Merge tag 'for-upstream-i386' of https://gitlab.com/bonzini/qemu into staging

* target/i386: new feature bits for AMD processors
* target/i386/tcg: improvements around flag handling
* target/i386: a

Merge tag 'for-upstream-i386' of https://gitlab.com/bonzini/qemu into staging

* target/i386: new feature bits for AMD processors
* target/i386/tcg: improvements around flag handling
* target/i386: add AVX10 support
* target/i386: add GraniteRapids-v2 model
* dockerfiles: add libcbor
* New nitro-enclave machine type
* qom: cleanups to object_new
* configure: detect 64-bit MIPS for rust
* configure: deprecate 32-bit MIPS

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmcjvkQUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroPIKgf/etNpO2T+eLFtWN/Qd5eopBXqNd9k
# KmeK9EgW9lqx2IPGNen33O+uKpb/TsMmubSsSF+YxTp7pmkc8+71f3rBMaIAD02r
# /paHSMVw0+f12DAFQz1jdvGihR7Mew0wcF/UdEt737y6vEmPxLTyYG3Gfa4NSZwT
# /V5jTOIcfUN/UEjNgIp6NTuOEESKmlqt22pfMapgkwMlAJYeeJU2X9eGYE86wJbq
# ZSXNgK3jL9wGT2XKa3e+OKzHfFpSkrB0JbQbdico9pefnBokN/hTeeUJ81wBAc7u
# i00W1CEQVJ5lhBc121d4AWMp83ME6HijJUOTMmJbFIONPsITFPHK1CAkng==
# =D4nR
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 31 Oct 2024 17:28:36 GMT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83

* tag 'for-upstream-i386' of https://gitlab.com/bonzini/qemu: (49 commits)
target/i386: Introduce GraniteRapids-v2 model
target/i386: Add AVX512 state when AVX10 is supported
target/i386: Add feature dependencies for AVX10
target/i386: add CPUID.24 features for AVX10
target/i386: add AVX10 feature and AVX10 version property
target/i386: return bool from x86_cpu_filter_features
target/i386: do not rely on ExtSaveArea for accelerator-supported XCR0 bits
target/i386: cpu: set correct supported XCR0 features for TCG
target/i386: use + to put flags together
target/i386: use higher-precision arithmetic to compute CF
target/i386: use compiler builtin to compute PF
target/i386: make flag variables unsigned
target/i386: add a note about gen_jcc1
target/i386: add a few more trivial CCPrepare cases
target/i386: optimize TEST+Jxx sequences
target/i386: optimize computation of ZF from CC_OP_DYNAMIC
target/i386: Wrap cc_op_live with a validity check
target/i386: Introduce cc_op_size
target/i386: Rearrange CCOp
target/i386: remove CC_OP_CLR
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

target/i386: Wrap cc_op_live with a validity check

Assert that op is known and that cc_op_live_ is populated.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonz

target/i386: Wrap cc_op_live with a validity check

Assert that op is known and that cc_op_live_ is populated.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

target/i386: Introduce cc_op_size

Replace arithmetic on cc_op with a helper function.
Assert that the op has a size and that it is valid
for the configuration.

Signed-off-by: Richard Henderson <ric

target/i386: Introduce cc_op_size

Replace arithmetic on cc_op with a helper function.
Assert that the op has a size and that it is valid
for the configuration.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Link: https://lore.kernel.org/r/20240701025115.1265117-6-richard.henderson@linaro.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

target/i386: remove CC_OP_CLR

Just use CC_OP_EFLAGS; it is not that likely that the flags computed by
CC_OP_CLR survive the end of the basic block, in which case there is no
need to spill cc_op_src.

target/i386: remove CC_OP_CLR

Just use CC_OP_EFLAGS; it is not that likely that the flags computed by
CC_OP_CLR survive the end of the basic block, in which case there is no
need to spill cc_op_src.

cc_op_src now does need spilling if the XOR is followed by a memory
operation, but this only costs 0.2% extra TCG ops. They will be recouped
by simplifications in how QEMU evaluates ZF at runtime, which are even
greater with this change.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* tcg/s390x: Fix for TSTEQ/TSTNE
* target/i386: Fixes for IN and OUT with REX prefix
* target/i386: New CPUID features and lo

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* tcg/s390x: Fix for TSTEQ/TSTNE
* target/i386: Fixes for IN and OUT with REX prefix
* target/i386: New CPUID features and logic fixes
* target/i386: Add support save/load HWCR MSR
* target/i386: Move more instructions to new decoder; separate decoding
and IR generation
* target/i386/tcg: Use DPL-level accesses for interrupts and call gates
* accel/kvm: perform capability checks on VM file descriptor when necessary
* accel/kvm: dynamically sized kvm memslots array
* target/i386: fixes for Hyper-V
* docs/system: Add recommendations to Hyper-V enlightenments doc

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmcRTIoUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroMCewf8DnZbz7/0beql2YycrdPJZ3xnmfWW
# JenWKIThKHGWRTW2ODsac21n0TNXE0vsOYjw/Z/dNLO+72sLcqvmEB18+dpHAD2J
# ltb8OvuROc3nn64OEi08qIj7JYLmJ/osroI+6NnZrCOHo8nCirXoCHB7ZPqAE7/n
# yDnownWaduXmXt3+Vs1mpqlBklcClxaURDDEQ8CGsxjC3jW03cno6opJPZpJqk0t
# 6aX92vX+3lNhIlije3QESsDX0cP1CFnQmQlNNg/xzk+ZQO+vSRrPV+A/N9xf8m1b
# HiaCrlBWYef/sLgOHziOSrJV5/N8W0GDEVYDmpEswHE81BZxrOTZLxqzWw==
# =qwfc
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 17 Oct 2024 18:42:34 BST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (26 commits)
target/i386: Use only 16 and 32-bit operands for IN/OUT
accel/kvm: check for KVM_CAP_MEMORY_ATTRIBUTES on vm
accel/kvm: check for KVM_CAP_MULTI_ADDRESS_SPACE on vm
accel/kvm: check for KVM_CAP_READONLY_MEM on VM
target/i386/tcg: Use DPL-level accesses for interrupts and call gates
KVM: Rename KVMState->nr_slots to nr_slots_max
KVM: Rename KVMMemoryListener.nr_used_slots to nr_slots_used
KVM: Define KVM_MEMSLOTS_NUM_MAX_DEFAULT
KVM: Dynamic sized kvm memslots array
target/i386: assert that cc_op* and pc_save are preserved
target/i386: list instructions still in translate.c
target/i386: do not check PREFIX_LOCK in old-style decoder
target/i386: convert CMPXCHG8B/CMPXCHG16B to new decoder
target/i386: decode address before going back to translate.c
target/i386: convert bit test instructions to new decoder
tcg/s390x: fix constraint for 32-bit TSTEQ/TSTNE
docs/system: Add recommendations to Hyper-V enlightenments doc
target/i386: Make sure SynIC state is really updated before KVM_RUN
target/i386: Exclude 'hv-syndbg' from 'hv-passthrough'
target/i386: Fix conditional CONFIG_SYNDBG enablement
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

target/i386: convert CMPXCHG8B/CMPXCHG16B to new decoder

The gen_cmpxchg8b and gen_cmpxchg16b functions even have the correct
prototype already; the only thing that needs to be done is removing the

target/i386: convert CMPXCHG8B/CMPXCHG16B to new decoder

The gen_cmpxchg8b and gen_cmpxchg16b functions even have the correct
prototype already; the only thing that needs to be done is removing the
gen_lea_modrm() call.

This moves the last LOCK-enabled instructions to the new decoder. It is
now possible to assume that gen_multi0F is called only after checking
that PREFIX_LOCK was not specified.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

target/i386: decode address before going back to translate.c

There are now relatively few unconverted opcodes in translate.c (there
are 13 of them including 8 for x87), and all of them have the same

target/i386: decode address before going back to translate.c

There are now relatively few unconverted opcodes in translate.c (there
are 13 of them including 8 for x87), and all of them have the same
format with a mod/rm byte and no immediate. A good next step is
to remove the early bail out to disas_insn_x87/disas_insn_old,
instead giving these legacy translator functions the same prototype
as the other gen_* functions.

To do this, the X86DecodeInsn can be passed down to the places that
used to fetch address bytes from the instruction stream. To make
sure that everything is done cleanly, the CPUX86State* argument is
removed.

As part of the unification, the gen_lea_modrm() name is now free,
so rename gen_load_ea() to gen_lea_modrm(). This is as good a name
and it makes the changes to translate.c easier to review.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

target/i386: convert bit test instructions to new decoder

Code generation was rewritten; it reuses the same trick to use the
CC_OP_SAR values for cc_op, but it tries to use CC_OP_ADCX or CC_OP_ADCOX

target/i386: convert bit test instructions to new decoder

Code generation was rewritten; it reuses the same trick to use the
CC_OP_SAR values for cc_op, but it tries to use CC_OP_ADCX or CC_OP_ADCOX
instead of CC_OP_EFLAGS. This is a tiny bit more efficient in the
common case where only CF is checked in the resulting flags.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Merge tag 'pull-misc-20240821' of https://gitlab.com/rth7680/qemu into staging

target/i386: Fix carry flag for BLSI
target/i386: Fix tss access size in switch_tss_ra
linux-user: Handle short reads i

Merge tag 'pull-misc-20240821' of https://gitlab.com/rth7680/qemu into staging

target/i386: Fix carry flag for BLSI
target/i386: Fix tss access size in switch_tss_ra
linux-user: Handle short reads in mmap_h_gt_g
bsd-user: Handle short reads in mmap_h_gt_g

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmbFTzUdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/9+Qf9GiXgmZU51Rk9LaNz
# zlaUPIJy/ER+lCpkaeIqMzJ3EysuWa5tZFOrg21rqmfMr19AIuPSRmCFXuwkF6s+
# DnCiToloM/EvczmVQALE/KhOOm0dwvoAwSFBFTCPfg/IKjb9OcOWHGJVSgFV/1u6
# vrTqUc6xny6QhMjTuVWziE/VAH0V9wRjToii2qN9k/5e2oF1hzDGjHx7T9d//4j5
# hbRyzH0luexvob7JCpxHDELlarkoyR5a7cJQHTj0VTfmR5g6yEMLn+z7ocBcUF09
# pJzcRu2BHUYjzQgV6wqdj5aw8N26c+e8pm1XIA8S1CwBnLRnkuuCKKD7I0tdYvFA
# VgDntQ==
# =XyeR
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 21 Aug 2024 12:21:41 PM AEST
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]

* tag 'pull-misc-20240821' of https://gitlab.com/rth7680/qemu:
target/i386: Fix tss access size in switch_tss_ra
target/i386: Fix carry flag for BLSI
target/i386: Split out gen_prepare_val_nz
bsd-user: Handle short reads in mmap_h_gt_g
linux-user: Handle short reads in mmap_h_gt_g

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

target/i386: Fix carry flag for BLSI

BLSI has inverted semantics for C as compared to the other two
BMI1 instructions, BLSMSK and BLSR. Introduce CC_OP_BLSI* for
this purpose.

Resolves: https://gi

target/i386: Fix carry flag for BLSI

BLSI has inverted semantics for C as compared to the other two
BMI1 instructions, BLSMSK and BLSR. Introduce CC_OP_BLSI* for
this purpose.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2175
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240801075845.573075-3-richard.henderson@linaro.org>

show more ...

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* fix --static compilation of hexagon
* fix incorrect application of REX to MMX operands
* fix crash on module load
* update

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* fix --static compilation of hexagon
* fix incorrect application of REX to MMX operands
* fix crash on module load
* update Italian translation

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAma7kZ4UHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroOy7QgAriuxfgw3Yvu9UPPfEZT5V9p5XfDf
# LceO3C6OABIkFoGSO8WK5dWfQy3oYbrwEXX/l/PW1lUc2DFrSUo9YtIfjelRkxoC
# 0EAAbV5A+xCLYmujFqBSe/6usRj82uKjSET1KK1aCam7ONZLNZf2yb4OwdShvLSN
# MPgtBOrwznR1qh3KJtLB6YSRC0Rie1hOxbXFpx1AklXYnIiqUdMjXOHSjs+Amva0
# VczuqwjtVdNDTPqbZlCXatPtZ8nwYeEOD2jOqgjAoEwwabZ1fFGDCNXlqEDLSdTm
# Cc+IZPYU5a8+tVfH0DYEMgMSkRhDUqVZ/076L+pRi+Q8ClxWV8fKsf5qKw==
# =jJtu
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 14 Aug 2024 03:02:22 AM AEST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
po: update Italian translation
module: Prevent crash by resetting local_err in module_load_qom_all()
target/i386: Assert MMX and XMM registers in range
target/i386: Use unit not type in decode_modrm
target/i386: Do not apply REX to MMX operands
target/hexagon: don't look for static glib

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

target/i386: Assert MMX and XMM registers in range

The mmx assert would fire without the fix for #2495.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu

target/i386: Assert MMX and XMM registers in range

The mmx assert would fire without the fix for #2495.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/r/20240812025844.58956-4-richard.henderson@linaro.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* target/i386/tcg: fixes for seg_helper.c
* SEV: Don't allow automatic fallback to legacy KVM_SEV_INIT,
but also don't use

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* target/i386/tcg: fixes for seg_helper.c
* SEV: Don't allow automatic fallback to legacy KVM_SEV_INIT,
but also don't use it by default
* scsi: honor bootindex again for legacy drives
* hpet, utils, scsi, build, cpu: miscellaneous bugfixes

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmaWoP0UHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroOqfggAg3jxUp6B8dFTEid5aV6qvT4M6nwD
# TAYcAl5kRqTOklEmXiPCoA5PeS0rbr+5xzWLAKgkumjCVXbxMoYSr0xJHVuDwQWv
# XunUm4kpxJBLKK3uTGAIW9A21thOaA5eAoLIcqu2smBMU953TBevMqA7T67h22rp
# y8NnZWWdyQRH0RAaWsCBaHVkkf+DuHSG5LHMYhkdyxzno+UWkTADFppVhaDO78Ba
# Egk49oMO+G6of4+dY//p1OtAkAf4bEHePKgxnbZePInJrkgHzr0TJWf9gERWFzdK
# JiM0q6DeqopZm+vENxS+WOx7AyDzdN0qOrf6t9bziXMg0Rr2Z8bu01yBCQ==
# =cZhV
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 17 Jul 2024 02:34:05 AM AEST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
target/i386/tcg: save current task state before loading new one
target/i386/tcg: use X86Access for TSS access
target/i386/tcg: check for correct busy state before switching to a new task
target/i386/tcg: Compute MMU index once
target/i386/tcg: Introduce x86_mmu_index_{kernel_,}pl
target/i386/tcg: Reorg push/pop within seg_helper.c
target/i386/tcg: use PUSHL/PUSHW for error code
target/i386/tcg: Allow IRET from user mode to user mode with SMAP
target/i386/tcg: Remove SEG_ADDL
target/i386/tcg: fix POP to memory in long mode
hpet: fix HPET_TN_SETVAL for high 32-bits of the comparator
hpet: fix clamping of period
docs: Update description of 'user=username' for '-run-with'
qemu/timer: Add host ticks function for LoongArch
scsi: fix regression and honor bootindex again for legacy drives
hw/scsi/lsi53c895a: bump instruction limit in scripts processing to fix regression
disas: Fix build against Capstone v6
cpu: Free queued CPU work
Revert "qemu-char: do not operate on sources from finalize callbacks"
i386/sev: Don't allow automatic fallback to legacy KVM_SEV*_INIT

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

target/i386/tcg: fix POP to memory in long mode

In long mode, POP to memory will write a full 64-bit value. However,
the call to gen_writeback() in gen_POP will use MO_32 because the
decoding table

target/i386/tcg: fix POP to memory in long mode

In long mode, POP to memory will write a full 64-bit value. However,
the call to gen_writeback() in gen_POP will use MO_32 because the
decoding table is incorrect.

The bug was latent until commit aea49fbb01a ("target/i386: use gen_writeback()
within gen_POP()", 2024-06-08), and then became visible because gen_op_st_v
now receives op->ot instead of the "ot" returned by gen_pop_T0.

Analyzed-by: Clément Chigot <chigot@adacore.com>
Fixes: 5e9e21bcc4d ("target/i386: move 60-BF opcodes to new decoder", 2024-05-07)
Tested-by: Clément Chigot <chigot@adacore.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* configure: detect --cpu=mipsisa64r6
* target/i386: decode address before going back to translate.c
* meson: allow configuri

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* configure: detect --cpu=mipsisa64r6
* target/i386: decode address before going back to translate.c
* meson: allow configuring the x86-64 baseline
* meson: remove dead optimization option
* exec: small changes to allow compilation with C++ in Android emulator
* fix SEV compilation on 32-bit systems

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmZ+8mEUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroMVmAf+PjJBpMYNFb2qxJDw5jI7hITsrtm4
# v5TKo9x7E3pna5guae5ODFencYhBITQznHFa3gO9w09QN7Gq/rKjuBBST9VISslU
# dW3HtxY9A1eHQtNqHuD7jBWWo9N0hhNiLRa6xz/VDTjEJSxhjSdK2bRW9Yz9hZAe
# 8bbEEC9us21RdFTS+eijOMo9SPyASUlqIq4RbQpbAVuzzOMeXnfOuX9VSTcBy9o2
# 7cKMg7zjL8WQugJKynyl5lny7m1Ji55LD2UrYMF6Mik3Wz5kwgHcUITJ+ZHd/9hR
# a+MI7o/jyCPdmX9pBvJCxyerCVYBu0ugLqYKpAcsqU6111FLrnGgDvHf/g==
# =LdYd
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 28 Jun 2024 10:26:57 AM PDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (23 commits)
target/i386/sev: Fix printf formats
target/i386/sev: Use size_t for object sizes
target/i386: SEV: store pointer to decoded id_auth in SevSnpGuest
target/i386: SEV: rename sev_snp_guest->id_auth
target/i386: SEV: store pointer to decoded id_block in SevSnpGuest
target/i386: SEV: rename sev_snp_guest->id_block
target/i386: remove unused enum
target/i386: give CC_OP_POPCNT low bits corresponding to MO_TL
target/i386: use cpu_cc_dst for CC_OP_POPCNT
target/i386: fix CC_OP dump
include: move typeof_strip_qual to compiler.h, use it in QAPI_LIST_LENGTH()
exec: don't use void* in pointer arithmetic in headers
exec: avoid using C++ keywords in function parameters
block: rename former bdrv_file_open callbacks
block: remove separate bdrv_file_open callback
block: do not check bdrv_file_open
block: make assertion more generic
meson: remove dead optimization option
meson: allow configuring the x86-64 baseline
Revert "host/i386: assume presence of SSE2"
...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

target/i386: use cpu_cc_dst for CC_OP_POPCNT

It is the only CCOp, among those that compute ZF from one of the cc_op_*
registers, that uses cpu_cc_src. Do not make it the odd one off,
instead use cp

target/i386: use cpu_cc_dst for CC_OP_POPCNT

It is the only CCOp, among those that compute ZF from one of the cc_op_*
registers, that uses cpu_cc_src. Do not make it the odd one off,
instead use cpu_cc_dst like the others.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* i386: fix issue with cache topology passthrough
* scsi-disk: migrate emulated requests
* i386/sev: fix Coverity issues
* i3

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* i386: fix issue with cache topology passthrough
* scsi-disk: migrate emulated requests
* i386/sev: fix Coverity issues
* i386/tcg: more conversions to new decoder

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmZv6kMUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroOn4Af/evnpsae1fm8may1NQmmezKiks/4X
# cR0GaQ7w75Oas05jKsG7Xnrq3Vn6p5wllf3Wf00p7F1iJX18azY9rQgIsUVUgVem
# /EIZk1eM6+mDxuIG0taPxc5Aw3cfIBWAjUmzsXrSr55e/wyiIxZCeUo2zk8Il+iL
# Z4ceNzY5PZzc2Fl10D3cGs/+ynfiDM53ucwe3ve2T6NrxEVfKQPp5jkIUkBUba6z
# zM5O4Q5KTEZYVth1gbDTB/uUJLUFjQ12kCQfRCNX+bEPDHwARr0UWr/Oxtz0jZSd
# FvXohz7tI+v+ph0xHyE4tEFqryvLCII1td2ohTAYZZXNGkjK6XZildngBw==
# =m4BE
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 17 Jun 2024 12:48:19 AM PDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (25 commits)
target/i386: SEV: do not assume machine->cgs is SEV
target/i386: convert CMPXCHG to new decoder
target/i386: convert XADD to new decoder
target/i386: convert LZCNT/TZCNT/BSF/BSR/POPCNT to new decoder
target/i386: convert SHLD/SHRD to new decoder
target/i386: adapt gen_shift_count for SHLD/SHRD
target/i386: pull load/writeback out of gen_shiftd_rm_T1
target/i386: convert non-grouped, helper-based 2-byte opcodes
target/i386: split X86_CHECK_prot into PE and VM86 checks
target/i386: finish converting 0F AE to the new decoder
target/i386: fix bad sorting of entries in the 0F table
target/i386: replace read_crN helper with read_cr8
target/i386: convert MOV from/to CR and DR to new decoder
target/i386: fix processing of intercept 0 (read CR0)
target/i386: replace NoSeg special with NoLoadEA
target/i386: change X86_ENTRYwr to use T0, use it for moves
target/i386: change X86_ENTRYr to use T0
target/i386: put BLS* input in T1, use generic flag writeback
target/i386: rewrite flags writeback for ADCX/ADOX
target/i386: remove CPUX86State argument from generator functions
...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

target/i386: convert CMPXCHG to new decoder

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: convert XADD to new decoder

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: convert LZCNT/TZCNT/BSF/BSR/POPCNT to new decoder

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386: convert SHLD/SHRD to new decoder

Use the same flag generation code as SHL and SHR, but use
the existing gen_shiftd_rm_T1 function to compute the result
as well as CC_SRC.

Decoding-wise

target/i386: convert SHLD/SHRD to new decoder

Use the same flag generation code as SHL and SHR, but use
the existing gen_shiftd_rm_T1 function to compute the result
as well as CC_SRC.

Decoding-wise, SHLD/SHRD by immediate count as a 4 operand
instruction because s->T0 and s->T1 actually occupy three op
slots. The infrastructure used by opcodes in the 0F 3A table
works fine.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

target/i386: adapt gen_shift_count for SHLD/SHRD

SHLD/SHRD can have 3 register operands - s->T0, s->T1 and either
1 or CL - and therefore decode->op[2] is taken by the low part
of the register being

target/i386: adapt gen_shift_count for SHLD/SHRD

SHLD/SHRD can have 3 register operands - s->T0, s->T1 and either
1 or CL - and therefore decode->op[2] is taken by the low part
of the register being shifted. Pass X86_OP_* to gen_shift_count
from its current callers and hardcode cpu_regs[R_ECX] as the
shift count.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

target/i386: convert non-grouped, helper-based 2-byte opcodes

These have very simple generators and no need for complex group
decoding. Apart from LAR/LSL which are simplified to use
gen_op_deposit

target/i386: convert non-grouped, helper-based 2-byte opcodes

These have very simple generators and no need for complex group
decoding. Apart from LAR/LSL which are simplified to use
gen_op_deposit_reg_v and movcond, the code is generally lifted
from translate.c into the generators.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

target/i386: finish converting 0F AE to the new decoder

This is already partly implemented due to VLDMXCSR and VSTMXCSR; finish
the job.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org

target/i386: finish converting 0F AE to the new decoder

This is already partly implemented due to VLDMXCSR and VSTMXCSR; finish
the job.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

target/i386: replace read_crN helper with read_cr8

All other control registers are stored plainly in CPUX86State.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo

target/i386: replace read_crN helper with read_cr8

All other control registers are stored plainly in CPUX86State.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...