Merge remote-tracking branch 'afaerber/qom-cpu' into staging

# By Andreas Färber # Via Andreas Färber * afaerber/qom-cpu: (24 commits) cpu: Turn cpu_unassigned_access() into a CPUState hook hwaddr: Make hwaddr type usable beyond softmmu cpu: Change qemu_init_vcpu() argument to CPUState cpus: Change qemu_dummy_start_vcpu() argument to CPUState cpus: Change qemu_kvm_start_vcpu() argument to CPUState cpus: Change cpu_handle_guest_debug() argument to CPUState gdbstub: Set gdb_set_stop_cpu() argument to CPUState kvm: Change kvm_cpu_exec() argument to CPUState kvm: Change kvm_handle_internal_error() argument to CPUState cpu: Turn cpu_dump_{state,statistics}() into CPUState hooks cpus: Change qemu_kvm_init_cpu_signals() argument to CPUState kvm: Change kvm_set_signal_mask() argument to CPUState cpus: Change qemu_kvm_wait_io_event() argument to CPUState cpus: Change cpu_thread_is_idle() argument to CPUState cpu: Change cpu_exit() argument to CPUState kvm: Change cpu_synchronize_state() argument to CPUState kvm: Change kvm_cpu_synchronize_state() argument to CPUState gdbstub: Simplify find_cpu() cpu: Guard cpu_{save,load}() definitions target-openrisc: Register VMStateDescription for OpenRISCCPU ...
2013-06-28 11:48:09 -05:00 · 2013-06-28 11:48:09 -05:00 · 8a9c98aedc
parent 36125631e7 c658b94f6e
commit 8a9c98aedc
99 changed files with 572 additions and 319 deletions
--- a/bsd-user/main.c
+++ b/bsd-user/main.c
@ -511,6 +511,7 @@ static void flush_windows(CPUSPARCState *env)
 void cpu_loop(CPUSPARCState *env)
 {
    CPUState *cs = CPU(sparc_env_get_cpu(env));
    int trapnr, ret, syscall_nr;
    //target_siginfo_t info;
@ -659,7 +660,7 @@ void cpu_loop(CPUSPARCState *env)
        badtrap:
 #endif
            printf ("Unhandled trap: 0x%x\n", trapnr);
-            cpu_dump_state(env, stderr, fprintf, 0);
+            cpu_dump_state(cs, stderr, fprintf, 0);
            exit (1);
        }
        process_pending_signals (env);
--- a/cpus.c
+++ b/cpus.c
@ -62,10 +62,8 @@
 static CPUArchState *next_cpu;
-static bool cpu_thread_is_idle(CPUArchState *env)
+static bool cpu_thread_is_idle(CPUState *cpu)
 {
    CPUState *cpu = ENV_GET_CPU(env);
    if (cpu->stop || cpu->queued_work_first) {
        return false;
    }
@ -84,7 +82,7 @@ static bool all_cpu_threads_idle(void)
    CPUArchState *env;
    for (env = first_cpu; env != NULL; env = env->next_cpu) {
-        if (!cpu_thread_is_idle(env)) {
+        if (!cpu_thread_is_idle(ENV_GET_CPU(env))) {
            return false;
        }
    }
@ -399,7 +397,7 @@ void hw_error(const char *fmt, ...)
    for (env = first_cpu; env != NULL; env = env->next_cpu) {
        cpu = ENV_GET_CPU(env);
        fprintf(stderr, "CPU #%d:\n", cpu->cpu_index);
-        cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU);
+        cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU);
    }
    va_end(ap);
    abort();
@ -407,10 +405,10 @@ void hw_error(const char *fmt, ...)
 void cpu_synchronize_all_states(void)
 {
-    CPUArchState *cpu;
+    CPUArchState *env;
-    for (cpu = first_cpu; cpu; cpu = cpu->next_cpu) {
+    for (env = first_cpu; env; env = env->next_cpu) {
-        cpu_synchronize_state(cpu);
+        cpu_synchronize_state(ENV_GET_CPU(env));
    }
 }
@ -461,11 +459,9 @@ static bool cpu_can_run(CPUState *cpu)
    return true;
 }
-static void cpu_handle_guest_debug(CPUArchState *env)
+static void cpu_handle_guest_debug(CPUState *cpu)
 {
-    CPUState *cpu = ENV_GET_CPU(env);
+    gdb_set_stop_cpu(cpu);
    gdb_set_stop_cpu(env);
    qemu_system_debug_request();
    cpu->stopped = true;
 }
@ -473,7 +469,7 @@ static void cpu_handle_guest_debug(CPUArchState *env)
 static void cpu_signal(int sig)
 {
    if (cpu_single_env) {
-        cpu_exit(cpu_single_env);
+        cpu_exit(ENV_GET_CPU(cpu_single_env));
    }
    exit_request = 1;
 }
@ -570,7 +566,7 @@ static void dummy_signal(int sig)
 {
 }
-static void qemu_kvm_init_cpu_signals(CPUArchState *env)
+static void qemu_kvm_init_cpu_signals(CPUState *cpu)
 {
    int r;
    sigset_t set;
@ -583,7 +579,7 @@ static void qemu_kvm_init_cpu_signals(CPUArchState *env)
    pthread_sigmask(SIG_BLOCK, NULL, &set);
    sigdelset(&set, SIG_IPI);
    sigdelset(&set, SIGBUS);
-    r = kvm_set_signal_mask(env, &set);
+    r = kvm_set_signal_mask(cpu, &set);
    if (r) {
        fprintf(stderr, "kvm_set_signal_mask: %s\n", strerror(-r));
        exit(1);
@ -605,7 +601,7 @@ static void qemu_tcg_init_cpu_signals(void)
 }
 #else /* _WIN32 */
-static void qemu_kvm_init_cpu_signals(CPUArchState *env)
+static void qemu_kvm_init_cpu_signals(CPUState *cpu)
 {
    abort();
 }
@ -719,11 +715,9 @@ static void qemu_tcg_wait_io_event(void)
    }
 }
-static void qemu_kvm_wait_io_event(CPUArchState *env)
+static void qemu_kvm_wait_io_event(CPUState *cpu)
 {
-    CPUState *cpu = ENV_GET_CPU(env);
+    while (cpu_thread_is_idle(cpu)) {
    while (cpu_thread_is_idle(env)) {
        qemu_cond_wait(cpu->halt_cond, &qemu_global_mutex);
    }
@ -733,14 +727,13 @@ static void qemu_kvm_wait_io_event(CPUArchState *env)
 static void *qemu_kvm_cpu_thread_fn(void *arg)
 {
-    CPUArchState *env = arg;
+    CPUState *cpu = arg;
    CPUState *cpu = ENV_GET_CPU(env);
    int r;
    qemu_mutex_lock(&qemu_global_mutex);
    qemu_thread_get_self(cpu->thread);
    cpu->thread_id = qemu_get_thread_id();
-    cpu_single_env = env;
+    cpu_single_env = cpu->env_ptr;
    r = kvm_init_vcpu(cpu);
    if (r < 0) {
@ -748,7 +741,7 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
        exit(1);
    }
-    qemu_kvm_init_cpu_signals(env);
+    qemu_kvm_init_cpu_signals(cpu);
    /* signal CPU creation */
    cpu->created = true;
@ -756,12 +749,12 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
    while (1) {
        if (cpu_can_run(cpu)) {
-            r = kvm_cpu_exec(env);
+            r = kvm_cpu_exec(cpu);
            if (r == EXCP_DEBUG) {
-                cpu_handle_guest_debug(env);
+                cpu_handle_guest_debug(cpu);
            }
        }
-        qemu_kvm_wait_io_event(env);
+        qemu_kvm_wait_io_event(cpu);
    }
    return NULL;
@ -773,8 +766,7 @@ static void *qemu_dummy_cpu_thread_fn(void *arg)
    fprintf(stderr, "qtest is not supported under Windows\n");
    exit(1);
 #else
-    CPUArchState *env = arg;
+    CPUState *cpu = arg;
    CPUState *cpu = ENV_GET_CPU(env);
    sigset_t waitset;
    int r;
@ -789,7 +781,7 @@ static void *qemu_dummy_cpu_thread_fn(void *arg)
    cpu->created = true;
    qemu_cond_signal(&qemu_cpu_cond);
-    cpu_single_env = env;
+    cpu_single_env = cpu->env_ptr;
    while (1) {
        cpu_single_env = NULL;
        qemu_mutex_unlock_iothread();
@ -802,7 +794,7 @@ static void *qemu_dummy_cpu_thread_fn(void *arg)
            exit(1);
        }
        qemu_mutex_lock_iothread();
-        cpu_single_env = env;
+        cpu_single_env = cpu->env_ptr;
        qemu_wait_io_event_common(cpu);
    }
@ -1037,48 +1029,41 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
    }
 }
-static void qemu_kvm_start_vcpu(CPUArchState *env)
+static void qemu_kvm_start_vcpu(CPUState *cpu)
 {
    CPUState *cpu = ENV_GET_CPU(env);
    cpu->thread = g_malloc0(sizeof(QemuThread));
    cpu->halt_cond = g_malloc0(sizeof(QemuCond));
    qemu_cond_init(cpu->halt_cond);
-    qemu_thread_create(cpu->thread, qemu_kvm_cpu_thread_fn, env,
+    qemu_thread_create(cpu->thread, qemu_kvm_cpu_thread_fn, cpu,
                       QEMU_THREAD_JOINABLE);
    while (!cpu->created) {
        qemu_cond_wait(&qemu_cpu_cond, &qemu_global_mutex);
    }
 }
-static void qemu_dummy_start_vcpu(CPUArchState *env)
+static void qemu_dummy_start_vcpu(CPUState *cpu)
 {
    CPUState *cpu = ENV_GET_CPU(env);
    cpu->thread = g_malloc0(sizeof(QemuThread));
    cpu->halt_cond = g_malloc0(sizeof(QemuCond));
    qemu_cond_init(cpu->halt_cond);
-    qemu_thread_create(cpu->thread, qemu_dummy_cpu_thread_fn, env,
+    qemu_thread_create(cpu->thread, qemu_dummy_cpu_thread_fn, cpu,
                       QEMU_THREAD_JOINABLE);
    while (!cpu->created) {
        qemu_cond_wait(&qemu_cpu_cond, &qemu_global_mutex);
    }
 }
-void qemu_init_vcpu(void *_env)
+void qemu_init_vcpu(CPUState *cpu)
 {
    CPUArchState *env = _env;
    CPUState *cpu = ENV_GET_CPU(env);
    cpu->nr_cores = smp_cores;
    cpu->nr_threads = smp_threads;
    cpu->stopped = true;
    if (kvm_enabled()) {
-        qemu_kvm_start_vcpu(env);
+        qemu_kvm_start_vcpu(cpu);
    } else if (tcg_enabled()) {
        qemu_tcg_init_vcpu(cpu);
    } else {
-        qemu_dummy_start_vcpu(env);
+        qemu_dummy_start_vcpu(cpu);
    }
 }
@ -1088,7 +1073,7 @@ void cpu_stop_current(void)
        CPUState *cpu_single_cpu = ENV_GET_CPU(cpu_single_env);
        cpu_single_cpu->stop = false;
        cpu_single_cpu->stopped = true;
-        cpu_exit(cpu_single_env);
+        cpu_exit(cpu_single_cpu);
        qemu_cond_signal(&qemu_pause_cond);
    }
 }
@ -1176,7 +1161,7 @@ static void tcg_exec_all(void)
        if (cpu_can_run(cpu)) {
            r = tcg_cpu_exec(env);
            if (r == EXCP_DEBUG) {
-                cpu_handle_guest_debug(env);
+                cpu_handle_guest_debug(cpu);
                break;
            }
        } else if (cpu->stop || cpu->stopped) {
@ -1219,7 +1204,7 @@ CpuInfoList *qmp_query_cpus(Error **errp)
        CPUState *cpu = ENV_GET_CPU(env);
        CpuInfoList *info;
-        cpu_synchronize_state(env);
+        cpu_synchronize_state(cpu);
        info = g_malloc0(sizeof(*info));
        info->value = g_malloc0(sizeof(*info->value));
--- a/cputlb.c
+++ b/cputlb.c
@ -331,12 +331,15 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr)
    pd = env1->iotlb[mmu_idx][page_index] & ~TARGET_PAGE_MASK;
    mr = iotlb_to_region(pd);
    if (memory_region_is_unassigned(mr)) {
-#if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_SPARC)
+        CPUState *cpu = ENV_GET_CPU(env1);
-        cpu_unassigned_access(env1, addr, 0, 1, 0, 4);
+        CPUClass *cc = CPU_GET_CLASS(cpu);
-#else
+
-        cpu_abort(env1, "Trying to execute code outside RAM or ROM at 0x"
+        if (cc->do_unassigned_access) {
-                  TARGET_FMT_lx "\n", addr);
+            cc->do_unassigned_access(cpu, addr, false, true, 0, 4);
-#endif
+        } else {
            cpu_abort(env1, "Trying to execute code outside RAM or ROM at 0x"
                      TARGET_FMT_lx "\n", addr);
        }
    }
    p = (void *)((uintptr_t)addr + env1->tlb_table[mmu_idx][page_index].addend);
    return qemu_ram_addr_from_host_nofail(p);
--- a/exec.c
+++ b/exec.c
@ -330,7 +330,7 @@ static int cpu_common_post_load(void *opaque, int version_id)
    return 0;
 }
-static const VMStateDescription vmstate_cpu_common = {
+const VMStateDescription vmstate_cpu_common = {
    .name = "cpu_common",
    .version_id = 1,
    .minimum_version_id = 1,
@ -342,8 +342,7 @@ static const VMStateDescription vmstate_cpu_common = {
        VMSTATE_END_OF_LIST()
    }
 };
-#else
+
 #define vmstate_cpu_common vmstate_dummy
 #endif
 CPUState *qemu_get_cpu(int index)
@ -599,16 +598,9 @@ void cpu_single_step(CPUArchState *env, int enabled)
 #endif
 }
 void cpu_exit(CPUArchState *env)
 {
    CPUState *cpu = ENV_GET_CPU(env);
    cpu->exit_request = 1;
    cpu->tcg_exit_req = 1;
 }
 void cpu_abort(CPUArchState *env, const char *fmt, ...)
 {
    CPUState *cpu = ENV_GET_CPU(env);
    va_list ap;
    va_list ap2;
@ -617,7 +609,7 @@ void cpu_abort(CPUArchState *env, const char *fmt, ...)
    fprintf(stderr, "qemu: fatal: ");
    vfprintf(stderr, fmt, ap);
    fprintf(stderr, "\n");
-    cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
+    cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
    if (qemu_log_enabled()) {
        qemu_log("qemu: fatal: ");
        qemu_log_vprintf(fmt, ap2);
--- a/gdbstub.c
+++ b/gdbstub.c
@ -2033,7 +2033,7 @@ static void gdb_breakpoint_remove_all(void)
 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
 {
-    cpu_synchronize_state(s->c_cpu);
+    cpu_synchronize_state(ENV_GET_CPU(s->c_cpu));
 #if defined(TARGET_I386)
    s->c_cpu->eip = pc;
 #elif defined (TARGET_PPC)
@ -2071,17 +2071,13 @@ static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
 static CPUArchState *find_cpu(uint32_t thread_id)
 {
    CPUArchState *env;
    CPUState *cpu;
-    for (env = first_cpu; env != NULL; env = env->next_cpu) {
+    cpu = qemu_get_cpu(thread_id);
-        cpu = ENV_GET_CPU(env);
+    if (cpu == NULL) {
-        if (cpu_index(cpu) == thread_id) {
+        return NULL;
            return env;
        }
    }
-
+    return cpu->env_ptr;
    return NULL;
 }
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
@ -2232,7 +2228,7 @@ static int gdb_handle_packet(GDBState *s, const char *line_buf)
        }
        break;
    case 'g':
-        cpu_synchronize_state(s->g_cpu);
+        cpu_synchronize_state(ENV_GET_CPU(s->g_cpu));
        env = s->g_cpu;
        len = 0;
        for (addr = 0; addr < num_g_regs; addr++) {
@ -2243,7 +2239,7 @@ static int gdb_handle_packet(GDBState *s, const char *line_buf)
        put_packet(s, buf);
        break;
    case 'G':
-        cpu_synchronize_state(s->g_cpu);
+        cpu_synchronize_state(ENV_GET_CPU(s->g_cpu));
        env = s->g_cpu;
        registers = mem_buf;
        len = strlen(p) / 2;
@ -2411,7 +2407,7 @@ static int gdb_handle_packet(GDBState *s, const char *line_buf)
            env = find_cpu(thread);
            if (env != NULL) {
                CPUState *cpu = ENV_GET_CPU(env);
-                cpu_synchronize_state(env);
+                cpu_synchronize_state(cpu);
                len = snprintf((char *)mem_buf, sizeof(mem_buf),
                               "CPU#%d [%s]", cpu->cpu_index,
                               cpu->halted ? "halted " : "running");
@ -2510,8 +2506,10 @@ static int gdb_handle_packet(GDBState *s, const char *line_buf)
    return RS_IDLE;
 }
-void gdb_set_stop_cpu(CPUArchState *env)
+void gdb_set_stop_cpu(CPUState *cpu)
 {
    CPUArchState *env = cpu->env_ptr;
    gdbserver_state->c_cpu = env;
    gdbserver_state->g_cpu = env;
 }
@ -2659,7 +2657,7 @@ void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
       is still in the running state, which can cause packets to be dropped
       and state transition 'T' packets to be sent while the syscall is still
       being processed.  */
-    cpu_exit(s->c_cpu);
+    cpu_exit(ENV_GET_CPU(s->c_cpu));
 #endif
 }
--- a/hw/alpha/typhoon.c
+++ b/hw/alpha/typhoon.c
@ -197,7 +197,8 @@ static uint64_t cchip_read(void *opaque, hwaddr addr, unsigned size)
        break;
    default:
-        cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
+        cpu = CPU(alpha_env_get_cpu(cpu_single_env));
        cpu_unassigned_access(cpu, addr, false, false, 0, size);
        return -1;
    }
@ -214,6 +215,7 @@ static uint64_t dchip_read(void *opaque, hwaddr addr, unsigned size)
 static uint64_t pchip_read(void *opaque, hwaddr addr, unsigned size)
 {
    TyphoonState *s = opaque;
    CPUState *cs;
    uint64_t ret = 0;
    if (addr & 4) {
@ -300,7 +302,8 @@ static uint64_t pchip_read(void *opaque, hwaddr addr, unsigned size)
        break;
    default:
-        cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
+        cs = CPU(alpha_env_get_cpu(cpu_single_env));
        cpu_unassigned_access(cs, addr, false, false, 0, size);
        return -1;
    }
@ -312,6 +315,7 @@ static void cchip_write(void *opaque, hwaddr addr,
                        uint64_t v32, unsigned size)
 {
    TyphoonState *s = opaque;
    CPUState *cpu_single_cpu = CPU(alpha_env_get_cpu(cpu_single_env));
    uint64_t val, oldval, newval;
    if (addr & 4) {
@ -461,7 +465,7 @@ static void cchip_write(void *opaque, hwaddr addr,
        break;
    default:
-        cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
+        cpu_unassigned_access(cpu_single_cpu, addr, true, false, 0, size);
        return;
    }
 }
@ -476,6 +480,7 @@ static void pchip_write(void *opaque, hwaddr addr,
                        uint64_t v32, unsigned size)
 {
    TyphoonState *s = opaque;
    CPUState *cs;
    uint64_t val, oldval;
    if (addr & 4) {
@ -577,7 +582,8 @@ static void pchip_write(void *opaque, hwaddr addr,
        break;
    default:
-        cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
+        cs = CPU(alpha_env_get_cpu(cpu_single_env));
        cpu_unassigned_access(cs, addr, true, false, 0, size);
        return;
    }
 }
--- a/hw/i386/kvm/apic.c
+++ b/hw/i386/kvm/apic.c
@ -129,7 +129,7 @@ static void do_inject_external_nmi(void *data)
    uint32_t lvt;
    int ret;
-    cpu_synchronize_state(&s->cpu->env);
+    cpu_synchronize_state(cpu);
    lvt = s->lvt[APIC_LVT_LINT1];
    if (!(lvt & APIC_LVT_MASKED) && ((lvt >> 8) & 7) == APIC_DM_NMI) {
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@ -456,7 +456,7 @@ void vapic_report_tpr_access(DeviceState *dev, CPUState *cs, target_ulong ip,
    X86CPU *cpu = X86_CPU(cs);
    CPUX86State *env = &cpu->env;
-    cpu_synchronize_state(env);
+    cpu_synchronize_state(cs);
    if (evaluate_tpr_instruction(s, env, &ip, access) < 0) {
        if (s->state == VAPIC_ACTIVE) {
@ -627,7 +627,7 @@ static void vapic_write(void *opaque, hwaddr addr, uint64_t data,
    hwaddr rom_paddr;
    VAPICROMState *s = opaque;
-    cpu_synchronize_state(env);
+    cpu_synchronize_state(CPU(x86_env_get_cpu(env)));
    /*
     * The VAPIC supports two PIO-based hypercalls, both via port 0x7E.
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@ -1109,7 +1109,7 @@ static void cpu_request_exit(void *opaque, int irq, int level)
    CPUX86State *env = cpu_single_env;
    if (env && level) {
-        cpu_exit(env);
+        cpu_exit(CPU(x86_env_get_cpu(env)));
    }
 }
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@ -253,7 +253,7 @@ static void cpu_request_exit(void *opaque, int irq, int level)
    CPUMIPSState *env = cpu_single_env;
    if (env && level) {
-        cpu_exit(env);
+        cpu_exit(CPU(mips_env_get_cpu(env)));
    }
 }
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips_jazz.c
@ -102,7 +102,7 @@ static void cpu_request_exit(void *opaque, int irq, int level)
    CPUMIPSState *env = cpu_single_env;
    if (env && level) {
-        cpu_exit(env);
+        cpu_exit(CPU(mips_env_get_cpu(env)));
    }
 }
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@ -773,7 +773,7 @@ static void cpu_request_exit(void *opaque, int irq, int level)
    CPUMIPSState *env = cpu_single_env;
    if (env && level) {
-        cpu_exit(env);
+        cpu_exit(CPU(mips_env_get_cpu(env)));
    }
 }
--- a/hw/misc/vmport.c
+++ b/hw/misc/vmport.c
@ -66,7 +66,7 @@ static uint64_t vmport_ioport_read(void *opaque, hwaddr addr,
    unsigned char command;
    uint32_t eax;
-    cpu_synchronize_state(env);
+    cpu_synchronize_state(CPU(x86_env_get_cpu(env)));
    eax = env->regs[R_EAX];
    if (eax != VMPORT_MAGIC)
--- a/hw/ppc/ppce500_spin.c
+++ b/hw/ppc/ppce500_spin.c
@ -98,7 +98,7 @@ static void spin_kick(void *data)
    hwaddr map_size = 64 * 1024 * 1024;
    hwaddr map_start;
-    cpu_synchronize_state(env);
+    cpu_synchronize_state(cpu);
    stl_p(&curspin->pir, env->spr[SPR_PIR]);
    env->nip = ldq_p(&curspin->addr) & (map_size - 1);
    env->gpr[3] = ldq_p(&curspin->r3);
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@ -420,7 +420,7 @@ static void cpu_request_exit(void *opaque, int irq, int level)
    CPUPPCState *env = cpu_single_env;
    if (env && level) {
-        cpu_exit(env);
+        cpu_exit(CPU(ppc_env_get_cpu(env)));
    }
 }
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@ -184,7 +184,7 @@ static void rtas_start_cpu(sPAPREnvironment *spapr,
        /* This will make sure qemu state is up to date with kvm, and
         * mark it dirty so our changes get flushed back before the
         * new cpu enters */
-        kvm_cpu_synchronize_state(env);
+        kvm_cpu_synchronize_state(cs);
        env->msr = (1ULL << MSR_SF) | (1ULL << MSR_ME);
        env->nip = start;
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@ -355,16 +355,6 @@ int page_check_range(target_ulong start, target_ulong len, int flags);
 CPUArchState *cpu_copy(CPUArchState *env);
 #define CPU_DUMP_CODE 0x00010000
 #define CPU_DUMP_FPU 0x00020000 /* dump FPU register state, not just integer */
 /* dump info about TCG QEMU's condition code optimization state */
 #define CPU_DUMP_CCOP 0x00040000
 void cpu_dump_state(CPUArchState *env, FILE *f, fprintf_function cpu_fprintf,
                    int flags);
 void cpu_dump_statistics(CPUArchState *env, FILE *f, fprintf_function cpu_fprintf,
                         int flags);
 void QEMU_NORETURN cpu_abort(CPUArchState *env, const char *fmt, ...)
    GCC_FMT_ATTR(2, 3);
 extern CPUArchState *first_cpu;
@ -421,8 +411,6 @@ DECLARE_TLS(CPUArchState *,cpu_single_env);
     | CPU_INTERRUPT_TGT_EXT_3   \
     | CPU_INTERRUPT_TGT_EXT_4)
 void cpu_exit(CPUArchState *s);
 /* Breakpoint/watchpoint flags */
 #define BP_MEM_READ           0x01
 #define BP_MEM_WRITE          0x02
--- a/include/exec/cpu-common.h
+++ b/include/exec/cpu-common.h
@ -3,7 +3,9 @@
 /* CPU interfaces that are target independent.  */
 #ifndef CONFIG_USER_ONLY
 #include "exec/hwaddr.h"
 #endif
 #ifndef NEED_CPU_H
 #include "exec/poison.h"
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@ -28,7 +28,9 @@
 #include <inttypes.h>
 #include "qemu/osdep.h"
 #include "qemu/queue.h"
 #ifndef CONFIG_USER_ONLY
 #include "exec/hwaddr.h"
 #endif
 #ifndef TARGET_LONG_BITS
 #error TARGET_LONG_BITS must be defined before including this header
--- a/include/exec/gdbstub.h
+++ b/include/exec/gdbstub.h
@ -16,7 +16,7 @@ typedef void (*gdb_syscall_complete_cb)(CPUArchState *env,
 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...);
 int use_gdb_syscalls(void);
-void gdb_set_stop_cpu(CPUArchState *env);
+void gdb_set_stop_cpu(CPUState *cpu);
 void gdb_exit(CPUArchState *, int);
 #ifdef CONFIG_USER_ONLY
 int gdb_queuesig (void);
--- a/include/exec/hwaddr.h
+++ b/include/exec/hwaddr.h
@ -3,8 +3,6 @@
 #ifndef HWADDR_H
 #define HWADDR_H
 #ifndef CONFIG_USER_ONLY
 #define HWADDR_BITS 64
 /* hwaddr is the type of a physical address (its size can
   be different from 'target_ulong').  */
@ -20,5 +18,3 @@ typedef uint64_t hwaddr;
 #define HWADDR_PRIX PRIX64
 #endif
 #endif
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@ -20,7 +20,9 @@
 #include <stdbool.h>
 #include "qemu-common.h"
 #include "exec/cpu-common.h"
 #ifndef CONFIG_USER_ONLY
 #include "exec/hwaddr.h"
 #endif
 #include "qemu/queue.h"
 #include "exec/iorange.h"
 #include "exec/ioport.h"
--- a/include/qemu-common.h
+++ b/include/qemu-common.h
@ -279,8 +279,10 @@ bool tcg_enabled(void);
 void cpu_exec_init_all(void);
 /* CPU save/load.  */
 #ifdef CPU_SAVE_VERSION
 void cpu_save(QEMUFile *f, void *opaque);
 int cpu_load(QEMUFile *f, void *opaque, int version_id);
 #endif
 /* Unblock cpu */
 void qemu_cpu_kick_self(void);
@ -293,14 +295,6 @@ struct qemu_work_item {
    int done;
 };
 #ifdef CONFIG_USER_ONLY
 static inline void qemu_init_vcpu(void *env)
 {
 }
 #else
 void qemu_init_vcpu(void *env);
 #endif
 /**
 * Sends a (part of) iovec down a socket, yielding when the socket is full, or
--- a/include/qemu/log.h
+++ b/include/qemu/log.h
@ -75,7 +75,7 @@ void GCC_FMT_ATTR(2, 3) qemu_log_mask(int mask, const char *fmt, ...);
 static inline void log_cpu_state(CPUArchState *env1, int flags)
 {
    if (qemu_log_enabled()) {
-        cpu_dump_state(env1, qemu_logfile, fprintf, flags);
+        cpu_dump_state(ENV_GET_CPU(env1), qemu_logfile, fprintf, flags);
    }
 }
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@ -22,6 +22,7 @@
 #include <signal.h>
 #include "hw/qdev-core.h"
 #include "exec/hwaddr.h"
 #include "qemu/thread.h"
 #include "qemu/typedefs.h"
@ -42,12 +43,19 @@ typedef int (*WriteCoreDumpFunction)(void *buf, size_t size, void *opaque);
 typedef struct CPUState CPUState;
 typedef void (*CPUUnassignedAccess)(CPUState *cpu, hwaddr addr,
                                    bool is_write, bool is_exec, int opaque,
                                    unsigned size);
 /**
 * CPUClass:
 * @class_by_name: Callback to map -cpu command line model name to an
 * instantiatable CPU type.
 * @reset: Callback to reset the #CPUState to its initial state.
 * @do_interrupt: Callback for interrupt handling.
 * @do_unassigned_access: Callback for unassigned access handling.
 * @dump_state: Callback for dumping state.
 * @dump_statistics: Callback for dumping statistics.
 * @get_arch_id: Callback for getting architecture-dependent CPU ID.
 * @get_paging_enabled: Callback for inquiring whether paging is enabled.
 * @get_memory_mapping: Callback for obtaining the memory mappings.
@ -64,6 +72,11 @@ typedef struct CPUClass {
    void (*reset)(CPUState *cpu);
    void (*do_interrupt)(CPUState *cpu);
    CPUUnassignedAccess do_unassigned_access;
    void (*dump_state)(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
                       int flags);
    void (*dump_statistics)(CPUState *cpu, FILE *f,
                            fprintf_function cpu_fprintf, int flags);
    int64_t (*get_arch_id)(CPUState *cpu);
    bool (*get_paging_enabled)(const CPUState *cpu);
    void (*get_memory_mapping)(CPUState *cpu, MemoryMappingList *list,
@ -200,6 +213,42 @@ int cpu_write_elf32_note(WriteCoreDumpFunction f, CPUState *cpu,
 int cpu_write_elf32_qemunote(WriteCoreDumpFunction f, CPUState *cpu,
                             void *opaque);
 /**
 * CPUDumpFlags:
 * @CPU_DUMP_CODE:
 * @CPU_DUMP_FPU: dump FPU register state, not just integer
 * @CPU_DUMP_CCOP: dump info about TCG QEMU's condition code optimization state
 */
 enum CPUDumpFlags {
    CPU_DUMP_CODE = 0x00010000,
    CPU_DUMP_FPU  = 0x00020000,
    CPU_DUMP_CCOP = 0x00040000,
 };
 /**
 * cpu_dump_state:
 * @cpu: The CPU whose state is to be dumped.
 * @f: File to dump to.
 * @cpu_fprintf: Function to dump with.
 * @flags: Flags what to dump.
 *
 * Dumps CPU state.
 */
 void cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
                    int flags);
 /**
 * cpu_dump_statistics:
 * @cpu: The CPU whose state is to be dumped.
 * @f: File to dump to.
 * @cpu_fprintf: Function to dump with.
 * @flags: Flags what to dump.
 *
 * Dumps CPU statistics.
 */
 void cpu_dump_statistics(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
                         int flags);
 /**
 * cpu_reset:
 * @cpu: The CPU whose state is to be reset.
@ -226,7 +275,7 @@ ObjectClass *cpu_class_by_name(const char *typename, const char *cpu_model);
 *
 * The @value argument is intentionally discarded for the non-softmmu targets
 * to avoid linker errors or excessive preprocessor usage. If this behavior
- * is undesired, you should assign #CPUState.vmsd directly instead.
+ * is undesired, you should assign #CPUClass.vmsd directly instead.
 */
 #ifndef CONFIG_USER_ONLY
 static inline void cpu_class_set_vmsd(CPUClass *cc,
@ -238,6 +287,38 @@ static inline void cpu_class_set_vmsd(CPUClass *cc,
 #define cpu_class_set_vmsd(cc, value) ((cc)->vmsd = NULL)
 #endif
 #ifndef CONFIG_USER_ONLY
 static inline void cpu_class_set_do_unassigned_access(CPUClass *cc,
                                                      CPUUnassignedAccess value)
 {
    cc->do_unassigned_access = value;
 }
 #else
 #define cpu_class_set_do_unassigned_access(cc, value) \
    ((cc)->do_unassigned_access = NULL)
 #endif
 /**
 * device_class_set_vmsd:
 * @dc: Device class
 * @value: Value to set. Unused for %CONFIG_USER_ONLY.
 *
 * Sets #VMStateDescription for @dc.
 *
 * The @value argument is intentionally discarded for the non-softmmu targets
 * to avoid linker errors or excessive preprocessor usage. If this behavior
 * is undesired, you should assign #DeviceClass.vmsd directly instead.
 */
 #ifndef CONFIG_USER_ONLY
 static inline void device_class_set_vmsd(DeviceClass *dc,
                                         const struct VMStateDescription *value)
 {
    dc->vmsd = value;
 }
 #else
 #define device_class_set_vmsd(dc, value) ((dc)->vmsd = NULL)
 #endif
 /**
 * qemu_cpu_has_work:
 * @cpu: The vCPU to check.
@ -340,6 +421,21 @@ void cpu_interrupt(CPUState *cpu, int mask);
 #endif /* USER_ONLY */
 #ifndef CONFIG_USER_ONLY
 static inline void cpu_unassigned_access(CPUState *cpu, hwaddr addr,
                                         bool is_write, bool is_exec,
                                         int opaque, unsigned size)
 {
    CPUClass *cc = CPU_GET_CLASS(cpu);
    if (cc->do_unassigned_access) {
        cc->do_unassigned_access(cpu, addr, is_write, is_exec, opaque, size);
    }
 }
 #endif
 /**
 * cpu_reset_interrupt:
 * @cpu: The CPU to clear the interrupt on.
@ -349,6 +445,14 @@ void cpu_interrupt(CPUState *cpu, int mask);
 */
 void cpu_reset_interrupt(CPUState *cpu, int mask);
 /**
 * cpu_exit:
 * @cpu: The CPU to exit.
 *
 * Requests the CPU @cpu to exit execution.
 */
 void cpu_exit(CPUState *cpu);
 /**
 * cpu_resume:
 * @cpu: The CPU to resume.
@ -357,4 +461,26 @@ void cpu_reset_interrupt(CPUState *cpu, int mask);
 */
 void cpu_resume(CPUState *cpu);
 /**
 * qemu_init_vcpu:
 * @cpu: The vCPU to initialize.
 *
 * Initializes a vCPU.
 */
 void qemu_init_vcpu(CPUState *cpu);
 #ifdef CONFIG_SOFTMMU
 extern const struct VMStateDescription vmstate_cpu_common;
 #else
 #define vmstate_cpu_common vmstate_dummy
 #endif
 #define VMSTATE_CPU() {                                                     \
    .name = "parent_obj",                                                   \
    .size = sizeof(CPUState),                                               \
    .vmsd = &vmstate_cpu_common,                                            \
    .flags = VMS_STRUCT,                                                    \
    .offset = 0,                                                            \
 }
 #endif
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@ -147,9 +147,9 @@ int kvm_has_gsi_routing(void);
 int kvm_has_intx_set_mask(void);
 int kvm_init_vcpu(CPUState *cpu);
 int kvm_cpu_exec(CPUState *cpu);
 #ifdef NEED_CPU_H
 int kvm_cpu_exec(CPUArchState *env);
 #if !defined(CONFIG_USER_ONLY)
 void *kvm_ram_alloc(ram_addr_t size);
@ -166,7 +166,7 @@ int kvm_remove_breakpoint(CPUArchState *current_env, target_ulong addr,
 void kvm_remove_all_breakpoints(CPUArchState *current_env);
 int kvm_update_guest_debug(CPUArchState *env, unsigned long reinject_trap);
 #ifndef _WIN32
-int kvm_set_signal_mask(CPUArchState *env, const sigset_t *sigset);
+int kvm_set_signal_mask(CPUState *cpu, const sigset_t *sigset);
 #endif
 int kvm_on_sigbus_vcpu(CPUState *cpu, int code, void *addr);
@ -259,14 +259,14 @@ int kvm_check_extension(KVMState *s, unsigned int extension);
 uint32_t kvm_arch_get_supported_cpuid(KVMState *env, uint32_t function,
                                      uint32_t index, int reg);
-void kvm_cpu_synchronize_state(CPUArchState *env);
+void kvm_cpu_synchronize_state(CPUState *cpu);
 /* generic hooks - to be moved/refactored once there are more users */
-static inline void cpu_synchronize_state(CPUArchState *env)
+static inline void cpu_synchronize_state(CPUState *cpu)
 {
    if (kvm_enabled()) {
-        kvm_cpu_synchronize_state(env);
+        kvm_cpu_synchronize_state(cpu);
    }
 }
--- a/kvm-all.c
+++ b/kvm-all.c
@ -1525,10 +1525,8 @@ static void kvm_handle_io(uint16_t port, void *data, int direction, int size,
    }
 }
-static int kvm_handle_internal_error(CPUArchState *env, struct kvm_run *run)
+static int kvm_handle_internal_error(CPUState *cpu, struct kvm_run *run)
 {
    CPUState *cpu = ENV_GET_CPU(env);
    fprintf(stderr, "KVM internal error.");
    if (kvm_check_extension(kvm_state, KVM_CAP_INTERNAL_ERROR_DATA)) {
        int i;
@ -1544,7 +1542,7 @@ static int kvm_handle_internal_error(CPUArchState *env, struct kvm_run *run)
    if (run->internal.suberror == KVM_INTERNAL_ERROR_EMULATION) {
        fprintf(stderr, "emulation failure\n");
        if (!kvm_arch_stop_on_emulation_error(cpu)) {
-            cpu_dump_state(env, stderr, fprintf, CPU_DUMP_CODE);
+            cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_CODE);
            return EXCP_INTERRUPT;
        }
    }
@ -1590,10 +1588,8 @@ static void do_kvm_cpu_synchronize_state(void *arg)
    }
 }
-void kvm_cpu_synchronize_state(CPUArchState *env)
+void kvm_cpu_synchronize_state(CPUState *cpu)
 {
    CPUState *cpu = ENV_GET_CPU(env);
    if (!cpu->kvm_vcpu_dirty) {
        run_on_cpu(cpu, do_kvm_cpu_synchronize_state, cpu);
    }
@ -1611,9 +1607,8 @@ void kvm_cpu_synchronize_post_init(CPUState *cpu)
    cpu->kvm_vcpu_dirty = false;
 }
-int kvm_cpu_exec(CPUArchState *env)
+int kvm_cpu_exec(CPUState *cpu)
 {
    CPUState *cpu = ENV_GET_CPU(env);
    struct kvm_run *run = cpu->kvm_run;
    int ret, run_ret;
@ -1692,7 +1687,7 @@ int kvm_cpu_exec(CPUArchState *env)
            ret = -1;
            break;
        case KVM_EXIT_INTERNAL_ERROR:
-            ret = kvm_handle_internal_error(env, run);
+            ret = kvm_handle_internal_error(cpu, run);
            break;
        default:
            DPRINTF("kvm_arch_handle_exit\n");
@ -1702,7 +1697,7 @@ int kvm_cpu_exec(CPUArchState *env)
    } while (ret == 0);
    if (ret < 0) {
-        cpu_dump_state(env, stderr, fprintf, CPU_DUMP_CODE);
+        cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_CODE);
        vm_stop(RUN_STATE_INTERNAL_ERROR);
    }
@ -2041,9 +2036,8 @@ void kvm_remove_all_breakpoints(CPUArchState *current_env)
 }
 #endif /* !KVM_CAP_SET_GUEST_DEBUG */
-int kvm_set_signal_mask(CPUArchState *env, const sigset_t *sigset)
+int kvm_set_signal_mask(CPUState *cpu, const sigset_t *sigset)
 {
    CPUState *cpu = ENV_GET_CPU(env);
    struct kvm_signal_mask *sigmask;
    int r;
--- a/kvm-stub.c
+++ b/kvm-stub.c
@ -42,7 +42,7 @@ void kvm_flush_coalesced_mmio_buffer(void)
 {
 }
-void kvm_cpu_synchronize_state(CPUArchState *env)
+void kvm_cpu_synchronize_state(CPUState *cpu)
 {
 }
@ -54,9 +54,9 @@ void kvm_cpu_synchronize_post_init(CPUState *cpu)
 {
 }
-int kvm_cpu_exec(CPUArchState *env)
+int kvm_cpu_exec(CPUState *cpu)
 {
-    abort ();
+    abort();
 }
 int kvm_has_sync_mmu(void)
@ -100,7 +100,7 @@ void kvm_remove_all_breakpoints(CPUArchState *current_env)
 }
 #ifndef _WIN32
-int kvm_set_signal_mask(CPUArchState *env, const sigset_t *sigset)
+int kvm_set_signal_mask(CPUState *cpu, const sigset_t *sigset)
 {
    abort();
 }
--- a/linux-user/main.c
+++ b/linux-user/main.c
@ -160,7 +160,7 @@ static inline void start_exclusive(void)
        other_cpu = ENV_GET_CPU(other);
        if (other_cpu->running) {
            pending_cpus++;
-            cpu_exit(other);
+            cpu_exit(other_cpu);
        }
    }
    if (pending_cpus > 1) {
@ -901,7 +901,7 @@ void cpu_loop(CPUARMState *env)
        error:
            fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n",
                    trapnr);
-            cpu_dump_state(env, stderr, fprintf, 0);
+            cpu_dump_state(cs, stderr, fprintf, 0);
            abort();
        }
        process_pending_signals(env);
@ -985,7 +985,7 @@ void cpu_loop(CPUUniCore32State *env)
 error:
    fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
-    cpu_dump_state(env, stderr, fprintf, 0);
+    cpu_dump_state(cs, stderr, fprintf, 0);
    abort();
 }
 #endif
@ -1115,6 +1115,7 @@ static void flush_windows(CPUSPARCState *env)
 void cpu_loop (CPUSPARCState *env)
 {
    CPUState *cs = CPU(sparc_env_get_cpu(env));
    int trapnr;
    abi_long ret;
    target_siginfo_t info;
@ -1246,7 +1247,7 @@ void cpu_loop (CPUSPARCState *env)
            break;
        default:
            printf ("Unhandled trap: 0x%x\n", trapnr);
-            cpu_dump_state(env, stderr, fprintf, 0);
+            cpu_dump_state(cs, stderr, fprintf, 0);
            exit (1);
        }
        process_pending_signals (env);
@ -1304,7 +1305,7 @@ int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, uint32_t val)
 #define EXCP_DUMP(env, fmt, ...)                                        \
 do {                                                                    \
    fprintf(stderr, fmt , ## __VA_ARGS__);                              \
-    cpu_dump_state(env, stderr, fprintf, 0);                            \
+    cpu_dump_state(ENV_GET_CPU(env), stderr, fprintf, 0);               \
    qemu_log(fmt, ## __VA_ARGS__);                                      \
    if (qemu_log_enabled()) {                                           \
        log_cpu_state(env, 0);                                          \
@ -2391,7 +2392,7 @@ done_syscall:
 error:
            fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n",
                    trapnr);
-            cpu_dump_state(env, stderr, fprintf, 0);
+            cpu_dump_state(cs, stderr, fprintf, 0);
            abort();
        }
        process_pending_signals(env);
@ -2403,6 +2404,7 @@ error:
 void cpu_loop(CPUOpenRISCState *env)
 {
    CPUState *cs = CPU(openrisc_env_get_cpu(env));
    int trapnr, gdbsig;
    for (;;) {
@ -2420,7 +2422,7 @@ void cpu_loop(CPUOpenRISCState *env)
            break;
        case EXCP_DPF:
        case EXCP_IPF:
-            cpu_dump_state(env, stderr, fprintf, 0);
+            cpu_dump_state(cs, stderr, fprintf, 0);
            gdbsig = TARGET_SIGSEGV;
            break;
        case EXCP_TICK:
@ -2469,7 +2471,7 @@ void cpu_loop(CPUOpenRISCState *env)
        default:
            qemu_log("\nqemu: unhandled CPU exception %#x - aborting\n",
                     trapnr);
-            cpu_dump_state(env, stderr, fprintf, 0);
+            cpu_dump_state(cs, stderr, fprintf, 0);
            gdbsig = TARGET_SIGILL;
            break;
        }
@ -2489,6 +2491,7 @@ void cpu_loop(CPUOpenRISCState *env)
 #ifdef TARGET_SH4
 void cpu_loop(CPUSH4State *env)
 {
    CPUState *cs = CPU(sh_env_get_cpu(env));
    int trapnr, ret;
    target_siginfo_t info;
@ -2537,7 +2540,7 @@ void cpu_loop(CPUSH4State *env)
        default:
            printf ("Unhandled trap: 0x%x\n", trapnr);
-            cpu_dump_state(env, stderr, fprintf, 0);
+            cpu_dump_state(cs, stderr, fprintf, 0);
            exit (1);
        }
        process_pending_signals (env);
@ -2548,6 +2551,7 @@ void cpu_loop(CPUSH4State *env)
 #ifdef TARGET_CRIS
 void cpu_loop(CPUCRISState *env)
 {
    CPUState *cs = CPU(cris_env_get_cpu(env));
    int trapnr, ret;
    target_siginfo_t info;
@ -2595,7 +2599,7 @@ void cpu_loop(CPUCRISState *env)
            break;
        default:
            printf ("Unhandled trap: 0x%x\n", trapnr);
-            cpu_dump_state(env, stderr, fprintf, 0);
+            cpu_dump_state(cs, stderr, fprintf, 0);
            exit (1);
        }
        process_pending_signals (env);
@ -2606,6 +2610,7 @@ void cpu_loop(CPUCRISState *env)
 #ifdef TARGET_MICROBLAZE
 void cpu_loop(CPUMBState *env)
 {
    CPUState *cs = CPU(mb_env_get_cpu(env));
    int trapnr, ret;
    target_siginfo_t info;
@ -2673,7 +2678,7 @@ void cpu_loop(CPUMBState *env)
                default:
                    printf ("Unhandled hw-exception: 0x%x\n",
                            env->sregs[SR_ESR] & ESR_EC_MASK);
-                    cpu_dump_state(env, stderr, fprintf, 0);
+                    cpu_dump_state(cs, stderr, fprintf, 0);
                    exit (1);
                    break;
            }
@ -2694,7 +2699,7 @@ void cpu_loop(CPUMBState *env)
            break;
        default:
            printf ("Unhandled trap: 0x%x\n", trapnr);
-            cpu_dump_state(env, stderr, fprintf, 0);
+            cpu_dump_state(cs, stderr, fprintf, 0);
            exit (1);
        }
        process_pending_signals (env);
@ -2706,6 +2711,7 @@ void cpu_loop(CPUMBState *env)
 void cpu_loop(CPUM68KState *env)
 {
    CPUState *cs = CPU(m68k_env_get_cpu(env));
    int trapnr;
    unsigned int n;
    target_siginfo_t info;
@ -2787,7 +2793,7 @@ void cpu_loop(CPUM68KState *env)
        default:
            fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n",
                    trapnr);
-            cpu_dump_state(env, stderr, fprintf, 0);
+            cpu_dump_state(cs, stderr, fprintf, 0);
            abort();
        }
        process_pending_signals(env);
@ -2843,6 +2849,7 @@ static void do_store_exclusive(CPUAlphaState *env, int reg, int quad)
 void cpu_loop(CPUAlphaState *env)
 {
    CPUState *cs = CPU(alpha_env_get_cpu(env));
    int trapnr;
    target_siginfo_t info;
    abi_long sysret;
@ -3017,7 +3024,7 @@ void cpu_loop(CPUAlphaState *env)
            break;
        default:
            printf ("Unhandled trap: 0x%x\n", trapnr);
-            cpu_dump_state(env, stderr, fprintf, 0);
+            cpu_dump_state(cs, stderr, fprintf, 0);
            exit (1);
        }
        process_pending_signals (env);
@ -3028,6 +3035,7 @@ void cpu_loop(CPUAlphaState *env)
 #ifdef TARGET_S390X
 void cpu_loop(CPUS390XState *env)
 {
    CPUState *cs = CPU(s390_env_get_cpu(env));
    int trapnr, n, sig;
    target_siginfo_t info;
    target_ulong addr;
@ -3118,7 +3126,7 @@ void cpu_loop(CPUS390XState *env)
            default:
                fprintf(stderr, "Unhandled program exception: %#x\n", n);
-                cpu_dump_state(env, stderr, fprintf, 0);
+                cpu_dump_state(cs, stderr, fprintf, 0);
                exit(1);
            }
            break;
@ -3135,7 +3143,7 @@ void cpu_loop(CPUS390XState *env)
        default:
            fprintf(stderr, "Unhandled trap: 0x%x\n", trapnr);
-            cpu_dump_state(env, stderr, fprintf, 0);
+            cpu_dump_state(cs, stderr, fprintf, 0);
            exit(1);
        }
        process_pending_signals (env);
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@ -524,7 +524,7 @@ static void host_signal_handler(int host_signum, siginfo_t *info,
    host_to_target_siginfo_noswap(&tinfo, info);
    if (queue_signal(thread_env, sig, &tinfo) == 1) {
        /* interrupt the virtual CPU as soon as possible */
-        cpu_exit(thread_env);
+        cpu_exit(ENV_GET_CPU(thread_env));
    }
 }
--- a/memory.c
+++ b/memory.c
@ -855,9 +855,10 @@ static uint64_t unassigned_mem_read(void *opaque, hwaddr addr,
 #ifdef DEBUG_UNASSIGNED
    printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
 #endif
-#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
+    if (cpu_single_env != NULL) {
-    cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
+        cpu_unassigned_access(ENV_GET_CPU(cpu_single_env),
-#endif
+                              addr, false, false, 0, size);
    }
    return 0;
 }
@ -867,9 +868,10 @@ static void unassigned_mem_write(void *opaque, hwaddr addr,
 #ifdef DEBUG_UNASSIGNED
    printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
 #endif
-#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
+    if (cpu_single_env != NULL) {
-    cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
+        cpu_unassigned_access(ENV_GET_CPU(cpu_single_env),
-#endif
+                              addr, true, false, 0, size);
    }
 }
 static bool unassigned_mem_accepts(void *opaque, hwaddr addr,
--- a/monitor.c
+++ b/monitor.c
@ -191,7 +191,7 @@ struct Monitor {
    QString *outbuf;
    ReadLineState *rs;
    MonitorControl *mc;
-    CPUArchState *mon_cpu;
+    CPUState *mon_cpu;
    BlockDriverCompletionFunc *password_completion_cb;
    void *password_opaque;
    QError *error;
@ -900,7 +900,7 @@ int monitor_set_cpu(int cpu_index)
    if (cpu == NULL) {
        return -1;
    }
-    cur_mon->mon_cpu = cpu->env_ptr;
+    cur_mon->mon_cpu = cpu;
    return 0;
 }
@ -910,7 +910,7 @@ static CPUArchState *mon_get_cpu(void)
        monitor_set_cpu(0);
    }
    cpu_synchronize_state(cur_mon->mon_cpu);
-    return cur_mon->mon_cpu;
+    return cur_mon->mon_cpu->env_ptr;
 }
 int monitor_get_cpu_index(void)
@ -921,9 +921,11 @@ int monitor_get_cpu_index(void)
 static void do_info_registers(Monitor *mon, const QDict *qdict)
 {
    CPUState *cpu;
    CPUArchState *env;
    env = mon_get_cpu();
-    cpu_dump_state(env, (FILE *)mon, monitor_fprintf, CPU_DUMP_FPU);
+    cpu = ENV_GET_CPU(env);
    cpu_dump_state(cpu, (FILE *)mon, monitor_fprintf, CPU_DUMP_FPU);
 }
 static void do_info_jit(Monitor *mon, const QDict *qdict)
@ -948,16 +950,15 @@ static void do_info_history(Monitor *mon, const QDict *qdict)
    }
 }
 #if defined(TARGET_PPC)
 /* XXX: not implemented in other targets */
 static void do_info_cpu_stats(Monitor *mon, const QDict *qdict)
 {
    CPUState *cpu;
    CPUArchState *env;
    env = mon_get_cpu();
-    cpu_dump_statistics(env, (FILE *)mon, &monitor_fprintf, 0);
+    cpu = ENV_GET_CPU(env);
    cpu_dump_statistics(cpu, (FILE *)mon, &monitor_fprintf, 0);
 }
 #endif
 static void do_trace_print_events(Monitor *mon, const QDict *qdict)
 {
@ -2678,7 +2679,6 @@ static mon_cmd_t info_cmds[] = {
        .help       = "show the current VM UUID",
        .mhandler.cmd = hmp_info_uuid,
    },
 #if defined(TARGET_PPC)
    {
        .name       = "cpustats",
        .args_type  = "",
@ -2686,7 +2686,6 @@ static mon_cmd_t info_cmds[] = {
        .help       = "show CPU statistics",
        .mhandler.cmd = do_info_cpu_stats,
    },
 #endif
 #if defined(CONFIG_SLIRP)
    {
        .name       = "usernet",
--- a/qom/cpu.c
+++ b/qom/cpu.c
@ -18,8 +18,8 @@
 * <http://www.gnu.org/licenses/gpl-2.0.html>
 */
 #include "qom/cpu.h"
 #include "qemu-common.h"
 #include "qom/cpu.h"
 #include "sysemu/kvm.h"
 #include "qemu/notify.h"
 #include "sysemu/sysemu.h"
@ -91,6 +91,12 @@ void cpu_reset_interrupt(CPUState *cpu, int mask)
    cpu->interrupt_request &= ~mask;
 }
 void cpu_exit(CPUState *cpu)
 {
    cpu->exit_request = 1;
    cpu->tcg_exit_req = 1;
 }
 int cpu_write_elf32_qemunote(WriteCoreDumpFunction f, CPUState *cpu,
                             void *opaque)
 {
@ -150,6 +156,26 @@ static int cpu_common_write_elf64_note(WriteCoreDumpFunction f,
 }
 void cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
                    int flags)
 {
    CPUClass *cc = CPU_GET_CLASS(cpu);
    if (cc->dump_state) {
        cc->dump_state(cpu, f, cpu_fprintf, flags);
    }
 }
 void cpu_dump_statistics(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
                         int flags)
 {
    CPUClass *cc = CPU_GET_CLASS(cpu);
    if (cc->dump_statistics) {
        cc->dump_statistics(cpu, f, cpu_fprintf, flags);
    }
 }
 void cpu_reset(CPUState *cpu)
 {
    CPUClass *klass = CPU_GET_CLASS(cpu);
@ -183,6 +209,8 @@ static void cpu_common_realizefn(DeviceState *dev, Error **errp)
 {
    CPUState *cpu = CPU(dev);
    qemu_init_vcpu(cpu);
    if (dev->hotplugged) {
        cpu_synchronize_post_init(cpu);
        notifier_list_notify(&cpu_added_notifiers, dev);
--- a/stubs/cpus.c
+++ b/stubs/cpus.c
@ -1,5 +1,10 @@
 #include "qemu-common.h"
 #include "qom/cpu.h"
 void cpu_resume(CPUState *cpu)
 {
 }
 void qemu_init_vcpu(CPUState *cpu)
 {
 }
--- a/target-alpha/cpu-qom.h
+++ b/target-alpha/cpu-qom.h
@ -74,6 +74,12 @@ static inline AlphaCPU *alpha_env_get_cpu(CPUAlphaState *env)
 #define ENV_OFFSET offsetof(AlphaCPU, env)
 #ifndef CONFIG_USER_ONLY
 extern const struct VMStateDescription vmstate_alpha_cpu;
 #endif
 void alpha_cpu_do_interrupt(CPUState *cpu);
 void alpha_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
                          int flags);
 #endif
--- a/target-alpha/cpu.c
+++ b/target-alpha/cpu.c
@ -21,15 +21,13 @@
 #include "cpu.h"
 #include "qemu-common.h"
 #include "migration/vmstate.h"
 static void alpha_cpu_realizefn(DeviceState *dev, Error **errp)
 {
    AlphaCPU *cpu = ALPHA_CPU(dev);
    AlphaCPUClass *acc = ALPHA_CPU_GET_CLASS(dev);
    qemu_init_vcpu(&cpu->env);
    acc->parent_realize(dev, errp);
 }
@ -264,6 +262,9 @@ static void alpha_cpu_class_init(ObjectClass *oc, void *data)
    cc->class_by_name = alpha_cpu_class_by_name;
    cc->do_interrupt = alpha_cpu_do_interrupt;
    cc->dump_state = alpha_cpu_dump_state;
    cpu_class_set_do_unassigned_access(cc, alpha_cpu_unassigned_access);
    device_class_set_vmsd(dc, &vmstate_alpha_cpu);
 }
 static const TypeInfo alpha_cpu_type_info = {
--- a/target-alpha/cpu.h
+++ b/target-alpha/cpu.h
@ -457,9 +457,9 @@ uint64_t cpu_alpha_load_fpcr (CPUAlphaState *env);
 void cpu_alpha_store_fpcr (CPUAlphaState *env, uint64_t val);
 #ifndef CONFIG_USER_ONLY
 void swap_shadow_regs(CPUAlphaState *env);
-QEMU_NORETURN void cpu_unassigned_access(CPUAlphaState *env1,
+QEMU_NORETURN void alpha_cpu_unassigned_access(CPUState *cpu, hwaddr addr,
-                                         hwaddr addr, int is_write,
+                                               bool is_write, bool is_exec,
-                                         int is_exec, int unused, int size);
+                                               int unused, unsigned size);
 #endif
 /* Bits in TB->FLAGS that control how translation is processed.  */
--- a/target-alpha/helper.c
+++ b/target-alpha/helper.c
@ -464,8 +464,8 @@ void alpha_cpu_do_interrupt(CPUState *cs)
 #endif /* !USER_ONLY */
 }
-void cpu_dump_state (CPUAlphaState *env, FILE *f, fprintf_function cpu_fprintf,
+void alpha_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
-                     int flags)
+                          int flags)
 {
    static const char *linux_reg_names[] = {
        "v0 ", "t0 ", "t1 ", "t2 ", "t3 ", "t4 ", "t5 ", "t6 ",
@ -473,6 +473,8 @@ void cpu_dump_state (CPUAlphaState *env, FILE *f, fprintf_function cpu_fprintf,
        "a0 ", "a1 ", "a2 ", "a3 ", "a4 ", "a5 ", "t8 ", "t9 ",
        "t10", "t11", "ra ", "t12", "at ", "gp ", "sp ", "zero",
    };
    AlphaCPU *cpu = ALPHA_CPU(cs);
    CPUAlphaState *env = &cpu->env;
    int i;
    cpu_fprintf(f, "     PC  " TARGET_FMT_lx "      PS  %02x\n",
--- a/target-alpha/machine.c
+++ b/target-alpha/machine.c
@ -20,7 +20,7 @@ static const VMStateInfo vmstate_fpcr = {
    .put = put_fpcr,
 };
-static VMStateField vmstate_cpu_fields[] = {
+static VMStateField vmstate_env_fields[] = {
    VMSTATE_UINTTL_ARRAY(ir, CPUAlphaState, 31),
    VMSTATE_UINTTL_ARRAY(fir, CPUAlphaState, 31),
    /* Save the architecture value of the fpcr, not the internally
@ -68,20 +68,24 @@ static VMStateField vmstate_cpu_fields[] = {
    VMSTATE_END_OF_LIST()
 };
-static const VMStateDescription vmstate_cpu = {
+static const VMStateDescription vmstate_env = {
    .name = "env",
    .version_id = 1,
    .minimum_version_id = 1,
    .minimum_version_id_old = 1,
    .fields = vmstate_env_fields,
 };
 static VMStateField vmstate_cpu_fields[] = {
    VMSTATE_CPU(),
    VMSTATE_STRUCT(env, AlphaCPU, 1, vmstate_env, CPUAlphaState),
    VMSTATE_END_OF_LIST()
 };
 const VMStateDescription vmstate_alpha_cpu = {
    .name = "cpu",
    .version_id = 1,
    .minimum_version_id = 1,
    .minimum_version_id_old = 1,
    .fields = vmstate_cpu_fields,
 };
 void cpu_save(QEMUFile *f, void *opaque)
 {
    vmstate_save_state(f, &vmstate_cpu, opaque);
 }
 int cpu_load(QEMUFile *f, void *opaque, int version_id)
 {
    return vmstate_load_state(f, &vmstate_cpu, opaque, version_id);
 }
--- a/target-alpha/mem_helper.c
+++ b/target-alpha/mem_helper.c
@ -109,11 +109,15 @@ static void do_unaligned_access(CPUAlphaState *env, target_ulong addr,
    cpu_loop_exit(env);
 }
-void cpu_unassigned_access(CPUAlphaState *env, hwaddr addr,
+void alpha_cpu_unassigned_access(CPUState *cs, hwaddr addr,
-                           int is_write, int is_exec, int unused, int size)
+                                 bool is_write, bool is_exec, int unused,
                                 unsigned size)
 {
    AlphaCPU *cpu = ALPHA_CPU(cs);
    CPUAlphaState *env = &cpu->env;
    env->trap_arg0 = addr;
-    env->trap_arg1 = is_write;
+    env->trap_arg1 = is_write ? 1 : 0;
    dynamic_excp(env, 0, EXCP_MCHK, 0);
 }
--- a/target-arm/arm-semi.c
+++ b/target-arm/arm-semi.c
@ -178,6 +178,7 @@ static void arm_semi_flen_cb(CPUARMState *env, target_ulong ret, target_ulong er
 #define SET_ARG(n, val) put_user_ual(val, args + (n) * 4)
 uint32_t do_arm_semihosting(CPUARMState *env)
 {
    ARMCPU *cpu = arm_env_get_cpu(env);
    target_ulong args;
    target_ulong arg0, arg1, arg2, arg3;
    char * s;
@ -549,7 +550,7 @@ uint32_t do_arm_semihosting(CPUARMState *env)
        exit(0);
    default:
        fprintf(stderr, "qemu: Unsupported SemiHosting SWI 0x%02x\n", nr);
-        cpu_dump_state(env, stderr, fprintf, 0);
+        cpu_dump_state(CPU(cpu), stderr, fprintf, 0);
        abort();
    }
 }
--- a/target-arm/cpu-qom.h
+++ b/target-arm/cpu-qom.h
@ -144,4 +144,7 @@ void init_cpreg_list(ARMCPU *cpu);
 void arm_cpu_do_interrupt(CPUState *cpu);
 void arm_v7m_cpu_do_interrupt(CPUState *cpu);
 void arm_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
                        int flags);
 #endif
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@ -208,7 +208,6 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
    init_cpreg_list(cpu);
    cpu_reset(CPU(cpu));
    qemu_init_vcpu(env);
    acc->parent_realize(dev, errp);
 }
@ -816,6 +815,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void *data)
    cc->class_by_name = arm_cpu_class_by_name;
    cc->do_interrupt = arm_cpu_do_interrupt;
    cc->dump_state = arm_cpu_dump_state;
    cpu_class_set_vmsd(cc, &vmstate_arm_cpu);
 }
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@ -10085,9 +10085,11 @@ static const char *cpu_mode_names[16] = {
  "???", "???", "???", "und", "???", "???", "???", "sys"
 };
-void cpu_dump_state(CPUARMState *env, FILE *f, fprintf_function cpu_fprintf,
+void arm_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
-                    int flags)
+                        int flags)
 {
    ARMCPU *cpu = ARM_CPU(cs);
    CPUARMState *env = &cpu->env;
    int i;
    uint32_t psr;
--- a/target-cris/cpu-qom.h
+++ b/target-cris/cpu-qom.h
@ -76,4 +76,7 @@ static inline CRISCPU *cris_env_get_cpu(CPUCRISState *env)
 void cris_cpu_do_interrupt(CPUState *cpu);
 void crisv10_cpu_do_interrupt(CPUState *cpu);
 void cris_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
                         int flags);
 #endif
--- a/target-cris/cpu.c
+++ b/target-cris/cpu.c
@ -139,7 +139,6 @@ static void cris_cpu_realizefn(DeviceState *dev, Error **errp)
    CRISCPUClass *ccc = CRIS_CPU_GET_CLASS(dev);
    cpu_reset(CPU(cpu));
    qemu_init_vcpu(&cpu->env);
    ccc->parent_realize(dev, errp);
 }
@ -252,6 +251,7 @@ static void cris_cpu_class_init(ObjectClass *oc, void *data)
    cc->class_by_name = cris_cpu_class_by_name;
    cc->do_interrupt = cris_cpu_do_interrupt;
    cc->dump_state = cris_cpu_dump_state;
 }
 static const TypeInfo cris_cpu_type_info = {
--- a/target-cris/helper.c
+++ b/target-cris/helper.c
@ -53,9 +53,11 @@ void crisv10_cpu_do_interrupt(CPUState *cs)
 int cpu_cris_handle_mmu_fault(CPUCRISState * env, target_ulong address, int rw,
                              int mmu_idx)
 {
    CRISCPU *cpu = cris_env_get_cpu(env);
    env->exception_index = 0xaa;
    env->pregs[PR_EDA] = address;
-    cpu_dump_state(env, stderr, fprintf, 0);
+    cpu_dump_state(CPU(cpu), stderr, fprintf, 0);
    return 1;
 }
--- a/target-cris/translate.c
+++ b/target-cris/translate.c
@ -3427,9 +3427,11 @@ void gen_intermediate_code_pc (CPUCRISState *env, struct TranslationBlock *tb)
    gen_intermediate_code_internal(env, tb, 1);
 }
-void cpu_dump_state (CPUCRISState *env, FILE *f, fprintf_function cpu_fprintf,
+void cris_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
-                     int flags)
+                         int flags)
 {
    CRISCPU *cpu = CRIS_CPU(cs);
    CPUCRISState *env = &cpu->env;
    int i;
    uint32_t srs;
--- a/target-i386/cpu-qom.h
+++ b/target-i386/cpu-qom.h
@ -101,4 +101,7 @@ int x86_cpu_write_elf32_qemunote(WriteCoreDumpFunction f, CPUState *cpu,
 void x86_cpu_get_memory_mapping(CPUState *cpu, MemoryMappingList *list,
                                Error **errp);
 void x86_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
                        int flags);
 #endif
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@ -2392,7 +2392,6 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
 #endif
    mce_init(cpu);
    qemu_init_vcpu(&cpu->env);
    x86_cpu_apic_realize(cpu, &local_err);
    if (local_err != NULL) {
@ -2526,6 +2525,7 @@ static void x86_cpu_common_class_init(ObjectClass *oc, void *data)
    cc->reset = x86_cpu_reset;
    cc->do_interrupt = x86_cpu_do_interrupt;
    cc->dump_state = x86_cpu_dump_state;
    cc->get_arch_id = x86_cpu_get_arch_id;
    cc->get_paging_enabled = x86_cpu_get_paging_enabled;
 #ifndef CONFIG_USER_ONLY
--- a/target-i386/helper.c
+++ b/target-i386/helper.c
@ -179,15 +179,16 @@ done:
 #define DUMP_CODE_BYTES_TOTAL    50
 #define DUMP_CODE_BYTES_BACKWARD 20
-void cpu_dump_state(CPUX86State *env, FILE *f, fprintf_function cpu_fprintf,
+void x86_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
-                    int flags)
+                        int flags)
 {
-    CPUState *cs = CPU(x86_env_get_cpu(env));
+    X86CPU *cpu = X86_CPU(cs);
    CPUX86State *env = &cpu->env;
    int eflags, i, nb;
    char cc_op_name[32];
    static const char *seg_name[6] = { "ES", "CS", "SS", "DS", "FS", "GS" };
-    cpu_synchronize_state(env);
+    cpu_synchronize_state(cs);
    eflags = cpu_compute_eflags(env);
 #ifdef TARGET_X86_64
@ -1116,7 +1117,7 @@ static void do_inject_x86_mce(void *data)
    CPUState *cpu = CPU(params->cpu);
    uint64_t *banks = cenv->mce_banks + 4 * params->bank;
-    cpu_synchronize_state(cenv);
+    cpu_synchronize_state(cpu);
    /*
     * If there is an MCE exception being processed, ignore this SRAO MCE
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@ -1857,7 +1857,7 @@ int kvm_arch_process_async_events(CPUState *cs)
        cs->interrupt_request &= ~CPU_INTERRUPT_MCE;
-        kvm_cpu_synchronize_state(env);
+        kvm_cpu_synchronize_state(cs);
        if (env->exception_injected == EXCP08_DBLE) {
            /* this means triple fault */
@ -1888,16 +1888,16 @@ int kvm_arch_process_async_events(CPUState *cs)
        cs->halted = 0;
    }
    if (cs->interrupt_request & CPU_INTERRUPT_INIT) {
-        kvm_cpu_synchronize_state(env);
+        kvm_cpu_synchronize_state(cs);
        do_cpu_init(cpu);
    }
    if (cs->interrupt_request & CPU_INTERRUPT_SIPI) {
-        kvm_cpu_synchronize_state(env);
+        kvm_cpu_synchronize_state(cs);
        do_cpu_sipi(cpu);
    }
    if (cs->interrupt_request & CPU_INTERRUPT_TPR) {
        cs->interrupt_request &= ~CPU_INTERRUPT_TPR;
-        kvm_cpu_synchronize_state(env);
+        kvm_cpu_synchronize_state(cs);
        apic_handle_tpr_access_report(env->apic_state, env->eip,
                                      env->tpr_access_type);
    }
@ -2079,7 +2079,7 @@ static int kvm_handle_debug(X86CPU *cpu,
        ret = EXCP_DEBUG;
    }
    if (ret == 0) {
-        cpu_synchronize_state(env);
+        cpu_synchronize_state(CPU(cpu));
        assert(env->exception_injected == -1);
        /* pass to guest */
@ -2184,7 +2184,7 @@ bool kvm_arch_stop_on_emulation_error(CPUState *cs)
    X86CPU *cpu = X86_CPU(cs);
    CPUX86State *env = &cpu->env;
-    kvm_cpu_synchronize_state(env);
+    kvm_cpu_synchronize_state(cs);
    return !(env->cr[0] & CR0_PE_MASK) ||
           ((env->segs[R_CS].selector  & 3) != 3);
 }
--- a/target-lm32/cpu-qom.h
+++ b/target-lm32/cpu-qom.h
@ -76,5 +76,7 @@ extern const struct VMStateDescription vmstate_lm32_cpu;
 #endif
 void lm32_cpu_do_interrupt(CPUState *cpu);
 void lm32_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
                         int flags);
 #endif
--- a/target-lm32/cpu.c
+++ b/target-lm32/cpu.c
@ -49,8 +49,6 @@ static void lm32_cpu_realizefn(DeviceState *dev, Error **errp)
    cpu_reset(CPU(cpu));
    qemu_init_vcpu(&cpu->env);
    lcc->parent_realize(dev, errp);
 }
@ -85,6 +83,7 @@ static void lm32_cpu_class_init(ObjectClass *oc, void *data)
    cc->reset = lm32_cpu_reset;
    cc->do_interrupt = lm32_cpu_do_interrupt;
    cc->dump_state = lm32_cpu_dump_state;
    cpu_class_set_vmsd(cc, &vmstate_lm32_cpu);
 }
--- a/target-lm32/translate.c
+++ b/target-lm32/translate.c
@ -1141,9 +1141,11 @@ void gen_intermediate_code_pc(CPULM32State *env, struct TranslationBlock *tb)
    gen_intermediate_code_internal(env, tb, 1);
 }
-void cpu_dump_state(CPULM32State *env, FILE *f, fprintf_function cpu_fprintf,
+void lm32_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
-                     int flags)
+                         int flags)
 {
    LM32CPU *cpu = LM32_CPU(cs);
    CPULM32State *env = &cpu->env;
    int i;
    if (!env || !f) {
--- a/target-m68k/cpu-qom.h
+++ b/target-m68k/cpu-qom.h
@ -71,5 +71,7 @@ static inline M68kCPU *m68k_env_get_cpu(CPUM68KState *env)
 #define ENV_OFFSET offsetof(M68kCPU, env)
 void m68k_cpu_do_interrupt(CPUState *cpu);
 void m68k_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
                         int flags);
 #endif
--- a/target-m68k/cpu.c
+++ b/target-m68k/cpu.c
@ -147,7 +147,6 @@ static void m68k_cpu_realizefn(DeviceState *dev, Error **errp)
    m68k_cpu_init_gdb(cpu);
    cpu_reset(CPU(cpu));
    qemu_init_vcpu(&cpu->env);
    mcc->parent_realize(dev, errp);
 }
@ -187,6 +186,7 @@ static void m68k_cpu_class_init(ObjectClass *c, void *data)
    cc->class_by_name = m68k_cpu_class_by_name;
    cc->do_interrupt = m68k_cpu_do_interrupt;
    cc->dump_state = m68k_cpu_dump_state;
    dc->vmsd = &vmstate_m68k_cpu;
 }
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@ -3104,9 +3104,11 @@ void gen_intermediate_code_pc(CPUM68KState *env, TranslationBlock *tb)
    gen_intermediate_code_internal(env, tb, 1);
 }
-void cpu_dump_state(CPUM68KState *env, FILE *f, fprintf_function cpu_fprintf,
+void m68k_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
-                    int flags)
+                         int flags)
 {
    M68kCPU *cpu = M68K_CPU(cs);
    CPUM68KState *env = &cpu->env;
    int i;
    uint16_t sr;
    CPU_DoubleU u;
--- a/target-microblaze/cpu-qom.h
+++ b/target-microblaze/cpu-qom.h
@ -72,5 +72,7 @@ static inline MicroBlazeCPU *mb_env_get_cpu(CPUMBState *env)
 #define ENV_OFFSET offsetof(MicroBlazeCPU, env)
 void mb_cpu_do_interrupt(CPUState *cs);
 void mb_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
                       int flags);
 #endif
--- a/target-microblaze/cpu.c
+++ b/target-microblaze/cpu.c
@ -92,7 +92,6 @@ static void mb_cpu_realizefn(DeviceState *dev, Error **errp)
    MicroBlazeCPUClass *mcc = MICROBLAZE_CPU_GET_CLASS(dev);
    cpu_reset(CPU(cpu));
    qemu_init_vcpu(&cpu->env);
    mcc->parent_realize(dev, errp);
 }
@ -138,8 +137,9 @@ static void mb_cpu_class_init(ObjectClass *oc, void *data)
    cc->reset = mb_cpu_reset;
    cc->do_interrupt = mb_cpu_do_interrupt;
    cc->dump_state = mb_cpu_dump_state;
    cpu_class_set_do_unassigned_access(cc, mb_cpu_unassigned_access);
    dc->vmsd = &vmstate_mb_cpu;
    dc->props = mb_properties;
 }
--- a/target-microblaze/cpu.h
+++ b/target-microblaze/cpu.h
@ -367,8 +367,9 @@ static inline void cpu_get_tb_cpu_state(CPUMBState *env, target_ulong *pc,
 }
 #if !defined(CONFIG_USER_ONLY)
-void cpu_unassigned_access(CPUMBState *env1, hwaddr addr,
+void mb_cpu_unassigned_access(CPUState *cpu, hwaddr addr,
-                           int is_write, int is_exec, int is_asi, int size);
+                              bool is_write, bool is_exec, int is_asi,
                              unsigned size);
 #endif
 static inline bool cpu_has_work(CPUState *cpu)
--- a/target-microblaze/helper.c
+++ b/target-microblaze/helper.c
@ -39,8 +39,10 @@ void mb_cpu_do_interrupt(CPUState *cs)
 int cpu_mb_handle_mmu_fault(CPUMBState * env, target_ulong address, int rw,
                            int mmu_idx)
 {
    MicroBlazeCPU *cpu = mb_env_get_cpu(env);
    env->exception_index = 0xaa;
-    cpu_dump_state(env, stderr, fprintf, 0);
+    cpu_dump_state(CPU(cpu), stderr, fprintf, 0);
    return 1;
 }
--- a/target-microblaze/op_helper.c
+++ b/target-microblaze/op_helper.c
@ -495,12 +495,21 @@ void helper_mmu_write(CPUMBState *env, uint32_t rn, uint32_t v)
    mmu_write(env, rn, v);
 }
-void cpu_unassigned_access(CPUMBState *env, hwaddr addr,
+void mb_cpu_unassigned_access(CPUState *cs, hwaddr addr,
-                           int is_write, int is_exec, int is_asi, int size)
+                              bool is_write, bool is_exec, int is_asi,
                              unsigned size)
 {
    MicroBlazeCPU *cpu;
    CPUMBState *env;
    qemu_log_mask(CPU_LOG_INT, "Unassigned " TARGET_FMT_plx " wr=%d exe=%d\n",
-             addr, is_write, is_exec);
+             addr, is_write ? 1 : 0, is_exec ? 1 : 0);
-    if (!env || !(env->sregs[SR_MSR] & MSR_EE)) {
+    if (cs == NULL) {
        return;
    }
    cpu = MICROBLAZE_CPU(cs);
    env = &cpu->env;
    if (!(env->sregs[SR_MSR] & MSR_EE)) {
        return;
    }
--- a/target-microblaze/translate.c
+++ b/target-microblaze/translate.c
@ -1949,9 +1949,11 @@ void gen_intermediate_code_pc (CPUMBState *env, struct TranslationBlock *tb)
    gen_intermediate_code_internal(env, tb, 1);
 }
-void cpu_dump_state (CPUMBState *env, FILE *f, fprintf_function cpu_fprintf,
+void mb_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
-                     int flags)
+                       int flags)
 {
    MicroBlazeCPU *cpu = MICROBLAZE_CPU(cs);
    CPUMBState *env = &cpu->env;
    int i;
    if (!env || !f)
--- a/target-mips/cpu-qom.h
+++ b/target-mips/cpu-qom.h
@ -75,5 +75,7 @@ static inline MIPSCPU *mips_env_get_cpu(CPUMIPSState *env)
 #define ENV_OFFSET offsetof(MIPSCPU, env)
 void mips_cpu_do_interrupt(CPUState *cpu);
 void mips_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
                         int flags);
 #endif
--- a/target-mips/cpu.c
+++ b/target-mips/cpu.c
@ -48,7 +48,6 @@ static void mips_cpu_realizefn(DeviceState *dev, Error **errp)
    MIPSCPUClass *mcc = MIPS_CPU_GET_CLASS(dev);
    cpu_reset(CPU(cpu));
    qemu_init_vcpu(&cpu->env);
    mcc->parent_realize(dev, errp);
 }
@ -80,6 +79,8 @@ static void mips_cpu_class_init(ObjectClass *c, void *data)
    cc->reset = mips_cpu_reset;
    cc->do_interrupt = mips_cpu_do_interrupt;
    cc->dump_state = mips_cpu_dump_state;
    cpu_class_set_do_unassigned_access(cc, mips_cpu_unassigned_access);
 }
 static const TypeInfo mips_cpu_type_info = {
--- a/target-mips/cpu.h
+++ b/target-mips/cpu.h
@ -493,8 +493,9 @@ void r4k_helper_tlbwr(CPUMIPSState *env);
 void r4k_helper_tlbp(CPUMIPSState *env);
 void r4k_helper_tlbr(CPUMIPSState *env);
-void cpu_unassigned_access(CPUMIPSState *env, hwaddr addr,
+void mips_cpu_unassigned_access(CPUState *cpu, hwaddr addr,
-                           int is_write, int is_exec, int unused, int size);
+                                bool is_write, bool is_exec, int unused,
                                unsigned size);
 #endif
 void mips_cpu_list (FILE *f, fprintf_function cpu_fprintf);
--- a/target-mips/op_helper.c
+++ b/target-mips/op_helper.c
@ -2147,13 +2147,18 @@ void tlb_fill(CPUMIPSState *env, target_ulong addr, int is_write, int mmu_idx,
    }
 }
-void cpu_unassigned_access(CPUMIPSState *env, hwaddr addr,
+void mips_cpu_unassigned_access(CPUState *cs, hwaddr addr,
-                           int is_write, int is_exec, int unused, int size)
+                                bool is_write, bool is_exec, int unused,
                                unsigned size)
 {
-    if (is_exec)
+    MIPSCPU *cpu = MIPS_CPU(cs);
    CPUMIPSState *env = &cpu->env;
    if (is_exec) {
        helper_raise_exception(env, EXCP_IBE);
-    else
+    } else {
        helper_raise_exception(env, EXCP_DBE);
    }
 }
 #endif /* !CONFIG_USER_ONLY */
--- a/target-mips/translate.c
+++ b/target-mips/translate.c
@ -15780,9 +15780,11 @@ cpu_mips_check_sign_extensions (CPUMIPSState *env, FILE *f,
 }
 #endif
-void cpu_dump_state (CPUMIPSState *env, FILE *f, fprintf_function cpu_fprintf,
+void mips_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
-                     int flags)
+                         int flags)
 {
    MIPSCPU *cpu = MIPS_CPU(cs);
    CPUMIPSState *env = &cpu->env;
    int i;
    cpu_fprintf(f, "pc=0x" TARGET_FMT_lx " HI=0x" TARGET_FMT_lx
--- a/target-moxie/cpu.c
+++ b/target-moxie/cpu.c
@ -44,12 +44,11 @@ static void moxie_cpu_reset(CPUState *s)
 static void moxie_cpu_realizefn(DeviceState *dev, Error **errp)
 {
    MoxieCPU *cpu = MOXIE_CPU(dev);
-    MoxieCPUClass *occ = MOXIE_CPU_GET_CLASS(dev);
+    MoxieCPUClass *mcc = MOXIE_CPU_GET_CLASS(dev);
    qemu_init_vcpu(&cpu->env);
    cpu_reset(CPU(cpu));
-    occ->parent_realize(dev, errp);
+    mcc->parent_realize(dev, errp);
 }
 static void moxie_cpu_initfn(Object *obj)
@ -97,8 +96,9 @@ static void moxie_cpu_class_init(ObjectClass *oc, void *data)
    cc->class_by_name = moxie_cpu_class_by_name;
    cpu_class_set_vmsd(cc, &vmstate_moxie_cpu);
    cc->do_interrupt = moxie_cpu_do_interrupt;
    cc->dump_state = moxie_cpu_dump_state;
    cpu_class_set_vmsd(cc, &vmstate_moxie_cpu);
 }
 static void moxielite_initfn(Object *obj)
--- a/target-moxie/cpu.h
+++ b/target-moxie/cpu.h
@ -116,6 +116,8 @@ static inline MoxieCPU *moxie_env_get_cpu(CPUMoxieState *env)
 MoxieCPU *cpu_moxie_init(const char *cpu_model);
 int cpu_moxie_exec(CPUMoxieState *s);
 void moxie_cpu_do_interrupt(CPUState *cs);
 void moxie_cpu_dump_state(CPUState *cpu, FILE *f,
                          fprintf_function cpu_fprintf, int flags);
 void moxie_translate_init(void);
 int cpu_moxie_signal_handler(int host_signum, void *pinfo,
                             void *puc);
--- a/target-moxie/helper.c
+++ b/target-moxie/helper.c
@ -110,9 +110,11 @@ void moxie_cpu_do_interrupt(CPUState *env)
 int cpu_moxie_handle_mmu_fault(CPUMoxieState *env, target_ulong address,
                               int rw, int mmu_idx)
 {
    MoxieCPU *cpu = moxie_env_get_cpu(env);
    env->exception_index = 0xaa;
    env->debug1 = address;
-    cpu_dump_state(env, stderr, fprintf, 0);
+    cpu_dump_state(CPU(cpu), stderr, fprintf, 0);
    return 1;
 }
--- a/target-moxie/translate.c
+++ b/target-moxie/translate.c
@ -74,9 +74,11 @@ static int extract_branch_offset(int opcode)
  return (((signed short)((opcode & ((1 << 10) - 1)) << 6)) >> 6) << 1;
 }
-void cpu_dump_state(CPUArchState *env, FILE *f, fprintf_function cpu_fprintf,
+void moxie_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
-                    int flags)
+                          int flags)
 {
    MoxieCPU *cpu = MOXIE_CPU(cs);
    CPUMoxieState *env = &cpu->env;
    int i;
    cpu_fprintf(f, "pc=0x%08x\n", env->pc);
    cpu_fprintf(f, "$fp=0x%08x $sp=0x%08x $r0=0x%08x $r1=0x%08x\n",
--- a/target-openrisc/cpu.c
+++ b/target-openrisc/cpu.c
@ -67,7 +67,6 @@ static void openrisc_cpu_realizefn(DeviceState *dev, Error **errp)
    OpenRISCCPU *cpu = OPENRISC_CPU(dev);
    OpenRISCCPUClass *occ = OPENRISC_CPU_GET_CLASS(dev);
    qemu_init_vcpu(&cpu->env);
    cpu_reset(CPU(cpu));
    occ->parent_realize(dev, errp);
@ -149,6 +148,8 @@ static void openrisc_cpu_class_init(ObjectClass *oc, void *data)
    cc->class_by_name = openrisc_cpu_class_by_name;
    cc->do_interrupt = openrisc_cpu_do_interrupt;
    cc->dump_state = openrisc_cpu_dump_state;
    device_class_set_vmsd(dc, &vmstate_openrisc_cpu);
 }
 static void cpu_register(const OpenRISCCPUInfo *info)
--- a/target-openrisc/cpu.h
+++ b/target-openrisc/cpu.h
@ -347,6 +347,8 @@ OpenRISCCPU *cpu_openrisc_init(const char *cpu_model);
 void cpu_openrisc_list(FILE *f, fprintf_function cpu_fprintf);
 int cpu_openrisc_exec(CPUOpenRISCState *s);
 void openrisc_cpu_do_interrupt(CPUState *cpu);
 void openrisc_cpu_dump_state(CPUState *cpu, FILE *f,
                             fprintf_function cpu_fprintf, int flags);
 void openrisc_translate_init(void);
 int cpu_openrisc_handle_mmu_fault(CPUOpenRISCState *env,
                                  target_ulong address,
@ -360,6 +362,8 @@ int cpu_openrisc_signal_handler(int host_signum, void *pinfo, void *puc);
 #define cpu_signal_handler cpu_openrisc_signal_handler
 #ifndef CONFIG_USER_ONLY
 extern const struct VMStateDescription vmstate_openrisc_cpu;
 /* hw/openrisc_pic.c */
 void cpu_openrisc_pic_init(OpenRISCCPU *cpu);
--- a/target-openrisc/machine.c
+++ b/target-openrisc/machine.c
@ -20,8 +20,11 @@
 #include "hw/hw.h"
 #include "hw/boards.h"
-static const VMStateDescription vmstate_cpu = {
+static const VMStateDescription vmstate_env = {
-    .name = "cpu",
+    .name = "env",
    .version_id = 1,
    .minimum_version_id = 1,
    .minimum_version_id_old = 1,
    .fields = (VMStateField[]) {
        VMSTATE_UINT32_ARRAY(gpr, CPUOpenRISCState, 32),
        VMSTATE_UINT32(sr, CPUOpenRISCState),
@ -36,12 +39,14 @@ static const VMStateDescription vmstate_cpu = {
    }
 };
-void cpu_save(QEMUFile *f, void *opaque)
+const VMStateDescription vmstate_openrisc_cpu = {
-{
+    .name = "cpu",
-    vmstate_save_state(f, &vmstate_cpu, opaque);
+    .version_id = 1,
-}
+    .minimum_version_id = 1,
-
+    .minimum_version_id_old = 1,
-int cpu_load(QEMUFile *f, void *opaque, int version_id)
+    .fields = (VMStateField[]) {
-{
+        VMSTATE_CPU(),
-    return vmstate_load_state(f, &vmstate_cpu, opaque, version_id);
+        VMSTATE_STRUCT(env, OpenRISCCPU, 1, vmstate_env, CPUOpenRISCState),
-}
+        VMSTATE_END_OF_LIST()
    }
 };
--- a/target-openrisc/translate.c
+++ b/target-openrisc/translate.c
@ -1814,15 +1814,17 @@ void gen_intermediate_code_pc(CPUOpenRISCState *env,
    gen_intermediate_code_internal(openrisc_env_get_cpu(env), tb, 1);
 }
-void cpu_dump_state(CPUOpenRISCState *env, FILE *f,
+void openrisc_cpu_dump_state(CPUState *cs, FILE *f,
-                    fprintf_function cpu_fprintf,
+                             fprintf_function cpu_fprintf,
-                    int flags)
+                             int flags)
 {
    OpenRISCCPU *cpu = OPENRISC_CPU(cs);
    CPUOpenRISCState *env = &cpu->env;
    int i;
-    uint32_t *regs = env->gpr;
+
    cpu_fprintf(f, "PC=%08x\n", env->pc);
    for (i = 0; i < 32; ++i) {
-        cpu_fprintf(f, "R%02d=%08x%c", i, regs[i],
+        cpu_fprintf(f, "R%02d=%08x%c", i, env->gpr[i],
                    (i % 4) == 3 ? '\n' : ' ');
    }
 }
--- a/target-ppc/cpu-qom.h
+++ b/target-ppc/cpu-qom.h
@ -101,5 +101,9 @@ static inline PowerPCCPU *ppc_env_get_cpu(CPUPPCState *env)
 PowerPCCPUClass *ppc_cpu_class_by_pvr(uint32_t pvr);
 void ppc_cpu_do_interrupt(CPUState *cpu);
 void ppc_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
                        int flags);
 void ppc_cpu_dump_statistics(CPUState *cpu, FILE *f,
                             fprintf_function cpu_fprintf, int flags);
 #endif
--- a/target-ppc/mmu-hash64.c
+++ b/target-ppc/mmu-hash64.c
@ -78,7 +78,7 @@ void dump_slb(FILE *f, fprintf_function cpu_fprintf, CPUPPCState *env)
    int i;
    uint64_t slbe, slbv;
-    cpu_synchronize_state(env);
+    cpu_synchronize_state(CPU(ppc_env_get_cpu(env)));
    cpu_fprintf(f, "SLB\tESID\t\t\tVSID\n");
    for (i = 0; i < env->slb_nr; i++) {
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@ -9526,15 +9526,17 @@ GEN_SPEOP_LDST(evstwwo, 0x1E, 2),
 /*****************************************************************************/
 /* Misc PowerPC helpers */
-void cpu_dump_state (CPUPPCState *env, FILE *f, fprintf_function cpu_fprintf,
+void ppc_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
-                     int flags)
+                        int flags)
 {
 #define RGPL  4
 #define RFPL  4
    PowerPCCPU *cpu = POWERPC_CPU(cs);
    CPUPPCState *env = &cpu->env;
    int i;
-    cpu_synchronize_state(env);
+    cpu_synchronize_state(cs);
    cpu_fprintf(f, "NIP " TARGET_FMT_lx "   LR " TARGET_FMT_lx " CTR "
                TARGET_FMT_lx " XER " TARGET_FMT_lx "\n",
@ -9675,14 +9677,15 @@ void cpu_dump_state (CPUPPCState *env, FILE *f, fprintf_function cpu_fprintf,
 #undef RFPL
 }
-void cpu_dump_statistics (CPUPPCState *env, FILE*f, fprintf_function cpu_fprintf,
+void ppc_cpu_dump_statistics(CPUState *cs, FILE*f,
-                          int flags)
+                             fprintf_function cpu_fprintf, int flags)
 {
 #if defined(DO_PPC_STATISTICS)
    PowerPCCPU *cpu = POWERPC_CPU(cs);
    opc_handler_t **t1, **t2, **t3, *handler;
    int op1, op2, op3;
-    t1 = env->opcodes;
+    t1 = cpu->env.opcodes;
    for (op1 = 0; op1 < 64; op1++) {
        handler = t1[op1];
        if (is_indirect_opcode(handler)) {
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@ -7752,8 +7752,6 @@ static void ppc_cpu_realizefn(DeviceState *dev, Error **errp)
                                 34, "power-spe.xml", 0);
    }
    qemu_init_vcpu(env);
    pcc->parent_realize(dev, errp);
 #if defined(PPC_DUMP_CPU)
@ -8309,6 +8307,8 @@ static void ppc_cpu_class_init(ObjectClass *oc, void *data)
    cc->class_by_name = ppc_cpu_class_by_name;
    cc->do_interrupt = ppc_cpu_do_interrupt;
    cc->dump_state = ppc_cpu_dump_state;
    cc->dump_statistics = ppc_cpu_dump_statistics;
 }
 static const TypeInfo ppc_cpu_type_info = {
--- a/target-s390x/cpu-qom.h
+++ b/target-s390x/cpu-qom.h
@ -72,5 +72,7 @@ static inline S390CPU *s390_env_get_cpu(CPUS390XState *env)
 #define ENV_OFFSET offsetof(S390CPU, env)
 void s390_cpu_do_interrupt(CPUState *cpu);
 void s390_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
                         int flags);
 #endif
--- a/target-s390x/cpu.c
+++ b/target-s390x/cpu.c
@ -102,7 +102,6 @@ static void s390_cpu_realizefn(DeviceState *dev, Error **errp)
    S390CPU *cpu = S390_CPU(dev);
    S390CPUClass *scc = S390_CPU_GET_CLASS(dev);
    qemu_init_vcpu(&cpu->env);
    cpu_reset(CPU(cpu));
    scc->parent_realize(dev, errp);
@ -170,6 +169,7 @@ static void s390_cpu_class_init(ObjectClass *oc, void *data)
    cc->reset = s390_cpu_reset;
    cc->do_interrupt = s390_cpu_do_interrupt;
    cc->dump_state = s390_cpu_dump_state;
    dc->vmsd = &vmstate_s390_cpu;
 }
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@ -450,7 +450,7 @@ static int kvm_sclp_service_call(S390CPU *cpu, struct kvm_run *run,
    uint64_t code;
    int r = 0;
-    cpu_synchronize_state(env);
+    cpu_synchronize_state(CPU(cpu));
    sccb = env->regs[ipbh0 & 0xf];
    code = env->regs[(ipbh0 & 0xf0) >> 4];
@ -656,16 +656,17 @@ static int s390_store_status(CPUS390XState *env, uint32_t parameter)
 static int s390_cpu_initial_reset(S390CPU *cpu)
 {
    CPUState *cs = CPU(cpu);
    CPUS390XState *env = &cpu->env;
    int i;
    s390_del_running_cpu(cpu);
-    if (kvm_vcpu_ioctl(CPU(cpu), KVM_S390_INITIAL_RESET, NULL) < 0) {
+    if (kvm_vcpu_ioctl(cs, KVM_S390_INITIAL_RESET, NULL) < 0) {
        perror("cannot init reset vcpu");
    }
    /* Manually zero out all registers */
-    cpu_synchronize_state(env);
+    cpu_synchronize_state(cs);
    for (i = 0; i < 16; i++) {
        env->regs[i] = 0;
    }
@ -685,7 +686,7 @@ static int handle_sigp(S390CPU *cpu, struct kvm_run *run, uint8_t ipa1)
    S390CPU *target_cpu;
    CPUS390XState *target_env;
-    cpu_synchronize_state(env);
+    cpu_synchronize_state(CPU(cpu));
    /* get order code */
    order_code = run->s390_sieic.ipb >> 28;
--- a/target-s390x/translate.c
+++ b/target-s390x/translate.c
@ -86,9 +86,11 @@ static uint64_t pc_to_link_info(DisasContext *s, uint64_t pc)
    return pc;
 }
-void cpu_dump_state(CPUS390XState *env, FILE *f, fprintf_function cpu_fprintf,
+void s390_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
-                    int flags)
+                         int flags)
 {
    S390CPU *cpu = S390_CPU(cs);
    CPUS390XState *env = &cpu->env;
    int i;
    if (env->cc_op > 3) {
--- a/target-sh4/cpu-qom.h
+++ b/target-sh4/cpu-qom.h
@ -84,5 +84,7 @@ static inline SuperHCPU *sh_env_get_cpu(CPUSH4State *env)
 #define ENV_OFFSET offsetof(SuperHCPU, env)
 void superh_cpu_do_interrupt(CPUState *cpu);
 void superh_cpu_dump_state(CPUState *cpu, FILE *f,
                           fprintf_function cpu_fprintf, int flags);
 #endif
--- a/target-sh4/cpu.c
+++ b/target-sh4/cpu.c
@ -234,7 +234,6 @@ static void superh_cpu_realizefn(DeviceState *dev, Error **errp)
    SuperHCPUClass *scc = SUPERH_CPU_GET_CLASS(dev);
    cpu_reset(CPU(cpu));
    qemu_init_vcpu(&cpu->env);
    scc->parent_realize(dev, errp);
 }
@ -274,6 +273,7 @@ static void superh_cpu_class_init(ObjectClass *oc, void *data)
    cc->class_by_name = superh_cpu_class_by_name;
    cc->do_interrupt = superh_cpu_do_interrupt;
    cc->dump_state = superh_cpu_dump_state;
    dc->vmsd = &vmstate_sh_cpu;
 }
--- a/target-sh4/translate.c
+++ b/target-sh4/translate.c
@ -150,10 +150,11 @@ void sh4_translate_init(void)
    done_init = 1;
 }
-void cpu_dump_state(CPUSH4State * env, FILE * f,
+void superh_cpu_dump_state(CPUState *cs, FILE *f,
-		    int (*cpu_fprintf) (FILE * f, const char *fmt, ...),
+                           fprintf_function cpu_fprintf, int flags)
 		    int flags)
 {
    SuperHCPU *cpu = SUPERH_CPU(cs);
    CPUSH4State *env = &cpu->env;
    int i;
    cpu_fprintf(f, "pc=0x%08x sr=0x%08x pr=0x%08x fpscr=0x%08x\n",
 		env->pc, env->sr, env->pr, env->fpscr);
--- a/target-sparc/cpu-qom.h
+++ b/target-sparc/cpu-qom.h
@ -76,5 +76,7 @@ static inline SPARCCPU *sparc_env_get_cpu(CPUSPARCState *env)
 #define ENV_OFFSET offsetof(SPARCCPU, env)
 void sparc_cpu_do_interrupt(CPUState *cpu);
 void sparc_cpu_dump_state(CPUState *cpu, FILE *f,
                          fprintf_function cpu_fprintf, int flags);
 #endif
--- a/target-sparc/cpu.c
+++ b/target-sparc/cpu.c
@ -660,9 +660,11 @@ static void cpu_print_cc(FILE *f, fprintf_function cpu_fprintf,
 #define REGS_PER_LINE 8
 #endif
-void cpu_dump_state(CPUSPARCState *env, FILE *f, fprintf_function cpu_fprintf,
+void sparc_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
-                    int flags)
+                          int flags)
 {
    SPARCCPU *cpu = SPARC_CPU(cs);
    CPUSPARCState *env = &cpu->env;
    int i, x;
    cpu_fprintf(f, "pc: " TARGET_FMT_lx "  npc: " TARGET_FMT_lx "\n", env->pc,
@ -728,11 +730,8 @@ void cpu_dump_state(CPUSPARCState *env, FILE *f, fprintf_function cpu_fprintf,
 static void sparc_cpu_realizefn(DeviceState *dev, Error **errp)
 {
    SPARCCPU *cpu = SPARC_CPU(dev);
    SPARCCPUClass *scc = SPARC_CPU_GET_CLASS(dev);
    qemu_init_vcpu(&cpu->env);
    scc->parent_realize(dev, errp);
 }
@ -771,6 +770,8 @@ static void sparc_cpu_class_init(ObjectClass *oc, void *data)
    cc->reset = sparc_cpu_reset;
    cc->do_interrupt = sparc_cpu_do_interrupt;
    cc->dump_state = sparc_cpu_dump_state;
    cpu_class_set_do_unassigned_access(cc, sparc_cpu_unassigned_access);
 }
 static const TypeInfo sparc_cpu_type_info = {
--- a/target-sparc/cpu.h
+++ b/target-sparc/cpu.h
@ -582,8 +582,9 @@ static inline int tlb_compare_context(const SparcTLBEntry *tlb,
 /* cpu-exec.c */
 #if !defined(CONFIG_USER_ONLY)
-void cpu_unassigned_access(CPUSPARCState *env1, hwaddr addr,
+void sparc_cpu_unassigned_access(CPUState *cpu, hwaddr addr,
-                           int is_write, int is_exec, int is_asi, int size);
+                                 bool is_write, bool is_exec, int is_asi,
                                 unsigned size);
 #if defined(TARGET_SPARC64)
 hwaddr cpu_get_phys_page_nofault(CPUSPARCState *env, target_ulong addr,
                                           int mmu_idx);
--- a/target-sparc/ldst_helper.c
+++ b/target-sparc/ldst_helper.c
@ -686,7 +686,8 @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong addr, int asi, int size,
        break;
    case 8: /* User code access, XXX */
    default:
-        cpu_unassigned_access(env, addr, 0, 0, asi, size);
+        cpu_unassigned_access(CPU(sparc_env_get_cpu(env)),
                              addr, false, false, asi, size);
        ret = 0;
        break;
    }
@ -1088,7 +1089,8 @@ void helper_st_asi(CPUSPARCState *env, target_ulong addr, uint64_t val, int asi,
    case 8: /* User code access, XXX */
    case 9: /* Supervisor code access, XXX */
    default:
-        cpu_unassigned_access(env, addr, 1, 0, asi, size);
+        cpu_unassigned_access(CPU(sparc_env_get_cpu(env)),
                              addr, true, false, asi, size);
        break;
    }
 #ifdef DEBUG_ASI
@ -1594,7 +1596,8 @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong addr, int asi, int size,
    case 0x5f: /* D-MMU demap, WO */
    case 0x77: /* Interrupt vector, WO */
    default:
-        cpu_unassigned_access(env, addr, 0, 0, 1, size);
+        cpu_unassigned_access(CPU(sparc_env_get_cpu(env)),
                              addr, false, false, 1, size);
        ret = 0;
        break;
    }
@ -2027,7 +2030,8 @@ void helper_st_asi(CPUSPARCState *env, target_ulong addr, target_ulong val,
    case 0x8a: /* Primary no-fault LE, RO */
    case 0x8b: /* Secondary no-fault LE, RO */
    default:
-        cpu_unassigned_access(env, addr, 1, 0, 1, size);
+        cpu_unassigned_access(CPU(sparc_env_get_cpu(env)),
                              addr, true, false, 1, size);
        return;
    }
 }
@ -2322,9 +2326,12 @@ void helper_stqf(CPUSPARCState *env, target_ulong addr, int mem_idx)
 #if !defined(CONFIG_USER_ONLY)
 #ifndef TARGET_SPARC64
-void cpu_unassigned_access(CPUSPARCState *env, hwaddr addr,
+void sparc_cpu_unassigned_access(CPUState *cs, hwaddr addr,
-                           int is_write, int is_exec, int is_asi, int size)
+                                 bool is_write, bool is_exec, int is_asi,
                                 unsigned size)
 {
    SPARCCPU *cpu = SPARC_CPU(cs);
    CPUSPARCState *env = &cpu->env;
    int fault_type;
 #ifdef DEBUG_UNASSIGNED
@ -2382,9 +2389,13 @@ void cpu_unassigned_access(CPUSPARCState *env, hwaddr addr,
    }
 }
 #else
-void cpu_unassigned_access(CPUSPARCState *env, hwaddr addr,
+void sparc_cpu_unassigned_access(CPUState *cs, hwaddr addr,
-                           int is_write, int is_exec, int is_asi, int size)
+                                 bool is_write, bool is_exec, int is_asi,
                                 unsigned size)
 {
    SPARCCPU *cpu = SPARC_CPU(cs);
    CPUSPARCState *env = &cpu->env;
 #ifdef DEBUG_UNASSIGNED
    printf("Unassigned mem access to " TARGET_FMT_plx " from " TARGET_FMT_lx
           "\n", addr, env->pc);
--- a/target-unicore32/cpu-qom.h
+++ b/target-unicore32/cpu-qom.h
@ -61,5 +61,7 @@ static inline UniCore32CPU *uc32_env_get_cpu(CPUUniCore32State *env)
 #define ENV_OFFSET offsetof(UniCore32CPU, env)
 void uc32_cpu_do_interrupt(CPUState *cpu);
 void uc32_cpu_dump_state(CPUState *cpu, FILE *f,
                         fprintf_function cpu_fprintf, int flags);
 #endif
--- a/target-unicore32/cpu.c
+++ b/target-unicore32/cpu.c
@ -83,11 +83,8 @@ static const UniCore32CPUInfo uc32_cpus[] = {
 static void uc32_cpu_realizefn(DeviceState *dev, Error **errp)
 {
    UniCore32CPU *cpu = UNICORE32_CPU(dev);
    UniCore32CPUClass *ucc = UNICORE32_CPU_GET_CLASS(dev);
    qemu_init_vcpu(&cpu->env);
    ucc->parent_realize(dev, errp);
 }
@ -133,6 +130,7 @@ static void uc32_cpu_class_init(ObjectClass *oc, void *data)
    cc->class_by_name = uc32_cpu_class_by_name;
    cc->do_interrupt = uc32_cpu_do_interrupt;
    cc->dump_state = uc32_cpu_dump_state;
    dc->vmsd = &vmstate_uc32_cpu;
 }
--- a/target-unicore32/translate.c
+++ b/target-unicore32/translate.c
@ -2113,9 +2113,11 @@ static void cpu_dump_state_ucf64(CPUUniCore32State *env, FILE *f,
 #define cpu_dump_state_ucf64(env, file, pr, flags)      do { } while (0)
 #endif
-void cpu_dump_state(CPUUniCore32State *env, FILE *f,
+void uc32_cpu_dump_state(CPUState *cs, FILE *f,
-        fprintf_function cpu_fprintf, int flags)
+                         fprintf_function cpu_fprintf, int flags)
 {
    UniCore32CPU *cpu = UNICORE32_CPU(cs);
    CPUUniCore32State *env = &cpu->env;
    int i;
    uint32_t psr;
--- a/target-xtensa/cpu-qom.h
+++ b/target-xtensa/cpu-qom.h
@ -81,5 +81,7 @@ static inline XtensaCPU *xtensa_env_get_cpu(const CPUXtensaState *env)
 #define ENV_OFFSET offsetof(XtensaCPU, env)
 void xtensa_cpu_do_interrupt(CPUState *cpu);
 void xtensa_cpu_dump_state(CPUState *cpu, FILE *f,
                           fprintf_function cpu_fprintf, int flags);
 #endif
--- a/target-xtensa/cpu.c
+++ b/target-xtensa/cpu.c
@ -59,11 +59,8 @@ static void xtensa_cpu_reset(CPUState *s)
 static void xtensa_cpu_realizefn(DeviceState *dev, Error **errp)
 {
    XtensaCPU *cpu = XTENSA_CPU(dev);
    XtensaCPUClass *xcc = XTENSA_CPU_GET_CLASS(dev);
    qemu_init_vcpu(&cpu->env);
    xcc->parent_realize(dev, errp);
 }
@ -102,6 +99,7 @@ static void xtensa_cpu_class_init(ObjectClass *oc, void *data)
    cc->reset = xtensa_cpu_reset;
    cc->do_interrupt = xtensa_cpu_do_interrupt;
    cc->dump_state = xtensa_cpu_dump_state;
    dc->vmsd = &vmstate_xtensa_cpu;
 }
--- a/target-xtensa/op_helper.c
+++ b/target-xtensa/op_helper.c
@ -368,7 +368,9 @@ void HELPER(wsr_lend)(CPUXtensaState *env, uint32_t v)
 void HELPER(dump_state)(CPUXtensaState *env)
 {
-    cpu_dump_state(env, stderr, fprintf, 0);
+    XtensaCPU *cpu = xtensa_env_get_cpu(env);
    cpu_dump_state(CPU(cpu), stderr, fprintf, 0);
 }
 void HELPER(waiti)(CPUXtensaState *env, uint32_t pc, uint32_t intlevel)
--- a/target-xtensa/translate.c
+++ b/target-xtensa/translate.c
@ -3014,9 +3014,11 @@ void gen_intermediate_code_pc(CPUXtensaState *env, TranslationBlock *tb)
    gen_intermediate_code_internal(env, tb, 1);
 }
-void cpu_dump_state(CPUXtensaState *env, FILE *f, fprintf_function cpu_fprintf,
+void xtensa_cpu_dump_state(CPUState *cs, FILE *f,
-        int flags)
+                           fprintf_function cpu_fprintf, int flags)
 {
    XtensaCPU *cpu = XTENSA_CPU(cs);
    CPUXtensaState *env = &cpu->env;
    int i, j;
    cpu_fprintf(f, "PC=%08x\n\n", env->pc);