130 100644
--- a/hw/acpi/core.c
+++ b/hw/acpi/core.c
@@ -78,6 +78,11 @@ static void acpi_register_config(void)
 
 opts_init(acpi_register_config);
 
+bool acpi_builtin(void)
+{
+return true;
+}
+
 static int acpi_checksum(const uint8_t *data, int len)
 {
 int sum, i;
-- 
2.47.1

Re: [PATCH 12/57] docs/qapi-domain: add :since: directive option

[John Snow]

On Fri, Mar 7, 2025 at 1:59 AM Markus Armbruster  wrote:

> John Snow  writes:
>
> > Add a little special markup for registering "Since:" information. Adding
> > it as an option instead of generic content lets us hoist the information
> > into the Signature bar, optionally put it in the index, etc.
> >
> > Signed-off-by: John Snow 
> > ---
> >  docs/sphinx/qapi_domain.py | 29 +++--
> >  1 file changed, 27 insertions(+), 2 deletions(-)
> >
> > diff --git a/docs/sphinx/qapi_domain.py b/docs/sphinx/qapi_domain.py
> > index 6168c23936f..9919dacd4e6 100644
> > --- a/docs/sphinx/qapi_domain.py
> > +++ b/docs/sphinx/qapi_domain.py
> > @@ -4,6 +4,7 @@
> >
> >  from __future__ import annotations
> >
> > +import re
> >  from typing import (
> >  TYPE_CHECKING,
> >  AbstractSet,
> > @@ -104,6 +105,18 @@ def process_link(
> >  return title, target
> >
> >
> > +def since_validator(param: str) -> str:
> > +"""
> > +Validate the `:since: X.Y` option field.
> > +"""
> > +match = re.match(r"[0-9]+\.[0-9]+", param)
>
> This accepts arbitrary crap after the version.  Example:
> "9.2.50v9.2.0-2253-ge8a0110293" is fine.  Intentional?
>

Nope! O:-) I forgot that match doesn't imply ^...$


>
> > +if not match:
> > +raise ValueError(
> > +f":since: requires a version number in X.Y format; not
> {param!r}"
> > +)
> > +return param
>
> Schema validation is the frontend's job.  Ideally, a backend doesn't
> report any errors.  The backends generating C don't.  A backend
> generating docs has to: all the reST processing happens there, and
> therefore reST errors can only be diagnosed there.  Since "no errors"
> purity is impossible for this backend, we can be pragmatic about sinning
> a bit more.
>
> Still, I think this one should rather go into the doc comment parser.
>
> This is not a demand.  We can always clean it up later.
>

You *can* technically use this without touching the QAPI parser at all,
nothing stops you. I.e., you *could* write a QMP reference manual by hand
into an .rst if you wanted.

That said, I know we probably won't. I can remove the validator.


>
> > +
> > +
> >  # Alias for the return of handle_signature(), which is used in several
> places.
> >  # (In the Python domain, this is Tuple[str, str] instead.)
> >  Signature = str
> > @@ -124,6 +137,8 @@ class QAPIObject(ObjectDescription[Signature]):
> >  {
> >  # Borrowed from the Python domain:
> >  "module": directives.unchanged,  # Override contextual
> module name
> > +# These are QAPI originals:
> > +"since": since_validator,
> >  }
> >  )
> >
> > @@ -135,9 +150,19 @@ def get_signature_prefix(self) -> List[nodes.Node]:
> >  SpaceNode(" "),
> >  ]
> >
> > -def get_signature_suffix(self) -> list[nodes.Node]:
> > +def get_signature_suffix(self) -> List[nodes.Node]:
> >  """Returns a suffix to put after the object name in the
> signature."""
> > -return []
> > +ret: List[nodes.Node] = []
> > +
> > +if "since" in self.options:
> > +ret += [
> > +SpaceNode(" "),
> > +addnodes.desc_sig_element(
> > +"", f"(Since: {self.options['since']})"
> > +),
> > +]
> > +
> > +return ret
> >
> >  def handle_signature(self, sig: str, signode: desc_signature) ->
> Signature:
> >  """
>
>

[PATCH v2 7/7] hw/virtio: Compile virtio-mem.c once

[Philippe Mathieu-Daudé]

Remove unused "exec/ram_addr.h" header. This file doesn't
use any target specific definitions anymore, compile it
once by moving it to system_virtio_ss[].

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: David Hildenbrand 
---
 hw/virtio/virtio-mem.c | 1 -
 hw/virtio/meson.build  | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/virtio/virtio-mem.c b/hw/virtio/virtio-mem.c
index 5288fe597b3..2e51dcfdf32 100644
--- a/hw/virtio/virtio-mem.c
+++ b/hw/virtio/virtio-mem.c
@@ -25,7 +25,6 @@
 #include "hw/virtio/virtio-mem.h"
 #include "qapi/error.h"
 #include "qapi/visitor.h"
-#include "exec/ram_addr.h"
 #include "migration/misc.h"
 #include "hw/boards.h"
 #include "hw/qdev-properties.h"
diff --git a/hw/virtio/meson.build b/hw/virtio/meson.build
index a5f9f7999dd..7c3513315cb 100644
--- a/hw/virtio/meson.build
+++ b/hw/virtio/meson.build
@@ -55,7 +55,7 @@ specific_virtio_ss.add(when: 'CONFIG_VHOST_VSOCK', if_true: 
files('vhost-vsock.c
 specific_virtio_ss.add(when: 'CONFIG_VHOST_USER_VSOCK', if_true: 
files('vhost-user-vsock.c'))
 specific_virtio_ss.add(when: 'CONFIG_VIRTIO_RNG', if_true: 
files('virtio-rng.c'))
 specific_virtio_ss.add(when: 'CONFIG_VIRTIO_NSM', if_true: 
[files('virtio-nsm.c', 'cbor-helpers.c'), libcbor])
-specific_virtio_ss.add(when: 'CONFIG_VIRTIO_MEM', if_true: 
files('virtio-mem.c'))
+system_virtio_ss.add(when: 'CONFIG_VIRTIO_MEM', if_true: files('virtio-mem.c'))
 specific_virtio_ss.add(when: 'CONFIG_VHOST_USER_SCMI', if_true: 
files('vhost-user-scmi.c'))
 specific_virtio_ss.add(when: ['CONFIG_VIRTIO_PCI', 'CONFIG_VHOST_USER_SCMI'], 
if_true: files('vhost-user-scmi-pci.c'))
 
-- 
2.47.1