gpiodev: Add gpiobackend over GUSE

Add GUSE (FUSE based kernel module similiar to CUSE) based backend.

This allows transparent usage of Linux GPIO UAPI based tools like
in kernel tools/gpio or libgpiod.

libgpiod requires some modification to allow "/sys/class/guse" in
gpiod_check_gpiochip_device().

It requires guse module to be loaded and providing DEVICE()->id
for GPIO module, for example:

```
DEVICE(&s->gpio)->id = g_strdup("aspeed-gpio0");
```

The id should be provided to gpiodev with any `devname` that doesn't
exists in /dev:

```
-gpiodev guse,id=aspeed-gpio0,devname=gpiochip10
```

That /dev/gpiochip10 can be used in the same way we usually operate with
gpiochip's.

Link: http://git.maquefel.me/?p=qemu-gpiodev/libgpiod.git;a=shortlog;h=refs/heads/nshubin/guse-fix
Link: http://git.maquefel.me/?p=qemu-gpiodev/guse.git;a=summary
Link: http://git.maquefel.me/?p=qemu-gpiodev/libfuse.git;a=shortlog;h=refs/heads/nshubin/guse
Signed-off-by: Nikita Shubin <n.shubin@yadro.com>

hw/arm: ast2600: set id for gpio

Set device id for gpios to allow gpiodev binding.

Signed-off-by: Nikita Shubin <n.shubin@yadro.com>

hw/gpio/aspeed: Add gpiodev support

Add gpiodev support for:

- getting line info
- getting/setting lines
- monitoring line events
- monitoting config events

Binding is done via id, i.e.:

... -gpiodev chardev,id=aspeed-gpio0

Signed-off-by: Nikita Shubin <n.shubin@yadro.com>

gpiodev: Add GPIO backend over chardev

Currently based on passing linux GPIO UAPI structs over
UNIX socket.

This is more a PoC than a real application, still this is something to
start with.

Signed-off-by: Nikita Shubin <n.shubin@yadro.com>

gpiodev: Add GPIO device frontend

Add GPIO device front end with helper functions to provide information
about GPIO Port to Backends and to allow Frontend to set data.

To use it GPIO device should register with qemu_gpio_fe_init()
and provide handlers with qemu_gpio_fe_set_handlers().

Notifications about config and changed value events should be done with
qemu_gpio_fe_line_event() and qemu_gpio_fe_config_event().

Signed-off-by: Nikita Shubin <n.shubin@yadro.com>

Add gpiodev dummy

Add gpiodev stub with single help option.

Signed-off-by: Nikita Shubin <n.shubin@yadro.com>

QAPI: gpio JSON

Signed-off-by: Nikita Shubin <nshubin@yadro.com>

Interact with QEMU GPIO models via gpiodev

While vhost-user-gpio-pci is a good solution to pass gpios inside guest
it still doesn't cover the following cases:

- AFAIK the board needs to have a PCI bus;
- we add new hot-plugged gpios instead of re-using the existing ones;
- we can't connect it to existing gpio models;

This functionality is quite desired (numerous emails observed
since i released https://github.com/maquefel/virtual_gpio_basic which
is ivshmem based and have same disadvantages as above) - the ability
to manipulate existing gpios, including MMIO mmaped like
aspeed or bcm2835/bcm2838 gpios.

This becomes even more important for MCUs where virtio gpio application
is limited.

For example:

https://stackoverflow.com/questions/76834038/qemu-gpio-connect
https://stackoverflow.com/questions/60764018/how-to-connect-gpio-in-qemu-emulated-machine-to-an-object-in-host

And so on.

So the most obvious thing is to create something similar to existing
chardev, to provide common interface for models to interact with.

# QEMU GPIODEV

I propose new gpiodev, which consists of gpiodev itself, frontend
and backends just like chardev does.

It provides the abilities which mostly replicate the current
state of Linux GPIO UAPI, i.e.:

- getting GPIO chip/line info;
- monitoring line state change externally on rising/falling events;
- monitoring configuration change (output swith to input and vise-versa);
- setting/getting gpio pins;

The interface for GPIO Models is described in qemu/include/gpiodev/gpio-fe.h.

## Integrating frontend into GPIO Model

The model should provide callbacks for the following:

- LineInfoHandler to provide info aboud line specified by offset;
- LineGetValueHandler to get gpio line value specified by offset;
- LineGetValueHandler to set gpio line value specified by offset;

Also the model can notify the Gpiodev and connected back about:

- line value;
- line config;

changed by the guest witch qemu_gpio_fe_line_event()/qemu_gpio_fe_config_event().

## ASPEED

A nice choice for demonstation purpose as heavily used and, maybe,
the most full board simulation in QEMU.

It seems to have some flaws in GPIO model hovewer (not sure if it's really a flaw through).

Andrew provided some clarification on Linux driver implementation, and
agreed that it might be a bug in QEMU model.

First write to pin has no effect to gpiomon/gpio-event-mon as direction is set AFTER pin value
which results in qemu_gpio_fe_line_event() not called in aspeed_gpio_update(),
so qemu_set_irq() won't be called for the same reason by the way.

```
aspeed # gpioset 0 8=1
aspeed_gpio_write offset: 0x1c value 0x100
aspeed_gpio_write offset: 0x0 value 0x100       <-- VALUE
aspeed_gpio_write offset: 0x4 value 0x100       <-- DIRECTION
```

Also ast2600 machine was modified to set DEVICE()->id for gpios, as ASPEED gpio relies
on this to connect to gpiodev.

# BACKENDS

## CHARDEV

A simple backend over any chadev transport, while this solution seems good at first glance,
it lacks solid protocol (currently used Linux GPIO UAPI structs) and I couldn't find any
suitable/standardized solution, something like MOXA uses for ioLogik devices for example.
So using this backend requires specials tools like qemu-gpio-tools (just Linux gpio tools
with some modification for demo purpose).

I someone can propose a ready protocol or an idea please do so.

Some demo interacting with ASPEED:

```
host $ build-qemu/qemu-system-arm -M ast2600-evb,bmc-console=uart5 -kernel buildroot/output/build/linux-6.6.14/arch/arm/boot/zImage \
-dtb buildroot/output/build/linux-6.6.14/arch/arm/boot/dts/aspeed/aspeed-ast2600-evb.dtb \
-initrd buildroot/output/images/rootfs.cpio -nographic -serial mon:stdio \
-gpiodev chardev,id=aspeed-gpio0,chardev=gpio0 -chardev socket,path=/tmp/gpio0,id=gpio0,server=on,wait=off
```

```
host $ qemu-gpio-tools/lsgpio -n /tmp/gpio0
sending 0x8044b401
GPIO chip: aspeed-gpio0, "ASPEED GPIO", 208 GPIO lines
        line  0: "gpioA0" unused [input]
        line  1: "gpioA1" unused [input]
        line  2: "gpioA2" unused [input]
        line  3: "gpioA3" unused [input]
        line  4: "gpioA4" unused [input]
        line  5: "gpioA5" unused [input]
        line  6: "gpioA6" unused [input]
        line  7: "gpioA7" unused [input]
        line  8: "gpioB0" unused [input]
[...]
        line 200: "gpioZ0" unused [input]
        line 201: "gpioZ1" unused [input]
        line 202: "gpioZ2" unused [input]
        line 203: "gpioZ3" unused [input]
        line 204: "gpioZ4" unused [input]
        line 205: "gpioZ5" unused [input]
        line 206: "gpioZ6" unused [input]
        line 207: "gpioZ7" unused [input]
```

## GUSE

I did some experiments with CUSE, but it lacks the most important functionality,
creating new file descriptors (creating new file could also do). While it's quite simple
to implement something like sysfs GPIO i don't think it's a good solution (hehehehehe, Bartosz and Linus i hope you appreciate this),
so i decided to make something similiar to CUSE.

The price is high:

- a kernel module (also kernel modifitions are also required to make it pretty - export fuse_mknod function for example);
- new guse bindings for libfuse;
- libgpiod modification (a small one to allow "/sys/class/guse" in gpiod_check_gpiochip_device());
- and the QEMU of course;

But i was obsessed with the idea of using the same tools like in Linux (libgpiod for example ;)),
and still it was a fun thing to do.

With this we can have a FULL support of Linux GPIO UAPI.

Module ony test with 6.11.*, v6.13.*+ (pages replaced with folio) under KSAN, kmemleak.

```
$ sudo insmod guse/guse.ko
```

```
sudo build-qemu/qemu-system-arm -M ast2600-evb,bmc-console=uart5 -kernel buildroot/output/build/linux-6.6.14/arch/arm/boot/zImage \
-dtb buildroot/output/build/linux-6.6.14/arch/arm/boot/dts/aspeed/aspeed-ast2600-evb.dtb \
-initrd buildroot/output/images/rootfs.cpio -nographic -serial mon:stdio -gpiodev guse,id=aspeed-gpio0,devname=gpiochip10
```

```
aspeed # gpioset 0 8=1
aspeed # gpioget 0 8
```

```
host $ sudo libgpiod/tools/gpionotify -c 10 8
1741686422.149345616    reconfigured    aspeed-gpio0 8
1741686430.466103054    reconfigured    aspeed-gpio0 8
```

```
aspeed # gpioset 0 8=1
aspeed # gpioset 0 8=0
```

```
$ sudo libgpiod/tools/gpiomon -c 10 8
1741687220.025006346    rising  aspeed-gpio0 8
1741687222.634353601    falling aspeed-gpio0 8
```

## GPIOSIM

gpio-sim also can serve as a backend, but the only thing we can get from
it is monitoring lines set by QEMU guest. So i didn't bother
implementing it yet.

I prepare a suite with whing nessary if someone wants to test/tinker
with current series:

Link: git://git.maquefel.me/qemu-gpiodev/qemu-guse-suite.git

Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Bartosz Golaszewski <brgl@bgdev.pl>
Cc: "Enrico Weigelt, metux IT consult" <info@metux.net>
Cc: Viresh Kumar <vireshk@kernel.org>
To: qemu-devel@nongnu.org
Cc: Eric Blake <eblake@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Daniel P. Berrangé <berrange@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@linaro.org>
Cc: Eduardo Habkost <eduardo@habkost.net>
Cc: Cédric Le Goater <clg@kaod.org>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Steven Lee <steven_lee@aspeedtech.com>
Cc: Troy Lee <leetroy@gmail.com>
Cc: Jamin Lin <jamin_lin@aspeedtech.com>
Cc: Andrew Jeffery <andrew@codeconstruct.com.au>
Cc: Joel Stanley <joel@jms.id.au>
Cc: qemu-arm@nongnu.org
Cc: Nikita Shubin <nikita.shubin@maquefel.me>
Signed-off-by: Nikita Shubin <n.shubin@yadro.com>
---
Changes in v2:
- EDITME: describe what is new in this series revision.
- EDITME: use bulletpoints and terse descriptions.
- Link to v1: https://lore.kernel.org/qemu-devel/20250319-gpiodev-v1-0-76da4e5800a1@yadro.com

--- b4-submit-tracking ---
# This section is used internally by b4 prep for tracking purposes.
{
  "series": {
    "revision": 2,
    "change-id": "20250313-gpiodev-d24e6d9be90d",
    "prefixes": [
      "PoC"
    ],
    "history": {
      "v1": [
        "20250319-gpiodev-v1-0-76da4e5800a1@yadro.com"
      ]
    }
  }
}

Merge tag 'accel-cpus-20250306' of https://github.com/philmd/qemu into staging

Generic CPUs / accelerators patch queue

- Merge "qemu/clang-tsa.h" within "qemu/compiler.h"
- Various cleanups around accelerators initialization code
  (better user/system split)
- Various trivial cleanups in accel/tcg/,
  Guard few TCG calls with tcg_enabled()
- Explicit disassemble_info endianness
- Improve dual-endianness support for MicroBlaze

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmfJw08ACgkQ4+MsLN6t
# wN70whAAtfcdWtqseFfb6fvDtjflgxN51Ui0iaOECXUA18USKriGy34eBcMYMiM2
# +eKgU7+jI6JGE4+burcgWUsPpFFF951/A8+lyIbFgO5yToTDmC+qNe4XfmMAIyXq
# uf9Obr2c0Xk9luh4odb+jPAQodw/7G1fKgcCVIJNDCl/xEcPhS9eNpTaHwcVnkWI
# K6KrxWXOsqG6+evJBPWYoXtOOyt0+JcwAsJoGhprwtGm3P9+jSVXsgeGsJVyZcna
# f32JtjWL754O8XeMkOn4x6rt58VrCIMKI9xT7keDyuhTCq0Zki9RO2nMU2dSw5mN
# AfL9hxqUy0Nijnyslg3ugujDfTePsNyLdwwH7n0mnoD72ELi6WnhDsmOThuEB3Rd
# 4/kdwTJfA/rlWk/GF1tbKW7AvQZokRARtzmL3V0HmGJu57lX+2JuszEdYBkqDEP7
# GH1I10B2yANUm+C9y3X8qWOU7Ws433ebJeJoZuyfnbZ9Me+UfRmql/oS+V8ata2i
# fArEItpldUFrWRyYLkTbXrh2dgyV9yJTEir/lzOzeAZZzyabTbjf2z9qnh976GGO
# 1QnDy5QA4f54kDBUZe7JK26TZsHPch7cgqXW6f8tRlJF7A9hxGK8d2TUV/lC3/vx
# LUOlWNu03PhiruYmZEcWOsY3Jt9jRCF6lIryrnaJsqnVOVmMUMM=
# =3TRh
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 06 Mar 2025 23:46:23 HKT
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* tag 'accel-cpus-20250306' of https://github.com/philmd/qemu: (54 commits)
  include: Poison TARGET_PHYS_ADDR_SPACE_BITS definition
  system: Open-code qemu_init_arch_modules() using target_name()
  target/i386: Mark WHPX APIC region as little-endian
  target/alpha: Do not mix exception flags and FPCR bits
  target/riscv: Convert misa_mxl_max using GLib macros
  target/riscv: Declare RISCVCPUClass::misa_mxl_max as RISCVMXL
  target/xtensa: Finalize config in xtensa_register_core()
  target/sparc: Constify SPARCCPUClass::cpu_def
  target/i386: Constify X86CPUModel uses
  disas: Remove target_words_bigendian() call in initialize_debug_target()
  target/xtensa: Set disassemble_info::endian value in disas_set_info()
  target/sh4: Set disassemble_info::endian value in disas_set_info()
  target/riscv: Set disassemble_info::endian value in disas_set_info()
  target/ppc: Set disassemble_info::endian value in disas_set_info()
  target/mips: Set disassemble_info::endian value in disas_set_info()
  target/microblaze: Set disassemble_info::endian value in disas_set_info
  target/arm: Set disassemble_info::endian value in disas_set_info()
  target: Set disassemble_info::endian value for big-endian targets
  target: Set disassemble_info::endian value for little-endian targets
  target/mips: Fix possible MSA int overflow
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge tag 'pull-vfio-20250306' of https://github.com/legoater/qemu into staging

vfio queue:

* Added property documentation
* Added Minor fixes
* Implemented basic PCI PM capability backing
* Promoted new IGD maintainer
* Deprecated vfio-plaform
* Extended VFIO migration with multifd support

# -----BEGIN PGP SIGNATURE-----
#
# iQIyBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmfJrZoACgkQUaNDx8/7
# 7KFE2A/0Dmief9u/dDJIKGIDa+iawcf4hu8iX4v5pB0DlGniT3rgK8WMGnhDpPxq
# Q4wsKfo+JJ2q6msInrT7Ckqyydu9nQztI3vwmfMuWxLhTMyH28K96ptwPqIZBjOx
# rPTEXfnVX4W3tpn1+48S+vefWVa/gkBkIvv7RpK18rMBXv1kDeyOvc/d2dbAt7ft
# zJc4f8gH3jfQzGwmnYVZU1yPrZN7p6zhYR/AD3RQOY97swgZIEyYxXhOuTPiCuEC
# zC+2AMKi9nmnCG6x/mnk7l2yJXSlv7lJdqcjYZhJ9EOIYfiUGTREYIgQbARcafE/
# 4KSg2QR35BoUd4YrmEWxXJCRf3XnyWXDY36dDKVhC0OHng1F/U44HuL4QxwoTIay
# s1SP/DHcvDiPAewVTvdgt7Iwfn9xGhcQO2pkrxBoNLB5JYwW+R6mG7WXeDv1o3GT
# QosTu1fXZezQqFd4v6+q5iRNS2KtBZLTspwAmVdywEFUs+ZLBRlC+bodYlinZw6B
# Yl/z0LfAEh4J55QmX2espbp8MH1+mALuW2H2tgSGSrTBX1nwxZFI5veFzPepgF2S
# eTx69BMjiNMwzIjq1T7e9NpDCceiW0fXDu7IK1MzYhqg1nM9lX9AidhFTeiF2DB2
# EPb3ljy/8fyxcPKa1T9X47hQaSjbMwofaO8Snoh0q0jokY246Q==
# =hIBw
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 06 Mar 2025 22:13:46 HKT
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@redhat.com>" [full]
# gpg:                 aka "Cédric Le Goater <clg@kaod.org>" [full]
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B  0B60 51A3 43C7 CFFB ECA1

* tag 'pull-vfio-20250306' of https://github.com/legoater/qemu: (42 commits)
  hw/core/machine: Add compat for x-migration-multifd-transfer VFIO property
  vfio/migration: Make x-migration-multifd-transfer VFIO property mutable
  vfio/migration: Add x-migration-multifd-transfer VFIO property
  vfio/migration: Multifd device state transfer support - send side
  vfio/migration: Multifd device state transfer support - config loading support
  migration/qemu-file: Define g_autoptr() cleanup function for QEMUFile
  vfio/migration: Multifd device state transfer support - load thread
  vfio/migration: Multifd device state transfer support - received buffers queuing
  vfio/migration: Setup and cleanup multifd transfer in these general methods
  vfio/migration: Multifd setup/cleanup functions and associated VFIOMultifd
  vfio/migration: Multifd device state transfer - add support checking function
  vfio/migration: Multifd device state transfer support - basic types
  vfio/migration: Move migration channel flags to vfio-common.h header file
  vfio/migration: Add vfio_add_bytes_transferred()
  vfio/migration: Convert bytes_transferred counter to atomic
  vfio/migration: Add load_device_config_state_start trace event
  migration: Add save_live_complete_precopy_thread handler
  migration/multifd: Add multifd_device_state_supported()
  migration/multifd: Make MultiFDSendData a struct
  migration/multifd: Device state transfer support - send side
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge tag 'pull-qapi-2025-03-06' of https://repo.or.cz/qemu/armbru into staging

QAPI patches patches for 2025-03-06

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmfJa/4SHGFybWJydUBy
# ZWRoYXQuY29tAAoJEDhwtADrkYZTOnsP/3DE/9D1JVBbAEU3i1qc5qvZXFLtQykh
# mqMptxOrQ1KQm0abgXv8gS4rd++RycS+48fqnLWdxNYCbW5YEH9a2hlPefrhHRQS
# GF4eMvJIECFXFyLWLO9aHDdUQc1fng8QDn8DFGkHaO3veGADJsX0HKGWit0vVc5k
# uL61XOAd/Iu2z4BcgpdL29FEnlumIpDe8m8yyQcCLQ6EE7/FNSKPr1MSglk1Ky/1
# bwb+HK6nE5+6LznGimpcQhgh0CWv+hECPpmEy90iRMUSmEv2f0bB69e7pTFqOP9g
# 9Vm07NEA93K/oCFDa79MK606n/sPQAn2bfr0aCCw4r3FKtvqe4+/RSSE4J/4/nlJ
# rYn+RkKbgRKmuTqSlWwuBa8/THpPFzX6IO1LiAP5b4LR1IZd9YuBa3alc6xMehMF
# iZ4tUFsUxjIMLxpcYY/yjEruqFutkig6nzCqxfHT7DplKNX6Ow3mv0fC+raC1jvv
# Mdy5Cb6vZa1Ho9JvBLVmn8ASeDBYMqdTohB4QqgJWciLdeFCJxmGk3MgIgDRksSL
# abSTqPKjott7K1CQPio/imkT4o4ulXTi0jWtb4eLnER/f7T14npr9+w4UK4iBXyd
# pqq/++hgCFDGuQjzn9WWkbyYHhCCmMkf5WMn6Ycc+HIZvuOULUU+y5Ed01gufgb8
# pWpLO2IPupbp
# =VfRB
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 06 Mar 2025 17:33:50 HKT
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* tag 'pull-qapi-2025-03-06' of https://repo.or.cz/qemu/armbru:
  docs/devel/qapi-code-gen: Discourage use of 'prefix'
  qdev: Improve a few more PropertyInfo @description members
  qdev: Improve PropertyInfo member @description for enum properties
  qdev: Change values of PropertyInfo member @type to be QAPI types
  qdev: Rename PropertyInfo member @name to @type
  qdev: Change qdev_prop_pci_devfn member @name from "int32" to "str"
  qdev: Delete unused qdev_prop_enum
  qapi/introspect: Use @dataclass to simplify
  qapi: Eliminate OrderedDict
  docs/about/build-platforms: Correct minimum supported Python version

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging

Pull request

QED need_check_timer use-after-free fix

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmfJBosACgkQnKSrs4Gr
# c8jHqQgAwyTkGTir9tMx0WJ854+Ci2utk1Q+TbTUh5TRk8DHuDWXiSQlaAk67prR
# a0DXxxsNBzYzaPUhjYOBmWC2MpRylehSo/owep/MCr83an1k7rBPi+VFgRzBcRpX
# 9kigtyoQF5RgIprEf9NjjXeVX7vvom3VemxEQFPlRorzd+JSc4KiYcpVsLFnDWjW
# Cs0pFsEYW40s+BQijVXuVA//N5TuHrHbEKU12SkiliDxDr+OsmtzRi1XFqcGyN2N
# OjHMXSyQoTYPuBet7Bs2607QD/tO8PUyUTkS5MHImo8mXN9BV8fBKnYnSCilQm4P
# RjWCzcgapGLgbHDfdCxsdgkWJmfRLw==
# =reT5
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 06 Mar 2025 10:20:59 HKT
# gpg:                using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [ultimate]
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>" [ultimate]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* tag 'block-pull-request' of https://gitlab.com/stefanha/qemu:
  block/qed: fix use-after-free by nullifying timer pointer after free

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge tag 'pull-nbd-2025-03-05' of https://repo.or.cz/qemu/ericb into staging

NBD patches for 2025-03-05

- Several iotest fixes
- Refactor QMP for NbdServerOptions for less repetition
- Avoid a hang in 'qemu-nbd --fork' when simple trace backend is enabled

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAmfI2I0ACgkQp6FrSiUn
# Q2pMWQf/ZNnuLC5O5W4Yiyki7mYjN3Izve5+xgM/gNv9uTrHmYXogYzswpYz1USo
# aU1i/EFLJ5K7ImefQYBvySox+opwFs63xPscI/liwrKu54csp1rYGNg3hjKYaZCc
# ukR5tB4bRQ2/JXNo0JueiocMZLyC5fZRUt9Z423D3ReHCtEJof0v1rTL2r7mzGJg
# EdaRSGr0s592rFjWLwwvWWun5f0mEAFXM2YvZRRLE7M+x2XJeAR4F400GfvSMDNo
# chGX41QKhmCYTMI5Shc/mX+5hMllEt/TyYBJUUk0cslJriVnNDV5VTFf184BmH5s
# tqiUtzJubxt8/Wtpg6OV9RPAzVmr1g==
# =NO+l
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 06 Mar 2025 07:04:45 HKT
# gpg:                using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg:                 aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg:                 aka "[jpeg image of size 6874]" [full]
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2  F3AA A7A1 6B4A 2527 436A

* tag 'pull-nbd-2025-03-05' of https://repo.or.cz/qemu/ericb:
  nbd: Defer trace init until after daemonization
  qapi: merge common parts of NbdServerOptions and nbd-server-start data
  iotests: Stop NBD server in test 162 before starting the next one
  iotest: Unbreak 302 with python 3.13

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

include: Poison TARGET_PHYS_ADDR_SPACE_BITS definition

Ensure common code never use this target specific definition.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250305153929.43687-4-philmd@linaro.org>

system: Open-code qemu_init_arch_modules() using target_name()

Mostly revert commit c80cafa0c73 ("system: Add qemu_init_arch_modules")
but using target_name() instead of the target specific 'TARGET_NAME'
definition.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250305005225.95051-3-philmd@linaro.org>

target/i386: Mark WHPX APIC region as little-endian

This device is only used by the x86 targets, which are only
built as little-endian. Therefore the DEVICE_NATIVE_ENDIAN
definition expand to DEVICE_LITTLE_ENDIAN (besides, the
DEVICE_BIG_ENDIAN case isn't tested). Simplify directly
using DEVICE_LITTLE_ENDIAN.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250212113938.38692-6-philmd@linaro.org>

target/alpha: Do not mix exception flags and FPCR bits

get_float_exception_flags() returns exception flags,
which are distinct from the FPCR bits used as error code.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250211162604.83446-1-philmd@linaro.org>

target/riscv: Convert misa_mxl_max using GLib macros

Use GLib conversion macros to pass misa_mxl_max as
riscv_cpu_class_init() class data.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250210133134.90879-6-philmd@linaro.org>

target/riscv: Declare RISCVCPUClass::misa_mxl_max as RISCVMXL

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250210133134.90879-5-philmd@linaro.org>

target/xtensa: Finalize config in xtensa_register_core()

Make XtensaConfigList::config not const. Only modify
XtensaConfig within xtensa_register_core(), when the
class is registered, not when it is initialized.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Message-Id: <20250210133134.90879-4-philmd@linaro.org>

target/sparc: Constify SPARCCPUClass::cpu_def

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250210133134.90879-3-philmd@linaro.org>

target/i386: Constify X86CPUModel uses

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250210133134.90879-2-philmd@linaro.org>

disas: Remove target_words_bigendian() call in initialize_debug_target()

All CPUClass implementating disas_set_info() must set the
disassemble_info::endian value.

Ensure that by setting %endian to BFD_ENDIAN_UNKNOWN before
calling the CPUClass::disas_set_info() handler, then asserting
%endian is not BFD_ENDIAN_UNKNOWN after the call.

This allows removing the target_words_bigendian() call in disas/.

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20250210212931.62401-11-philmd@linaro.org>

target/xtensa: Set disassemble_info::endian value in disas_set_info()

Have the CPUClass::disas_set_info() callback set the
disassemble_info::endian field.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250210212931.62401-10-philmd@linaro.org>

target/sh4: Set disassemble_info::endian value in disas_set_info()

Have the CPUClass::disas_set_info() callback set the
disassemble_info::endian field.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250210212931.62401-9-philmd@linaro.org>

target/riscv: Set disassemble_info::endian value in disas_set_info()

Have the CPUClass::disas_set_info() callback set the
disassemble_info::endian field.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250210212931.62401-8-philmd@linaro.org>

target/ppc: Set disassemble_info::endian value in disas_set_info()

Have the CPUClass::disas_set_info() callback always set\
the disassemble_info::endian field.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250210212931.62401-7-philmd@linaro.org>

target/mips: Set disassemble_info::endian value in disas_set_info()

Have the CPUClass::disas_set_info() callback set the
disassemble_info::endian field.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250210212931.62401-6-philmd@linaro.org>

target/microblaze: Set disassemble_info::endian value in disas_set_info

Have the CPUClass::disas_set_info() callback set the
disassemble_info::endian field.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250210212931.62401-5-philmd@linaro.org>

target/arm: Set disassemble_info::endian value in disas_set_info()

Have the CPUClass::disas_set_info() callback set the
disassemble_info::endian field.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250210212931.62401-4-philmd@linaro.org>

target: Set disassemble_info::endian value for big-endian targets

Have the CPUClass::disas_set_info() callback set the
disassemble_info::endian field for big-endian targets.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250210212931.62401-3-philmd@linaro.org>

target: Set disassemble_info::endian value for little-endian targets

Have the CPUClass::disas_set_info() callback set the
disassemble_info::endian field for little-endian targets.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250210212931.62401-2-philmd@linaro.org>

target/mips: Fix possible MSA int overflow

Fix possible overflow in 1 << (DF_BITS(df) - 2) when DF_BITS(df)
is 64 by using a 64-bit integer for the shift operation.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Reported-by: Dmitriy Fedin <d.fedin@fobos-nt.ru>
Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-ID: <20250124122707.54264-1-gerben@altlinux.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

target/tricore: Ensure not being build on user emulation

Currently only system emulation is supported.
Assert no target code is built for user emulation.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250121142341.17001-4-philmd@linaro.org>

target/rx: Ensure not being build on user emulation

Currently only system emulation is supported.
Assert no target code is built for user emulation.
Remove #ifdef'ry since more work is required before
being able to emulate a user process.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250121142341.17001-3-philmd@linaro.org>

target/hexagon: Ensure not being build on system emulation

Currently only user emulation is supported.
Assert no target code is built for system emulation.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Brian Cain <brian.cain@oss.qualcomm.com>
Message-Id: <20250121142341.17001-2-philmd@linaro.org>

target/openrisc: Call cpu_openrisc_clock_init() in cpu_realize()

OpenRISC timer is architecturally tied to the CPU.

It doesn't belong to the machine init() code to
instanciate it: move its creation when a vCPU is
realized (after being created).

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250114231304.77150-1-philmd@linaro.org>

target/i386/hvf: Variable type fixup in decoder

decode_bytes reads 1, 2, 4, or 8 bytes at a time. The destination
variable should therefore be a uint64_t, not a target_ulong.

Signed-off-by: Phil Dennis-Jordan <phil@philjordan.eu>
Fixes: ff2de1668c9 ("i386: hvf: remove addr_t")
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20241209203629.74436-9-phil@philjordan.eu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

target/microblaze: Consider endianness while translating code

Consider the CPU ENDI bit, swap instructions when the CPU
endianness doesn't match the binary one.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20241105130431.22564-17-philmd@linaro.org>

target/microblaze: Introduce mo_endian() helper

mo_endian() returns the target endianness, currently static.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20241105130431.22564-16-philmd@linaro.org>

target/microblaze: Set MO_TE once in do_load() / do_store()

All callers of do_load() / do_store() set MO_TE flag.
Set it once in the callees.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20241105130431.22564-15-philmd@linaro.org>

target/microblaze: Explode MO_TExx -> MO_TE | MO_xx

Extract the implicit MO_TE definition in order to replace
it by runtime variable in the next commit.

Mechanical change using:

  $ for n in UW UL UQ UO SW SL SQ; do \
      sed -i -e "s/MO_TE$n/MO_TE | MO_$n/" \
           $(git grep -l MO_TE$n target/microblaze); \
    done

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20241105130431.22564-14-philmd@linaro.org>

hw/core/generic-loader: Do not open-code cpu_set_pc()

Directly call cpu_set_pc() instead of open-coding it.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250122093028.52416-2-philmd@linaro.org>

cpus: Restrict cpu_get_memory_mapping() to system emulation

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250121142341.17001-5-philmd@linaro.org>

cpus: Have cpu_exec_initfn() per user / system emulation

Slighly simplify cpu-target.c again by extracting cpu_exec_initfn()
to cpu-{system,user}.c, adding an empty stub for user emulation.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250123234415.59850-19-philmd@linaro.org>

cpus: Have cpu_class_init_props() per user / system emulation

Rather than maintaining a mix of system / user code for CPU
class properties, move system properties to cpu-system.c
and user ones to the new cpu-user.c unit.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250123234415.59850-18-philmd@linaro.org>

cpus: Restrict cpu_common_post_load() code to TCG

CPU_INTERRUPT_EXIT was removed in commit 3098dba01c7
("Use a dedicated function to request exit from execution
loop"), tlb_flush() and tb_flush() are related to TCG
accelerator.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250123234415.59850-17-philmd@linaro.org>

cpus: Fix style in cpu-target.c

Fix style on code we are going to modify.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250123234415.59850-16-philmd@linaro.org>

accel/kvm: Remove unused 'system/cpus.h' header in kvm-cpus.h

Missed in commit b86f59c7155 ("accel: replace struct CpusAccel
with AccelOpsClass") which removed the single CpusAccel use.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250123234415.59850-7-philmd@linaro.org>

accel/tcg: Move cpu_memory_rw_debug() user implementation to user-exec.c

cpu_memory_rw_debug() system implementation is defined in
system/physmem.c. Move the user one to accel/tcg/user-exec.c
to simplify cpu-target.c maintenance.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250217130610.18313-6-philmd@linaro.org>

accel/tcg: Avoid using lock_user() in cpu_memory_rw_debug()

We checked the page flags with page_get_flags(), so
locking the page is superfluous. Remove the lock_user()
calls and directly use g2h() in place.

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250217130610.18313-5-philmd@linaro.org>

accel/tcg: Take mmap lock in the whole cpu_memory_rw_debug() function

Simplify user implementation of cpu_memory_rw_debug() by
taking the mmap lock globally. See commit 87ab2704296
("linux-user: Allow gdbstub to ignore page protection")
for why this lock is necessary.

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250217130610.18313-4-philmd@linaro.org>

accel/tcg: Include missing bswap headers in user-exec.c

Commit 35c653c4029 ("tcg: Add 128-bit guest memory
primitives") introduced the use of bswap128() which is
declared in "qemu/int128.h", commit de95016dfbf ("accel/tcg:
Implement helper_{ld,st}*_mmu for user-only") introduced the
other bswap*() uses, which are declared in "qemu/bswap.h".
Include the missing headers.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250217130610.18313-3-philmd@linaro.org>

accel/accel-cpu-target.h: Include missing 'cpu.h' header

CPU_RESOLVING_TYPE is declared per target in "cpu.h". Include
it (along with "qom/object.h") to avoid when moving code around:

  include/accel/accel-cpu-target.h:26:50: error: expected ')'
     26 | DECLARE_CLASS_CHECKERS(AccelCPUClass, ACCEL_CPU, TYPE_ACCEL_CPU)
        |                                                  ^
  include/accel/accel-cpu-target.h:23:33: note: expanded from macro 'TYPE_ACCEL_CPU'
     23 | #define TYPE_ACCEL_CPU "accel-" CPU_RESOLVING_TYPE
        |                                 ^
  include/accel/accel-cpu-target.h:26:1: note: to match this '('
     26 | DECLARE_CLASS_CHECKERS(AccelCPUClass, ACCEL_CPU, TYPE_ACCEL_CPU)
        | ^
  include/qom/object.h:196:14: note: expanded from macro 'DECLARE_CLASS_CHECKERS'
    196 |     { return OBJECT_GET_CLASS(ClassType, obj, TYPENAME); } \
        |              ^
  include/qom/object.h:558:5: note: expanded from macro 'OBJECT_GET_CLASS'
    558 |     OBJECT_CLASS_CHECK(class, object_get_class(OBJECT(obj)), name)
        |     ^
  include/qom/object.h:544:74: note: expanded from macro 'OBJECT_CLASS_CHECK'
    544 |     ((class_type *)object_class_dynamic_cast_assert(OBJECT_CLASS(class), (name), \
        |                                                                          ^

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250123234415.59850-13-philmd@linaro.org>

accel: Forward-declare AccelOpsClass in 'qemu/typedefs.h'

The heavily imported "system/cpus.h" header includes "accel-ops.h"
to get AccelOpsClass type declaration. Reduce headers pressure by
forward declaring it in "qemu/typedefs.h", where we already
declare the AccelCPUState type.

Reduce "system/cpus.h" inclusions by only including
"system/accel-ops.h" when necessary.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250123234415.59850-14-philmd@linaro.org>

accel: Rename 'hw/core/accel-cpu.h' -> 'accel/accel-cpu-target.h'

AccelCPUClass is for accelerator to initialize target specific
features of a vCPU. Not really related to hardware emulation,
rename "hw/core/accel-cpu.h" as "accel/accel-cpu-target.h"
(using the explicit -target suffix).

More importantly, target specific header often access the
target specific definitions which are in each target/FOO/cpu.h
header, usually included generically as "cpu.h" relative to
target/FOO/. However, there is already a "cpu.h" in hw/core/
which takes precedence. This change allows "accel-cpu-target.h"
to include a target "cpu.h".

Mechanical change doing:

 $  git mv include/hw/core/accel-cpu.h \
           include/accel/accel-cpu-target.h
 $  sed -i -e 's,hw/core/accel-cpu.h,accel/accel-cpu-target.h,' \
   $(git grep -l hw/core/accel-cpu.h)

and renaming header guard 'ACCEL_CPU_TARGET_H'.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250123234415.59850-12-philmd@linaro.org>

accel/tcg: Rename 'hw/core/tcg-cpu-ops.h' -> 'accel/tcg/cpu-ops.h'

TCGCPUOps structure makes more sense in the accelerator context
rather than hardware emulation. Move it under the accel/tcg/ scope.

Mechanical change doing:

 $  sed -i -e 's,hw/core/tcg-cpu-ops.h,accel/tcg/cpu-ops.h,g' \
   $(git grep -l hw/core/tcg-cpu-ops.h)

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250123234415.59850-11-philmd@linaro.org>

accel/tcg: Restrict 'icount_align_option' global to TCG

Since commit 740b1759734 ("cpu-timers, icount: new modules")
we don't need to expose icount_align_option to all the
system code, we can restrict it to TCG. Since it is used as
a boolean, declare it as 'bool' type.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250123234415.59850-10-philmd@linaro.org>

accel/tcg: Restrict tlb_init() / destroy() to TCG

Move CPU TLB related methods to accel/tcg/ scope,
in "internal-common.h".

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250123234415.59850-9-philmd@linaro.org>

accel/tcg: Build tcg_flags helpers as common code

While cpu-exec.c is build for each target,tcg_flags helpers
aren't target specific. Move them to cpu-exec-common.c to
build them once.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250123234415.59850-8-philmd@linaro.org>

accel/tcg: Remove pointless initialization of cflags_next_tb

cflags_next_tb is always re-initialized in the CPU Reset()
handler in cpu_common_reset_hold(), no need to initialize
it in cpu_common_initfn().

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240427155714.53669-13-philmd@linaro.org>

accel/accel: Make TYPE_ACCEL abstract

There is no generic acceleration, we have to use specific
implementations. Make the base class abstract.

Fixes: b14a0b7469fa ("accel: Use QOM classes for accel types")
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200129212345.20547-3-philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

cpus: Keep default fields initialization in cpu_common_initfn()

cpu_common_initfn() is our target agnostic initializer,
while cpu_exec_initfn() is the target specific one.

The %as and %num_ases fields are not target specific,
so initialize them in the common helper.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250123234415.59850-6-philmd@linaro.org>

cpus: Cache CPUClass early in instance_init() handler

Cache CPUClass as early as possible, when the instance
is initialized.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250123234415.59850-5-philmd@linaro.org>

gdbstub: Check for TCG before calling tb_flush()

Use the tcg_enabled() check so the compiler can elide
the call when TCG isn't available, allowing to remove
the tb_flush() stub.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250123234415.59850-4-philmd@linaro.org>

gdbstub: Clarify no more than @gdb_num_core_regs can be accessed

Both CPUClass::gdb_read_register() and CPUClass::gdb_write_register()
handlers are called from common gdbstub code, and won't be called with
register index over CPUClass::gdb_num_core_regs:

  int gdb_read_register(CPUState *cpu, GByteArray *buf, int reg)
  {
      CPUClass *cc = CPU_GET_CLASS(cpu);

      if (reg < cc->gdb_num_core_regs) {
          return cc->gdb_read_register(cpu, buf, reg);
      }
      ...
  }

  static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
  {
      CPUClass *cc = CPU_GET_CLASS(cpu);

      if (reg < cc->gdb_num_core_regs) {
          return cc->gdb_write_register(cpu, mem_buf, reg);
      }
      ...
  }

Clarify that in CPUClass docstring, and remove unreachable code on
the microblaze and openrisc implementations.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250122093028.52416-3-philmd@linaro.org>

qemu/compiler: Absorb 'clang-tsa.h'

We already have "qemu/compiler.h" for compiler-specific arrangements,
automatically included by "qemu/osdep.h" for each source file. No
need to explicitly include a header for a Clang particularity.

Suggested-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250117170201.91182-1-philmd@linaro.org>

docs/devel/qapi-code-gen: Discourage use of 'prefix'

QAPI's 'prefix' feature can make the connection between enumeration
type and its constants less than obvious.  It's best used with
restraint.  Commit 7bbadc60b5..64f5e9db77 eliminated most uses.
Discourage new ones.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250228134335.132278-1-armbru@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

qdev: Improve a few more PropertyInfo @description members

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250227085601.4140852-7-armbru@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

qdev: Improve PropertyInfo member @description for enum properties

Consistently use format "DESCRIPTION (VALUE/VALUE...)".

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250227085601.4140852-6-armbru@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

qdev: Change values of PropertyInfo member @type to be QAPI types

PropertyInfo member @type is externally visible via QMP
device-list-properties and qom-list-properies.

Its meaning is not documented at its definition.

It gets passed as @type argument to object_property_add() and
object_class_property_add().  This argument's documentation isn't of
much help, either:

 * @type: the type name of the property.  This namespace is pretty loosely
 *   defined.  Sub namespaces are constructed by using a prefix and then
 *   to angle brackets.  For instance, the type 'virtio-net-pci' in the
 *   'link' namespace would be 'link<virtio-net-pci>'.

The two QMP commands document it as

 # @type: the type of the property.  This will typically come in one of
 #     four forms:
 #
 #     1) A primitive type such as 'u8', 'u16', 'bool', 'str', or
 #        'double'.  These types are mapped to the appropriate JSON
 #        type.
 #
 #     2) A child type in the form 'child<subtype>' where subtype is a
 #        qdev device type name.  Child properties create the
 #        composition tree.
 #
 #     3) A link type in the form 'link<subtype>' where subtype is a
 #        qdev device type name.  Link properties form the device model
 #        graph.

"Typically come in one of four forms" followed by three items inspires
the level of trust that is appropriate here.

Clean up a bunch of funnies:

* qdev_prop_fdc_drive_type.type is "FdcDriveType".  Its .enum_table
  refers to QAPI type "FloppyDriveType".  So use that.

* qdev_prop_reserved_region is "reserved_region".  Its only user is an
  array property called "reserved-regions".  Its .set() visits str.
  So change @type to "str".

* trng_prop_fault_event_set.type is "uint32:bits".  Its .set() visits
  uint32, so change @type to "uint32".  If we believe mentioning it's
  actually bits is useful, the proper place would be .description.

* ccw_loadparm.type is "ccw_loadparm".  It's users are properties
  called "loadparm".  Its .set() visits str.  So change @type to
  "str".

* qdev_prop_nv_gpudirect_clique.type is "uint4".  Its set() visits
  uint8, so change @type to "uint8".  If we believe mentioning the
  range is useful, the proper place would be .description.

* s390_pci_fid_propinfo.type is "zpci_fid".  Its .set() visits uint32.
  So change type to that, and move the "zpci_fid" to .description.
  This is admittedly a lousy description, but it's still an
  improvement; for instance, output of -device zpci,help changes from

      fid=<zpci_fid>

  to

      fid=<uint32>           - zpci_fid

* Similarly for a raft of PropertyInfo in target/riscv/cpu.c.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250227085601.4140852-5-armbru@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[Commit message typo fixed]

qdev: Rename PropertyInfo member @name to @type

PropertyInfo member @name becomes ObjectProperty member @type, while
Property member @name becomes ObjectProperty member @name.  Rename the
former.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250227085601.4140852-4-armbru@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[One missed instance of @type fixed]

qdev: Change qdev_prop_pci_devfn member @name from "int32" to "str"

Properties using qdev_prop_pci_devfn initially accepted a string of
the form "DEV.FN" or "DEV" where DEV and FN are in hexadecimal.
Member @name was "pci-devfn" initially.

Commit b403298adb5 (qdev: make the non-legacy pci address property
accept an integer) changed them to additionally accept integers: bits
3..7 are DEV, and bits 0..2 are FN.  This is inaccessible externally
in device_add so far.

The commit also changed @name to "int32", and set member @legacy-name
to "pci-devfn".  Together, this kept QMP command
device-list-properties unaffected: it used @name only when
@legacy_name was null.

Commit 07d09c58dbb (qmp: Print descriptions of object properties)
quietly dumbed that down to use @name always, and the next commit
18b91a3e082q (qdev: Drop legacy_name from qdev properties) dropped
member @legacy_name.  This changed the value of @type reported by QMP
command device-list-properties from "pci-devfn" to "int32".

But "int32" is misleading: device_add actually wants QAPI type "str".
So change @name to that.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250227085601.4140852-3-armbru@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

qdev: Delete unused qdev_prop_enum

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250227085601.4140852-2-armbru@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

qapi/introspect: Use @dataclass to simplify

A TODO comment in class Annotated reminds us to simplify it once we
can use @dataclass, new in Python 3.7.  We have that now, so do it.

There's a similar comment in scripts/qapi/source.py, but I can't
figure out how to use @dataclass there.  Left for another day.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250227080757.3978333-4-armbru@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

qapi: Eliminate OrderedDict

We use OrderedDict to ensure dictionary order is insertion order.
Plain dict does that since Python 3.6, but it wasn't guaranteed until
3.7.  Since we have 3.7 now, replace OrderedDict by dict.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250227080757.3978333-3-armbru@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

docs/about/build-platforms: Correct minimum supported Python version

Fixes: ca056f4499c2 (Python: Drop support for Python 3.7)
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250227080757.3978333-2-armbru@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

hw/core/machine: Add compat for x-migration-multifd-transfer VFIO property

Add a hw_compat entry for recently added x-migration-multifd-transfer VFIO
property.

Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Link: https://lore.kernel.org/qemu-devel/92c354f0457c152d1f267cc258c6967fff551cb1.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

vfio/migration: Make x-migration-multifd-transfer VFIO property mutable

DEFINE_PROP_ON_OFF_AUTO() property isn't runtime-mutable so using it
would mean that the source VM would need to decide upfront at startup
time whether it wants to do a multifd device state transfer at some
point.

Source VM can run for a long time before being migrated so it is
desirable to have a fallback mechanism to the old way of transferring
VFIO device state if it turns to be necessary.

This brings this property to the same mutability level as ordinary
migration parameters, which too can be adjusted at the run time.

Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/f2f2d66bda477da3e6cb8c0311006cff36e8651d.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

vfio/migration: Add x-migration-multifd-transfer VFIO property

This property allows configuring whether to transfer the particular device
state via multifd channels when live migrating that device.

It defaults to AUTO, which means that VFIO device state transfer via
multifd channels is attempted in configurations that otherwise support it.

Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/d6dbb326e3d53c7104d62c96c9e3dd64e1c7b940.1741124640.git.maciej.szmigiero@oracle.com
[ clg: Added documentation ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>

vfio/migration: Multifd device state transfer support - send side

Implement the multifd device state transfer via additional per-device
thread inside save_live_complete_precopy_thread handler.

Switch between doing the data transfer in the new handler and doing it
in the old save_state handler depending if VFIO multifd transfer is enabled
or not.

Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/4d727e2e0435e0022d50004e474077632830e08d.1741124640.git.maciej.szmigiero@oracle.com
[ clg: - Reordered savevm_vfio_handlers
       - Updated save_live_complete_precopy* documentation ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>

vfio/migration: Multifd device state transfer support - config loading support

Load device config received via multifd using the existing machinery
behind vfio_load_device_config_state().

Also, make sure to process the relevant main migration channel flags.

Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/5dbd3f3703ec1097da2cf82a7262233452146fee.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

migration/qemu-file: Define g_autoptr() cleanup function for QEMUFile

Automatic memory management helps avoid memory safety issues.

Reviewed-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Link: https://lore.kernel.org/qemu-devel/2fd01d773a783d572dcf538a064a98cc09e75c12.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

vfio/migration: Multifd device state transfer support - load thread

Add a thread which loads the VFIO device state buffers that were received
via multifd.

Each VFIO device that has multifd device state transfer enabled has one
such thread, which is created using migration core API
qemu_loadvm_start_load_thread().

Since it's important to finish loading device state transferred via the
main migration channel (via save_live_iterate SaveVMHandler) before
starting loading the data asynchronously transferred via multifd the thread
doing the actual loading of the multifd transferred data is only started
from switchover_start SaveVMHandler.

switchover_start handler is called when MIG_CMD_SWITCHOVER_START
sub-command of QEMU_VM_COMMAND is received via the main migration channel.

This sub-command is only sent after all save_live_iterate data have already
been posted so it is safe to commence loading of the multifd-transferred
device state upon receiving it - loading of save_live_iterate data happens
synchronously in the main migration thread (much like the processing of
MIG_CMD_SWITCHOVER_START) so by the time MIG_CMD_SWITCHOVER_START is
processed all the proceeding data must have already been loaded.

Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/9abe612d775aaf42e31646796acd2363c723a57a.1741124640.git.maciej.szmigiero@oracle.com
[ clg: - Reordered savevm_vfio_handlers
       - Added switchover_start documentation ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>

vfio/migration: Multifd device state transfer support - received buffers queuing

The multifd received data needs to be reassembled since device state
packets sent via different multifd channels can arrive out-of-order.

Therefore, each VFIO device state packet carries a header indicating its
position in the stream.
The raw device state data is saved into a VFIOStateBuffer for later
in-order loading into the device.

The last such VFIO device state packet should have
VFIO_DEVICE_STATE_CONFIG_STATE flag set and carry the device config state.

Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/e3bff515a8d61c582b94b409eb12a45b1a143a69.1741124640.git.maciej.szmigiero@oracle.com
[ clg: - Reordered savevm_vfio_handlers
       - Added load_state_buffer documentation ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>

vfio/migration: Setup and cleanup multifd transfer in these general methods

Wire VFIO multifd transfer specific setup and cleanup functions into
general VFIO load/save setup and cleanup methods.

Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/b1f864a65fafd4fdab1f89230df52e46ae41f2ac.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

vfio/migration: Multifd setup/cleanup functions and associated VFIOMultifd

Add multifd setup/cleanup functions and an associated VFIOMultifd data
structure that will contain most of the receive-side data together
with its init/cleanup methods.

Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/c0520523053b1087787152ddf2163257d3030be0.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

vfio/migration: Multifd device state transfer - add support checking function

Add vfio_multifd_transfer_supported() function that tells whether the
multifd device state transfer is supported.

Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Link: https://lore.kernel.org/qemu-devel/8ce50256f341b3d47342bb217cb5fbb2deb14639.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

vfio/migration: Multifd device state transfer support - basic types

Add basic types and flags used by VFIO multifd device state transfer
support.

Since we'll be introducing a lot of multifd transfer specific code,
add a new file migration-multifd.c to home it, wired into main VFIO
migration code (migration.c) via migration-multifd.h header file.

Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/4eedd529e6617f80f3d6a66d7268a0db2bc173fa.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

vfio/migration: Move migration channel flags to vfio-common.h header file

This way they can also be referenced in other translation
units than migration.c.

Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Link: https://lore.kernel.org/qemu-devel/26a940f6b22c1b685818251b7a3ddbbca601b1d6.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

vfio/migration: Add vfio_add_bytes_transferred()

This way bytes_transferred can also be incremented in other translation
units than migration.c.

Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/d1fbc27ac2417b49892f354ba20f6c6b3f7209f8.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

vfio/migration: Convert bytes_transferred counter to atomic

So it can be safety accessed from multiple threads.

This variable type needs to be changed to unsigned long since
32-bit host platforms lack the necessary addition atomics on 64-bit
variables.

Using 32-bit counters on 32-bit host platforms should not be a problem
in practice since they can't realistically address more memory anyway.

Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Link: https://lore.kernel.org/qemu-devel/dc391771d2d9ad0f311994f0cb9e666da564aeaf.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

vfio/migration: Add load_device_config_state_start trace event

And rename existing load_device_config_state trace event to
load_device_config_state_end for consistency since it is triggered at the
end of loading of the VFIO device config state.

This way both the start and end points of particular device config
loading operation (a long, BQL-serialized operation) are known.

Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Link: https://lore.kernel.org/qemu-devel/1b6c5a2097e64c272eb7e53f9e4cca4b79581b38.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

migration: Add save_live_complete_precopy_thread handler

This SaveVMHandler helps device provide its own asynchronous transmission
of the remaining data at the end of a precopy phase via multifd channels,
in parallel with the transfer done by save_live_complete_precopy handlers.

These threads are launched only when multifd device state transfer is
supported.

Management of these threads in done in the multifd migration code,
wrapping them in the generic thread pool.

Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Link: https://lore.kernel.org/qemu-devel/eac74a4ca7edd8968bbf72aa07b9041c76364a16.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

migration/multifd: Add multifd_device_state_supported()

Since device state transfer via multifd channels requires multifd
channels with packets and is currently not compatible with multifd
compression add an appropriate query function so device can learn
whether it can actually make use of it.

Reviewed-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Link: https://lore.kernel.org/qemu-devel/1ff0d98b85f470e5a33687406e877583b8fab74e.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

migration/multifd: Make MultiFDSendData a struct

The newly introduced device state buffer can be used for either storing
VFIO's read() raw data, but already also possible to store generic device
states.  After noticing that device states may not easily provide a max
buffer size (also the fact that RAM MultiFDPages_t after all also want to
have flexibility on managing offset[] array), it may not be a good idea to
stick with union on MultiFDSendData.. as it won't play well with such
flexibility.

Switch MultiFDSendData to a struct.

It won't consume a lot more space in reality, after all the real buffers
were already dynamically allocated, so it's so far only about the two
structs (pages, device_state) that will be duplicated, but they're small.

With this, we can remove the pretty hard to understand alloc size logic.
Because now we can allocate offset[] together with the SendData, and
properly free it when the SendData is freed.

[MSS: Make sure to clear possible device state payload before freeing
MultiFDSendData, remove placeholders for other patches not included]

Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Acked-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/qemu-devel/7b02baba8e6ddb23ef7c349d312b9b631db09d7e.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

migration/multifd: Device state transfer support - send side

A new function multifd_queue_device_state() is provided for device to queue
its state for transmission via a multifd channel.

Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Link: https://lore.kernel.org/qemu-devel/ebd55768d3e5fecb5eb3f197bad9c0c07e5bc084.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

migration/multifd: Add an explicit MultiFDSendData destructor

This way if there are fields there that needs explicit disposal (like, for
example, some attached buffers) they will be handled appropriately.

Add a related assert to multifd_set_payload_type() in order to make sure
that this function is only used to fill a previously empty MultiFDSendData
with some payload, not the other way around.

Reviewed-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Link: https://lore.kernel.org/qemu-devel/6755205f2b95abbed251f87061feee1c0e410836.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

migration/multifd: Make multifd_send() thread safe

multifd_send() function is currently not thread safe, make it thread safe
by holding a lock during its execution.

This way it will be possible to safely call it concurrently from multiple
threads.

Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Link: https://lore.kernel.org/qemu-devel/dd0f3bcc02ca96a7d523ca58ea69e495a33b453b.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>

migration/multifd: Device state transfer support - receive side

Add a basic support for receiving device state via multifd channels -
channels that are shared with RAM transfers.

Depending whether MULTIFD_FLAG_DEVICE_STATE flag is present or not in the
packet header either device state (MultiFDPacketDeviceState_t) or RAM
data (existing MultiFDPacket_t) is read.

The received device state data is provided to
qemu_loadvm_load_state_buffer() function for processing in the
device's load_state_buffer handler.

Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Link: https://lore.kernel.org/qemu-devel/9b86f806c134e7815ecce0eee84f0e0e34aa0146.1741124640.git.maciej.szmigiero@oracle.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>