Series comparison

-[PULL 00/12] tcg patch queue
+[PULL 0/4] tcg patch queue
-The following changes since commit bad76ac319556dab2497429d473b49a237672e1c:
+The following changes since commit 67e41fe0cfb62e6cdfa659f0155417d17e5274ea:
-  Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-pull-request' into staging (2019-10-25 14:17:08 +0100)
+  Merge tag 'pull-ppc-20220104' of https://github.com/legoater/qemu into staging (2022-01-04 07:23:27 -0800)
 are available in the Git repository at:
-  https://github.com/rth7680/qemu.git tags/pull-tcg-20191025
+  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20220104
-for you to fetch changes up to 0ed1bfb046b740b70eed2cf3581e01768703b185:
+for you to fetch changes up to d7478d4229f0a2b2817a55487e6b17081099fae4:
-  translate-all: Remove tb_alloc (2019-10-25 10:15:25 -0400)
+  common-user: Fix tail calls to safe_syscall_set_errno_tail (2022-01-04 15:41:03 -0800)
 ----------------------------------------------------------------
-Improvements for TARGET_PAGE_BITS_VARY
+Fix for safe_syscall_base.
-Fix for TCI ld16u_i64.
+Fix for folding of vector add/sub.
-Fix for segv on icount execute from i/o memory.
+Fix build on loongarch64 with gcc 8.
-Two misc cleanups.
+Remove decl for qemu_run_machine_init_done_notifiers.
 ----------------------------------------------------------------
-Alex Bennée (1):
+Philippe Mathieu-Daudé (1):
-      cputlb: ensure _cmmu helper functions follow the naming standard
+      linux-user: Fix trivial build error on loongarch64 hosts
-Clement Deschamps (1):
+Richard Henderson (2):
-      translate-all: fix uninitialized tb->orig_tb
+      tcg/optimize: Fix folding of vector ops
       common-user: Fix tail calls to safe_syscall_set_errno_tail
-Richard Henderson (8):
+Xiaoyao Li (1):
-      exec: Split out variable page size support to exec-vary.c
+      sysemu: Cleanup qemu_run_machine_init_done_notifiers()
       configure: Detect compiler support for __attribute__((alias))
       exec: Use const alias for TARGET_PAGE_BITS_VARY
       exec: Restrict TARGET_PAGE_BITS_VARY assert to CONFIG_DEBUG_TCG
       exec: Promote TARGET_PAGE_MASK to target_long
       exec: Cache TARGET_PAGE_MASK for TARGET_PAGE_BITS_VARY
       cputlb: Fix tlb_vaddr_to_host
       translate-all: Remove tb_alloc
-Stefan Weil (1):
+ include/sysemu/sysemu.h                    |  1 -
-      tci: Add implementation for INDEX_op_ld16u_i64
+ linux-user/host/loongarch64/host-signal.h  |  4 +--
  tcg/optimize.c                             | 49 +++++++++++++++++++++++-------
  common-user/host/i386/safe-syscall.inc.S   |  1 +
  common-user/host/mips/safe-syscall.inc.S   |  1 +
  common-user/host/x86_64/safe-syscall.inc.S |  1 +
 files changed, 42 insertions(+), 15 deletions(-)
-Wei Yang (1):
-      cpu: use ROUND_UP() to define xxx_PAGE_ALIGN
- Makefile.target                  |   2 +-
- include/exec/cpu-all.h           |  33 +++++++++----
- include/exec/cpu_ldst_template.h |   4 +-
- include/qemu-common.h            |   6 +++
- tcg/tcg.h                        |  20 +++++---
- accel/tcg/cputlb.c               |  26 ++++++++--
- accel/tcg/translate-all.c        |  21 ++------
- exec-vary.c                      | 102 +++++++++++++++++++++++++++++++++++++++
- exec.c                           |  34 -------------
- target/cris/translate_v10.inc.c  |   3 +-
- tcg/tci.c                        |  15 ++++++
- configure                        |  19 ++++++++
-files changed, 208 insertions(+), 77 deletions(-)
- create mode 100644 exec-vary.c

-[PULL 01/12] tci: Add implementation for INDEX_op_ld16u_i64
+Deleted patch
-From: Stefan Weil <sw@weilnetz.de>
-This fixes "make check-tcg" on a Debian x86_64 host.
-Signed-off-by: Stefan Weil <sw@weilnetz.de>
-Tested-by: Thomas Huth <thuth@redhat.com>
-Message-Id: <20190410194838.10123-1-sw@weilnetz.de>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/tci.c | 15 +++++++++++++++
-file changed, 15 insertions(+)
-diff --git a/tcg/tci.c b/tcg/tci.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tci.c
-+++ b/tcg/tci.c
-@@ -XXX,XX +XXX,XX @@ static void tci_write_reg8(tcg_target_ulong *regs, TCGReg index, uint8_t value)
-     tci_write_reg(regs, index, value);
- }
-+static void
-+tci_write_reg16(tcg_target_ulong *regs, TCGReg index, uint16_t value)
-+{
-+    tci_write_reg(regs, index, value);
-+}
-+
- static void
- tci_write_reg32(tcg_target_ulong *regs, TCGReg index, uint32_t value)
- {
-@@ -XXX,XX +XXX,XX @@ uintptr_t tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
-             tci_write_reg8(regs, t0, *(uint8_t *)(t1 + t2));
-             break;
-         case INDEX_op_ld8s_i32:
-+            TODO();
-+            break;
-         case INDEX_op_ld16u_i32:
-             TODO();
-             break;
-@@ -XXX,XX +XXX,XX @@ uintptr_t tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
-             tci_write_reg8(regs, t0, *(uint8_t *)(t1 + t2));
-             break;
-         case INDEX_op_ld8s_i64:
-+            TODO();
-+            break;
-         case INDEX_op_ld16u_i64:
-+            t0 = *tb_ptr++;
-+            t1 = tci_read_r(regs, &tb_ptr);
-+            t2 = tci_read_s32(&tb_ptr);
-+            tci_write_reg16(regs, t0, *(uint16_t *)(t1 + t2));
-+            break;
-         case INDEX_op_ld16s_i64:
-             TODO();
-             break;
---
-.17.1

-[PULL 02/12] cputlb: ensure _cmmu helper functions follow the naming standard
+[PULL 1/4] tcg/optimize: Fix folding of vector ops
-From: Alex Bennée <alex.bennee@linaro.org>
+Bitwise operations are easy to fold, because the operation is
 identical regardless of element size.  But add and sub need
 extra element size info that is not currently propagated.
-We document this in docs/devel/load-stores.rst so lets follow it. The
+Fixes: 2f9f08ba43d
-bit and 64 bit access functions have historically not included the
+Cc: qemu-stable@nongnu.org
-sign so we leave those as is. We also introduce some signed helpers
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/799
-which are used for loading immediate values in the translator.
+Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Fixes: 282dffc8
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
 Message-Id: <20191021150910.23216-1-alex.bennee@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- include/exec/cpu_ldst_template.h |  4 ++--
+ tcg/optimize.c | 49 ++++++++++++++++++++++++++++++++++++++-----------
- tcg/tcg.h                        | 20 ++++++++++++++------
+file changed, 38 insertions(+), 11 deletions(-)
  accel/tcg/cputlb.c               | 24 +++++++++++++++++++++---
  target/cris/translate_v10.inc.c  |  3 +--
 files changed, 38 insertions(+), 13 deletions(-)
-diff --git a/include/exec/cpu_ldst_template.h b/include/exec/cpu_ldst_template.h
+diff --git a/tcg/optimize.c b/tcg/optimize.c
 index XXXXXXX..XXXXXXX 100644
---- a/include/exec/cpu_ldst_template.h
+--- a/tcg/optimize.c
-+++ b/include/exec/cpu_ldst_template.h
++++ b/tcg/optimize.c
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ static uint64_t do_constant_folding_2(TCGOpcode op, uint64_t x, uint64_t y)
- #ifdef SOFTMMU_CODE_ACCESS
+     CASE_OP_32_64(mul):
- #define ADDR_READ addr_code
+         return x * y;
- #define MMUSUFFIX _cmmu
--#define URETSUFFIX SUFFIX
+-    CASE_OP_32_64(and):
--#define SRETSUFFIX SUFFIX
++    CASE_OP_32_64_VEC(and):
-+#define URETSUFFIX USUFFIX
+         return x & y;
-+#define SRETSUFFIX glue(s, SUFFIX)
- #else
+-    CASE_OP_32_64(or):
- #define ADDR_READ addr_read
++    CASE_OP_32_64_VEC(or):
- #define MMUSUFFIX _mmu
+         return x | y;
-diff --git a/tcg/tcg.h b/tcg/tcg.h
-index XXXXXXX..XXXXXXX 100644
+-    CASE_OP_32_64(xor):
---- a/tcg/tcg.h
++    CASE_OP_32_64_VEC(xor):
-+++ b/tcg/tcg.h
+         return x ^ y;
-@@ -XXX,XX +XXX,XX @@ void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
- void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+     case INDEX_op_shl_i32:
-                        TCGMemOpIdx oi, uintptr_t retaddr);
+@@ -XXX,XX +XXX,XX @@ static uint64_t do_constant_folding_2(TCGOpcode op, uint64_t x, uint64_t y)
+     case INDEX_op_rotl_i64:
--uint8_t helper_ret_ldb_cmmu(CPUArchState *env, target_ulong addr,
+         return rol64(x, y & 63);
-+uint8_t helper_ret_ldub_cmmu(CPUArchState *env, target_ulong addr,
-                             TCGMemOpIdx oi, uintptr_t retaddr);
+-    CASE_OP_32_64(not):
--uint16_t helper_le_ldw_cmmu(CPUArchState *env, target_ulong addr,
++    CASE_OP_32_64_VEC(not):
-+int8_t helper_ret_ldsb_cmmu(CPUArchState *env, target_ulong addr,
+         return ~x;
-                             TCGMemOpIdx oi, uintptr_t retaddr);
-+uint16_t helper_le_lduw_cmmu(CPUArchState *env, target_ulong addr,
+     CASE_OP_32_64(neg):
-+                             TCGMemOpIdx oi, uintptr_t retaddr);
+         return -x;
-+int16_t helper_le_ldsw_cmmu(CPUArchState *env, target_ulong addr,
-+                             TCGMemOpIdx oi, uintptr_t retaddr);
+-    CASE_OP_32_64(andc):
- uint32_t helper_le_ldl_cmmu(CPUArchState *env, target_ulong addr,
++    CASE_OP_32_64_VEC(andc):
-                             TCGMemOpIdx oi, uintptr_t retaddr);
+         return x & ~y;
- uint64_t helper_le_ldq_cmmu(CPUArchState *env, target_ulong addr,
-                             TCGMemOpIdx oi, uintptr_t retaddr);
+-    CASE_OP_32_64(orc):
--uint16_t helper_be_ldw_cmmu(CPUArchState *env, target_ulong addr,
++    CASE_OP_32_64_VEC(orc):
--                            TCGMemOpIdx oi, uintptr_t retaddr);
+         return x | ~y;
-+uint16_t helper_be_lduw_cmmu(CPUArchState *env, target_ulong addr,
-+                             TCGMemOpIdx oi, uintptr_t retaddr);
+     CASE_OP_32_64(eqv):
-+int16_t helper_be_ldsw_cmmu(CPUArchState *env, target_ulong addr,
+@@ -XXX,XX +XXX,XX @@ static bool fold_const2(OptContext *ctx, TCGOp *op)
-+                             TCGMemOpIdx oi, uintptr_t retaddr);
+     return false;
  uint32_t helper_be_ldl_cmmu(CPUArchState *env, target_ulong addr,
                              TCGMemOpIdx oi, uintptr_t retaddr);
  uint64_t helper_be_ldq_cmmu(CPUArchState *env, target_ulong addr,
@@ -XXX,XX +XXX,XX @@ uint64_t helper_be_ldq_cmmu(CPUArchState *env, target_ulong addr,
  # define helper_ret_stw_mmu   helper_be_stw_mmu
  # define helper_ret_stl_mmu   helper_be_stl_mmu
  # define helper_ret_stq_mmu   helper_be_stq_mmu
 -# define helper_ret_ldw_cmmu  helper_be_ldw_cmmu
 +# define helper_ret_lduw_cmmu  helper_be_lduw_cmmu
 +# define helper_ret_ldsw_cmmu  helper_be_ldsw_cmmu
  # define helper_ret_ldl_cmmu  helper_be_ldl_cmmu
  # define helper_ret_ldq_cmmu  helper_be_ldq_cmmu
  #else
@@ -XXX,XX +XXX,XX @@ uint64_t helper_be_ldq_cmmu(CPUArchState *env, target_ulong addr,
  # define helper_ret_stw_mmu   helper_le_stw_mmu
  # define helper_ret_stl_mmu   helper_le_stl_mmu
  # define helper_ret_stq_mmu   helper_le_stq_mmu
 -# define helper_ret_ldw_cmmu  helper_le_ldw_cmmu
 +# define helper_ret_lduw_cmmu  helper_le_lduw_cmmu
 +# define helper_ret_ldsw_cmmu  helper_le_ldsw_cmmu
  # define helper_ret_ldl_cmmu  helper_le_ldl_cmmu
  # define helper_ret_ldq_cmmu  helper_le_ldq_cmmu
  #endif
 diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cputlb.c
 +++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static uint64_t full_ldub_cmmu(CPUArchState *env, target_ulong addr,
      return load_helper(env, addr, oi, retaddr, MO_8, true, full_ldub_cmmu);
  }
--uint8_t helper_ret_ldb_cmmu(CPUArchState *env, target_ulong addr,
++static bool fold_commutative(OptContext *ctx, TCGOp *op)
 +uint8_t helper_ret_ldub_cmmu(CPUArchState *env, target_ulong addr,
                              TCGMemOpIdx oi, uintptr_t retaddr)
  {
      return full_ldub_cmmu(env, addr, oi, retaddr);
  }
 +int8_t helper_ret_ldsb_cmmu(CPUArchState *env, target_ulong addr,
 +                            TCGMemOpIdx oi, uintptr_t retaddr)
 +{
-+    return (int8_t) full_ldub_cmmu(env, addr, oi, retaddr);
++    swap_commutative(op->args[0], &op->args[1], &op->args[2]);
 +    return false;
 +}
 +
- static uint64_t full_le_lduw_cmmu(CPUArchState *env, target_ulong addr,
+ static bool fold_const2_commutative(OptContext *ctx, TCGOp *op)
                                    TCGMemOpIdx oi, uintptr_t retaddr)
  {
-@@ -XXX,XX +XXX,XX @@ static uint64_t full_le_lduw_cmmu(CPUArchState *env, target_ulong addr,
+     swap_commutative(op->args[0], &op->args[1], &op->args[2]);
-                        full_le_lduw_cmmu);
+@@ -XXX,XX +XXX,XX @@ static bool fold_add(OptContext *ctx, TCGOp *op)
      return false;
  }
--uint16_t helper_le_ldw_cmmu(CPUArchState *env, target_ulong addr,
++/* We cannot as yet do_constant_folding with vectors. */
-+uint16_t helper_le_lduw_cmmu(CPUArchState *env, target_ulong addr,
++static bool fold_add_vec(OptContext *ctx, TCGOp *op)
                              TCGMemOpIdx oi, uintptr_t retaddr)
  {
      return full_le_lduw_cmmu(env, addr, oi, retaddr);
  }
 +int16_t helper_le_ldsw_cmmu(CPUArchState *env, target_ulong addr,
 +                            TCGMemOpIdx oi, uintptr_t retaddr)
 +{
-+    return (int16_t) full_le_lduw_cmmu(env, addr, oi, retaddr);
++    if (fold_commutative(ctx, op) ||
 +        fold_xi_to_x(ctx, op, 0)) {
 +        return true;
 +    }
 +    return false;
 +}
 +
- static uint64_t full_be_lduw_cmmu(CPUArchState *env, target_ulong addr,
+ static bool fold_addsub2(OptContext *ctx, TCGOp *op, bool add)
                                    TCGMemOpIdx oi, uintptr_t retaddr)
  {
-@@ -XXX,XX +XXX,XX @@ static uint64_t full_be_lduw_cmmu(CPUArchState *env, target_ulong addr,
+     if (arg_is_const(op->args[2]) && arg_is_const(op->args[3]) &&
-                        full_be_lduw_cmmu);
+@@ -XXX,XX +XXX,XX @@ static bool fold_sub_to_neg(OptContext *ctx, TCGOp *op)
      return false;
  }
--uint16_t helper_be_ldw_cmmu(CPUArchState *env, target_ulong addr,
+-static bool fold_sub(OptContext *ctx, TCGOp *op)
-+uint16_t helper_be_lduw_cmmu(CPUArchState *env, target_ulong addr,
++/* We cannot as yet do_constant_folding with vectors. */
-                             TCGMemOpIdx oi, uintptr_t retaddr)
++static bool fold_sub_vec(OptContext *ctx, TCGOp *op)
  {
-     return full_be_lduw_cmmu(env, addr, oi, retaddr);
+-    if (fold_const2(ctx, op) ||
 -        fold_xx_to_i(ctx, op, 0) ||
 +    if (fold_xx_to_i(ctx, op, 0) ||
          fold_xi_to_x(ctx, op, 0) ||
          fold_sub_to_neg(ctx, op)) {
          return true;
@@ -XXX,XX +XXX,XX @@ static bool fold_sub(OptContext *ctx, TCGOp *op)
      return false;
  }
-+int16_t helper_be_ldsw_cmmu(CPUArchState *env, target_ulong addr,
++static bool fold_sub(OptContext *ctx, TCGOp *op)
 +                            TCGMemOpIdx oi, uintptr_t retaddr)
 +{
-+    return (int16_t) full_be_lduw_cmmu(env, addr, oi, retaddr);
++    return fold_const2(ctx, op) || fold_sub_vec(ctx, op);
 +}
 +
- static uint64_t full_le_ldul_cmmu(CPUArchState *env, target_ulong addr,
+ static bool fold_sub2(OptContext *ctx, TCGOp *op)
                                    TCGMemOpIdx oi, uintptr_t retaddr)
  {
-diff --git a/target/cris/translate_v10.inc.c b/target/cris/translate_v10.inc.c
+     return fold_addsub2(ctx, op, false);
-index XXXXXXX..XXXXXXX 100644
+@@ -XXX,XX +XXX,XX @@ void tcg_optimize(TCGContext *s)
---- a/target/cris/translate_v10.inc.c
+          * Sorted alphabetically by opcode as much as possible.
-+++ b/target/cris/translate_v10.inc.c
+          */
-@@ -XXX,XX +XXX,XX @@ static unsigned int dec10_ind(CPUCRISState *env, DisasContext *dc)
+         switch (opc) {
-         case CRISV10_IND_BCC_M:
+-        CASE_OP_32_64_VEC(add):
++        CASE_OP_32_64(add):
-             cris_cc_mask(dc, 0);
+             done = fold_add(&ctx, op);
--            imm = cpu_ldsw_code(env, dc->pc + 2);
+             break;
--            simm = (int16_t)imm;
++        case INDEX_op_add_vec:
-+            simm = cpu_ldsw_code(env, dc->pc + 2);
++            done = fold_add_vec(&ctx, op);
-             simm += 4;
++            break;
+         CASE_OP_32_64(add2):
-             LOG_DIS("bcc_m: b%s %x\n", cc_name(dc->cond), dc->pc + simm);
+             done = fold_add2(&ctx, op);
              break;
@@ -XXX,XX +XXX,XX @@ void tcg_optimize(TCGContext *s)
          CASE_OP_32_64(sextract):
              done = fold_sextract(&ctx, op);
              break;
 -        CASE_OP_32_64_VEC(sub):
 +        CASE_OP_32_64(sub):
              done = fold_sub(&ctx, op);
              break;
 +        case INDEX_op_sub_vec:
 +            done = fold_sub_vec(&ctx, op);
 +            break;
          CASE_OP_32_64(sub2):
              done = fold_sub2(&ctx, op);
              break;
 --
-.17.1
+.25.1

-[PULL 03/12] cpu: use ROUND_UP() to define xxx_PAGE_ALIGN
+Deleted patch
-From: Wei Yang <richardw.yang@linux.intel.com>
-Use ROUND_UP() to define, which is a little bit easy to read.
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
-Reviewed-by: Juan Quintela <quintela@redhat.com>
-Signed-off-by: Wei Yang <richardw.yang@linux.intel.com>
-Message-Id: <20191013021145.16011-2-richardw.yang@linux.intel.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/exec/cpu-all.h | 7 +++----
-file changed, 3 insertions(+), 4 deletions(-)
-diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/cpu-all.h
-+++ b/include/exec/cpu-all.h
-@@ -XXX,XX +XXX,XX @@ extern int target_page_bits;
- #define TARGET_PAGE_SIZE (1 << TARGET_PAGE_BITS)
- #define TARGET_PAGE_MASK ~(TARGET_PAGE_SIZE - 1)
--#define TARGET_PAGE_ALIGN(addr) (((addr) + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK)
-+#define TARGET_PAGE_ALIGN(addr) ROUND_UP((addr), TARGET_PAGE_SIZE)
- /* Using intptr_t ensures that qemu_*_page_mask is sign-extended even
-  * when intptr_t is 32-bit and we are aligning a long long.
-@@ -XXX,XX +XXX,XX @@ extern int target_page_bits;
- extern uintptr_t qemu_host_page_size;
- extern intptr_t qemu_host_page_mask;
--#define HOST_PAGE_ALIGN(addr) (((addr) + qemu_host_page_size - 1) & qemu_host_page_mask)
--#define REAL_HOST_PAGE_ALIGN(addr) (((addr) + qemu_real_host_page_size - 1) & \
--                                    qemu_real_host_page_mask)
-+#define HOST_PAGE_ALIGN(addr) ROUND_UP((addr), qemu_host_page_size)
-+#define REAL_HOST_PAGE_ALIGN(addr) ROUND_UP((addr), qemu_real_host_page_size)
- /* same as PROT_xxx */
- #define PAGE_READ      0x0001
---
-.17.1

-[PULL 04/12] exec: Split out variable page size support to exec-vary.c
+Deleted patch
-The next patch will play a trick with "const" that will
-confuse the compiler about the uses of target_page_bits
-within exec.c.  Moving everything to a new file prevents
-this confusion.
-No functional change so far.
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- Makefile.target       |  2 +-
- include/qemu-common.h |  6 +++++
- exec-vary.c           | 57 +++++++++++++++++++++++++++++++++++++++++++
- exec.c                | 34 --------------------------
-files changed, 64 insertions(+), 35 deletions(-)
- create mode 100644 exec-vary.c
-diff --git a/Makefile.target b/Makefile.target
-index XXXXXXX..XXXXXXX 100644
---- a/Makefile.target
-+++ b/Makefile.target
-@@ -XXX,XX +XXX,XX @@ obj-y += trace/
- #########################################################
- # cpu emulator library
--obj-y += exec.o
-+obj-y += exec.o exec-vary.o
- obj-y += accel/
- obj-$(CONFIG_TCG) += tcg/tcg.o tcg/tcg-op.o tcg/tcg-op-vec.o tcg/tcg-op-gvec.o
- obj-$(CONFIG_TCG) += tcg/tcg-common.o tcg/optimize.o
-diff --git a/include/qemu-common.h b/include/qemu-common.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/qemu-common.h
-+++ b/include/qemu-common.h
-@@ -XXX,XX +XXX,XX @@ void cpu_exec_step_atomic(CPUState *cpu);
-  */
- bool set_preferred_target_page_bits(int bits);
-+/**
-+ * finalize_target_page_bits:
-+ * Commit the final value set by set_preferred_target_page_bits.
-+ */
-+void finalize_target_page_bits(void);
-+
- /**
-  * Sends a (part of) iovec down a socket, yielding when the socket is full, or
-  * Receives data into a (part of) iovec from a socket,
-diff --git a/exec-vary.c b/exec-vary.c
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/exec-vary.c
-@@ -XXX,XX +XXX,XX @@
-+/*
-+ * Variable page size handling
-+ *
-+ *  Copyright (c) 2003 Fabrice Bellard
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public
-+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
-+ */
-+
-+#include "qemu/osdep.h"
-+#include "qemu-common.h"
-+#include "exec/exec-all.h"
-+
-+#ifdef TARGET_PAGE_BITS_VARY
-+int target_page_bits;
-+bool target_page_bits_decided;
-+#endif
-+
-+bool set_preferred_target_page_bits(int bits)
-+{
-+    /*
-+     * The target page size is the lowest common denominator for all
-+     * the CPUs in the system, so we can only make it smaller, never
-+     * larger. And we can't make it smaller once we've committed to
-+     * a particular size.
-+     */
-+#ifdef TARGET_PAGE_BITS_VARY
-+    assert(bits >= TARGET_PAGE_BITS_MIN);
-+    if (target_page_bits == 0 || target_page_bits > bits) {
-+        if (target_page_bits_decided) {
-+            return false;
-+        }
-+        target_page_bits = bits;
-+    }
-+#endif
-+    return true;
-+}
-+
-+void finalize_target_page_bits(void)
-+{
-+#ifdef TARGET_PAGE_BITS_VARY
-+    if (target_page_bits == 0) {
-+        target_page_bits = TARGET_PAGE_BITS_MIN;
-+    }
-+    target_page_bits_decided = true;
-+#endif
-+}
-diff --git a/exec.c b/exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/exec.c
-+++ b/exec.c
-@@ -XXX,XX +XXX,XX @@ AddressSpace address_space_memory;
- static MemoryRegion io_mem_unassigned;
- #endif
--#ifdef TARGET_PAGE_BITS_VARY
--int target_page_bits;
--bool target_page_bits_decided;
--#endif
--
- CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
- /* current CPU in the current thread. It is only valid inside
-@@ -XXX,XX +XXX,XX @@ int use_icount;
- uintptr_t qemu_host_page_size;
- intptr_t qemu_host_page_mask;
--bool set_preferred_target_page_bits(int bits)
--{
--    /* The target page size is the lowest common denominator for all
--     * the CPUs in the system, so we can only make it smaller, never
--     * larger. And we can't make it smaller once we've committed to
--     * a particular size.
--     */
--#ifdef TARGET_PAGE_BITS_VARY
--    assert(bits >= TARGET_PAGE_BITS_MIN);
--    if (target_page_bits == 0 || target_page_bits > bits) {
--        if (target_page_bits_decided) {
--            return false;
--        }
--        target_page_bits = bits;
--    }
--#endif
--    return true;
--}
--
- #if !defined(CONFIG_USER_ONLY)
--static void finalize_target_page_bits(void)
--{
--#ifdef TARGET_PAGE_BITS_VARY
--    if (target_page_bits == 0) {
--        target_page_bits = TARGET_PAGE_BITS_MIN;
--    }
--    target_page_bits_decided = true;
--#endif
--}
--
- typedef struct PhysPageEntry PhysPageEntry;
- struct PhysPageEntry {
---
-.17.1

-[PULL 05/12] configure: Detect compiler support for __attribute__((alias))
+Deleted patch
-Such support is present almost everywhere, except for Xcode 9.
-It is added in Xcode 10, but travis uses xcode9 by default,
-so we should support it for a while yet.
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- configure | 19 +++++++++++++++++++
-file changed, 19 insertions(+)
-diff --git a/configure b/configure
-index XXXXXXX..XXXXXXX 100755
---- a/configure
-+++ b/configure
-@@ -XXX,XX +XXX,XX @@ if compile_prog "" "" ; then
-   vector16=yes
- fi
-+########################################
-+# See if __attribute__((alias)) is supported.
-+# This false for Xcode 9, but has been remedied for Xcode 10.
-+# Unfortunately, travis uses Xcode 9 by default.
-+
-+attralias=no
-+cat > $TMPC << EOF
-+int x = 1;
-+extern const int y __attribute__((alias("x")));
-+int main(void) { return 0; }
-+EOF
-+if compile_prog "" "" ; then
-+    attralias=yes
-+fi
-+
- ########################################
- # check if getauxval is available.
-@@ -XXX,XX +XXX,XX @@ if test "$vector16" = "yes" ; then
-   echo "CONFIG_VECTOR16=y" >> $config_host_mak
- fi
-+if test "$attralias" = "yes" ; then
-+  echo "CONFIG_ATTRIBUTE_ALIAS=y" >> $config_host_mak
-+fi
-+
- if test "$getauxval" = "yes" ; then
-   echo "CONFIG_GETAUXVAL=y" >> $config_host_mak
- fi
---
-.17.1

-[PULL 06/12] exec: Use const alias for TARGET_PAGE_BITS_VARY
+Deleted patch
-Using a variable that is declared "const" for this tells the
-compiler that it may read the value once and assume that it
-does not change across function calls.
-For target_page_size, this means we have only one assert per
-function, and one read of the variable.
-This reduces the size of qemu-system-aarch64 by 8k.
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/exec/cpu-all.h | 14 +++++++---
- exec-vary.c            | 60 ++++++++++++++++++++++++++++++++++++------
-files changed, 62 insertions(+), 12 deletions(-)
-diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/cpu-all.h
-+++ b/include/exec/cpu-all.h
-@@ -XXX,XX +XXX,XX @@ static inline void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val
- /* page related stuff */
- #ifdef TARGET_PAGE_BITS_VARY
--extern bool target_page_bits_decided;
--extern int target_page_bits;
--#define TARGET_PAGE_BITS ({ assert(target_page_bits_decided); \
--                            target_page_bits; })
-+typedef struct {
-+    bool decided;
-+    int bits;
-+} TargetPageBits;
-+# if defined(CONFIG_ATTRIBUTE_ALIAS) || !defined(IN_EXEC_VARY)
-+extern const TargetPageBits target_page;
-+#else
-+extern TargetPageBits target_page;
-+# endif
-+#define TARGET_PAGE_BITS (assert(target_page.decided), target_page.bits)
- #else
- #define TARGET_PAGE_BITS_MIN TARGET_PAGE_BITS
- #endif
-diff --git a/exec-vary.c b/exec-vary.c
-index XXXXXXX..XXXXXXX 100644
---- a/exec-vary.c
-+++ b/exec-vary.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/osdep.h"
- #include "qemu-common.h"
-+
-+#define IN_EXEC_VARY 1
-+
- #include "exec/exec-all.h"
- #ifdef TARGET_PAGE_BITS_VARY
--int target_page_bits;
--bool target_page_bits_decided;
-+# ifdef CONFIG_ATTRIBUTE_ALIAS
-+/*
-+ * We want to declare the "target_page" variable as const, which tells
-+ * the compiler that it can cache any value that it reads across calls.
-+ * This avoids multiple assertions and multiple reads within any one user.
-+ *
-+ * This works because we initialize the target_page data very early, in a
-+ * location far removed from the functions that require the final results.
-+ *
-+ * This also requires that we have a non-constant symbol by which we can
-+ * perform the actual initialization, and which forces the data to be
-+ * allocated within writable memory.  Thus "init_target_page", and we use
-+ * that symbol exclusively in the two functions that initialize this value.
-+ *
-+ * The "target_page" symbol is created as an alias of "init_target_page".
-+ */
-+static TargetPageBits init_target_page;
-+
-+/*
-+ * Note that this is *not* a redundant decl, this is the definition of
-+ * the "target_page" symbol.  The syntax for this definition requires
-+ * the use of the extern keyword.  This seems to be a GCC bug in
-+ * either the syntax for the alias attribute or in -Wredundant-decls.
-+ *
-+ * See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91765
-+ */
-+#  pragma GCC diagnostic push
-+#  pragma GCC diagnostic ignored "-Wredundant-decls"
-+
-+extern const TargetPageBits target_page
-+    __attribute__((alias("init_target_page")));
-+
-+#  pragma GCC diagnostic pop
-+# else
-+/*
-+ * When aliases are not supported then we force two different declarations,
-+ * by way of suppressing the header declaration with IN_EXEC_VARY.
-+ * We assume that on such an old compiler, LTO cannot be used, and so the
-+ * compiler cannot not detect the mismatched declarations, and all is well.
-+ */
-+TargetPageBits target_page;
-+#  define init_target_page target_page
-+# endif
- #endif
- bool set_preferred_target_page_bits(int bits)
-@@ -XXX,XX +XXX,XX @@ bool set_preferred_target_page_bits(int bits)
-      */
- #ifdef TARGET_PAGE_BITS_VARY
-     assert(bits >= TARGET_PAGE_BITS_MIN);
--    if (target_page_bits == 0 || target_page_bits > bits) {
--        if (target_page_bits_decided) {
-+    if (init_target_page.bits == 0 || init_target_page.bits > bits) {
-+        if (init_target_page.decided) {
-             return false;
-         }
--        target_page_bits = bits;
-+        init_target_page.bits = bits;
-     }
- #endif
-     return true;
-@@ -XXX,XX +XXX,XX @@ bool set_preferred_target_page_bits(int bits)
- void finalize_target_page_bits(void)
- {
- #ifdef TARGET_PAGE_BITS_VARY
--    if (target_page_bits == 0) {
--        target_page_bits = TARGET_PAGE_BITS_MIN;
-+    if (init_target_page.bits == 0) {
-+        init_target_page.bits = TARGET_PAGE_BITS_MIN;
-     }
--    target_page_bits_decided = true;
-+    init_target_page.decided = true;
- #endif
- }
---
-.17.1

-[PULL 07/12] exec: Restrict TARGET_PAGE_BITS_VARY assert to CONFIG_DEBUG_TCG
+Deleted patch
-This reduces the size of a release build by about 10k.
-Noticably, within the tlb miss helpers.
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/exec/cpu-all.h | 6 +++++-
-file changed, 5 insertions(+), 1 deletion(-)
-diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/cpu-all.h
-+++ b/include/exec/cpu-all.h
-@@ -XXX,XX +XXX,XX @@ extern const TargetPageBits target_page;
- #else
- extern TargetPageBits target_page;
- # endif
--#define TARGET_PAGE_BITS (assert(target_page.decided), target_page.bits)
-+# ifdef CONFIG_DEBUG_TCG
-+#  define TARGET_PAGE_BITS (assert(target_page.decided), target_page.bits)
-+# else
-+#  define TARGET_PAGE_BITS target_page.bits
-+# endif
- #else
- #define TARGET_PAGE_BITS_MIN TARGET_PAGE_BITS
- #endif
---
-.17.1

-[PULL 08/12] exec: Promote TARGET_PAGE_MASK to target_long
+Deleted patch
-There are some uint64_t uses that expect TARGET_PAGE_MASK to
-extend for a 32-bit, so this must continue to be a signed type.
-Define based on TARGET_PAGE_BITS not TARGET_PAGE_SIZE; this
-will make a following patch more clear.
-This should not have a functional effect so far.
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/exec/cpu-all.h | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/cpu-all.h
-+++ b/include/exec/cpu-all.h
-@@ -XXX,XX +XXX,XX @@ extern TargetPageBits target_page;
- #endif
- #define TARGET_PAGE_SIZE (1 << TARGET_PAGE_BITS)
--#define TARGET_PAGE_MASK ~(TARGET_PAGE_SIZE - 1)
-+#define TARGET_PAGE_MASK ((target_long)-1 << TARGET_PAGE_BITS)
- #define TARGET_PAGE_ALIGN(addr) ROUND_UP((addr), TARGET_PAGE_SIZE)
- /* Using intptr_t ensures that qemu_*_page_mask is sign-extended even
---
-.17.1

-[PULL 09/12] exec: Cache TARGET_PAGE_MASK for TARGET_PAGE_BITS_VARY
+Deleted patch
-This eliminates a set of runtime shifts.  It turns out that we
-require TARGET_PAGE_MASK more often than TARGET_PAGE_SIZE, so
-redefine TARGET_PAGE_SIZE based on TARGET_PAGE_MASK instead of
-the other way around.
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/exec/cpu-all.h | 8 ++++++--
- exec-vary.c            | 1 +
-files changed, 7 insertions(+), 2 deletions(-)
-diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/cpu-all.h
-+++ b/include/exec/cpu-all.h
-@@ -XXX,XX +XXX,XX @@ static inline void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val
- typedef struct {
-     bool decided;
-     int bits;
-+    target_long mask;
- } TargetPageBits;
- # if defined(CONFIG_ATTRIBUTE_ALIAS) || !defined(IN_EXEC_VARY)
- extern const TargetPageBits target_page;
-@@ -XXX,XX +XXX,XX @@ extern TargetPageBits target_page;
- # endif
- # ifdef CONFIG_DEBUG_TCG
- #  define TARGET_PAGE_BITS (assert(target_page.decided), target_page.bits)
-+#  define TARGET_PAGE_MASK (assert(target_page.decided), target_page.mask)
- # else
- #  define TARGET_PAGE_BITS target_page.bits
-+#  define TARGET_PAGE_MASK target_page.mask
- # endif
-+# define TARGET_PAGE_SIZE  (-(int)TARGET_PAGE_MASK)
- #else
- #define TARGET_PAGE_BITS_MIN TARGET_PAGE_BITS
-+#define TARGET_PAGE_SIZE   (1 << TARGET_PAGE_BITS)
-+#define TARGET_PAGE_MASK   ((target_long)-1 << TARGET_PAGE_BITS)
- #endif
--#define TARGET_PAGE_SIZE (1 << TARGET_PAGE_BITS)
--#define TARGET_PAGE_MASK ((target_long)-1 << TARGET_PAGE_BITS)
- #define TARGET_PAGE_ALIGN(addr) ROUND_UP((addr), TARGET_PAGE_SIZE)
- /* Using intptr_t ensures that qemu_*_page_mask is sign-extended even
-diff --git a/exec-vary.c b/exec-vary.c
-index XXXXXXX..XXXXXXX 100644
---- a/exec-vary.c
-+++ b/exec-vary.c
-@@ -XXX,XX +XXX,XX @@ void finalize_target_page_bits(void)
-         init_target_page.bits = TARGET_PAGE_BITS_MIN;
-     }
-     init_target_page.decided = true;
-+    init_target_page.mask = (target_long)-1 << init_target_page.bits;
- #endif
- }
---
-.17.1

-[PULL 12/12] translate-all: Remove tb_alloc
+[PULL 2/4] linux-user: Fix trivial build error on loongarch64 hosts
-Since 2ac01d6dafab, this function does only two things: assert a
+From: Philippe Mathieu-Daudé <f4bug@amsat.org>
 lock is held, and call tcg_tb_alloc.  It is used exactly once,
 and its user has already done the assert.
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+When building using GCC 8.3.0 on loongarch64 (Loongnix) we get:
-Reviewed-by: Clement Deschamps <clement.deschamps@greensocs.com>
   In file included from ../linux-user/signal.c:33:
   ../linux-user/host/loongarch64/host-signal.h: In function ‘host_signal_write’:
   ../linux-user/host/loongarch64/host-signal.h:57:9: error: a label can only be part of a statement and a declaration is not a statement
          uint32_t sel = (insn >> 15) & 0b11111111111;
          ^~~~~~~~
 We don't use the 'sel' variable more than once, so drop it.
 Meson output for the record:
   Host machine cpu family: loongarch64
   Host machine cpu: loongarch64
   C compiler for the host machine: cc (gcc 8.3.0 "cc (Loongnix 8.3.0-6.lnd.vec.27) 8.3.0")
   C linker for the host machine: cc ld.bfd 2.31.1-system
 Fixes: ad812c3bd65 ("linux-user: Implement CPU-specific signal handler for loongarch64 hosts")
 Reported-by: Song Gao <gaosong@loongson.cn>
 Suggested-by: Song Gao <gaosong@loongson.cn>
 Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Reviewed-by: WANG Xuerui <git@xen0n.name>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Message-Id: <20220104215027.2180972-1-f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- accel/tcg/translate-all.c | 20 ++------------------
+ linux-user/host/loongarch64/host-signal.h | 4 +---
-file changed, 2 insertions(+), 18 deletions(-)
+file changed, 1 insertion(+), 3 deletions(-)
-diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
+diff --git a/linux-user/host/loongarch64/host-signal.h b/linux-user/host/loongarch64/host-signal.h
 index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/translate-all.c
+--- a/linux-user/host/loongarch64/host-signal.h
-+++ b/accel/tcg/translate-all.c
++++ b/linux-user/host/loongarch64/host-signal.h
-@@ -XXX,XX +XXX,XX @@ void tcg_exec_init(unsigned long tb_size)
+@@ -XXX,XX +XXX,XX @@ static inline bool host_signal_write(siginfo_t *info, ucontext_t *uc)
- #endif
+         }
- }
+         break;
+     case 0b001110: /* indexed, atomic, bounds-checking memory operations */
--/*
+-        uint32_t sel = (insn >> 15) & 0b11111111111;
 - * Allocate a new translation block. Flush the translation buffer if
 - * too many translation blocks or too much generated code.
 - */
 -static TranslationBlock *tb_alloc(target_ulong pc)
 -{
 -    TranslationBlock *tb;
 -
--    assert_memory_lock();
+-        switch (sel) {
--
++        switch ((insn >> 15) & 0b11111111111) {
--    tb = tcg_tb_alloc(tcg_ctx);
+         case 0b00000100000: /* stx.b */
--    if (unlikely(tb == NULL)) {
+         case 0b00000101000: /* stx.h */
--        return NULL;
+         case 0b00000110000: /* stx.w */
 -    }
 -    return tb;
 -}
 -
  /* call with @p->lock held */
  static inline void invalidate_page_bitmap(PageDesc *p)
  {
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
      TCGProfile *prof = &tcg_ctx->prof;
      int64_t ti;
  #endif
 +
      assert_memory_lock();
      phys_pc = get_page_addr_code(env, pc);
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
      }
   buffer_overflow:
 -    tb = tb_alloc(pc);
 +    tb = tcg_tb_alloc(tcg_ctx);
      if (unlikely(!tb)) {
          /* flush must be done */
          tb_flush(cpu);
 --
-.17.1
+.25.1

-[PULL 11/12] translate-all: fix uninitialized tb->orig_tb
+[PULL 3/4] sysemu: Cleanup qemu_run_machine_init_done_notifiers()
-From: Clement Deschamps <clement.deschamps@greensocs.com>
+From: Xiaoyao Li <xiaoyao.li@intel.com>
-This fixes a segmentation fault in icount mode when executing
+Remove qemu_run_machine_init_done_notifiers() since no implementation
-from an IO region.
+and user.
-TB is marked as CF_NOCACHE but tb->orig_tb is not initialized
+Fixes: f66dc8737c9 ("vl: move all generic initialization out of vl.c")
-(equals previous value in code_gen_buffer).
+Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
+Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-The issue happens in cpu_io_recompile() when it tries to invalidate orig_tb.
+Message-Id: <20220104024136.1433545-1-xiaoyao.li@intel.com>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Signed-off-by: Clement Deschamps <clement.deschamps@greensocs.com>
 Message-Id: <20191022140016.918371-1-clement.deschamps@greensocs.com>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- accel/tcg/translate-all.c | 1 +
+ include/sysemu/sysemu.h | 1 -
-file changed, 1 insertion(+)
+file changed, 1 deletion(-)
-diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
+diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
 index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/translate-all.c
+--- a/include/sysemu/sysemu.h
-+++ b/accel/tcg/translate-all.c
++++ b/include/sysemu/sysemu.h
-@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
+@@ -XXX,XX +XXX,XX @@ extern bool qemu_uuid_set;
-     tb->cs_base = cs_base;
+ void qemu_add_exit_notifier(Notifier *notify);
-     tb->flags = flags;
+ void qemu_remove_exit_notifier(Notifier *notify);
-     tb->cflags = cflags;
-+    tb->orig_tb = NULL;
+-void qemu_run_machine_init_done_notifiers(void);
-     tb->trace_vcpu_dstate = *cpu->trace_dstate;
+ void qemu_add_machine_init_done_notifier(Notifier *notify);
-     tcg_ctx->tb_cflags = cflags;
+ void qemu_remove_machine_init_done_notifier(Notifier *notify);
-  tb_overflow:
 --
-.17.1
+.25.1

-[PULL 10/12] cputlb: Fix tlb_vaddr_to_host
+[PULL 4/4] common-user: Fix tail calls to safe_syscall_set_errno_tail
-Using uintptr_t instead of target_ulong meant that, for 64-bit guest
+For the ABIs in which the syscall return register is not
-and 32-bit host, we truncated the guest address comparator and so may
+also the first function argument register, move the errno
-not hit the tlb when we should.
+value into the correct place.
-Fixes: 4811e9095c0
+Fixes: a3310c0397e2 ("linux-user: Move syscall error detection into safe_syscall_base")
-Reviewed-by: David Hildenbrand <david@redhat.com>
+Reported-by: Laurent Vivier <laurent@vivier.eu>
 Tested-by: Laurent Vivier <laurent@vivier.eu>
 Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-Id: <20220104190454.542225-1-richard.henderson@linaro.org>
 ---
- accel/tcg/cputlb.c | 2 +-
+ common-user/host/i386/safe-syscall.inc.S   | 1 +
-file changed, 1 insertion(+), 1 deletion(-)
+ common-user/host/mips/safe-syscall.inc.S   | 1 +
  common-user/host/x86_64/safe-syscall.inc.S | 1 +
 files changed, 3 insertions(+)
-diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
+diff --git a/common-user/host/i386/safe-syscall.inc.S b/common-user/host/i386/safe-syscall.inc.S
 index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cputlb.c
+--- a/common-user/host/i386/safe-syscall.inc.S
-+++ b/accel/tcg/cputlb.c
++++ b/common-user/host/i386/safe-syscall.inc.S
-@@ -XXX,XX +XXX,XX @@ void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
+@@ -XXX,XX +XXX,XX @@ safe_syscall_end:
-                         MMUAccessType access_type, int mmu_idx)
+         pop     %ebp
- {
+         .cfi_adjust_cfa_offset -4
-     CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
+         .cfi_restore ebp
--    uintptr_t tlb_addr, page;
++        mov     %eax, (%esp)
-+    target_ulong tlb_addr, page;
+         jmp     safe_syscall_set_errno_tail
-     size_t elt_ofs;
+         .cfi_endproc
-     switch (access_type) {
+diff --git a/common-user/host/mips/safe-syscall.inc.S b/common-user/host/mips/safe-syscall.inc.S
 index XXXXXXX..XXXXXXX 100644
 --- a/common-user/host/mips/safe-syscall.inc.S
 +++ b/common-user/host/mips/safe-syscall.inc.S
@@ -XXX,XX +XXX,XX @@ safe_syscall_end:
 :      USE_ALT_CP(t0)
          SETUP_GPX(t1)
          SETUP_GPX64(t0, t1)
 +        move    a0, v0
          PTR_LA  t9, safe_syscall_set_errno_tail
          jr      t9
 diff --git a/common-user/host/x86_64/safe-syscall.inc.S b/common-user/host/x86_64/safe-syscall.inc.S
 index XXXXXXX..XXXXXXX 100644
 --- a/common-user/host/x86_64/safe-syscall.inc.S
 +++ b/common-user/host/x86_64/safe-syscall.inc.S
@@ -XXX,XX +XXX,XX @@ safe_syscall_end:
 :      pop     %rbp
          .cfi_def_cfa_offset 8
          .cfi_restore rbp
 +        mov     %eax, %edi
          jmp     safe_syscall_set_errno_tail
          .cfi_endproc
 --
-.17.1
+.25.1

The following changes since commit bad76ac319556dab2497429d473b49a237672e1c:

Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-pull-request' into staging (2019-10-25 14:17:08 +0100)

are available in the Git repository at:

https://github.com/rth7680/qemu.git tags/pull-tcg-20191025

for you to fetch changes up to 0ed1bfb046b740b70eed2cf3581e01768703b185:

translate-all: Remove tb_alloc (2019-10-25 10:15:25 -0400)

----------------------------------------------------------------
Improvements for TARGET_PAGE_BITS_VARY
Fix for TCI ld16u_i64.
Fix for segv on icount execute from i/o memory.
Two misc cleanups.

----------------------------------------------------------------
Alex Bennée (1):
      cputlb: ensure _cmmu helper functions follow the naming standard

Clement Deschamps (1):
      translate-all: fix uninitialized tb->orig_tb

Richard Henderson (8):
      exec: Split out variable page size support to exec-vary.c
      configure: Detect compiler support for __attribute__((alias))
      exec: Use const alias for TARGET_PAGE_BITS_VARY
      exec: Restrict TARGET_PAGE_BITS_VARY assert to CONFIG_DEBUG_TCG
      exec: Promote TARGET_PAGE_MASK to target_long
      exec: Cache TARGET_PAGE_MASK for TARGET_PAGE_BITS_VARY
      cputlb: Fix tlb_vaddr_to_host
      translate-all: Remove tb_alloc

Stefan Weil (1):
      tci: Add implementation for INDEX_op_ld16u_i64

Wei Yang (1):
      cpu: use ROUND_UP() to define xxx_PAGE_ALIGN

From: Stefan Weil <sw@weilnetz.de>

This fixes "make check-tcg" on a Debian x86_64 host.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Tested-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20190410194838.10123-1-sw@weilnetz.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/tci.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/tcg/tci.c b/tcg/tci.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tci.c
+++ b/tcg/tci.c
@@ -XXX,XX +XXX,XX @@ static void tci_write_reg8(tcg_target_ulong *regs, TCGReg index, uint8_t value)
     tci_write_reg(regs, index, value);
 }
 
+static void
+tci_write_reg16(tcg_target_ulong *regs, TCGReg index, uint16_t value)
+{
+    tci_write_reg(regs, index, value);
+}
+
 static void
 tci_write_reg32(tcg_target_ulong *regs, TCGReg index, uint32_t value)
 {
@@ -XXX,XX +XXX,XX @@ uintptr_t tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
             tci_write_reg8(regs, t0, *(uint8_t *)(t1 + t2));
             break;
         case INDEX_op_ld8s_i32:
+            TODO();
+            break;
         case INDEX_op_ld16u_i32:
             TODO();
             break;
@@ -XXX,XX +XXX,XX @@ uintptr_t tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
             tci_write_reg8(regs, t0, *(uint8_t *)(t1 + t2));
             break;
         case INDEX_op_ld8s_i64:
+            TODO();
+            break;
         case INDEX_op_ld16u_i64:
+            t0 = *tb_ptr++;
+            t1 = tci_read_r(regs, &tb_ptr);
+            t2 = tci_read_s32(&tb_ptr);
+            tci_write_reg16(regs, t0, *(uint16_t *)(t1 + t2));
+            break;
         case INDEX_op_ld16s_i64:
             TODO();
             break;
-- 
2.17.1

From: Alex Bennée <alex.bennee@linaro.org>

We document this in docs/devel/load-stores.rst so lets follow it. The
32 bit and 64 bit access functions have historically not included the
sign so we leave those as is. We also introduce some signed helpers
which are used for loading immediate values in the translator.

Fixes: 282dffc8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20191021150910.23216-1-alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/cpu_ldst_template.h |  4 ++--
 tcg/tcg.h                        | 20 ++++++++++++++------
 accel/tcg/cputlb.c               | 24 +++++++++++++++++++++---
 target/cris/translate_v10.inc.c  |  3 +--
 4 files changed, 38 insertions(+), 13 deletions(-)

diff --git a/include/exec/cpu_ldst_template.h b/include/exec/cpu_ldst_template.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu_ldst_template.h
+++ b/include/exec/cpu_ldst_template.h
@@ -XXX,XX +XXX,XX @@
 #ifdef SOFTMMU_CODE_ACCESS
 #define ADDR_READ addr_code
 #define MMUSUFFIX _cmmu
-#define URETSUFFIX SUFFIX
-#define SRETSUFFIX SUFFIX
+#define URETSUFFIX USUFFIX
+#define SRETSUFFIX glue(s, SUFFIX)
 #else
 #define ADDR_READ addr_read
 #define MMUSUFFIX _mmu
diff --git a/tcg/tcg.h b/tcg/tcg.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@ void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
 void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
                        TCGMemOpIdx oi, uintptr_t retaddr);
 
-uint8_t helper_ret_ldb_cmmu(CPUArchState *env, target_ulong addr,
+uint8_t helper_ret_ldub_cmmu(CPUArchState *env, target_ulong addr,
                             TCGMemOpIdx oi, uintptr_t retaddr);
-uint16_t helper_le_ldw_cmmu(CPUArchState *env, target_ulong addr,
+int8_t helper_ret_ldsb_cmmu(CPUArchState *env, target_ulong addr,
                             TCGMemOpIdx oi, uintptr_t retaddr);
+uint16_t helper_le_lduw_cmmu(CPUArchState *env, target_ulong addr,
+                             TCGMemOpIdx oi, uintptr_t retaddr);
+int16_t helper_le_ldsw_cmmu(CPUArchState *env, target_ulong addr,
+                             TCGMemOpIdx oi, uintptr_t retaddr);
 uint32_t helper_le_ldl_cmmu(CPUArchState *env, target_ulong addr,
                             TCGMemOpIdx oi, uintptr_t retaddr);
 uint64_t helper_le_ldq_cmmu(CPUArchState *env, target_ulong addr,
                             TCGMemOpIdx oi, uintptr_t retaddr);
-uint16_t helper_be_ldw_cmmu(CPUArchState *env, target_ulong addr,
-                            TCGMemOpIdx oi, uintptr_t retaddr);
+uint16_t helper_be_lduw_cmmu(CPUArchState *env, target_ulong addr,
+                             TCGMemOpIdx oi, uintptr_t retaddr);
+int16_t helper_be_ldsw_cmmu(CPUArchState *env, target_ulong addr,
+                             TCGMemOpIdx oi, uintptr_t retaddr);
 uint32_t helper_be_ldl_cmmu(CPUArchState *env, target_ulong addr,
                             TCGMemOpIdx oi, uintptr_t retaddr);
 uint64_t helper_be_ldq_cmmu(CPUArchState *env, target_ulong addr,
@@ -XXX,XX +XXX,XX @@ uint64_t helper_be_ldq_cmmu(CPUArchState *env, target_ulong addr,
 # define helper_ret_stw_mmu   helper_be_stw_mmu
 # define helper_ret_stl_mmu   helper_be_stl_mmu
 # define helper_ret_stq_mmu   helper_be_stq_mmu
-# define helper_ret_ldw_cmmu  helper_be_ldw_cmmu
+# define helper_ret_lduw_cmmu  helper_be_lduw_cmmu
+# define helper_ret_ldsw_cmmu  helper_be_ldsw_cmmu
 # define helper_ret_ldl_cmmu  helper_be_ldl_cmmu
 # define helper_ret_ldq_cmmu  helper_be_ldq_cmmu
 #else
@@ -XXX,XX +XXX,XX @@ uint64_t helper_be_ldq_cmmu(CPUArchState *env, target_ulong addr,
 # define helper_ret_stw_mmu   helper_le_stw_mmu
 # define helper_ret_stl_mmu   helper_le_stl_mmu
 # define helper_ret_stq_mmu   helper_le_stq_mmu
-# define helper_ret_ldw_cmmu  helper_le_ldw_cmmu
+# define helper_ret_lduw_cmmu  helper_le_lduw_cmmu
+# define helper_ret_ldsw_cmmu  helper_le_ldsw_cmmu
 # define helper_ret_ldl_cmmu  helper_le_ldl_cmmu
 # define helper_ret_ldq_cmmu  helper_le_ldq_cmmu
 #endif
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static uint64_t full_ldub_cmmu(CPUArchState *env, target_ulong addr,
     return load_helper(env, addr, oi, retaddr, MO_8, true, full_ldub_cmmu);
 }
 
-uint8_t helper_ret_ldb_cmmu(CPUArchState *env, target_ulong addr,
+uint8_t helper_ret_ldub_cmmu(CPUArchState *env, target_ulong addr,
                             TCGMemOpIdx oi, uintptr_t retaddr)
 {
     return full_ldub_cmmu(env, addr, oi, retaddr);
 }
 
+int8_t helper_ret_ldsb_cmmu(CPUArchState *env, target_ulong addr,
+                            TCGMemOpIdx oi, uintptr_t retaddr)
+{
+    return (int8_t) full_ldub_cmmu(env, addr, oi, retaddr);
+}
+
 static uint64_t full_le_lduw_cmmu(CPUArchState *env, target_ulong addr,
                                   TCGMemOpIdx oi, uintptr_t retaddr)
 {
@@ -XXX,XX +XXX,XX @@ static uint64_t full_le_lduw_cmmu(CPUArchState *env, target_ulong addr,
                        full_le_lduw_cmmu);
 }
 
-uint16_t helper_le_ldw_cmmu(CPUArchState *env, target_ulong addr,
+uint16_t helper_le_lduw_cmmu(CPUArchState *env, target_ulong addr,
                             TCGMemOpIdx oi, uintptr_t retaddr)
 {
     return full_le_lduw_cmmu(env, addr, oi, retaddr);
 }
 
+int16_t helper_le_ldsw_cmmu(CPUArchState *env, target_ulong addr,
+                            TCGMemOpIdx oi, uintptr_t retaddr)
+{
+    return (int16_t) full_le_lduw_cmmu(env, addr, oi, retaddr);
+}
+
 static uint64_t full_be_lduw_cmmu(CPUArchState *env, target_ulong addr,
                                   TCGMemOpIdx oi, uintptr_t retaddr)
 {
@@ -XXX,XX +XXX,XX @@ static uint64_t full_be_lduw_cmmu(CPUArchState *env, target_ulong addr,
                        full_be_lduw_cmmu);
 }
 
-uint16_t helper_be_ldw_cmmu(CPUArchState *env, target_ulong addr,
+uint16_t helper_be_lduw_cmmu(CPUArchState *env, target_ulong addr,
                             TCGMemOpIdx oi, uintptr_t retaddr)
 {
     return full_be_lduw_cmmu(env, addr, oi, retaddr);
 }
 
+int16_t helper_be_ldsw_cmmu(CPUArchState *env, target_ulong addr,
+                            TCGMemOpIdx oi, uintptr_t retaddr)
+{
+    return (int16_t) full_be_lduw_cmmu(env, addr, oi, retaddr);
+}
+
 static uint64_t full_le_ldul_cmmu(CPUArchState *env, target_ulong addr,
                                   TCGMemOpIdx oi, uintptr_t retaddr)
 {
diff --git a/target/cris/translate_v10.inc.c b/target/cris/translate_v10.inc.c
index XXXXXXX..XXXXXXX 100644
--- a/target/cris/translate_v10.inc.c
+++ b/target/cris/translate_v10.inc.c
@@ -XXX,XX +XXX,XX @@ static unsigned int dec10_ind(CPUCRISState *env, DisasContext *dc)
         case CRISV10_IND_BCC_M:
 
             cris_cc_mask(dc, 0);
-            imm = cpu_ldsw_code(env, dc->pc + 2);
-            simm = (int16_t)imm;
+            simm = cpu_ldsw_code(env, dc->pc + 2);
             simm += 4;
 
             LOG_DIS("bcc_m: b%s %x\n", cc_name(dc->cond), dc->pc + simm);
-- 
2.17.1

From: Wei Yang <richardw.yang@linux.intel.com>

Use ROUND_UP() to define, which is a little bit easy to read.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Wei Yang <richardw.yang@linux.intel.com>
Message-Id: <20191013021145.16011-2-richardw.yang@linux.intel.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/cpu-all.h | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -XXX,XX +XXX,XX @@ extern int target_page_bits;
 
 #define TARGET_PAGE_SIZE (1 << TARGET_PAGE_BITS)
 #define TARGET_PAGE_MASK ~(TARGET_PAGE_SIZE - 1)
-#define TARGET_PAGE_ALIGN(addr) (((addr) + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK)
+#define TARGET_PAGE_ALIGN(addr) ROUND_UP((addr), TARGET_PAGE_SIZE)
 
 /* Using intptr_t ensures that qemu_*_page_mask is sign-extended even
  * when intptr_t is 32-bit and we are aligning a long long.
@@ -XXX,XX +XXX,XX @@ extern int target_page_bits;
 extern uintptr_t qemu_host_page_size;
 extern intptr_t qemu_host_page_mask;
 
-#define HOST_PAGE_ALIGN(addr) (((addr) + qemu_host_page_size - 1) & qemu_host_page_mask)
-#define REAL_HOST_PAGE_ALIGN(addr) (((addr) + qemu_real_host_page_size - 1) & \
-                                    qemu_real_host_page_mask)
+#define HOST_PAGE_ALIGN(addr) ROUND_UP((addr), qemu_host_page_size)
+#define REAL_HOST_PAGE_ALIGN(addr) ROUND_UP((addr), qemu_real_host_page_size)
 
 /* same as PROT_xxx */
 #define PAGE_READ      0x0001
-- 
2.17.1

The next patch will play a trick with "const" that will
confuse the compiler about the uses of target_page_bits
within exec.c.  Moving everything to a new file prevents
this confusion.

No functional change so far.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 Makefile.target       |  2 +-
 include/qemu-common.h |  6 +++++
 exec-vary.c           | 57 +++++++++++++++++++++++++++++++++++++++++++
 exec.c                | 34 --------------------------
 4 files changed, 64 insertions(+), 35 deletions(-)
 create mode 100644 exec-vary.c

diff --git a/Makefile.target b/Makefile.target
index XXXXXXX..XXXXXXX 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -XXX,XX +XXX,XX @@ obj-y += trace/
 
 #########################################################
 # cpu emulator library
-obj-y += exec.o
+obj-y += exec.o exec-vary.o
 obj-y += accel/
 obj-$(CONFIG_TCG) += tcg/tcg.o tcg/tcg-op.o tcg/tcg-op-vec.o tcg/tcg-op-gvec.o
 obj-$(CONFIG_TCG) += tcg/tcg-common.o tcg/optimize.o
diff --git a/include/qemu-common.h b/include/qemu-common.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu-common.h
+++ b/include/qemu-common.h
@@ -XXX,XX +XXX,XX @@ void cpu_exec_step_atomic(CPUState *cpu);
  */
 bool set_preferred_target_page_bits(int bits);
 
+/**
+ * finalize_target_page_bits:
+ * Commit the final value set by set_preferred_target_page_bits.
+ */
+void finalize_target_page_bits(void);
+
 /**
  * Sends a (part of) iovec down a socket, yielding when the socket is full, or
  * Receives data into a (part of) iovec from a socket,
diff --git a/exec-vary.c b/exec-vary.c
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/exec-vary.c
@@ -XXX,XX +XXX,XX @@
+/*
+ * Variable page size handling
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "exec/exec-all.h"
+
+#ifdef TARGET_PAGE_BITS_VARY
+int target_page_bits;
+bool target_page_bits_decided;
+#endif
+
+bool set_preferred_target_page_bits(int bits)
+{
+    /*
+     * The target page size is the lowest common denominator for all
+     * the CPUs in the system, so we can only make it smaller, never
+     * larger. And we can't make it smaller once we've committed to
+     * a particular size.
+     */
+#ifdef TARGET_PAGE_BITS_VARY
+    assert(bits >= TARGET_PAGE_BITS_MIN);
+    if (target_page_bits == 0 || target_page_bits > bits) {
+        if (target_page_bits_decided) {
+            return false;
+        }
+        target_page_bits = bits;
+    }
+#endif
+    return true;
+}
+
+void finalize_target_page_bits(void)
+{
+#ifdef TARGET_PAGE_BITS_VARY
+    if (target_page_bits == 0) {
+        target_page_bits = TARGET_PAGE_BITS_MIN;
+    }
+    target_page_bits_decided = true;
+#endif
+}
diff --git a/exec.c b/exec.c
index XXXXXXX..XXXXXXX 100644
--- a/exec.c
+++ b/exec.c
@@ -XXX,XX +XXX,XX @@ AddressSpace address_space_memory;
 static MemoryRegion io_mem_unassigned;
 #endif
 
-#ifdef TARGET_PAGE_BITS_VARY
-int target_page_bits;
-bool target_page_bits_decided;
-#endif
-
 CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
 
 /* current CPU in the current thread. It is only valid inside
@@ -XXX,XX +XXX,XX @@ int use_icount;
 uintptr_t qemu_host_page_size;
 intptr_t qemu_host_page_mask;
 
-bool set_preferred_target_page_bits(int bits)
-{
-    /* The target page size is the lowest common denominator for all
-     * the CPUs in the system, so we can only make it smaller, never
-     * larger. And we can't make it smaller once we've committed to
-     * a particular size.
-     */
-#ifdef TARGET_PAGE_BITS_VARY
-    assert(bits >= TARGET_PAGE_BITS_MIN);
-    if (target_page_bits == 0 || target_page_bits > bits) {
-        if (target_page_bits_decided) {
-            return false;
-        }
-        target_page_bits = bits;
-    }
-#endif
-    return true;
-}
-
 #if !defined(CONFIG_USER_ONLY)
 
-static void finalize_target_page_bits(void)
-{
-#ifdef TARGET_PAGE_BITS_VARY
-    if (target_page_bits == 0) {
-        target_page_bits = TARGET_PAGE_BITS_MIN;
-    }
-    target_page_bits_decided = true;
-#endif
-}
-
 typedef struct PhysPageEntry PhysPageEntry;
 
 struct PhysPageEntry {
-- 
2.17.1

Such support is present almost everywhere, except for Xcode 9.
It is added in Xcode 10, but travis uses xcode9 by default,
so we should support it for a while yet.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 configure | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/configure b/configure
index XXXXXXX..XXXXXXX 100755
--- a/configure
+++ b/configure
@@ -XXX,XX +XXX,XX @@ if compile_prog "" "" ; then
   vector16=yes
 fi
 
+########################################
+# See if __attribute__((alias)) is supported.
+# This false for Xcode 9, but has been remedied for Xcode 10.
+# Unfortunately, travis uses Xcode 9 by default.
+
+attralias=no
+cat > $TMPC << EOF
+int x = 1;
+extern const int y __attribute__((alias("x")));
+int main(void) { return 0; }
+EOF
+if compile_prog "" "" ; then
+    attralias=yes
+fi
+
 ########################################
 # check if getauxval is available.
 
@@ -XXX,XX +XXX,XX @@ if test "$vector16" = "yes" ; then
   echo "CONFIG_VECTOR16=y" >> $config_host_mak
 fi
 
+if test "$attralias" = "yes" ; then
+  echo "CONFIG_ATTRIBUTE_ALIAS=y" >> $config_host_mak
+fi
+
 if test "$getauxval" = "yes" ; then
   echo "CONFIG_GETAUXVAL=y" >> $config_host_mak
 fi
-- 
2.17.1

Using a variable that is declared "const" for this tells the
compiler that it may read the value once and assume that it
does not change across function calls.

For target_page_size, this means we have only one assert per
function, and one read of the variable.

This reduces the size of qemu-system-aarch64 by 8k.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/cpu-all.h | 14 +++++++---
 exec-vary.c            | 60 ++++++++++++++++++++++++++++++++++++------
 2 files changed, 62 insertions(+), 12 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -XXX,XX +XXX,XX @@ static inline void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val
 /* page related stuff */
 
 #ifdef TARGET_PAGE_BITS_VARY
-extern bool target_page_bits_decided;
-extern int target_page_bits;
-#define TARGET_PAGE_BITS ({ assert(target_page_bits_decided); \
-                            target_page_bits; })
+typedef struct {
+    bool decided;
+    int bits;
+} TargetPageBits;
+# if defined(CONFIG_ATTRIBUTE_ALIAS) || !defined(IN_EXEC_VARY)
+extern const TargetPageBits target_page;
+#else
+extern TargetPageBits target_page;
+# endif
+#define TARGET_PAGE_BITS (assert(target_page.decided), target_page.bits)
 #else
 #define TARGET_PAGE_BITS_MIN TARGET_PAGE_BITS
 #endif
diff --git a/exec-vary.c b/exec-vary.c
index XXXXXXX..XXXXXXX 100644
--- a/exec-vary.c
+++ b/exec-vary.c
@@ -XXX,XX +XXX,XX @@
 
 #include "qemu/osdep.h"
 #include "qemu-common.h"
+
+#define IN_EXEC_VARY 1
+
 #include "exec/exec-all.h"
 
 #ifdef TARGET_PAGE_BITS_VARY
-int target_page_bits;
-bool target_page_bits_decided;
+# ifdef CONFIG_ATTRIBUTE_ALIAS
+/*
+ * We want to declare the "target_page" variable as const, which tells
+ * the compiler that it can cache any value that it reads across calls.
+ * This avoids multiple assertions and multiple reads within any one user.
+ *
+ * This works because we initialize the target_page data very early, in a
+ * location far removed from the functions that require the final results.
+ *
+ * This also requires that we have a non-constant symbol by which we can
+ * perform the actual initialization, and which forces the data to be
+ * allocated within writable memory.  Thus "init_target_page", and we use
+ * that symbol exclusively in the two functions that initialize this value.
+ *
+ * The "target_page" symbol is created as an alias of "init_target_page".
+ */
+static TargetPageBits init_target_page;
+
+/*
+ * Note that this is *not* a redundant decl, this is the definition of
+ * the "target_page" symbol.  The syntax for this definition requires
+ * the use of the extern keyword.  This seems to be a GCC bug in
+ * either the syntax for the alias attribute or in -Wredundant-decls.
+ *
+ * See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91765
+ */
+#  pragma GCC diagnostic push
+#  pragma GCC diagnostic ignored "-Wredundant-decls"
+
+extern const TargetPageBits target_page
+    __attribute__((alias("init_target_page")));
+
+#  pragma GCC diagnostic pop
+# else
+/*
+ * When aliases are not supported then we force two different declarations,
+ * by way of suppressing the header declaration with IN_EXEC_VARY.
+ * We assume that on such an old compiler, LTO cannot be used, and so the
+ * compiler cannot not detect the mismatched declarations, and all is well.
+ */
+TargetPageBits target_page;
+#  define init_target_page target_page
+# endif
 #endif
 
 bool set_preferred_target_page_bits(int bits)
@@ -XXX,XX +XXX,XX @@ bool set_preferred_target_page_bits(int bits)
      */
 #ifdef TARGET_PAGE_BITS_VARY
     assert(bits >= TARGET_PAGE_BITS_MIN);
-    if (target_page_bits == 0 || target_page_bits > bits) {
-        if (target_page_bits_decided) {
+    if (init_target_page.bits == 0 || init_target_page.bits > bits) {
+        if (init_target_page.decided) {
             return false;
         }
-        target_page_bits = bits;
+        init_target_page.bits = bits;
     }
 #endif
     return true;
@@ -XXX,XX +XXX,XX @@ bool set_preferred_target_page_bits(int bits)
 void finalize_target_page_bits(void)
 {
 #ifdef TARGET_PAGE_BITS_VARY
-    if (target_page_bits == 0) {
-        target_page_bits = TARGET_PAGE_BITS_MIN;
+    if (init_target_page.bits == 0) {
+        init_target_page.bits = TARGET_PAGE_BITS_MIN;
     }
-    target_page_bits_decided = true;
+    init_target_page.decided = true;
 #endif
 }
-- 
2.17.1

There are some uint64_t uses that expect TARGET_PAGE_MASK to
extend for a 32-bit, so this must continue to be a signed type.
Define based on TARGET_PAGE_BITS not TARGET_PAGE_SIZE; this
will make a following patch more clear.

This should not have a functional effect so far.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/cpu-all.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -XXX,XX +XXX,XX @@ extern TargetPageBits target_page;
 #endif
 
 #define TARGET_PAGE_SIZE (1 << TARGET_PAGE_BITS)
-#define TARGET_PAGE_MASK ~(TARGET_PAGE_SIZE - 1)
+#define TARGET_PAGE_MASK ((target_long)-1 << TARGET_PAGE_BITS)
 #define TARGET_PAGE_ALIGN(addr) ROUND_UP((addr), TARGET_PAGE_SIZE)
 
 /* Using intptr_t ensures that qemu_*_page_mask is sign-extended even
-- 
2.17.1

This eliminates a set of runtime shifts.  It turns out that we
require TARGET_PAGE_MASK more often than TARGET_PAGE_SIZE, so
redefine TARGET_PAGE_SIZE based on TARGET_PAGE_MASK instead of
the other way around.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/cpu-all.h | 8 ++++++--
 exec-vary.c            | 1 +
 2 files changed, 7 insertions(+), 2 deletions(-)

From: Clement Deschamps <clement.deschamps@greensocs.com>

This fixes a segmentation fault in icount mode when executing
from an IO region.

TB is marked as CF_NOCACHE but tb->orig_tb is not initialized
(equals previous value in code_gen_buffer).

The issue happens in cpu_io_recompile() when it tries to invalidate orig_tb.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Clement Deschamps <clement.deschamps@greensocs.com>
Message-Id: <20191022140016.918371-1-clement.deschamps@greensocs.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/translate-all.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
     tb->cs_base = cs_base;
     tb->flags = flags;
     tb->cflags = cflags;
+    tb->orig_tb = NULL;
     tb->trace_vcpu_dstate = *cpu->trace_dstate;
     tcg_ctx->tb_cflags = cflags;
  tb_overflow:
-- 
2.17.1

Since 2ac01d6dafab, this function does only two things: assert a
lock is held, and call tcg_tb_alloc.  It is used exactly once,
and its user has already done the assert.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Clement Deschamps <clement.deschamps@greensocs.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/translate-all.c | 20 ++------------------
 1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ void tcg_exec_init(unsigned long tb_size)
 #endif
 }
 
-/*
- * Allocate a new translation block. Flush the translation buffer if
- * too many translation blocks or too much generated code.
- */
-static TranslationBlock *tb_alloc(target_ulong pc)
-{
-    TranslationBlock *tb;
-
-    assert_memory_lock();
-
-    tb = tcg_tb_alloc(tcg_ctx);
-    if (unlikely(tb == NULL)) {
-        return NULL;
-    }
-    return tb;
-}
-
 /* call with @p->lock held */
 static inline void invalidate_page_bitmap(PageDesc *p)
 {
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
     TCGProfile *prof = &tcg_ctx->prof;
     int64_t ti;
 #endif
+
     assert_memory_lock();
 
     phys_pc = get_page_addr_code(env, pc);
@@ -XXX,XX +XXX,XX @@ TranslationBlock *tb_gen_code(CPUState *cpu,
     }
 
  buffer_overflow:
-    tb = tb_alloc(pc);
+    tb = tcg_tb_alloc(tcg_ctx);
     if (unlikely(!tb)) {
         /* flush must be done */
         tb_flush(cpu);
-- 
2.17.1

The following changes since commit 67e41fe0cfb62e6cdfa659f0155417d17e5274ea:

Merge tag 'pull-ppc-20220104' of https://github.com/legoater/qemu into staging (2022-01-04 07:23:27 -0800)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20220104

for you to fetch changes up to d7478d4229f0a2b2817a55487e6b17081099fae4:

common-user: Fix tail calls to safe_syscall_set_errno_tail (2022-01-04 15:41:03 -0800)

----------------------------------------------------------------
Fix for safe_syscall_base.
Fix for folding of vector add/sub.
Fix build on loongarch64 with gcc 8.
Remove decl for qemu_run_machine_init_done_notifiers.

----------------------------------------------------------------
Philippe Mathieu-Daudé (1):
      linux-user: Fix trivial build error on loongarch64 hosts

Richard Henderson (2):
      tcg/optimize: Fix folding of vector ops
      common-user: Fix tail calls to safe_syscall_set_errno_tail

Xiaoyao Li (1):
      sysemu: Cleanup qemu_run_machine_init_done_notifiers()

include/sysemu/sysemu.h                    |  1 -
 linux-user/host/loongarch64/host-signal.h  |  4 +--
 tcg/optimize.c                             | 49 +++++++++++++++++++++++-------
 common-user/host/i386/safe-syscall.inc.S   |  1 +
 common-user/host/mips/safe-syscall.inc.S   |  1 +
 common-user/host/x86_64/safe-syscall.inc.S |  1 +
 6 files changed, 42 insertions(+), 15 deletions(-)

Bitwise operations are easy to fold, because the operation is
identical regardless of element size.  But add and sub need
extra element size info that is not currently propagated.

Fixes: 2f9f08ba43d
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/799
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/optimize.c | 49 ++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 38 insertions(+), 11 deletions(-)

diff --git a/tcg/optimize.c b/tcg/optimize.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/optimize.c
+++ b/tcg/optimize.c
@@ -XXX,XX +XXX,XX @@ static uint64_t do_constant_folding_2(TCGOpcode op, uint64_t x, uint64_t y)
     CASE_OP_32_64(mul):
         return x * y;
 
-    CASE_OP_32_64(and):
+    CASE_OP_32_64_VEC(and):
         return x & y;
 
-    CASE_OP_32_64(or):
+    CASE_OP_32_64_VEC(or):
         return x | y;
 
-    CASE_OP_32_64(xor):
+    CASE_OP_32_64_VEC(xor):
         return x ^ y;
 
     case INDEX_op_shl_i32:
@@ -XXX,XX +XXX,XX @@ static uint64_t do_constant_folding_2(TCGOpcode op, uint64_t x, uint64_t y)
     case INDEX_op_rotl_i64:
         return rol64(x, y & 63);
 
-    CASE_OP_32_64(not):
+    CASE_OP_32_64_VEC(not):
         return ~x;
 
     CASE_OP_32_64(neg):
         return -x;
 
-    CASE_OP_32_64(andc):
+    CASE_OP_32_64_VEC(andc):
         return x & ~y;
 
-    CASE_OP_32_64(orc):
+    CASE_OP_32_64_VEC(orc):
         return x | ~y;
 
     CASE_OP_32_64(eqv):
@@ -XXX,XX +XXX,XX @@ static bool fold_const2(OptContext *ctx, TCGOp *op)
     return false;
 }
 
+static bool fold_commutative(OptContext *ctx, TCGOp *op)
+{
+    swap_commutative(op->args[0], &op->args[1], &op->args[2]);
+    return false;
+}
+
 static bool fold_const2_commutative(OptContext *ctx, TCGOp *op)
 {
     swap_commutative(op->args[0], &op->args[1], &op->args[2]);
@@ -XXX,XX +XXX,XX @@ static bool fold_add(OptContext *ctx, TCGOp *op)
     return false;
 }
 
+/* We cannot as yet do_constant_folding with vectors. */
+static bool fold_add_vec(OptContext *ctx, TCGOp *op)
+{
+    if (fold_commutative(ctx, op) ||
+        fold_xi_to_x(ctx, op, 0)) {
+        return true;
+    }
+    return false;
+}
+
 static bool fold_addsub2(OptContext *ctx, TCGOp *op, bool add)
 {
     if (arg_is_const(op->args[2]) && arg_is_const(op->args[3]) &&
@@ -XXX,XX +XXX,XX @@ static bool fold_sub_to_neg(OptContext *ctx, TCGOp *op)
     return false;
 }
 
-static bool fold_sub(OptContext *ctx, TCGOp *op)
+/* We cannot as yet do_constant_folding with vectors. */
+static bool fold_sub_vec(OptContext *ctx, TCGOp *op)
 {
-    if (fold_const2(ctx, op) ||
-        fold_xx_to_i(ctx, op, 0) ||
+    if (fold_xx_to_i(ctx, op, 0) ||
         fold_xi_to_x(ctx, op, 0) ||
         fold_sub_to_neg(ctx, op)) {
         return true;
@@ -XXX,XX +XXX,XX @@ static bool fold_sub(OptContext *ctx, TCGOp *op)
     return false;
 }
 
+static bool fold_sub(OptContext *ctx, TCGOp *op)
+{
+    return fold_const2(ctx, op) || fold_sub_vec(ctx, op);
+}
+
 static bool fold_sub2(OptContext *ctx, TCGOp *op)
 {
     return fold_addsub2(ctx, op, false);
@@ -XXX,XX +XXX,XX @@ void tcg_optimize(TCGContext *s)
          * Sorted alphabetically by opcode as much as possible.
          */
         switch (opc) {
-        CASE_OP_32_64_VEC(add):
+        CASE_OP_32_64(add):
             done = fold_add(&ctx, op);
             break;
+        case INDEX_op_add_vec:
+            done = fold_add_vec(&ctx, op);
+            break;
         CASE_OP_32_64(add2):
             done = fold_add2(&ctx, op);
             break;
@@ -XXX,XX +XXX,XX @@ void tcg_optimize(TCGContext *s)
         CASE_OP_32_64(sextract):
             done = fold_sextract(&ctx, op);
             break;
-        CASE_OP_32_64_VEC(sub):
+        CASE_OP_32_64(sub):
             done = fold_sub(&ctx, op);
             break;
+        case INDEX_op_sub_vec:
+            done = fold_sub_vec(&ctx, op);
+            break;
         CASE_OP_32_64(sub2):
             done = fold_sub2(&ctx, op);
             break;
-- 
2.25.1

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

When building using GCC 8.3.0 on loongarch64 (Loongnix) we get:

In file included from ../linux-user/signal.c:33:
  ../linux-user/host/loongarch64/host-signal.h: In function ‘host_signal_write’:
  ../linux-user/host/loongarch64/host-signal.h:57:9: error: a label can only be part of a statement and a declaration is not a statement
         uint32_t sel = (insn >> 15) & 0b11111111111;
         ^~~~~~~~

We don't use the 'sel' variable more than once, so drop it.

Meson output for the record:

Host machine cpu family: loongarch64
  Host machine cpu: loongarch64
  C compiler for the host machine: cc (gcc 8.3.0 "cc (Loongnix 8.3.0-6.lnd.vec.27) 8.3.0")
  C linker for the host machine: cc ld.bfd 2.31.1-system

Fixes: ad812c3bd65 ("linux-user: Implement CPU-specific signal handler for loongarch64 hosts")
Reported-by: Song Gao <gaosong@loongson.cn>
Suggested-by: Song Gao <gaosong@loongson.cn>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: WANG Xuerui <git@xen0n.name>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220104215027.2180972-1-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 linux-user/host/loongarch64/host-signal.h | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/linux-user/host/loongarch64/host-signal.h b/linux-user/host/loongarch64/host-signal.h
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/host/loongarch64/host-signal.h
+++ b/linux-user/host/loongarch64/host-signal.h
@@ -XXX,XX +XXX,XX @@ static inline bool host_signal_write(siginfo_t *info, ucontext_t *uc)
         }
         break;
     case 0b001110: /* indexed, atomic, bounds-checking memory operations */
-        uint32_t sel = (insn >> 15) & 0b11111111111;
-
-        switch (sel) {
+        switch ((insn >> 15) & 0b11111111111) {
         case 0b00000100000: /* stx.b */
         case 0b00000101000: /* stx.h */
         case 0b00000110000: /* stx.w */
-- 
2.25.1

For the ABIs in which the syscall return register is not
also the first function argument register, move the errno
value into the correct place.

Fixes: a3310c0397e2 ("linux-user: Move syscall error detection into safe_syscall_base")
Reported-by: Laurent Vivier <laurent@vivier.eu>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220104190454.542225-1-richard.henderson@linaro.org>
---
 common-user/host/i386/safe-syscall.inc.S   | 1 +
 common-user/host/mips/safe-syscall.inc.S   | 1 +
 common-user/host/x86_64/safe-syscall.inc.S | 1 +
 3 files changed, 3 insertions(+)

diff --git a/common-user/host/i386/safe-syscall.inc.S b/common-user/host/i386/safe-syscall.inc.S
index XXXXXXX..XXXXXXX 100644
--- a/common-user/host/i386/safe-syscall.inc.S
+++ b/common-user/host/i386/safe-syscall.inc.S
@@ -XXX,XX +XXX,XX @@ safe_syscall_end:
         pop     %ebp
         .cfi_adjust_cfa_offset -4
         .cfi_restore ebp
+        mov     %eax, (%esp)
         jmp     safe_syscall_set_errno_tail
 
         .cfi_endproc
diff --git a/common-user/host/mips/safe-syscall.inc.S b/common-user/host/mips/safe-syscall.inc.S
index XXXXXXX..XXXXXXX 100644
--- a/common-user/host/mips/safe-syscall.inc.S
+++ b/common-user/host/mips/safe-syscall.inc.S
@@ -XXX,XX +XXX,XX @@ safe_syscall_end:
 1:      USE_ALT_CP(t0)
         SETUP_GPX(t1)
         SETUP_GPX64(t0, t1)
+        move    a0, v0
         PTR_LA  t9, safe_syscall_set_errno_tail
         jr      t9
 
diff --git a/common-user/host/x86_64/safe-syscall.inc.S b/common-user/host/x86_64/safe-syscall.inc.S
index XXXXXXX..XXXXXXX 100644
--- a/common-user/host/x86_64/safe-syscall.inc.S
+++ b/common-user/host/x86_64/safe-syscall.inc.S
@@ -XXX,XX +XXX,XX @@ safe_syscall_end:
 1:      pop     %rbp
         .cfi_def_cfa_offset 8
         .cfi_restore rbp
+        mov     %eax, %edi
         jmp     safe_syscall_set_errno_tail
         .cfi_endproc
 
-- 
2.25.1