git.maquefel.me Git - qemu.git/log

target/i386: remove duplicate prefix decoding

Now that a bulk of opcodes go through the new decoder, it is sensible
to do some cleanup. Go immediately through disas_insn_new and only jump
back after parsing the prefixes.

disas_insn() now only contains the three sigsetjmp cases, and they
are more easily managed if they are inlined into i386_tr_translate_insn.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: split legacy decoder into a separate function

Split the bits that have some duplication with disas_insn_new, from
those that should be the main topic of the conversion. This is the
first step towards removing duplicate decoding of prefixes between
disas_insn and disas_insn_new.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: decode x87 instructions in a separate function

These are unlikely to be converted to the table-based decoding
soon (perhaps there could be generic ESC decoding in decode-new.c.inc
for the Mod/RM byte, but not operand decoding), so keep them separate
from the remaining legacy-decoded instructions.

Acked-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: remove now-converted opcodes from old decoder

Send all converted opcodes to disas_insn_new() directly from the big
decoding switch statement; once more, the debugging/bisecting logic
disappears.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: port extensions of one-byte opcodes to new decoder

A few two-byte opcodes are simple extensions of existing one-byte opcodes;
they are easy to decode and need no change to emit.c.inc. Port them to
the new decoder.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: move BSWAP to new decoder

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: move remaining conditional operations to new decoder

Move long-displacement Jcc, SETcc and CMOVcc to the new decoder.
While filling in the tables makes the code seem longer, the new
emitters are all just one line of code.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: merge and enlarge a few ranges for call to disas_insn_new

Since new opcodes are not going to be added in translate.c, round the
case labels that call to disas_insn_new(), including whole sets of
eight opcodes when possible.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: move C0-FF opcodes to new decoder (except for x87)

The shift instructions are rewritten instead of reusing code from the old
decoder.  Rotates use CC_OP_ADCOX more extensively and generally rely
more on the optimizer, so that the code generators are shared between
the immediate-count and variable-count cases.

In particular, this makes gen_RCL and gen_RCR pretty efficient for the
count == 1 case, which becomes (apart from a few extra movs) something like:

  (compute_cc_all if needed)
  // save old value for OF calculation
  mov     cc_src2, T0
  // the bulk of RCL is just this!
  deposit T0, cc_src, T0, 1, TARGET_LONG_BITS - 1
  // compute carry
  shr     cc_dst, cc_src2, length - 1
  and     cc_dst, cc_dst, 1
  // compute overflow
  xor     cc_src2, cc_src2, T0
  extract cc_src2, cc_src2, length - 1, 1

32-bit MUL and IMUL are also slightly more efficient on 64-bit hosts.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: generalize gen_movl_seg_T0

In the new decoder it is sometimes easier to put the segment
in T1 instead of T0, usually because another operand was loaded
by common code in T0. Genrealize gen_movl_seg_T0 to allow
using any source.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: move 60-BF opcodes to new decoder

Compared to the old decoder, the main differences in translation
are for the little-used ARPL instruction. IMUL is adjusted a bit
to share more code to produce flags, but is otherwise very similar.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: allow instructions with more than one immediate

While keeping decode->immediate for convenience and for 4-operand instructions,
store the immediate in X86DecodedOp as well. This enables instructions
with more than one immediate such as ENTER. It can also be used for far
calls and jumps.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: extract gen_far_call/jmp, reordering temporaries

Extract the code into new functions, and swap T0/T1 so that T0 corresponds
to the first immediate in the instruction stream.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: move 00-5F opcodes to new decoder

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: reintroduce debugging mechanism

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: cleanup *gen_eob*

Create a new wrapper for syscall/sysret, and do not go through multiple
layers of wrappers.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: clarify the "reg" argument of functions returning CCPrepare

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: do not use s->T0 and s->T1 as scratch registers for CCPrepare

Instead of using s->T0 or s->T1, create a scratch register
when computing the C, NC, L or LE conditions.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: extend cc_* when using them to compute flags

Instead of using s->tmp0 or s->tmp4 as the result, just extend the cc_*
registers in place. It is harmless and, if multiple setcc instructions
are used, the optimizer will be able to remove the redundant ones.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: pull cc_op update to callers of gen_jmp_rel{,_csize}

gen_update_cc_op must be called before control flow splits. Doing it
in gen_jmp_rel{,_csize} may hide bugs, instead assert that cc_op is
clean---even if that means a few more calls to gen_update_cc_op().

With this new invariant, setting cc_op to CC_OP_DYNAMIC is unnecessary
since the caller should have done it.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: cleanup cc_op changes for REP/REPZ/REPNZ

gen_update_cc_op must be called before control flow splits. Do it
where the jump on ECX!=0 is translated.

On the other hand, remove the call before gen_jcc1, which takes care of
it already, and explain why REPZ/REPNZ need not use CC_OP_DYNAMIC---the
translation block ends before any control-flow-dependent cc_op could
be observed.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: cc_op is not dynamic in gen_jcc1

Resetting cc_op to CC_OP_DYNAMIC should be done at control flow junctions,
which is not the case here. This translation block is ending and the
only effect of calling set_cc_op() would be a discard of s->cc_srcT.
This discard is useless (it's a temporary, not a global) and in fact
prevents gen_prepare_cc from returning s->cc_srcT.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: remove mask from CCPrepare

With the introduction of TSTEQ and TSTNE the .mask field is always -1,
so remove all the now-unnecessary code.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: use TSTEQ/TSTNE to check flags

The new conditions obviously come in handy when testing individual bits
of EFLAGS, and they make it possible to remove the .mask field of
CCPrepare.

Lowering to shift+and is done by the optimizer if necessary.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: use TSTEQ/TSTNE to test low bits

When testing the sign bit or equality to zero of a partial register, it
is useful to use a single TSTEQ or TSTNE operation. It can also be used
to test the parity flag, using bit 0 of the population count.

Do not do this for target_ulong-sized values however; the optimizer would
produce a comparison against zero anyway, and it avoids shifts by 64
which are undefined behavior.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: Fix CPUID encoding of Fn8000001E_ECX

Observed the following failure while booting the SEV-SNP guest and the
guest fails to boot with the smp parameters:
"-smp 192,sockets=1,dies=12,cores=8,threads=2".

qemu-system-x86_64: sev_snp_launch_update: SNP_LAUNCH_UPDATE ret=-5 fw_error=22 'Invalid parameter'
qemu-system-x86_64: SEV-SNP: CPUID validation failed for function 0x8000001e, index: 0x0.
provided: eax:0x00000000, ebx: 0x00000100, ecx: 0x00000b00, edx: 0x00000000
expected: eax:0x00000000, ebx: 0x00000100, ecx: 0x00000300, edx: 0x00000000
qemu-system-x86_64: SEV-SNP: failed update CPUID page

Reason for the failure is due to overflowing of bits used for "Node per
processor" in CPUID Fn8000001E_ECX. This field's width is 3 bits wide and
can hold maximum value 0x7. With dies=12 (0xB), it overflows and spills
over into the reserved bits. In the case of SEV-SNP, this causes CPUID
enforcement failure and guest fails to boot.

The PPR documentation for CPUID_Fn8000001E_ECX [Node Identifiers]
=================================================================
Bits    Description
31:11   Reserved.

10:8    NodesPerProcessor: Node per processor. Read-only.
        ValidValues:
        Value   Description
        0h      1 node per processor.
        7h-1h   Reserved.

7:0     NodeId: Node ID. Read-only. Reset: Fixed,XXh.
=================================================================

As in the spec, the valid value for "node per processor" is 0 and rest
are reserved.

Looking back at the history of decoding of CPUID_Fn8000001E_ECX, noticed
that there were cases where "node per processor" can be more than 1. It
is valid only for pre-F17h (pre-EPYC) architectures. For EPYC or later
CPUs, the linux kernel does not use this information to build the L3
topology.

Also noted that the CPUID Function 0x8000001E_ECX is available only when
TOPOEXT feature is enabled. This feature is enabled only for EPYC(F17h)
or later processors. So, previous generation of processors do not not
enumerate 0x8000001E_ECX leaf.

There could be some corner cases where the older guests could enable the
TOPOEXT feature by running with -cpu host, in which case legacy guests
might notice the topology change. To address those cases introduced a
new CPU property "legacy-multi-node". It will be true for older machine
types to maintain compatibility. By default, it will be false, so new
decoding will be used going forward.

The documentation is taken from Preliminary Processor Programming
Reference (PPR) for AMD Family 19h Model 11h, Revision B1 Processors 55901
Rev 0.25 - Oct 6, 2022.

Cc: qemu-stable@nongnu.org
Fixes: 31ada106d891 ("Simplify CPUID_8000_001E for AMD")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Babu Moger <babu.moger@amd.com>
Message-ID: <0ee4b0a8293188a53970a2b0e4f4ef713425055e.1714757834.git.babu.moger@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Merge tag 'qemu-sparc-20240506' of https://github.com/mcayland/qemu into staging

qemu-sparc queue

# -----BEGIN PGP SIGNATURE-----
#
# iQFSBAABCgA8FiEEzGIauY6CIA2RXMnEW8LFb64PMh8FAmY4wZceHG1hcmsuY2F2
# ZS1heWxhbmRAaWxhbmRlLmNvLnVrAAoJEFvCxW+uDzIftQsH+wfIWymTdQMowfM6
# Ze/T8KODn+MqU5eg25VPSTojnmr7LFaCj2yK6zWX61RwIqtMc3NaxX0G7ksW12/g
# 35ACqiEEd5WRDhAtVhj5Wp+WEDoR4AD3LWIaN7a/qjO3qb78l7Bujw3qXzGSq4lQ
# hST6dTgMwn5LhJOyz+5dORVUK1UZSBuDxHeKRHgdoFi6yqGQ5bao5TpaDYOnGSbx
# 8KPrAFfXG1T6xRS8Ih5HXAPE5VJztLFPiVtCTTrETDP/o8EzvOZj5y/nJVZXXC3N
# 57g+QyJX9EdrRZvobef4LnNnoZyiqG+uQNugglqZqjiiLjl6AzYxI+ed0hU+cZR9
# pz76Hr8=
# =i2cV
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 06 May 2024 04:40:07 AM PDT
# gpg:                using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F
# gpg:                issuer "mark.cave-ayland@ilande.co.uk"
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full]

* tag 'qemu-sparc-20240506' of https://github.com/mcayland/qemu:
  target/sparc: Split out do_ms16b
  target/sparc: Fix FPMERGE
  target/sparc: Fix FMULD8*X16
  target/sparc: Fix FMUL8x16A{U,L}
  target/sparc: Fix FMUL8x16
  target/sparc: Fix FEXPAND
  linux-user/sparc: Add more hwcap bits for sparc64
  hw/sparc64: set iommu_platform=on for virtio devices attached to the sun4u machine
  docs/about: Deprecate the old "UltraSparc" CPU names that contain a "+"
  docs/system/target-sparc: Improve the Sparc documentation
  target/sparc/cpu: Avoid spaces by default in the CPU names
  target/sparc/cpu: Rename the CPU models with a "+" in their names

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Merge tag 'accel-20240506' of https://github.com/philmd/qemu into staging

Accelerator patches

- Extract page-protection definitions to page-protection.h
- Rework in accel/tcg in preparation of extracting TCG fields from CPUState
- More uses of get_task_state() in user emulation
- Xen refactors in preparation for adding multiple map caches (Juergen & Edgar)
- MAINTAINERS updates (Aleksandar and Bin)

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmY40CAACgkQ4+MsLN6t
# wN5drxAA1oIsuUzpAJmlMIxZwlzbICiuexgn/HH9DwWNlrarKo7V1l4YB8jd9WOg
# IKuj7c39kJKsDEB8BXApYwcly+l7DYdnAAI8Z7a+eN+ffKNl/0XBaLjsGf58RNwY
# fb39/cXWI9ZxKxsHMSyjpiu68gOGvZ5JJqa30Fr+eOGuug9Fn/fOe1zC6l/dMagy
# Dnym72stpD+hcsN5sVwohTBIk+7g9og1O/ctRx6Q3ZCOPz4p0+JNf8VUu43/reaR
# 294yRK++JrSMhOVFRzP+FH1G25NxiOrVCFXZsUTYU+qPDtdiKtjH1keI/sk7rwZ7
# U573lesl7ewQFf1PvMdaVf0TrQyOe6kUGr9Mn2k8+KgjYRAjTAQk8V4Ric/+xXSU
# 0rd7Cz7lyQ8jm0DoOElROv+lTDQs4dvm3BopF3Bojo4xHLHd3SFhROVPG4tvGQ3H
# 72Q5UPR2Jr2QZKiImvPceUOg0z5XxoN6KRUkSEpMFOiTRkbwnrH59z/qPijUpe6v
# 8l5IlI9GjwkL7pcRensp1VC6e9KC7F5Od1J/2RLDw3UQllMQXqVw2bxD3CEtDRJL
# QSZoS4d1jUCW4iAYdqh/8+2cOIPiCJ4ai5u7lSdjrIJkRErm32FV/pQLZauoHlT5
# eTPUgzDoRXVgI1X1slTpVXlEEvRNbhZqSkYLkXr80MLn5hTafo0=
# =3Qkg
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 06 May 2024 05:42:08 AM PDT
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]

* tag 'accel-20240506' of https://github.com/philmd/qemu: (28 commits)
  MAINTAINERS: Update my email address
  MAINTAINERS: Update Aleksandar Rikalo email
  system: Pass RAM MemoryRegion and is_write in xen_map_cache()
  xen: mapcache: Break out xen_map_cache_init_single()
  xen: mapcache: Break out xen_invalidate_map_cache_single()
  xen: mapcache: Refactor xen_invalidate_map_cache_entry_unlocked
  xen: mapcache: Refactor xen_replace_cache_entry_unlocked
  xen: mapcache: Break out xen_ram_addr_from_mapcache_single
  xen: mapcache: Refactor xen_remap_bucket for multi-instance
  xen: mapcache: Refactor xen_map_cache for multi-instance
  xen: mapcache: Refactor lock functions for multi-instance
  xen: let xen_ram_addr_from_mapcache() return -1 in case of not found entry
  system: let qemu_map_ram_ptr() use qemu_ram_ptr_length()
  user: Use get_task_state() helper
  user: Declare get_task_state() once in 'accel/tcg/vcpu-state.h'
  user: Forward declare TaskState type definition
  accel/tcg: Move @plugin_mem_cbs from CPUState to CPUNegativeOffsetState
  accel/tcg: Restrict cpu_plugin_mem_cbs_enabled() to TCG
  accel/tcg: Restrict qemu_plugin_vcpu_exit_hook() to TCG plugins
  accel/tcg: Update CPUNegativeOffsetState::can_do_io field documentation
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Merge tag 'pull-qapi-2024-05-06' of https://repo.or.cz/qemu/armbru into staging

QAPI patches patches for 2024-05-06

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmY4uIASHGFybWJydUBy
# ZWRoYXQuY29tAAoJEDhwtADrkYZTCYoQAK8Y2SSPlRqwdyYWqQHcPuQe4ThvnT2l
# y1Dzcy0MGKdeDQng+lyMh9x50U6vMd33TaWEDZ4PEprSLirWnRIIL9/qgrc+obYB
# LfncQR7BRLEPYRA0cQwvSBNzSLgCiySoa9x98yCB1ZZGQsAMz4p1j8qDpJFAL2qa
# VThXFcBaUOPRKFDwp03r8n8PFsaqaBVjI/2YX13EyJksaPNLNT6Z2xfcgREXFu2I
# gWfFR21kJwkUAgkfc6LhmqlpKXBpKQ+bWCmV1G/+LZosid3B8jfKOfOx4s9q9g5G
# N7HVRSHlqPyGQeJGaiiKgPZyoRh65L0YRa3OtYoJL9ngx1P7opAGxnxSsARduNg3
# yQbbFY4c99HuxgxfMLwRPWr6Xm3c5DEvdIwoVRWm1ajJynbLWNiTN/uQs+tIEFbr
# 4usxqAQRo2G5WkY9JGuDuBJkZTp1/6pEM0xVrRgGYH9jr8LZrS2HPrnbcsa3eqAl
# UqSfu8HAL8j1wiBAr83DQe+SuoyRfrnFaTNYAILFG4RUsWF2u44RvkceGroyq3s1
# mgHFZGF0+m8K7TXqeJvkSgg4wr2AnavXrb79Zz2JVut0X6K6S4AbueTBIn8zT2EX
# uGHhm4ZW5JUq6Wz6bQtq6/IUa/k2pAlszVFHe3Yn50J3CUU5dR/nYry7Cx4Q6/KT
# h4vzopMBjVv1
# =3Pxa
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 06 May 2024 04:01:20 AM PDT
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]

* tag 'pull-qapi-2024-05-06' of https://repo.or.cz/qemu/armbru:
  qapi: Simplify QAPISchemaVariants @tag_member
  qapi: Move conditional code from QAPISchemaVariants to its subtypes
  qapi: Rename QAPISchemaAlternateType.variants to .alternatives
  qapi: Rename QAPISchemaObjectType.variants to .branches
  qapi: Rename visitor parameter @variants to @alternatives
  qapi: Rename visitor parameter @variants to @branches
  qapi: New QAPISchemaBranches, QAPISchemaAlternatives

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* target/i386: Introduce SapphireRapids-v3 to add missing features
* switch boards to "default y"
* allow building emulators without any board
* configs: list "implied" device groups in the default configs
* remove unnecessary declarations from typedefs.h
* target/i386: Give IRQs a chance when resetting HF_INHIBIT_IRQ_MASK

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmY1ILsUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroNtIwf+MEehq2HudZvsK1M8FrvNmkB/AssO
# x4tqL8DlTus23mQDBu9+rANTB93ManJdK9ybtf6NfjEwK+R8RJslLVnuy/qT+aQX
# PD208L88fjZg17G8uyawwvD1VmqWzHFSN14ShmKzqB2yPXXo/1cJ30w78DbD50yC
# 6rw/xbC5j195CwE2u8eBcIyY4Hh2PUYEE4uyHbYVr57cMjfmmA5Pg4I4FJrpLrF3
# eM2Avl/4pIbsW3zxXVB8QbAkgypxZErk3teDK1AkPJnlnBYM1jGKbt/GdKe7vcHR
# V/o+7NlcbS3oHVItQ2gP3m91stjFq+NhixaZpa0VlmuqayBa3xNGl0G6OQ==
# =ZbNW
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 03 May 2024 10:36:59 AM PDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (46 commits)
  qga/commands-posix: fix typo in qmp_guest_set_user_password
  migration: do not include coroutine_int.h
  kvm: move target-dependent interrupt routing out of kvm-all.c
  pci: remove some types from typedefs.h
  tcg: remove CPU* types from typedefs.h
  display: remove GraphicHwOps from typedefs.h
  qapi/machine: remove types from typedefs.h
  monitor: remove MonitorDef from typedefs.h
  migration: remove PostcopyDiscardState from typedefs.h
  lockable: remove QemuLockable from typedefs.h
  intc: remove PICCommonState from typedefs.h
  qemu-option: remove QemuOpt from typedefs.h
  net: remove AnnounceTimer from typedefs.h
  numa: remove types from typedefs.h
  qdev-core: remove DeviceListener from typedefs.h
  fw_cfg: remove useless declarations from typedefs.h
  build: do not build virtio-vga-gl if virgl/opengl not available
  bitmap: Use g_try_new0/g_new0/g_renew
  target/i386: Introduce SapphireRapids-v3 to add missing features
  docs: document new convention for Kconfig board symbols
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Merge tag 'pull-hex-20240505' of https://github.com/quic/qemu into staging

Short-circuit for packets with r/w and no overlap

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEPWaq5HRZSCTIjOD4GlSvuOVkbDIFAmY4FR8ACgkQGlSvuOVk
# bDLEfxAAup6v9J4n2/q88FXfLGgx1EfZrT01gOM/48mwngNNQJGJQySe2GLl0G8S
# 1hx/Ym3jbikic8HL80v8FyCr4gNRshEY7xKpCfvY9lsgnCRbhEvoV/hZqucmLQAt
# 1SIhFSsi5h8gyZDTvXhH75v3qGvYjQ7fQBhy2JbRsPjthdHBh9xi6Na60wlqfNZq
# oGsVtY7sv1uHsvDKBi3JoXWckSK99R38BHY6zPoStarRZACkkLdX6KHxeX88TUt1
# whIUYUS/K0nRVxzekdq/+m8UJYrXnW/0cliM5mLFHDGlsV+qjdcIRrfaPWBO0eFN
# kXeZU2BWLCdP2M52FHI4FllnIRpX5OGkxjR6x8Pc9r+EGciwGRU7xeAlqBxKQSZP
# e3oXtV6oKxg69xBgHE5HcKbt6bX5EZR/sUcbAoGA41UssaiMyj3wbg1cy2UxXu2J
# 7oJyywJUggWGSoCIIJJ95YgpUrIg73Yg6pOjfhKW1w/V2SuQPGG0XTXrwe7J6uGi
# VAqyu55p2oiW8Gk4Lvl1SfWgxkVeZa/NcxTmXNEWFnT7vatqwez0O5pxIkxdSCFE
# lRv7PuFT5nhQ/gg12zGqqRiOrMOMQitHFzJ9sUNu7J4Y7W5R4gzRW19ucojLt0lH
# fT83Ra+Eex1Cu3DsuvWkokxFikxXP1Ll297Jr1JhOPewTtvlxvI=
# =Q8/k
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 05 May 2024 04:24:15 PM PDT
# gpg:                using RSA key 3D66AAE474594824C88CE0F81A54AFB8E5646C32
# gpg: Good signature from "Brian Cain (QUIC) <quic_bcain@quicinc.com>" [unknown]
# gpg:                 aka "Brian Cain <bcain@kernel.org>" [unknown]
# gpg:                 aka "Brian Cain (QuIC) <bcain@quicinc.com>" [unknown]
# gpg:                 aka "Brian Cain (CAF) <bcain@codeaurora.org>" [unknown]
# gpg:                 aka "bcain" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6350 20F9 67A7 7164 79EF  49E0 175C 464E 541B 6D47
#      Subkey fingerprint: 3D66 AAE4 7459 4824 C88C  E0F8 1A54 AFB8 E564 6C32

* tag 'pull-hex-20240505' of https://github.com/quic/qemu:
  Hexagon (target/hexagon) Remove hex_common.read_attribs_file
  Hexagon (target/hexagon) Remove gen_shortcode.py
  Hexagon (target/hexagon) Remove gen_op_regs.py
  Hexagon (target/hexagon) Remove uses of op_regs_generated.h.inc
  Hexagon (tests/tcg/hexagon) Test HVX .new read from high half of pair
  Hexagon (target/hexagon) Mark has_pred_dest in trans functions
  Hexagon (target/hexagon) Mark dest_idx in trans functions
  Hexagon (target/hexagon) Mark new_read_idx in trans functions
  Hexagon (target/hexagon) Add is_old/is_new to Register class
  Hexagon (target/hexagon) Only pass env to generated helper when needed
  Hexagon (target/hexagon) Pass SP explicitly to helpers that need it
  Hexagon (target/hexagon) Pass P0 explicitly to helpers that need it
  Hexagon (target/hexagon) Enable more short-circuit packets (HVX)
  Hexagon (target/hexagon) Enable more short-circuit packets (scalar core)
  Hexagon (target/hexagon) Analyze reads before writes

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

MAINTAINERS: Update my email address

The old Wind River email address (bin.meng@windriver.com) is no longer
available due to an internal infrastructure change within the company.
While a new email address (bin.meng.cn@windriver.com) has been assigned
to me, I am unable to find a way to send this patch directly from the
new address. Presumably, the basic authentication with client submission
(SMTP AUTH) [1] has been disabled by the company's IT.

Switch to use my personal email address instead.

Signed-off-by: Bin Meng <bin.meng.cn@windriver.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
[1] https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240505072312.2776074-1-bmeng.cn@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

MAINTAINERS: Update Aleksandar Rikalo email

Syrmia LLC has been acquired recently and the syrmia.com domain will
disappear soon, so updating my email in the MAINTAINERS file.

Signed-off-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Message-ID: <20240209062147.62453-1-aleksandar.rikalo@syrmia.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

system: Pass RAM MemoryRegion and is_write in xen_map_cache()

Propagate MR and is_write to xen_map_cache().
This is in preparation for adding support for grant mappings.

No functional change.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Peter Xu <peterx@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-ID: <20240430164939.925307-14-edgar.iglesias@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

xen: mapcache: Break out xen_map_cache_init_single()

Break out xen_map_cache_init_single() in preparation for
adding multiple map caches.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Message-ID: <20240430164939.925307-11-edgar.iglesias@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

xen: mapcache: Break out xen_invalidate_map_cache_single()

Break out xen_invalidate_map_cache_single().

No functional changes.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240430164939.925307-10-edgar.iglesias@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

xen: mapcache: Refactor xen_invalidate_map_cache_entry_unlocked

Add MapCache argument to xen_invalidate_map_cache_entry_unlocked.
This is in preparation for supporting multiple map caches.

No functional changes.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240430164939.925307-9-edgar.iglesias@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

xen: mapcache: Refactor xen_replace_cache_entry_unlocked

Add MapCache argument to xen_replace_cache_entry_unlocked in
preparation for supporting multiple map caches.

No functional change.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240430164939.925307-8-edgar.iglesias@gmail.com>
[PMD: Remove last global mapcache pointer, reported by sstabellini]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

xen: mapcache: Break out xen_ram_addr_from_mapcache_single

Break out xen_ram_addr_from_mapcache_single(), a multi-cache
aware version of xen_ram_addr_from_mapcache.

No functional changes.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240430164939.925307-7-edgar.iglesias@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

xen: mapcache: Refactor xen_remap_bucket for multi-instance

Add MapCache argument to xen_remap_bucket in preparation
to support multiple map caches.

No functional changes.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240430164939.925307-6-edgar.iglesias@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

xen: mapcache: Refactor xen_map_cache for multi-instance

Make xen_map_cache take a MapCache as argument. This is in
prepaparation to support multiple map caches.

No functional changes.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Message-ID: <20240430164939.925307-5-edgar.iglesias@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

xen: mapcache: Refactor lock functions for multi-instance

Make the lock functions take MapCache * as argument. This is
in preparation for supporting multiple caches.

No functional changes.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Message-ID: <20240430164939.925307-4-edgar.iglesias@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

xen: let xen_ram_addr_from_mapcache() return -1 in case of not found entry

Today xen_ram_addr_from_mapcache() will either abort() or return 0 in
case it can't find a matching entry for a pointer value. Both cases
are bad, so change that to return an invalid address instead.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Message-Id: <20231005181629.4046-5-vikram.garhwal@amd.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Message-ID: <20240430164939.925307-3-edgar.iglesias@gmail.com>
[PMD: Keep xen_ram_addr_from_mapcache_not_found trace event]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

system: let qemu_map_ram_ptr() use qemu_ram_ptr_length()

qemu_map_ram_ptr() and qemu_ram_ptr_length() share quite some code, so
modify qemu_ram_ptr_length() a little bit and use it for
qemu_map_ram_ptr(), too.

Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Vikram Garhwal <vikram.garhwal@amd.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227223501.28475-4-vikram.garhwal@amd.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Acked-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Message-ID: <20240430164939.925307-2-edgar.iglesias@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

user: Use get_task_state() helper

Get the TaskState pointer calling get_task_state().

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240428221450.26460-11-philmd@linaro.org>

user: Declare get_task_state() once in 'accel/tcg/vcpu-state.h'

While each user emulation implentation defines its own
TaskState structure, both use the same get_task_state()
declaration, in particular in common code (such gdbstub).
Declare the method once in "accel/tcg/vcpu-state.h".

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240428221450.26460-10-philmd@linaro.org>

user: Forward declare TaskState type definition

Forward declare TaskState in "qemu/typedefs.h" so we can
use it in generic headers like "hw/cpu/core.h".

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240428221450.26460-9-philmd@linaro.org>

qapi: Simplify QAPISchemaVariants @tag_member

For union types, the tag member is known only after .check().

We used to code this in a simple way: QAPISchemaVariants attribute
.tag_member was None for union types until .check().

Since this complicated typing, recent commit "qapi/schema: fix typing
for QAPISchemaVariants.tag_member" hid it behind a property.

The previous commit lets us treat .tag_member just like the other
attributes that become known only in .check(): declare, but don't
initialize it in .__init__().

Signed-off-by: Markus Armbruster <armbru@redhat.com>

qapi: Move conditional code from QAPISchemaVariants to its subtypes

QAPISchemaVariants.check()'s code is almost entirely conditional on
union vs. alternate type.

Move the conditional code to QAPISchemaBranches.check() and
QAPISchemaAlternatives.check(), where the conditions are always
satisfied.

Attribute QAPISchemaVariants.tag_name is now only used by
QAPISchemaBranches. Move it there.

Refactor the three types' .__init__() to make them a bit simpler.

Signed-off-by: Markus Armbruster <armbru@redhat.com>

qapi: Rename QAPISchemaAlternateType.variants to .alternatives

A previous commit narrowed the type of
QAPISchemaAlternateType.variants from QAPISchemaVariants to
QAPISchemaAlternatives. Rename it to .alternatives.

Same for .__init__() parameter @variants.

Signed-off-by: Markus Armbruster <armbru@redhat.com>

qapi: Rename QAPISchemaObjectType.variants to .branches

A previous commit narrowed the type of QAPISchemaObjectType.variants
from QAPISchemaVariants to QAPISchemaBranches. Rename it to
.branches.

Same for .__init__() parameter @variants.

Signed-off-by: Markus Armbruster <armbru@redhat.com>

qapi: Rename visitor parameter @variants to @alternatives

A previous commit narrowed the type of .visit_alternate_type()
parameter @variants from QAPISchemaVariants to QAPISchemaAlternatives.
Rename it to @alternatives.

One of them passes @alternatives to helper function
gen_visit_alternate(). Rename its @variants parameter to
@alternatives as well.

Signed-off-by: Markus Armbruster <armbru@redhat.com>

qapi: Rename visitor parameter @variants to @branches

The previous commit narrowed the type of .visit_object_type()
parameter @variants from QAPISchemaVariants to QAPISchemaBranches.
Rename it to @branches.

Same for .visit_object_type_flat().

A few of these pass @branches to helper functions:
QAPISchemaGenRSTVisitor.visit_object_type() to ._nodes_for_members()
and ._nodes_for_variant_when(), and
QAPISchemaGenVisitVisitor.visit_object_type() to
gen_visit_object_members(). Rename the helpers' @variants parameters
to @branches as well.

Signed-off-by: Markus Armbruster <armbru@redhat.com>

qapi: New QAPISchemaBranches, QAPISchemaAlternatives

QAPISchemaVariants represents either a union type's branches, or an
alternate type's alternatives.  Much of its code is conditional on
which one it actually is.

Create QAPISchemaBranches for branches, and QAPISchemaAlternatives for
alternatives, both subtypes of QAPISchemaVariants.

Replace QAPISchemaVariants by one of them where possible.  Keep it
only where we actually deal with either of them.

QAPISchemaVariants.__init__() takes @tag_name and @tag_member, where
exactly one must be None: @tag_name for alternatives, @tag_member for
branches.  Let QAPISchemaBranches.__init__() take just @tag_name, and
QAPISchemaAlternatives.__init__() take just @tag_member.

A later patch will move the conditional code to the subtypes.

Signed-off-by: Markus Armbruster <armbru@redhat.com>

accel/tcg: Move @plugin_mem_cbs from CPUState to CPUNegativeOffsetState

@plugin_mem_cbs is accessed by tcg generated code, move it
to CPUNegativeOffsetState.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240429213050.55177-4-philmd@linaro.org>

accel/tcg: Restrict cpu_plugin_mem_cbs_enabled() to TCG

So far cpu_plugin_mem_cbs_enabled() is only called from
TCG, so reduce it to accel/tcg/.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <5f59c754-44e5-4743-a2dd-87ef8e13eadf@linaro.org>

accel/tcg: Restrict qemu_plugin_vcpu_exit_hook() to TCG plugins

qemu_plugin_vcpu_exit_hook() is specific to TCG plugins,
so must be restricted to it in cpu_common_unrealizefn(),
similarly to how qemu_plugin_create_vcpu_state() is
restricted in the cpu_common_realizefn() counterpart.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240429213050.55177-2-philmd@linaro.org>

accel/tcg: Update CPUNegativeOffsetState::can_do_io field documentation

The @can_do_io field got moved from CPUState to
CPUNegativeOffsetState in commit 464dacf609 ("accel/tcg:
Move can_do_io to CPUNegativeOffsetState").

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240428221450.26460-14-philmd@linaro.org>

accel/tcg: Move user definition of cpu_interrupt() to user-exec.c

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240428221450.26460-4-philmd@linaro.org>

accel/tcg: Access tcg_cflags with getter / setter

Access the CPUState::tcg_cflags via tcg_cflags_has() and
tcg_cflags_set() helpers.

Mechanical change using the following Coccinelle spatch script:

  @@
  expression cpu;
  expression flags;
  @@
  -     cpu->tcg_cflags & flags
  +     tcg_cflags_has(cpu, flags)

  @@
  expression cpu;
  expression flags;
  @@
  -     (tcg_cflags_has(cpu, flags))
  +     tcg_cflags_has(cpu, flags)

  @@
  expression cpu;
  expression flags;
  @@
  -     cpu->tcg_cflags |= flags;
  +     tcg_cflags_set(cpu, flags);

Then manually moving the declarations, and adding both
tcg_cflags_has() and tcg_cflags_set() definitions.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240427155714.53669-15-philmd@linaro.org>

accel/tcg: Use cpu_loop_exit_requested() in cpu_loop_exec_tb()

Do not open-code cpu_loop_exit_requested().

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240428214915.10339-9-philmd@linaro.org>

exec/cpu: Extract page-protection definitions to page-protection.h

Extract page-protection definitions from "exec/cpu-all.h"
to "exec/page-protection.h".

The list of files requiring the new header was generated
using:

$ git grep -wE \
'PAGE_(READ|WRITE|EXEC|RWX|VALID|ANON|RESERVED|TARGET_.|PASSTHROUGH)'

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Nicholas Piggin <npiggin@gmail.com>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240427155714.53669-3-philmd@linaro.org>

exec/cpu: Remove duplicated PAGE_PASSTHROUGH definition

Missed in commit 58771921af ("include/exec: Move PAGE_* macros
to common header"), PAGE_PASSTHROUGH ended being defined twice.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240427155714.53669-8-philmd@linaro.org>

exec/cpu: Remove obsolete PAGE_RESERVED definition

We stopped using the PAGE_RESERVED definition in commit
50d25c8aec ("accel/tcg: Drop PAGE_RESERVED for CONFIG_BSD").
This completes commit 2e9a5713f0 ("Remove PAGE_RESERVED").

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240427155714.53669-7-philmd@linaro.org>

exec/cpu: Rename PAGE_BITS macro to PAGE_RWX

This macro can be used to abbreviate PAGE_READ | PAGE_WRITE | PAGE_EXEC
for which PAGE_RWX is a better name and renaming it also shows it is
not related to TARGET_PAGE_BITS.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240505121008.44A0D4E602D@zero.eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

exec/cpu: Indent TARGET_PAGE_foo definitions

The TARGET_PAGE_foo definitions are defined with multiple
level of #ifdef'ry. Indent it a bit for clarity.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240427155714.53669-6-philmd@linaro.org>

Hexagon (target/hexagon) Remove hex_common.read_attribs_file

The attribinfo data structure is not used
Adjust the command-line arguments to the python scripts
Add hex_common.read_common_files for TCG/helper generation scripts

Signed-off-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240307032327.4799-10-ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>

Hexagon (target/hexagon) Remove gen_shortcode.py

This data structure is not used

Signed-off-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240307032327.4799-9-ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>

Hexagon (target/hexagon) Remove gen_op_regs.py

Signed-off-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Message-Id: <20240307032327.4799-8-ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>

Hexagon (target/hexagon) Remove uses of op_regs_generated.h.inc

Signed-off-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Message-Id: <20240307032327.4799-7-ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>

Hexagon (tests/tcg/hexagon) Test HVX .new read from high half of pair

Make sure the decoding of HVX .new is correctly handling this case

Signed-off-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Message-Id: <20240307032327.4799-6-ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>

Hexagon (target/hexagon) Mark has_pred_dest in trans functions

Check that the value matches opcode_wregs

Signed-off-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Message-Id: <20240307032327.4799-5-ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>

Hexagon (target/hexagon) Mark dest_idx in trans functions

Check that the value matches opcode_reginfo/opcode_wregs

Signed-off-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Message-Id: <20240307032327.4799-4-ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>

Hexagon (target/hexagon) Mark new_read_idx in trans functions

Check that the value matches opcode_reginfo

Signed-off-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Message-Id: <20240307032327.4799-3-ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>

Hexagon (target/hexagon) Add is_old/is_new to Register class

Signed-off-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Message-Id: <20240307032327.4799-2-ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>

Hexagon (target/hexagon) Only pass env to generated helper when needed

Currently, we pass env to every generated helper.  When the semantics of
the instruction only depend on the arguments, this is unnecessary and
adds extra overhead to the helper call.

We add the TCG_CALL_NO_RWG_SE flag to any non-HVX helpers that don't get
the ptr to env.

The A2_nop and SA1_setin1 instructions end up with no arguments.  This
results in a "old-style function definition" error from the compiler, so
we write overrides for them.

With this change, the number of helpers with env argument is
    idef-parser enabled:    329 total, 23 with env
    idef-parser disabled:   1543 total, 550 with env

Signed-off-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Anton Johansson <anjo@rev.ng>
Tested-by: Anton Johansson <anjo@rev.ng>
Message-Id: <20240214042726.19290-4-ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>

Hexagon (target/hexagon) Pass SP explicitly to helpers that need it

Rather than reading SP from the env, pass it explicitly

Signed-off-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Anton Johansson <anjo@rev.ng>
Tested-by: Anton Johansson <anjo@rev.ng>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Message-Id: <20240214042726.19290-3-ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>

Hexagon (target/hexagon) Pass P0 explicitly to helpers that need it

Rather than reading P0 from the env, pass it explicitly

Signed-off-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Anton Johansson <anjo@rev.ng>
Tested-by: Anton Johansson <anjo@rev.ng>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Message-Id: <20240214042726.19290-2-ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>

Hexagon (target/hexagon) Enable more short-circuit packets (HVX)

Look for read-after-write instead of overlap of reads and writes

HVX instructions with helpers have pass-by-reference semantics, so
we check for overlaps of reads and writes within the same instruction.

Signed-off-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Message-Id: <20240201103340.119081-4-ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>

Hexagon (target/hexagon) Enable more short-circuit packets (scalar core)

Look for read-after-write instead of overlap of reads and writes

Here is an example with overalp but no read-after-write:
0x000200fc:  0x38103876 { R0 = add(R0,R1); R6 = add(R6,R7) }

BEFORE:
---- 00000000000200fc
mov_i32 loc2,$0x0
mov_i32 loc2,r0
add_i32 loc3,loc2,r1
mov_i32 loc2,loc3
mov_i32 loc4,$0x0
mov_i32 loc4,r6
add_i32 loc5,loc4,r7
mov_i32 loc4,loc5
mov_i32 r0,loc2
mov_i32 r6,loc4

AFTER:
---- 00000000000200fc
add_i32 loc2,r0,r1
mov_i32 r0,loc2
add_i32 loc3,r6,r7
mov_i32 r6,loc3

We can also short-circuit packets with .new values by reading from the
real destination instead of the temporary.
0x00020100:  0x78005ff3 { R19 = #0xff
0x00020104:  0x2002e204 if (cmp.eq(N19.new,R2)) jump:t PC+8 }

BEFORE:
---- 0000000000020100
mov_i32 pc,$0x20108
mov_i32 loc8,$0x0
mov_i32 loc8,$0xff
setcond_i32 loc10,loc8,r2,eq
mov_i32 loc6,loc10
mov_i32 r19,loc8
add_i32 pkt_cnt,pkt_cnt,$0x2
add_i32 insn_cnt,insn_cnt,$0x4
brcond_i32 loc6,$0x0,eq,$L1
goto_tb $0x0
mov_i32 pc,$0x20108
exit_tb $0x7fbb54000040
set_label $L1
goto_tb $0x1
exit_tb $0x7fbb54000041
set_label $L0
exit_tb $0x7fbb54000043

AFTER:
---- 0000000000020100
mov_i32 pc,$0x20108
mov_i32 r19,$0xff
setcond_i32 loc7,r19,r2,eq
mov_i32 loc4,loc7
add_i32 pkt_cnt,pkt_cnt,$0x2
add_i32 insn_cnt,insn_cnt,$0x4
brcond_i32 loc4,$0x0,eq,$L1
goto_tb $0x0
mov_i32 pc,$0x20108
exit_tb $0x7f9764000040
set_label $L1
goto_tb $0x1
exit_tb $0x7f9764000041
set_label $L0
exit_tb $0x7f9764000043

Signed-off-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Message-Id: <20240201103340.119081-3-ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>

Hexagon (target/hexagon) Analyze reads before writes

We divide gen_analyze_funcs.py into 3 phases
    Declare the operands
    Analyze the register reads
    Analyze the register writes

We also create special versions of ctx_log_*_read for new operands
    Check that the operand is written before the read

This is a precursor to improving the analysis for short-circuiting
the packet semantics in a subsequent commit

Signed-off-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Message-Id: <20240201103340.119081-2-ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>

target/sparc: Split out do_ms16b

The unit operation for fmul8x16 and friends is described in the
manual as "MS16b". Split that out for clarity. Improve rounding
with an unconditional addition of 0.5 as a fixed-point integer.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240502165528.244004-8-richard.henderson@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

target/sparc: Fix FPMERGE

This instruction has f32 inputs, which changes the decode
of the register numbers.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240502165528.244004-7-richard.henderson@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

target/sparc: Fix FMULD8*X16

Not only do these instructions have f32 inputs, they also do not
perform rounding. Since these are relatively simple, implement
them properly inline.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240502165528.244004-6-richard.henderson@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

target/sparc: Fix FMUL8x16A{U,L}

These instructions have f32 inputs, which changes the decode
of the register numbers. While we're fixing things, use a
common helper for both insns, extracting the 16-bit scalar
in tcg beforehand.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240502165528.244004-5-richard.henderson@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

target/sparc: Fix FMUL8x16

This instruction has f32 as source1, which alters the
decoding of the register number, which means we've been
passing the wrong data for odd register numbers.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240502165528.244004-4-richard.henderson@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

target/sparc: Fix FEXPAND

This is a 2-operand instruction, not 3-operand.
Worse, we took the source from the wrong operand.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240502165528.244004-3-richard.henderson@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

linux-user/sparc: Add more hwcap bits for sparc64

Supply HWCAP_SPARC_V8PLUS, HWCAP_SPARC_MUL32, HWCAP_SPARC_DIV32,
HWCAP_SPARC_POPC, HWCAP_SPARC_FSMULD, HWCAP_SPARC_VIS, HWCAP_SPARC_VIS2.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240502165528.244004-2-richard.henderson@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

hw/sparc64: set iommu_platform=on for virtio devices attached to the sun4u machine

The sun4u machine has an IOMMU and therefore it is possible to program it such
that the virtio-device IOVA does not map directly to the CPU physical address.

This is not a problem with Linux which always maps the IOVA directly to the CPU
physical address, however it is required for the NetBSD virtio driver where this
is not the case.

Set the sun4u machine defaults for all virtio devices so that disable-legacy=on
and iommu_platform=on to ensure a default configuration will allow virtio
devices to function correctly on both Linux and NetBSD.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20240418205730.31396-1-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

docs/about: Deprecate the old "UltraSparc" CPU names that contain a "+"

For consistency we should drop the names with a "+" in it in the
long run.

Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240419084812.504779-5-thuth@redhat.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

docs/system/target-sparc: Improve the Sparc documentation

Add some words about how to enable or disable boolean features,
and remove the note about a Linux kernel being available on the
QEMU website (they have been removed long ago already), and the
note about NetBSD and OpenBSD still having issues (they should
work fine nowadays).

Fixes: https://gitlab.com/qemu-project/qemu/-/issues/2141
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240419084812.504779-4-thuth@redhat.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

target/sparc/cpu: Avoid spaces by default in the CPU names

The output of "-cpu help" is currently rather confusing to the users:
It might not be fully clear which part of the output defines the CPU
names since the CPU names contain white spaces (which we later have to
convert into dashes internally). At best it's at least a nuisance since
the users might need to specify the CPU names with quoting on the command
line if they are not aware of the fact that the CPU names could be written
with dashes instead. So let's finally clean up this mess by using dashes
instead of white spaces for the CPU names, like we're doing it internally
later (and like we're doing it in most other targets of QEMU).
Note that it is still possible to pass the CPU names with spaces to the
"-cpu" option, since sparc_cpu_type_name() still translates those to "-".

Fixes: https://gitlab.com/qemu-project/qemu/-/issues/2141
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20240419084812.504779-3-thuth@redhat.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

target/sparc/cpu: Rename the CPU models with a "+" in their names

Commit b447378e12 ("qom/object: Limit type names to alphanumerical ...")
cut down the amount of allowed characters for QOM types to a saner set.
The "+" character was meant to be included in this set, so we had to
add a hack there to still allow the legacy names of POWER and Sparc64
CPUs. However, instead of putting such a hack in the common QOM code,
there is a much better place to do this: The sparc_cpu_class_by_name()
function which is used to look up the names of all Sparc CPUs.
Thus let's finally get rid of the "+" in the Sparc CPU names, and provide
backward compatibility for the old names via some simple checks in the
sparc_cpu_class_by_name() function.

Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240419084812.504779-2-thuth@redhat.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

Merge tag 'pull-axp-20240504' of https://gitlab.com/rth7680/qemu into staging

target/alpha: Implement CF_PCREL

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmY2VlYdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/IxQf/UAxpxtc+glkuZ17C
# mUliqx/Vif31BuKw31GVSDENOMteD900fR8+nNGY401+2hdZxoNo2N70ZL1h9AgX
# xWVz1H33MwBXbW3lWhGSpikJ/Sd3K7dsqZpRWlr1uUEFmNXDSihKgY3JfhJ4mEsq
# 8IIITyixSiiRyl1HBgfCUqLfHkWQamHz/Tbmku9wvOZ5fYkPHV1kCmlQ8X89iB9j
# yxHW9Zcm8cShD0w4pU1HZAttHhyNZrB70ebauksAWX6QIG6fdTv+qMz9XP4FofuT
# SwLuYja3ohoTijFkC7ctA0dbsF3xwCFKES6CdP8Ne5cKHSzsrejZhh8z/0uHi+D2
# jwxnMg==
# =oK6Y
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 04 May 2024 08:37:58 AM PDT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]

* tag 'pull-axp-20240504' of https://gitlab.com/rth7680/qemu:
  target/alpha: Implement CF_PCREL
  target/alpha: Split out gen_pc_disp
  target/alpha: Split out gen_goto_tb
  target/alpha: Simplify gen_bcond_internal()
  target/alpha: Return DISAS_NORETURN once
  target/alpha: Inline DISAS_PC_UPDATED and return DISAS_NORETURN
  target/alpha: Use DISAS_NEXT definition instead of magic '0' value
  target/alpha: Hoist branch shift to initial decode
  target/alpha: Use cpu_env in preference to ALPHA_CPU

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

target/alpha: Implement CF_PCREL

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240503072014.24751-10-philmd@linaro.org>

target/alpha: Split out gen_pc_disp

Prepare for pcrel by not modifying cpu_pc before use,
in the case of JSR.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240503072014.24751-9-philmd@linaro.org>

target/alpha: Split out gen_goto_tb

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240424234436.995410-4-richard.henderson@linaro.org>
[PMD: Split bigger patch, part 5/5]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240503072014.24751-8-philmd@linaro.org>

target/alpha: Simplify gen_bcond_internal()

Richard Henderson explained on IRC:

  bcond_internal() used to insist that both branch
  destination and branch fallthrough are use_goto_tb;
  if not, we'd use movcond to compute an indirect jump.
  But it's perfectly fine for e.g. the branch fallthrough
  to use_goto_tb, and the branch destination to use
  an indirect branch.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240424234436.995410-4-richard.henderson@linaro.org>
[PMD: Split bigger patch, part 4/5]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240503072014.24751-7-philmd@linaro.org>

target/alpha: Return DISAS_NORETURN once

Trivial change to make next commits easier to understand.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240424234436.995410-4-richard.henderson@linaro.org>
[PMD: Split bigger patch, part 3/5]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240503072014.24751-6-philmd@linaro.org>

target/alpha: Inline DISAS_PC_UPDATED and return DISAS_NORETURN

Inline DISAS_PC_UPDATED switch case from alpha_tr_tb_stop():

    switch (ctx->base.is_jmp) {
    ...
    case DISAS_PC_UPDATED:
        tcg_gen_lookup_and_goto_ptr();
        break;

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240424234436.995410-4-richard.henderson@linaro.org>
[PMD: Split bigger patch, part 2/5]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240503072014.24751-5-philmd@linaro.org>