Update version for 7.2.1 release

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

.cirrus.yml

@@ -0,0 +1,109 @@
+env:
+  CIRRUS_CLONE_DEPTH: 1
+
+windows_msys2_task:
+  timeout_in: 90m
+  windows_container:
+    image: cirrusci/windowsservercore:2019
+    os_version: 2019
+    cpu: 8
+    memory: 8G
+  env:
+    CIRRUS_SHELL: powershell
+    MSYS: winsymlinks:native
+    MSYSTEM: MINGW64
+    MSYS2_URL: https://github.com/msys2/msys2-installer/releases/download/2022-06-03/msys2-base-x86_64-20220603.sfx.exe
+    MSYS2_FINGERPRINT: 0
+    MSYS2_PACKAGES: "
+      diffutils git grep make pkg-config sed
+      mingw-w64-x86_64-python
+      mingw-w64-x86_64-python-sphinx
+      mingw-w64-x86_64-toolchain
+      mingw-w64-x86_64-SDL2
+      mingw-w64-x86_64-SDL2_image
+      mingw-w64-x86_64-gtk3
+      mingw-w64-x86_64-glib2
+      mingw-w64-x86_64-ninja
+      mingw-w64-x86_64-jemalloc
+      mingw-w64-x86_64-lzo2
+      mingw-w64-x86_64-zstd
+      mingw-w64-x86_64-libjpeg-turbo
+      mingw-w64-x86_64-pixman
+      mingw-w64-x86_64-libgcrypt
+      mingw-w64-x86_64-libpng
+      mingw-w64-x86_64-libssh
+      mingw-w64-x86_64-snappy
+      mingw-w64-x86_64-libusb
+      mingw-w64-x86_64-usbredir
+      mingw-w64-x86_64-libtasn1
+      mingw-w64-x86_64-nettle
+      mingw-w64-x86_64-cyrus-sasl
+      mingw-w64-x86_64-curl
+      mingw-w64-x86_64-gnutls
+      mingw-w64-x86_64-libnfs
+    "
+    CHERE_INVOKING: 1
+  msys2_cache:
+    folder: C:\tools\archive
+    reupload_on_changes: false
+    # These env variables are used to generate fingerprint to trigger the cache procedure
+    # If wanna to force re-populate msys2, increase MSYS2_FINGERPRINT
+    fingerprint_script:
+      - |
+        echo $env:CIRRUS_TASK_NAME
+        echo $env:MSYS2_URL
+        echo $env:MSYS2_FINGERPRINT
+        echo $env:MSYS2_PACKAGES
+    populate_script:
+      - |
+        md -Force C:\tools\archive\pkg
+        $start_time = Get-Date
+        bitsadmin /transfer msys_download /dynamic /download /priority FOREGROUND $env:MSYS2_URL C:\tools\archive\base.exe
+        Write-Output "Download time taken: $((Get-Date).Subtract($start_time))"
+        cd C:\tools
+        C:\tools\archive\base.exe -y
+        del -Force C:\tools\archive\base.exe
+        Write-Output "Base install time taken: $((Get-Date).Subtract($start_time))"
+        $start_time = Get-Date
+
+        ((Get-Content -path C:\tools\msys64\etc\\post-install\\07-pacman-key.post -Raw) -replace '--refresh-keys', '--version') | Set-Content -Path C:\tools\msys64\etc\\post-install\\07-pacman-key.post
+        C:\tools\msys64\usr\bin\bash.exe -lc "sed -i 's/^CheckSpace/#CheckSpace/g' /etc/pacman.conf"
+        C:\tools\msys64\usr\bin\bash.exe -lc "export"
+        C:\tools\msys64\usr\bin\pacman.exe --noconfirm -Sy
+        echo Y | C:\tools\msys64\usr\bin\pacman.exe --noconfirm -Suu --overwrite=*
+        taskkill /F /FI "MODULES eq msys-2.0.dll"
+        tasklist
+        C:\tools\msys64\usr\bin\bash.exe -lc "mv -f /etc/pacman.conf.pacnew /etc/pacman.conf || true"
+        C:\tools\msys64\usr\bin\bash.exe -lc "pacman --noconfirm -Syuu --overwrite=*"
+        Write-Output "Core install time taken: $((Get-Date).Subtract($start_time))"
+        $start_time = Get-Date
+
+        C:\tools\msys64\usr\bin\bash.exe -lc "pacman --noconfirm -S --needed $env:MSYS2_PACKAGES"
+        Write-Output "Package install time taken: $((Get-Date).Subtract($start_time))"
+        $start_time = Get-Date
+
+        del -Force -ErrorAction SilentlyContinue C:\tools\msys64\etc\mtab
+        del -Force -ErrorAction SilentlyContinue C:\tools\msys64\dev\fd
+        del -Force -ErrorAction SilentlyContinue C:\tools\msys64\dev\stderr
+        del -Force -ErrorAction SilentlyContinue C:\tools\msys64\dev\stdin
+        del -Force -ErrorAction SilentlyContinue C:\tools\msys64\dev\stdout
+        del -Force -Recurse -ErrorAction SilentlyContinue C:\tools\msys64\var\cache\pacman\pkg
+        tar cf C:\tools\archive\msys64.tar -C C:\tools\ msys64
+
+        Write-Output "Package archive time taken: $((Get-Date).Subtract($start_time))"
+        del -Force -Recurse -ErrorAction SilentlyContinue c:\tools\msys64 
+  install_script:
+    - |
+      $start_time = Get-Date
+      cd C:\tools
+      ls C:\tools\archive\msys64.tar
+      tar xf C:\tools\archive\msys64.tar
+      Write-Output "Extract msys2 time taken: $((Get-Date).Subtract($start_time))"
+  script:
+    - C:\tools\msys64\usr\bin\bash.exe -lc "mkdir build"
+    - C:\tools\msys64\usr\bin\bash.exe -lc "cd build && ../configure --python=python3"
+    - C:\tools\msys64\usr\bin\bash.exe -lc "cd build && make -j8"
+    - exit $LastExitCode
+  test_script:
+    - C:\tools\msys64\usr\bin\bash.exe -lc "cd build && make V=1 check"
+    - exit $LastExitCode

.git-blame-ignore-revs

@@ -1,21 +0,0 @@
-#
-# List of code-formatting clean ups the git blame can ignore
-#
-#   git blame --ignore-revs-file .git-blame-ignore-revs
-#
-# or
-#
-#   git config blame.ignoreRevsFile .git-blame-ignore-revs
-#
-
-# gdbstub: clean-up indents
-ad9e4585b3c7425759d3eea697afbca71d2c2082
-
-# e1000e: fix code style
-0eadd56bf53ab196a16d492d7dd31c62e1c24c32
-
-# target/riscv: coding style fixes
-8c7feddddd9218b407792120bcfda0347ed16205
-
-# replace TABs with spaces
-48805df9c22a0700fba4b3b548fafaa21726ca68

.gitlab-ci.d/base.yml

@@ -6,13 +6,6 @@
 # most restrictive to least restrictive
 #
 .base_job_template:
-  variables:
-    # Each script line from will be in a collapsible section in the job output
-    # and show the duration of each line.
-    FF_SCRIPT_SECTIONS: 1
-
-  interruptible: true
-
   rules:
     #############################################################
     # Stage 1: exclude scenarios where we definitely don't
@@ -75,5 +68,5 @@
     - if: '$QEMU_CI != "2" && $CI_PROJECT_NAMESPACE != "qemu-project"'
       when: manual
 
-    # Jobs can run if any jobs they depend on were successful
+    # Jobs can run if any jobs they depend on were successfull
     - when: on_success

.gitlab-ci.d/buildtest-template.yml

@@ -11,10 +11,12 @@
       fi
     - mkdir build
     - cd build
-    - ../configure --enable-werror --disable-docs --enable-fdt=system
-          ${LD_JOBS:+--meson=git} ${TARGETS:+--target-list="$TARGETS"}
-          $CONFIGURE_ARGS ||
-      { cat config.log meson-logs/meson-log.txt && exit 1; }
+    - if test -n "$TARGETS";
+      then
+        ../configure --enable-werror --disable-docs ${LD_JOBS:+--meson=git} $CONFIGURE_ARGS --target-list="$TARGETS" ;
+      else
+        ../configure --enable-werror --disable-docs ${LD_JOBS:+--meson=git} $CONFIGURE_ARGS ;
+      fi || { cat config.log meson-logs/meson-log.txt && exit 1; }
     - if test -n "$LD_JOBS";
       then
         ../meson/meson.py configure . -Dbackend_max_links="$LD_JOBS" ;
@@ -25,22 +27,6 @@
         make -j"$JOBS" $MAKE_CHECK_ARGS ;
       fi
 
-# We jump some hoops in common_test_job_template to avoid
-# rebuilding all the object files we skip in the artifacts
-.native_build_artifact_template:
-  artifacts:
-    expire_in: 2 days
-    paths:
-      - build
-      - .git-submodule-status
-    exclude:
-      - build/**/*.p
-      - build/**/*.a.p
-      - build/**/*.fa.p
-      - build/**/*.c.o
-      - build/**/*.c.o.d
-      - build/**/*.fa
-
 .common_test_job_template:
   extends: .base_job_template
   stage: test

.gitlab-ci.d/buildtest.yml

@@ -2,16 +2,20 @@ include:
   - local: '/.gitlab-ci.d/buildtest-template.yml'
 
 build-system-alpine:
-  extends:
-    - .native_build_job_template
-    - .native_build_artifact_template
+  extends: .native_build_job_template
   needs:
     - job: amd64-alpine-container
   variables:
     IMAGE: alpine
-    TARGETS: avr-softmmu loongarch64-softmmu mips64-softmmu mipsel-softmmu
+    TARGETS: aarch64-softmmu alpha-softmmu cris-softmmu hppa-softmmu
+      microblazeel-softmmu mips64el-softmmu
     MAKE_CHECK_ARGS: check-build
     CONFIGURE_ARGS: --enable-docs --enable-trace-backends=log,simple,syslog
+  artifacts:
+    expire_in: 2 days
+    paths:
+      - .git-submodule-status
+      - build
 
 check-system-alpine:
   extends: .native_test_job_template
@@ -32,17 +36,19 @@ avocado-system-alpine:
     MAKE_CHECK_ARGS: check-avocado
 
 build-system-ubuntu:
-  extends:
-    - .native_build_job_template
-    - .native_build_artifact_template
+  extends: .native_build_job_template
   needs:
-    job: amd64-ubuntu2204-container
+    job: amd64-ubuntu2004-container
   variables:
-    IMAGE: ubuntu2204
-    CONFIGURE_ARGS: --enable-docs
-    TARGETS: alpha-softmmu cris-softmmu hppa-softmmu
+    IMAGE: ubuntu2004
+    CONFIGURE_ARGS: --enable-docs --enable-fdt=system --enable-capstone
+    TARGETS: aarch64-softmmu alpha-softmmu cris-softmmu hppa-softmmu
       microblazeel-softmmu mips64el-softmmu
     MAKE_CHECK_ARGS: check-build
+  artifacts:
+    expire_in: 2 days
+    paths:
+      - build
 
 check-system-ubuntu:
   extends: .native_test_job_template
@@ -50,7 +56,7 @@ check-system-ubuntu:
     - job: build-system-ubuntu
       artifacts: true
   variables:
-    IMAGE: ubuntu2204
+    IMAGE: ubuntu2004
     MAKE_CHECK_ARGS: check
 
 avocado-system-ubuntu:
@@ -59,21 +65,22 @@ avocado-system-ubuntu:
     - job: build-system-ubuntu
       artifacts: true
   variables:
-    IMAGE: ubuntu2204
+    IMAGE: ubuntu2004
     MAKE_CHECK_ARGS: check-avocado
 
 build-system-debian:
-  extends:
-    - .native_build_job_template
-    - .native_build_artifact_template
+  extends: .native_build_job_template
   needs:
     job: amd64-debian-container
   variables:
     IMAGE: debian-amd64
-    CONFIGURE_ARGS: --with-coroutine=sigaltstack
-    TARGETS: arm-softmmu i386-softmmu riscv64-softmmu sh4eb-softmmu
-      sparc-softmmu xtensaeb-softmmu
+    TARGETS: arm-softmmu avr-softmmu i386-softmmu mipsel-softmmu
+      riscv64-softmmu sh4eb-softmmu sparc-softmmu xtensaeb-softmmu
     MAKE_CHECK_ARGS: check-build
+  artifacts:
+    expire_in: 2 days
+    paths:
+      - build
 
 check-system-debian:
   extends: .native_test_job_template
@@ -106,17 +113,20 @@ crash-test-debian:
     - tests/venv/bin/python3 scripts/device-crash-test -q ./qemu-system-i386
 
 build-system-fedora:
-  extends:
-    - .native_build_job_template
-    - .native_build_artifact_template
+  extends: .native_build_job_template
   needs:
     job: amd64-fedora-container
   variables:
     IMAGE: fedora
     CONFIGURE_ARGS: --disable-gcrypt --enable-nettle --enable-docs
+             --enable-fdt=system --enable-slirp --enable-capstone
     TARGETS: tricore-softmmu microblaze-softmmu mips-softmmu
       xtensa-softmmu m68k-softmmu riscv32-softmmu ppc-softmmu sparc64-softmmu
     MAKE_CHECK_ARGS: check-build
+  artifacts:
+    expire_in: 2 days
+    paths:
+      - build
 
 check-system-fedora:
   extends: .native_test_job_template
@@ -150,18 +160,21 @@ crash-test-fedora:
     - tests/venv/bin/python3 scripts/device-crash-test -q ./qemu-system-riscv32
 
 build-system-centos:
-  extends:
-    - .native_build_job_template
-    - .native_build_artifact_template
+  extends: .native_build_job_template
   needs:
     job: amd64-centos8-container
   variables:
     IMAGE: centos8
-    CONFIGURE_ARGS: --disable-nettle --enable-gcrypt --enable-vfio-user-server
+    CONFIGURE_ARGS: --disable-nettle --enable-gcrypt --enable-fdt=system
       --enable-modules --enable-trace-backends=dtrace --enable-docs
+      --enable-vfio-user-server
     TARGETS: ppc64-softmmu or1k-softmmu s390x-softmmu
       x86_64-softmmu rx-softmmu sh4-softmmu nios2-softmmu
     MAKE_CHECK_ARGS: check-build
+  artifacts:
+    expire_in: 2 days
+    paths:
+      - build
 
 check-system-centos:
   extends: .native_test_job_template
@@ -182,15 +195,18 @@ avocado-system-centos:
     MAKE_CHECK_ARGS: check-avocado
 
 build-system-opensuse:
-  extends:
-    - .native_build_job_template
-    - .native_build_artifact_template
+  extends: .native_build_job_template
   needs:
     job: amd64-opensuse-leap-container
   variables:
     IMAGE: opensuse-leap
+    CONFIGURE_ARGS: --enable-fdt=system
     TARGETS: s390x-softmmu x86_64-softmmu aarch64-softmmu
     MAKE_CHECK_ARGS: check-build
+  artifacts:
+    expire_in: 2 days
+    paths:
+      - build
 
 check-system-opensuse:
   extends: .native_test_job_template
@@ -228,7 +244,6 @@ build-tcg-disabled:
     - mkdir build
     - cd build
     - ../configure --disable-tcg --audio-drv-list="" --with-coroutine=ucontext
-                   --disable-docs --disable-sdl --disable-gtk --disable-vnc
       || { cat config.log meson-logs/meson-log.txt && exit 1; }
     - make -j"$JOBS"
     - make check-unit
@@ -260,10 +275,14 @@ build-user-static:
     CONFIGURE_ARGS: --disable-tools --disable-system --static
     MAKE_CHECK_ARGS: check-tcg
 
+# Because the hexagon cross-compiler takes so long to build we don't rely
+# on the CI system to build it and hence this job has an optional dependency
+# declared. The image is manually uploaded.
 build-user-hexagon:
   extends: .native_build_job_template
   needs:
     job: hexagon-cross-container
+    optional: true
   variables:
     IMAGE: debian-hexagon-cross
     TARGETS: hexagon-linux-user
@@ -300,7 +319,8 @@ clang-system:
     IMAGE: fedora
     CONFIGURE_ARGS: --cc=clang --cxx=clang++
       --extra-cflags=-fsanitize=undefined --extra-cflags=-fno-sanitize-recover=undefined
-    TARGETS: alpha-softmmu arm-softmmu m68k-softmmu mips64-softmmu s390x-softmmu
+    TARGETS: alpha-softmmu arm-softmmu m68k-softmmu mips64-softmmu
+      ppc-softmmu s390x-softmmu
     MAKE_CHECK_ARGS: check-qtest check-tcg
 
 clang-user:
@@ -325,9 +345,7 @@ clang-user:
 # Split in three sets of build/check/avocado to limit the execution time of each
 # job
 build-cfi-aarch64:
-  extends:
-    - .native_build_job_template
-    - .native_build_artifact_template
+  extends: .native_build_job_template
   needs:
   - job: amd64-fedora-container
   variables:
@@ -343,6 +361,10 @@ build-cfi-aarch64:
     # skipped until the situation has been solved.
     QEMU_JOB_SKIPPED: 1
   timeout: 90m
+  artifacts:
+    expire_in: 2 days
+    paths:
+      - build
 
 check-cfi-aarch64:
   extends: .native_test_job_template
@@ -363,9 +385,7 @@ avocado-cfi-aarch64:
     MAKE_CHECK_ARGS: check-avocado
 
 build-cfi-ppc64-s390x:
-  extends:
-    - .native_build_job_template
-    - .native_build_artifact_template
+  extends: .native_build_job_template
   needs:
   - job: amd64-fedora-container
   variables:
@@ -381,6 +401,10 @@ build-cfi-ppc64-s390x:
     # skipped until the situation has been solved.
     QEMU_JOB_SKIPPED: 1
   timeout: 80m
+  artifacts:
+    expire_in: 2 days
+    paths:
+      - build
 
 check-cfi-ppc64-s390x:
   extends: .native_test_job_template
@@ -401,9 +425,7 @@ avocado-cfi-ppc64-s390x:
     MAKE_CHECK_ARGS: check-avocado
 
 build-cfi-x86_64:
-  extends:
-    - .native_build_job_template
-    - .native_build_artifact_template
+  extends: .native_build_job_template
   needs:
   - job: amd64-fedora-container
   variables:
@@ -415,6 +437,10 @@ build-cfi-x86_64:
     TARGETS: x86_64-softmmu
     MAKE_CHECK_ARGS: check-build
   timeout: 70m
+  artifacts:
+    expire_in: 2 days
+    paths:
+      - build
 
 check-cfi-x86_64:
   extends: .native_test_job_template
@@ -437,23 +463,35 @@ avocado-cfi-x86_64:
 tsan-build:
   extends: .native_build_job_template
   needs:
-    job: amd64-ubuntu2204-container
+    job: amd64-ubuntu2004-container
   variables:
-    IMAGE: ubuntu2204
-    CONFIGURE_ARGS: --enable-tsan --cc=clang --cxx=clang++
-          --enable-trace-backends=ust --disable-slirp
+    IMAGE: ubuntu2004
+    CONFIGURE_ARGS: --enable-tsan --cc=clang-10 --cxx=clang++-10
+          --enable-trace-backends=ust --enable-fdt=system --disable-slirp
     TARGETS: x86_64-softmmu ppc64-softmmu riscv64-softmmu x86_64-linux-user
+    MAKE_CHECK_ARGS: bench V=1
 
-# gcov is a GCC features
-gcov:
+# gprof/gcov are GCC features
+build-gprof-gcov:
   extends: .native_build_job_template
   needs:
-    job: amd64-ubuntu2204-container
-  timeout: 80m
+    job: amd64-ubuntu2004-container
   variables:
-    IMAGE: ubuntu2204
-    CONFIGURE_ARGS: --enable-gcov
+    IMAGE: ubuntu2004
+    CONFIGURE_ARGS: --enable-gprof --enable-gcov
     TARGETS: aarch64-softmmu ppc64-softmmu s390x-softmmu x86_64-softmmu
+  artifacts:
+    expire_in: 1 days
+    paths:
+      - build
+
+check-gprof-gcov:
+  extends: .native_test_job_template
+  needs:
+    - job: build-gprof-gcov
+      artifacts: true
+  variables:
+    IMAGE: ubuntu2004
     MAKE_CHECK_ARGS: check
   after_script:
     - cd build
@@ -476,7 +514,6 @@ build-oss-fuzz:
     IMAGE: fedora
   script:
     - mkdir build-oss-fuzz
-    - export LSAN_OPTIONS=suppressions=scripts/oss-fuzz/lsan_suppressions.txt
     - CC="clang" CXX="clang++" CFLAGS="-fsanitize=address"
       ./scripts/oss-fuzz/build.sh
     - export ASAN_OPTIONS="fast_unwind_on_malloc=0"
@@ -497,9 +534,8 @@ build-tci:
     - TARGETS="aarch64 alpha arm hppa m68k microblaze ppc64 s390x x86_64"
     - mkdir build
     - cd build
-    - ../configure --enable-tcg-interpreter --disable-docs --disable-gtk --disable-vnc
-        --target-list="$(for tg in $TARGETS; do echo -n ${tg}'-softmmu '; done)"
-        || { cat config.log meson-logs/meson-log.txt && exit 1; }
+    - ../configure --enable-tcg-interpreter
+        --target-list="$(for tg in $TARGETS; do echo -n ${tg}'-softmmu '; done)" || { cat config.log meson-logs/meson-log.txt && exit 1; }
     - make -j"$JOBS"
     - make tests/qtest/boot-serial-test tests/qtest/cdrom-test tests/qtest/pxe-test
     - for tg in $TARGETS ; do
@@ -511,23 +547,42 @@ build-tci:
     - QTEST_QEMU_BINARY="./qemu-system-s390x" ./tests/qtest/pxe-test -m slow
     - make check-tcg
 
+# Alternate coroutines implementations are only really of interest to KVM users
+# However we can't test against KVM on Gitlab-CI so we can only run unit tests
+build-coroutine-sigaltstack:
+  extends: .native_build_job_template
+  needs:
+    job: amd64-ubuntu2004-container
+  variables:
+    IMAGE: ubuntu2004
+    CONFIGURE_ARGS: --with-coroutine=sigaltstack --disable-tcg
+                    --enable-trace-backends=ftrace
+    MAKE_CHECK_ARGS: check-unit
+
 # Check our reduced build configurations
-build-without-defaults:
+build-without-default-devices:
   extends: .native_build_job_template
   needs:
     job: amd64-centos8-container
   variables:
     IMAGE: centos8
+    CONFIGURE_ARGS: --without-default-devices --disable-user
+
+build-without-default-features:
+  extends: .native_build_job_template
+  needs:
+    job: amd64-fedora-container
+  variables:
+    IMAGE: fedora
     CONFIGURE_ARGS:
-      --without-default-devices
       --without-default-features
-      --disable-fdt
+      --disable-capstone
       --disable-pie
       --disable-qom-cast-debug
       --disable-strip
-    TARGETS: avr-softmmu mips64-softmmu s390x-softmmu sh4-softmmu
+    TARGETS: avr-softmmu i386-softmmu mips64-softmmu s390x-softmmu sh4-softmmu
       sparc64-softmmu hexagon-linux-user i386-linux-user s390x-linux-user
-    MAKE_CHECK_ARGS: check-unit check-qtest-avr check-qtest-mips64
+    MAKE_CHECK_ARGS: check-unit check-qtest SPEED=slow
 
 build-libvhost-user:
   extends: .base_job_template
@@ -544,9 +599,7 @@ build-libvhost-user:
 # No targets are built here, just tools, docs, and unit tests. This
 # also feeds into the eventual documentation deployment steps later
 build-tools-and-docs-debian:
-  extends:
-    - .native_build_job_template
-    - .native_build_artifact_template
+  extends: .native_build_job_template
   needs:
     job: amd64-debian-container
     # when running on 'master' we use pre-existing container
@@ -556,6 +609,10 @@ build-tools-and-docs-debian:
     MAKE_CHECK_ARGS: check-unit ctags TAGS cscope
     CONFIGURE_ARGS: --disable-system --disable-user --enable-docs --enable-tools
     QEMU_JOB_PUBLISH: 1
+  artifacts:
+    expire_in: 2 days
+    paths:
+      - build
 
 # Prepare for GitLab pages deployment. Anything copied into the
 # "public" directory will be deployed to $USER.gitlab.io/$PROJECT

.gitlab-ci.d/cirrus.yml

@@ -50,10 +50,10 @@ x64-freebsd-12-build:
     NAME: freebsd-12
     CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
     CIRRUS_VM_IMAGE_SELECTOR: image_family
-    CIRRUS_VM_IMAGE_NAME: freebsd-12-4
+    CIRRUS_VM_IMAGE_NAME: freebsd-12-3
     CIRRUS_VM_CPUS: 8
     CIRRUS_VM_RAM: 8G
-    UPDATE_COMMAND: pkg update; pkg upgrade -y
+    UPDATE_COMMAND: pkg update
     INSTALL_COMMAND: pkg install -y
     TEST_TARGETS: check
 
@@ -66,7 +66,7 @@ x64-freebsd-13-build:
     CIRRUS_VM_IMAGE_NAME: freebsd-13-1
     CIRRUS_VM_CPUS: 8
     CIRRUS_VM_RAM: 8G
-    UPDATE_COMMAND: pkg update; pkg upgrade -y
+    UPDATE_COMMAND: pkg update
     INSTALL_COMMAND: pkg install -y
     TEST_TARGETS: check
 

.gitlab-ci.d/cirrus/build.yml

@@ -32,9 +32,6 @@ build_task:
     - $MAKE -j$(sysctl -n hw.ncpu)
     - for TARGET in $TEST_TARGETS ;
       do
-        $MAKE -j$(sysctl -n hw.ncpu) $TARGET V=1 ;
+        $MAKE -j$(sysctl -n hw.ncpu) $TARGET V=1
+        || { cat meson-logs/testlog.txt; exit 1; } ;
       done
-  always:
-    build_result_artifacts:
-      path: build/meson-logs/*log.txt
-      type: text/plain

.gitlab-ci.d/cirrus/freebsd-12.vars

@@ -11,6 +11,6 @@ MAKE='/usr/local/bin/gmake'
 NINJA='/usr/local/bin/ninja'
 PACKAGING_COMMAND='pkg'
 PIP3='/usr/local/bin/pip-3.8'
-PKGS='alsa-lib bash bison bzip2 ca_root_nss capstone4 ccache cdrkit-genisoimage cmocka ctags curl cyrus-sasl dbus diffutils dtc flex fusefs-libs3 gettext git glib gmake gnutls gsed gtk3 json-c libepoxy libffi libgcrypt libjpeg-turbo libnfs libslirp libspice-server libssh libtasn1 llvm lzo2 meson ncurses nettle ninja opencv pixman pkgconf png py39-numpy py39-pillow py39-pip py39-sphinx py39-sphinx_rtd_theme py39-yaml python3 rpm2cpio sdl2 sdl2_image snappy sndio socat spice-protocol tesseract usbredir virglrenderer vte3 zstd'
+PKGS='alsa-lib bash bison bzip2 ca_root_nss capstone4 ccache cdrkit-genisoimage cmocka ctags curl cyrus-sasl dbus diffutils dtc flex fusefs-libs3 gettext git glib gmake gnutls gsed gtk3 json-c libepoxy libffi libgcrypt libjpeg-turbo libnfs libslirp libspice-server libssh libtasn1 llvm lzo2 meson ncurses nettle ninja opencv perl5 pixman pkgconf png py39-numpy py39-pillow py39-pip py39-sphinx py39-sphinx_rtd_theme py39-yaml python3 rpm2cpio sdl2 sdl2_image snappy sndio spice-protocol tesseract texinfo usbredir virglrenderer vte3 zstd'
 PYPI_PKGS=''
 PYTHON='/usr/local/bin/python3'

.gitlab-ci.d/cirrus/freebsd-13.vars

@@ -11,6 +11,6 @@ MAKE='/usr/local/bin/gmake'
 NINJA='/usr/local/bin/ninja'
 PACKAGING_COMMAND='pkg'
 PIP3='/usr/local/bin/pip-3.8'
-PKGS='alsa-lib bash bison bzip2 ca_root_nss capstone4 ccache cdrkit-genisoimage cmocka ctags curl cyrus-sasl dbus diffutils dtc flex fusefs-libs3 gettext git glib gmake gnutls gsed gtk3 json-c libepoxy libffi libgcrypt libjpeg-turbo libnfs libslirp libspice-server libssh libtasn1 llvm lzo2 meson ncurses nettle ninja opencv pixman pkgconf png py39-numpy py39-pillow py39-pip py39-sphinx py39-sphinx_rtd_theme py39-yaml python3 rpm2cpio sdl2 sdl2_image snappy sndio socat spice-protocol tesseract usbredir virglrenderer vte3 zstd'
+PKGS='alsa-lib bash bison bzip2 ca_root_nss capstone4 ccache cdrkit-genisoimage cmocka ctags curl cyrus-sasl dbus diffutils dtc flex fusefs-libs3 gettext git glib gmake gnutls gsed gtk3 json-c libepoxy libffi libgcrypt libjpeg-turbo libnfs libslirp libspice-server libssh libtasn1 llvm lzo2 meson ncurses nettle ninja opencv perl5 pixman pkgconf png py39-numpy py39-pillow py39-pip py39-sphinx py39-sphinx_rtd_theme py39-yaml python3 rpm2cpio sdl2 sdl2_image snappy sndio spice-protocol tesseract texinfo usbredir virglrenderer vte3 zstd'
 PYPI_PKGS=''
 PYTHON='/usr/local/bin/python3'

.gitlab-ci.d/cirrus/macos-12.vars

@@ -11,6 +11,6 @@ MAKE='/opt/homebrew/bin/gmake'
 NINJA='/opt/homebrew/bin/ninja'
 PACKAGING_COMMAND='brew'
 PIP3='/opt/homebrew/bin/pip3'
-PKGS='bash bc bison bzip2 capstone ccache cmocka ctags curl dbus diffutils dtc flex gcovr gettext git glib gnu-sed gnutls gtk+3 jemalloc jpeg-turbo json-c libepoxy libffi libgcrypt libiscsi libnfs libpng libslirp libssh libtasn1 libusb llvm lzo make meson ncurses nettle ninja pixman pkg-config python3 rpm2cpio sdl2 sdl2_image snappy socat sparse spice-protocol tesseract usbredir vde vte3 zlib zstd'
+PKGS='bash bc bison bzip2 capstone ccache cmocka ctags curl dbus diffutils dtc flex gcovr gettext git glib gnu-sed gnutls gtk+3 jemalloc jpeg-turbo json-c libepoxy libffi libgcrypt libiscsi libnfs libpng libslirp libssh libtasn1 libusb llvm lzo make meson ncurses nettle ninja perl pixman pkg-config python3 rpm2cpio sdl2 sdl2_image snappy sparse spice-protocol tesseract texinfo usbredir vde vte3 zlib zstd'
 PYPI_PKGS='PyYAML numpy pillow sphinx sphinx-rtd-theme'
 PYTHON='/opt/homebrew/bin/python3'

.gitlab-ci.d/container-cross.yml

@@ -34,11 +34,31 @@ armhf-debian-cross-container:
   variables:
     NAME: debian-armhf-cross
 
+# We never want to build hexagon in the CI system and by default we
+# always want to refer to the master registry where it lives.
 hexagon-cross-container:
-  extends: .container_job_template
+  extends: .base_job_template
+  image: docker:stable
   stage: containers
   variables:
     NAME: debian-hexagon-cross
+    GIT_DEPTH: 1
+    QEMU_JOB_ONLY_FORKS: 1
+  services:
+    - docker:dind
+  before_script:
+    - export TAG="$CI_REGISTRY_IMAGE/qemu/$NAME:latest"
+    - export COMMON_TAG="$CI_REGISTRY/qemu-project/qemu/qemu/$NAME:latest"
+    - docker info
+    - docker login $CI_REGISTRY -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
+  script:
+    - echo "TAG:$TAG"
+    - echo "COMMON_TAG:$COMMON_TAG"
+    - docker pull $COMMON_TAG
+    - docker tag $COMMON_TAG $TAG
+    - docker push "$TAG"
+  after_script:
+    - docker logout
 
 hppa-debian-cross-container:
   extends: .container_job_template

.gitlab-ci.d/container-template.yml

@@ -6,16 +6,17 @@
     - docker:dind
   before_script:
     - export TAG="$CI_REGISTRY_IMAGE/qemu/$NAME:latest"
-    - export COMMON_TAG="$CI_REGISTRY/qemu-project/qemu/qemu/$NAME:latest"
+    - export COMMON_TAG="$CI_REGISTRY/qemu-project/qemu/$NAME:latest"
     - apk add python3
     - docker info
     - docker login $CI_REGISTRY -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
   script:
     - echo "TAG:$TAG"
     - echo "COMMON_TAG:$COMMON_TAG"
-    - docker build --tag "$TAG" --cache-from "$TAG" --cache-from "$COMMON_TAG"
-      --build-arg BUILDKIT_INLINE_CACHE=1
-      -f "tests/docker/dockerfiles/$NAME.docker" "."
+    - ./tests/docker/docker.py --engine docker build
+          -t "qemu/$NAME" -f "tests/docker/dockerfiles/$NAME.docker"
+          -r $CI_REGISTRY/qemu-project/qemu
+    - docker tag "qemu/$NAME" "$TAG"
     - docker push "$TAG"
   after_script:
     - docker logout

.gitlab-ci.d/containers.yml

@@ -13,10 +13,10 @@ amd64-debian-container:
   variables:
     NAME: debian-amd64
 
-amd64-ubuntu2204-container:
+amd64-ubuntu2004-container:
   extends: .container_job_template
   variables:
-    NAME: ubuntu2204
+    NAME: ubuntu2004
 
 amd64-opensuse-leap-container:
   extends: .container_job_template

.gitlab-ci.d/crossbuild-template.yml

@@ -6,9 +6,9 @@
   script:
     - mkdir build
     - cd build
-    - ../configure --enable-werror --disable-docs --enable-fdt=system
-        --disable-user $QEMU_CONFIGURE_OPTS $EXTRA_CONFIGURE_OPTS
-        --target-list-exclude="arm-softmmu cris-softmmu
+    - PKG_CONFIG_PATH=$PKG_CONFIG_PATH
+      ../configure --enable-werror --disable-docs $QEMU_CONFIGURE_OPTS
+        --disable-user --target-list-exclude="arm-softmmu cris-softmmu
           i386-softmmu microblaze-softmmu mips-softmmu mipsel-softmmu
           mips64-softmmu ppc-softmmu riscv32-softmmu sh4-softmmu
           sparc-softmmu xtensa-softmmu $CROSS_SKIP_TARGETS"
@@ -32,7 +32,8 @@
   script:
     - mkdir build
     - cd build
-    - ../configure --enable-werror --disable-docs $QEMU_CONFIGURE_OPTS
+    - PKG_CONFIG_PATH=$PKG_CONFIG_PATH
+      ../configure --enable-werror --disable-docs $QEMU_CONFIGURE_OPTS
         --disable-tools --enable-${ACCEL:-kvm} $EXTRA_CONFIGURE_OPTS
     - make -j$(expr $(nproc) + 1) all check-build $MAKE_CHECK_ARGS
 
@@ -43,20 +44,10 @@
   script:
     - mkdir build
     - cd build
-    - ../configure --enable-werror --disable-docs $QEMU_CONFIGURE_OPTS
+    - PKG_CONFIG_PATH=$PKG_CONFIG_PATH
+      ../configure --enable-werror --disable-docs $QEMU_CONFIGURE_OPTS
         --disable-system --target-list-exclude="aarch64_be-linux-user
           alpha-linux-user cris-linux-user m68k-linux-user microblazeel-linux-user
           nios2-linux-user or1k-linux-user ppc-linux-user sparc-linux-user
           xtensa-linux-user $CROSS_SKIP_TARGETS"
     - make -j$(expr $(nproc) + 1) all check-build $MAKE_CHECK_ARGS
-
-# We can still run some tests on some of our cross build jobs. They can add this
-# template to their extends to save the build logs and test results
-.cross_test_artifacts:
-  artifacts:
-    name: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
-    expire_in: 7 days
-    paths:
-      - build/meson-logs/testlog.txt
-    reports:
-      junit: build/meson-logs/testlog.junit.xml

.gitlab-ci.d/crossbuilds.yml

@@ -1,6 +1,13 @@
 include:
   - local: '/.gitlab-ci.d/crossbuild-template.yml'
 
+cross-armel-system:
+  extends: .cross_system_build_job
+  needs:
+    job: armel-debian-cross-container
+  variables:
+    IMAGE: debian-armel-cross
+
 cross-armel-user:
   extends: .cross_user_build_job
   needs:
@@ -8,6 +15,13 @@ cross-armel-user:
   variables:
     IMAGE: debian-armel-cross
 
+cross-armhf-system:
+  extends: .cross_system_build_job
+  needs:
+    job: armhf-debian-cross-container
+  variables:
+    IMAGE: debian-armhf-cross
+
 cross-armhf-user:
   extends: .cross_user_build_job
   needs:
@@ -29,10 +43,16 @@ cross-arm64-user:
   variables:
     IMAGE: debian-arm64-cross
 
+cross-i386-system:
+  extends: .cross_system_build_job
+  needs:
+    job: i386-fedora-cross-container
+  variables:
+    IMAGE: fedora-i386-cross
+    MAKE_CHECK_ARGS: check-qtest
+
 cross-i386-user:
-  extends:
-    - .cross_user_build_job
-    - .cross_test_artifacts
+  extends: .cross_user_build_job
   needs:
     job: i386-fedora-cross-container
   variables:
@@ -40,9 +60,7 @@ cross-i386-user:
     MAKE_CHECK_ARGS: check
 
 cross-i386-tci:
-  extends:
-    - .cross_accel_build_job
-    - .cross_test_artifacts
+  extends: .cross_accel_build_job
   timeout: 60m
   needs:
     job: i386-fedora-cross-container
@@ -94,14 +112,6 @@ cross-ppc64el-user:
   variables:
     IMAGE: debian-ppc64el-cross
 
-cross-ppc64el-kvm-only:
-  extends: .cross_accel_build_job
-  needs:
-    job: ppc64el-debian-cross-container
-  variables:
-    IMAGE: debian-ppc64el-cross
-    EXTRA_CONFIGURE_OPTS: --disable-tcg --without-default-devices
-
 # The riscv64 cross-builds currently use a 'sid' container to get
 # compilers and libraries. Until something more stable is found we
 # allow_failure so as not to block CI.
@@ -141,7 +151,7 @@ cross-s390x-kvm-only:
     job: s390x-debian-cross-container
   variables:
     IMAGE: debian-s390x-cross
-    EXTRA_CONFIGURE_OPTS: --disable-tcg --enable-trace-backends=ftrace
+    EXTRA_CONFIGURE_OPTS: --disable-tcg
 
 cross-mips64el-kvm-only:
   extends: .cross_accel_build_job
@@ -157,7 +167,6 @@ cross-win32-system:
     job: win32-fedora-cross-container
   variables:
     IMAGE: fedora-win32-cross
-    EXTRA_CONFIGURE_OPTS: --enable-fdt=internal
     CROSS_SKIP_TARGETS: alpha-softmmu avr-softmmu hppa-softmmu m68k-softmmu
                         microblazeel-softmmu mips64el-softmmu nios2-softmmu
   artifacts:
@@ -170,10 +179,7 @@ cross-win64-system:
     job: win64-fedora-cross-container
   variables:
     IMAGE: fedora-win64-cross
-    EXTRA_CONFIGURE_OPTS: --enable-fdt=internal
-    CROSS_SKIP_TARGETS: alpha-softmmu avr-softmmu hppa-softmmu
-                        m68k-softmmu microblazeel-softmmu nios2-softmmu
-                        or1k-softmmu rx-softmmu sh4eb-softmmu sparc64-softmmu
+    CROSS_SKIP_TARGETS: or1k-softmmu rx-softmmu sh4eb-softmmu sparc64-softmmu
                         tricore-softmmu xtensaeb-softmmu
   artifacts:
     paths:

.gitlab-ci.d/custom-runners.yml

@@ -13,18 +13,6 @@
 variables:
   GIT_STRATEGY: clone
 
-# All custom runners can extend this template to upload the testlog
-# data as an artifact and also feed the junit report
-.custom_runner_template:
-  extends: .base_job_template
-  artifacts:
-    name: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
-    expire_in: 7 days
-    paths:
-      - build/meson-logs/testlog.txt
-    reports:
-      junit: build/meson-logs/testlog.junit.xml
-
 include:
   - local: '/.gitlab-ci.d/custom-runners/ubuntu-20.04-s390x.yml'
   - local: '/.gitlab-ci.d/custom-runners/ubuntu-22.04-aarch64.yml'

.gitlab-ci.d/custom-runners/centos-stream-8-x86_64.yml

@@ -1,9 +1,4 @@
-# All centos-stream-8 jobs should run successfully in an environment
-# setup by the scripts/ci/setup/stream/8/build-environment.yml task
-# "Installation of extra packages to build QEMU"
-
 centos-stream-8-x86_64:
- extends: .custom_runner_template
  allow_failure: true
  needs: []
  stage: build
@@ -13,6 +8,15 @@ centos-stream-8-x86_64:
  rules:
  - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH =~ /^staging/'
  - if: "$CENTOS_STREAM_8_x86_64_RUNNER_AVAILABLE"
+ artifacts:
+   name: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
+   when: on_failure
+   expire_in: 7 days
+   paths:
+     - build/tests/results/latest/results.xml
+     - build/tests/results/latest/test-results
+   reports:
+     junit: build/tests/results/latest/results.xml
  before_script:
  - JOBS=$(expr $(nproc) + 1)
  script:
@@ -21,4 +25,6 @@ centos-stream-8-x86_64:
  - ../scripts/ci/org.centos/stream/8/x86_64/configure
    || { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make -j"$JOBS"
- - make NINJA=":" check check-avocado
+ - make NINJA=":" check
+   || { cat meson-logs/testlog.txt; exit 1; } ;
+ - ../scripts/ci/org.centos/stream/8/x86_64/test-avocado

.gitlab-ci.d/custom-runners/ubuntu-20.04-s390x.yml

@@ -3,7 +3,6 @@
 # "Install basic packages to build QEMU on Ubuntu 20.04/20.04"
 
 ubuntu-20.04-s390x-all-linux-static:
- extends: .custom_runner_template
  needs: []
  stage: build
  tags:
@@ -20,11 +19,12 @@ ubuntu-20.04-s390x-all-linux-static:
  - ../configure --enable-debug --static --disable-system --disable-glusterfs --disable-libssh
    || { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make --output-sync -j`nproc`
- - make --output-sync check-tcg
- - make --output-sync -j`nproc` check
+ - make --output-sync -j`nproc` check V=1
+   || { cat meson-logs/testlog.txt; exit 1; } ;
+ - make --output-sync -j`nproc` check-tcg V=1
+   || { cat meson-logs/testlog.txt; exit 1; } ;
 
 ubuntu-20.04-s390x-all:
- extends: .custom_runner_template
  needs: []
  stage: build
  tags:
@@ -40,10 +40,10 @@ ubuntu-20.04-s390x-all:
  - ../configure --disable-libssh
    || { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check
+ - make --output-sync -j`nproc` check V=1
+   || { cat meson-logs/testlog.txt; exit 1; } ;
 
 ubuntu-20.04-s390x-alldbg:
- extends: .custom_runner_template
  needs: []
  stage: build
  tags:
@@ -63,10 +63,10 @@ ubuntu-20.04-s390x-alldbg:
    || { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make clean
  - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check
+ - make --output-sync -j`nproc` check V=1
+   || { cat meson-logs/testlog.txt; exit 1; } ;
 
 ubuntu-20.04-s390x-clang:
- extends: .custom_runner_template
  needs: []
  stage: build
  tags:
@@ -85,7 +85,8 @@ ubuntu-20.04-s390x-clang:
  - ../configure --disable-libssh --cc=clang --cxx=clang++ --enable-sanitizers
    || { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check
+ - make --output-sync -j`nproc` check V=1
+   || { cat meson-logs/testlog.txt; exit 1; } ;
 
 ubuntu-20.04-s390x-tci:
  needs: []
@@ -108,7 +109,6 @@ ubuntu-20.04-s390x-tci:
  - make --output-sync -j`nproc`
 
 ubuntu-20.04-s390x-notcg:
- extends: .custom_runner_template
  needs: []
  stage: build
  tags:
@@ -127,4 +127,5 @@ ubuntu-20.04-s390x-notcg:
  - ../configure --disable-libssh --disable-tcg
    || { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check
+ - make --output-sync -j`nproc` check V=1
+   || { cat meson-logs/testlog.txt; exit 1; } ;

.gitlab-ci.d/custom-runners/ubuntu-22.04-aarch32.yml

@@ -3,7 +3,6 @@
 # "Install basic packages to build QEMU on Ubuntu 20.04"
 
 ubuntu-22.04-aarch32-all:
- extends: .custom_runner_template
  needs: []
  stage: build
  tags:
@@ -22,4 +21,5 @@ ubuntu-22.04-aarch32-all:
  - ../configure --cross-prefix=arm-linux-gnueabihf-
    || { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make --output-sync -j`nproc --ignore=40`
- - make --output-sync -j`nproc --ignore=40` check
+ - make --output-sync -j`nproc --ignore=40` check V=1
+   || { cat meson-logs/testlog.txt; exit 1; } ;

.gitlab-ci.d/custom-runners/ubuntu-22.04-aarch64.yml

@@ -3,7 +3,6 @@
 # "Install basic packages to build QEMU on Ubuntu 20.04"
 
 ubuntu-22.04-aarch64-all-linux-static:
- extends: .custom_runner_template
  needs: []
  stage: build
  tags:
@@ -20,11 +19,12 @@ ubuntu-22.04-aarch64-all-linux-static:
  - ../configure --enable-debug --static --disable-system --disable-pie
    || { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make --output-sync -j`nproc --ignore=40`
- - make check-tcg
- - make --output-sync -j`nproc --ignore=40` check
+ - make --output-sync -j`nproc --ignore=40` check V=1
+   || { cat meson-logs/testlog.txt; exit 1; } ;
+ - make --output-sync -j`nproc --ignore=40` check-tcg V=1
+   || { cat meson-logs/testlog.txt; exit 1; } ;
 
 ubuntu-22.04-aarch64-all:
- extends: .custom_runner_template
  needs: []
  stage: build
  tags:
@@ -43,10 +43,10 @@ ubuntu-22.04-aarch64-all:
  - ../configure
    || { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make --output-sync -j`nproc --ignore=40`
- - make --output-sync -j`nproc --ignore=40` check
+ - make --output-sync -j`nproc --ignore=40` check V=1
+   || { cat meson-logs/testlog.txt; exit 1; } ;
 
 ubuntu-22.04-aarch64-alldbg:
- extends: .custom_runner_template
  needs: []
  stage: build
  tags:
@@ -62,10 +62,10 @@ ubuntu-22.04-aarch64-alldbg:
    || { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make clean
  - make --output-sync -j`nproc --ignore=40`
- - make --output-sync -j`nproc --ignore=40` check
+ - make --output-sync -j`nproc --ignore=40` check V=1
+   || { cat meson-logs/testlog.txt; exit 1; } ;
 
 ubuntu-22.04-aarch64-clang:
- extends: .custom_runner_template
  needs: []
  stage: build
  tags:
@@ -81,10 +81,11 @@ ubuntu-22.04-aarch64-clang:
  script:
  - mkdir build
  - cd build
- - ../configure --disable-libssh --cc=clang --cxx=clang++ --enable-sanitizers
+ - ../configure --disable-libssh --cc=clang-10 --cxx=clang++-10 --enable-sanitizers
    || { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make --output-sync -j`nproc --ignore=40`
- - make --output-sync -j`nproc --ignore=40` check
+ - make --output-sync -j`nproc --ignore=40` check V=1
+   || { cat meson-logs/testlog.txt; exit 1; } ;
 
 ubuntu-22.04-aarch64-tci:
  needs: []
@@ -107,7 +108,6 @@ ubuntu-22.04-aarch64-tci:
  - make --output-sync -j`nproc --ignore=40`
 
 ubuntu-22.04-aarch64-notcg:
- extends: .custom_runner_template
  needs: []
  stage: build
  tags:
@@ -126,4 +126,5 @@ ubuntu-22.04-aarch64-notcg:
  - ../configure --disable-tcg
    || { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make --output-sync -j`nproc --ignore=40`
- - make --output-sync -j`nproc --ignore=40` check
+ - make --output-sync -j`nproc --ignore=40` check V=1
+   || { cat meson-logs/testlog.txt; exit 1; } ;

.gitlab-ci.d/edk2.yml

@@ -0,0 +1,85 @@
+# All jobs needing docker-edk2 must use the same rules it uses.
+.edk2_job_rules:
+  rules:
+    # Forks don't get pipelines unless QEMU_CI=1 or QEMU_CI=2 is set
+    - if: '$QEMU_CI != "1" && $QEMU_CI != "2" && $CI_PROJECT_NAMESPACE != "qemu-project"'
+      when: never
+
+    # In forks, if QEMU_CI=1 is set, then create manual job
+    # if any of the files affecting the build are touched
+    - if: '$QEMU_CI == "1" && $CI_PROJECT_NAMESPACE != "qemu-project"'
+      changes:
+        - .gitlab-ci.d/edk2.yml
+        - .gitlab-ci.d/edk2/Dockerfile
+        - roms/edk2/*
+      when: manual
+
+    # In forks, if QEMU_CI=1 is set, then create manual job
+    # if the branch/tag starts with 'edk2'
+    - if: '$QEMU_CI == "1" && $CI_PROJECT_NAMESPACE != "qemu-project" && $CI_COMMIT_REF_NAME =~ /^edk2/'
+      when: manual
+
+    # In forks, if QEMU_CI=1 is set, then create manual job
+    # if last commit msg contains 'EDK2' (case insensitive)
+    - if: '$QEMU_CI == "1" && $CI_PROJECT_NAMESPACE != "qemu-project" && $CI_COMMIT_MESSAGE =~ /edk2/i'
+      when: manual
+
+    # Run if any files affecting the build output are touched
+    - changes:
+        - .gitlab-ci.d/edk2.yml
+        - .gitlab-ci.d/edk2/Dockerfile
+        - roms/edk2/*
+      when: on_success
+
+    # Run if the branch/tag starts with 'edk2'
+    - if: '$CI_COMMIT_REF_NAME =~ /^edk2/'
+      when: on_success
+
+    # Run if last commit msg contains 'EDK2' (case insensitive)
+    - if: '$CI_COMMIT_MESSAGE =~ /edk2/i'
+      when: on_success
+
+docker-edk2:
+  extends: .edk2_job_rules
+  stage: containers
+  image: docker:19.03.1
+  services:
+    - docker:19.03.1-dind
+  variables:
+    GIT_DEPTH: 3
+    IMAGE_TAG: $CI_REGISTRY_IMAGE:edk2-cross-build
+    # We don't use TLS
+    DOCKER_HOST: tcp://docker:2375
+    DOCKER_TLS_CERTDIR: ""
+  before_script:
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+  script:
+    - docker pull $IMAGE_TAG || true
+    - docker build --cache-from $IMAGE_TAG --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+                                           --tag $IMAGE_TAG .gitlab-ci.d/edk2
+    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    - docker push $IMAGE_TAG
+
+build-edk2:
+  extends: .edk2_job_rules
+  stage: build
+  needs: ['docker-edk2']
+  artifacts:
+    paths: # 'artifacts.zip' will contains the following files:
+      - pc-bios/edk2*bz2
+      - pc-bios/edk2-licenses.txt
+      - edk2-stdout.log
+      - edk2-stderr.log
+  image: $CI_REGISTRY_IMAGE:edk2-cross-build
+  variables:
+    GIT_DEPTH: 3
+  script: # Clone the required submodules and build EDK2
+    - git submodule update --init roms/edk2
+    - git -C roms/edk2 submodule update --init --
+       ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3
+       BaseTools/Source/C/BrotliCompress/brotli
+       CryptoPkg/Library/OpensslLib/openssl
+       MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
+    - export JOBS=$(($(getconf _NPROCESSORS_ONLN) + 1))
+    - echo "=== Using ${JOBS} simultaneous jobs ==="
+    - make -j${JOBS} -C roms efi 2>&1 1>edk2-stdout.log | tee -a edk2-stderr.log >&2

.gitlab-ci.d/edk2/Dockerfile

@@ -0,0 +1,27 @@
+#
+# Docker image to cross-compile EDK2 firmware binaries
+#
+FROM ubuntu:18.04
+
+MAINTAINER Philippe Mathieu-Daudé <f4bug@amsat.org>
+
+# Install packages required to build EDK2
+RUN apt update \
+    && \
+    \
+    DEBIAN_FRONTEND=noninteractive \
+    apt install --assume-yes --no-install-recommends \
+        build-essential \
+        ca-certificates \
+        dos2unix \
+        gcc-aarch64-linux-gnu \
+        gcc-arm-linux-gnueabi \
+        git \
+        iasl \
+        make \
+        nasm \
+        python3 \
+        uuid-dev \
+    && \
+    \
+    rm -rf /var/lib/apt/lists/*

.gitlab-ci.d/opensbi.yml

@@ -42,9 +42,9 @@
 docker-opensbi:
   extends: .opensbi_job_rules
   stage: containers
-  image: docker:stable
+  image: docker:19.03.1
   services:
-    - docker:stable-dind
+    - docker:19.03.1-dind
   variables:
     GIT_DEPTH: 3
     IMAGE_TAG: $CI_REGISTRY_IMAGE:opensbi-cross-build

.gitlab-ci.d/opensbi/Dockerfile

@@ -15,7 +15,6 @@ RUN apt update \
         ca-certificates \
         git \
         make \
-	python3 \
         wget \
     && \
     \

.gitlab-ci.d/qemu-project.yml

@@ -4,6 +4,7 @@
 include:
   - local: '/.gitlab-ci.d/base.yml'
   - local: '/.gitlab-ci.d/stages.yml'
+  - local: '/.gitlab-ci.d/edk2.yml'
   - local: '/.gitlab-ci.d/opensbi.yml'
   - local: '/.gitlab-ci.d/containers.yml'
   - local: '/.gitlab-ci.d/crossbuilds.yml'

.gitlab-ci.d/static_checks.yml

@@ -23,12 +23,12 @@ check-dco:
   before_script:
     - apk -U add git
 
-check-python-minreqs:
+check-python-pipenv:
   extends: .base_job_template
   stage: test
   image: $CI_REGISTRY_IMAGE/qemu/python:latest
   script:
-    - make -C python check-minreqs
+    - make -C python check-pipenv
   variables:
     GIT_DEPTH: 1
   needs:

.gitlab-ci.d/windows.yml

@@ -10,7 +10,7 @@
       - ${CI_PROJECT_DIR}/msys64/var/cache
   needs: []
   stage: build
-  timeout: 80m
+  timeout: 70m
   before_script:
   - If ( !(Test-Path -Path msys64\var\cache ) ) {
       mkdir msys64\var\cache
@@ -38,19 +38,14 @@ msys2-64bit:
       mingw-w64-x86_64-capstone
       mingw-w64-x86_64-curl
       mingw-w64-x86_64-cyrus-sasl
-      mingw-w64-x86_64-dtc
       mingw-w64-x86_64-gcc
       mingw-w64-x86_64-glib2
       mingw-w64-x86_64-gnutls
-      mingw-w64-x86_64-gtk3
-      mingw-w64-x86_64-libgcrypt
-      mingw-w64-x86_64-libjpeg-turbo
       mingw-w64-x86_64-libnfs
       mingw-w64-x86_64-libpng
       mingw-w64-x86_64-libssh
       mingw-w64-x86_64-libtasn1
       mingw-w64-x86_64-libusb
-      mingw-w64-x86_64-lzo2
       mingw-w64-x86_64-nettle
       mingw-w64-x86_64-ninja
       mingw-w64-x86_64-pixman
@@ -59,25 +54,15 @@ msys2-64bit:
       mingw-w64-x86_64-SDL2
       mingw-w64-x86_64-SDL2_image
       mingw-w64-x86_64-snappy
-      mingw-w64-x86_64-spice
       mingw-w64-x86_64-usbredir
       mingw-w64-x86_64-zstd "
   - $env:CHERE_INVOKING = 'yes'  # Preserve the current working directory
-  - $env:MSYSTEM = 'MINGW64'     # Start a 64-bit MinGW environment
+  - $env:MSYSTEM = 'MINGW64'     # Start a 64 bit Mingw environment
   - $env:MSYS = 'winsymlinks:native' # Enable native Windows symlink
-  - mkdir output
-  - cd output
-  # Note: do not remove "--without-default-devices"!
-  # commit 9f8e6cad65a6 ("gitlab-ci: Speed up the msys2-64bit job by using --without-default-devices"
-  # changed to compile QEMU with the --without-default-devices switch
-  # for the msys2 64-bit job, due to the build could not complete within
-  # the project timeout.
-  - ..\msys64\usr\bin\bash -lc '../configure --target-list=x86_64-softmmu
-      --without-default-devices --enable-fdt=system'
-  - ..\msys64\usr\bin\bash -lc 'make'
-  # qTests don't run successfully with "--without-default-devices",
-  # so let's exclude the qtests from CI for now.
-  - ..\msys64\usr\bin\bash -lc 'make check MTESTARGS=\"--no-suite qtest\" || { cat meson-logs/testlog.txt; exit 1; } ;'
+  - .\msys64\usr\bin\bash -lc './configure --target-list=x86_64-softmmu
+      --enable-capstone --without-default-devices'
+  - .\msys64\usr\bin\bash -lc 'make'
+  - .\msys64\usr\bin\bash -lc 'make check || { cat build/meson-logs/testlog.txt; exit 1; } ;'
 
 msys2-32bit:
   extends: .shared_msys2_builder
@@ -88,37 +73,27 @@ msys2-32bit:
       mingw-w64-i686-capstone
       mingw-w64-i686-curl
       mingw-w64-i686-cyrus-sasl
-      mingw-w64-i686-dtc
       mingw-w64-i686-gcc
       mingw-w64-i686-glib2
       mingw-w64-i686-gnutls
       mingw-w64-i686-gtk3
       mingw-w64-i686-libgcrypt
       mingw-w64-i686-libjpeg-turbo
-      mingw-w64-i686-libnfs
-      mingw-w64-i686-libpng
       mingw-w64-i686-libssh
       mingw-w64-i686-libtasn1
       mingw-w64-i686-libusb
       mingw-w64-i686-lzo2
-      mingw-w64-i686-nettle
       mingw-w64-i686-ninja
       mingw-w64-i686-pixman
       mingw-w64-i686-pkgconf
       mingw-w64-i686-python
-      mingw-w64-i686-SDL2
-      mingw-w64-i686-SDL2_image
       mingw-w64-i686-snappy
-      mingw-w64-i686-spice
-      mingw-w64-i686-usbredir
-      mingw-w64-i686-zstd "
+      mingw-w64-i686-usbredir "
   - $env:CHERE_INVOKING = 'yes'  # Preserve the current working directory
-  - $env:MSYSTEM = 'MINGW32'     # Start a 32-bit MinGW environment
+  - $env:MSYSTEM = 'MINGW32'     # Start a 32-bit MinG environment
   - $env:MSYS = 'winsymlinks:native' # Enable native Windows symlink
   - mkdir output
   - cd output
-  - ..\msys64\usr\bin\bash -lc '../configure --target-list=ppc64-softmmu
-                                --enable-fdt=system'
+  - ..\msys64\usr\bin\bash -lc "../configure --target-list=ppc64-softmmu"
   - ..\msys64\usr\bin\bash -lc 'make'
-  - ..\msys64\usr\bin\bash -lc 'make check MTESTARGS=\"--no-suite qtest\" ||
-                                { cat meson-logs/testlog.txt; exit 1; }'
+  - ..\msys64\usr\bin\bash -lc 'make check || { cat meson-logs/testlog.txt; exit 1; } ;'

.gitlab/issue_templates/bug.md

@@ -18,11 +18,11 @@ https://www.qemu.org/contribute/security-process/
 -->
 
 ## Host environment
- - Operating system:            <!-- Windows 10 21H1, Fedora 37, etc. -->
- - OS/kernel version:           <!-- For POSIX hosts, use `uname -a` -->
- - Architecture:                <!-- x86, ARM, s390x, etc. -->
- - QEMU flavor:                 <!-- qemu-system-x86_64, qemu-aarch64, qemu-img, etc. -->
- - QEMU version:                <!-- e.g. `qemu-system-x86_64 --version` -->
+ - Operating system: (Windows 10 21H1, Fedora 34, etc.)
+ - OS/kernel version: (For POSIX hosts, use `uname -a`)
+ - Architecture: (x86, ARM, s390x, etc.)
+ - QEMU flavor: (qemu-system-x86_64, qemu-aarch64, qemu-img, etc.)
+ - QEMU version: (e.g. `qemu-system-x86_64 --version`)
  - QEMU command line:
    <!--
    Give the smallest, complete command line that exhibits the problem.
@@ -35,9 +35,9 @@ https://www.qemu.org/contribute/security-process/
    ```
 
 ## Emulated/Virtualized environment
- - Operating system:            <!-- Windows 10 21H1, Fedora 37, etc. -->
- - OS/kernel version:           <!-- For POSIX guests, use `uname -a`. -->
- - Architecture:                <!-- x86, ARM, s390x, etc. -->
+ - Operating system: (Windows 10 21H1, Fedora 34, etc.)
+ - OS/kernel version: (For POSIX guests, use `uname -a`.)
+ - Architecture: (x86, ARM, s390x, etc.)
 
 
 ## Description of problem

.gitmodules

@@ -13,6 +13,9 @@
 [submodule "roms/qemu-palcode"]
 	path = roms/qemu-palcode
 	url = https://gitlab.com/qemu-project/qemu-palcode.git
+[submodule "roms/sgabios"]
+	path = roms/sgabios
+	url = https://gitlab.com/qemu-project/sgabios.git
 [submodule "dtc"]
 	path = dtc
 	url = https://gitlab.com/qemu-project/dtc.git

.mailmap

@@ -45,7 +45,6 @@ Ed Swierk <eswierk@skyportsystems.com> Ed Swierk via Qemu-devel <qemu-devel@nong
 Ian McKellar <ianloic@google.com> Ian McKellar via Qemu-devel <qemu-devel@nongnu.org>
 Julia Suvorova <jusual@mail.ru> Julia Suvorova via Qemu-devel <qemu-devel@nongnu.org>
 Justin Terry (VM) <juterry@microsoft.com> Justin Terry (VM) via Qemu-devel <qemu-devel@nongnu.org>
-Stefan Weil <sw@weilnetz.de> Stefan Weil via <qemu-devel@nongnu.org>
 
 # Next, replace old addresses by a more recent one.
 Aleksandar Markovic <aleksandar.qemu.devel@gmail.com> <aleksandar.markovic@mips.com>
@@ -56,7 +55,6 @@ Aleksandar Rikalo <aleksandar.rikalo@syrmia.com> <aleksandar.rikalo@rt-rk.com>
 Alexander Graf <agraf@csgraf.de> <agraf@suse.de>
 Anthony Liguori <anthony@codemonkey.ws> Anthony Liguori <aliguori@us.ibm.com>
 Christian Borntraeger <borntraeger@linux.ibm.com> <borntraeger@de.ibm.com>
-Damien Hedde <damien.hedde@dahe.fr> <damien.hedde@greensocs.com>
 Filip Bozuta <filip.bozuta@syrmia.com> <filip.bozuta@rt-rk.com.com>
 Frederic Konrad <konrad.frederic@yahoo.fr> <fred.konrad@greensocs.com>
 Frederic Konrad <konrad.frederic@yahoo.fr> <konrad@adacore.com>

.travis.yml

@@ -16,6 +16,43 @@ cache:
   - $HOME/avocado/data/cache
 
 
+addons:
+  apt:
+    packages:
+      # Build dependencies
+      - libaio-dev
+      - libattr1-dev
+      - libbrlapi-dev
+      - libcap-ng-dev
+      - libcacard-dev
+      - libgcc-7-dev
+      - libgnutls28-dev
+      - libgtk-3-dev
+      - libiscsi-dev
+      - liblttng-ust-dev
+      - libncurses5-dev
+      - libnfs-dev
+      - libpixman-1-dev
+      - libpng-dev
+      - librados-dev
+      - libsdl2-dev
+      - libsdl2-image-dev
+      - libseccomp-dev
+      - libspice-protocol-dev
+      - libspice-server-dev
+      - libssh-dev
+      - liburcu-dev
+      - libusb-1.0-0-dev
+      - libvdeplug-dev
+      - libvte-2.91-dev
+      - libzstd-dev
+      - ninja-build
+      - sparse
+      - uuid-dev
+      # Tests dependencies
+      - genisoimage
+
+
 # The channel name "irc.oftc.net#qemu" is encrypted against qemu/qemu
 # to prevent IRC notifications from forks. This was created using:
 # $ travis encrypt -r "qemu/qemu" "irc.oftc.net#qemu"
@@ -91,7 +128,6 @@ jobs:
           - libbrlapi-dev
           - libcacard-dev
           - libcap-ng-dev
-          - libfdt-dev
           - libgcrypt20-dev
           - libgnutls28-dev
           - libgtk-3-dev
@@ -113,8 +149,7 @@ jobs:
           - genisoimage
       env:
         - TEST_CMD="make check check-tcg V=1"
-        - CONFIG="--disable-containers --enable-fdt=system
-                  --target-list=${MAIN_SOFTMMU_TARGETS} --cxx=/bin/false"
+        - CONFIG="--disable-containers --target-list=${MAIN_SOFTMMU_TARGETS} --cxx=/bin/false"
         - UNRELIABLE=true
 
     - name: "[ppc64] GCC check-tcg"
@@ -127,7 +162,6 @@ jobs:
           - libbrlapi-dev
           - libcacard-dev
           - libcap-ng-dev
-          - libfdt-dev
           - libgcrypt20-dev
           - libgnutls28-dev
           - libgtk-3-dev
@@ -149,8 +183,7 @@ jobs:
           - genisoimage
       env:
         - TEST_CMD="make check check-tcg V=1"
-        - CONFIG="--disable-containers --enable-fdt=system
-                  --target-list=ppc64-softmmu,ppc64le-linux-user"
+        - CONFIG="--disable-containers --target-list=ppc64-softmmu,ppc64le-linux-user"
 
     - name: "[s390x] GCC check-tcg"
       arch: s390x
@@ -162,7 +195,6 @@ jobs:
           - libbrlapi-dev
           - libcacard-dev
           - libcap-ng-dev
-          - libfdt-dev
           - libgcrypt20-dev
           - libgnutls28-dev
           - libgtk-3-dev
@@ -184,8 +216,7 @@ jobs:
           - genisoimage
       env:
         - TEST_CMD="make check check-tcg V=1"
-        - CONFIG="--disable-containers --enable-fdt=system
-                  --target-list=${MAIN_SOFTMMU_TARGETS},s390x-linux-user"
+        - CONFIG="--disable-containers --target-list=${MAIN_SOFTMMU_TARGETS},s390x-linux-user"
         - UNRELIABLE=true
       script:
         - BUILD_RC=0 && make -j${JOBS} || BUILD_RC=$?
@@ -206,7 +237,6 @@ jobs:
           - libattr1-dev
           - libcacard-dev
           - libcap-ng-dev
-          - libfdt-dev
           - libgnutls28-dev
           - libiscsi-dev
           - liblttng-ust-dev
@@ -225,8 +255,8 @@ jobs:
           # Tests dependencies
           - genisoimage
       env:
-        - CONFIG="--disable-containers --enable-fdt=system --audio-drv-list=sdl
-                  --disable-user --target-list-exclude=${MAIN_SOFTMMU_TARGETS}"
+        - CONFIG="--disable-containers --audio-drv-list=sdl --disable-user
+                  --target-list-exclude=${MAIN_SOFTMMU_TARGETS}"
 
     - name: "[s390x] GCC (user)"
       arch: s390x
@@ -251,7 +281,6 @@ jobs:
           - libbrlapi-dev
           - libcacard-dev
           - libcap-ng-dev
-          - libfdt-dev
           - libgcrypt20-dev
           - libgnutls28-dev
           - libgtk-3-dev
@@ -271,6 +300,6 @@ jobs:
           - ninja-build
       env:
         - TEST_CMD="make check-unit"
-        - CONFIG="--disable-containers --disable-tcg --enable-kvm --disable-tools
-                  --enable-fdt=system --host-cc=clang --cxx=clang++"
+        - CONFIG="--disable-containers --disable-tcg --enable-kvm
+                  --disable-tools --host-cc=clang --cxx=clang++"
         - UNRELIABLE=true

MAINTAINERS

@@ -64,20 +64,6 @@ L: qemu-devel@nongnu.org
 F: *
 F: */
 
-Project policy and developer guides
-R: Alex Bennée <alex.bennee@linaro.org>
-R: Daniel P. Berrangé <berrange@redhat.com>
-R: Thomas Huth <thuth@redhat.com>
-R: Markus Armbruster <armbru@redhat.com>
-R: Philippe Mathieu-Daudé <philmd@linaro.org>
-W: https://www.qemu.org/docs/master/devel/index.html
-S: Odd Fixes
-F: docs/devel/style.rst
-F: docs/devel/code-of-conduct.rst
-F: docs/devel/conflict-resolution.rst
-F: docs/devel/submitting-a-patch.rst
-F: docs/devel/submitting-a-pull-request.rst
-
 Responsible Disclosure, Reporting Security Issues
 -------------------------------------------------
 W: https://wiki.qemu.org/SecurityProcess
@@ -92,7 +78,6 @@ M: Laurent Vivier <laurent@vivier.eu>
 S: Maintained
 L: qemu-trivial@nongnu.org
 K: ^Subject:.*(?i)trivial
-F: docs/devel/trivial-patches.rst
 T: git git://git.corpit.ru/qemu.git trivial-patches
 T: git https://github.com/vivier/qemu.git trivial-patches
 
@@ -127,8 +112,6 @@ M: Philippe Mathieu-Daudé <philmd@linaro.org>
 R: Jiaxun Yang <jiaxun.yang@flygoat.com>
 S: Odd Fixes
 K: ^Subject:.*(?i)mips
-F: docs/system/target-mips.rst
-F: configs/targets/mips*
 
 Guest CPU cores (TCG)
 ---------------------
@@ -137,7 +120,6 @@ M: Richard Henderson <richard.henderson@linaro.org>
 R: Paolo Bonzini <pbonzini@redhat.com>
 S: Maintained
 F: softmmu/cpus.c
-F: softmmu/watchpoint.c
 F: cpus-common.c
 F: page-vary.c
 F: page-vary-common.c
@@ -147,11 +129,8 @@ F: util/cacheinfo.c
 F: util/cacheflush.c
 F: scripts/decodetree.py
 F: docs/devel/decodetree.rst
-F: docs/devel/tcg*
 F: include/exec/cpu*.h
 F: include/exec/exec-all.h
-F: include/exec/tb-flush.h
-F: include/exec/target_long.h
 F: include/exec/helper*.h
 F: include/sysemu/cpus.h
 F: include/sysemu/tcg.h
@@ -178,7 +157,6 @@ M: Peter Maydell <peter.maydell@linaro.org>
 L: qemu-arm@nongnu.org
 S: Maintained
 F: target/arm/
-F: target/arm/tcg/
 F: tests/tcg/arm/
 F: tests/tcg/aarch64/
 F: tests/qtest/arm-cpu-features.c
@@ -217,20 +195,12 @@ Hexagon TCG CPUs
 M: Taylor Simpson <tsimpson@quicinc.com>
 S: Supported
 F: target/hexagon/
-X: target/hexagon/idef-parser/
-X: target/hexagon/gen_idef_parser_funcs.py
 F: linux-user/hexagon/
 F: tests/tcg/hexagon/
 F: disas/hexagon.c
 F: configs/targets/hexagon-linux-user/default.mak
 F: docker/dockerfiles/debian-hexagon-cross.docker
-
-Hexagon idef-parser
-M: Alessandro Di Federico <ale@rev.ng>
-M: Anton Johansson <anjo@rev.ng>
-S: Supported
-F: target/hexagon/idef-parser/
-F: target/hexagon/gen_idef_parser_funcs.py
+F: docker/dockerfiles/debian-hexagon-cross.docker.d/build-toolchain.sh
 
 HPPA (PA-RISC) TCG CPUs
 M: Richard Henderson <richard.henderson@linaro.org>
@@ -258,6 +228,7 @@ F: target/microblaze/
 F: hw/microblaze/
 F: disas/microblaze.c
 F: tests/docker/dockerfiles/debian-microblaze-cross.d/build-toolchain.sh
+F: tests/tcg/nios2/Makefile.target
 
 MIPS TCG CPUs
 M: Philippe Mathieu-Daudé <philmd@linaro.org>
@@ -271,20 +242,18 @@ F: docs/system/cpu-models-mips.rst.inc
 F: tests/tcg/mips/
 
 NiosII TCG CPUs
-R: Chris Wulff <crwulff@gmail.com>
-R: Marek Vasut <marex@denx.de>
-S: Orphan
+M: Chris Wulff <crwulff@gmail.com>
+M: Marek Vasut <marex@denx.de>
+S: Maintained
 F: target/nios2/
 F: hw/nios2/
 F: disas/nios2.c
 F: configs/devices/nios2-softmmu/default.mak
 F: tests/docker/dockerfiles/debian-nios2-cross.d/build-toolchain.sh
-F: tests/tcg/nios2/
 
 OpenRISC TCG CPUs
 M: Stafford Horne <shorne@gmail.com>
 S: Odd Fixes
-F: docs/system/openrisc/cpu-features.rst
 F: target/openrisc/
 F: hw/openrisc/
 F: tests/tcg/openrisc/
@@ -295,7 +264,7 @@ R: Cédric Le Goater <clg@kaod.org>
 R: David Gibson <david@gibson.dropbear.id.au>
 R: Greg Kurz <groug@kaod.org>
 L: qemu-ppc@nongnu.org
-S: Odd Fixes
+S: Maintained
 F: target/ppc/
 F: hw/ppc/ppc.c
 F: hw/ppc/ppc_booke.c
@@ -305,9 +274,6 @@ RISC-V TCG CPUs
 M: Palmer Dabbelt <palmer@dabbelt.com>
 M: Alistair Francis <alistair.francis@wdc.com>
 M: Bin Meng <bin.meng@windriver.com>
-R: Weiwei Li <liweiwei@iscas.ac.cn>
-R: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
-R: Liu Zhiwei <zhiwei_liu@linux.alibaba.com>
 L: qemu-riscv@nongnu.org
 S: Supported
 F: target/riscv/
@@ -316,14 +282,6 @@ F: include/hw/riscv/
 F: linux-user/host/riscv32/
 F: linux-user/host/riscv64/
 
-RISC-V XThead* extensions
-M: Christoph Muellner <christoph.muellner@vrull.eu>
-M: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
-L: qemu-riscv@nongnu.org
-S: Supported
-F: target/riscv/insn_trans/trans_xthead.c.inc
-F: target/riscv/xthead*.decode
-
 RISC-V XVentanaCondOps extension
 M: Philipp Tomsich <philipp.tomsich@vrull.eu>
 L: qemu-riscv@nongnu.org
@@ -374,7 +332,6 @@ F: target/i386/tcg/
 F: tests/tcg/i386/
 F: tests/tcg/x86_64/
 F: hw/i386/
-F: docs/system/i386/cpu.rst
 F: docs/system/cpu-models-x86*
 T: git https://gitlab.com/ehabkost/qemu.git x86-next
 
@@ -385,7 +342,6 @@ S: Maintained
 F: target/xtensa/
 F: hw/xtensa/
 F: tests/tcg/xtensa/
-F: tests/tcg/xtensaeb/
 F: disas/xtensa.c
 F: include/hw/xtensa/xtensa-isa.h
 F: configs/devices/xtensa*/default.mak
@@ -433,7 +389,7 @@ M: Daniel Henrique Barboza <danielhb413@gmail.com>
 R: Cédric Le Goater <clg@kaod.org>
 R: David Gibson <david@gibson.dropbear.id.au>
 R: Greg Kurz <groug@kaod.org>
-S: Odd Fixes
+S: Maintained
 F: target/ppc/kvm.c
 
 S390 KVM CPUs
@@ -460,15 +416,6 @@ F: target/i386/kvm/
 F: target/i386/sev*
 F: scripts/kvm/vmxcap
 
-Xen emulation on X86 KVM CPUs
-M: David Woodhouse <dwmw2@infradead.org>
-M: Paul Durrant <paul@xen.org>
-S: Supported
-F: include/sysemu/kvm_xen.h
-F: target/i386/kvm/xen*
-F: hw/i386/kvm/xen*
-F: tests/avocado/xen_guest.py
-
 Guest CPU Cores (other accelerators)
 ------------------------------------
 Overall
@@ -476,7 +423,7 @@ M: Richard Henderson <richard.henderson@linaro.org>
 R: Paolo Bonzini <pbonzini@redhat.com>
 S: Maintained
 F: include/qemu/accel.h
-F: include/sysemu/accel-*.h
+F: include/sysemu/accel-ops.h
 F: include/hw/core/accel-cpu.h
 F: accel/accel-*.c
 F: accel/Makefile.objs
@@ -539,7 +486,10 @@ F: stubs/xen-hw-stub.c
 Guest CPU Cores (HAXM)
 ---------------------
 X86 HAXM CPUs
-S: Orphan
+M: Wenchao Wang <wenchao.wang@intel.com>
+L: haxm-team@intel.com
+W: https://github.com/intel/haxm/issues
+S: Maintained
 F: accel/stubs/hax-stub.c
 F: include/sysemu/hax.h
 F: target/i386/hax/
@@ -547,6 +497,7 @@ F: target/i386/hax/
 Guest CPU Cores (NVMM)
 ----------------------
 NetBSD Virtual Machine Monitor (NVMM) CPU support
+M: Kamil Rytarowski <kamil@netbsd.org>
 M: Reinoud Zandijk <reinoud@netbsd.org>
 S: Maintained
 F: include/sysemu/nvmm.h
@@ -571,6 +522,7 @@ F: util/*posix*.c
 F: include/qemu/*posix*.h
 
 NETBSD
+M: Kamil Rytarowski <kamil@netbsd.org>
 M: Reinoud Zandijk <reinoud@netbsd.org>
 M: Ryo ONODERA <ryoon@netbsd.org>
 S: Maintained
@@ -611,14 +563,12 @@ ARM Machines
 Allwinner-a10
 M: Beniamino Galvani <b.galvani@gmail.com>
 M: Peter Maydell <peter.maydell@linaro.org>
-R: Strahinja Jankovic <strahinja.p.jankovic@gmail.com>
 L: qemu-arm@nongnu.org
 S: Odd Fixes
 F: hw/*/allwinner*
 F: include/hw/*/allwinner*
 F: hw/arm/cubieboard.c
 F: docs/system/arm/cubieboard.rst
-F: hw/misc/axp209.c
 
 Allwinner-h3
 M: Niek Linnenbank <nieklinnenbank@gmail.com>
@@ -838,13 +788,13 @@ F: include/hw/net/mv88w8618_eth.h
 F: docs/system/arm/musicpal.rst
 
 Nuvoton NPCM7xx
+M: Havard Skinnemoen <hskinnemoen@google.com>
 M: Tyrone Ting <kfting@nuvoton.com>
-M: Hao Wu <wuhaotsh@google.com>
 L: qemu-arm@nongnu.org
 S: Supported
-F: hw/*/npcm*
-F: include/hw/*/npcm*
-F: tests/qtest/npcm*
+F: hw/*/npcm7xx*
+F: include/hw/*/npcm7xx*
+F: tests/qtest/npcm7xx*
 F: pc-bios/npcm7xx_bootrom.bin
 F: roms/vbootrom
 F: docs/system/arm/nuvoton.rst
@@ -923,7 +873,6 @@ M: Peter Maydell <peter.maydell@linaro.org>
 R: Jean-Christophe Dubois <jcd@tribudubois.net>
 L: qemu-arm@nongnu.org
 S: Odd Fixes
-F: docs/system/arm/sabrelite.rst
 F: hw/arm/sabrelite.c
 F: hw/arm/fsl-imx6.c
 F: hw/misc/imx6_*.c
@@ -978,7 +927,6 @@ M: Peter Maydell <peter.maydell@linaro.org>
 L: qemu-arm@nongnu.org
 S: Maintained
 F: hw/*/versatile*
-F: hw/i2c/arm_sbcon_i2c.c
 F: include/hw/i2c/arm_sbcon_i2c.h
 F: hw/misc/arm_sysctl.c
 F: docs/system/arm/versatile.rst
@@ -1025,6 +973,12 @@ S: Maintained
 F: hw/ssi/xlnx-versal-ospi.c
 F: include/hw/ssi/xlnx-versal-ospi.h
 
+ARM ACPI Subsystem
+M: Shannon Zhao <shannon.zhaosl@gmail.com>
+L: qemu-arm@nongnu.org
+S: Maintained
+F: hw/arm/virt-acpi-build.c
+
 STM32F100
 M: Alexandre Iooss <erdnaxe@crans.org>
 L: qemu-arm@nongnu.org
@@ -1067,12 +1021,6 @@ L: qemu-arm@nongnu.org
 S: Maintained
 F: hw/arm/netduinoplus2.c
 
-Olimex STM32 H405
-M: Felipe Balbi <balbi@kernel.org>
-L: qemu-arm@nongnu.org
-S: Maintained
-F: hw/arm/olimex-stm32-h405.c
-
 SmartFusion2
 M: Subbaraya Sundeep <sundeep.lkml@gmail.com>
 M: Peter Maydell <peter.maydell@linaro.org>
@@ -1278,7 +1226,7 @@ S: Odd Fixes
 F: hw/isa/piix4.c
 F: hw/acpi/piix4.c
 F: hw/mips/malta.c
-F: hw/pci-host/gt64120.c
+F: hw/mips/gt64xxx_pci.c
 F: include/hw/southbridge/piix.h
 F: tests/avocado/linux_ssh_mips_malta.py
 F: tests/avocado/machine_mips_malta.py
@@ -1299,7 +1247,6 @@ F: hw/isa/vt82c686.c
 F: hw/pci-host/bonito.c
 F: hw/usb/vt82c686-uhci-pci.c
 F: include/hw/isa/vt82c686.h
-F: include/hw/pci-host/bonito.h
 F: tests/avocado/machine_mips_fuloong2e.py
 
 Loongson-3 virtual platforms
@@ -1326,7 +1273,6 @@ OpenRISC Machines
 or1k-sim
 M: Jia Liu <proljc@gmail.com>
 S: Maintained
-F: docs/system/openrisc/or1k-sim.rst
 F: hw/openrisc/openrisc_sim.c
 
 PowerPC Machines
@@ -1421,7 +1367,7 @@ R: Cédric Le Goater <clg@kaod.org>
 R: David Gibson <david@gibson.dropbear.id.au>
 R: Greg Kurz <groug@kaod.org>
 L: qemu-ppc@nongnu.org
-S: Odd Fixes
+S: Maintained
 F: hw/*/spapr*
 F: include/hw/*/spapr*
 F: hw/*/xics*
@@ -1698,10 +1644,10 @@ F: hw/isa/piix3.c
 F: hw/isa/lpc_ich9.c
 F: hw/i2c/smbus_ich9.c
 F: hw/acpi/piix4.c
-F: hw/acpi/ich9*.c
-F: include/hw/acpi/ich9*.h
-F: include/hw/southbridge/ich9.h
+F: hw/acpi/ich9.c
+F: include/hw/acpi/ich9.h
 F: include/hw/southbridge/piix.h
+F: hw/misc/sga.c
 F: hw/isa/apm.c
 F: include/hw/isa/apm.h
 F: tests/unit/test-x86-cpuid.c
@@ -1733,7 +1679,6 @@ F: include/hw/char/parallel.h
 F: include/hw/dma/i8257.h
 F: include/hw/i2c/pm_smbus.h
 F: include/hw/input/i8042.h
-F: include/hw/intc/ioapic*
 F: include/hw/isa/i8259_internal.h
 F: include/hw/isa/superio.h
 F: include/hw/timer/hpet.h
@@ -1818,7 +1763,7 @@ F: hw/misc/edu.c
 IDE
 M: John Snow <jsnow@redhat.com>
 L: qemu-block@nongnu.org
-S: Odd Fixes
+S: Supported
 F: include/hw/ide.h
 F: include/hw/ide/
 F: hw/ide/
@@ -1843,7 +1788,7 @@ T: git https://github.com/cminyard/qemu.git master-ipmi-rebase
 Floppy
 M: John Snow <jsnow@redhat.com>
 L: qemu-block@nongnu.org
-S: Odd Fixes
+S: Supported
 F: hw/block/fdc.c
 F: hw/block/fdc-internal.h
 F: hw/block/fdc-isa.c
@@ -1912,18 +1857,6 @@ F: docs/specs/acpi_nvdimm.rst
 F: docs/specs/acpi_pci_hotplug.rst
 F: docs/specs/acpi_hw_reduced_hotplug.rst
 
-ARM ACPI Subsystem
-M: Shannon Zhao <shannon.zhaosl@gmail.com>
-L: qemu-arm@nongnu.org
-S: Maintained
-F: hw/arm/virt-acpi-build.c
-
-RISC-V ACPI Subsystem
-M: Sunil V L <sunilvl@ventanamicro.com>
-L: qemu-riscv@nongnu.org
-S: Maintained
-F: hw/riscv/virt-acpi-build.c
-
 ACPI/VIOT
 M: Jean-Philippe Brucker <jean-philippe@linaro.org>
 S: Supported
@@ -2034,7 +1967,6 @@ F: hw/usb/dev-serial.c
 
 VFIO
 M: Alex Williamson <alex.williamson@redhat.com>
-R: Cédric Le Goater <clg@redhat.com>
 S: Supported
 F: hw/vfio/*
 F: include/hw/vfio/
@@ -2084,7 +2016,6 @@ F: hw/virtio/trace-events
 F: qapi/virtio.json
 F: net/vhost-user.c
 F: include/hw/virtio/
-F: docs/devel/virtio*
 
 virtio-balloon
 M: Michael S. Tsirkin <mst@redhat.com>
@@ -2106,7 +2037,6 @@ X: hw/9pfs/xen-9p*
 F: fsdev/
 F: docs/tools/virtfs-proxy-helper.rst
 F: tests/qtest/virtio-9p-test.c
-F: tests/qtest/libqos/virtio-9p*
 T: git https://gitlab.com/gkurz/qemu.git 9p-next
 T: git https://github.com/cschoenebeck/qemu.git 9p.next
 
@@ -2133,10 +2063,13 @@ T: git https://github.com/borntraeger/qemu.git s390-next
 L: qemu-s390x@nongnu.org
 
 virtiofs
+M: Dr. David Alan Gilbert <dgilbert@redhat.com>
 M: Stefan Hajnoczi <stefanha@redhat.com>
 S: Supported
+F: tools/virtiofsd/*
 F: hw/virtio/vhost-user-fs*
 F: include/hw/virtio/vhost-user-fs.h
+F: docs/tools/virtiofsd.rst
 L: virtio-fs@redhat.com
 
 virtio-input
@@ -2175,7 +2108,7 @@ F: tests/qtest/virtio-rng-test.c
 vhost-user-rng
 M: Mathieu Poirier <mathieu.poirier@linaro.org>
 S: Supported
-F: docs/system/devices/vhost-user-rng.rst
+F: docs/tools/vhost-user-rng.rst
 F: hw/virtio/vhost-user-rng.c
 F: hw/virtio/vhost-user-rng-pci.c
 F: include/hw/virtio/vhost-user-rng.h
@@ -2213,7 +2146,7 @@ S: Supported
 F: hw/nvme/*
 F: include/block/nvme.h
 F: tests/qtest/nvme-test.c
-F: docs/system/devices/nvme.rst
+F: docs/system/nvme.rst
 T: git git://git.infradead.org/qemu-nvme.git nvme-next
 
 megasas
@@ -2250,28 +2183,14 @@ F: docs/specs/rocker.txt
 
 e1000x
 M: Dmitry Fleytman <dmitry.fleytman@gmail.com>
-R: Akihiko Odaki <akihiko.odaki@daynix.com>
 S: Maintained
 F: hw/net/e1000x*
 
 e1000e
 M: Dmitry Fleytman <dmitry.fleytman@gmail.com>
-R: Akihiko Odaki <akihiko.odaki@daynix.com>
 S: Maintained
 F: hw/net/e1000e*
 F: tests/qtest/fuzz-e1000e-test.c
-F: tests/qtest/e1000e-test.c
-F: tests/qtest/libqos/e1000e.*
-
-igb
-M: Akihiko Odaki <akihiko.odaki@daynix.com>
-R: Sriram Yagnaraman <sriram.yagnaraman@est.tech>
-S: Maintained
-F: docs/system/devices/igb.rst
-F: hw/net/igb*
-F: tests/avocado/igb.py
-F: tests/qtest/igb-test.c
-F: tests/qtest/libqos/igb.c
 
 eepro100
 M: Stefan Weil <sw@weilnetz.de>
@@ -2325,6 +2244,7 @@ F: hw/acpi/vmgenid.c
 F: include/hw/acpi/vmgenid.h
 F: docs/specs/vmgenid.txt
 F: tests/qtest/vmgenid-test.c
+F: stubs/vmgenid.c
 
 LED
 M: Philippe Mathieu-Daudé <philmd@linaro.org>
@@ -2535,7 +2455,6 @@ Subsystems
 ----------
 Overall Audio backends
 M: Gerd Hoffmann <kraxel@redhat.com>
-M: Marc-André Lureau <marcandre.lureau@redhat.com>
 S: Odd Fixes
 F: audio/
 X: audio/alsaaudio.c
@@ -2681,8 +2600,8 @@ T: git https://gitlab.com/jsnow/qemu.git jobs
 T: git https://gitlab.com/vsementsov/qemu.git block
 
 Compute Express Link
+M: Ben Widawsky <ben.widawsky@intel.com>
 M: Jonathan Cameron <jonathan.cameron@huawei.com>
-R: Fan Ni <fan.ni@samsung.com>
 S: Supported
 F: hw/cxl/
 F: hw/mem/cxl_type3.c
@@ -2777,14 +2696,11 @@ GDB stub
 M: Alex Bennée <alex.bennee@linaro.org>
 R: Philippe Mathieu-Daudé <philmd@linaro.org>
 S: Maintained
-F: docs/system/gdb.rst
 F: gdbstub/*
 F: include/exec/gdbstub.h
-F: include/gdbstub/*
 F: gdb-xml/
 F: tests/tcg/multiarch/gdbstub/
 F: scripts/feature_to_c.sh
-F: scripts/probe-gdb-support.py
 
 Memory API
 M: Paolo Bonzini <pbonzini@redhat.com>
@@ -2832,13 +2748,11 @@ F: docs/spice-port-fqdn.txt
 
 Graphics
 M: Gerd Hoffmann <kraxel@redhat.com>
-M: Marc-André Lureau <marcandre.lureau@redhat.com>
 S: Odd Fixes
 F: ui/
 F: include/ui/
 F: qapi/ui.json
 F: util/drm.c
-F: docs/devel/ui.rst
 
 Cocoa graphics
 M: Peter Maydell <peter.maydell@linaro.org>
@@ -2862,21 +2776,20 @@ F: softmmu/cpus.c
 F: softmmu/cpu-throttle.c
 F: softmmu/cpu-timers.c
 F: softmmu/icount.c
-F: softmmu/runstate*
+F: softmmu/runstate-action.c
+F: softmmu/runstate.c
 F: qapi/run-state.json
 
 Read, Copy, Update (RCU)
 M: Paolo Bonzini <pbonzini@redhat.com>
 S: Maintained
-F: docs/devel/lockcnt.txt
-F: docs/devel/rcu.txt
 F: include/qemu/rcu*.h
 F: tests/unit/rcutorture.c
 F: tests/unit/test-rcu-*.c
 F: util/rcu.c
 
 Human Monitor (HMP)
-M: Dr. David Alan Gilbert <dave@treblig.org>
+M: Dr. David Alan Gilbert <dgilbert@redhat.com>
 S: Maintained
 F: monitor/monitor-internal.h
 F: monitor/misc.c
@@ -2916,11 +2829,9 @@ T: git https://gitlab.com/ehabkost/qemu.git machine-next
 
 Cryptodev Backends
 M: Gonglei <arei.gonglei@huawei.com>
-M: zhenwei pi <pizhenwei@bytedance.com>
 S: Maintained
 F: include/sysemu/cryptodev*.h
 F: backends/cryptodev*.c
-F: qapi/cryptodev.json
 
 Python library
 M: John Snow <jsnow@redhat.com>
@@ -3019,7 +2930,6 @@ M: Paolo Bonzini <pbonzini@redhat.com>
 R: Daniel P. Berrange <berrange@redhat.com>
 R: Eduardo Habkost <eduardo@habkost.net>
 S: Supported
-F: docs/devel/qom.rst
 F: docs/qdev-device-use.txt
 F: hw/core/qdev*
 F: hw/core/bus.c
@@ -3068,7 +2978,6 @@ F: softmmu/qtest.c
 F: accel/qtest/
 F: tests/qtest/
 F: docs/devel/qgraph.rst
-F: docs/devel/qtest.rst
 X: tests/qtest/bios-tables-test*
 
 Device Fuzzing
@@ -3100,11 +3009,6 @@ F: net/slirp.c
 F: include/net/slirp.h
 T: git https://people.debian.org/~sthibault/qemu.git slirp
 
-Stats
-S: Orphan
-F: include/sysemu/stats.h
-F: stats/
-
 Streams
 M: Edgar E. Iglesias <edgar.iglesias@gmail.com>
 S: Maintained
@@ -3133,14 +3037,13 @@ T: git https://github.com/stefanha/qemu.git tracing
 TPM
 M: Stefan Berger <stefanb@linux.ibm.com>
 S: Maintained
-F: softmmu/tpm*
+F: tpm.c
 F: hw/tpm/*
 F: include/hw/acpi/tpm.h
 F: include/sysemu/tpm*
 F: qapi/tpm.json
 F: backends/tpm/
 F: tests/qtest/*tpm*
-F: docs/specs/tpm.rst
 T: git https://github.com/stefanberger/qemu-tpm.git tpm-next
 
 Checkpatch
@@ -3149,11 +3052,11 @@ F: scripts/checkpatch.pl
 
 Migration
 M: Juan Quintela <quintela@redhat.com>
+M: Dr. David Alan Gilbert <dgilbert@redhat.com>
 S: Maintained
 F: hw/core/vmstate-if.c
 F: include/hw/vmstate-if.h
 F: include/migration/
-F: include/qemu/userfaultfd.h
 F: migration/
 F: scripts/vmstate-static-checker.py
 F: tests/vmstate-static-checker-data/
@@ -3161,7 +3064,6 @@ F: tests/qtest/migration-test.c
 F: docs/devel/migration.rst
 F: qapi/migration.json
 F: tests/migration/
-F: util/userfaultfd.c
 
 D-Bus
 M: Marc-André Lureau <marcandre.lureau@redhat.com>
@@ -3292,10 +3194,8 @@ S: Supported
 F: replay/*
 F: block/blkreplay.c
 F: net/filter-replay.c
-F: include/exec/replay-core.h
 F: include/sysemu/replay.h
-F: docs/devel/replay.rst
-F: docs/system/replay.rst
+F: docs/replay.txt
 F: stubs/replay.c
 F: tests/avocado/replay_kernel.py
 F: tests/avocado/replay_linux.py
@@ -3357,6 +3257,8 @@ F: roms/edk2
 F: roms/edk2-*
 F: tests/data/uefi-boot-images/
 F: tests/uefi-test-tools/
+F: .gitlab-ci.d/edk2.yml
+F: .gitlab-ci.d/edk2/
 
 VT-d Emulation
 M: Michael S. Tsirkin <mst@redhat.com>
@@ -3376,7 +3278,7 @@ F: .gitlab-ci.d/opensbi/
 
 Clock framework
 M: Luc Michel <luc@lmichel.fr>
-R: Damien Hedde <damien.hedde@dahe.fr>
+R: Damien Hedde <damien.hedde@greensocs.com>
 S: Maintained
 F: include/hw/clock.h
 F: include/hw/qdev-clock.h
@@ -3635,11 +3537,13 @@ F: block/dmg.c
 parallels
 M: Stefan Hajnoczi <stefanha@redhat.com>
 M: Denis V. Lunev <den@openvz.org>
+M: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
 L: qemu-block@nongnu.org
 S: Supported
 F: block/parallels.c
 F: block/parallels-ext.c
 F: docs/interop/parallels.txt
+T: git https://gitlab.com/vsementsov/qemu.git block
 
 qed
 M: Stefan Hajnoczi <stefanha@redhat.com>
@@ -3814,9 +3718,7 @@ F: scripts/ci/
 F: tests/docker/
 F: tests/vm/
 F: tests/lcitool/
-F: tests/avocado/tuxrun_baselines.py
 F: scripts/archive-source.sh
-F: docs/devel/testing.rst
 W: https://gitlab.com/qemu-project/qemu/pipelines
 W: https://travis-ci.org/qemu/qemu
 
@@ -3831,7 +3733,8 @@ W: https://cirrus-ci.com/github/qemu/qemu
 Windows Hosted Continuous Integration
 M: Yonggang Luo <luoyonggang@gmail.com>
 S: Maintained
-F: .gitlab-ci.d/windows.yml
+F: .cirrus.yml
+W: https://cirrus-ci.com/github/qemu/qemu
 
 Guest Test Compilation Support
 M: Alex Bennée <alex.bennee@linaro.org>
@@ -3920,8 +3823,3 @@ Performance Tools and Tests
 M: Ahmed Karaman <ahmedkhaledkaraman@gmail.com>
 S: Maintained
 F: scripts/performance/
-
-Code Coverage Tools
-M: Alex Bennée <alex.bennee@linaro.org>
-S: Odd Fixes
-F: scripts/coverage/

Makefile

@@ -150,7 +150,7 @@ NINJAFLAGS = $(if $V,-v) $(if $(MAKE.n), -n) $(if $(MAKE.k), -k0) \
 ninja-cmd-goals = $(or $(MAKECMDGOALS), all)
 ninja-cmd-goals += $(foreach g, $(MAKECMDGOALS), $(.ninja-goals.$g))
 
-makefile-targets := build.ninja ctags TAGS cscope dist clean
+makefile-targets := build.ninja ctags TAGS cscope dist clean uninstall
 # "ninja -t targets" also lists all prerequisites.  If build system
 # files are marked as PHONY, however, Make will always try to execute
 # "ninja build.ninja".
@@ -220,7 +220,7 @@ qemu-%.tar.bz2:
 
 distclean: clean recurse-distclean
 	-$(quiet-@)test -f build.ninja && $(NINJA) $(NINJAFLAGS) -t clean -g || :
-	rm -f config-host.mak Makefile.prereqs
+	rm -f config-host.mak Makefile.prereqs qemu-bundle
 	rm -f tests/tcg/*/config-target.mak tests/tcg/config-host.mak
 	rm -f config.status
 	rm -f roms/seabios/config.mak
@@ -230,7 +230,7 @@ distclean: clean recurse-distclean
 	rm -f Makefile.ninja Makefile.mtest build.ninja.stamp meson.stamp
 	rm -f config.log
 	rm -f linux-headers/asm
-	rm -Rf .sdk qemu-bundle
+	rm -Rf .sdk
 
 find-src-path = find "$(SRC_PATH)" -path "$(SRC_PATH)/meson" -prune -o \
 	-type l -prune -o \( -name "*.[chsS]" -o -name "*.[ch].inc" \)

VERSION

@@ -1 +1 @@
-8.0.2
+7.2.1

accel/accel-blocker.c

@@ -1,154 +0,0 @@
-/*
- * Lock to inhibit accelerator ioctls
- *
- * Copyright (c) 2022 Red Hat Inc.
- *
- * Author: Emanuele Giuseppe Esposito       <eesposit@redhat.com>
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "qemu/osdep.h"
-#include "qemu/thread.h"
-#include "qemu/main-loop.h"
-#include "hw/core/cpu.h"
-#include "sysemu/accel-blocker.h"
-
-static QemuLockCnt accel_in_ioctl_lock;
-static QemuEvent accel_in_ioctl_event;
-
-void accel_blocker_init(void)
-{
-    qemu_lockcnt_init(&accel_in_ioctl_lock);
-    qemu_event_init(&accel_in_ioctl_event, false);
-}
-
-void accel_ioctl_begin(void)
-{
-    if (likely(qemu_mutex_iothread_locked())) {
-        return;
-    }
-
-    /* block if lock is taken in kvm_ioctl_inhibit_begin() */
-    qemu_lockcnt_inc(&accel_in_ioctl_lock);
-}
-
-void accel_ioctl_end(void)
-{
-    if (likely(qemu_mutex_iothread_locked())) {
-        return;
-    }
-
-    qemu_lockcnt_dec(&accel_in_ioctl_lock);
-    /* change event to SET. If event was BUSY, wake up all waiters */
-    qemu_event_set(&accel_in_ioctl_event);
-}
-
-void accel_cpu_ioctl_begin(CPUState *cpu)
-{
-    if (unlikely(qemu_mutex_iothread_locked())) {
-        return;
-    }
-
-    /* block if lock is taken in kvm_ioctl_inhibit_begin() */
-    qemu_lockcnt_inc(&cpu->in_ioctl_lock);
-}
-
-void accel_cpu_ioctl_end(CPUState *cpu)
-{
-    if (unlikely(qemu_mutex_iothread_locked())) {
-        return;
-    }
-
-    qemu_lockcnt_dec(&cpu->in_ioctl_lock);
-    /* change event to SET. If event was BUSY, wake up all waiters */
-    qemu_event_set(&accel_in_ioctl_event);
-}
-
-static bool accel_has_to_wait(void)
-{
-    CPUState *cpu;
-    bool needs_to_wait = false;
-
-    CPU_FOREACH(cpu) {
-        if (qemu_lockcnt_count(&cpu->in_ioctl_lock)) {
-            /* exit the ioctl, if vcpu is running it */
-            qemu_cpu_kick(cpu);
-            needs_to_wait = true;
-        }
-    }
-
-    return needs_to_wait || qemu_lockcnt_count(&accel_in_ioctl_lock);
-}
-
-void accel_ioctl_inhibit_begin(void)
-{
-    CPUState *cpu;
-
-    /*
-     * We allow to inhibit only when holding the BQL, so we can identify
-     * when an inhibitor wants to issue an ioctl easily.
-     */
-    g_assert(qemu_mutex_iothread_locked());
-
-    /* Block further invocations of the ioctls outside the BQL.  */
-    CPU_FOREACH(cpu) {
-        qemu_lockcnt_lock(&cpu->in_ioctl_lock);
-    }
-    qemu_lockcnt_lock(&accel_in_ioctl_lock);
-
-    /* Keep waiting until there are running ioctls */
-    while (true) {
-
-        /* Reset event to FREE. */
-        qemu_event_reset(&accel_in_ioctl_event);
-
-        if (accel_has_to_wait()) {
-            /*
-             * If event is still FREE, and there are ioctls still in progress,
-             * wait.
-             *
-             *  If an ioctl finishes before qemu_event_wait(), it will change
-             * the event state to SET. This will prevent qemu_event_wait() from
-             * blocking, but it's not a problem because if other ioctls are
-             * still running the loop will iterate once more and reset the event
-             * status to FREE so that it can wait properly.
-             *
-             * If an ioctls finishes while qemu_event_wait() is blocking, then
-             * it will be waken up, but also here the while loop makes sure
-             * to re-enter the wait if there are other running ioctls.
-             */
-            qemu_event_wait(&accel_in_ioctl_event);
-        } else {
-            /* No ioctl is running */
-            return;
-        }
-    }
-}
-
-void accel_ioctl_inhibit_end(void)
-{
-    CPUState *cpu;
-
-    qemu_lockcnt_unlock(&accel_in_ioctl_lock);
-    CPU_FOREACH(cpu) {
-        qemu_lockcnt_unlock(&cpu->in_ioctl_lock);
-    }
-}
-

accel/accel-softmmu.c

@@ -27,7 +27,7 @@
 #include "qemu/accel.h"
 #include "hw/boards.h"
 #include "sysemu/cpus.h"
-#include "qemu/error-report.h"
+
 #include "accel-softmmu.h"
 
 int accel_init_machine(AccelState *accel, MachineState *ms)

accel/kvm/kvm-accel-ops.c

@@ -86,13 +86,6 @@ static bool kvm_cpus_are_resettable(void)
     return !kvm_enabled() || kvm_cpu_check_are_resettable();
 }
 
-#ifdef KVM_CAP_SET_GUEST_DEBUG
-static int kvm_update_guest_debug_ops(CPUState *cpu)
-{
-    return kvm_update_guest_debug(cpu, 0);
-}
-#endif
-
 static void kvm_accel_ops_class_init(ObjectClass *oc, void *data)
 {
     AccelOpsClass *ops = ACCEL_OPS_CLASS(oc);
@@ -106,7 +99,6 @@ static void kvm_accel_ops_class_init(ObjectClass *oc, void *data)
     ops->synchronize_pre_loadvm = kvm_cpu_synchronize_pre_loadvm;
 
 #ifdef KVM_CAP_SET_GUEST_DEBUG
-    ops->update_guest_debug = kvm_update_guest_debug_ops;
     ops->supports_guest_debug = kvm_supports_guest_debug;
     ops->insert_breakpoint = kvm_insert_breakpoint;
     ops->remove_breakpoint = kvm_remove_breakpoint;

accel/kvm/kvm-all.c

@@ -31,7 +31,6 @@
 #include "sysemu/kvm_int.h"
 #include "sysemu/runstate.h"
 #include "sysemu/cpus.h"
-#include "sysemu/accel-blocker.h"
 #include "qemu/bswap.h"
 #include "exec/memory.h"
 #include "exec/ram_addr.h"
@@ -47,10 +46,9 @@
 #include "sysemu/hw_accel.h"
 #include "kvm-cpus.h"
 #include "sysemu/dirtylimit.h"
-#include "qemu/range.h"
 
 #include "hw/boards.h"
-#include "sysemu/stats.h"
+#include "monitor/stats.h"
 
 /* This check must be after config-host.h is included */
 #ifdef CONFIG_EVENTFD
@@ -685,15 +683,6 @@ static uint32_t kvm_dirty_ring_reap_one(KVMState *s, CPUState *cpu)
     uint32_t ring_size = s->kvm_dirty_ring_size;
     uint32_t count = 0, fetch = cpu->kvm_fetch_index;
 
-    /*
-     * It's possible that we race with vcpu creation code where the vcpu is
-     * put onto the vcpus list but not yet initialized the dirty ring
-     * structures.  If so, skip it.
-     */
-    if (!cpu->created) {
-        return 0;
-    }
-
     assert(dirty_gfns && ring_size);
     trace_kvm_dirty_ring_reap_vcpu(cpu->cpu_index);
 
@@ -1303,7 +1292,6 @@ void kvm_set_max_memslot_size(hwaddr max_slot_size)
     kvm_max_slot_size = max_slot_size;
 }
 
-/* Called with KVMMemoryListener.slots_lock held */
 static void kvm_set_phys_mem(KVMMemoryListener *kml,
                              MemoryRegionSection *section, bool add)
 {
@@ -1338,12 +1326,14 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
     ram = memory_region_get_ram_ptr(mr) + mr_offset;
     ram_start_offset = memory_region_get_ram_addr(mr) + mr_offset;
 
+    kvm_slots_lock();
+
     if (!add) {
         do {
             slot_size = MIN(kvm_max_slot_size, size);
             mem = kvm_lookup_matching_slot(kml, start_addr, slot_size);
             if (!mem) {
-                return;
+                goto out;
             }
             if (mem->flags & KVM_MEM_LOG_DIRTY_PAGES) {
                 /*
@@ -1381,7 +1371,7 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
             start_addr += slot_size;
             size -= slot_size;
         } while (size);
-        return;
+        goto out;
     }
 
     /* register the new slot */
@@ -1406,6 +1396,9 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
         ram += slot_size;
         size -= slot_size;
     } while (size);
+
+out:
+    kvm_slots_unlock();
 }
 
 static void *kvm_dirty_ring_reaper_thread(void *data)
@@ -1462,95 +1455,18 @@ static void kvm_region_add(MemoryListener *listener,
                            MemoryRegionSection *section)
 {
     KVMMemoryListener *kml = container_of(listener, KVMMemoryListener, listener);
-    KVMMemoryUpdate *update;
 
-    update = g_new0(KVMMemoryUpdate, 1);
-    update->section = *section;
-
-    QSIMPLEQ_INSERT_TAIL(&kml->transaction_add, update, next);
+    memory_region_ref(section->mr);
+    kvm_set_phys_mem(kml, section, true);
 }
 
 static void kvm_region_del(MemoryListener *listener,
                            MemoryRegionSection *section)
 {
     KVMMemoryListener *kml = container_of(listener, KVMMemoryListener, listener);
-    KVMMemoryUpdate *update;
 
-    update = g_new0(KVMMemoryUpdate, 1);
-    update->section = *section;
-
-    QSIMPLEQ_INSERT_TAIL(&kml->transaction_del, update, next);
-}
-
-static void kvm_region_commit(MemoryListener *listener)
-{
-    KVMMemoryListener *kml = container_of(listener, KVMMemoryListener,
-                                          listener);
-    KVMMemoryUpdate *u1, *u2;
-    bool need_inhibit = false;
-
-    if (QSIMPLEQ_EMPTY(&kml->transaction_add) &&
-        QSIMPLEQ_EMPTY(&kml->transaction_del)) {
-        return;
-    }
-
-    /*
-     * We have to be careful when regions to add overlap with ranges to remove.
-     * We have to simulate atomic KVM memslot updates by making sure no ioctl()
-     * is currently active.
-     *
-     * The lists are order by addresses, so it's easy to find overlaps.
-     */
-    u1 = QSIMPLEQ_FIRST(&kml->transaction_del);
-    u2 = QSIMPLEQ_FIRST(&kml->transaction_add);
-    while (u1 && u2) {
-        Range r1, r2;
-
-        range_init_nofail(&r1, u1->section.offset_within_address_space,
-                          int128_get64(u1->section.size));
-        range_init_nofail(&r2, u2->section.offset_within_address_space,
-                          int128_get64(u2->section.size));
-
-        if (range_overlaps_range(&r1, &r2)) {
-            need_inhibit = true;
-            break;
-        }
-        if (range_lob(&r1) < range_lob(&r2)) {
-            u1 = QSIMPLEQ_NEXT(u1, next);
-        } else {
-            u2 = QSIMPLEQ_NEXT(u2, next);
-        }
-    }
-
-    kvm_slots_lock();
-    if (need_inhibit) {
-        accel_ioctl_inhibit_begin();
-    }
-
-    /* Remove all memslots before adding the new ones. */
-    while (!QSIMPLEQ_EMPTY(&kml->transaction_del)) {
-        u1 = QSIMPLEQ_FIRST(&kml->transaction_del);
-        QSIMPLEQ_REMOVE_HEAD(&kml->transaction_del, next);
-
-        kvm_set_phys_mem(kml, &u1->section, false);
-        memory_region_unref(u1->section.mr);
-
-        g_free(u1);
-    }
-    while (!QSIMPLEQ_EMPTY(&kml->transaction_add)) {
-        u1 = QSIMPLEQ_FIRST(&kml->transaction_add);
-        QSIMPLEQ_REMOVE_HEAD(&kml->transaction_add, next);
-
-        memory_region_ref(u1->section.mr);
-        kvm_set_phys_mem(kml, &u1->section, true);
-
-        g_free(u1);
-    }
-
-    if (need_inhibit) {
-        accel_ioctl_inhibit_end();
-    }
-    kvm_slots_unlock();
+    kvm_set_phys_mem(kml, section, false);
+    memory_region_unref(section->mr);
 }
 
 static void kvm_log_sync(MemoryListener *listener,
@@ -1694,12 +1610,8 @@ void kvm_memory_listener_register(KVMState *s, KVMMemoryListener *kml,
         kml->slots[i].slot = i;
     }
 
-    QSIMPLEQ_INIT(&kml->transaction_add);
-    QSIMPLEQ_INIT(&kml->transaction_del);
-
     kml->listener.region_add = kvm_region_add;
     kml->listener.region_del = kvm_region_del;
-    kml->listener.commit = kvm_region_commit;
     kml->listener.log_start = kvm_log_start;
     kml->listener.log_stop = kvm_log_stop;
     kml->listener.priority = 10;
@@ -2370,13 +2282,13 @@ static int kvm_init(MachineState *ms)
     static const char upgrade_note[] =
         "Please upgrade to at least kernel 2.6.29 or recent kvm-kmod\n"
         "(see http://sourceforge.net/projects/kvm).\n";
-    const struct {
+    struct {
         const char *name;
         int num;
     } num_cpus[] = {
         { "SMP",          ms->smp.cpus },
         { "hotpluggable", ms->smp.max_cpus },
-        { /* end of list */ }
+        { NULL, }
     }, *nc = num_cpus;
     int soft_vcpus_limit, hard_vcpus_limit;
     KVMState *s;
@@ -2398,7 +2310,6 @@ static int kvm_init(MachineState *ms)
     assert(TARGET_PAGE_SIZE <= qemu_real_host_page_size());
 
     s->sigmask_len = 8;
-    accel_blocker_init();
 
 #ifdef KVM_CAP_SET_GUEST_DEBUG
     QTAILQ_INIT(&s->kvm_sw_breakpoints);
@@ -3103,9 +3014,7 @@ int kvm_vm_ioctl(KVMState *s, int type, ...)
     va_end(ap);
 
     trace_kvm_vm_ioctl(type, arg);
-    accel_ioctl_begin();
     ret = ioctl(s->vmfd, type, arg);
-    accel_ioctl_end();
     if (ret == -1) {
         ret = -errno;
     }
@@ -3123,9 +3032,7 @@ int kvm_vcpu_ioctl(CPUState *cpu, int type, ...)
     va_end(ap);
 
     trace_kvm_vcpu_ioctl(cpu->cpu_index, type, arg);
-    accel_cpu_ioctl_begin(cpu);
     ret = ioctl(cpu->kvm_fd, type, arg);
-    accel_cpu_ioctl_end(cpu);
     if (ret == -1) {
         ret = -errno;
     }
@@ -3143,9 +3050,7 @@ int kvm_device_ioctl(int fd, int type, ...)
     va_end(ap);
 
     trace_kvm_device_ioctl(fd, type, arg);
-    accel_ioctl_begin();
     ret = ioctl(fd, type, arg);
-    accel_ioctl_end();
     if (ret == -1) {
         ret = -errno;
     }
@@ -3314,7 +3219,7 @@ bool kvm_supports_guest_debug(void)
     return kvm_has_guest_debug;
 }
 
-int kvm_insert_breakpoint(CPUState *cpu, int type, vaddr addr, vaddr len)
+int kvm_insert_breakpoint(CPUState *cpu, int type, hwaddr addr, hwaddr len)
 {
     struct kvm_sw_breakpoint *bp;
     int err;
@@ -3352,7 +3257,7 @@ int kvm_insert_breakpoint(CPUState *cpu, int type, vaddr addr, vaddr len)
     return 0;
 }
 
-int kvm_remove_breakpoint(CPUState *cpu, int type, vaddr addr, vaddr len)
+int kvm_remove_breakpoint(CPUState *cpu, int type, hwaddr addr, hwaddr len)
 {
     struct kvm_sw_breakpoint *bp;
     int err;
@@ -3681,6 +3586,7 @@ static void kvm_set_dirty_ring_size(Object *obj, Visitor *v,
                                     Error **errp)
 {
     KVMState *s = KVM_STATE(obj);
+    Error *error = NULL;
     uint32_t value;
 
     if (s->fd != -1) {
@@ -3688,7 +3594,9 @@ static void kvm_set_dirty_ring_size(Object *obj, Visitor *v,
         return;
     }
 
-    if (!visit_type_uint32(v, name, &value, errp)) {
+    visit_type_uint32(v, name, &value, &error);
+    if (error) {
+        error_propagate(errp, error);
         return;
     }
     if (value & (value - 1)) {
@@ -3712,9 +3620,6 @@ static void kvm_accel_instance_init(Object *obj)
     s->kvm_dirty_ring_size = 0;
     s->notify_vmexit = NOTIFY_VMEXIT_OPTION_RUN;
     s->notify_window = 0;
-    s->xen_version = 0;
-    s->xen_gnttab_max_frames = 64;
-    s->xen_evtchn_max_pirq = 256;
 }
 
 /**

accel/kvm/kvm-cpus.h

@@ -19,8 +19,8 @@ void kvm_cpu_synchronize_post_reset(CPUState *cpu);
 void kvm_cpu_synchronize_post_init(CPUState *cpu);
 void kvm_cpu_synchronize_pre_loadvm(CPUState *cpu);
 bool kvm_supports_guest_debug(void);
-int kvm_insert_breakpoint(CPUState *cpu, int type, vaddr addr, vaddr len);
-int kvm_remove_breakpoint(CPUState *cpu, int type, vaddr addr, vaddr len);
+int kvm_insert_breakpoint(CPUState *cpu, int type, hwaddr addr, hwaddr len);
+int kvm_remove_breakpoint(CPUState *cpu, int type, hwaddr addr, hwaddr len);
 void kvm_remove_all_breakpoints(CPUState *cpu);
 
 #endif /* KVM_CPUS_H */

accel/meson.build

@@ -1,4 +1,4 @@
-specific_ss.add(files('accel-common.c', 'accel-blocker.c'))
+specific_ss.add(files('accel-common.c'))
 softmmu_ss.add(files('accel-softmmu.c'))
 user_ss.add(files('accel-user.c'))
 
@@ -11,5 +11,10 @@ if have_system
   subdir('stubs')
 endif
 
-# qtest
-softmmu_ss.add(files('dummy-cpus.c'))
+dummy_ss = ss.source_set()
+dummy_ss.add(files(
+  'dummy-cpus.c',
+))
+
+specific_ss.add_all(when: ['CONFIG_SOFTMMU'], if_true: dummy_ss)
+specific_ss.add_all(when: ['CONFIG_XEN'], if_true: dummy_ss)

accel/stubs/tcg-stub.c

@@ -11,7 +11,6 @@
  */
 
 #include "qemu/osdep.h"
-#include "exec/tb-flush.h"
 #include "exec/exec-all.h"
 
 void tb_flush(CPUState *cpu)
@@ -26,7 +25,7 @@ void tcg_flush_jmp_cache(CPUState *cpu)
 {
 }
 
-int probe_access_flags(CPUArchState *env, target_ulong addr, int size,
+int probe_access_flags(CPUArchState *env, target_ulong addr,
                        MMUAccessType access_type, int mmu_idx,
                        bool nonfault, void **phost, uintptr_t retaddr)
 {

accel/tcg/atomic_common.c.inc

@@ -55,53 +55,8 @@ CMPXCHG_HELPER(cmpxchgq_be, uint64_t)
 CMPXCHG_HELPER(cmpxchgq_le, uint64_t)
 #endif
 
-#ifdef CONFIG_CMPXCHG128
-CMPXCHG_HELPER(cmpxchgo_be, Int128)
-CMPXCHG_HELPER(cmpxchgo_le, Int128)
-#endif
-
 #undef CMPXCHG_HELPER
 
-Int128 HELPER(nonatomic_cmpxchgo_be)(CPUArchState *env, target_ulong addr,
-                                     Int128 cmpv, Int128 newv, uint32_t oi)
-{
-#if TCG_TARGET_REG_BITS == 32
-    uintptr_t ra = GETPC();
-    Int128 oldv;
-
-    oldv = cpu_ld16_be_mmu(env, addr, oi, ra);
-    if (int128_eq(oldv, cmpv)) {
-        cpu_st16_be_mmu(env, addr, newv, oi, ra);
-    } else {
-        /* Even with comparison failure, still need a write cycle. */
-        probe_write(env, addr, 16, get_mmuidx(oi), ra);
-    }
-    return oldv;
-#else
-    g_assert_not_reached();
-#endif
-}
-
-Int128 HELPER(nonatomic_cmpxchgo_le)(CPUArchState *env, target_ulong addr,
-                                     Int128 cmpv, Int128 newv, uint32_t oi)
-{
-#if TCG_TARGET_REG_BITS == 32
-    uintptr_t ra = GETPC();
-    Int128 oldv;
-
-    oldv = cpu_ld16_le_mmu(env, addr, oi, ra);
-    if (int128_eq(oldv, cmpv)) {
-        cpu_st16_le_mmu(env, addr, newv, oi, ra);
-    } else {
-        /* Even with comparison failure, still need a write cycle. */
-        probe_write(env, addr, 16, get_mmuidx(oi), ra);
-    }
-    return oldv;
-#else
-    g_assert_not_reached();
-#endif
-}
-
 #define ATOMIC_HELPER(OP, TYPE) \
     TYPE HELPER(glue(atomic_,OP))(CPUArchState *env, target_ulong addr,  \
                                   TYPE val, uint32_t oi)                 \

accel/tcg/cpu-exec-common.c

@@ -21,7 +21,6 @@
 #include "sysemu/cpus.h"
 #include "sysemu/tcg.h"
 #include "exec/exec-all.h"
-#include "qemu/plugin.h"
 
 bool tcg_allowed;
 
@@ -66,8 +65,6 @@ void cpu_loop_exit(CPUState *cpu)
 {
     /* Undo the setting in cpu_tb_exec.  */
     cpu->can_do_io = 1;
-    /* Undo any setting in generated code.  */
-    qemu_plugin_disable_mem_helpers(cpu);
     siglongjmp(cpu->jmp_env, 1);
 }
 

accel/tcg/cpu-exec.c

@@ -20,6 +20,7 @@
 #include "qemu/osdep.h"
 #include "qemu/qemu-print.h"
 #include "qapi/error.h"
+#include "qapi/qapi-commands-machine.h"
 #include "qapi/type-helpers.h"
 #include "hw/core/tcg-cpu-ops.h"
 #include "trace.h"
@@ -27,6 +28,8 @@
 #include "exec/exec-all.h"
 #include "tcg/tcg.h"
 #include "qemu/atomic.h"
+#include "qemu/compiler.h"
+#include "qemu/timer.h"
 #include "qemu/rcu.h"
 #include "exec/log.h"
 #include "qemu/main-loop.h"
@@ -36,7 +39,7 @@
 #include "sysemu/cpus.h"
 #include "exec/cpu-all.h"
 #include "sysemu/cpu-timers.h"
-#include "exec/replay-core.h"
+#include "sysemu/replay.h"
 #include "sysemu/tcg.h"
 #include "exec/helper-proto.h"
 #include "tb-jmp-cache.h"
@@ -62,8 +65,8 @@ typedef struct SyncClocks {
 #define MAX_DELAY_PRINT_RATE 2000000000LL
 #define MAX_NB_PRINTS 100
 
-int64_t max_delay;
-int64_t max_advance;
+static int64_t max_delay;
+static int64_t max_advance;
 
 static void align_clocks(SyncClocks *sc, CPUState *cpu)
 {
@@ -183,7 +186,7 @@ static bool tb_lookup_cmp(const void *p, const void *d)
     const TranslationBlock *tb = p;
     const struct tb_desc *desc = d;
 
-    if ((tb_cflags(tb) & CF_PCREL || tb->pc == desc->pc) &&
+    if ((TARGET_TB_PCREL || tb_pc(tb) == desc->pc) &&
         tb_page_addr0(tb) == desc->page_addr0 &&
         tb->cs_base == desc->cs_base &&
         tb->flags == desc->flags &&
@@ -235,7 +238,7 @@ static TranslationBlock *tb_htable_lookup(CPUState *cpu, target_ulong pc,
         return NULL;
     }
     desc.page_addr0 = phys_pc;
-    h = tb_hash_func(phys_pc, (cflags & CF_PCREL ? 0 : pc),
+    h = tb_hash_func(phys_pc, (TARGET_TB_PCREL ? 0 : pc),
                      flags, cflags, *cpu->trace_dstate);
     return qht_lookup_custom(&tb_ctx.htable, &desc, h, tb_lookup_cmp);
 }
@@ -254,46 +257,21 @@ static inline TranslationBlock *tb_lookup(CPUState *cpu, target_ulong pc,
 
     hash = tb_jmp_cache_hash_func(pc);
     jc = cpu->tb_jmp_cache;
+    tb = tb_jmp_cache_get_tb(jc, hash);
 
-    if (cflags & CF_PCREL) {
-        /* Use acquire to ensure current load of pc from jc. */
-        tb = qatomic_load_acquire(&jc->array[hash].tb);
-
-        if (likely(tb &&
-                   jc->array[hash].pc == pc &&
-                   tb->cs_base == cs_base &&
-                   tb->flags == flags &&
-                   tb->trace_vcpu_dstate == *cpu->trace_dstate &&
-                   tb_cflags(tb) == cflags)) {
-            return tb;
-        }
-        tb = tb_htable_lookup(cpu, pc, cs_base, flags, cflags);
-        if (tb == NULL) {
-            return NULL;
-        }
-        jc->array[hash].pc = pc;
-        /* Ensure pc is written first. */
-        qatomic_store_release(&jc->array[hash].tb, tb);
-    } else {
-        /* Use rcu_read to ensure current load of pc from *tb. */
-        tb = qatomic_rcu_read(&jc->array[hash].tb);
-
-        if (likely(tb &&
-                   tb->pc == pc &&
-                   tb->cs_base == cs_base &&
-                   tb->flags == flags &&
-                   tb->trace_vcpu_dstate == *cpu->trace_dstate &&
-                   tb_cflags(tb) == cflags)) {
-            return tb;
-        }
-        tb = tb_htable_lookup(cpu, pc, cs_base, flags, cflags);
-        if (tb == NULL) {
-            return NULL;
-        }
-        /* Use the pc value already stored in tb->pc. */
-        qatomic_set(&jc->array[hash].tb, tb);
+    if (likely(tb &&
+               tb_jmp_cache_get_pc(jc, hash, tb) == pc &&
+               tb->cs_base == cs_base &&
+               tb->flags == flags &&
+               tb->trace_vcpu_dstate == *cpu->trace_dstate &&
+               tb_cflags(tb) == cflags)) {
+        return tb;
     }
-
+    tb = tb_htable_lookup(cpu, pc, cs_base, flags, cflags);
+    if (tb == NULL) {
+        return NULL;
+    }
+    tb_jmp_cache_set(jc, hash, tb, pc);
     return tb;
 }
 
@@ -459,7 +437,6 @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
     qemu_thread_jit_execute();
     ret = tcg_qemu_tb_exec(env, tb_ptr);
     cpu->can_do_io = 1;
-    qemu_plugin_disable_mem_helpers(cpu);
     /*
      * TODO: Delay swapping back to the read-write region of the TB
      * until we actually need to modify the TB.  The read-only copy,
@@ -483,9 +460,9 @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
         if (cc->tcg_ops->synchronize_from_tb) {
             cc->tcg_ops->synchronize_from_tb(cpu, last_tb);
         } else {
-            tcg_debug_assert(!(tb_cflags(last_tb) & CF_PCREL));
+            assert(!TARGET_TB_PCREL);
             assert(cc->set_pc);
-            cc->set_pc(cpu, last_tb->pc);
+            cc->set_pc(cpu, tb_pc(last_tb));
         }
         if (qemu_loglevel_mask(CPU_LOG_EXEC)) {
             target_ulong pc = log_pc(cpu, last_tb);
@@ -580,6 +557,7 @@ void cpu_exec_step_atomic(CPUState *cpu)
             qemu_mutex_unlock_iothread();
         }
         assert_no_pages_locked();
+        qemu_plugin_disable_mem_helpers(cpu);
     }
 
     /*
@@ -594,18 +572,15 @@ void cpu_exec_step_atomic(CPUState *cpu)
 
 void tb_set_jmp_target(TranslationBlock *tb, int n, uintptr_t addr)
 {
-    /*
-     * Get the rx view of the structure, from which we find the
-     * executable code address, and tb_target_set_jmp_target can
-     * produce a pc-relative displacement to jmp_target_addr[n].
-     */
-    const TranslationBlock *c_tb = tcg_splitwx_to_rx(tb);
-    uintptr_t offset = tb->jmp_insn_offset[n];
-    uintptr_t jmp_rx = (uintptr_t)tb->tc.ptr + offset;
-    uintptr_t jmp_rw = jmp_rx - tcg_splitwx_diff;
-
-    tb->jmp_target_addr[n] = addr;
-    tb_target_set_jmp_target(c_tb, n, jmp_rx, jmp_rw);
+    if (TCG_TARGET_HAS_direct_jump) {
+        uintptr_t offset = tb->jmp_target_arg[n];
+        uintptr_t tc_ptr = (uintptr_t)tb->tc.ptr;
+        uintptr_t jmp_rx = tc_ptr + offset;
+        uintptr_t jmp_rw = jmp_rx - tcg_splitwx_diff;
+        tb_target_set_jmp_target(tc_ptr, jmp_rx, jmp_rw, addr);
+    } else {
+        tb->jmp_target_arg[n] = addr;
+    }
 }
 
 static inline void tb_add_jump(TranslationBlock *tb, int n,
@@ -934,10 +909,64 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb,
 
 /* main execution loop */
 
-static int __attribute__((noinline))
-cpu_exec_loop(CPUState *cpu, SyncClocks *sc)
+int cpu_exec(CPUState *cpu)
 {
     int ret;
+    SyncClocks sc = { 0 };
+
+    /* replay_interrupt may need current_cpu */
+    current_cpu = cpu;
+
+    if (cpu_handle_halt(cpu)) {
+        return EXCP_HALTED;
+    }
+
+    rcu_read_lock();
+
+    cpu_exec_enter(cpu);
+
+    /* Calculate difference between guest clock and host clock.
+     * This delay includes the delay of the last cycle, so
+     * what we have to do is sleep until it is 0. As for the
+     * advance/delay we gain here, we try to fix it next time.
+     */
+    init_delay_params(&sc, cpu);
+
+    /* prepare setjmp context for exception handling */
+    if (sigsetjmp(cpu->jmp_env, 0) != 0) {
+#if defined(__clang__)
+        /*
+         * Some compilers wrongly smash all local variables after
+         * siglongjmp (the spec requires that only non-volatile locals
+         * which are changed between the sigsetjmp and siglongjmp are
+         * permitted to be trashed). There were bug reports for gcc
+         * 4.5.0 and clang.  The bug is fixed in all versions of gcc
+         * that we support, but is still unfixed in clang:
+         *   https://bugs.llvm.org/show_bug.cgi?id=21183
+         *
+         * Reload an essential local variable here for those compilers.
+         * Newer versions of gcc would complain about this code (-Wclobbered),
+         * so we only perform the workaround for clang.
+         */
+        cpu = current_cpu;
+#else
+        /* Non-buggy compilers preserve this; assert the correct value. */
+        g_assert(cpu == current_cpu);
+#endif
+
+#ifndef CONFIG_SOFTMMU
+        clear_helper_retaddr();
+        if (have_mmap_lock()) {
+            mmap_unlock();
+        }
+#endif
+        if (qemu_mutex_iothread_locked()) {
+            qemu_mutex_unlock_iothread();
+        }
+        qemu_plugin_disable_mem_helpers(cpu);
+
+        assert_no_pages_locked();
+    }
 
     /* if an exception is pending, we execute it here */
     while (!cpu_handle_exception(cpu, &ret)) {
@@ -971,27 +1000,17 @@ cpu_exec_loop(CPUState *cpu, SyncClocks *sc)
 
             tb = tb_lookup(cpu, pc, cs_base, flags, cflags);
             if (tb == NULL) {
-                CPUJumpCache *jc;
                 uint32_t h;
 
                 mmap_lock();
                 tb = tb_gen_code(cpu, pc, cs_base, flags, cflags);
                 mmap_unlock();
-
                 /*
                  * We add the TB in the virtual pc hash table
                  * for the fast lookup
                  */
                 h = tb_jmp_cache_hash_func(pc);
-                jc = cpu->tb_jmp_cache;
-                if (cflags & CF_PCREL) {
-                    jc->array[h].pc = pc;
-                    /* Ensure pc is written first. */
-                    qatomic_store_release(&jc->array[h].tb, tb);
-                } else {
-                    /* Use the pc value already stored in tb->pc. */
-                    qatomic_set(&jc->array[h].tb, tb);
-                }
+                tb_jmp_cache_set(cpu->tb_jmp_cache, h, tb, pc);
             }
 
 #ifndef CONFIG_USER_ONLY
@@ -1014,59 +1033,9 @@ cpu_exec_loop(CPUState *cpu, SyncClocks *sc)
 
             /* Try to align the host and virtual clocks
                if the guest is in advance */
-            align_clocks(sc, cpu);
+            align_clocks(&sc, cpu);
         }
     }
-    return ret;
-}
-
-static int cpu_exec_setjmp(CPUState *cpu, SyncClocks *sc)
-{
-    /* Prepare setjmp context for exception handling. */
-    if (unlikely(sigsetjmp(cpu->jmp_env, 0) != 0)) {
-        /* Non-buggy compilers preserve this; assert the correct value. */
-        g_assert(cpu == current_cpu);
-
-#ifndef CONFIG_SOFTMMU
-        clear_helper_retaddr();
-        if (have_mmap_lock()) {
-            mmap_unlock();
-        }
-#endif
-        if (qemu_mutex_iothread_locked()) {
-            qemu_mutex_unlock_iothread();
-        }
-
-        assert_no_pages_locked();
-    }
-
-    return cpu_exec_loop(cpu, sc);
-}
-
-int cpu_exec(CPUState *cpu)
-{
-    int ret;
-    SyncClocks sc = { 0 };
-
-    /* replay_interrupt may need current_cpu */
-    current_cpu = cpu;
-
-    if (cpu_handle_halt(cpu)) {
-        return EXCP_HALTED;
-    }
-
-    rcu_read_lock();
-    cpu_exec_enter(cpu);
-
-    /*
-     * Calculate difference between guest clock and host clock.
-     * This delay includes the delay of the last cycle, so
-     * what we have to do is sleep until it is 0. As for the
-     * advance/delay we gain here, we try to fix it next time.
-     */
-    init_delay_params(&sc, cpu);
-
-    ret = cpu_exec_setjmp(cpu, &sc);
 
     cpu_exec_exit(cpu);
     rcu_read_unlock();
@@ -1095,10 +1064,94 @@ void tcg_exec_realizefn(CPUState *cpu, Error **errp)
 /* undo the initializations in reverse order */
 void tcg_exec_unrealizefn(CPUState *cpu)
 {
+    qemu_plugin_vcpu_exit_hook(cpu);
 #ifndef CONFIG_USER_ONLY
     tcg_iommu_free_notifier_list(cpu);
 #endif /* !CONFIG_USER_ONLY */
 
     tlb_destroy(cpu);
-    g_free_rcu(cpu->tb_jmp_cache, rcu);
+    g_free(cpu->tb_jmp_cache);
 }
+
+#ifndef CONFIG_USER_ONLY
+
+static void dump_drift_info(GString *buf)
+{
+    if (!icount_enabled()) {
+        return;
+    }
+
+    g_string_append_printf(buf, "Host - Guest clock  %"PRIi64" ms\n",
+                           (cpu_get_clock() - icount_get()) / SCALE_MS);
+    if (icount_align_option) {
+        g_string_append_printf(buf, "Max guest delay     %"PRIi64" ms\n",
+                               -max_delay / SCALE_MS);
+        g_string_append_printf(buf, "Max guest advance   %"PRIi64" ms\n",
+                               max_advance / SCALE_MS);
+    } else {
+        g_string_append_printf(buf, "Max guest delay     NA\n");
+        g_string_append_printf(buf, "Max guest advance   NA\n");
+    }
+}
+
+HumanReadableText *qmp_x_query_jit(Error **errp)
+{
+    g_autoptr(GString) buf = g_string_new("");
+
+    if (!tcg_enabled()) {
+        error_setg(errp, "JIT information is only available with accel=tcg");
+        return NULL;
+    }
+
+    dump_exec_info(buf);
+    dump_drift_info(buf);
+
+    return human_readable_text_from_str(buf);
+}
+
+HumanReadableText *qmp_x_query_opcount(Error **errp)
+{
+    g_autoptr(GString) buf = g_string_new("");
+
+    if (!tcg_enabled()) {
+        error_setg(errp, "Opcode count information is only available with accel=tcg");
+        return NULL;
+    }
+
+    tcg_dump_op_count(buf);
+
+    return human_readable_text_from_str(buf);
+}
+
+#ifdef CONFIG_PROFILER
+
+int64_t dev_time;
+
+HumanReadableText *qmp_x_query_profile(Error **errp)
+{
+    g_autoptr(GString) buf = g_string_new("");
+    static int64_t last_cpu_exec_time;
+    int64_t cpu_exec_time;
+    int64_t delta;
+
+    cpu_exec_time = tcg_cpu_exec_time();
+    delta = cpu_exec_time - last_cpu_exec_time;
+
+    g_string_append_printf(buf, "async time  %" PRId64 " (%0.3f)\n",
+                           dev_time, dev_time / (double)NANOSECONDS_PER_SECOND);
+    g_string_append_printf(buf, "qemu time   %" PRId64 " (%0.3f)\n",
+                           delta, delta / (double)NANOSECONDS_PER_SECOND);
+    last_cpu_exec_time = cpu_exec_time;
+    dev_time = 0;
+
+    return human_readable_text_from_str(buf);
+}
+#else
+HumanReadableText *qmp_x_query_profile(Error **errp)
+{
+    error_setg(errp, "Internal profiler not compiled");
+    return NULL;
+}
+#endif
+
+#endif /* !CONFIG_USER_ONLY */

accel/tcg/cputlb.c

@@ -33,7 +33,7 @@
 #include "qemu/atomic.h"
 #include "qemu/atomic128.h"
 #include "exec/translate-all.h"
-#include "trace.h"
+#include "trace/trace-root.h"
 #include "tb-hash.h"
 #include "internal.h"
 #ifdef CONFIG_PLUGIN
@@ -100,14 +100,9 @@ static void tlb_window_reset(CPUTLBDesc *desc, int64_t ns,
 
 static void tb_jmp_cache_clear_page(CPUState *cpu, target_ulong page_addr)
 {
+    int i, i0 = tb_jmp_cache_hash_page(page_addr);
     CPUJumpCache *jc = cpu->tb_jmp_cache;
-    int i, i0;
 
-    if (unlikely(!jc)) {
-        return;
-    }
-
-    i0 = tb_jmp_cache_hash_page(page_addr);
     for (i = 0; i < TB_JMP_PAGE_SIZE; i++) {
         qatomic_set(&jc->array[i0 + i].tb, NULL);
     }
@@ -1147,7 +1142,7 @@ void tlb_set_page_full(CPUState *cpu, int mmu_idx,
                                                 &xlat, &sz, full->attrs, &prot);
     assert(sz >= TARGET_PAGE_SIZE);
 
-    tlb_debug("vaddr=" TARGET_FMT_lx " paddr=0x" HWADDR_FMT_plx
+    tlb_debug("vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
               " prot=%x idx=%d\n",
               vaddr, full->phys_addr, prot, mmu_idx);
 
@@ -1250,6 +1245,7 @@ void tlb_set_page_full(CPUState *cpu, int mmu_idx,
     desc->fulltlb[index] = *full;
     desc->fulltlb[index].xlat_section = iotlb - vaddr_page;
     desc->fulltlb[index].phys_addr = paddr_page;
+    desc->fulltlb[index].prot = prot;
 
     /* Now calculate the new entry */
     tn.addend = addend - vaddr_page;
@@ -1360,6 +1356,7 @@ static uint64_t io_readx(CPUArchState *env, CPUTLBEntryFull *full,
     MemoryRegionSection *section;
     MemoryRegion *mr;
     uint64_t val;
+    bool locked = false;
     MemTxResult r;
 
     section = iotlb_to_section(cpu, full->xlat_section, full->attrs);
@@ -1370,11 +1367,11 @@ static uint64_t io_readx(CPUArchState *env, CPUTLBEntryFull *full,
         cpu_io_recompile(cpu, retaddr);
     }
 
-    {
-        QEMU_IOTHREAD_LOCK_GUARD();
-        r = memory_region_dispatch_read(mr, mr_offset, &val, op, full->attrs);
+    if (!qemu_mutex_iothread_locked()) {
+        qemu_mutex_lock_iothread();
+        locked = true;
     }
-
+    r = memory_region_dispatch_read(mr, mr_offset, &val, op, full->attrs);
     if (r != MEMTX_OK) {
         hwaddr physaddr = mr_offset +
             section->offset_within_address_space -
@@ -1383,6 +1380,10 @@ static uint64_t io_readx(CPUArchState *env, CPUTLBEntryFull *full,
         cpu_transaction_failed(cpu, physaddr, addr, memop_size(op), access_type,
                                mmu_idx, full->attrs, r, retaddr);
     }
+    if (locked) {
+        qemu_mutex_unlock_iothread();
+    }
+
     return val;
 }
 
@@ -1409,6 +1410,7 @@ static void io_writex(CPUArchState *env, CPUTLBEntryFull *full,
     hwaddr mr_offset;
     MemoryRegionSection *section;
     MemoryRegion *mr;
+    bool locked = false;
     MemTxResult r;
 
     section = iotlb_to_section(cpu, full->xlat_section, full->attrs);
@@ -1425,11 +1427,11 @@ static void io_writex(CPUArchState *env, CPUTLBEntryFull *full,
      */
     save_iotlb_data(cpu, section, mr_offset);
 
-    {
-        QEMU_IOTHREAD_LOCK_GUARD();
-        r = memory_region_dispatch_write(mr, mr_offset, val, op, full->attrs);
+    if (!qemu_mutex_iothread_locked()) {
+        qemu_mutex_lock_iothread();
+        locked = true;
     }
-
+    r = memory_region_dispatch_write(mr, mr_offset, val, op, full->attrs);
     if (r != MEMTX_OK) {
         hwaddr physaddr = mr_offset +
             section->offset_within_address_space -
@@ -1439,6 +1441,9 @@ static void io_writex(CPUArchState *env, CPUTLBEntryFull *full,
                                MMU_DATA_STORE, mmu_idx, full->attrs, r,
                                retaddr);
     }
+    if (locked) {
+        qemu_mutex_unlock_iothread();
+    }
 }
 
 static inline target_ulong tlb_read_ofs(CPUTLBEntry *entry, size_t ofs)
@@ -1503,7 +1508,10 @@ static void notdirty_write(CPUState *cpu, vaddr mem_vaddr, unsigned size,
     trace_memory_notdirty_write_access(mem_vaddr, ram_addr, size);
 
     if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
-        tb_invalidate_phys_range_fast(ram_addr, size, retaddr);
+        struct page_collection *pages
+            = page_collection_lock(ram_addr, ram_addr + size);
+        tb_invalidate_phys_page_fast(pages, ram_addr, size, retaddr);
+        page_collection_unlock(pages);
     }
 
     /*
@@ -1588,12 +1596,12 @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
     return flags;
 }
 
-int probe_access_full(CPUArchState *env, target_ulong addr, int size,
+int probe_access_full(CPUArchState *env, target_ulong addr,
                       MMUAccessType access_type, int mmu_idx,
                       bool nonfault, void **phost, CPUTLBEntryFull **pfull,
                       uintptr_t retaddr)
 {
-    int flags = probe_access_internal(env, addr, size, access_type, mmu_idx,
+    int flags = probe_access_internal(env, addr, 0, access_type, mmu_idx,
                                       nonfault, phost, pfull, retaddr);
 
     /* Handle clean RAM pages.  */
@@ -1605,25 +1613,14 @@ int probe_access_full(CPUArchState *env, target_ulong addr, int size,
     return flags;
 }
 
-int probe_access_flags(CPUArchState *env, target_ulong addr, int size,
+int probe_access_flags(CPUArchState *env, target_ulong addr,
                        MMUAccessType access_type, int mmu_idx,
                        bool nonfault, void **phost, uintptr_t retaddr)
 {
     CPUTLBEntryFull *full;
-    int flags;
 
-    g_assert(-(addr | TARGET_PAGE_MASK) >= size);
-
-    flags = probe_access_internal(env, addr, size, access_type, mmu_idx,
-                                  nonfault, phost, &full, retaddr);
-
-    /* Handle clean RAM pages. */
-    if (unlikely(flags & TLB_NOTDIRTY)) {
-        notdirty_write(env_cpu(env), addr, 1, full, retaddr);
-        flags &= ~TLB_NOTDIRTY;
-    }
-
-    return flags;
+    return probe_access_full(env, addr, access_type, mmu_idx,
+                             nonfault, phost, &full, retaddr);
 }
 
 void *probe_access(CPUArchState *env, target_ulong addr, int size,
@@ -1767,7 +1764,6 @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
     CPUTLBEntry *tlbe;
     target_ulong tlb_addr;
     void *hostaddr;
-    CPUTLBEntryFull *full;
 
     tcg_debug_assert(mmu_idx < NB_MMU_MODES);
 
@@ -1806,31 +1802,22 @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
             tlb_addr = tlb_addr_write(tlbe) & ~TLB_INVALID_MASK;
         }
 
-        if (prot & PAGE_READ) {
+        /* Let the guest notice RMW on a write-only page.  */
+        if ((prot & PAGE_READ) &&
+            unlikely(tlbe->addr_read != (tlb_addr & ~TLB_NOTDIRTY))) {
+            tlb_fill(env_cpu(env), addr, size,
+                     MMU_DATA_LOAD, mmu_idx, retaddr);
             /*
-             * Let the guest notice RMW on a write-only page.
-             * We have just verified that the page is writable.
-             * Subpage lookups may have left TLB_INVALID_MASK set,
-             * but addr_read will only be -1 if PAGE_READ was unset.
+             * Since we don't support reads and writes to different addresses,
+             * and we do have the proper page loaded for write, this shouldn't
+             * ever return.  But just in case, handle via stop-the-world.
              */
-            if (unlikely(tlbe->addr_read == -1)) {
-                tlb_fill(env_cpu(env), addr, size,
-                         MMU_DATA_LOAD, mmu_idx, retaddr);
-                /*
-                 * Since we don't support reads and writes to different
-                 * addresses, and we do have the proper page loaded for
-                 * write, this shouldn't ever return.  But just in case,
-                 * handle via stop-the-world.
-                 */
-                goto stop_the_world;
-            }
-            /* Collect TLB_WATCHPOINT for read. */
-            tlb_addr |= tlbe->addr_read;
+            goto stop_the_world;
         }
     } else /* if (prot & PAGE_READ) */ {
         tlb_addr = tlbe->addr_read;
         if (!tlb_hit(tlb_addr, addr)) {
-            if (!VICTIM_TLB_HIT(addr_read, addr)) {
+            if (!VICTIM_TLB_HIT(addr_write, addr)) {
                 tlb_fill(env_cpu(env), addr, size,
                          MMU_DATA_LOAD, mmu_idx, retaddr);
                 index = tlb_index(env, mmu_idx, addr);
@@ -1841,25 +1828,17 @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
     }
 
     /* Notice an IO access or a needs-MMU-lookup access */
-    if (unlikely(tlb_addr & (TLB_MMIO | TLB_DISCARD_WRITE))) {
+    if (unlikely(tlb_addr & TLB_MMIO)) {
         /* There's really nothing that can be done to
            support this apart from stop-the-world.  */
         goto stop_the_world;
     }
 
     hostaddr = (void *)((uintptr_t)addr + tlbe->addend);
-    full = &env_tlb(env)->d[mmu_idx].fulltlb[index];
 
     if (unlikely(tlb_addr & TLB_NOTDIRTY)) {
-        notdirty_write(env_cpu(env), addr, size, full, retaddr);
-    }
-
-    if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
-        QEMU_BUILD_BUG_ON(PAGE_READ != BP_MEM_READ);
-        QEMU_BUILD_BUG_ON(PAGE_WRITE != BP_MEM_WRITE);
-        /* therefore prot == watchpoint bits */
-        cpu_check_watchpoint(env_cpu(env), addr, size,
-                             full->attrs, prot, retaddr);
+        notdirty_write(env_cpu(env), addr, size,
+                       &env_tlb(env)->d[mmu_idx].fulltlb[index], retaddr);
     }
 
     return hostaddr;
@@ -2220,64 +2199,6 @@ uint64_t cpu_ldq_le_mmu(CPUArchState *env, abi_ptr addr,
     return cpu_load_helper(env, addr, oi, ra, helper_le_ldq_mmu);
 }
 
-Int128 cpu_ld16_be_mmu(CPUArchState *env, abi_ptr addr,
-                       MemOpIdx oi, uintptr_t ra)
-{
-    MemOp mop = get_memop(oi);
-    int mmu_idx = get_mmuidx(oi);
-    MemOpIdx new_oi;
-    unsigned a_bits;
-    uint64_t h, l;
-
-    tcg_debug_assert((mop & (MO_BSWAP|MO_SSIZE)) == (MO_BE|MO_128));
-    a_bits = get_alignment_bits(mop);
-
-    /* Handle CPU specific unaligned behaviour */
-    if (addr & ((1 << a_bits) - 1)) {
-        cpu_unaligned_access(env_cpu(env), addr, MMU_DATA_LOAD,
-                             mmu_idx, ra);
-    }
-
-    /* Construct an unaligned 64-bit replacement MemOpIdx. */
-    mop = (mop & ~(MO_SIZE | MO_AMASK)) | MO_64 | MO_UNALN;
-    new_oi = make_memop_idx(mop, mmu_idx);
-
-    h = helper_be_ldq_mmu(env, addr, new_oi, ra);
-    l = helper_be_ldq_mmu(env, addr + 8, new_oi, ra);
-
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
-    return int128_make128(l, h);
-}
-
-Int128 cpu_ld16_le_mmu(CPUArchState *env, abi_ptr addr,
-                       MemOpIdx oi, uintptr_t ra)
-{
-    MemOp mop = get_memop(oi);
-    int mmu_idx = get_mmuidx(oi);
-    MemOpIdx new_oi;
-    unsigned a_bits;
-    uint64_t h, l;
-
-    tcg_debug_assert((mop & (MO_BSWAP|MO_SSIZE)) == (MO_LE|MO_128));
-    a_bits = get_alignment_bits(mop);
-
-    /* Handle CPU specific unaligned behaviour */
-    if (addr & ((1 << a_bits) - 1)) {
-        cpu_unaligned_access(env_cpu(env), addr, MMU_DATA_LOAD,
-                             mmu_idx, ra);
-    }
-
-    /* Construct an unaligned 64-bit replacement MemOpIdx. */
-    mop = (mop & ~(MO_SIZE | MO_AMASK)) | MO_64 | MO_UNALN;
-    new_oi = make_memop_idx(mop, mmu_idx);
-
-    l = helper_le_ldq_mmu(env, addr, new_oi, ra);
-    h = helper_le_ldq_mmu(env, addr + 8, new_oi, ra);
-
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
-    return int128_make128(l, h);
-}
-
 /*
  * Store Helpers
  */
@@ -2632,60 +2553,6 @@ void cpu_stq_le_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
     cpu_store_helper(env, addr, val, oi, retaddr, helper_le_stq_mmu);
 }
 
-void cpu_st16_be_mmu(CPUArchState *env, abi_ptr addr, Int128 val,
-                     MemOpIdx oi, uintptr_t ra)
-{
-    MemOp mop = get_memop(oi);
-    int mmu_idx = get_mmuidx(oi);
-    MemOpIdx new_oi;
-    unsigned a_bits;
-
-    tcg_debug_assert((mop & (MO_BSWAP|MO_SSIZE)) == (MO_BE|MO_128));
-    a_bits = get_alignment_bits(mop);
-
-    /* Handle CPU specific unaligned behaviour */
-    if (addr & ((1 << a_bits) - 1)) {
-        cpu_unaligned_access(env_cpu(env), addr, MMU_DATA_STORE,
-                             mmu_idx, ra);
-    }
-
-    /* Construct an unaligned 64-bit replacement MemOpIdx. */
-    mop = (mop & ~(MO_SIZE | MO_AMASK)) | MO_64 | MO_UNALN;
-    new_oi = make_memop_idx(mop, mmu_idx);
-
-    helper_be_stq_mmu(env, addr, int128_gethi(val), new_oi, ra);
-    helper_be_stq_mmu(env, addr + 8, int128_getlo(val), new_oi, ra);
-
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
-}
-
-void cpu_st16_le_mmu(CPUArchState *env, abi_ptr addr, Int128 val,
-                     MemOpIdx oi, uintptr_t ra)
-{
-    MemOp mop = get_memop(oi);
-    int mmu_idx = get_mmuidx(oi);
-    MemOpIdx new_oi;
-    unsigned a_bits;
-
-    tcg_debug_assert((mop & (MO_BSWAP|MO_SSIZE)) == (MO_LE|MO_128));
-    a_bits = get_alignment_bits(mop);
-
-    /* Handle CPU specific unaligned behaviour */
-    if (addr & ((1 << a_bits) - 1)) {
-        cpu_unaligned_access(env_cpu(env), addr, MMU_DATA_STORE,
-                             mmu_idx, ra);
-    }
-
-    /* Construct an unaligned 64-bit replacement MemOpIdx. */
-    mop = (mop & ~(MO_SIZE | MO_AMASK)) | MO_64 | MO_UNALN;
-    new_oi = make_memop_idx(mop, mmu_idx);
-
-    helper_le_stq_mmu(env, addr, int128_getlo(val), new_oi, ra);
-    helper_le_stq_mmu(env, addr + 8, int128_gethi(val), new_oi, ra);
-
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
-}
-
 #include "ldst_common.c.inc"
 
 /*

accel/tcg/debuginfo.c

@@ -1,96 +0,0 @@
-/*
- * Debug information support.
- *
- * SPDX-License-Identifier: GPL-2.0-or-later
- */
-
-#include "qemu/osdep.h"
-#include "qemu/lockable.h"
-
-#include <elfutils/libdwfl.h>
-
-#include "debuginfo.h"
-
-static QemuMutex lock;
-static Dwfl *dwfl;
-static const Dwfl_Callbacks dwfl_callbacks = {
-    .find_elf = NULL,
-    .find_debuginfo = dwfl_standard_find_debuginfo,
-    .section_address = NULL,
-    .debuginfo_path = NULL,
-};
-
-__attribute__((constructor))
-static void debuginfo_init(void)
-{
-    qemu_mutex_init(&lock);
-}
-
-void debuginfo_report_elf(const char *name, int fd, uint64_t bias)
-{
-    QEMU_LOCK_GUARD(&lock);
-
-    if (dwfl) {
-        dwfl_report_begin_add(dwfl);
-    } else {
-        dwfl = dwfl_begin(&dwfl_callbacks);
-    }
-
-    if (dwfl) {
-        dwfl_report_elf(dwfl, name, name, fd, bias, true);
-        dwfl_report_end(dwfl, NULL, NULL);
-    }
-}
-
-void debuginfo_lock(void)
-{
-    qemu_mutex_lock(&lock);
-}
-
-void debuginfo_query(struct debuginfo_query *q, size_t n)
-{
-    const char *symbol, *file;
-    Dwfl_Module *dwfl_module;
-    Dwfl_Line *dwfl_line;
-    GElf_Off dwfl_offset;
-    GElf_Sym dwfl_sym;
-    size_t i;
-    int line;
-
-    if (!dwfl) {
-        return;
-    }
-
-    for (i = 0; i < n; i++) {
-        dwfl_module = dwfl_addrmodule(dwfl, q[i].address);
-        if (!dwfl_module) {
-            continue;
-        }
-
-        if (q[i].flags & DEBUGINFO_SYMBOL) {
-            symbol = dwfl_module_addrinfo(dwfl_module, q[i].address,
-                                          &dwfl_offset, &dwfl_sym,
-                                          NULL, NULL, NULL);
-            if (symbol) {
-                q[i].symbol = symbol;
-                q[i].offset = dwfl_offset;
-            }
-        }
-
-        if (q[i].flags & DEBUGINFO_LINE) {
-            dwfl_line = dwfl_module_getsrc(dwfl_module, q[i].address);
-            if (dwfl_line) {
-                file = dwfl_lineinfo(dwfl_line, NULL, &line, 0, NULL, NULL);
-                if (file) {
-                    q[i].file = file;
-                    q[i].line = line;
-                }
-            }
-        }
-    }
-}
-
-void debuginfo_unlock(void)
-{
-    qemu_mutex_unlock(&lock);
-}

accel/tcg/debuginfo.h

@@ -1,79 +0,0 @@
-/*
- * Debug information support.
- *
- * SPDX-License-Identifier: GPL-2.0-or-later
- */
-
-#ifndef ACCEL_TCG_DEBUGINFO_H
-#define ACCEL_TCG_DEBUGINFO_H
-
-#include "qemu/bitops.h"
-
-/*
- * Debuginfo describing a certain address.
- */
-struct debuginfo_query {
-    uint64_t address;    /* Input: address. */
-    int flags;           /* Input: debuginfo subset. */
-    const char *symbol;  /* Symbol that the address is part of. */
-    uint64_t offset;     /* Offset from the symbol. */
-    const char *file;    /* Source file associated with the address. */
-    int line;            /* Line number in the source file. */
-};
-
-/*
- * Debuginfo subsets.
- */
-#define DEBUGINFO_SYMBOL BIT(1)
-#define DEBUGINFO_LINE   BIT(2)
-
-#if defined(CONFIG_TCG) && defined(CONFIG_LIBDW)
-/*
- * Load debuginfo for the specified guest ELF image.
- * Return true on success, false on failure.
- */
-void debuginfo_report_elf(const char *name, int fd, uint64_t bias);
-
-/*
- * Take the debuginfo lock.
- */
-void debuginfo_lock(void);
-
-/*
- * Fill each on N Qs with the debuginfo about Q->ADDRESS as specified by
- * Q->FLAGS:
- *
- * - DEBUGINFO_SYMBOL: update Q->SYMBOL and Q->OFFSET. If symbol debuginfo is
- *                     missing, then leave them as is.
- * - DEBUINFO_LINE: update Q->FILE and Q->LINE. If line debuginfo is missing,
- *                  then leave them as is.
- *
- * This function must be called under the debuginfo lock. The results can be
- * accessed only until the debuginfo lock is released.
- */
-void debuginfo_query(struct debuginfo_query *q, size_t n);
-
-/*
- * Release the debuginfo lock.
- */
-void debuginfo_unlock(void);
-#else
-static inline void debuginfo_report_elf(const char *image_name, int image_fd,
-                                        uint64_t load_bias)
-{
-}
-
-static inline void debuginfo_lock(void)
-{
-}
-
-static inline void debuginfo_query(struct debuginfo_query *q, size_t n)
-{
-}
-
-static inline void debuginfo_unlock(void)
-{
-}
-#endif
-
-#endif

accel/tcg/hmp.c

@@ -0,0 +1,14 @@
+#include "qemu/osdep.h"
+#include "qemu/error-report.h"
+#include "qapi/error.h"
+#include "qapi/qapi-commands-machine.h"
+#include "exec/exec-all.h"
+#include "monitor/monitor.h"
+
+static void hmp_tcg_register(void)
+{
+    monitor_register_hmp_info_hrt("jit", qmp_x_query_jit);
+    monitor_register_hmp_info_hrt("opcount", qmp_x_query_opcount);
+}
+
+type_init(hmp_tcg_register);

accel/tcg/internal.h

@@ -23,28 +23,83 @@
 #define assert_memory_lock() tcg_debug_assert(have_mmap_lock())
 #endif
 
-#if defined(CONFIG_SOFTMMU) && defined(CONFIG_DEBUG_TCG)
+typedef struct PageDesc {
+    /* list of TBs intersecting this ram page */
+    uintptr_t first_tb;
+#ifdef CONFIG_USER_ONLY
+    unsigned long flags;
+    void *target_data;
+#endif
+#ifdef CONFIG_SOFTMMU
+    QemuSpin lock;
+#endif
+} PageDesc;
+
+/* Size of the L2 (and L3, etc) page tables.  */
+#define V_L2_BITS 10
+#define V_L2_SIZE (1 << V_L2_BITS)
+
+/*
+ * L1 Mapping properties
+ */
+extern int v_l1_size;
+extern int v_l1_shift;
+extern int v_l2_levels;
+
+/*
+ * The bottom level has pointers to PageDesc, and is indexed by
+ * anything from 4 to (V_L2_BITS + 3) bits, depending on target page size.
+ */
+#define V_L1_MIN_BITS 4
+#define V_L1_MAX_BITS (V_L2_BITS + 3)
+#define V_L1_MAX_SIZE (1 << V_L1_MAX_BITS)
+
+extern void *l1_map[V_L1_MAX_SIZE];
+
+PageDesc *page_find_alloc(tb_page_addr_t index, bool alloc);
+
+static inline PageDesc *page_find(tb_page_addr_t index)
+{
+    return page_find_alloc(index, false);
+}
+
+/* list iterators for lists of tagged pointers in TranslationBlock */
+#define TB_FOR_EACH_TAGGED(head, tb, n, field)                          \
+    for (n = (head) & 1, tb = (TranslationBlock *)((head) & ~1);        \
+         tb; tb = (TranslationBlock *)tb->field[n], n = (uintptr_t)tb & 1, \
+             tb = (TranslationBlock *)((uintptr_t)tb & ~1))
+
+#define PAGE_FOR_EACH_TB(pagedesc, tb, n)                       \
+    TB_FOR_EACH_TAGGED((pagedesc)->first_tb, tb, n, page_next)
+
+#define TB_FOR_EACH_JMP(head_tb, tb, n)                                 \
+    TB_FOR_EACH_TAGGED((head_tb)->jmp_list_head, tb, n, jmp_list_next)
+
+/* In user-mode page locks aren't used; mmap_lock is enough */
+#ifdef CONFIG_USER_ONLY
+#define assert_page_locked(pd) tcg_debug_assert(have_mmap_lock())
+static inline void page_lock(PageDesc *pd) { }
+static inline void page_unlock(PageDesc *pd) { }
+#else
+#ifdef CONFIG_DEBUG_TCG
+void do_assert_page_locked(const PageDesc *pd, const char *file, int line);
+#define assert_page_locked(pd) do_assert_page_locked(pd, __FILE__, __LINE__)
+#else
+#define assert_page_locked(pd)
+#endif
+void page_lock(PageDesc *pd);
+void page_unlock(PageDesc *pd);
+#endif
+#if !defined(CONFIG_USER_ONLY) && defined(CONFIG_DEBUG_TCG)
 void assert_no_pages_locked(void);
 #else
 static inline void assert_no_pages_locked(void) { }
 #endif
 
-#ifdef CONFIG_USER_ONLY
-static inline void page_table_config_init(void) { }
-#else
-void page_table_config_init(void);
-#endif
-
-#ifdef CONFIG_SOFTMMU
-void tb_invalidate_phys_range_fast(ram_addr_t ram_addr,
-                                   unsigned size,
-                                   uintptr_t retaddr);
-G_NORETURN void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr);
-#endif /* CONFIG_SOFTMMU */
-
 TranslationBlock *tb_gen_code(CPUState *cpu, target_ulong pc,
                               target_ulong cs_base, uint32_t flags,
                               int cflags);
+G_NORETURN void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr);
 void page_init(void);
 void tb_htable_init(void);
 void tb_reset_jump(TranslationBlock *tb, int n);
@@ -57,14 +112,11 @@ void cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
 /* Return the current PC from CPU, which may be cached in TB. */
 static inline target_ulong log_pc(CPUState *cpu, const TranslationBlock *tb)
 {
-    if (tb_cflags(tb) & CF_PCREL) {
-        return cpu->cc->get_pc(cpu);
-    } else {
-        return tb->pc;
-    }
+#if TARGET_TB_PCREL
+    return cpu->cc->get_pc(cpu);
+#else
+    return tb_pc(tb);
+#endif
 }
 
-extern int64_t max_delay;
-extern int64_t max_advance;
-
 #endif /* ACCEL_TCG_INTERNAL_H */

accel/tcg/meson.build

@@ -12,13 +12,11 @@ tcg_ss.add(files(
 tcg_ss.add(when: 'CONFIG_USER_ONLY', if_true: files('user-exec.c'))
 tcg_ss.add(when: 'CONFIG_SOFTMMU', if_false: files('user-exec-stub.c'))
 tcg_ss.add(when: 'CONFIG_PLUGIN', if_true: [files('plugin-gen.c')])
-tcg_ss.add(when: libdw, if_true: files('debuginfo.c'))
-tcg_ss.add(when: 'CONFIG_LINUX', if_true: files('perf.c'))
 specific_ss.add_all(when: 'CONFIG_TCG', if_true: tcg_ss)
 
 specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TCG'], if_true: files(
   'cputlb.c',
-  'monitor.c',
+  'hmp.c',
 ))
 
 tcg_module_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TCG'], if_true: files(

accel/tcg/monitor.c

@@ -1,106 +0,0 @@
-/*
- * SPDX-License-Identifier: LGPL-2.1-or-later
- *
- *  QEMU TCG monitor
- *
- *  Copyright (c) 2003-2005 Fabrice Bellard
- */
-
-#include "qemu/osdep.h"
-#include "qapi/error.h"
-#include "qapi/type-helpers.h"
-#include "qapi/qapi-commands-machine.h"
-#include "monitor/monitor.h"
-#include "sysemu/cpus.h"
-#include "sysemu/cpu-timers.h"
-#include "sysemu/tcg.h"
-#include "internal.h"
-
-
-static void dump_drift_info(GString *buf)
-{
-    if (!icount_enabled()) {
-        return;
-    }
-
-    g_string_append_printf(buf, "Host - Guest clock  %"PRIi64" ms\n",
-                           (cpu_get_clock() - icount_get()) / SCALE_MS);
-    if (icount_align_option) {
-        g_string_append_printf(buf, "Max guest delay     %"PRIi64" ms\n",
-                               -max_delay / SCALE_MS);
-        g_string_append_printf(buf, "Max guest advance   %"PRIi64" ms\n",
-                               max_advance / SCALE_MS);
-    } else {
-        g_string_append_printf(buf, "Max guest delay     NA\n");
-        g_string_append_printf(buf, "Max guest advance   NA\n");
-    }
-}
-
-HumanReadableText *qmp_x_query_jit(Error **errp)
-{
-    g_autoptr(GString) buf = g_string_new("");
-
-    if (!tcg_enabled()) {
-        error_setg(errp, "JIT information is only available with accel=tcg");
-        return NULL;
-    }
-
-    dump_exec_info(buf);
-    dump_drift_info(buf);
-
-    return human_readable_text_from_str(buf);
-}
-
-HumanReadableText *qmp_x_query_opcount(Error **errp)
-{
-    g_autoptr(GString) buf = g_string_new("");
-
-    if (!tcg_enabled()) {
-        error_setg(errp,
-                   "Opcode count information is only available with accel=tcg");
-        return NULL;
-    }
-
-    tcg_dump_op_count(buf);
-
-    return human_readable_text_from_str(buf);
-}
-
-#ifdef CONFIG_PROFILER
-
-int64_t dev_time;
-
-HumanReadableText *qmp_x_query_profile(Error **errp)
-{
-    g_autoptr(GString) buf = g_string_new("");
-    static int64_t last_cpu_exec_time;
-    int64_t cpu_exec_time;
-    int64_t delta;
-
-    cpu_exec_time = tcg_cpu_exec_time();
-    delta = cpu_exec_time - last_cpu_exec_time;
-
-    g_string_append_printf(buf, "async time  %" PRId64 " (%0.3f)\n",
-                           dev_time, dev_time / (double)NANOSECONDS_PER_SECOND);
-    g_string_append_printf(buf, "qemu time   %" PRId64 " (%0.3f)\n",
-                           delta, delta / (double)NANOSECONDS_PER_SECOND);
-    last_cpu_exec_time = cpu_exec_time;
-    dev_time = 0;
-
-    return human_readable_text_from_str(buf);
-}
-#else
-HumanReadableText *qmp_x_query_profile(Error **errp)
-{
-    error_setg(errp, "Internal profiler not compiled");
-    return NULL;
-}
-#endif
-
-static void hmp_tcg_register(void)
-{
-    monitor_register_hmp_info_hrt("jit", qmp_x_query_jit);
-    monitor_register_hmp_info_hrt("opcount", qmp_x_query_opcount);
-}
-
-type_init(hmp_tcg_register);

accel/tcg/perf.c

@@ -1,375 +0,0 @@
-/*
- * Linux perf perf-<pid>.map and jit-<pid>.dump integration.
- *
- * The jitdump spec can be found at [1].
- *
- * [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/plain/tools/perf/Documentation/jitdump-specification.txt
- *
- * SPDX-License-Identifier: GPL-2.0-or-later
- */
-
-#include "qemu/osdep.h"
-#include "elf.h"
-#include "exec/exec-all.h"
-#include "qemu/timer.h"
-#include "tcg/tcg.h"
-
-#include "debuginfo.h"
-#include "perf.h"
-
-static FILE *safe_fopen_w(const char *path)
-{
-    int saved_errno;
-    FILE *f;
-    int fd;
-
-    /* Delete the old file, if any. */
-    unlink(path);
-
-    /* Avoid symlink attacks by using O_CREAT | O_EXCL. */
-    fd = open(path, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
-    if (fd == -1) {
-        return NULL;
-    }
-
-    /* Convert fd to FILE*. */
-    f = fdopen(fd, "w");
-    if (f == NULL) {
-        saved_errno = errno;
-        close(fd);
-        errno = saved_errno;
-        return NULL;
-    }
-
-    return f;
-}
-
-static FILE *perfmap;
-
-void perf_enable_perfmap(void)
-{
-    char map_file[32];
-
-    snprintf(map_file, sizeof(map_file), "/tmp/perf-%d.map", getpid());
-    perfmap = safe_fopen_w(map_file);
-    if (perfmap == NULL) {
-        warn_report("Could not open %s: %s, proceeding without perfmap",
-                    map_file, strerror(errno));
-    }
-}
-
-/* Get PC and size of code JITed for guest instruction #INSN. */
-static void get_host_pc_size(uintptr_t *host_pc, uint16_t *host_size,
-                             const void *start, size_t insn)
-{
-    uint16_t start_off = insn ? tcg_ctx->gen_insn_end_off[insn - 1] : 0;
-
-    if (host_pc) {
-        *host_pc = (uintptr_t)start + start_off;
-    }
-    if (host_size) {
-        *host_size = tcg_ctx->gen_insn_end_off[insn] - start_off;
-    }
-}
-
-static const char *pretty_symbol(const struct debuginfo_query *q, size_t *len)
-{
-    static __thread char buf[64];
-    int tmp;
-
-    if (!q->symbol) {
-        tmp = snprintf(buf, sizeof(buf), "guest-0x%"PRIx64, q->address);
-        if (len) {
-            *len = MIN(tmp + 1, sizeof(buf));
-        }
-        return buf;
-    }
-
-    if (!q->offset) {
-        if (len) {
-            *len = strlen(q->symbol) + 1;
-        }
-        return q->symbol;
-    }
-
-    tmp = snprintf(buf, sizeof(buf), "%s+0x%"PRIx64, q->symbol, q->offset);
-    if (len) {
-        *len = MIN(tmp + 1, sizeof(buf));
-    }
-    return buf;
-}
-
-static void write_perfmap_entry(const void *start, size_t insn,
-                                const struct debuginfo_query *q)
-{
-    uint16_t host_size;
-    uintptr_t host_pc;
-
-    get_host_pc_size(&host_pc, &host_size, start, insn);
-    fprintf(perfmap, "%"PRIxPTR" %"PRIx16" %s\n",
-            host_pc, host_size, pretty_symbol(q, NULL));
-}
-
-static FILE *jitdump;
-
-#define JITHEADER_MAGIC 0x4A695444
-#define JITHEADER_VERSION 1
-
-struct jitheader {
-    uint32_t magic;
-    uint32_t version;
-    uint32_t total_size;
-    uint32_t elf_mach;
-    uint32_t pad1;
-    uint32_t pid;
-    uint64_t timestamp;
-    uint64_t flags;
-};
-
-enum jit_record_type {
-    JIT_CODE_LOAD = 0,
-    JIT_CODE_DEBUG_INFO = 2,
-};
-
-struct jr_prefix {
-    uint32_t id;
-    uint32_t total_size;
-    uint64_t timestamp;
-};
-
-struct jr_code_load {
-    struct jr_prefix p;
-
-    uint32_t pid;
-    uint32_t tid;
-    uint64_t vma;
-    uint64_t code_addr;
-    uint64_t code_size;
-    uint64_t code_index;
-};
-
-struct debug_entry {
-    uint64_t addr;
-    int lineno;
-    int discrim;
-    const char name[];
-};
-
-struct jr_code_debug_info {
-    struct jr_prefix p;
-
-    uint64_t code_addr;
-    uint64_t nr_entry;
-    struct debug_entry entries[];
-};
-
-static uint32_t get_e_machine(void)
-{
-    Elf64_Ehdr elf_header;
-    FILE *exe;
-    size_t n;
-
-    QEMU_BUILD_BUG_ON(offsetof(Elf32_Ehdr, e_machine) !=
-                      offsetof(Elf64_Ehdr, e_machine));
-
-    exe = fopen("/proc/self/exe", "r");
-    if (exe == NULL) {
-        return EM_NONE;
-    }
-
-    n = fread(&elf_header, sizeof(elf_header), 1, exe);
-    fclose(exe);
-    if (n != 1) {
-        return EM_NONE;
-    }
-
-    return elf_header.e_machine;
-}
-
-void perf_enable_jitdump(void)
-{
-    struct jitheader header;
-    char jitdump_file[32];
-    void *perf_marker;
-
-    if (!use_rt_clock) {
-        warn_report("CLOCK_MONOTONIC is not available, proceeding without jitdump");
-        return;
-    }
-
-    snprintf(jitdump_file, sizeof(jitdump_file), "jit-%d.dump", getpid());
-    jitdump = safe_fopen_w(jitdump_file);
-    if (jitdump == NULL) {
-        warn_report("Could not open %s: %s, proceeding without jitdump",
-                    jitdump_file, strerror(errno));
-        return;
-    }
-
-    /*
-     * `perf inject` will see that the mapped file name in the corresponding
-     * PERF_RECORD_MMAP or PERF_RECORD_MMAP2 event is of the form jit-%d.dump
-     * and will process it as a jitdump file.
-     */
-    perf_marker = mmap(NULL, qemu_real_host_page_size(), PROT_READ | PROT_EXEC,
-                       MAP_PRIVATE, fileno(jitdump), 0);
-    if (perf_marker == MAP_FAILED) {
-        warn_report("Could not map %s: %s, proceeding without jitdump",
-                    jitdump_file, strerror(errno));
-        fclose(jitdump);
-        jitdump = NULL;
-        return;
-    }
-
-    header.magic = JITHEADER_MAGIC;
-    header.version = JITHEADER_VERSION;
-    header.total_size = sizeof(header);
-    header.elf_mach = get_e_machine();
-    header.pad1 = 0;
-    header.pid = getpid();
-    header.timestamp = get_clock();
-    header.flags = 0;
-    fwrite(&header, sizeof(header), 1, jitdump);
-}
-
-void perf_report_prologue(const void *start, size_t size)
-{
-    if (perfmap) {
-        fprintf(perfmap, "%"PRIxPTR" %zx tcg-prologue-buffer\n",
-                (uintptr_t)start, size);
-    }
-}
-
-/* Write a JIT_CODE_DEBUG_INFO jitdump entry. */
-static void write_jr_code_debug_info(const void *start,
-                                     const struct debuginfo_query *q,
-                                     size_t icount)
-{
-    struct jr_code_debug_info rec;
-    struct debug_entry ent;
-    uintptr_t host_pc;
-    int insn;
-
-    /* Write the header. */
-    rec.p.id = JIT_CODE_DEBUG_INFO;
-    rec.p.total_size = sizeof(rec) + sizeof(ent) + 1;
-    rec.p.timestamp = get_clock();
-    rec.code_addr = (uintptr_t)start;
-    rec.nr_entry = 1;
-    for (insn = 0; insn < icount; insn++) {
-        if (q[insn].file) {
-            rec.p.total_size += sizeof(ent) + strlen(q[insn].file) + 1;
-            rec.nr_entry++;
-        }
-    }
-    fwrite(&rec, sizeof(rec), 1, jitdump);
-
-    /* Write the main debug entries. */
-    for (insn = 0; insn < icount; insn++) {
-        if (q[insn].file) {
-            get_host_pc_size(&host_pc, NULL, start, insn);
-            ent.addr = host_pc;
-            ent.lineno = q[insn].line;
-            ent.discrim = 0;
-            fwrite(&ent, sizeof(ent), 1, jitdump);
-            fwrite(q[insn].file, strlen(q[insn].file) + 1, 1, jitdump);
-        }
-    }
-
-    /* Write the trailing debug_entry. */
-    ent.addr = (uintptr_t)start + tcg_ctx->gen_insn_end_off[icount - 1];
-    ent.lineno = 0;
-    ent.discrim = 0;
-    fwrite(&ent, sizeof(ent), 1, jitdump);
-    fwrite("", 1, 1, jitdump);
-}
-
-/* Write a JIT_CODE_LOAD jitdump entry. */
-static void write_jr_code_load(const void *start, uint16_t host_size,
-                               const struct debuginfo_query *q)
-{
-    static uint64_t code_index;
-    struct jr_code_load rec;
-    const char *symbol;
-    size_t symbol_size;
-
-    symbol = pretty_symbol(q, &symbol_size);
-    rec.p.id = JIT_CODE_LOAD;
-    rec.p.total_size = sizeof(rec) + symbol_size + host_size;
-    rec.p.timestamp = get_clock();
-    rec.pid = getpid();
-    rec.tid = qemu_get_thread_id();
-    rec.vma = (uintptr_t)start;
-    rec.code_addr = (uintptr_t)start;
-    rec.code_size = host_size;
-    rec.code_index = code_index++;
-    fwrite(&rec, sizeof(rec), 1, jitdump);
-    fwrite(symbol, symbol_size, 1, jitdump);
-    fwrite(start, host_size, 1, jitdump);
-}
-
-void perf_report_code(uint64_t guest_pc, TranslationBlock *tb,
-                      const void *start)
-{
-    struct debuginfo_query *q;
-    size_t insn;
-
-    if (!perfmap && !jitdump) {
-        return;
-    }
-
-    q = g_try_malloc0_n(tb->icount, sizeof(*q));
-    if (!q) {
-        return;
-    }
-
-    debuginfo_lock();
-
-    /* Query debuginfo for each guest instruction. */
-    for (insn = 0; insn < tb->icount; insn++) {
-        /* FIXME: This replicates the restore_state_to_opc() logic. */
-        q[insn].address = tcg_ctx->gen_insn_data[insn][0];
-        if (tb_cflags(tb) & CF_PCREL) {
-            q[insn].address |= (guest_pc & TARGET_PAGE_MASK);
-        } else {
-#if defined(TARGET_I386)
-            q[insn].address -= tb->cs_base;
-#endif
-        }
-        q[insn].flags = DEBUGINFO_SYMBOL | (jitdump ? DEBUGINFO_LINE : 0);
-    }
-    debuginfo_query(q, tb->icount);
-
-    /* Emit perfmap entries if needed. */
-    if (perfmap) {
-        flockfile(perfmap);
-        for (insn = 0; insn < tb->icount; insn++) {
-            write_perfmap_entry(start, insn, &q[insn]);
-        }
-        funlockfile(perfmap);
-    }
-
-    /* Emit jitdump entries if needed. */
-    if (jitdump) {
-        flockfile(jitdump);
-        write_jr_code_debug_info(start, q, tb->icount);
-        write_jr_code_load(start, tcg_ctx->gen_insn_end_off[tb->icount - 1],
-                           q);
-        funlockfile(jitdump);
-    }
-
-    debuginfo_unlock();
-    g_free(q);
-}
-
-void perf_exit(void)
-{
-    if (perfmap) {
-        fclose(perfmap);
-        perfmap = NULL;
-    }
-
-    if (jitdump) {
-        fclose(jitdump);
-        jitdump = NULL;
-    }
-}

accel/tcg/perf.h

@@ -1,49 +0,0 @@
-/*
- * Linux perf perf-<pid>.map and jit-<pid>.dump integration.
- *
- * SPDX-License-Identifier: GPL-2.0-or-later
- */
-
-#ifndef ACCEL_TCG_PERF_H
-#define ACCEL_TCG_PERF_H
-
-#if defined(CONFIG_TCG) && defined(CONFIG_LINUX)
-/* Start writing perf-<pid>.map. */
-void perf_enable_perfmap(void);
-
-/* Start writing jit-<pid>.dump. */
-void perf_enable_jitdump(void);
-
-/* Add information about TCG prologue to profiler maps. */
-void perf_report_prologue(const void *start, size_t size);
-
-/* Add information about JITted guest code to profiler maps. */
-void perf_report_code(uint64_t guest_pc, TranslationBlock *tb,
-                      const void *start);
-
-/* Stop writing perf-<pid>.map and/or jit-<pid>.dump. */
-void perf_exit(void);
-#else
-static inline void perf_enable_perfmap(void)
-{
-}
-
-static inline void perf_enable_jitdump(void)
-{
-}
-
-static inline void perf_report_prologue(const void *start, size_t size)
-{
-}
-
-static inline void perf_report_code(uint64_t guest_pc, TranslationBlock *tb,
-                                    const void *start)
-{
-}
-
-static inline void perf_exit(void)
-{
-}
-#endif
-
-#endif

accel/tcg/plugin-gen.c

@@ -44,7 +44,6 @@
  */
 #include "qemu/osdep.h"
 #include "tcg/tcg.h"
-#include "tcg/tcg-temp-internal.h"
 #include "tcg/tcg-op.h"
 #include "exec/exec-all.h"
 #include "exec/plugin-gen.h"
@@ -94,13 +93,11 @@ void HELPER(plugin_vcpu_mem_cb)(unsigned int vcpu_index,
 
 static void do_gen_mem_cb(TCGv vaddr, uint32_t info)
 {
-    TCGv_i32 cpu_index = tcg_temp_ebb_new_i32();
-    TCGv_i32 meminfo = tcg_temp_ebb_new_i32();
-    TCGv_i64 vaddr64 = tcg_temp_ebb_new_i64();
-    TCGv_ptr udata = tcg_temp_ebb_new_ptr();
+    TCGv_i32 cpu_index = tcg_temp_new_i32();
+    TCGv_i32 meminfo = tcg_const_i32(info);
+    TCGv_i64 vaddr64 = tcg_temp_new_i64();
+    TCGv_ptr udata = tcg_const_ptr(NULL);
 
-    tcg_gen_movi_i32(meminfo, info);
-    tcg_gen_movi_ptr(udata, 0);
     tcg_gen_ld_i32(cpu_index, cpu_env,
                    -offsetof(ArchCPU, env) + offsetof(CPUState, cpu_index));
     tcg_gen_extu_tl_i64(vaddr64, vaddr);
@@ -115,10 +112,9 @@ static void do_gen_mem_cb(TCGv vaddr, uint32_t info)
 
 static void gen_empty_udata_cb(void)
 {
-    TCGv_i32 cpu_index = tcg_temp_ebb_new_i32();
-    TCGv_ptr udata = tcg_temp_ebb_new_ptr();
+    TCGv_i32 cpu_index = tcg_temp_new_i32();
+    TCGv_ptr udata = tcg_const_ptr(NULL); /* will be overwritten later */
 
-    tcg_gen_movi_ptr(udata, 0);
     tcg_gen_ld_i32(cpu_index, cpu_env,
                    -offsetof(ArchCPU, env) + offsetof(CPUState, cpu_index));
     gen_helper_plugin_vcpu_udata_cb(cpu_index, udata);
@@ -133,10 +129,9 @@ static void gen_empty_udata_cb(void)
  */
 static void gen_empty_inline_cb(void)
 {
-    TCGv_i64 val = tcg_temp_ebb_new_i64();
-    TCGv_ptr ptr = tcg_temp_ebb_new_ptr();
+    TCGv_i64 val = tcg_temp_new_i64();
+    TCGv_ptr ptr = tcg_const_ptr(NULL); /* overwritten later */
 
-    tcg_gen_movi_ptr(ptr, 0);
     tcg_gen_ld_i64(val, ptr, 0);
     /* pass an immediate != 0 so that it doesn't get optimized away */
     tcg_gen_addi_i64(val, val, 0xdeadface);
@@ -156,9 +151,9 @@ static void gen_empty_mem_cb(TCGv addr, uint32_t info)
  */
 static void gen_empty_mem_helper(void)
 {
-    TCGv_ptr ptr = tcg_temp_ebb_new_ptr();
+    TCGv_ptr ptr;
 
-    tcg_gen_movi_ptr(ptr, 0);
+    ptr = tcg_const_ptr(NULL);
     tcg_gen_st_ptr(ptr, cpu_env, offsetof(CPUState, plugin_mem_cbs) -
                                  offsetof(ArchCPU, env));
     tcg_temp_free_ptr(ptr);
@@ -263,13 +258,10 @@ static TCGOp *rm_ops(TCGOp *op)
 
 static TCGOp *copy_op_nocheck(TCGOp **begin_op, TCGOp *op)
 {
-    TCGOp *old_op = QTAILQ_NEXT(*begin_op, link);
-    unsigned nargs = old_op->nargs;
-
-    *begin_op = old_op;
-    op = tcg_op_insert_after(tcg_ctx, op, old_op->opc, nargs);
-    memcpy(op->args, old_op->args, sizeof(op->args[0]) * nargs);
-
+    *begin_op = QTAILQ_NEXT(*begin_op, link);
+    tcg_debug_assert(*begin_op);
+    op = tcg_op_insert_after(tcg_ctx, op, (*begin_op)->opc);
+    memcpy(op->args, (*begin_op)->args, sizeof(op->args));
     return op;
 }
 
@@ -389,23 +381,32 @@ static TCGOp *copy_st_ptr(TCGOp **begin_op, TCGOp *op)
 static TCGOp *copy_call(TCGOp **begin_op, TCGOp *op, void *empty_func,
                         void *func, int *cb_idx)
 {
-    TCGOp *old_op;
-    int func_idx;
-
     /* copy all ops until the call */
     do {
         op = copy_op_nocheck(begin_op, op);
     } while (op->opc != INDEX_op_call);
 
     /* fill in the op call */
-    old_op = *begin_op;
-    TCGOP_CALLI(op) = TCGOP_CALLI(old_op);
-    TCGOP_CALLO(op) = TCGOP_CALLO(old_op);
+    op->param1 = (*begin_op)->param1;
+    op->param2 = (*begin_op)->param2;
     tcg_debug_assert(op->life == 0);
+    if (*cb_idx == -1) {
+        int i;
 
-    func_idx = TCGOP_CALLO(op) + TCGOP_CALLI(op);
-    *cb_idx = func_idx;
-    op->args[func_idx] = (uintptr_t)func;
+        /*
+         * Instead of working out the position of the callback in args[], just
+         * look for @empty_func, since it should be a unique pointer.
+         */
+        for (i = 0; i < MAX_OPC_PARAM_ARGS; i++) {
+            if ((uintptr_t)(*begin_op)->args[i] == (uintptr_t)empty_func) {
+                *cb_idx = i;
+                break;
+            }
+        }
+        tcg_debug_assert(i < MAX_OPC_PARAM_ARGS);
+    }
+    op->args[*cb_idx] = (uintptr_t)func;
+    op->args[*cb_idx + 1] = (*begin_op)->args[*cb_idx + 1];
 
     return op;
 }
@@ -423,11 +424,11 @@ static TCGOp *append_udata_cb(const struct qemu_plugin_dyn_cb *cb,
     op = copy_const_ptr(&begin_op, op, cb->userp);
 
     /* copy the ld_i32, but note that we only have to copy it once */
+    begin_op = QTAILQ_NEXT(begin_op, link);
+    tcg_debug_assert(begin_op && begin_op->opc == INDEX_op_ld_i32);
     if (*cb_idx == -1) {
-        op = copy_op(&begin_op, op, INDEX_op_ld_i32);
-    } else {
-        begin_op = QTAILQ_NEXT(begin_op, link);
-        tcg_debug_assert(begin_op && begin_op->opc == INDEX_op_ld_i32);
+        op = tcg_op_insert_after(tcg_ctx, op, INDEX_op_ld_i32);
+        memcpy(op->args, begin_op->args, sizeof(op->args));
     }
 
     /* call */
@@ -470,11 +471,11 @@ static TCGOp *append_mem_cb(const struct qemu_plugin_dyn_cb *cb,
     op = copy_const_ptr(&begin_op, op, cb->userp);
 
     /* copy the ld_i32, but note that we only have to copy it once */
+    begin_op = QTAILQ_NEXT(begin_op, link);
+    tcg_debug_assert(begin_op && begin_op->opc == INDEX_op_ld_i32);
     if (*cb_idx == -1) {
-        op = copy_op(&begin_op, op, INDEX_op_ld_i32);
-    } else {
-        begin_op = QTAILQ_NEXT(begin_op, link);
-        tcg_debug_assert(begin_op && begin_op->opc == INDEX_op_ld_i32);
+        op = tcg_op_insert_after(tcg_ctx, op, INDEX_op_ld_i32);
+        memcpy(op->args, begin_op->args, sizeof(op->args));
     }
 
     /* extu_tl_i64 */
@@ -584,8 +585,7 @@ static void inject_mem_helper(TCGOp *begin_op, GArray *arr)
  * is possible that the code we generate after the instruction is
  * dead, we also add checks before generating tb_exit etc.
  */
-static void inject_mem_enable_helper(struct qemu_plugin_tb *ptb,
-                                     struct qemu_plugin_insn *plugin_insn,
+static void inject_mem_enable_helper(struct qemu_plugin_insn *plugin_insn,
                                      TCGOp *begin_op)
 {
     GArray *cbs[2];
@@ -605,7 +605,6 @@ static void inject_mem_enable_helper(struct qemu_plugin_tb *ptb,
         rm_ops(begin_op);
         return;
     }
-    ptb->mem_helper = true;
 
     arr = g_array_sized_new(false, false,
                             sizeof(struct qemu_plugin_dyn_cb), n_cbs);
@@ -631,20 +630,17 @@ static void inject_mem_disable_helper(struct qemu_plugin_insn *plugin_insn,
 /* called before finishing a TB with exit_tb, goto_tb or goto_ptr */
 void plugin_gen_disable_mem_helpers(void)
 {
-    /*
-     * We could emit the clearing unconditionally and be done. However, this can
-     * be wasteful if for instance plugins don't track memory accesses, or if
-     * most TBs don't use helpers. Instead, emit the clearing iff the TB calls
-     * helpers that might access guest memory.
-     *
-     * Note: we do not reset plugin_tb->mem_helper here; a TB might have several
-     * exit points, and we want to emit the clearing from all of them.
-     */
-    if (!tcg_ctx->plugin_tb->mem_helper) {
+    TCGv_ptr ptr;
+
+    if (likely(tcg_ctx->plugin_insn == NULL ||
+               !tcg_ctx->plugin_insn->mem_helper)) {
         return;
     }
-    tcg_gen_st_ptr(tcg_constant_ptr(NULL), cpu_env,
-                   offsetof(CPUState, plugin_mem_cbs) - offsetof(ArchCPU, env));
+    ptr = tcg_const_ptr(NULL);
+    tcg_gen_st_ptr(ptr, cpu_env, offsetof(CPUState, plugin_mem_cbs) -
+                                 offsetof(ArchCPU, env));
+    tcg_temp_free_ptr(ptr);
+    tcg_ctx->plugin_insn->mem_helper = false;
 }
 
 static void plugin_gen_tb_udata(const struct qemu_plugin_tb *ptb,
@@ -692,14 +688,14 @@ static void plugin_gen_mem_inline(const struct qemu_plugin_tb *ptb,
     inject_inline_cb(cbs, begin_op, op_rw);
 }
 
-static void plugin_gen_enable_mem_helper(struct qemu_plugin_tb *ptb,
+static void plugin_gen_enable_mem_helper(const struct qemu_plugin_tb *ptb,
                                          TCGOp *begin_op, int insn_idx)
 {
     struct qemu_plugin_insn *insn = g_ptr_array_index(ptb->insns, insn_idx);
-    inject_mem_enable_helper(ptb, insn, begin_op);
+    inject_mem_enable_helper(insn, begin_op);
 }
 
-static void plugin_gen_disable_mem_helper(struct qemu_plugin_tb *ptb,
+static void plugin_gen_disable_mem_helper(const struct qemu_plugin_tb *ptb,
                                           TCGOp *begin_op, int insn_idx)
 {
     struct qemu_plugin_insn *insn = g_ptr_array_index(ptb->insns, insn_idx);
@@ -760,7 +756,7 @@ static void pr_ops(void)
 #endif
 }
 
-static void plugin_gen_inject(struct qemu_plugin_tb *plugin_tb)
+static void plugin_gen_inject(const struct qemu_plugin_tb *plugin_tb)
 {
     TCGOp *op;
     int insn_idx = -1;
@@ -880,7 +876,6 @@ bool plugin_gen_tb_start(CPUState *cpu, const DisasContextBase *db,
         ptb->haddr1 = db->host_addr[0];
         ptb->haddr2 = NULL;
         ptb->mem_only = mem_only;
-        ptb->mem_helper = false;
 
         plugin_gen_empty_callback(PLUGIN_GEN_FROM_TB);
     }

accel/tcg/plugin-helpers.h

@@ -1,4 +1,4 @@
 #ifdef CONFIG_PLUGIN
-DEF_HELPER_FLAGS_2(plugin_vcpu_udata_cb, TCG_CALL_NO_RWG | TCG_CALL_PLUGIN, void, i32, ptr)
-DEF_HELPER_FLAGS_4(plugin_vcpu_mem_cb, TCG_CALL_NO_RWG | TCG_CALL_PLUGIN, void, i32, i32, i64, ptr)
+DEF_HELPER_FLAGS_2(plugin_vcpu_udata_cb, TCG_CALL_NO_RWG, void, i32, ptr)
+DEF_HELPER_FLAGS_4(plugin_vcpu_mem_cb, TCG_CALL_NO_RWG, void, i32, i32, i64, ptr)
 #endif

accel/tcg/tb-jmp-cache.h

@@ -14,15 +14,52 @@
 
 /*
  * Accessed in parallel; all accesses to 'tb' must be atomic.
- * For CF_PCREL, accesses to 'pc' must be protected by a
- * load_acquire/store_release to 'tb'.
+ * For TARGET_TB_PCREL, accesses to 'pc' must be protected by
+ * a load_acquire/store_release to 'tb'.
  */
 struct CPUJumpCache {
-    struct rcu_head rcu;
     struct {
         TranslationBlock *tb;
+#if TARGET_TB_PCREL
         target_ulong pc;
+#endif
     } array[TB_JMP_CACHE_SIZE];
 };
 
+static inline TranslationBlock *
+tb_jmp_cache_get_tb(CPUJumpCache *jc, uint32_t hash)
+{
+#if TARGET_TB_PCREL
+    /* Use acquire to ensure current load of pc from jc. */
+    return qatomic_load_acquire(&jc->array[hash].tb);
+#else
+    /* Use rcu_read to ensure current load of pc from *tb. */
+    return qatomic_rcu_read(&jc->array[hash].tb);
+#endif
+}
+
+static inline target_ulong
+tb_jmp_cache_get_pc(CPUJumpCache *jc, uint32_t hash, TranslationBlock *tb)
+{
+#if TARGET_TB_PCREL
+    return jc->array[hash].pc;
+#else
+    return tb_pc(tb);
+#endif
+}
+
+static inline void
+tb_jmp_cache_set(CPUJumpCache *jc, uint32_t hash,
+                 TranslationBlock *tb, target_ulong pc)
+{
+#if TARGET_TB_PCREL
+    jc->array[hash].pc = pc;
+    /* Use store_release on tb to ensure pc is written first. */
+    qatomic_store_release(&jc->array[hash].tb, tb);
+#else
+    /* Use the pc value already stored in tb->pc. */
+    qatomic_set(&jc->array[hash].tb, tb);
+#endif
+}
+
 #endif /* ACCEL_TCG_TB_JMP_CACHE_H */

accel/tcg/tcg-accel-ops.c

@@ -31,7 +31,6 @@
 #include "sysemu/cpu-timers.h"
 #include "qemu/main-loop.h"
 #include "qemu/guest-random.h"
-#include "qemu/timer.h"
 #include "exec/exec-all.h"
 #include "exec/hwaddr.h"
 #include "exec/gdbstub.h"
@@ -45,21 +44,10 @@
 
 void tcg_cpu_init_cflags(CPUState *cpu, bool parallel)
 {
-    uint32_t cflags;
-
-    /*
-     * Include the cluster number in the hash we use to look up TBs.
-     * This is important because a TB that is valid for one cluster at
-     * a given physical address and set of CPU flags is not necessarily
-     * valid for another:
-     * the two clusters may have different views of physical memory, or
-     * may have different CPU features (eg FPU present or absent).
-     */
-    cflags = cpu->cluster_index << CF_CLUSTER_SHIFT;
-
+    uint32_t cflags = cpu->cluster_index << CF_CLUSTER_SHIFT;
     cflags |= parallel ? CF_PARALLEL : 0;
     cflags |= icount_enabled() ? CF_USE_ICOUNT : 0;
-    cpu->tcg_cflags |= cflags;
+    cpu->tcg_cflags = cflags;
 }
 
 void tcg_cpus_destroy(CPUState *cpu)
@@ -128,7 +116,7 @@ static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
     return cputype;
 }
 
-static int tcg_insert_breakpoint(CPUState *cs, int type, vaddr addr, vaddr len)
+static int tcg_insert_breakpoint(CPUState *cs, int type, hwaddr addr, hwaddr len)
 {
     CPUState *cpu;
     int err = 0;
@@ -159,7 +147,7 @@ static int tcg_insert_breakpoint(CPUState *cs, int type, vaddr addr, vaddr len)
     }
 }
 
-static int tcg_remove_breakpoint(CPUState *cs, int type, vaddr addr, vaddr len)
+static int tcg_remove_breakpoint(CPUState *cs, int type, hwaddr addr, hwaddr len)
 {
     CPUState *cpu;
     int err = 0;

accel/tcg/tcg-all.c

@@ -25,7 +25,7 @@
 
 #include "qemu/osdep.h"
 #include "sysemu/tcg.h"
-#include "exec/replay-core.h"
+#include "sysemu/replay.h"
 #include "sysemu/cpu-timers.h"
 #include "tcg/tcg.h"
 #include "qapi/error.h"

accel/tcg/tcg-runtime.h

@@ -55,17 +55,6 @@ DEF_HELPER_FLAGS_5(atomic_cmpxchgq_be, TCG_CALL_NO_WG,
 DEF_HELPER_FLAGS_5(atomic_cmpxchgq_le, TCG_CALL_NO_WG,
                    i64, env, tl, i64, i64, i32)
 #endif
-#ifdef CONFIG_CMPXCHG128
-DEF_HELPER_FLAGS_5(atomic_cmpxchgo_be, TCG_CALL_NO_WG,
-                   i128, env, tl, i128, i128, i32)
-DEF_HELPER_FLAGS_5(atomic_cmpxchgo_le, TCG_CALL_NO_WG,
-                   i128, env, tl, i128, i128, i32)
-#endif
-
-DEF_HELPER_FLAGS_5(nonatomic_cmpxchgo_be, TCG_CALL_NO_WG,
-                   i128, env, tl, i128, i128, i32)
-DEF_HELPER_FLAGS_5(nonatomic_cmpxchgo_le, TCG_CALL_NO_WG,
-                   i128, env, tl, i128, i128, i32)
 
 #ifdef CONFIG_ATOMIC64
 #define GEN_ATOMIC_HELPERS(NAME)                                  \

accel/tcg/trace-events

@@ -6,9 +6,5 @@ exec_tb(void *tb, uintptr_t pc) "tb:%p pc=0x%"PRIxPTR
 exec_tb_nocache(void *tb, uintptr_t pc) "tb:%p pc=0x%"PRIxPTR
 exec_tb_exit(void *last_tb, unsigned int flags) "tb:%p flags=0x%x"
 
-# cputlb.c
-memory_notdirty_write_access(uint64_t vaddr, uint64_t ram_addr, unsigned size) "0x%" PRIx64 " ram_addr 0x%" PRIx64 " size %u"
-memory_notdirty_set_dirty(uint64_t vaddr) "0x%" PRIx64
-
 # translate-all.c
 translate_block(void *tb, uintptr_t pc, const void *tb_code) "tb:%p, pc:0x%"PRIxPTR", tb_code:%p"

accel/tcg/translate-all.c

@@ -47,12 +47,11 @@
 #include "exec/cputlb.h"
 #include "exec/translate-all.h"
 #include "exec/translator.h"
-#include "exec/tb-flush.h"
 #include "qemu/bitmap.h"
 #include "qemu/qemu-print.h"
+#include "qemu/timer.h"
 #include "qemu/main-loop.h"
 #include "qemu/cacheinfo.h"
-#include "qemu/timer.h"
 #include "exec/log.h"
 #include "sysemu/cpus.h"
 #include "sysemu/cpu-timers.h"
@@ -63,15 +62,106 @@
 #include "tb-hash.h"
 #include "tb-context.h"
 #include "internal.h"
-#include "perf.h"
+
+/* make various TB consistency checks */
+
+/**
+ * struct page_entry - page descriptor entry
+ * @pd:     pointer to the &struct PageDesc of the page this entry represents
+ * @index:  page index of the page
+ * @locked: whether the page is locked
+ *
+ * This struct helps us keep track of the locked state of a page, without
+ * bloating &struct PageDesc.
+ *
+ * A page lock protects accesses to all fields of &struct PageDesc.
+ *
+ * See also: &struct page_collection.
+ */
+struct page_entry {
+    PageDesc *pd;
+    tb_page_addr_t index;
+    bool locked;
+};
+
+/**
+ * struct page_collection - tracks a set of pages (i.e. &struct page_entry's)
+ * @tree:   Binary search tree (BST) of the pages, with key == page index
+ * @max:    Pointer to the page in @tree with the highest page index
+ *
+ * To avoid deadlock we lock pages in ascending order of page index.
+ * When operating on a set of pages, we need to keep track of them so that
+ * we can lock them in order and also unlock them later. For this we collect
+ * pages (i.e. &struct page_entry's) in a binary search @tree. Given that the
+ * @tree implementation we use does not provide an O(1) operation to obtain the
+ * highest-ranked element, we use @max to keep track of the inserted page
+ * with the highest index. This is valuable because if a page is not in
+ * the tree and its index is higher than @max's, then we can lock it
+ * without breaking the locking order rule.
+ *
+ * Note on naming: 'struct page_set' would be shorter, but we already have a few
+ * page_set_*() helpers, so page_collection is used instead to avoid confusion.
+ *
+ * See also: page_collection_lock().
+ */
+struct page_collection {
+    GTree *tree;
+    struct page_entry *max;
+};
+
+/*
+ * In system mode we want L1_MAP to be based on ram offsets,
+ * while in user mode we want it to be based on virtual addresses.
+ *
+ * TODO: For user mode, see the caveat re host vs guest virtual
+ * address spaces near GUEST_ADDR_MAX.
+ */
+#if !defined(CONFIG_USER_ONLY)
+#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
+# define L1_MAP_ADDR_SPACE_BITS  HOST_LONG_BITS
+#else
+# define L1_MAP_ADDR_SPACE_BITS  TARGET_PHYS_ADDR_SPACE_BITS
+#endif
+#else
+# define L1_MAP_ADDR_SPACE_BITS  MIN(HOST_LONG_BITS, TARGET_ABI_BITS)
+#endif
 
 /* Make sure all possible CPU event bits fit in tb->trace_vcpu_dstate */
 QEMU_BUILD_BUG_ON(CPU_TRACE_DSTATE_MAX_EVENTS >
                   sizeof_field(TranslationBlock, trace_vcpu_dstate)
                   * BITS_PER_BYTE);
 
+/*
+ * L1 Mapping properties
+ */
+int v_l1_size;
+int v_l1_shift;
+int v_l2_levels;
+
+void *l1_map[V_L1_MAX_SIZE];
+
 TBContext tb_ctx;
 
+static void page_table_config_init(void)
+{
+    uint32_t v_l1_bits;
+
+    assert(TARGET_PAGE_BITS);
+    /* The bits remaining after N lower levels of page tables.  */
+    v_l1_bits = (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % V_L2_BITS;
+    if (v_l1_bits < V_L1_MIN_BITS) {
+        v_l1_bits += V_L2_BITS;
+    }
+
+    v_l1_size = 1 << v_l1_bits;
+    v_l1_shift = L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - v_l1_bits;
+    v_l2_levels = v_l1_shift / V_L2_BITS - 1;
+
+    assert(v_l1_bits <= V_L1_MAX_BITS);
+    assert(v_l1_shift % V_L2_BITS == 0);
+    assert(v_l2_levels >= 0);
+}
+
 /* Encode VAL as a signed leb128 sequence at P.
    Return P incremented past the encoded value.  */
 static uint8_t *encode_sleb128(uint8_t *p, target_long val)
@@ -136,7 +226,7 @@ static int encode_search(TranslationBlock *tb, uint8_t *block)
 
         for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
             if (i == 0) {
-                prev = (!(tb_cflags(tb) & CF_PCREL) && j == 0 ? tb->pc : 0);
+                prev = (!TARGET_TB_PCREL && j == 0 ? tb_pc(tb) : 0);
             } else {
                 prev = tcg_ctx->gen_insn_data[i - 1][j];
             }
@@ -171,8 +261,8 @@ static int cpu_unwind_data_from_tb(TranslationBlock *tb, uintptr_t host_pc,
     }
 
     memset(data, 0, sizeof(uint64_t) * TARGET_INSN_START_WORDS);
-    if (!(tb_cflags(tb) & CF_PCREL)) {
-        data[0] = tb->pc;
+    if (!TARGET_TB_PCREL) {
+        data[0] = tb_pc(tb);
     }
 
     /*
@@ -264,8 +354,394 @@ void page_init(void)
 {
     page_size_init();
     page_table_config_init();
+
+#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
+    {
+#ifdef HAVE_KINFO_GETVMMAP
+        struct kinfo_vmentry *freep;
+        int i, cnt;
+
+        freep = kinfo_getvmmap(getpid(), &cnt);
+        if (freep) {
+            mmap_lock();
+            for (i = 0; i < cnt; i++) {
+                unsigned long startaddr, endaddr;
+
+                startaddr = freep[i].kve_start;
+                endaddr = freep[i].kve_end;
+                if (h2g_valid(startaddr)) {
+                    startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
+
+                    if (h2g_valid(endaddr)) {
+                        endaddr = h2g(endaddr);
+                        page_set_flags(startaddr, endaddr, PAGE_RESERVED);
+                    } else {
+#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
+                        endaddr = ~0ul;
+                        page_set_flags(startaddr, endaddr, PAGE_RESERVED);
+#endif
+                    }
+                }
+            }
+            free(freep);
+            mmap_unlock();
+        }
+#else
+        FILE *f;
+
+        last_brk = (unsigned long)sbrk(0);
+
+        f = fopen("/compat/linux/proc/self/maps", "r");
+        if (f) {
+            mmap_lock();
+
+            do {
+                unsigned long startaddr, endaddr;
+                int n;
+
+                n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
+
+                if (n == 2 && h2g_valid(startaddr)) {
+                    startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
+
+                    if (h2g_valid(endaddr)) {
+                        endaddr = h2g(endaddr);
+                    } else {
+                        endaddr = ~0ul;
+                    }
+                    page_set_flags(startaddr, endaddr, PAGE_RESERVED);
+                }
+            } while (!feof(f));
+
+            fclose(f);
+            mmap_unlock();
+        }
+#endif
+    }
+#endif
 }
 
+PageDesc *page_find_alloc(tb_page_addr_t index, bool alloc)
+{
+    PageDesc *pd;
+    void **lp;
+    int i;
+
+    /* Level 1.  Always allocated.  */
+    lp = l1_map + ((index >> v_l1_shift) & (v_l1_size - 1));
+
+    /* Level 2..N-1.  */
+    for (i = v_l2_levels; i > 0; i--) {
+        void **p = qatomic_rcu_read(lp);
+
+        if (p == NULL) {
+            void *existing;
+
+            if (!alloc) {
+                return NULL;
+            }
+            p = g_new0(void *, V_L2_SIZE);
+            existing = qatomic_cmpxchg(lp, NULL, p);
+            if (unlikely(existing)) {
+                g_free(p);
+                p = existing;
+            }
+        }
+
+        lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1));
+    }
+
+    pd = qatomic_rcu_read(lp);
+    if (pd == NULL) {
+        void *existing;
+
+        if (!alloc) {
+            return NULL;
+        }
+        pd = g_new0(PageDesc, V_L2_SIZE);
+#ifndef CONFIG_USER_ONLY
+        {
+            int i;
+
+            for (i = 0; i < V_L2_SIZE; i++) {
+                qemu_spin_init(&pd[i].lock);
+            }
+        }
+#endif
+        existing = qatomic_cmpxchg(lp, NULL, pd);
+        if (unlikely(existing)) {
+#ifndef CONFIG_USER_ONLY
+            {
+                int i;
+
+                for (i = 0; i < V_L2_SIZE; i++) {
+                    qemu_spin_destroy(&pd[i].lock);
+                }
+            }
+#endif
+            g_free(pd);
+            pd = existing;
+        }
+    }
+
+    return pd + (index & (V_L2_SIZE - 1));
+}
+
+/* In user-mode page locks aren't used; mmap_lock is enough */
+#ifdef CONFIG_USER_ONLY
+struct page_collection *
+page_collection_lock(tb_page_addr_t start, tb_page_addr_t end)
+{
+    return NULL;
+}
+
+void page_collection_unlock(struct page_collection *set)
+{ }
+#else /* !CONFIG_USER_ONLY */
+
+#ifdef CONFIG_DEBUG_TCG
+
+static __thread GHashTable *ht_pages_locked_debug;
+
+static void ht_pages_locked_debug_init(void)
+{
+    if (ht_pages_locked_debug) {
+        return;
+    }
+    ht_pages_locked_debug = g_hash_table_new(NULL, NULL);
+}
+
+static bool page_is_locked(const PageDesc *pd)
+{
+    PageDesc *found;
+
+    ht_pages_locked_debug_init();
+    found = g_hash_table_lookup(ht_pages_locked_debug, pd);
+    return !!found;
+}
+
+static void page_lock__debug(PageDesc *pd)
+{
+    ht_pages_locked_debug_init();
+    g_assert(!page_is_locked(pd));
+    g_hash_table_insert(ht_pages_locked_debug, pd, pd);
+}
+
+static void page_unlock__debug(const PageDesc *pd)
+{
+    bool removed;
+
+    ht_pages_locked_debug_init();
+    g_assert(page_is_locked(pd));
+    removed = g_hash_table_remove(ht_pages_locked_debug, pd);
+    g_assert(removed);
+}
+
+void do_assert_page_locked(const PageDesc *pd, const char *file, int line)
+{
+    if (unlikely(!page_is_locked(pd))) {
+        error_report("assert_page_lock: PageDesc %p not locked @ %s:%d",
+                     pd, file, line);
+        abort();
+    }
+}
+
+void assert_no_pages_locked(void)
+{
+    ht_pages_locked_debug_init();
+    g_assert(g_hash_table_size(ht_pages_locked_debug) == 0);
+}
+
+#else /* !CONFIG_DEBUG_TCG */
+
+static inline void page_lock__debug(const PageDesc *pd) { }
+static inline void page_unlock__debug(const PageDesc *pd) { }
+
+#endif /* CONFIG_DEBUG_TCG */
+
+void page_lock(PageDesc *pd)
+{
+    page_lock__debug(pd);
+    qemu_spin_lock(&pd->lock);
+}
+
+void page_unlock(PageDesc *pd)
+{
+    qemu_spin_unlock(&pd->lock);
+    page_unlock__debug(pd);
+}
+
+static inline struct page_entry *
+page_entry_new(PageDesc *pd, tb_page_addr_t index)
+{
+    struct page_entry *pe = g_malloc(sizeof(*pe));
+
+    pe->index = index;
+    pe->pd = pd;
+    pe->locked = false;
+    return pe;
+}
+
+static void page_entry_destroy(gpointer p)
+{
+    struct page_entry *pe = p;
+
+    g_assert(pe->locked);
+    page_unlock(pe->pd);
+    g_free(pe);
+}
+
+/* returns false on success */
+static bool page_entry_trylock(struct page_entry *pe)
+{
+    bool busy;
+
+    busy = qemu_spin_trylock(&pe->pd->lock);
+    if (!busy) {
+        g_assert(!pe->locked);
+        pe->locked = true;
+        page_lock__debug(pe->pd);
+    }
+    return busy;
+}
+
+static void do_page_entry_lock(struct page_entry *pe)
+{
+    page_lock(pe->pd);
+    g_assert(!pe->locked);
+    pe->locked = true;
+}
+
+static gboolean page_entry_lock(gpointer key, gpointer value, gpointer data)
+{
+    struct page_entry *pe = value;
+
+    do_page_entry_lock(pe);
+    return FALSE;
+}
+
+static gboolean page_entry_unlock(gpointer key, gpointer value, gpointer data)
+{
+    struct page_entry *pe = value;
+
+    if (pe->locked) {
+        pe->locked = false;
+        page_unlock(pe->pd);
+    }
+    return FALSE;
+}
+
+/*
+ * Trylock a page, and if successful, add the page to a collection.
+ * Returns true ("busy") if the page could not be locked; false otherwise.
+ */
+static bool page_trylock_add(struct page_collection *set, tb_page_addr_t addr)
+{
+    tb_page_addr_t index = addr >> TARGET_PAGE_BITS;
+    struct page_entry *pe;
+    PageDesc *pd;
+
+    pe = g_tree_lookup(set->tree, &index);
+    if (pe) {
+        return false;
+    }
+
+    pd = page_find(index);
+    if (pd == NULL) {
+        return false;
+    }
+
+    pe = page_entry_new(pd, index);
+    g_tree_insert(set->tree, &pe->index, pe);
+
+    /*
+     * If this is either (1) the first insertion or (2) a page whose index
+     * is higher than any other so far, just lock the page and move on.
+     */
+    if (set->max == NULL || pe->index > set->max->index) {
+        set->max = pe;
+        do_page_entry_lock(pe);
+        return false;
+    }
+    /*
+     * Try to acquire out-of-order lock; if busy, return busy so that we acquire
+     * locks in order.
+     */
+    return page_entry_trylock(pe);
+}
+
+static gint tb_page_addr_cmp(gconstpointer ap, gconstpointer bp, gpointer udata)
+{
+    tb_page_addr_t a = *(const tb_page_addr_t *)ap;
+    tb_page_addr_t b = *(const tb_page_addr_t *)bp;
+
+    if (a == b) {
+        return 0;
+    } else if (a < b) {
+        return -1;
+    }
+    return 1;
+}
+
+/*
+ * Lock a range of pages ([@start,@end[) as well as the pages of all
+ * intersecting TBs.
+ * Locking order: acquire locks in ascending order of page index.
+ */
+struct page_collection *
+page_collection_lock(tb_page_addr_t start, tb_page_addr_t end)
+{
+    struct page_collection *set = g_malloc(sizeof(*set));
+    tb_page_addr_t index;
+    PageDesc *pd;
+
+    start >>= TARGET_PAGE_BITS;
+    end   >>= TARGET_PAGE_BITS;
+    g_assert(start <= end);
+
+    set->tree = g_tree_new_full(tb_page_addr_cmp, NULL, NULL,
+                                page_entry_destroy);
+    set->max = NULL;
+    assert_no_pages_locked();
+
+ retry:
+    g_tree_foreach(set->tree, page_entry_lock, NULL);
+
+    for (index = start; index <= end; index++) {
+        TranslationBlock *tb;
+        int n;
+
+        pd = page_find(index);
+        if (pd == NULL) {
+            continue;
+        }
+        if (page_trylock_add(set, index << TARGET_PAGE_BITS)) {
+            g_tree_foreach(set->tree, page_entry_unlock, NULL);
+            goto retry;
+        }
+        assert_page_locked(pd);
+        PAGE_FOR_EACH_TB(pd, tb, n) {
+            if (page_trylock_add(set, tb_page_addr0(tb)) ||
+                (tb_page_addr1(tb) != -1 &&
+                 page_trylock_add(set, tb_page_addr1(tb)))) {
+                /* drop all locks, and reacquire in order */
+                g_tree_foreach(set->tree, page_entry_unlock, NULL);
+                goto retry;
+            }
+        }
+    }
+    return set;
+}
+
+void page_collection_unlock(struct page_collection *set)
+{
+    /* entries are unlocked and freed via page_entry_destroy */
+    g_tree_destroy(set->tree);
+    g_free(set);
+}
+
+#endif /* !CONFIG_USER_ONLY */
+
 /*
  * Isolate the portion of code gen which can setjmp/longjmp.
  * Return the size of the generated code, or negative on error.
@@ -282,7 +758,7 @@ static int setjmp_gen_code(CPUArchState *env, TranslationBlock *tb,
     tcg_func_start(tcg_ctx);
 
     tcg_ctx->cpu = env_cpu(env);
-    gen_intermediate_code(env_cpu(env), tb, max_insns, pc, host_pc);
+    gen_intermediate_code(env_cpu(env), tb, *max_insns, pc, host_pc);
     assert(tb->size != 0);
     tcg_ctx->cpu = NULL;
     *max_insns = tb->icount;
@@ -342,16 +818,16 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
 
     gen_code_buf = tcg_ctx->code_gen_ptr;
     tb->tc.ptr = tcg_splitwx_to_rx(gen_code_buf);
-    if (!(cflags & CF_PCREL)) {
-        tb->pc = pc;
-    }
+#if !TARGET_TB_PCREL
+    tb->pc = pc;
+#endif
     tb->cs_base = cs_base;
     tb->flags = flags;
     tb->cflags = cflags;
     tb->trace_vcpu_dstate = *cpu->trace_dstate;
     tb_set_page_addr0(tb, phys_pc);
     tb_set_page_addr1(tb, -1);
-    tcg_ctx->gen_tb = tb;
+    tcg_ctx->tb_cflags = cflags;
  tb_overflow:
 
 #ifdef CONFIG_PROFILER
@@ -408,12 +884,6 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
     }
     tb->tc.size = gen_code_size;
 
-    /*
-     * For CF_PCREL, attribute all executions of the generated code
-     * to its first mapping.
-     */
-    perf_report_code(pc, tb, tcg_splitwx_to_rx(gen_code_buf));
-
 #ifdef CONFIG_PROFILER
     qatomic_set(&prof->code_time, prof->code_time + profile_getclock() - ti);
     qatomic_set(&prof->code_in_len, prof->code_in_len + tb->size);
@@ -509,10 +979,10 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
     tb->jmp_dest[1] = (uintptr_t)NULL;
 
     /* init original jump addresses which have been set during tcg_gen_code() */
-    if (tb->jmp_reset_offset[0] != TB_JMP_OFFSET_INVALID) {
+    if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) {
         tb_reset_jump(tb, 0);
     }
-    if (tb->jmp_reset_offset[1] != TB_JMP_OFFSET_INVALID) {
+    if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) {
         tb_reset_jump(tb, 1);
     }
 
@@ -572,7 +1042,7 @@ void tb_check_watchpoint(CPUState *cpu, uintptr_t retaddr)
         cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
         addr = get_page_addr_code(env, pc);
         if (addr != -1) {
-            tb_invalidate_phys_range(addr, addr);
+            tb_invalidate_phys_range(addr, addr + 1);
         }
     }
 }
@@ -694,9 +1164,9 @@ static gboolean tb_tree_stats_iter(gpointer key, gpointer value, gpointer data)
     if (tb_page_addr1(tb) != -1) {
         tst->cross_page++;
     }
-    if (tb->jmp_reset_offset[0] != TB_JMP_OFFSET_INVALID) {
+    if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) {
         tst->direct_jmp_count++;
-        if (tb->jmp_reset_offset[1] != TB_JMP_OFFSET_INVALID) {
+        if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) {
             tst->direct_jmp2_count++;
         }
     }
@@ -765,6 +1235,339 @@ void cpu_interrupt(CPUState *cpu, int mask)
     qatomic_set(&cpu_neg(cpu)->icount_decr.u16.high, -1);
 }
 
+/*
+ * Walks guest process memory "regions" one by one
+ * and calls callback function 'fn' for each region.
+ */
+struct walk_memory_regions_data {
+    walk_memory_regions_fn fn;
+    void *priv;
+    target_ulong start;
+    int prot;
+};
+
+static int walk_memory_regions_end(struct walk_memory_regions_data *data,
+                                   target_ulong end, int new_prot)
+{
+    if (data->start != -1u) {
+        int rc = data->fn(data->priv, data->start, end, data->prot);
+        if (rc != 0) {
+            return rc;
+        }
+    }
+
+    data->start = (new_prot ? end : -1u);
+    data->prot = new_prot;
+
+    return 0;
+}
+
+static int walk_memory_regions_1(struct walk_memory_regions_data *data,
+                                 target_ulong base, int level, void **lp)
+{
+    target_ulong pa;
+    int i, rc;
+
+    if (*lp == NULL) {
+        return walk_memory_regions_end(data, base, 0);
+    }
+
+    if (level == 0) {
+        PageDesc *pd = *lp;
+
+        for (i = 0; i < V_L2_SIZE; ++i) {
+            int prot = pd[i].flags;
+
+            pa = base | (i << TARGET_PAGE_BITS);
+            if (prot != data->prot) {
+                rc = walk_memory_regions_end(data, pa, prot);
+                if (rc != 0) {
+                    return rc;
+                }
+            }
+        }
+    } else {
+        void **pp = *lp;
+
+        for (i = 0; i < V_L2_SIZE; ++i) {
+            pa = base | ((target_ulong)i <<
+                (TARGET_PAGE_BITS + V_L2_BITS * level));
+            rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
+            if (rc != 0) {
+                return rc;
+            }
+        }
+    }
+
+    return 0;
+}
+
+int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
+{
+    struct walk_memory_regions_data data;
+    uintptr_t i, l1_sz = v_l1_size;
+
+    data.fn = fn;
+    data.priv = priv;
+    data.start = -1u;
+    data.prot = 0;
+
+    for (i = 0; i < l1_sz; i++) {
+        target_ulong base = i << (v_l1_shift + TARGET_PAGE_BITS);
+        int rc = walk_memory_regions_1(&data, base, v_l2_levels, l1_map + i);
+        if (rc != 0) {
+            return rc;
+        }
+    }
+
+    return walk_memory_regions_end(&data, 0, 0);
+}
+
+static int dump_region(void *priv, target_ulong start,
+    target_ulong end, unsigned long prot)
+{
+    FILE *f = (FILE *)priv;
+
+    (void) fprintf(f, TARGET_FMT_lx"-"TARGET_FMT_lx
+        " "TARGET_FMT_lx" %c%c%c\n",
+        start, end, end - start,
+        ((prot & PAGE_READ) ? 'r' : '-'),
+        ((prot & PAGE_WRITE) ? 'w' : '-'),
+        ((prot & PAGE_EXEC) ? 'x' : '-'));
+
+    return 0;
+}
+
+/* dump memory mappings */
+void page_dump(FILE *f)
+{
+    const int length = sizeof(target_ulong) * 2;
+    (void) fprintf(f, "%-*s %-*s %-*s %s\n",
+            length, "start", length, "end", length, "size", "prot");
+    walk_memory_regions(f, dump_region);
+}
+
+int page_get_flags(target_ulong address)
+{
+    PageDesc *p;
+
+    p = page_find(address >> TARGET_PAGE_BITS);
+    if (!p) {
+        return 0;
+    }
+    return p->flags;
+}
+
+/*
+ * Allow the target to decide if PAGE_TARGET_[12] may be reset.
+ * By default, they are not kept.
+ */
+#ifndef PAGE_TARGET_STICKY
+#define PAGE_TARGET_STICKY  0
+#endif
+#define PAGE_STICKY  (PAGE_ANON | PAGE_PASSTHROUGH | PAGE_TARGET_STICKY)
+
+/* Modify the flags of a page and invalidate the code if necessary.
+   The flag PAGE_WRITE_ORG is positioned automatically depending
+   on PAGE_WRITE.  The mmap_lock should already be held.  */
+void page_set_flags(target_ulong start, target_ulong end, int flags)
+{
+    target_ulong addr, len;
+    bool reset, inval_tb = false;
+
+    /* This function should never be called with addresses outside the
+       guest address space.  If this assert fires, it probably indicates
+       a missing call to h2g_valid.  */
+    assert(end - 1 <= GUEST_ADDR_MAX);
+    assert(start < end);
+    /* Only set PAGE_ANON with new mappings. */
+    assert(!(flags & PAGE_ANON) || (flags & PAGE_RESET));
+    assert_memory_lock();
+
+    start = start & TARGET_PAGE_MASK;
+    end = TARGET_PAGE_ALIGN(end);
+
+    if (flags & PAGE_WRITE) {
+        flags |= PAGE_WRITE_ORG;
+    }
+    reset = !(flags & PAGE_VALID) || (flags & PAGE_RESET);
+    if (reset) {
+        page_reset_target_data(start, end);
+    }
+    flags &= ~PAGE_RESET;
+
+    for (addr = start, len = end - start;
+         len != 0;
+         len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
+        PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, true);
+
+        /*
+         * If the page was executable, but is reset, or is no longer
+         * executable, or has become writable, then invalidate any code.
+         */
+        if ((p->flags & PAGE_EXEC)
+            && (reset ||
+                !(flags & PAGE_EXEC) ||
+                (flags & ~p->flags & PAGE_WRITE))) {
+            inval_tb = true;
+        }
+        /* Using mprotect on a page does not change sticky bits. */
+        p->flags = (reset ? 0 : p->flags & PAGE_STICKY) | flags;
+    }
+
+    if (inval_tb) {
+        tb_invalidate_phys_range(start, end);
+    }
+}
+
+int page_check_range(target_ulong start, target_ulong len, int flags)
+{
+    PageDesc *p;
+    target_ulong end;
+    target_ulong addr;
+
+    /* This function should never be called with addresses outside the
+       guest address space.  If this assert fires, it probably indicates
+       a missing call to h2g_valid.  */
+    if (TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS) {
+        assert(start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
+    }
+
+    if (len == 0) {
+        return 0;
+    }
+    if (start + len - 1 < start) {
+        /* We've wrapped around.  */
+        return -1;
+    }
+
+    /* must do before we loose bits in the next step */
+    end = TARGET_PAGE_ALIGN(start + len);
+    start = start & TARGET_PAGE_MASK;
+
+    for (addr = start, len = end - start;
+         len != 0;
+         len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
+        p = page_find(addr >> TARGET_PAGE_BITS);
+        if (!p) {
+            return -1;
+        }
+        if (!(p->flags & PAGE_VALID)) {
+            return -1;
+        }
+
+        if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) {
+            return -1;
+        }
+        if (flags & PAGE_WRITE) {
+            if (!(p->flags & PAGE_WRITE_ORG)) {
+                return -1;
+            }
+            /* unprotect the page if it was put read-only because it
+               contains translated code */
+            if (!(p->flags & PAGE_WRITE)) {
+                if (!page_unprotect(addr, 0)) {
+                    return -1;
+                }
+            }
+        }
+    }
+    return 0;
+}
+
+void page_protect(tb_page_addr_t page_addr)
+{
+    target_ulong addr;
+    PageDesc *p;
+    int prot;
+
+    p = page_find(page_addr >> TARGET_PAGE_BITS);
+    if (p && (p->flags & PAGE_WRITE)) {
+        /*
+         * Force the host page as non writable (writes will have a page fault +
+         * mprotect overhead).
+         */
+        page_addr &= qemu_host_page_mask;
+        prot = 0;
+        for (addr = page_addr; addr < page_addr + qemu_host_page_size;
+             addr += TARGET_PAGE_SIZE) {
+
+            p = page_find(addr >> TARGET_PAGE_BITS);
+            if (!p) {
+                continue;
+            }
+            prot |= p->flags;
+            p->flags &= ~PAGE_WRITE;
+        }
+        mprotect(g2h_untagged(page_addr), qemu_host_page_size,
+                 (prot & PAGE_BITS) & ~PAGE_WRITE);
+    }
+}
+
+/* called from signal handler: invalidate the code and unprotect the
+ * page. Return 0 if the fault was not handled, 1 if it was handled,
+ * and 2 if it was handled but the caller must cause the TB to be
+ * immediately exited. (We can only return 2 if the 'pc' argument is
+ * non-zero.)
+ */
+int page_unprotect(target_ulong address, uintptr_t pc)
+{
+    unsigned int prot;
+    bool current_tb_invalidated;
+    PageDesc *p;
+    target_ulong host_start, host_end, addr;
+
+    /* Technically this isn't safe inside a signal handler.  However we
+       know this only ever happens in a synchronous SEGV handler, so in
+       practice it seems to be ok.  */
+    mmap_lock();
+
+    p = page_find(address >> TARGET_PAGE_BITS);
+    if (!p) {
+        mmap_unlock();
+        return 0;
+    }
+
+    /* if the page was really writable, then we change its
+       protection back to writable */
+    if (p->flags & PAGE_WRITE_ORG) {
+        current_tb_invalidated = false;
+        if (p->flags & PAGE_WRITE) {
+            /* If the page is actually marked WRITE then assume this is because
+             * this thread raced with another one which got here first and
+             * set the page to PAGE_WRITE and did the TB invalidate for us.
+             */
+#ifdef TARGET_HAS_PRECISE_SMC
+            TranslationBlock *current_tb = tcg_tb_lookup(pc);
+            if (current_tb) {
+                current_tb_invalidated = tb_cflags(current_tb) & CF_INVALID;
+            }
+#endif
+        } else {
+            host_start = address & qemu_host_page_mask;
+            host_end = host_start + qemu_host_page_size;
+
+            prot = 0;
+            for (addr = host_start; addr < host_end; addr += TARGET_PAGE_SIZE) {
+                p = page_find(addr >> TARGET_PAGE_BITS);
+                p->flags |= PAGE_WRITE;
+                prot |= p->flags;
+
+                /* and since the content will be modified, we must invalidate
+                   the corresponding translated code. */
+                current_tb_invalidated |=
+                    tb_invalidate_phys_page_unwind(addr, pc);
+            }
+            mprotect((void *)g2h_untagged(host_start), qemu_host_page_size,
+                     prot & PAGE_BITS);
+        }
+        mmap_unlock();
+        /* If current TB was invalidated return to main loop */
+        return current_tb_invalidated ? 2 : 1;
+    }
+    mmap_unlock();
+    return 0;
+}
 #endif /* CONFIG_USER_ONLY */
 
 /*

accel/tcg/translator.c

@@ -16,7 +16,20 @@
 #include "exec/log.h"
 #include "exec/translator.h"
 #include "exec/plugin-gen.h"
-#include "exec/replay-core.h"
+#include "sysemu/replay.h"
+
+/* Pairs with tcg_clear_temp_count.
+   To be called by #TranslatorOps.{translate_insn,tb_stop} if
+   (1) the target is sufficiently clean to support reporting,
+   (2) as and when all temporaries are known to be consumed.
+   For most targets, (2) is at the end of translate_insn.  */
+void translator_loop_temp_check(DisasContextBase *db)
+{
+    if (tcg_check_temp_count()) {
+        qemu_log("warning: TCG temporary leaks before "
+                 TARGET_FMT_lx "\n", db->pc_next);
+    }
+}
 
 bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest)
 {
@@ -29,7 +42,7 @@ bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest)
     return ((db->pc_first ^ dest) & TARGET_PAGE_MASK) == 0;
 }
 
-void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns,
+void translator_loop(CPUState *cpu, TranslationBlock *tb, int max_insns,
                      target_ulong pc, void *host_pc,
                      const TranslatorOps *ops, DisasContextBase *db)
 {
@@ -42,7 +55,7 @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns,
     db->pc_next = pc;
     db->is_jmp = DISAS_NEXT;
     db->num_insns = 0;
-    db->max_insns = *max_insns;
+    db->max_insns = max_insns;
     db->singlestep_enabled = cflags & CF_SINGLE_STEP;
     db->host_addr[0] = host_pc;
     db->host_addr[1] = NULL;
@@ -54,6 +67,9 @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns,
     ops->init_disas_context(db, cpu);
     tcg_debug_assert(db->is_jmp == DISAS_NEXT);  /* no early exit */
 
+    /* Reset the temp count so that we can identify leaks */
+    tcg_clear_temp_count();
+
     /* Start translating.  */
     gen_tb_start(db->tb);
     ops->tb_start(db, cpu);
@@ -62,7 +78,7 @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns,
     plugin_enabled = plugin_gen_tb_start(cpu, db, cflags & CF_MEMI_ONLY);
 
     while (true) {
-        *max_insns = ++db->num_insns;
+        db->num_insns++;
         ops->insn_start(db, cpu);
         tcg_debug_assert(db->is_jmp == DISAS_NEXT);  /* no early exit */
 
@@ -84,24 +100,19 @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns,
             ops->translate_insn(db, cpu);
         }
 
-        /*
-         * We can't instrument after instructions that change control
-         * flow although this only really affects post-load operations.
-         *
-         * Calling plugin_gen_insn_end() before we possibly stop translation
-         * is important. Even if this ends up as dead code, plugin generation
-         * needs to see a matching plugin_gen_insn_{start,end}() pair in order
-         * to accurately track instrumented helpers that might access memory.
-         */
-        if (plugin_enabled) {
-            plugin_gen_insn_end();
-        }
-
         /* Stop translation if translate_insn so indicated.  */
         if (db->is_jmp != DISAS_NEXT) {
             break;
         }
 
+        /*
+         * We can't instrument after instructions that change control
+         * flow although this only really affects post-load operations.
+         */
+        if (plugin_enabled) {
+            plugin_gen_insn_end();
+        }
+
         /* Stop translation if the output buffer is full,
            or we have executed all of the allowed instructions.  */
         if (tcg_op_buf_full() || db->num_insns >= db->max_insns) {
@@ -160,16 +171,8 @@ static void *translator_access(CPUArchState *env, DisasContextBase *db,
         if (host == NULL) {
             tb_page_addr_t phys_page =
                 get_page_addr_code_hostp(env, base, &db->host_addr[1]);
-
-            /*
-             * If the second page is MMIO, treat as if the first page
-             * was MMIO as well, so that we do not cache the TB.
-             */
-            if (unlikely(phys_page == -1)) {
-                tb_set_page_addr0(tb, -1);
-                return NULL;
-            }
-
+            /* We cannot handle MMIO as second page. */
+            assert(phys_page != -1);
             tb_set_page_addr1(tb, phys_page);
 #ifdef CONFIG_USER_ONLY
             page_protect(end);

accel/tcg/user-exec-stub.c

@@ -1,6 +1,6 @@
 #include "qemu/osdep.h"
 #include "hw/core/cpu.h"
-#include "exec/replay-core.h"
+#include "sysemu/replay.h"
 
 bool enable_cpu_pm = false;
 

accel/tcg/user-exec.c

@@ -22,7 +22,6 @@
 #include "exec/exec-all.h"
 #include "tcg/tcg.h"
 #include "qemu/bitops.h"
-#include "qemu/rcu.h"
 #include "exec/cpu_ldst.h"
 #include "exec/translate-all.h"
 #include "exec/helper-proto.h"
@@ -136,591 +135,6 @@ bool handle_sigsegv_accerr_write(CPUState *cpu, sigset_t *old_set,
     }
 }
 
-typedef struct PageFlagsNode {
-    struct rcu_head rcu;
-    IntervalTreeNode itree;
-    int flags;
-} PageFlagsNode;
-
-static IntervalTreeRoot pageflags_root;
-
-static PageFlagsNode *pageflags_find(target_ulong start, target_long last)
-{
-    IntervalTreeNode *n;
-
-    n = interval_tree_iter_first(&pageflags_root, start, last);
-    return n ? container_of(n, PageFlagsNode, itree) : NULL;
-}
-
-static PageFlagsNode *pageflags_next(PageFlagsNode *p, target_ulong start,
-                                     target_long last)
-{
-    IntervalTreeNode *n;
-
-    n = interval_tree_iter_next(&p->itree, start, last);
-    return n ? container_of(n, PageFlagsNode, itree) : NULL;
-}
-
-int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
-{
-    IntervalTreeNode *n;
-    int rc = 0;
-
-    mmap_lock();
-    for (n = interval_tree_iter_first(&pageflags_root, 0, -1);
-         n != NULL;
-         n = interval_tree_iter_next(n, 0, -1)) {
-        PageFlagsNode *p = container_of(n, PageFlagsNode, itree);
-
-        rc = fn(priv, n->start, n->last + 1, p->flags);
-        if (rc != 0) {
-            break;
-        }
-    }
-    mmap_unlock();
-
-    return rc;
-}
-
-static int dump_region(void *priv, target_ulong start,
-                       target_ulong end, unsigned long prot)
-{
-    FILE *f = (FILE *)priv;
-
-    fprintf(f, TARGET_FMT_lx"-"TARGET_FMT_lx" "TARGET_FMT_lx" %c%c%c\n",
-            start, end, end - start,
-            ((prot & PAGE_READ) ? 'r' : '-'),
-            ((prot & PAGE_WRITE) ? 'w' : '-'),
-            ((prot & PAGE_EXEC) ? 'x' : '-'));
-    return 0;
-}
-
-/* dump memory mappings */
-void page_dump(FILE *f)
-{
-    const int length = sizeof(target_ulong) * 2;
-
-    fprintf(f, "%-*s %-*s %-*s %s\n",
-            length, "start", length, "end", length, "size", "prot");
-    walk_memory_regions(f, dump_region);
-}
-
-int page_get_flags(target_ulong address)
-{
-    PageFlagsNode *p = pageflags_find(address, address);
-
-    /*
-     * See util/interval-tree.c re lockless lookups: no false positives but
-     * there are false negatives.  If we find nothing, retry with the mmap
-     * lock acquired.
-     */
-    if (p) {
-        return p->flags;
-    }
-    if (have_mmap_lock()) {
-        return 0;
-    }
-
-    mmap_lock();
-    p = pageflags_find(address, address);
-    mmap_unlock();
-    return p ? p->flags : 0;
-}
-
-/* A subroutine of page_set_flags: insert a new node for [start,last]. */
-static void pageflags_create(target_ulong start, target_ulong last, int flags)
-{
-    PageFlagsNode *p = g_new(PageFlagsNode, 1);
-
-    p->itree.start = start;
-    p->itree.last = last;
-    p->flags = flags;
-    interval_tree_insert(&p->itree, &pageflags_root);
-}
-
-/* A subroutine of page_set_flags: remove everything in [start,last]. */
-static bool pageflags_unset(target_ulong start, target_ulong last)
-{
-    bool inval_tb = false;
-
-    while (true) {
-        PageFlagsNode *p = pageflags_find(start, last);
-        target_ulong p_last;
-
-        if (!p) {
-            break;
-        }
-
-        if (p->flags & PAGE_EXEC) {
-            inval_tb = true;
-        }
-
-        interval_tree_remove(&p->itree, &pageflags_root);
-        p_last = p->itree.last;
-
-        if (p->itree.start < start) {
-            /* Truncate the node from the end, or split out the middle. */
-            p->itree.last = start - 1;
-            interval_tree_insert(&p->itree, &pageflags_root);
-            if (last < p_last) {
-                pageflags_create(last + 1, p_last, p->flags);
-                break;
-            }
-        } else if (p_last <= last) {
-            /* Range completely covers node -- remove it. */
-            g_free_rcu(p, rcu);
-        } else {
-            /* Truncate the node from the start. */
-            p->itree.start = last + 1;
-            interval_tree_insert(&p->itree, &pageflags_root);
-            break;
-        }
-    }
-
-    return inval_tb;
-}
-
-/*
- * A subroutine of page_set_flags: nothing overlaps [start,last],
- * but check adjacent mappings and maybe merge into a single range.
- */
-static void pageflags_create_merge(target_ulong start, target_ulong last,
-                                   int flags)
-{
-    PageFlagsNode *next = NULL, *prev = NULL;
-
-    if (start > 0) {
-        prev = pageflags_find(start - 1, start - 1);
-        if (prev) {
-            if (prev->flags == flags) {
-                interval_tree_remove(&prev->itree, &pageflags_root);
-            } else {
-                prev = NULL;
-            }
-        }
-    }
-    if (last + 1 != 0) {
-        next = pageflags_find(last + 1, last + 1);
-        if (next) {
-            if (next->flags == flags) {
-                interval_tree_remove(&next->itree, &pageflags_root);
-            } else {
-                next = NULL;
-            }
-        }
-    }
-
-    if (prev) {
-        if (next) {
-            prev->itree.last = next->itree.last;
-            g_free_rcu(next, rcu);
-        } else {
-            prev->itree.last = last;
-        }
-        interval_tree_insert(&prev->itree, &pageflags_root);
-    } else if (next) {
-        next->itree.start = start;
-        interval_tree_insert(&next->itree, &pageflags_root);
-    } else {
-        pageflags_create(start, last, flags);
-    }
-}
-
-/*
- * Allow the target to decide if PAGE_TARGET_[12] may be reset.
- * By default, they are not kept.
- */
-#ifndef PAGE_TARGET_STICKY
-#define PAGE_TARGET_STICKY  0
-#endif
-#define PAGE_STICKY  (PAGE_ANON | PAGE_PASSTHROUGH | PAGE_TARGET_STICKY)
-
-/* A subroutine of page_set_flags: add flags to [start,last]. */
-static bool pageflags_set_clear(target_ulong start, target_ulong last,
-                                int set_flags, int clear_flags)
-{
-    PageFlagsNode *p;
-    target_ulong p_start, p_last;
-    int p_flags, merge_flags;
-    bool inval_tb = false;
-
- restart:
-    p = pageflags_find(start, last);
-    if (!p) {
-        if (set_flags) {
-            pageflags_create_merge(start, last, set_flags);
-        }
-        goto done;
-    }
-
-    p_start = p->itree.start;
-    p_last = p->itree.last;
-    p_flags = p->flags;
-    /* Using mprotect on a page does not change sticky bits. */
-    merge_flags = (p_flags & ~clear_flags) | set_flags;
-
-    /*
-     * Need to flush if an overlapping executable region
-     * removes exec, or adds write.
-     */
-    if ((p_flags & PAGE_EXEC)
-        && (!(merge_flags & PAGE_EXEC)
-            || (merge_flags & ~p_flags & PAGE_WRITE))) {
-        inval_tb = true;
-    }
-
-    /*
-     * If there is an exact range match, update and return without
-     * attempting to merge with adjacent regions.
-     */
-    if (start == p_start && last == p_last) {
-        if (merge_flags) {
-            p->flags = merge_flags;
-        } else {
-            interval_tree_remove(&p->itree, &pageflags_root);
-            g_free_rcu(p, rcu);
-        }
-        goto done;
-    }
-
-    /*
-     * If sticky bits affect the original mapping, then we must be more
-     * careful about the existing intervals and the separate flags.
-     */
-    if (set_flags != merge_flags) {
-        if (p_start < start) {
-            interval_tree_remove(&p->itree, &pageflags_root);
-            p->itree.last = start - 1;
-            interval_tree_insert(&p->itree, &pageflags_root);
-
-            if (last < p_last) {
-                if (merge_flags) {
-                    pageflags_create(start, last, merge_flags);
-                }
-                pageflags_create(last + 1, p_last, p_flags);
-            } else {
-                if (merge_flags) {
-                    pageflags_create(start, p_last, merge_flags);
-                }
-                if (p_last < last) {
-                    start = p_last + 1;
-                    goto restart;
-                }
-            }
-        } else {
-            if (start < p_start && set_flags) {
-                pageflags_create(start, p_start - 1, set_flags);
-            }
-            if (last < p_last) {
-                interval_tree_remove(&p->itree, &pageflags_root);
-                p->itree.start = last + 1;
-                interval_tree_insert(&p->itree, &pageflags_root);
-                if (merge_flags) {
-                    pageflags_create(start, last, merge_flags);
-                }
-            } else {
-                if (merge_flags) {
-                    p->flags = merge_flags;
-                } else {
-                    interval_tree_remove(&p->itree, &pageflags_root);
-                    g_free_rcu(p, rcu);
-                }
-                if (p_last < last) {
-                    start = p_last + 1;
-                    goto restart;
-                }
-            }
-        }
-        goto done;
-    }
-
-    /* If flags are not changing for this range, incorporate it. */
-    if (set_flags == p_flags) {
-        if (start < p_start) {
-            interval_tree_remove(&p->itree, &pageflags_root);
-            p->itree.start = start;
-            interval_tree_insert(&p->itree, &pageflags_root);
-        }
-        if (p_last < last) {
-            start = p_last + 1;
-            goto restart;
-        }
-        goto done;
-    }
-
-    /* Maybe split out head and/or tail ranges with the original flags. */
-    interval_tree_remove(&p->itree, &pageflags_root);
-    if (p_start < start) {
-        p->itree.last = start - 1;
-        interval_tree_insert(&p->itree, &pageflags_root);
-
-        if (p_last < last) {
-            goto restart;
-        }
-        if (last < p_last) {
-            pageflags_create(last + 1, p_last, p_flags);
-        }
-    } else if (last < p_last) {
-        p->itree.start = last + 1;
-        interval_tree_insert(&p->itree, &pageflags_root);
-    } else {
-        g_free_rcu(p, rcu);
-        goto restart;
-    }
-    if (set_flags) {
-        pageflags_create(start, last, set_flags);
-    }
-
- done:
-    return inval_tb;
-}
-
-/*
- * Modify the flags of a page and invalidate the code if necessary.
- * The flag PAGE_WRITE_ORG is positioned automatically depending
- * on PAGE_WRITE.  The mmap_lock should already be held.
- */
-void page_set_flags(target_ulong start, target_ulong last, int flags)
-{
-    bool reset = false;
-    bool inval_tb = false;
-
-    /* This function should never be called with addresses outside the
-       guest address space.  If this assert fires, it probably indicates
-       a missing call to h2g_valid.  */
-    assert(start <= last);
-    assert(last <= GUEST_ADDR_MAX);
-    /* Only set PAGE_ANON with new mappings. */
-    assert(!(flags & PAGE_ANON) || (flags & PAGE_RESET));
-    assert_memory_lock();
-
-    start &= TARGET_PAGE_MASK;
-    last |= ~TARGET_PAGE_MASK;
-
-    if (!(flags & PAGE_VALID)) {
-        flags = 0;
-    } else {
-        reset = flags & PAGE_RESET;
-        flags &= ~PAGE_RESET;
-        if (flags & PAGE_WRITE) {
-            flags |= PAGE_WRITE_ORG;
-        }
-    }
-
-    if (!flags || reset) {
-        page_reset_target_data(start, last);
-        inval_tb |= pageflags_unset(start, last);
-    }
-    if (flags) {
-        inval_tb |= pageflags_set_clear(start, last, flags,
-                                        ~(reset ? 0 : PAGE_STICKY));
-    }
-    if (inval_tb) {
-        tb_invalidate_phys_range(start, last);
-    }
-}
-
-int page_check_range(target_ulong start, target_ulong len, int flags)
-{
-    target_ulong last;
-    int locked;  /* tri-state: =0: unlocked, +1: global, -1: local */
-    int ret;
-
-    if (len == 0) {
-        return 0;  /* trivial length */
-    }
-
-    last = start + len - 1;
-    if (last < start) {
-        return -1; /* wrap around */
-    }
-
-    locked = have_mmap_lock();
-    while (true) {
-        PageFlagsNode *p = pageflags_find(start, last);
-        int missing;
-
-        if (!p) {
-            if (!locked) {
-                /*
-                 * Lockless lookups have false negatives.
-                 * Retry with the lock held.
-                 */
-                mmap_lock();
-                locked = -1;
-                p = pageflags_find(start, last);
-            }
-            if (!p) {
-                ret = -1; /* entire region invalid */
-                break;
-            }
-        }
-        if (start < p->itree.start) {
-            ret = -1; /* initial bytes invalid */
-            break;
-        }
-
-        missing = flags & ~p->flags;
-        if (missing & PAGE_READ) {
-            ret = -1; /* page not readable */
-            break;
-        }
-        if (missing & PAGE_WRITE) {
-            if (!(p->flags & PAGE_WRITE_ORG)) {
-                ret = -1; /* page not writable */
-                break;
-            }
-            /* Asking about writable, but has been protected: undo. */
-            if (!page_unprotect(start, 0)) {
-                ret = -1;
-                break;
-            }
-            /* TODO: page_unprotect should take a range, not a single page. */
-            if (last - start < TARGET_PAGE_SIZE) {
-                ret = 0; /* ok */
-                break;
-            }
-            start += TARGET_PAGE_SIZE;
-            continue;
-        }
-
-        if (last <= p->itree.last) {
-            ret = 0; /* ok */
-            break;
-        }
-        start = p->itree.last + 1;
-    }
-
-    /* Release the lock if acquired locally. */
-    if (locked < 0) {
-        mmap_unlock();
-    }
-    return ret;
-}
-
-void page_protect(tb_page_addr_t address)
-{
-    PageFlagsNode *p;
-    target_ulong start, last;
-    int prot;
-
-    assert_memory_lock();
-
-    if (qemu_host_page_size <= TARGET_PAGE_SIZE) {
-        start = address & TARGET_PAGE_MASK;
-        last = start + TARGET_PAGE_SIZE - 1;
-    } else {
-        start = address & qemu_host_page_mask;
-        last = start + qemu_host_page_size - 1;
-    }
-
-    p = pageflags_find(start, last);
-    if (!p) {
-        return;
-    }
-    prot = p->flags;
-
-    if (unlikely(p->itree.last < last)) {
-        /* More than one protection region covers the one host page. */
-        assert(TARGET_PAGE_SIZE < qemu_host_page_size);
-        while ((p = pageflags_next(p, start, last)) != NULL) {
-            prot |= p->flags;
-        }
-    }
-
-    if (prot & PAGE_WRITE) {
-        pageflags_set_clear(start, last, 0, PAGE_WRITE);
-        mprotect(g2h_untagged(start), qemu_host_page_size,
-                 prot & (PAGE_READ | PAGE_EXEC) ? PROT_READ : PROT_NONE);
-    }
-}
-
-/*
- * Called from signal handler: invalidate the code and unprotect the
- * page. Return 0 if the fault was not handled, 1 if it was handled,
- * and 2 if it was handled but the caller must cause the TB to be
- * immediately exited. (We can only return 2 if the 'pc' argument is
- * non-zero.)
- */
-int page_unprotect(target_ulong address, uintptr_t pc)
-{
-    PageFlagsNode *p;
-    bool current_tb_invalidated;
-
-    /*
-     * Technically this isn't safe inside a signal handler.  However we
-     * know this only ever happens in a synchronous SEGV handler, so in
-     * practice it seems to be ok.
-     */
-    mmap_lock();
-
-    p = pageflags_find(address, address);
-
-    /* If this address was not really writable, nothing to do. */
-    if (!p || !(p->flags & PAGE_WRITE_ORG)) {
-        mmap_unlock();
-        return 0;
-    }
-
-    current_tb_invalidated = false;
-    if (p->flags & PAGE_WRITE) {
-        /*
-         * If the page is actually marked WRITE then assume this is because
-         * this thread raced with another one which got here first and
-         * set the page to PAGE_WRITE and did the TB invalidate for us.
-         */
-#ifdef TARGET_HAS_PRECISE_SMC
-        TranslationBlock *current_tb = tcg_tb_lookup(pc);
-        if (current_tb) {
-            current_tb_invalidated = tb_cflags(current_tb) & CF_INVALID;
-        }
-#endif
-    } else {
-        target_ulong start, len, i;
-        int prot;
-
-        if (qemu_host_page_size <= TARGET_PAGE_SIZE) {
-            start = address & TARGET_PAGE_MASK;
-            len = TARGET_PAGE_SIZE;
-            prot = p->flags | PAGE_WRITE;
-            pageflags_set_clear(start, start + len - 1, PAGE_WRITE, 0);
-            current_tb_invalidated = tb_invalidate_phys_page_unwind(start, pc);
-        } else {
-            start = address & qemu_host_page_mask;
-            len = qemu_host_page_size;
-            prot = 0;
-
-            for (i = 0; i < len; i += TARGET_PAGE_SIZE) {
-                target_ulong addr = start + i;
-
-                p = pageflags_find(addr, addr);
-                if (p) {
-                    prot |= p->flags;
-                    if (p->flags & PAGE_WRITE_ORG) {
-                        prot |= PAGE_WRITE;
-                        pageflags_set_clear(addr, addr + TARGET_PAGE_SIZE - 1,
-                                            PAGE_WRITE, 0);
-                    }
-                }
-                /*
-                 * Since the content will be modified, we must invalidate
-                 * the corresponding translated code.
-                 */
-                current_tb_invalidated |=
-                    tb_invalidate_phys_page_unwind(addr, pc);
-            }
-        }
-        if (prot & PAGE_EXEC) {
-            prot = (prot & ~PAGE_EXEC) | PAGE_READ;
-        }
-        mprotect((void *)g2h_untagged(start), len, prot & PAGE_BITS);
-    }
-    mmap_unlock();
-
-    /* If current TB was invalidated return to main loop */
-    return current_tb_invalidated ? 2 : 1;
-}
-
 static int probe_access_internal(CPUArchState *env, target_ulong addr,
                                  int fault_size, MMUAccessType access_type,
                                  bool nonfault, uintptr_t ra)
@@ -759,14 +173,13 @@ static int probe_access_internal(CPUArchState *env, target_ulong addr,
     cpu_loop_exit_sigsegv(env_cpu(env), addr, access_type, maperr, ra);
 }
 
-int probe_access_flags(CPUArchState *env, target_ulong addr, int size,
+int probe_access_flags(CPUArchState *env, target_ulong addr,
                        MMUAccessType access_type, int mmu_idx,
                        bool nonfault, void **phost, uintptr_t ra)
 {
     int flags;
 
-    g_assert(-(addr | TARGET_PAGE_MASK) >= size);
-    flags = probe_access_internal(env, addr, size, access_type, nonfault, ra);
+    flags = probe_access_internal(env, addr, 0, access_type, nonfault, ra);
     *phost = flags ? NULL : g2h(env_cpu(env), addr);
     return flags;
 }
@@ -797,95 +210,47 @@ tb_page_addr_t get_page_addr_code_hostp(CPUArchState *env, target_ulong addr,
     return addr;
 }
 
-#ifdef TARGET_PAGE_DATA_SIZE
-/*
- * Allocate chunks of target data together.  For the only current user,
- * if we allocate one hunk per page, we have overhead of 40/128 or 40%.
- * Therefore, allocate memory for 64 pages at a time for overhead < 1%.
- */
-#define TPD_PAGES  64
-#define TBD_MASK   (TARGET_PAGE_MASK * TPD_PAGES)
-
-typedef struct TargetPageDataNode {
-    struct rcu_head rcu;
-    IntervalTreeNode itree;
-    char data[TPD_PAGES][TARGET_PAGE_DATA_SIZE] __attribute__((aligned));
-} TargetPageDataNode;
-
-static IntervalTreeRoot targetdata_root;
-
-void page_reset_target_data(target_ulong start, target_ulong last)
+void page_reset_target_data(target_ulong start, target_ulong end)
 {
-    IntervalTreeNode *n, *next;
+#ifdef TARGET_PAGE_DATA_SIZE
+    target_ulong addr, len;
 
+    /*
+     * This function should never be called with addresses outside the
+     * guest address space.  If this assert fires, it probably indicates
+     * a missing call to h2g_valid.
+     */
+    assert(end - 1 <= GUEST_ADDR_MAX);
+    assert(start < end);
     assert_memory_lock();
 
-    start &= TARGET_PAGE_MASK;
-    last |= ~TARGET_PAGE_MASK;
+    start = start & TARGET_PAGE_MASK;
+    end = TARGET_PAGE_ALIGN(end);
 
-    for (n = interval_tree_iter_first(&targetdata_root, start, last),
-         next = n ? interval_tree_iter_next(n, start, last) : NULL;
-         n != NULL;
-         n = next,
-         next = next ? interval_tree_iter_next(n, start, last) : NULL) {
-        target_ulong n_start, n_last, p_ofs, p_len;
-        TargetPageDataNode *t = container_of(n, TargetPageDataNode, itree);
+    for (addr = start, len = end - start;
+         len != 0;
+         len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
+        PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
 
-        if (n->start >= start && n->last <= last) {
-            interval_tree_remove(n, &targetdata_root);
-            g_free_rcu(t, rcu);
-            continue;
-        }
-
-        if (n->start < start) {
-            n_start = start;
-            p_ofs = (start - n->start) >> TARGET_PAGE_BITS;
-        } else {
-            n_start = n->start;
-            p_ofs = 0;
-        }
-        n_last = MIN(last, n->last);
-        p_len = (n_last + 1 - n_start) >> TARGET_PAGE_BITS;
-
-        memset(t->data[p_ofs], 0, p_len * TARGET_PAGE_DATA_SIZE);
+        g_free(p->target_data);
+        p->target_data = NULL;
     }
+#endif
 }
 
+#ifdef TARGET_PAGE_DATA_SIZE
 void *page_get_target_data(target_ulong address)
 {
-    IntervalTreeNode *n;
-    TargetPageDataNode *t;
-    target_ulong page, region;
+    PageDesc *p = page_find(address >> TARGET_PAGE_BITS);
+    void *ret = p->target_data;
 
-    page = address & TARGET_PAGE_MASK;
-    region = address & TBD_MASK;
-
-    n = interval_tree_iter_first(&targetdata_root, page, page);
-    if (!n) {
-        /*
-         * See util/interval-tree.c re lockless lookups: no false positives
-         * but there are false negatives.  If we find nothing, retry with
-         * the mmap lock acquired.  We also need the lock for the
-         * allocation + insert.
-         */
-        mmap_lock();
-        n = interval_tree_iter_first(&targetdata_root, page, page);
-        if (!n) {
-            t = g_new0(TargetPageDataNode, 1);
-            n = &t->itree;
-            n->start = region;
-            n->last = region | ~TBD_MASK;
-            interval_tree_insert(n, &targetdata_root);
-        }
-        mmap_unlock();
+    if (!ret) {
+        ret = g_malloc0(TARGET_PAGE_DATA_SIZE);
+        p->target_data = ret;
     }
-
-    t = container_of(n, TargetPageDataNode, itree);
-    return t->data[(page - region) >> TARGET_PAGE_BITS];
+    return ret;
 }
-#else
-void page_reset_target_data(target_ulong start, target_ulong last) { }
-#endif /* TARGET_PAGE_DATA_SIZE */
+#endif
 
 /* The softmmu versions of these helpers are in cputlb.c.  */
 
@@ -1029,42 +394,6 @@ uint64_t cpu_ldq_le_mmu(CPUArchState *env, abi_ptr addr,
     return ret;
 }
 
-Int128 cpu_ld16_be_mmu(CPUArchState *env, abi_ptr addr,
-                       MemOpIdx oi, uintptr_t ra)
-{
-    void *haddr;
-    Int128 ret;
-
-    validate_memop(oi, MO_128 | MO_BE);
-    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
-    memcpy(&ret, haddr, 16);
-    clear_helper_retaddr();
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
-
-    if (!HOST_BIG_ENDIAN) {
-        ret = bswap128(ret);
-    }
-    return ret;
-}
-
-Int128 cpu_ld16_le_mmu(CPUArchState *env, abi_ptr addr,
-                       MemOpIdx oi, uintptr_t ra)
-{
-    void *haddr;
-    Int128 ret;
-
-    validate_memop(oi, MO_128 | MO_LE);
-    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
-    memcpy(&ret, haddr, 16);
-    clear_helper_retaddr();
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
-
-    if (HOST_BIG_ENDIAN) {
-        ret = bswap128(ret);
-    }
-    return ret;
-}
-
 void cpu_stb_mmu(CPUArchState *env, abi_ptr addr, uint8_t val,
                  MemOpIdx oi, uintptr_t ra)
 {
@@ -1149,36 +478,6 @@ void cpu_stq_le_mmu(CPUArchState *env, abi_ptr addr, uint64_t val,
     qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
-void cpu_st16_be_mmu(CPUArchState *env, abi_ptr addr,
-                     Int128 val, MemOpIdx oi, uintptr_t ra)
-{
-    void *haddr;
-
-    validate_memop(oi, MO_128 | MO_BE);
-    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
-    if (!HOST_BIG_ENDIAN) {
-        val = bswap128(val);
-    }
-    memcpy(haddr, &val, 16);
-    clear_helper_retaddr();
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
-}
-
-void cpu_st16_le_mmu(CPUArchState *env, abi_ptr addr,
-                     Int128 val, MemOpIdx oi, uintptr_t ra)
-{
-    void *haddr;
-
-    validate_memop(oi, MO_128 | MO_LE);
-    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
-    if (HOST_BIG_ENDIAN) {
-        val = bswap128(val);
-    }
-    memcpy(haddr, &val, 16);
-    clear_helper_retaddr();
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
-}
-
 uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr ptr)
 {
     uint32_t ret;

accel/xen/xen-all.c

@@ -12,7 +12,6 @@
 #include "qemu/error-report.h"
 #include "qemu/module.h"
 #include "qapi/error.h"
-#include "hw/xen/xen_native.h"
 #include "hw/xen/xen-legacy-backend.h"
 #include "hw/xen/xen_pt.h"
 #include "chardev/char.h"
@@ -24,18 +23,99 @@
 #include "migration/global_state.h"
 #include "hw/boards.h"
 
+//#define DEBUG_XEN
+
+#ifdef DEBUG_XEN
+#define DPRINTF(fmt, ...) \
+    do { fprintf(stderr, "xen: " fmt, ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) \
+    do { } while (0)
+#endif
+
 bool xen_allowed;
 
 xc_interface *xen_xc;
 xenforeignmemory_handle *xen_fmem;
 xendevicemodel_handle *xen_dmod;
 
-static void xenstore_record_dm_state(const char *state)
+static int store_dev_info(int domid, Chardev *cs, const char *string)
+{
+    struct xs_handle *xs = NULL;
+    char *path = NULL;
+    char *newpath = NULL;
+    char *pts = NULL;
+    int ret = -1;
+
+    /* Only continue if we're talking to a pty. */
+    if (!CHARDEV_IS_PTY(cs)) {
+        return 0;
+    }
+    pts = cs->filename + 4;
+
+    /* We now have everything we need to set the xenstore entry. */
+    xs = xs_open(0);
+    if (xs == NULL) {
+        fprintf(stderr, "Could not contact XenStore\n");
+        goto out;
+    }
+
+    path = xs_get_domain_path(xs, domid);
+    if (path == NULL) {
+        fprintf(stderr, "xs_get_domain_path() error\n");
+        goto out;
+    }
+    newpath = realloc(path, (strlen(path) + strlen(string) +
+                strlen("/tty") + 1));
+    if (newpath == NULL) {
+        fprintf(stderr, "realloc error\n");
+        goto out;
+    }
+    path = newpath;
+
+    strcat(path, string);
+    strcat(path, "/tty");
+    if (!xs_write(xs, XBT_NULL, path, pts, strlen(pts))) {
+        fprintf(stderr, "xs_write for '%s' fail", string);
+        goto out;
+    }
+    ret = 0;
+
+out:
+    free(path);
+    xs_close(xs);
+
+    return ret;
+}
+
+void xenstore_store_pv_console_info(int i, Chardev *chr)
+{
+    if (i == 0) {
+        store_dev_info(xen_domid, chr, "/console");
+    } else {
+        char buf[32];
+        snprintf(buf, sizeof(buf), "/device/console/%d", i);
+        store_dev_info(xen_domid, chr, buf);
+    }
+}
+
+
+static void xenstore_record_dm_state(struct xs_handle *xs, const char *state)
 {
     char path[50];
 
+    if (xs == NULL) {
+        error_report("xenstore connection not initialized");
+        exit(1);
+    }
+
     snprintf(path, sizeof (path), "device-model/%u/state", xen_domid);
-    if (!qemu_xen_xs_write(xenstore, XBT_NULL, path, state, strlen(state))) {
+    /*
+     * This call may fail when running restricted so don't make it fatal in
+     * that case. Toolstacks should instead use QMP to listen for state changes.
+     */
+    if (!xs_write(xs, XBT_NULL, path, state, strlen(state)) &&
+            !xen_domid_restrict) {
         error_report("error recording dm state");
         exit(1);
     }
@@ -47,7 +127,7 @@ static void xen_change_state_handler(void *opaque, bool running,
 {
     if (running) {
         /* record state running */
-        xenstore_record_dm_state("running");
+        xenstore_record_dm_state(xenstore, "running");
     }
 }
 
@@ -96,21 +176,11 @@ static int xen_init(MachineState *ms)
         xc_interface_close(xen_xc);
         return -1;
     }
-
-    /*
-     * The XenStore write would fail when running restricted so don't attempt
-     * it in that case. Toolstacks should instead use QMP to listen for state
-     * changes.
-     */
-    if (!xen_domid_restrict) {
-        qemu_add_vm_change_state_handler(xen_change_state_handler, NULL);
-    }
+    qemu_add_vm_change_state_handler(xen_change_state_handler, NULL);
     /*
      * opt out of system RAM being allocated by generic code
      */
     mc->default_ram_id = NULL;
-
-    xen_mode = XEN_ATTACH;
     return 0;
 }
 

audio/alsaaudio.c

@@ -222,7 +222,11 @@ static int alsa_poll_helper (snd_pcm_t *handle, struct pollhlp *hlp, int mask)
         return -1;
     }
 
-    pfds = g_new0(struct pollfd, count);
+    pfds = audio_calloc ("alsa_poll_helper", count, sizeof (*pfds));
+    if (!pfds) {
+        dolog ("Could not initialize poll mode\n");
+        return -1;
+    }
 
     err = snd_pcm_poll_descriptors (handle, pfds, count);
     if (err < 0) {
@@ -445,7 +449,7 @@ static int alsa_open(bool in, struct alsa_params_req *req,
     snd_pcm_hw_params_t *hw_params;
     int err;
     unsigned int freq, nchannels;
-    const char *pcm_name = apdo->dev ?: "default";
+    const char *pcm_name = apdo->has_dev ? apdo->dev : "default";
     snd_pcm_uframes_t obt_buffer_size;
     const char *typ = in ? "ADC" : "DAC";
     snd_pcm_format_t obtfmt;
@@ -913,23 +917,28 @@ static void *alsa_audio_init(Audiodev *dev)
     alsa_init_per_direction(aopts->in);
     alsa_init_per_direction(aopts->out);
 
-    /* don't set has_* so alsa_open can identify it wasn't set by the user */
+    /*
+     * need to define them, as otherwise alsa produces no sound
+     * doesn't set has_* so alsa_open can identify it wasn't set by the user
+     */
     if (!dev->u.alsa.out->has_period_length) {
-        /* 256 frames assuming 44100Hz */
-        dev->u.alsa.out->period_length = 5805;
+        /* 1024 frames assuming 44100Hz */
+        dev->u.alsa.out->period_length = 1024 * 1000000 / 44100;
     }
     if (!dev->u.alsa.out->has_buffer_length) {
         /* 4096 frames assuming 44100Hz */
-        dev->u.alsa.out->buffer_length = 92880;
+        dev->u.alsa.out->buffer_length = 4096ll * 1000000 / 44100;
     }
 
+    /*
+     * OptsVisitor sets unspecified optional fields to zero, but do not depend
+     * on it...
+     */
     if (!dev->u.alsa.in->has_period_length) {
-        /* 256 frames assuming 44100Hz */
-        dev->u.alsa.in->period_length = 5805;
+        dev->u.alsa.in->period_length = 0;
     }
     if (!dev->u.alsa.in->has_buffer_length) {
-        /* 4096 frames assuming 44100Hz */
-        dev->u.alsa.in->buffer_length = 92880;
+        dev->u.alsa.in->buffer_length = 0;
     }
 
     return dev;

audio/audio-hmp-cmds.c

@@ -1,83 +0,0 @@
-/*
- * HMP commands related to audio backends
- *
- * Copyright (c) 2003-2004 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "qemu/osdep.h"
-#include "audio/audio.h"
-#include "monitor/hmp.h"
-#include "monitor/monitor.h"
-#include "qapi/qmp/qdict.h"
-
-static QLIST_HEAD (capture_list_head, CaptureState) capture_head;
-
-void hmp_info_capture(Monitor *mon, const QDict *qdict)
-{
-    int i;
-    CaptureState *s;
-
-    for (s = capture_head.lh_first, i = 0; s; s = s->entries.le_next, ++i) {
-        monitor_printf(mon, "[%d]: ", i);
-        s->ops.info (s->opaque);
-    }
-}
-
-void hmp_stopcapture(Monitor *mon, const QDict *qdict)
-{
-    int i;
-    int n = qdict_get_int(qdict, "n");
-    CaptureState *s;
-
-    for (s = capture_head.lh_first, i = 0; s; s = s->entries.le_next, ++i) {
-        if (i == n) {
-            s->ops.destroy (s->opaque);
-            QLIST_REMOVE (s, entries);
-            g_free (s);
-            return;
-        }
-    }
-}
-
-void hmp_wavcapture(Monitor *mon, const QDict *qdict)
-{
-    const char *path = qdict_get_str(qdict, "path");
-    int freq = qdict_get_try_int(qdict, "freq", 44100);
-    int bits = qdict_get_try_int(qdict, "bits", 16);
-    int nchannels = qdict_get_try_int(qdict, "nchannels", 2);
-    const char *audiodev = qdict_get_str(qdict, "audiodev");
-    CaptureState *s;
-    AudioState *as = audio_state_by_name(audiodev);
-
-    if (!as) {
-        monitor_printf(mon, "Audiodev '%s' not found\n", audiodev);
-        return;
-    }
-
-    s = g_malloc0 (sizeof (*s));
-
-    if (wav_start_capture(as, s, path, freq, bits, nchannels)) {
-        monitor_printf(mon, "Failed to add wave capture\n");
-        g_free (s);
-        return;
-    }
-    QLIST_INSERT_HEAD (&capture_head, s, entries);
-}

audio/audio.c

@@ -28,12 +28,9 @@
 #include "monitor/monitor.h"
 #include "qemu/timer.h"
 #include "qapi/error.h"
-#include "qapi/clone-visitor.h"
 #include "qapi/qobject-input-visitor.h"
 #include "qapi/qapi-visit-audio.h"
-#include "qapi/qapi-commands-audio.h"
 #include "qemu/cutils.h"
-#include "qemu/log.h"
 #include "qemu/module.h"
 #include "qemu/help_option.h"
 #include "sysemu/sysemu.h"
@@ -149,6 +146,26 @@ static inline int audio_bits_to_index (int bits)
     }
 }
 
+void *audio_calloc (const char *funcname, int nmemb, size_t size)
+{
+    int cond;
+    size_t len;
+
+    len = nmemb * size;
+    cond = !nmemb || !size;
+    cond |= nmemb < 0;
+    cond |= len < size;
+
+    if (audio_bug ("audio_calloc", cond)) {
+        AUD_log (NULL, "%s passed invalid arguments to audio_calloc\n",
+                 funcname);
+        AUD_log (NULL, "nmemb=%d size=%zu (len=%zu)\n", nmemb, size, len);
+        return NULL;
+    }
+
+    return g_malloc0 (len);
+}
+
 void AUD_vlog (const char *cap, const char *fmt, va_list ap)
 {
     if (cap) {
@@ -381,6 +398,13 @@ void audio_pcm_info_clear_buf (struct audio_pcm_info *info, void *buf, int len)
 /*
  * Capture
  */
+static void noop_conv (struct st_sample *dst, const void *src, int samples)
+{
+    (void) src;
+    (void) dst;
+    (void) samples;
+}
+
 static CaptureVoiceOut *audio_pcm_capture_find_specific(AudioState *s,
                                                         struct audsettings *as)
 {
@@ -478,8 +502,15 @@ static int audio_attach_capture (HWVoiceOut *hw)
         sw->info = hw->info;
         sw->empty = 1;
         sw->active = hw->enabled;
+        sw->conv = noop_conv;
+        sw->ratio = ((int64_t) hw_cap->info.freq << 32) / sw->info.freq;
         sw->vol = nominal_volume;
         sw->rate = st_rate_start (sw->info.freq, hw_cap->info.freq);
+        if (!sw->rate) {
+            dolog ("Could not start rate conversion for `%s'\n", SW_NAME (sw));
+            g_free (sw);
+            return -1;
+        }
         QLIST_INSERT_HEAD (&hw_cap->sw_head, sw, entries);
         QLIST_INSERT_HEAD (&hw->cap_head, sc, entries);
 #ifdef DEBUG_CAPTURE
@@ -514,8 +545,8 @@ static size_t audio_pcm_hw_find_min_in (HWVoiceIn *hw)
 static size_t audio_pcm_hw_get_live_in(HWVoiceIn *hw)
 {
     size_t live = hw->total_samples_captured - audio_pcm_hw_find_min_in (hw);
-    if (audio_bug(__func__, live > hw->conv_buf.size)) {
-        dolog("live=%zu hw->conv_buf.size=%zu\n", live, hw->conv_buf.size);
+    if (audio_bug(__func__, live > hw->conv_buf->size)) {
+        dolog("live=%zu hw->conv_buf->size=%zu\n", live, hw->conv_buf->size);
         return 0;
     }
     return live;
@@ -524,13 +555,13 @@ static size_t audio_pcm_hw_get_live_in(HWVoiceIn *hw)
 static size_t audio_pcm_hw_conv_in(HWVoiceIn *hw, void *pcm_buf, size_t samples)
 {
     size_t conv = 0;
-    STSampleBuffer *conv_buf = &hw->conv_buf;
+    STSampleBuffer *conv_buf = hw->conv_buf;
 
     while (samples) {
         uint8_t *src = advance(pcm_buf, conv * hw->info.bytes_per_frame);
         size_t proc = MIN(samples, conv_buf->size - conv_buf->pos);
 
-        hw->conv(conv_buf->buffer + conv_buf->pos, src, proc);
+        hw->conv(conv_buf->samples + conv_buf->pos, src, proc);
         conv_buf->pos = (conv_buf->pos + proc) % conv_buf->size;
         samples -= proc;
         conv += proc;
@@ -542,65 +573,56 @@ static size_t audio_pcm_hw_conv_in(HWVoiceIn *hw, void *pcm_buf, size_t samples)
 /*
  * Soft voice (capture)
  */
-static void audio_pcm_sw_resample_in(SWVoiceIn *sw,
-    size_t frames_in_max, size_t frames_out_max,
-    size_t *total_in, size_t *total_out)
+static size_t audio_pcm_sw_read(SWVoiceIn *sw, void *buf, size_t size)
 {
     HWVoiceIn *hw = sw->hw;
-    struct st_sample *src, *dst;
-    size_t live, rpos, frames_in, frames_out;
-
-    live = hw->total_samples_captured - sw->total_hw_samples_acquired;
-    rpos = audio_ring_posb(hw->conv_buf.pos, live, hw->conv_buf.size);
-
-    /* resample conv_buf from rpos to end of buffer */
-    src = hw->conv_buf.buffer + rpos;
-    frames_in = MIN(frames_in_max, hw->conv_buf.size - rpos);
-    dst = sw->resample_buf.buffer;
-    frames_out = frames_out_max;
-    st_rate_flow(sw->rate, src, dst, &frames_in, &frames_out);
-    rpos += frames_in;
-    *total_in = frames_in;
-    *total_out = frames_out;
-
-    /* resample conv_buf from start of buffer if there are input frames left */
-    if (frames_in_max - frames_in && rpos == hw->conv_buf.size) {
-        src = hw->conv_buf.buffer;
-        frames_in = frames_in_max - frames_in;
-        dst += frames_out;
-        frames_out = frames_out_max - frames_out;
-        st_rate_flow(sw->rate, src, dst, &frames_in, &frames_out);
-        *total_in += frames_in;
-        *total_out += frames_out;
-    }
-}
-
-static size_t audio_pcm_sw_read(SWVoiceIn *sw, void *buf, size_t buf_len)
-{
-    HWVoiceIn *hw = sw->hw;
-    size_t live, frames_out_max, total_in, total_out;
+    size_t samples, live, ret = 0, swlim, isamp, osamp, rpos, total = 0;
+    struct st_sample *src, *dst = sw->buf;
 
     live = hw->total_samples_captured - sw->total_hw_samples_acquired;
     if (!live) {
         return 0;
     }
-    if (audio_bug(__func__, live > hw->conv_buf.size)) {
-        dolog("live_in=%zu hw->conv_buf.size=%zu\n", live, hw->conv_buf.size);
+    if (audio_bug(__func__, live > hw->conv_buf->size)) {
+        dolog("live_in=%zu hw->conv_buf->size=%zu\n", live, hw->conv_buf->size);
         return 0;
     }
 
-    frames_out_max = MIN(buf_len / sw->info.bytes_per_frame,
-                         sw->resample_buf.size);
+    rpos = audio_ring_posb(hw->conv_buf->pos, live, hw->conv_buf->size);
 
-    audio_pcm_sw_resample_in(sw, live, frames_out_max, &total_in, &total_out);
+    samples = size / sw->info.bytes_per_frame;
+
+    swlim = (live * sw->ratio) >> 32;
+    swlim = MIN (swlim, samples);
+
+    while (swlim) {
+        src = hw->conv_buf->samples + rpos;
+        if (hw->conv_buf->pos > rpos) {
+            isamp = hw->conv_buf->pos - rpos;
+        } else {
+            isamp = hw->conv_buf->size - rpos;
+        }
+
+        if (!isamp) {
+            break;
+        }
+        osamp = swlim;
+
+        st_rate_flow (sw->rate, src, dst, &isamp, &osamp);
+        swlim -= osamp;
+        rpos = (rpos + isamp) % hw->conv_buf->size;
+        dst += osamp;
+        ret += osamp;
+        total += isamp;
+    }
 
     if (!hw->pcm_ops->volume_in) {
-        mixeng_volume(sw->resample_buf.buffer, total_out, &sw->vol);
+        mixeng_volume (sw->buf, ret, &sw->vol);
     }
-    sw->clip(buf, sw->resample_buf.buffer, total_out);
 
-    sw->total_hw_samples_acquired += total_in;
-    return total_out * sw->info.bytes_per_frame;
+    sw->clip (buf, sw->buf, ret);
+    sw->total_hw_samples_acquired += total;
+    return ret * sw->info.bytes_per_frame;
 }
 
 /*
@@ -636,8 +658,8 @@ static size_t audio_pcm_hw_get_live_out (HWVoiceOut *hw, int *nb_live)
     if (nb_live1) {
         size_t live = smin;
 
-        if (audio_bug(__func__, live > hw->mix_buf.size)) {
-            dolog("live=%zu hw->mix_buf.size=%zu\n", live, hw->mix_buf.size);
+        if (audio_bug(__func__, live > hw->mix_buf->size)) {
+            dolog("live=%zu hw->mix_buf->size=%zu\n", live, hw->mix_buf->size);
             return 0;
         }
         return live;
@@ -654,17 +676,17 @@ static size_t audio_pcm_hw_get_free(HWVoiceOut *hw)
 static void audio_pcm_hw_clip_out(HWVoiceOut *hw, void *pcm_buf, size_t len)
 {
     size_t clipped = 0;
-    size_t pos = hw->mix_buf.pos;
+    size_t pos = hw->mix_buf->pos;
 
     while (len) {
-        st_sample *src = hw->mix_buf.buffer + pos;
+        st_sample *src = hw->mix_buf->samples + pos;
         uint8_t *dst = advance(pcm_buf, clipped * hw->info.bytes_per_frame);
-        size_t samples_till_end_of_buf = hw->mix_buf.size - pos;
+        size_t samples_till_end_of_buf = hw->mix_buf->size - pos;
         size_t samples_to_clip = MIN(len, samples_till_end_of_buf);
 
         hw->clip(dst, src, samples_to_clip);
 
-        pos = (pos + samples_to_clip) % hw->mix_buf.size;
+        pos = (pos + samples_to_clip) % hw->mix_buf->size;
         len -= samples_to_clip;
         clipped += samples_to_clip;
     }
@@ -673,113 +695,84 @@ static void audio_pcm_hw_clip_out(HWVoiceOut *hw, void *pcm_buf, size_t len)
 /*
  * Soft voice (playback)
  */
-static void audio_pcm_sw_resample_out(SWVoiceOut *sw,
-    size_t frames_in_max, size_t frames_out_max,
-    size_t *total_in, size_t *total_out)
+static size_t audio_pcm_sw_write(SWVoiceOut *sw, void *buf, size_t size)
 {
-    HWVoiceOut *hw = sw->hw;
-    struct st_sample *src, *dst;
-    size_t live, wpos, frames_in, frames_out;
+    size_t hwsamples, samples, isamp, osamp, wpos, live, dead, left, blck;
+    size_t hw_free;
+    size_t ret = 0, pos = 0, total = 0;
 
-    live = sw->total_hw_samples_mixed;
-    wpos = (hw->mix_buf.pos + live) % hw->mix_buf.size;
-
-    /* write to mix_buf from wpos to end of buffer */
-    src = sw->resample_buf.buffer;
-    frames_in = frames_in_max;
-    dst = hw->mix_buf.buffer + wpos;
-    frames_out = MIN(frames_out_max, hw->mix_buf.size - wpos);
-    st_rate_flow_mix(sw->rate, src, dst, &frames_in, &frames_out);
-    wpos += frames_out;
-    *total_in = frames_in;
-    *total_out = frames_out;
-
-    /* write to mix_buf from start of buffer if there are input frames left */
-    if (frames_in_max - frames_in > 0 && wpos == hw->mix_buf.size) {
-        src += frames_in;
-        frames_in = frames_in_max - frames_in;
-        dst = hw->mix_buf.buffer;
-        frames_out = frames_out_max - frames_out;
-        st_rate_flow_mix(sw->rate, src, dst, &frames_in, &frames_out);
-        *total_in += frames_in;
-        *total_out += frames_out;
+    if (!sw) {
+        return size;
     }
-}
 
-static size_t audio_pcm_sw_write(SWVoiceOut *sw, void *buf, size_t buf_len)
-{
-    HWVoiceOut *hw = sw->hw;
-    size_t live, dead, hw_free, sw_max, fe_max;
-    size_t frames_in_max, frames_out_max, total_in, total_out;
+    hwsamples = sw->hw->mix_buf->size;
 
     live = sw->total_hw_samples_mixed;
-    if (audio_bug(__func__, live > hw->mix_buf.size)) {
-        dolog("live=%zu hw->mix_buf.size=%zu\n", live, hw->mix_buf.size);
+    if (audio_bug(__func__, live > hwsamples)) {
+        dolog("live=%zu hw->mix_buf->size=%zu\n", live, hwsamples);
         return 0;
     }
 
-    if (live == hw->mix_buf.size) {
+    if (live == hwsamples) {
 #ifdef DEBUG_OUT
         dolog ("%s is full %zu\n", sw->name, live);
 #endif
         return 0;
     }
 
-    dead = hw->mix_buf.size - live;
-    hw_free = audio_pcm_hw_get_free(hw);
+    wpos = (sw->hw->mix_buf->pos + live) % hwsamples;
+
+    dead = hwsamples - live;
+    hw_free = audio_pcm_hw_get_free(sw->hw);
     hw_free = hw_free > live ? hw_free - live : 0;
-    frames_out_max = MIN(dead, hw_free);
-    sw_max = st_rate_frames_in(sw->rate, frames_out_max);
-    fe_max = MIN(buf_len / sw->info.bytes_per_frame + sw->resample_buf.pos,
-                 sw->resample_buf.size);
-    frames_in_max = MIN(sw_max, fe_max);
+    samples = ((int64_t)MIN(dead, hw_free) << 32) / sw->ratio;
+    samples = MIN(samples, size / sw->info.bytes_per_frame);
+    if (samples) {
+        sw->conv(sw->buf, buf, samples);
 
-    if (!frames_in_max) {
-        return 0;
-    }
-
-    if (frames_in_max > sw->resample_buf.pos) {
-        sw->conv(sw->resample_buf.buffer + sw->resample_buf.pos,
-                 buf, frames_in_max - sw->resample_buf.pos);
         if (!sw->hw->pcm_ops->volume_out) {
-            mixeng_volume(sw->resample_buf.buffer + sw->resample_buf.pos,
-                          frames_in_max - sw->resample_buf.pos, &sw->vol);
+            mixeng_volume(sw->buf, samples, &sw->vol);
         }
     }
 
-    audio_pcm_sw_resample_out(sw, frames_in_max, frames_out_max,
-                              &total_in, &total_out);
-
-    sw->total_hw_samples_mixed += total_out;
-    sw->empty = sw->total_hw_samples_mixed == 0;
-
-    /*
-     * Upsampling may leave one audio frame in the resample buffer. Decrement
-     * total_in by one if there was a leftover frame from the previous resample
-     * pass in the resample buffer. Increment total_in by one if the current
-     * resample pass left one frame in the resample buffer.
-     */
-    if (frames_in_max - total_in == 1) {
-        /* copy one leftover audio frame to the beginning of the buffer */
-        *sw->resample_buf.buffer = *(sw->resample_buf.buffer + total_in);
-        total_in += 1 - sw->resample_buf.pos;
-        sw->resample_buf.pos = 1;
-    } else if (total_in >= sw->resample_buf.pos) {
-        total_in -= sw->resample_buf.pos;
-        sw->resample_buf.pos = 0;
+    while (samples) {
+        dead = hwsamples - live;
+        left = hwsamples - wpos;
+        blck = MIN (dead, left);
+        if (!blck) {
+            break;
+        }
+        isamp = samples;
+        osamp = blck;
+        st_rate_flow_mix (
+            sw->rate,
+            sw->buf + pos,
+            sw->hw->mix_buf->samples + wpos,
+            &isamp,
+            &osamp
+            );
+        ret += isamp;
+        samples -= isamp;
+        pos += isamp;
+        live += osamp;
+        wpos = (wpos + osamp) % hwsamples;
+        total += osamp;
     }
 
+    sw->total_hw_samples_mixed += total;
+    sw->empty = sw->total_hw_samples_mixed == 0;
+
 #ifdef DEBUG_OUT
     dolog (
-        "%s: write size %zu written %zu total mixed %zu\n",
-        SW_NAME(sw),
-        buf_len / sw->info.bytes_per_frame,
-        total_in,
+        "%s: write size %zu ret %zu total sw %zu\n",
+        SW_NAME (sw),
+        size / sw->info.bytes_per_frame,
+        ret,
         sw->total_hw_samples_mixed
         );
 #endif
 
-    return total_in * sw->info.bytes_per_frame;
+    return ret * sw->info.bytes_per_frame;
 }
 
 #ifdef DEBUG_AUDIO
@@ -997,6 +990,18 @@ void AUD_set_active_in (SWVoiceIn *sw, int on)
     }
 }
 
+/**
+ * audio_frontend_frames_in() - returns the number of frames the resampling
+ * code generates from frames_in frames
+ *
+ * @sw: audio recording frontend
+ * @frames_in: number of frames
+ */
+static size_t audio_frontend_frames_in(SWVoiceIn *sw, size_t frames_in)
+{
+    return (int64_t)frames_in * sw->ratio >> 32;
+}
+
 static size_t audio_get_avail (SWVoiceIn *sw)
 {
     size_t live;
@@ -1006,21 +1011,33 @@ static size_t audio_get_avail (SWVoiceIn *sw)
     }
 
     live = sw->hw->total_samples_captured - sw->total_hw_samples_acquired;
-    if (audio_bug(__func__, live > sw->hw->conv_buf.size)) {
-        dolog("live=%zu sw->hw->conv_buf.size=%zu\n", live,
-              sw->hw->conv_buf.size);
+    if (audio_bug(__func__, live > sw->hw->conv_buf->size)) {
+        dolog("live=%zu sw->hw->conv_buf->size=%zu\n", live,
+              sw->hw->conv_buf->size);
         return 0;
     }
 
     ldebug (
-        "%s: get_avail live %zu frontend frames %u\n",
+        "%s: get_avail live %zu frontend frames %zu\n",
         SW_NAME (sw),
-        live, st_rate_frames_out(sw->rate, live)
+        live, audio_frontend_frames_in(sw, live)
         );
 
     return live;
 }
 
+/**
+ * audio_frontend_frames_out() - returns the number of frames needed to
+ * get frames_out frames after resampling
+ *
+ * @sw: audio playback frontend
+ * @frames_out: number of frames
+ */
+static size_t audio_frontend_frames_out(SWVoiceOut *sw, size_t frames_out)
+{
+    return ((int64_t)frames_out << 32) / sw->ratio;
+}
+
 static size_t audio_get_free(SWVoiceOut *sw)
 {
     size_t live, dead;
@@ -1031,17 +1048,17 @@ static size_t audio_get_free(SWVoiceOut *sw)
 
     live = sw->total_hw_samples_mixed;
 
-    if (audio_bug(__func__, live > sw->hw->mix_buf.size)) {
-        dolog("live=%zu sw->hw->mix_buf.size=%zu\n", live,
-              sw->hw->mix_buf.size);
+    if (audio_bug(__func__, live > sw->hw->mix_buf->size)) {
+        dolog("live=%zu sw->hw->mix_buf->size=%zu\n", live,
+              sw->hw->mix_buf->size);
         return 0;
     }
 
-    dead = sw->hw->mix_buf.size - live;
+    dead = sw->hw->mix_buf->size - live;
 
 #ifdef DEBUG_OUT
-    dolog("%s: get_free live %zu dead %zu frontend frames %u\n",
-          SW_NAME(sw), live, dead, st_rate_frames_in(sw->rate, dead));
+    dolog("%s: get_free live %zu dead %zu frontend frames %zu\n",
+          SW_NAME(sw), live, dead, audio_frontend_frames_out(sw, dead));
 #endif
 
     return dead;
@@ -1057,40 +1074,32 @@ static void audio_capture_mix_and_clear(HWVoiceOut *hw, size_t rpos,
 
         for (sc = hw->cap_head.lh_first; sc; sc = sc->entries.le_next) {
             SWVoiceOut *sw = &sc->sw;
-            size_t rpos2 = rpos;
+            int rpos2 = rpos;
 
             n = samples;
             while (n) {
-                size_t till_end_of_hw = hw->mix_buf.size - rpos2;
-                size_t to_read = MIN(till_end_of_hw, n);
-                size_t live, frames_in, frames_out;
+                size_t till_end_of_hw = hw->mix_buf->size - rpos2;
+                size_t to_write = MIN(till_end_of_hw, n);
+                size_t bytes = to_write * hw->info.bytes_per_frame;
+                size_t written;
 
-                sw->resample_buf.buffer = hw->mix_buf.buffer + rpos2;
-                sw->resample_buf.size = to_read;
-                live = sw->total_hw_samples_mixed;
-
-                audio_pcm_sw_resample_out(sw,
-                                          to_read, sw->hw->mix_buf.size - live,
-                                          &frames_in, &frames_out);
-
-                sw->total_hw_samples_mixed += frames_out;
-                sw->empty = sw->total_hw_samples_mixed == 0;
-
-                if (to_read - frames_in) {
-                    dolog("Could not mix %zu frames into a capture "
+                sw->buf = hw->mix_buf->samples + rpos2;
+                written = audio_pcm_sw_write (sw, NULL, bytes);
+                if (written - bytes) {
+                    dolog("Could not mix %zu bytes into a capture "
                           "buffer, mixed %zu\n",
-                          to_read, frames_in);
+                          bytes, written);
                     break;
                 }
-                n -= to_read;
-                rpos2 = (rpos2 + to_read) % hw->mix_buf.size;
+                n -= to_write;
+                rpos2 = (rpos2 + to_write) % hw->mix_buf->size;
             }
         }
     }
 
-    n = MIN(samples, hw->mix_buf.size - rpos);
-    mixeng_clear(hw->mix_buf.buffer + rpos, n);
-    mixeng_clear(hw->mix_buf.buffer, samples - n);
+    n = MIN(samples, hw->mix_buf->size - rpos);
+    mixeng_clear(hw->mix_buf->samples + rpos, n);
+    mixeng_clear(hw->mix_buf->samples, samples - n);
 }
 
 static size_t audio_pcm_hw_run_out(HWVoiceOut *hw, size_t live)
@@ -1116,7 +1125,7 @@ static size_t audio_pcm_hw_run_out(HWVoiceOut *hw, size_t live)
 
         live -= proc;
         clipped += proc;
-        hw->mix_buf.pos = (hw->mix_buf.pos + proc) % hw->mix_buf.size;
+        hw->mix_buf->pos = (hw->mix_buf->pos + proc) % hw->mix_buf->size;
 
         if (proc == 0 || proc < decr) {
             break;
@@ -1170,14 +1179,12 @@ static void audio_run_out (AudioState *s)
                 size_t free;
 
                 if (hw_free > sw->total_hw_samples_mixed) {
-                    free = st_rate_frames_in(sw->rate,
+                    free = audio_frontend_frames_out(sw,
                         MIN(sw_free, hw_free - sw->total_hw_samples_mixed));
                 } else {
                     free = 0;
                 }
-                if (free > sw->resample_buf.pos) {
-                    free = MIN(free, sw->resample_buf.size)
-                           - sw->resample_buf.pos;
+                if (free > 0) {
                     sw->callback.fn(sw->callback.opaque,
                                     free * sw->info.bytes_per_frame);
                 }
@@ -1189,8 +1196,8 @@ static void audio_run_out (AudioState *s)
             live = 0;
         }
 
-        if (audio_bug(__func__, live > hw->mix_buf.size)) {
-            dolog("live=%zu hw->mix_buf.size=%zu\n", live, hw->mix_buf.size);
+        if (audio_bug(__func__, live > hw->mix_buf->size)) {
+            dolog("live=%zu hw->mix_buf->size=%zu\n", live, hw->mix_buf->size);
             continue;
         }
 
@@ -1218,13 +1225,13 @@ static void audio_run_out (AudioState *s)
             continue;
         }
 
-        prev_rpos = hw->mix_buf.pos;
+        prev_rpos = hw->mix_buf->pos;
         played = audio_pcm_hw_run_out(hw, live);
         replay_audio_out(&played);
-        if (audio_bug(__func__, hw->mix_buf.pos >= hw->mix_buf.size)) {
-            dolog("hw->mix_buf.pos=%zu hw->mix_buf.size=%zu played=%zu\n",
-                  hw->mix_buf.pos, hw->mix_buf.size, played);
-            hw->mix_buf.pos = 0;
+        if (audio_bug(__func__, hw->mix_buf->pos >= hw->mix_buf->size)) {
+            dolog("hw->mix_buf->pos=%zu hw->mix_buf->size=%zu played=%zu\n",
+                  hw->mix_buf->pos, hw->mix_buf->size, played);
+            hw->mix_buf->pos = 0;
         }
 
 #ifdef DEBUG_OUT
@@ -1305,10 +1312,10 @@ static void audio_run_in (AudioState *s)
 
         if (replay_mode != REPLAY_MODE_PLAY) {
             captured = audio_pcm_hw_run_in(
-                hw, hw->conv_buf.size - audio_pcm_hw_get_live_in(hw));
+                hw, hw->conv_buf->size - audio_pcm_hw_get_live_in(hw));
         }
-        replay_audio_in(&captured, hw->conv_buf.buffer, &hw->conv_buf.pos,
-                        hw->conv_buf.size);
+        replay_audio_in(&captured, hw->conv_buf->samples, &hw->conv_buf->pos,
+                        hw->conv_buf->size);
 
         min = audio_pcm_hw_find_min_in (hw);
         hw->total_samples_captured += captured - min;
@@ -1321,9 +1328,8 @@ static void audio_run_in (AudioState *s)
                 size_t sw_avail = audio_get_avail(sw);
                 size_t avail;
 
-                avail = st_rate_frames_out(sw->rate, sw_avail);
+                avail = audio_frontend_frames_in(sw, sw_avail);
                 if (avail > 0) {
-                    avail = MIN(avail, sw->resample_buf.size);
                     sw->callback.fn(sw->callback.opaque,
                                     avail * sw->info.bytes_per_frame);
                 }
@@ -1342,14 +1348,14 @@ static void audio_run_capture (AudioState *s)
         SWVoiceOut *sw;
 
         captured = live = audio_pcm_hw_get_live_out (hw, NULL);
-        rpos = hw->mix_buf.pos;
+        rpos = hw->mix_buf->pos;
         while (live) {
-            size_t left = hw->mix_buf.size - rpos;
+            size_t left = hw->mix_buf->size - rpos;
             size_t to_capture = MIN(live, left);
             struct st_sample *src;
             struct capture_callback *cb;
 
-            src = hw->mix_buf.buffer + rpos;
+            src = hw->mix_buf->samples + rpos;
             hw->clip (cap->buf, src, to_capture);
             mixeng_clear (src, to_capture);
 
@@ -1357,10 +1363,10 @@ static void audio_run_capture (AudioState *s)
                 cb->ops.capture (cb->opaque, cap->buf,
                                  to_capture * hw->info.bytes_per_frame);
             }
-            rpos = (rpos + to_capture) % hw->mix_buf.size;
+            rpos = (rpos + to_capture) % hw->mix_buf->size;
             live -= to_capture;
         }
-        hw->mix_buf.pos = rpos;
+        hw->mix_buf->pos = rpos;
 
         for (sw = hw->sw_head.lh_first; sw; sw = sw->entries.le_next) {
             if (!sw->active && sw->empty) {
@@ -1919,7 +1925,7 @@ CaptureVoiceOut *AUD_add_capture(
 
         audio_pcm_init_info (&hw->info, as);
 
-        cap->buf = g_malloc0_n(hw->mix_buf.size, hw->info.bytes_per_frame);
+        cap->buf = g_malloc0_n(hw->mix_buf->size, hw->info.bytes_per_frame);
 
         if (hw->info.is_float) {
             hw->clip = mixeng_clip_float[hw->info.nchannels == 2];
@@ -1971,7 +1977,7 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
                     sw = sw1;
                 }
                 QLIST_REMOVE (cap, entries);
-                g_free(cap->hw.mix_buf.buffer);
+                g_free (cap->hw.mix_buf);
                 g_free (cap->buf);
                 g_free (cap);
             }
@@ -2029,47 +2035,29 @@ void audio_create_pdos(Audiodev *dev)
     switch (dev->driver) {
 #define CASE(DRIVER, driver, pdo_name)                              \
     case AUDIODEV_DRIVER_##DRIVER:                                  \
-        if (!dev->u.driver.in) {                                    \
+        if (!dev->u.driver.has_in) {                                \
             dev->u.driver.in = g_malloc0(                           \
                 sizeof(Audiodev##pdo_name##PerDirectionOptions));   \
+            dev->u.driver.has_in = true;                            \
         }                                                           \
-        if (!dev->u.driver.out) {                                   \
+        if (!dev->u.driver.has_out) {                               \
             dev->u.driver.out = g_malloc0(                          \
                 sizeof(Audiodev##pdo_name##PerDirectionOptions));   \
+            dev->u.driver.has_out = true;                           \
         }                                                           \
         break
 
         CASE(NONE, none, );
-#ifdef CONFIG_AUDIO_ALSA
         CASE(ALSA, alsa, Alsa);
-#endif
-#ifdef CONFIG_AUDIO_COREAUDIO
         CASE(COREAUDIO, coreaudio, Coreaudio);
-#endif
-#ifdef CONFIG_DBUS_DISPLAY
         CASE(DBUS, dbus, );
-#endif
-#ifdef CONFIG_AUDIO_DSOUND
         CASE(DSOUND, dsound, );
-#endif
-#ifdef CONFIG_AUDIO_JACK
         CASE(JACK, jack, Jack);
-#endif
-#ifdef CONFIG_AUDIO_OSS
         CASE(OSS, oss, Oss);
-#endif
-#ifdef CONFIG_AUDIO_PA
         CASE(PA, pa, Pa);
-#endif
-#ifdef CONFIG_AUDIO_SDL
         CASE(SDL, sdl, Sdl);
-#endif
-#ifdef CONFIG_AUDIO_SNDIO
         CASE(SNDIO, sndio, );
-#endif
-#ifdef CONFIG_SPICE
         CASE(SPICE, spice, );
-#endif
         CASE(WAV, wav, );
 
     case AUDIODEV_DRIVER__MAX:
@@ -2325,13 +2313,3 @@ size_t audio_rate_get_bytes(RateCtl *rate, struct audio_pcm_info *info,
 
     return bytes;
 }
-
-AudiodevList *qmp_query_audiodevs(Error **errp)
-{
-    AudiodevList *ret = NULL;
-    AudiodevListEntry *e;
-    QSIMPLEQ_FOREACH(e, &audiodevs, next) {
-        QAPI_LIST_PREPEND(ret, QAPI_CLONE(Audiodev, e->dev));
-    }
-    return ret;
-}

audio/audio_int.h

@@ -58,7 +58,7 @@ typedef struct SWVoiceCap SWVoiceCap;
 
 typedef struct STSampleBuffer {
     size_t pos, size;
-    st_sample *buffer;
+    st_sample samples[];
 } STSampleBuffer;
 
 typedef struct HWVoiceOut {
@@ -71,7 +71,7 @@ typedef struct HWVoiceOut {
     f_sample *clip;
     uint64_t ts_helper;
 
-    STSampleBuffer mix_buf;
+    STSampleBuffer *mix_buf;
     void *buf_emul;
     size_t pos_emul, pending_emul, size_emul;
 
@@ -93,7 +93,7 @@ typedef struct HWVoiceIn {
     size_t total_samples_captured;
     uint64_t ts_helper;
 
-    STSampleBuffer conv_buf;
+    STSampleBuffer *conv_buf;
     void *buf_emul;
     size_t pos_emul, pending_emul, size_emul;
 
@@ -108,7 +108,8 @@ struct SWVoiceOut {
     AudioState *s;
     struct audio_pcm_info info;
     t_sample *conv;
-    STSampleBuffer resample_buf;
+    int64_t ratio;
+    struct st_sample *buf;
     void *rate;
     size_t total_hw_samples_mixed;
     int active;
@@ -125,9 +126,10 @@ struct SWVoiceIn {
     AudioState *s;
     int active;
     struct audio_pcm_info info;
+    int64_t ratio;
     void *rate;
     size_t total_hw_samples_acquired;
-    STSampleBuffer resample_buf;
+    struct st_sample *buf;
     f_sample *clip;
     HWVoiceIn *hw;
     char *name;
@@ -143,14 +145,14 @@ struct audio_driver {
     void *(*init) (Audiodev *);
     void (*fini) (void *);
 #ifdef CONFIG_GIO
-    void (*set_dbus_server) (AudioState *s, GDBusObjectManagerServer *manager, bool p2p);
+    void (*set_dbus_server) (AudioState *s, GDBusObjectManagerServer *manager);
 #endif
     struct audio_pcm_ops *pcm_ops;
     int can_be_default;
     int max_voices_out;
     int max_voices_in;
-    size_t voice_size_out;
-    size_t voice_size_in;
+    int voice_size_out;
+    int voice_size_in;
     QLIST_ENTRY(audio_driver) next;
 };
 
@@ -249,6 +251,7 @@ void audio_pcm_init_info (struct audio_pcm_info *info, struct audsettings *as);
 void audio_pcm_info_clear_buf (struct audio_pcm_info *info, void *buf, int len);
 
 int audio_bug (const char *funcname, int cond);
+void *audio_calloc (const char *funcname, int nmemb, size_t size);
 
 void audio_run(AudioState *s, const char *msg);
 
@@ -291,6 +294,9 @@ static inline size_t audio_ring_posb(size_t pos, size_t dist, size_t len)
 #define ldebug(fmt, ...) (void)0
 #endif
 
+#define AUDIO_STRINGIFY_(n) #n
+#define AUDIO_STRINGIFY(n) AUDIO_STRINGIFY_(n)
+
 typedef struct AudiodevListEntry {
     Audiodev *dev;
     QSIMPLEQ_ENTRY(AudiodevListEntry) next;

audio/audio_legacy.c

@@ -62,12 +62,15 @@ static void get_int(const char *env, uint32_t *dst, bool *has_dst)
     }
 }
 
-static void get_str(const char *env, char **dst)
+static void get_str(const char *env, char **dst, bool *has_dst)
 {
     const char *val = getenv(env);
     if (val) {
-        g_free(*dst);
+        if (*has_dst) {
+            g_free(*dst);
+        }
         *dst = g_strdup(val);
+        *has_dst = true;
     }
 }
 
@@ -90,7 +93,6 @@ static void get_fmt(const char *env, AudioFormat *dst, bool *has_dst)
 }
 
 
-#if defined(CONFIG_AUDIO_ALSA) || defined(CONFIG_AUDIO_DSOUND)
 static void get_millis_to_usecs(const char *env, uint32_t *dst, bool *has_dst)
 {
     const char *val = getenv(env);
@@ -99,20 +101,15 @@ static void get_millis_to_usecs(const char *env, uint32_t *dst, bool *has_dst)
         *has_dst = true;
     }
 }
-#endif
 
-#if defined(CONFIG_AUDIO_ALSA) || defined(CONFIG_AUDIO_COREAUDIO) || \
-    defined(CONFIG_AUDIO_PA) || defined(CONFIG_AUDIO_SDL) || \
-    defined(CONFIG_AUDIO_DSOUND) || defined(CONFIG_AUDIO_OSS)
 static uint32_t frames_to_usecs(uint32_t frames,
                                 AudiodevPerDirectionOptions *pdo)
 {
     uint32_t freq = pdo->has_frequency ? pdo->frequency : 44100;
     return (frames * 1000000 + freq / 2) / freq;
 }
-#endif
 
-#ifdef CONFIG_AUDIO_COREAUDIO
+
 static void get_frames_to_usecs(const char *env, uint32_t *dst, bool *has_dst,
                                 AudiodevPerDirectionOptions *pdo)
 {
@@ -122,19 +119,14 @@ static void get_frames_to_usecs(const char *env, uint32_t *dst, bool *has_dst,
         *has_dst = true;
     }
 }
-#endif
 
-#if defined(CONFIG_AUDIO_PA) || defined(CONFIG_AUDIO_SDL) || \
-    defined(CONFIG_AUDIO_DSOUND) || defined(CONFIG_AUDIO_OSS)
 static uint32_t samples_to_usecs(uint32_t samples,
                                  AudiodevPerDirectionOptions *pdo)
 {
     uint32_t channels = pdo->has_channels ? pdo->channels : 2;
     return frames_to_usecs(samples / channels, pdo);
 }
-#endif
 
-#if defined(CONFIG_AUDIO_PA) || defined(CONFIG_AUDIO_SDL)
 static void get_samples_to_usecs(const char *env, uint32_t *dst, bool *has_dst,
                                  AudiodevPerDirectionOptions *pdo)
 {
@@ -144,9 +136,7 @@ static void get_samples_to_usecs(const char *env, uint32_t *dst, bool *has_dst,
         *has_dst = true;
     }
 }
-#endif
 
-#if defined(CONFIG_AUDIO_DSOUND) || defined(CONFIG_AUDIO_OSS)
 static uint32_t bytes_to_usecs(uint32_t bytes, AudiodevPerDirectionOptions *pdo)
 {
     AudioFormat fmt = pdo->has_format ? pdo->format : AUDIO_FORMAT_S16;
@@ -163,11 +153,8 @@ static void get_bytes_to_usecs(const char *env, uint32_t *dst, bool *has_dst,
         *has_dst = true;
     }
 }
-#endif
 
 /* backend specific functions */
-
-#ifdef CONFIG_AUDIO_ALSA
 /* ALSA */
 static void handle_alsa_per_direction(
     AudiodevAlsaPerDirectionOptions *apdo, const char *prefix)
@@ -182,7 +169,7 @@ static void handle_alsa_per_direction(
     get_bool(buf, &apdo->try_poll, &apdo->has_try_poll);
 
     strcpy(buf + len, "DEV");
-    get_str(buf, &apdo->dev);
+    get_str(buf, &apdo->dev, &apdo->has_dev);
 
     strcpy(buf + len, "SIZE_IN_USEC");
     get_bool(buf, &size_in_usecs, &dummy);
@@ -213,9 +200,7 @@ static void handle_alsa(Audiodev *dev)
     get_millis_to_usecs("QEMU_ALSA_THRESHOLD",
                         &aopt->threshold, &aopt->has_threshold);
 }
-#endif
 
-#ifdef CONFIG_AUDIO_COREAUDIO
 /* coreaudio */
 static void handle_coreaudio(Audiodev *dev)
 {
@@ -228,9 +213,7 @@ static void handle_coreaudio(Audiodev *dev)
             &dev->u.coreaudio.out->buffer_count,
             &dev->u.coreaudio.out->has_buffer_count);
 }
-#endif
 
-#ifdef CONFIG_AUDIO_DSOUND
 /* dsound */
 static void handle_dsound(Audiodev *dev)
 {
@@ -245,16 +228,14 @@ static void handle_dsound(Audiodev *dev)
                        &dev->u.dsound.in->has_buffer_length,
                        dev->u.dsound.in);
 }
-#endif
 
-#ifdef CONFIG_AUDIO_OSS
 /* OSS */
 static void handle_oss_per_direction(
     AudiodevOssPerDirectionOptions *opdo, const char *try_poll_env,
     const char *dev_env)
 {
     get_bool(try_poll_env, &opdo->try_poll, &opdo->has_try_poll);
-    get_str(dev_env, &opdo->dev);
+    get_str(dev_env, &opdo->dev, &opdo->has_dev);
 
     get_bytes_to_usecs("QEMU_OSS_FRAGSIZE",
                        &opdo->buffer_length, &opdo->has_buffer_length,
@@ -275,14 +256,12 @@ static void handle_oss(Audiodev *dev)
     get_bool("QEMU_OSS_EXCLUSIVE", &oopt->exclusive, &oopt->has_exclusive);
     get_int("QEMU_OSS_POLICY", &oopt->dsp_policy, &oopt->has_dsp_policy);
 }
-#endif
 
-#ifdef CONFIG_AUDIO_PA
 /* pulseaudio */
 static void handle_pa_per_direction(
     AudiodevPaPerDirectionOptions *ppdo, const char *env)
 {
-    get_str(env, &ppdo->name);
+    get_str(env, &ppdo->name, &ppdo->has_name);
 }
 
 static void handle_pa(Audiodev *dev)
@@ -299,11 +278,9 @@ static void handle_pa(Audiodev *dev)
         &dev->u.pa.out->has_buffer_length,
         qapi_AudiodevPaPerDirectionOptions_base(dev->u.pa.out));
 
-    get_str("QEMU_PA_SERVER", &dev->u.pa.server);
+    get_str("QEMU_PA_SERVER", &dev->u.pa.server, &dev->u.pa.has_server);
 }
-#endif
 
-#ifdef CONFIG_AUDIO_SDL
 /* SDL */
 static void handle_sdl(Audiodev *dev)
 {
@@ -312,7 +289,6 @@ static void handle_sdl(Audiodev *dev)
         &dev->u.sdl.out->has_buffer_length,
         qapi_AudiodevSdlPerDirectionOptions_base(dev->u.sdl.out));
 }
-#endif
 
 /* wav */
 static void handle_wav(Audiodev *dev)
@@ -323,7 +299,7 @@ static void handle_wav(Audiodev *dev)
             &dev->u.wav.out->has_format);
     get_int("QEMU_WAV_DAC_FIXED_CHANNELS",
             &dev->u.wav.out->channels, &dev->u.wav.out->has_channels);
-    get_str("QEMU_WAV_PATH", &dev->u.wav.path);
+    get_str("QEMU_WAV_PATH", &dev->u.wav.path, &dev->u.wav.has_path);
 }
 
 /* general */
@@ -372,41 +348,29 @@ static AudiodevListEntry *legacy_opt(const char *drvname)
     }
 
     switch (e->dev->driver) {
-#ifdef CONFIG_AUDIO_ALSA
     case AUDIODEV_DRIVER_ALSA:
         handle_alsa(e->dev);
         break;
-#endif
 
-#ifdef CONFIG_AUDIO_COREAUDIO
     case AUDIODEV_DRIVER_COREAUDIO:
         handle_coreaudio(e->dev);
         break;
-#endif
 
-#ifdef CONFIG_AUDIO_DSOUND
     case AUDIODEV_DRIVER_DSOUND:
         handle_dsound(e->dev);
         break;
-#endif
 
-#ifdef CONFIG_AUDIO_OSS
     case AUDIODEV_DRIVER_OSS:
         handle_oss(e->dev);
         break;
-#endif
 
-#ifdef CONFIG_AUDIO_PA
     case AUDIODEV_DRIVER_PA:
         handle_pa(e->dev);
         break;
-#endif
 
-#ifdef CONFIG_AUDIO_SDL
     case AUDIODEV_DRIVER_SDL:
         handle_sdl(e->dev);
         break;
-#endif
 
     case AUDIODEV_DRIVER_WAV:
         handle_wav(e->dev);

audio/audio_template.h

@@ -40,7 +40,7 @@ static void glue(audio_init_nb_voices_, TYPE)(AudioState *s,
                                               struct audio_driver *drv)
 {
     int max_voices = glue (drv->max_voices_, TYPE);
-    size_t voice_size = glue(drv->voice_size_, TYPE);
+    int voice_size = glue (drv->voice_size_, TYPE);
 
     if (glue (s->nb_hw_voices_, TYPE) > max_voices) {
         if (!max_voices) {
@@ -63,17 +63,16 @@ static void glue(audio_init_nb_voices_, TYPE)(AudioState *s,
     }
 
     if (audio_bug(__func__, voice_size && !max_voices)) {
-        dolog("drv=`%s' voice_size=%zu max_voices=0\n",
-              drv->name, voice_size);
+        dolog ("drv=`%s' voice_size=%d max_voices=0\n",
+               drv->name, voice_size);
     }
 }
 
 static void glue (audio_pcm_hw_free_resources_, TYPE) (HW *hw)
 {
     g_free(hw->buf_emul);
-    g_free(HWBUF.buffer);
-    HWBUF.buffer = NULL;
-    HWBUF.size = 0;
+    g_free (HWBUF);
+    HWBUF = NULL;
 }
 
 static void glue(audio_pcm_hw_alloc_resources_, TYPE)(HW *hw)
@@ -84,67 +83,56 @@ static void glue(audio_pcm_hw_alloc_resources_, TYPE)(HW *hw)
             dolog("Attempted to allocate empty buffer\n");
         }
 
-        HWBUF.buffer = g_new0(st_sample, samples);
-        HWBUF.size = samples;
-        HWBUF.pos = 0;
+        HWBUF = g_malloc0(sizeof(STSampleBuffer) + sizeof(st_sample) * samples);
+        HWBUF->size = samples;
     } else {
-        HWBUF.buffer = NULL;
-        HWBUF.size = 0;
+        HWBUF = NULL;
     }
 }
 
 static void glue (audio_pcm_sw_free_resources_, TYPE) (SW *sw)
 {
-    g_free(sw->resample_buf.buffer);
-    sw->resample_buf.buffer = NULL;
-    sw->resample_buf.size = 0;
+    g_free (sw->buf);
 
     if (sw->rate) {
         st_rate_stop (sw->rate);
     }
+
+    sw->buf = NULL;
     sw->rate = NULL;
 }
 
 static int glue (audio_pcm_sw_alloc_resources_, TYPE) (SW *sw)
 {
-    HW *hw = sw->hw;
-    uint64_t samples;
+    int samples;
 
     if (!glue(audio_get_pdo_, TYPE)(sw->s->dev)->mixing_engine) {
         return 0;
     }
 
-    samples = muldiv64(HWBUF.size, sw->info.freq, hw->info.freq);
-    if (samples == 0) {
-        uint64_t f_fe_min;
-        uint64_t f_be = (uint32_t)hw->info.freq;
+#ifdef DAC
+    samples = ((int64_t) sw->HWBUF->size << 32) / sw->ratio;
+#else
+    samples = (int64_t)sw->HWBUF->size * sw->ratio >> 32;
+#endif
 
-        /* f_fe_min = ceil(1 [frames] * f_be [Hz] / size_be [frames]) */
-        f_fe_min = (f_be + HWBUF.size - 1) / HWBUF.size;
-        qemu_log_mask(LOG_UNIMP,
-                      AUDIO_CAP ": The guest selected a " NAME " sample rate"
-                      " of %d Hz for %s. Only sample rates >= %" PRIu64 " Hz"
-                      " are supported.\n",
-                      sw->info.freq, sw->name, f_fe_min);
+    sw->buf = audio_calloc(__func__, samples, sizeof(struct st_sample));
+    if (!sw->buf) {
+        dolog ("Could not allocate buffer for `%s' (%d samples)\n",
+               SW_NAME (sw), samples);
         return -1;
     }
 
-    /*
-     * Allocate one additional audio frame that is needed for upsampling
-     * if the resample buffer size is small. For large buffer sizes take
-     * care of overflows and truncation.
-     */
-    samples = samples < SIZE_MAX ? samples + 1 : SIZE_MAX;
-    sw->resample_buf.buffer = g_new0(st_sample, samples);
-    sw->resample_buf.size = samples;
-    sw->resample_buf.pos = 0;
-
 #ifdef DAC
-    sw->rate = st_rate_start(sw->info.freq, hw->info.freq);
+    sw->rate = st_rate_start (sw->info.freq, sw->hw->info.freq);
 #else
-    sw->rate = st_rate_start(hw->info.freq, sw->info.freq);
+    sw->rate = st_rate_start (sw->hw->info.freq, sw->info.freq);
 #endif
-
+    if (!sw->rate) {
+        g_free (sw->buf);
+        sw->buf = NULL;
+        return -1;
+    }
     return 0;
 }
 
@@ -161,8 +149,11 @@ static int glue (audio_pcm_sw_init_, TYPE) (
     sw->hw = hw;
     sw->active = 0;
 #ifdef DAC
+    sw->ratio = ((int64_t) sw->hw->info.freq << 32) / sw->info.freq;
     sw->total_hw_samples_mixed = 0;
     sw->empty = 1;
+#else
+    sw->ratio = ((int64_t) sw->info.freq << 32) / sw->hw->info.freq;
 #endif
 
     if (sw->info.is_float) {
@@ -273,11 +264,13 @@ static HW *glue(audio_pcm_hw_add_new_, TYPE)(AudioState *s,
         return NULL;
     }
 
-    /*
-     * Since glue(s->nb_hw_voices_, TYPE) is != 0, glue(drv->voice_size_, TYPE)
-     * is guaranteed to be != 0. See the audio_init_nb_voices_* functions.
-     */
-    hw = g_malloc0(glue(drv->voice_size_, TYPE));
+    hw = audio_calloc(__func__, 1, glue(drv->voice_size_, TYPE));
+    if (!hw) {
+        dolog ("Can not allocate voice `%s' size %d\n",
+               drv->name, glue (drv->voice_size_, TYPE));
+        return NULL;
+    }
+
     hw->s = s;
     hw->pcm_ops = drv->pcm_ops;
 
@@ -333,47 +326,27 @@ AudiodevPerDirectionOptions *glue(audio_get_pdo_, TYPE)(Audiodev *dev)
     switch (dev->driver) {
     case AUDIODEV_DRIVER_NONE:
         return dev->u.none.TYPE;
-#ifdef CONFIG_AUDIO_ALSA
     case AUDIODEV_DRIVER_ALSA:
         return qapi_AudiodevAlsaPerDirectionOptions_base(dev->u.alsa.TYPE);
-#endif
-#ifdef CONFIG_AUDIO_COREAUDIO
     case AUDIODEV_DRIVER_COREAUDIO:
         return qapi_AudiodevCoreaudioPerDirectionOptions_base(
             dev->u.coreaudio.TYPE);
-#endif
-#ifdef CONFIG_DBUS_DISPLAY
     case AUDIODEV_DRIVER_DBUS:
         return dev->u.dbus.TYPE;
-#endif
-#ifdef CONFIG_AUDIO_DSOUND
     case AUDIODEV_DRIVER_DSOUND:
         return dev->u.dsound.TYPE;
-#endif
-#ifdef CONFIG_AUDIO_JACK
     case AUDIODEV_DRIVER_JACK:
         return qapi_AudiodevJackPerDirectionOptions_base(dev->u.jack.TYPE);
-#endif
-#ifdef CONFIG_AUDIO_OSS
     case AUDIODEV_DRIVER_OSS:
         return qapi_AudiodevOssPerDirectionOptions_base(dev->u.oss.TYPE);
-#endif
-#ifdef CONFIG_AUDIO_PA
     case AUDIODEV_DRIVER_PA:
         return qapi_AudiodevPaPerDirectionOptions_base(dev->u.pa.TYPE);
-#endif
-#ifdef CONFIG_AUDIO_SDL
     case AUDIODEV_DRIVER_SDL:
         return qapi_AudiodevSdlPerDirectionOptions_base(dev->u.sdl.TYPE);
-#endif
-#ifdef CONFIG_AUDIO_SNDIO
     case AUDIODEV_DRIVER_SNDIO:
         return dev->u.sndio.TYPE;
-#endif
-#ifdef CONFIG_SPICE
     case AUDIODEV_DRIVER_SPICE:
         return dev->u.spice.TYPE;
-#endif
     case AUDIODEV_DRIVER_WAV:
         return dev->u.wav.TYPE;
 
@@ -425,28 +398,33 @@ static SW *glue(audio_pcm_create_voice_pair_, TYPE)(
         hw_as = *as;
     }
 
-    sw = g_new0(SW, 1);
+    sw = audio_calloc(__func__, 1, sizeof(*sw));
+    if (!sw) {
+        dolog ("Could not allocate soft voice `%s' (%zu bytes)\n",
+               sw_name ? sw_name : "unknown", sizeof (*sw));
+        goto err1;
+    }
     sw->s = s;
 
     hw = glue(audio_pcm_hw_add_, TYPE)(s, &hw_as);
     if (!hw) {
-        dolog("Could not create a backend for voice `%s'\n", sw_name);
-        goto err1;
+        goto err2;
     }
 
     glue (audio_pcm_hw_add_sw_, TYPE) (hw, sw);
 
     if (glue (audio_pcm_sw_init_, TYPE) (sw, hw, sw_name, as)) {
-        goto err2;
+        goto err3;
     }
 
     return sw;
 
-err2:
+err3:
     glue (audio_pcm_hw_del_sw_, TYPE) (sw);
     glue (audio_pcm_hw_gc_, TYPE) (&hw);
+err2:
+    g_free (sw);
 err1:
-    g_free(sw);
     return NULL;
 }
 
@@ -517,8 +495,8 @@ SW *glue (AUD_open_, TYPE) (
         HW *hw = sw->hw;
 
         if (!hw) {
-            dolog("Internal logic error: voice `%s' has no backend\n",
-                  SW_NAME(sw));
+            dolog ("Internal logic error voice `%s' has no hardware store\n",
+                   SW_NAME (sw));
             goto fail;
         }
 
@@ -529,6 +507,7 @@ SW *glue (AUD_open_, TYPE) (
     } else {
         sw = glue(audio_pcm_create_voice_pair_, TYPE)(s, name, as);
         if (!sw) {
+            dolog ("Failed to create voice `%s'\n", name);
             return NULL;
         }
     }

audio/dbusaudio.c

@@ -43,7 +43,6 @@
 
 typedef struct DBusAudio {
     GDBusObjectManagerServer *server;
-    bool p2p;
     GDBusObjectSkeleton *audio;
     QemuDBusDisplay1Audio *iface;
     GHashTable *out_listeners;
@@ -449,8 +448,7 @@ dbus_audio_register_listener(AudioState *s,
                              bool out)
 {
     DBusAudio *da = s->drv_opaque;
-    const char *sender =
-        da->p2p ? "p2p" : g_dbus_method_invocation_get_sender(invocation);
+    const char *sender = g_dbus_method_invocation_get_sender(invocation);
     g_autoptr(GDBusConnection) listener_conn = NULL;
     g_autoptr(GError) err = NULL;
     g_autoptr(GSocket) socket = NULL;
@@ -593,7 +591,7 @@ dbus_audio_register_in_listener(AudioState *s,
 }
 
 static void
-dbus_audio_set_server(AudioState *s, GDBusObjectManagerServer *server, bool p2p)
+dbus_audio_set_server(AudioState *s, GDBusObjectManagerServer *server)
 {
     DBusAudio *da = s->drv_opaque;
 
@@ -601,7 +599,6 @@ dbus_audio_set_server(AudioState *s, GDBusObjectManagerServer *server, bool p2p)
     g_assert(!da->server);
 
     da->server = g_object_ref(server);
-    da->p2p = p2p;
 
     da->audio = g_dbus_object_skeleton_new(DBUS_DISPLAY1_AUDIO_PATH);
     da->iface = qemu_dbus_display1_audio_skeleton_new();

audio/meson.build

@@ -1,6 +1,5 @@
 softmmu_ss.add([spice_headers, files('audio.c')])
 softmmu_ss.add(files(
-  'audio-hmp-cmds.c',
   'audio_legacy.c',
   'mixeng.c',
   'noaudio.c',

audio/mixeng.c

@@ -414,7 +414,12 @@ struct rate {
  */
 void *st_rate_start (int inrate, int outrate)
 {
-    struct rate *rate = g_new0(struct rate, 1);
+    struct rate *rate = audio_calloc(__func__, 1, sizeof(*rate));
+
+    if (!rate) {
+        dolog ("Could not allocate resampler (%zu bytes)\n", sizeof (*rate));
+        return NULL;
+    }
 
     rate->opos = 0;
 
@@ -440,86 +445,6 @@ void st_rate_stop (void *opaque)
     g_free (opaque);
 }
 
-/**
- * st_rate_frames_out() - returns the number of frames the resampling code
- * generates from frames_in frames
- *
- * @opaque: pointer to struct rate
- * @frames_in: number of frames
- *
- * When upsampling, there may be more than one correct result. In this case,
- * the function returns the maximum number of output frames the resampling
- * code can generate.
- */
-uint32_t st_rate_frames_out(void *opaque, uint32_t frames_in)
-{
-    struct rate *rate = opaque;
-    uint64_t opos_end, opos_delta;
-    uint32_t ipos_end;
-    uint32_t frames_out;
-
-    if (rate->opos_inc == 1ULL << 32) {
-        return frames_in;
-    }
-
-    /* no output frame without at least one input frame */
-    if (!frames_in) {
-        return 0;
-    }
-
-    /* last frame read was at rate->ipos - 1 */
-    ipos_end = rate->ipos - 1 + frames_in;
-    opos_end = (uint64_t)ipos_end << 32;
-
-    /* last frame written was at rate->opos - rate->opos_inc */
-    if (opos_end + rate->opos_inc <= rate->opos) {
-        return 0;
-    }
-    opos_delta = opos_end - rate->opos + rate->opos_inc;
-    frames_out = opos_delta / rate->opos_inc;
-
-    return opos_delta % rate->opos_inc ? frames_out : frames_out - 1;
-}
-
-/**
- * st_rate_frames_in() - returns the number of frames needed to
- * get frames_out frames after resampling
- *
- * @opaque: pointer to struct rate
- * @frames_out: number of frames
- *
- * When downsampling, there may be more than one correct result. In this
- * case, the function returns the maximum number of input frames needed.
- */
-uint32_t st_rate_frames_in(void *opaque, uint32_t frames_out)
-{
-    struct rate *rate = opaque;
-    uint64_t opos_start, opos_end;
-    uint32_t ipos_start, ipos_end;
-
-    if (rate->opos_inc == 1ULL << 32) {
-        return frames_out;
-    }
-
-    if (frames_out) {
-        opos_start = rate->opos;
-        ipos_start = rate->ipos;
-    } else {
-        uint64_t offset;
-
-        /* add offset = ceil(opos_inc) to opos and ipos to avoid an underflow */
-        offset = (rate->opos_inc + (1ULL << 32) - 1) & ~((1ULL << 32) - 1);
-        opos_start = rate->opos + offset;
-        ipos_start = rate->ipos + (offset >> 32);
-    }
-    /* last frame written was at opos_start - rate->opos_inc */
-    opos_end = opos_start - rate->opos_inc + rate->opos_inc * frames_out;
-    ipos_end = (opos_end >> 32) + 1;
-
-    /* last frame read was at ipos_start - 1 */
-    return ipos_end + 1 > ipos_start ? ipos_end + 1 - ipos_start : 0;
-}
-
 void mixeng_clear (struct st_sample *buf, int len)
 {
     memset (buf, 0, len * sizeof (struct st_sample));

audio/mixeng.h

@@ -52,8 +52,6 @@ void st_rate_flow(void *opaque, st_sample *ibuf, st_sample *obuf,
 void st_rate_flow_mix(void *opaque, st_sample *ibuf, st_sample *obuf,
                       size_t *isamp, size_t *osamp);
 void st_rate_stop (void *opaque);
-uint32_t st_rate_frames_out(void *opaque, uint32_t frames_in);
-uint32_t st_rate_frames_in(void *opaque, uint32_t frames_out);
 void mixeng_clear (struct st_sample *buf, int len);
 void mixeng_volume (struct st_sample *buf, int len, struct mixeng_volume *vol);
 

audio/ossaudio.c

@@ -252,7 +252,7 @@ static int oss_open(int in, struct oss_params *req, audsettings *as,
     audio_buf_info abinfo;
     int fmt, freq, nchannels;
     int setfragment = 1;
-    const char *dspname = opdo->dev ?: "/dev/dsp";
+    const char *dspname = opdo->has_dev ? opdo->dev : "/dev/dsp";
     const char *typ = in ? "ADC" : "DAC";
 #ifdef USE_DSP_POLICY
     int policy = oopts->has_dsp_policy ? oopts->dsp_policy : 5;
@@ -745,8 +745,10 @@ static void *oss_audio_init(Audiodev *dev)
     oss_init_per_direction(oopts->in);
     oss_init_per_direction(oopts->out);
 
-    if (access(oopts->in->dev ?: "/dev/dsp", R_OK | W_OK) < 0 ||
-        access(oopts->out->dev ?: "/dev/dsp", R_OK | W_OK) < 0) {
+    if (access(oopts->in->has_dev ? oopts->in->dev : "/dev/dsp",
+               R_OK | W_OK) < 0 ||
+        access(oopts->out->has_dev ? oopts->out->dev : "/dev/dsp",
+               R_OK | W_OK) < 0) {
         return NULL;
     }
     return dev;

audio/paaudio.c

@@ -536,9 +536,9 @@ static int qpa_init_out(HWVoiceOut *hw, struct audsettings *as,
 
     pa->stream = qpa_simple_new (
         c,
-        ppdo->stream_name ?: g->dev->id,
+        ppdo->has_stream_name ? ppdo->stream_name : g->dev->id,
         PA_STREAM_PLAYBACK,
-        ppdo->name,
+        ppdo->has_name ? ppdo->name : NULL,
         &ss,
         &ba,                    /* buffering attributes */
         &error
@@ -585,9 +585,9 @@ static int qpa_init_in(HWVoiceIn *hw, struct audsettings *as, void *drv_opaque)
 
     pa->stream = qpa_simple_new (
         c,
-        ppdo->stream_name ?: g->dev->id,
+        ppdo->has_stream_name ? ppdo->stream_name : g->dev->id,
         PA_STREAM_RECORD,
-        ppdo->name,
+        ppdo->has_name ? ppdo->name : NULL,
         &ss,
         &ba,                    /* buffering attributes */
         &error
@@ -827,7 +827,7 @@ static void *qpa_audio_init(Audiodev *dev)
 
     assert(dev->driver == AUDIODEV_DRIVER_PA);
 
-    if (!popts->server) {
+    if (!popts->has_server) {
         char pidfile[64];
         char *runtime;
         struct stat st;
@@ -850,7 +850,7 @@ static void *qpa_audio_init(Audiodev *dev)
     }
 
     g = g_new0(paaudio, 1);
-    server = popts->server;
+    server = popts->has_server ? popts->server : NULL;
 
     g->dev = dev;
 

audio/rate_template.h

@@ -40,6 +40,8 @@ void NAME (void *opaque, struct st_sample *ibuf, struct st_sample *obuf,
     int64_t t;
 #endif
 
+    ilast = rate->ilast;
+
     istart = ibuf;
     iend = ibuf + *isamp;
 
@@ -57,17 +59,15 @@ void NAME (void *opaque, struct st_sample *ibuf, struct st_sample *obuf,
         return;
     }
 
-    /* without input samples, there's nothing to do */
-    if (ibuf >= iend) {
-        *osamp = 0;
-        return;
-    }
+    while (obuf < oend) {
 
-    ilast = rate->ilast;
-
-    while (true) {
+        /* Safety catch to make sure we have input samples.  */
+        if (ibuf >= iend) {
+            break;
+        }
 
         /* read as many input samples so that ipos > opos */
+
         while (rate->ipos <= (rate->opos >> 32)) {
             ilast = *ibuf++;
             rate->ipos++;
@@ -78,11 +78,6 @@ void NAME (void *opaque, struct st_sample *ibuf, struct st_sample *obuf,
             }
         }
 
-        /* make sure that the next output sample can be written */
-        if (obuf >= oend) {
-            break;
-        }
-
         icur = *ibuf;
 
         /* wrap ipos and opos around long before they overflow */

audio/sndioaudio.c

@@ -14,9 +14,9 @@
  * to recording, which is what guest systems expect.
  */
 
-#include "qemu/osdep.h"
 #include <poll.h>
 #include <sndio.h>
+#include "qemu/osdep.h"
 #include "qemu/main-loop.h"
 #include "audio.h"
 #include "trace.h"
@@ -333,7 +333,7 @@ static int sndio_init(SndioVoice *self,
     unsigned int nch;
     int i, nfds;
 
-    dev_name = opts->dev ?: SIO_DEVANY;
+    dev_name = opts->has_dev ? opts->dev : SIO_DEVANY;
     latency = opts->has_latency ? opts->latency : SNDIO_LATENCY_US;
 
     /* open the device in non-blocking mode */

audio/wavaudio.c

@@ -78,7 +78,7 @@ static int wav_init_out(HWVoiceOut *hw, struct audsettings *as,
     Audiodev *dev = drv_opaque;
     AudiodevWavOptions *wopts = &dev->u.wav;
     struct audsettings wav_as = audiodev_to_audsettings(dev->u.wav.out);
-    const char *wav_path = wopts->path ?: "qemu.wav";
+    const char *wav_path = wopts->has_path ? wopts->path : "qemu.wav";
 
     stereo = wav_as.nchannels == 2;
     switch (wav_as.fmt) {

authz/listfile.c

@@ -30,6 +30,7 @@
 #include "qapi/qapi-visit-authz.h"
 #include "qapi/qmp/qjson.h"
 #include "qapi/qmp/qobject.h"
+#include "qapi/qmp/qerror.h"
 #include "qapi/qobject-input-visitor.h"
 
 

backends/cryptodev-builtin.c

@@ -59,19 +59,6 @@ struct CryptoDevBackendBuiltin {
     CryptoDevBackendBuiltinSession *sessions[MAX_NUM_SESSIONS];
 };
 
-static void cryptodev_builtin_init_akcipher(CryptoDevBackend *backend)
-{
-    QCryptoAkCipherOptions opts;
-
-    opts.alg = QCRYPTO_AKCIPHER_ALG_RSA;
-    opts.u.rsa.padding_alg = QCRYPTO_RSA_PADDING_ALG_RAW;
-    if (qcrypto_akcipher_supports(&opts)) {
-        backend->conf.crypto_services |=
-                     (1u << QCRYPTODEV_BACKEND_SERVICE_AKCIPHER);
-        backend->conf.akcipher_algo = 1u << VIRTIO_CRYPTO_AKCIPHER_RSA;
-    }
-}
-
 static void cryptodev_builtin_init(
              CryptoDevBackend *backend, Error **errp)
 {
@@ -85,18 +72,21 @@ static void cryptodev_builtin_init(
         return;
     }
 
-    cc = cryptodev_backend_new_client();
+    cc = cryptodev_backend_new_client(
+              "cryptodev-builtin", NULL);
     cc->info_str = g_strdup_printf("cryptodev-builtin0");
     cc->queue_index = 0;
-    cc->type = QCRYPTODEV_BACKEND_TYPE_BUILTIN;
+    cc->type = CRYPTODEV_BACKEND_TYPE_BUILTIN;
     backend->conf.peers.ccs[0] = cc;
 
     backend->conf.crypto_services =
-                         1u << QCRYPTODEV_BACKEND_SERVICE_CIPHER |
-                         1u << QCRYPTODEV_BACKEND_SERVICE_HASH |
-                         1u << QCRYPTODEV_BACKEND_SERVICE_MAC;
+                         1u << VIRTIO_CRYPTO_SERVICE_CIPHER |
+                         1u << VIRTIO_CRYPTO_SERVICE_HASH |
+                         1u << VIRTIO_CRYPTO_SERVICE_MAC |
+                         1u << VIRTIO_CRYPTO_SERVICE_AKCIPHER;
     backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC;
     backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1;
+    backend->conf.akcipher_algo = 1u << VIRTIO_CRYPTO_AKCIPHER_RSA;
     /*
      * Set the Maximum length of crypto request.
      * Why this value? Just avoid to overflow when
@@ -105,7 +95,6 @@ static void cryptodev_builtin_init(
     backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendOpInfo);
     backend->conf.max_cipher_key_len = CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN;
     backend->conf.max_auth_key_len = CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN;
-    cryptodev_builtin_init_akcipher(backend);
 
     cryptodev_backend_set_ready(backend, true);
 }
@@ -539,14 +528,17 @@ static int cryptodev_builtin_asym_operation(
 
 static int cryptodev_builtin_operation(
                  CryptoDevBackend *backend,
-                 CryptoDevBackendOpInfo *op_info)
+                 CryptoDevBackendOpInfo *op_info,
+                 uint32_t queue_index,
+                 CryptoDevCompletionFunc cb,
+                 void *opaque)
 {
     CryptoDevBackendBuiltin *builtin =
                       CRYPTODEV_BACKEND_BUILTIN(backend);
     CryptoDevBackendBuiltinSession *sess;
     CryptoDevBackendSymOpInfo *sym_op_info;
     CryptoDevBackendAsymOpInfo *asym_op_info;
-    QCryptodevBackendAlgType algtype = op_info->algtype;
+    enum CryptoDevBackendAlgType algtype = op_info->algtype;
     int status = -VIRTIO_CRYPTO_ERR;
     Error *local_error = NULL;
 
@@ -558,11 +550,11 @@ static int cryptodev_builtin_operation(
     }
 
     sess = builtin->sessions[op_info->session_id];
-    if (algtype == QCRYPTODEV_BACKEND_ALG_SYM) {
+    if (algtype == CRYPTODEV_BACKEND_ALG_SYM) {
         sym_op_info = op_info->u.sym_op_info;
         status = cryptodev_builtin_sym_operation(sess, sym_op_info,
                                                  &local_error);
-    } else if (algtype == QCRYPTODEV_BACKEND_ALG_ASYM) {
+    } else if (algtype == CRYPTODEV_BACKEND_ALG_ASYM) {
         asym_op_info = op_info->u.asym_op_info;
         status = cryptodev_builtin_asym_operation(sess, op_info->op_code,
                                                   asym_op_info, &local_error);
@@ -571,8 +563,8 @@ static int cryptodev_builtin_operation(
     if (local_error) {
         error_report_err(local_error);
     }
-    if (op_info->cb) {
-        op_info->cb(op_info->opaque, status);
+    if (cb) {
+        cb(opaque, status);
     }
     return 0;
 }

backends/cryptodev-hmp-cmds.c

@@ -1,54 +0,0 @@
-/*
- * HMP commands related to cryptodev
- *
- * Copyright (c) 2023 Bytedance.Inc
- *
- * Authors:
- *    zhenwei pi<pizhenwei@bytedance.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or
- * (at your option) any later version.
- */
-
-#include "qemu/osdep.h"
-#include "monitor/hmp.h"
-#include "monitor/monitor.h"
-#include "qapi/qapi-commands-cryptodev.h"
-#include "qapi/qmp/qdict.h"
-
-
-void hmp_info_cryptodev(Monitor *mon, const QDict *qdict)
-{
-    QCryptodevInfoList *il;
-    QCryptodevBackendServiceTypeList *sl;
-    QCryptodevBackendClientList *cl;
-
-    for (il = qmp_query_cryptodev(NULL); il; il = il->next) {
-        g_autofree char *services = NULL;
-        QCryptodevInfo *info = il->value;
-        char *tmp_services;
-
-        /* build a string like 'service=[akcipher|mac|hash|cipher]' */
-        for (sl = info->service; sl; sl = sl->next) {
-            const char *service = QCryptodevBackendServiceType_str(sl->value);
-
-            if (!services) {
-                services = g_strdup(service);
-            } else {
-                tmp_services = g_strjoin("|", services, service, NULL);
-                g_free(services);
-                services = tmp_services;
-            }
-        }
-        monitor_printf(mon, "%s: service=[%s]\n", info->id, services);
-
-        for (cl = info->client; cl; cl = cl->next) {
-            QCryptodevBackendClient *client = cl->value;
-            monitor_printf(mon, "    queue %" PRIu32 ": type=%s\n",
-                           client->queue,
-                           QCryptodevBackendType_str(client->type));
-        }
-    }
-
-    qapi_free_QCryptodevInfoList(il);
-}

backends/cryptodev-lkcf.c

@@ -223,14 +223,14 @@ static void cryptodev_lkcf_init(CryptoDevBackend *backend, Error **errp)
         return;
     }
 
-    cc = cryptodev_backend_new_client();
+    cc = cryptodev_backend_new_client("cryptodev-lkcf", NULL);
     cc->info_str = g_strdup_printf("cryptodev-lkcf0");
     cc->queue_index = 0;
-    cc->type = QCRYPTODEV_BACKEND_TYPE_LKCF;
+    cc->type = CRYPTODEV_BACKEND_TYPE_LKCF;
     backend->conf.peers.ccs[0] = cc;
 
     backend->conf.crypto_services =
-        1u << QCRYPTODEV_BACKEND_SERVICE_AKCIPHER;
+        1u << VIRTIO_CRYPTO_SERVICE_AKCIPHER;
     backend->conf.akcipher_algo = 1u << VIRTIO_CRYPTO_AKCIPHER_RSA;
     lkcf->running = true;
 
@@ -469,12 +469,15 @@ static void *cryptodev_lkcf_worker(void *arg)
 
 static int cryptodev_lkcf_operation(
     CryptoDevBackend *backend,
-    CryptoDevBackendOpInfo *op_info)
+    CryptoDevBackendOpInfo *op_info,
+    uint32_t queue_index,
+    CryptoDevCompletionFunc cb,
+    void *opaque)
 {
     CryptoDevBackendLKCF *lkcf =
         CRYPTODEV_BACKEND_LKCF(backend);
     CryptoDevBackendLKCFSession *sess;
-    QCryptodevBackendAlgType algtype = op_info->algtype;
+    enum CryptoDevBackendAlgType algtype = op_info->algtype;
     CryptoDevLKCFTask *task;
 
     if (op_info->session_id >= MAX_SESSIONS ||
@@ -485,15 +488,15 @@ static int cryptodev_lkcf_operation(
     }
 
     sess = lkcf->sess[op_info->session_id];
-    if (algtype != QCRYPTODEV_BACKEND_ALG_ASYM) {
+    if (algtype != CRYPTODEV_BACKEND_ALG_ASYM) {
         error_report("algtype not supported: %u", algtype);
         return -VIRTIO_CRYPTO_NOTSUPP;
     }
 
     task = g_new0(CryptoDevLKCFTask, 1);
     task->op_info = op_info;
-    task->cb = op_info->cb;
-    task->opaque = op_info->opaque;
+    task->cb = cb;
+    task->opaque = opaque;
     task->sess = sess;
     task->lkcf = lkcf;
     task->status = -VIRTIO_CRYPTO_ERR;

backends/cryptodev-vhost-user.c

@@ -67,7 +67,7 @@ cryptodev_vhost_user_get_vhost(
 {
     CryptoDevBackendVhostUser *s =
                       CRYPTODEV_BACKEND_VHOST_USER(b);
-    assert(cc->type == QCRYPTODEV_BACKEND_TYPE_VHOST_USER);
+    assert(cc->type == CRYPTODEV_BACKEND_TYPE_VHOST_USER);
     assert(queue < MAX_CRYPTO_QUEUE_NUM);
 
     return s->vhost_crypto[queue];
@@ -198,11 +198,12 @@ static void cryptodev_vhost_user_init(
     s->opened = true;
 
     for (i = 0; i < queues; i++) {
-        cc = cryptodev_backend_new_client();
+        cc = cryptodev_backend_new_client(
+                  "cryptodev-vhost-user", NULL);
         cc->info_str = g_strdup_printf("cryptodev-vhost-user%zu to %s ",
                                        i, chr->label);
         cc->queue_index = i;
-        cc->type = QCRYPTODEV_BACKEND_TYPE_VHOST_USER;
+        cc->type = CRYPTODEV_BACKEND_TYPE_VHOST_USER;
 
         backend->conf.peers.ccs[i] = cc;
 
@@ -221,9 +222,9 @@ static void cryptodev_vhost_user_init(
                      cryptodev_vhost_user_event, NULL, s, NULL, true);
 
     backend->conf.crypto_services =
-                         1u << QCRYPTODEV_BACKEND_SERVICE_CIPHER |
-                         1u << QCRYPTODEV_BACKEND_SERVICE_HASH |
-                         1u << QCRYPTODEV_BACKEND_SERVICE_MAC;
+                         1u << VIRTIO_CRYPTO_SERVICE_CIPHER |
+                         1u << VIRTIO_CRYPTO_SERVICE_HASH |
+                         1u << VIRTIO_CRYPTO_SERVICE_MAC;
     backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC;
     backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1;
 

backends/cryptodev-vhost.c

@@ -28,6 +28,7 @@
 
 #ifdef CONFIG_VHOST_CRYPTO
 #include "qapi/error.h"
+#include "qapi/qmp/qerror.h"
 #include "qemu/error-report.h"
 #include "hw/virtio/virtio-crypto.h"
 #include "sysemu/cryptodev-vhost-user.h"
@@ -127,7 +128,7 @@ cryptodev_get_vhost(CryptoDevBackendClient *cc,
 
     switch (cc->type) {
 #if defined(CONFIG_VHOST_USER) && defined(CONFIG_LINUX)
-    case QCRYPTODEV_BACKEND_TYPE_VHOST_USER:
+    case CRYPTODEV_BACKEND_TYPE_VHOST_USER:
         vhost_crypto = cryptodev_vhost_user_get_vhost(cc, b, queue);
         break;
 #endif
@@ -195,7 +196,7 @@ int cryptodev_vhost_start(VirtIODevice *dev, int total_queues)
          * because vhost user doesn't interrupt masking/unmasking
          * properly.
          */
-        if (cc->type == QCRYPTODEV_BACKEND_TYPE_VHOST_USER) {
+        if (cc->type == CRYPTODEV_BACKEND_TYPE_VHOST_USER) {
             dev->use_guest_notifier_mask = false;
         }
      }

backends/cryptodev.c

@@ -23,92 +23,29 @@
 
 #include "qemu/osdep.h"
 #include "sysemu/cryptodev.h"
-#include "sysemu/stats.h"
 #include "qapi/error.h"
-#include "qapi/qapi-commands-cryptodev.h"
-#include "qapi/qapi-types-stats.h"
 #include "qapi/visitor.h"
 #include "qemu/config-file.h"
 #include "qemu/error-report.h"
-#include "qemu/main-loop.h"
 #include "qom/object_interfaces.h"
 #include "hw/virtio/virtio-crypto.h"
 
-#define SYM_ENCRYPT_OPS_STR "sym-encrypt-ops"
-#define SYM_DECRYPT_OPS_STR "sym-decrypt-ops"
-#define SYM_ENCRYPT_BYTES_STR "sym-encrypt-bytes"
-#define SYM_DECRYPT_BYTES_STR "sym-decrypt-bytes"
-
-#define ASYM_ENCRYPT_OPS_STR "asym-encrypt-ops"
-#define ASYM_DECRYPT_OPS_STR "asym-decrypt-ops"
-#define ASYM_SIGN_OPS_STR "asym-sign-ops"
-#define ASYM_VERIFY_OPS_STR "asym-verify-ops"
-#define ASYM_ENCRYPT_BYTES_STR "asym-encrypt-bytes"
-#define ASYM_DECRYPT_BYTES_STR "asym-decrypt-bytes"
-#define ASYM_SIGN_BYTES_STR "asym-sign-bytes"
-#define ASYM_VERIFY_BYTES_STR "asym-verify-bytes"
-
-typedef struct StatsArgs {
-    union StatsResultsType {
-        StatsResultList **stats;
-        StatsSchemaList **schema;
-    } result;
-    strList *names;
-    Error **errp;
-} StatsArgs;
 
 static QTAILQ_HEAD(, CryptoDevBackendClient) crypto_clients;
 
-static int qmp_query_cryptodev_foreach(Object *obj, void *data)
-{
-    CryptoDevBackend *backend;
-    QCryptodevInfoList **infolist = data;
-    uint32_t services, i;
 
-    if (!object_dynamic_cast(obj, TYPE_CRYPTODEV_BACKEND)) {
-        return 0;
-    }
-
-    QCryptodevInfo *info = g_new0(QCryptodevInfo, 1);
-    info->id = g_strdup(object_get_canonical_path_component(obj));
-
-    backend = CRYPTODEV_BACKEND(obj);
-    services = backend->conf.crypto_services;
-    for (i = 0; i < QCRYPTODEV_BACKEND_SERVICE__MAX; i++) {
-        if (services & (1 << i)) {
-            QAPI_LIST_PREPEND(info->service, i);
-        }
-    }
-
-    for (i = 0; i < backend->conf.peers.queues; i++) {
-        CryptoDevBackendClient *cc = backend->conf.peers.ccs[i];
-        QCryptodevBackendClient *client = g_new0(QCryptodevBackendClient, 1);
-
-        client->queue = cc->queue_index;
-        client->type = cc->type;
-        QAPI_LIST_PREPEND(info->client, client);
-    }
-
-    QAPI_LIST_PREPEND(*infolist, info);
-
-    return 0;
-}
-
-QCryptodevInfoList *qmp_query_cryptodev(Error **errp)
-{
-    QCryptodevInfoList *list = NULL;
-    Object *objs = container_get(object_get_root(), "/objects");
-
-    object_child_foreach(objs, qmp_query_cryptodev_foreach, &list);
-
-    return list;
-}
-
-CryptoDevBackendClient *cryptodev_backend_new_client(void)
+CryptoDevBackendClient *
+cryptodev_backend_new_client(const char *model,
+                                    const char *name)
 {
     CryptoDevBackendClient *cc;
 
     cc = g_new0(CryptoDevBackendClient, 1);
+    cc->model = g_strdup(model);
+    if (name) {
+        cc->name = g_strdup(name);
+    }
+
     QTAILQ_INSERT_TAIL(&crypto_clients, cc, next);
 
     return cc;
@@ -118,6 +55,8 @@ void cryptodev_backend_free_client(
                   CryptoDevBackendClient *cc)
 {
     QTAILQ_REMOVE(&crypto_clients, cc, next);
+    g_free(cc->name);
+    g_free(cc->model);
     g_free(cc->info_str);
     g_free(cc);
 }
@@ -132,9 +71,6 @@ void cryptodev_backend_cleanup(
     if (bc->cleanup) {
         bc->cleanup(backend, errp);
     }
-
-    g_free(backend->sym_stat);
-    g_free(backend->asym_stat);
 }
 
 int cryptodev_backend_create_session(
@@ -171,111 +107,38 @@ int cryptodev_backend_close_session(
 
 static int cryptodev_backend_operation(
                  CryptoDevBackend *backend,
-                 CryptoDevBackendOpInfo *op_info)
+                 CryptoDevBackendOpInfo *op_info,
+                 uint32_t queue_index,
+                 CryptoDevCompletionFunc cb,
+                 void *opaque)
 {
     CryptoDevBackendClass *bc =
                       CRYPTODEV_BACKEND_GET_CLASS(backend);
 
     if (bc->do_op) {
-        return bc->do_op(backend, op_info);
+        return bc->do_op(backend, op_info, queue_index, cb, opaque);
     }
     return -VIRTIO_CRYPTO_NOTSUPP;
 }
 
-static int cryptodev_backend_account(CryptoDevBackend *backend,
-                 CryptoDevBackendOpInfo *op_info)
+int cryptodev_backend_crypto_operation(
+                 CryptoDevBackend *backend,
+                 void *opaque1,
+                 uint32_t queue_index,
+                 CryptoDevCompletionFunc cb, void *opaque2)
 {
-    enum QCryptodevBackendAlgType algtype = op_info->algtype;
-    int len;
+    VirtIOCryptoReq *req = opaque1;
+    CryptoDevBackendOpInfo *op_info = &req->op_info;
+    enum CryptoDevBackendAlgType algtype = req->flags;
 
-    if (algtype == QCRYPTODEV_BACKEND_ALG_ASYM) {
-        CryptoDevBackendAsymOpInfo *asym_op_info = op_info->u.asym_op_info;
-        len = asym_op_info->src_len;
-        switch (op_info->op_code) {
-        case VIRTIO_CRYPTO_AKCIPHER_ENCRYPT:
-            CryptodevAsymStatIncEncrypt(backend, len);
-            break;
-        case VIRTIO_CRYPTO_AKCIPHER_DECRYPT:
-            CryptodevAsymStatIncDecrypt(backend, len);
-            break;
-        case VIRTIO_CRYPTO_AKCIPHER_SIGN:
-            CryptodevAsymStatIncSign(backend, len);
-            break;
-        case VIRTIO_CRYPTO_AKCIPHER_VERIFY:
-            CryptodevAsymStatIncVerify(backend, len);
-            break;
-        default:
-            return -VIRTIO_CRYPTO_NOTSUPP;
-        }
-    } else if (algtype == QCRYPTODEV_BACKEND_ALG_SYM) {
-        CryptoDevBackendSymOpInfo *sym_op_info = op_info->u.sym_op_info;
-        len = sym_op_info->src_len;
-        switch (op_info->op_code) {
-        case VIRTIO_CRYPTO_CIPHER_ENCRYPT:
-            CryptodevSymStatIncEncrypt(backend, len);
-            break;
-        case VIRTIO_CRYPTO_CIPHER_DECRYPT:
-            CryptodevSymStatIncDecrypt(backend, len);
-            break;
-        default:
-            return -VIRTIO_CRYPTO_NOTSUPP;
-        }
-    } else {
+    if ((algtype != CRYPTODEV_BACKEND_ALG_SYM)
+        && (algtype != CRYPTODEV_BACKEND_ALG_ASYM)) {
         error_report("Unsupported cryptodev alg type: %" PRIu32 "", algtype);
         return -VIRTIO_CRYPTO_NOTSUPP;
     }
 
-    return len;
-}
-
-static void cryptodev_backend_throttle_timer_cb(void *opaque)
-{
-    CryptoDevBackend *backend = (CryptoDevBackend *)opaque;
-    CryptoDevBackendOpInfo *op_info, *tmpop;
-    int ret;
-
-    QTAILQ_FOREACH_SAFE(op_info, &backend->opinfos, next, tmpop) {
-        QTAILQ_REMOVE(&backend->opinfos, op_info, next);
-        ret = cryptodev_backend_account(backend, op_info);
-        if (ret < 0) {
-            op_info->cb(op_info->opaque, ret);
-            continue;
-        }
-
-        throttle_account(&backend->ts, true, ret);
-        cryptodev_backend_operation(backend, op_info);
-        if (throttle_enabled(&backend->tc) &&
-            throttle_schedule_timer(&backend->ts, &backend->tt, true)) {
-            break;
-        }
-    }
-}
-
-int cryptodev_backend_crypto_operation(
-                 CryptoDevBackend *backend,
-                 CryptoDevBackendOpInfo *op_info)
-{
-    int ret;
-
-    if (!throttle_enabled(&backend->tc)) {
-        goto do_account;
-    }
-
-    if (throttle_schedule_timer(&backend->ts, &backend->tt, true) ||
-        !QTAILQ_EMPTY(&backend->opinfos)) {
-        QTAILQ_INSERT_TAIL(&backend->opinfos, op_info, next);
-        return 0;
-    }
-
-do_account:
-    ret = cryptodev_backend_account(backend, op_info);
-    if (ret < 0) {
-        return ret;
-    }
-
-    throttle_account(&backend->ts, true, ret);
-
-    return cryptodev_backend_operation(backend, op_info);
+    return cryptodev_backend_operation(backend, op_info, queue_index,
+                                       cb, opaque2);
 }
 
 static void
@@ -306,111 +169,15 @@ cryptodev_backend_set_queues(Object *obj, Visitor *v, const char *name,
     backend->conf.peers.queues = value;
 }
 
-static void cryptodev_backend_set_throttle(CryptoDevBackend *backend, int field,
-                                           uint64_t value, Error **errp)
-{
-    uint64_t orig = backend->tc.buckets[field].avg;
-    bool enabled = throttle_enabled(&backend->tc);
-
-    if (orig == value) {
-        return;
-    }
-
-    backend->tc.buckets[field].avg = value;
-    if (!throttle_enabled(&backend->tc)) {
-        throttle_timers_destroy(&backend->tt);
-        cryptodev_backend_throttle_timer_cb(backend); /* drain opinfos */
-        return;
-    }
-
-    if (!throttle_is_valid(&backend->tc, errp)) {
-        backend->tc.buckets[field].avg = orig; /* revert change */
-        return;
-    }
-
-    if (!enabled) {
-        throttle_init(&backend->ts);
-        throttle_timers_init(&backend->tt, qemu_get_aio_context(),
-                             QEMU_CLOCK_REALTIME,
-                             cryptodev_backend_throttle_timer_cb, /* FIXME */
-                             cryptodev_backend_throttle_timer_cb, backend);
-    }
-
-    throttle_config(&backend->ts, QEMU_CLOCK_REALTIME, &backend->tc);
-}
-
-static void cryptodev_backend_get_bps(Object *obj, Visitor *v,
-                                      const char *name, void *opaque,
-                                      Error **errp)
-{
-    CryptoDevBackend *backend = CRYPTODEV_BACKEND(obj);
-    uint64_t value = backend->tc.buckets[THROTTLE_BPS_TOTAL].avg;
-
-    visit_type_uint64(v, name, &value, errp);
-}
-
-static void cryptodev_backend_set_bps(Object *obj, Visitor *v, const char *name,
-                                      void *opaque, Error **errp)
-{
-    CryptoDevBackend *backend = CRYPTODEV_BACKEND(obj);
-    uint64_t value;
-
-    if (!visit_type_uint64(v, name, &value, errp)) {
-        return;
-    }
-
-    cryptodev_backend_set_throttle(backend, THROTTLE_BPS_TOTAL, value, errp);
-}
-
-static void cryptodev_backend_get_ops(Object *obj, Visitor *v, const char *name,
-                                      void *opaque, Error **errp)
-{
-    CryptoDevBackend *backend = CRYPTODEV_BACKEND(obj);
-    uint64_t value = backend->tc.buckets[THROTTLE_OPS_TOTAL].avg;
-
-    visit_type_uint64(v, name, &value, errp);
-}
-
-static void cryptodev_backend_set_ops(Object *obj, Visitor *v,
-                                       const char *name, void *opaque,
-                                       Error **errp)
-{
-    CryptoDevBackend *backend = CRYPTODEV_BACKEND(obj);
-    uint64_t value;
-
-    if (!visit_type_uint64(v, name, &value, errp)) {
-        return;
-    }
-
-    cryptodev_backend_set_throttle(backend, THROTTLE_OPS_TOTAL, value, errp);
-}
-
 static void
 cryptodev_backend_complete(UserCreatable *uc, Error **errp)
 {
     CryptoDevBackend *backend = CRYPTODEV_BACKEND(uc);
     CryptoDevBackendClass *bc = CRYPTODEV_BACKEND_GET_CLASS(uc);
-    uint32_t services;
-    uint64_t value;
-
-    QTAILQ_INIT(&backend->opinfos);
-    value = backend->tc.buckets[THROTTLE_OPS_TOTAL].avg;
-    cryptodev_backend_set_throttle(backend, THROTTLE_OPS_TOTAL, value, errp);
-    value = backend->tc.buckets[THROTTLE_BPS_TOTAL].avg;
-    cryptodev_backend_set_throttle(backend, THROTTLE_BPS_TOTAL, value, errp);
 
     if (bc->init) {
         bc->init(backend, errp);
     }
-
-    services = backend->conf.crypto_services;
-    if (services & (1 << QCRYPTODEV_BACKEND_SERVICE_CIPHER)) {
-        backend->sym_stat = g_new0(CryptodevBackendSymStat, 1);
-    }
-
-    if (services & (1 << QCRYPTODEV_BACKEND_SERVICE_AKCIPHER)) {
-        backend->asym_stat = g_new0(CryptodevBackendAsymStat, 1);
-    }
 }
 
 void cryptodev_backend_set_used(CryptoDevBackend *backend, bool used)
@@ -441,12 +208,8 @@ cryptodev_backend_can_be_deleted(UserCreatable *uc)
 
 static void cryptodev_backend_instance_init(Object *obj)
 {
-    CryptoDevBackend *backend = CRYPTODEV_BACKEND(obj);
-
     /* Initialize devices' queues property to 1 */
     object_property_set_int(obj, "queues", 1, NULL);
-
-    throttle_config_init(&backend->tc);
 }
 
 static void cryptodev_backend_finalize(Object *obj)
@@ -454,137 +217,6 @@ static void cryptodev_backend_finalize(Object *obj)
     CryptoDevBackend *backend = CRYPTODEV_BACKEND(obj);
 
     cryptodev_backend_cleanup(backend, NULL);
-    if (throttle_enabled(&backend->tc)) {
-        throttle_timers_destroy(&backend->tt);
-    }
-}
-
-static StatsList *cryptodev_backend_stats_add(const char *name, int64_t *val,
-                                              StatsList *stats_list)
-{
-    Stats *stats = g_new0(Stats, 1);
-
-    stats->name = g_strdup(name);
-    stats->value = g_new0(StatsValue, 1);
-    stats->value->type = QTYPE_QNUM;
-    stats->value->u.scalar = *val;
-
-    QAPI_LIST_PREPEND(stats_list, stats);
-    return stats_list;
-}
-
-static int cryptodev_backend_stats_query(Object *obj, void *data)
-{
-    StatsArgs *stats_args = data;
-    StatsResultList **stats_results = stats_args->result.stats;
-    StatsList *stats_list = NULL;
-    StatsResult *entry;
-    CryptoDevBackend *backend;
-    CryptodevBackendSymStat *sym_stat;
-    CryptodevBackendAsymStat *asym_stat;
-
-    if (!object_dynamic_cast(obj, TYPE_CRYPTODEV_BACKEND)) {
-        return 0;
-    }
-
-    backend = CRYPTODEV_BACKEND(obj);
-    sym_stat = backend->sym_stat;
-    if (sym_stat) {
-        stats_list = cryptodev_backend_stats_add(SYM_ENCRYPT_OPS_STR,
-                         &sym_stat->encrypt_ops, stats_list);
-        stats_list = cryptodev_backend_stats_add(SYM_DECRYPT_OPS_STR,
-                         &sym_stat->decrypt_ops, stats_list);
-        stats_list = cryptodev_backend_stats_add(SYM_ENCRYPT_BYTES_STR,
-                         &sym_stat->encrypt_bytes, stats_list);
-        stats_list = cryptodev_backend_stats_add(SYM_DECRYPT_BYTES_STR,
-                         &sym_stat->decrypt_bytes, stats_list);
-    }
-
-    asym_stat = backend->asym_stat;
-    if (asym_stat) {
-        stats_list = cryptodev_backend_stats_add(ASYM_ENCRYPT_OPS_STR,
-                         &asym_stat->encrypt_ops, stats_list);
-        stats_list = cryptodev_backend_stats_add(ASYM_DECRYPT_OPS_STR,
-                         &asym_stat->decrypt_ops, stats_list);
-        stats_list = cryptodev_backend_stats_add(ASYM_SIGN_OPS_STR,
-                         &asym_stat->sign_ops, stats_list);
-        stats_list = cryptodev_backend_stats_add(ASYM_VERIFY_OPS_STR,
-                         &asym_stat->verify_ops, stats_list);
-        stats_list = cryptodev_backend_stats_add(ASYM_ENCRYPT_BYTES_STR,
-                         &asym_stat->encrypt_bytes, stats_list);
-        stats_list = cryptodev_backend_stats_add(ASYM_DECRYPT_BYTES_STR,
-                         &asym_stat->decrypt_bytes, stats_list);
-        stats_list = cryptodev_backend_stats_add(ASYM_SIGN_BYTES_STR,
-                         &asym_stat->sign_bytes, stats_list);
-        stats_list = cryptodev_backend_stats_add(ASYM_VERIFY_BYTES_STR,
-                         &asym_stat->verify_bytes, stats_list);
-    }
-
-    entry = g_new0(StatsResult, 1);
-    entry->provider = STATS_PROVIDER_CRYPTODEV;
-    entry->qom_path = g_strdup(object_get_canonical_path(obj));
-    entry->stats = stats_list;
-    QAPI_LIST_PREPEND(*stats_results, entry);
-
-    return 0;
-}
-
-static void cryptodev_backend_stats_cb(StatsResultList **result,
-                                       StatsTarget target,
-                                       strList *names, strList *targets,
-                                       Error **errp)
-{
-    switch (target) {
-    case STATS_TARGET_CRYPTODEV:
-    {
-        Object *objs = container_get(object_get_root(), "/objects");
-        StatsArgs stats_args;
-        stats_args.result.stats = result;
-        stats_args.names = names;
-        stats_args.errp = errp;
-
-        object_child_foreach(objs, cryptodev_backend_stats_query, &stats_args);
-        break;
-    }
-    default:
-        break;
-    }
-}
-
-static StatsSchemaValueList *cryptodev_backend_schemas_add(const char *name,
-                                 StatsSchemaValueList *list)
-{
-    StatsSchemaValueList *schema_entry = g_new0(StatsSchemaValueList, 1);
-
-    schema_entry->value = g_new0(StatsSchemaValue, 1);
-    schema_entry->value->type = STATS_TYPE_CUMULATIVE;
-    schema_entry->value->name = g_strdup(name);
-    schema_entry->next = list;
-
-    return schema_entry;
-}
-
-static void cryptodev_backend_schemas_cb(StatsSchemaList **result,
-                                         Error **errp)
-{
-    StatsSchemaValueList *stats_list = NULL;
-    const char *sym_stats[] = { SYM_ENCRYPT_OPS_STR, SYM_DECRYPT_OPS_STR,
-                                SYM_ENCRYPT_BYTES_STR, SYM_DECRYPT_BYTES_STR };
-    const char *asym_stats[] = { ASYM_ENCRYPT_OPS_STR, ASYM_DECRYPT_OPS_STR,
-                                 ASYM_SIGN_OPS_STR, ASYM_VERIFY_OPS_STR,
-                                 ASYM_ENCRYPT_BYTES_STR, ASYM_DECRYPT_BYTES_STR,
-                                 ASYM_SIGN_BYTES_STR, ASYM_VERIFY_BYTES_STR };
-
-    for (int i = 0; i < ARRAY_SIZE(sym_stats); i++) {
-        stats_list = cryptodev_backend_schemas_add(sym_stats[i], stats_list);
-    }
-
-    for (int i = 0; i < ARRAY_SIZE(asym_stats); i++) {
-        stats_list = cryptodev_backend_schemas_add(asym_stats[i], stats_list);
-    }
-
-    add_stats_schema(result, STATS_PROVIDER_CRYPTODEV, STATS_TARGET_CRYPTODEV,
-                     stats_list);
 }
 
 static void
@@ -600,17 +232,6 @@ cryptodev_backend_class_init(ObjectClass *oc, void *data)
                               cryptodev_backend_get_queues,
                               cryptodev_backend_set_queues,
                               NULL, NULL);
-    object_class_property_add(oc, "throttle-bps", "uint64",
-                              cryptodev_backend_get_bps,
-                              cryptodev_backend_set_bps,
-                              NULL, NULL);
-    object_class_property_add(oc, "throttle-ops", "uint64",
-                              cryptodev_backend_get_ops,
-                              cryptodev_backend_set_ops,
-                              NULL, NULL);
-
-    add_stats_callbacks(STATS_PROVIDER_CRYPTODEV, cryptodev_backend_stats_cb,
-                        cryptodev_backend_schemas_cb);
 }
 
 static const TypeInfo cryptodev_backend_info = {

backends/hostmem-epc.c

@@ -9,9 +9,9 @@
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
  */
+#include <sys/ioctl.h>
 
 #include "qemu/osdep.h"
-#include <sys/ioctl.h>
 #include "qom/object_interfaces.h"
 #include "qapi/error.h"
 #include "sysemu/hostmem.h"

backends/hostmem.c

@@ -23,12 +23,7 @@
 
 #ifdef CONFIG_NUMA
 #include <numaif.h>
-#include <numa.h>
 QEMU_BUILD_BUG_ON(HOST_MEM_POLICY_DEFAULT != MPOL_DEFAULT);
-/*
- * HOST_MEM_POLICY_PREFERRED may either translate to MPOL_PREFERRED or
- * MPOL_PREFERRED_MANY, see comments further below.
- */
 QEMU_BUILD_BUG_ON(HOST_MEM_POLICY_PREFERRED != MPOL_PREFERRED);
 QEMU_BUILD_BUG_ON(HOST_MEM_POLICY_BIND != MPOL_BIND);
 QEMU_BUILD_BUG_ON(HOST_MEM_POLICY_INTERLEAVE != MPOL_INTERLEAVE);
@@ -351,7 +346,6 @@ host_memory_backend_memory_complete(UserCreatable *uc, Error **errp)
          * before mbind(). note: MPOL_MF_STRICT is ignored on hugepages so
          * this doesn't catch hugepage case. */
         unsigned flags = MPOL_MF_STRICT | MPOL_MF_MOVE;
-        int mode = backend->policy;
 
         /* check for invalid host-nodes and policies and give more verbose
          * error messages than mbind(). */
@@ -375,18 +369,9 @@ host_memory_backend_memory_complete(UserCreatable *uc, Error **errp)
                BITS_TO_LONGS(MAX_NODES + 1) * sizeof(unsigned long));
         assert(maxnode <= MAX_NODES);
 
-#ifdef HAVE_NUMA_HAS_PREFERRED_MANY
-        if (mode == MPOL_PREFERRED && numa_has_preferred_many() > 0) {
-            /*
-             * Replace with MPOL_PREFERRED_MANY otherwise the mbind() below
-             * silently picks the first node.
-             */
-            mode = MPOL_PREFERRED_MANY;
-        }
-#endif
-
         if (maxnode &&
-            mbind(ptr, sz, mode, backend->host_nodes, maxnode + 1, flags)) {
+            mbind(ptr, sz, backend->policy, backend->host_nodes, maxnode + 1,
+                  flags)) {
             if (backend->policy != MPOL_DEFAULT || errno != ENOSYS) {
                 error_setg_errno(errp, errno,
                                  "cannot bind memory to host NUMA nodes");

backends/meson.build

@@ -1,6 +1,5 @@
 softmmu_ss.add([files(
   'cryptodev-builtin.c',
-  'cryptodev-hmp-cmds.c',
   'cryptodev.c',
   'hostmem-ram.c',
   'hostmem.c',

backends/rng.c

@@ -13,6 +13,7 @@
 #include "qemu/osdep.h"
 #include "sysemu/rng.h"
 #include "qapi/error.h"
+#include "qapi/qmp/qerror.h"
 #include "qemu/module.h"
 #include "qom/object_interfaces.h"
 

backends/tpm/tpm_emulator.c

@@ -35,6 +35,7 @@
 #include "sysemu/runstate.h"
 #include "sysemu/tpm_backend.h"
 #include "sysemu/tpm_util.h"
+#include "sysemu/runstate.h"
 #include "tpm_int.h"
 #include "tpm_ioctl.h"
 #include "migration/blocker.h"
@@ -552,7 +553,7 @@ static int tpm_emulator_prepare_data_fd(TPMEmulator *tpm_emu)
     Error *err = NULL;
     int fds[2] = { -1, -1 };
 
-    if (qemu_socketpair(AF_UNIX, SOCK_STREAM, 0, fds) < 0) {
+    if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds) < 0) {
         error_report("tpm-emulator: Failed to create socketpair");
         return -1;
     }
@@ -573,13 +574,13 @@ static int tpm_emulator_prepare_data_fd(TPMEmulator *tpm_emu)
         goto err_exit;
     }
 
-    close(fds[1]);
+    closesocket(fds[1]);
 
     return 0;
 
 err_exit:
-    close(fds[0]);
-    close(fds[1]);
+    closesocket(fds[0]);
+    closesocket(fds[1]);
     return -1;
 }
 

backends/tpm/tpm_ioctl.h

@@ -12,6 +12,8 @@
 # define __USE_LINUX_IOCTL_DEFS
 #endif
 
+#include <stdint.h>
+#include <sys/types.h>
 #ifndef _WIN32
 #include <sys/uio.h>
 #include <sys/ioctl.h>

backends/tpm/tpm_passthrough.c

@@ -259,10 +259,12 @@ tpm_passthrough_handle_device_opts(TPMPassthruState *tpm_pt, QemuOpts *opts)
     value = qemu_opt_get(opts, "cancel-path");
     if (value) {
         tpm_pt->options->cancel_path = g_strdup(value);
+        tpm_pt->options->has_cancel_path = true;
     }
 
     value = qemu_opt_get(opts, "path");
     if (value) {
+        tpm_pt->options->has_path = true;
         tpm_pt->options->path = g_strdup(value);
     }
 

backends/vhost-user.c

@@ -13,6 +13,7 @@
 
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "qapi/qmp/qerror.h"
 #include "qemu/error-report.h"
 #include "qom/object_interfaces.h"
 #include "sysemu/vhost-user-backend.h"
@@ -20,6 +21,12 @@
 #include "io/channel-command.h"
 #include "hw/virtio/virtio-bus.h"
 
+static bool
+ioeventfd_enabled(void)
+{
+    return kvm_enabled() && kvm_eventfds_enabled();
+}
+
 int
 vhost_user_backend_dev_init(VhostUserBackend *b, VirtIODevice *vdev,
                             unsigned nvqs, Error **errp)
@@ -28,6 +35,11 @@ vhost_user_backend_dev_init(VhostUserBackend *b, VirtIODevice *vdev,
 
     assert(!b->vdev && vdev);
 
+    if (!ioeventfd_enabled()) {
+        error_setg(errp, "vhost initialization failed: requires kvm");
+        return -1;
+    }
+
     if (!vhost_user_init(&b->vhost_user, &b->chr, errp)) {
         return -1;
     }

block/amend.c

@@ -26,7 +26,6 @@
  */
 
 #include "qemu/osdep.h"
-#include "block/block-io.h"
 #include "block/block_int.h"
 #include "qemu/job.h"
 #include "qemu/main-loop.h"

block/backup.c

@@ -20,8 +20,8 @@
 #include "block/blockjob_int.h"
 #include "block/block_backup.h"
 #include "block/block-copy.h"
-#include "block/dirty-bitmap.h"
 #include "qapi/error.h"
+#include "qapi/qmp/qerror.h"
 #include "qemu/cutils.h"
 #include "sysemu/block-backend.h"
 #include "qemu/bitmap.h"
@@ -269,10 +269,7 @@ static int coroutine_fn backup_run(Job *job, Error **errp)
                 return -ECANCELED;
             }
 
-            /* rdlock protects the subsequent call to bdrv_is_allocated() */
-            bdrv_graph_co_rdlock();
             ret = block_copy_reset_unallocated(s->bcs, offset, &count);
-            bdrv_graph_co_rdunlock();
             if (ret < 0) {
                 return ret;
             }

block/blkdebug.c

@@ -27,7 +27,6 @@
 #include "qapi/error.h"
 #include "qemu/cutils.h"
 #include "qemu/config-file.h"
-#include "block/block-io.h"
 #include "block/block_int.h"
 #include "block/qdict.h"
 #include "qemu/module.h"
@@ -298,7 +297,9 @@ static int read_config(BDRVBlkdebugState *s, const char *filename,
         }
     }
 
-    if (!qemu_config_parse_qdict(options, config_groups, errp)) {
+    qemu_config_parse_qdict(options, config_groups, &local_err);
+    if (local_err) {
+        error_propagate(errp, local_err);
         ret = -EINVAL;
         goto fail;
     }
@@ -626,7 +627,7 @@ static int rule_check(BlockDriverState *bs, uint64_t offset, uint64_t bytes,
     return -error;
 }
 
-static int coroutine_fn GRAPH_RDLOCK
+static int coroutine_fn
 blkdebug_co_preadv(BlockDriverState *bs, int64_t offset, int64_t bytes,
                    QEMUIOVector *qiov, BdrvRequestFlags flags)
 {
@@ -647,7 +648,7 @@ blkdebug_co_preadv(BlockDriverState *bs, int64_t offset, int64_t bytes,
     return bdrv_co_preadv(bs->file, offset, bytes, qiov, flags);
 }
 
-static int coroutine_fn GRAPH_RDLOCK
+static int coroutine_fn
 blkdebug_co_pwritev(BlockDriverState *bs, int64_t offset, int64_t bytes,
                     QEMUIOVector *qiov, BdrvRequestFlags flags)
 {
@@ -668,7 +669,7 @@ blkdebug_co_pwritev(BlockDriverState *bs, int64_t offset, int64_t bytes,
     return bdrv_co_pwritev(bs->file, offset, bytes, qiov, flags);
 }
 
-static int GRAPH_RDLOCK coroutine_fn blkdebug_co_flush(BlockDriverState *bs)
+static int coroutine_fn blkdebug_co_flush(BlockDriverState *bs)
 {
     int err = rule_check(bs, 0, 0, BLKDEBUG_IO_TYPE_FLUSH);
 
@@ -679,9 +680,9 @@ static int GRAPH_RDLOCK coroutine_fn blkdebug_co_flush(BlockDriverState *bs)
     return bdrv_co_flush(bs->file->bs);
 }
 
-static int coroutine_fn GRAPH_RDLOCK
-blkdebug_co_pwrite_zeroes(BlockDriverState *bs, int64_t offset, int64_t bytes,
-                          BdrvRequestFlags flags)
+static int coroutine_fn blkdebug_co_pwrite_zeroes(BlockDriverState *bs,
+                                                  int64_t offset, int64_t bytes,
+                                                  BdrvRequestFlags flags)
 {
     uint32_t align = MAX(bs->bl.request_alignment,
                          bs->bl.pwrite_zeroes_alignment);
@@ -712,8 +713,8 @@ blkdebug_co_pwrite_zeroes(BlockDriverState *bs, int64_t offset, int64_t bytes,
     return bdrv_co_pwrite_zeroes(bs->file, offset, bytes, flags);
 }
 
-static int coroutine_fn GRAPH_RDLOCK
-blkdebug_co_pdiscard(BlockDriverState *bs, int64_t offset, int64_t bytes)
+static int coroutine_fn blkdebug_co_pdiscard(BlockDriverState *bs,
+                                             int64_t offset, int64_t bytes)
 {
     uint32_t align = bs->bl.pdiscard_alignment;
     int err;
@@ -836,8 +837,7 @@ static void process_rule(BlockDriverState *bs, struct BlkdebugRule *rule,
     }
 }
 
-static void coroutine_fn
-blkdebug_co_debug_event(BlockDriverState *bs, BlkdebugEvent event)
+static void blkdebug_debug_event(BlockDriverState *bs, BlkdebugEvent event)
 {
     BDRVBlkdebugState *s = bs->opaque;
     struct BlkdebugRule *rule, *next;
@@ -967,10 +967,9 @@ static bool blkdebug_debug_is_suspended(BlockDriverState *bs, const char *tag)
     return false;
 }
 
-static int64_t coroutine_fn GRAPH_RDLOCK
-blkdebug_co_getlength(BlockDriverState *bs)
+static int64_t blkdebug_getlength(BlockDriverState *bs)
 {
-    return bdrv_co_getlength(bs->file->bs);
+    return bdrv_getlength(bs->file->bs);
 }
 
 static void blkdebug_refresh_filename(BlockDriverState *bs)
@@ -1077,7 +1076,7 @@ static BlockDriver bdrv_blkdebug = {
     .bdrv_reopen_prepare    = blkdebug_reopen_prepare,
     .bdrv_child_perm        = blkdebug_child_perm,
 
-    .bdrv_co_getlength      = blkdebug_co_getlength,
+    .bdrv_getlength         = blkdebug_getlength,
     .bdrv_refresh_filename  = blkdebug_refresh_filename,
     .bdrv_refresh_limits    = blkdebug_refresh_limits,
 
@@ -1088,7 +1087,7 @@ static BlockDriver bdrv_blkdebug = {
     .bdrv_co_pdiscard       = blkdebug_co_pdiscard,
     .bdrv_co_block_status   = blkdebug_co_block_status,
 
-    .bdrv_co_debug_event        = blkdebug_co_debug_event,
+    .bdrv_debug_event           = blkdebug_debug_event,
     .bdrv_debug_breakpoint      = blkdebug_debug_breakpoint,
     .bdrv_debug_remove_breakpoint
                                 = blkdebug_debug_remove_breakpoint,