[PATCH 00/14] exec: Rework around CPUState user fields

[PATCH 00/14] exec: Rework around CPUState user fields

[Philippe Mathieu-Daudé]

Hi,

First batch of patches (I expect them to be non
controversial) related to extracting user specific
fields from CPUState.

Regards,

Phil.

Philippe Mathieu-Daudé (14):
  target/i386: Simplify get_memio_eip()
  plugins: Update stale comment
  plugins/api: Only include 'exec/ram_addr.h' with system emulation
  exec: Include missing license in 'exec/cpu-common.h'
  exec/cpu: Indent TARGET_PAGE_foo definitions
  exec/cpu: Remove obsolete PAGE_RESERVED definition
  exec/cpu: Remove duplicated PAGE_PASSTHROUGH definition
  exec/cpu: Extract page-protection definitions to page-prot-common.h
  RFC exec/cpu: Restrict user-specific page definitions
  exec/user: Restrict 'syscall-trace.h' to user emulation
  accel/tcg: Use cpu_loop_exit_requested() in cpu_loop_exec_tb()
  accel/tcg: Remove pointless initialization of cflags_next_tb
  accel/tcg: Reset TCG specific fields in tcg_cpu_reset_hold()
  accel/tcg: Access tcg_cflags with getter / setter

 accel/tcg/internal-common.h             |  3 +-
 bsd-user/bsd-mem.h                      |  1 +
 bsd-user/qemu.h                         |  1 +
 include/exec/cpu-all.h                  | 36 +++++++-----------
 include/exec/cpu-common.h               | 47 ++++++++----------------
 include/exec/exec-all.h                 |  3 --
 include/exec/page-prot-common.h         | 49 +++++++++++++++++++++++++
 include/semihosting/uaccess.h           |  1 +
 include/user/syscall-trace.h            |  4 ++
 target/arm/cpu.h                        |  1 +
 target/ppc/internal.h                   |  1 +
 target/ppc/mmu-radix64.h                |  2 +
 accel/tcg/cpu-exec.c                    | 17 +++++++--
 accel/tcg/cputlb.c                      |  1 +
 accel/tcg/tb-maint.c                    |  1 +
 accel/tcg/tcg-accel-ops.c               |  5 ++-
 accel/tcg/user-exec.c                   |  1 +
 bsd-user/mmap.c                         |  1 +
 bsd-user/signal.c                       |  1 +
 cpu-target.c                            |  1 +
 hw/core/cpu-common.c                    |  3 --
 hw/ppc/ppc440_bamboo.c                  |  1 +
 hw/ppc/sam460ex.c                       |  1 +
 hw/ppc/virtex_ml507.c                   |  1 +
 linux-user/arm/cpu_loop.c               |  1 +
 linux-user/elfload.c                    |  1 +
 linux-user/mmap.c                       |  9 +++--
 linux-user/signal.c                     |  1 +
 linux-user/syscall.c                    |  5 ++-
 plugins/api.c                           |  2 +-
 plugins/core.c                          |  2 +-
 system/physmem.c                        |  1 +
 target/alpha/helper.c                   |  1 +
 target/arm/cpu.c                        |  2 +-
 target/arm/ptw.c                        |  1 +
 target/arm/tcg/m_helper.c               |  1 +
 target/arm/tcg/mte_helper.c             |  1 +
 target/arm/tcg/sve_helper.c             |  1 +
 target/avr/cpu.c                        |  2 +-
 target/avr/helper.c                     |  1 +
 target/cris/mmu.c                       |  1 +
 target/hexagon/cpu.c                    |  2 +-
 target/hppa/cpu.c                       |  2 +-
 target/hppa/mem_helper.c                |  1 +
 target/hppa/translate.c                 |  1 +
 target/i386/cpu.c                       |  2 +-
 target/i386/helper.c                    |  8 ++--
 target/i386/tcg/sysemu/excp_helper.c    |  1 +
 target/loongarch/cpu.c                  |  2 +-
 target/loongarch/tcg/tlb_helper.c       |  1 +
 target/m68k/helper.c                    |  1 +
 target/microblaze/cpu.c                 |  2 +-
 target/microblaze/helper.c              |  1 +
 target/microblaze/mmu.c                 |  1 +
 target/mips/sysemu/physaddr.c           |  1 +
 target/mips/tcg/exception.c             |  2 +-
 target/mips/tcg/sysemu/special_helper.c |  2 +-
 target/mips/tcg/sysemu/tlb_helper.c     |  1 +
 target/openrisc/cpu.c                   |  2 +-
 target/openrisc/mmu.c                   |  1 +
 target/ppc/mmu-hash32.c                 |  1 +
 target/ppc/mmu-hash64.c                 |  1 +
 target/ppc/mmu-radix64.c                |  1 +
 target/ppc/mmu_common.c                 |  1 +
 target/ppc/mmu_helper.c                 |  1 +
 target/riscv/cpu_helper.c               |  1 +
 target/riscv/pmp.c                      |  1 +
 target/riscv/tcg/tcg-cpu.c              |  4 +-
 target/riscv/vector_helper.c            |  1 +
 target/rx/cpu.c                         |  3 +-
 target/s390x/mmu_helper.c               |  1 +
 target/s390x/tcg/mem_helper.c           |  1 +
 target/sh4/cpu.c                        |  4 +-
 target/sh4/helper.c                     |  1 +
 target/sparc/cpu.c                      |  2 +-
 target/sparc/ldst_helper.c              |  1 +
 target/sparc/mmu_helper.c               |  1 +
 target/tricore/cpu.c                    |  2 +-
 target/tricore/helper.c                 |  1 +
 target/xtensa/mmu_helper.c              |  1 +
 target/xtensa/op_helper.c               |  1 +
 81 files changed, 185 insertions(+), 96 deletions(-)
 create mode 100644 include/exec/page-prot-common.h

-- 
2.41.0

[PATCH 01/14] target/i386: Simplify get_memio_eip()

[Philippe Mathieu-Daudé]

The single call to get_memio_eip(), in cpu_report_tpr_access(),
is protected by a check on tcg_enabled(). Since the call only
exists when CONFIG_TCG is defined, we can slightly simplify.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 target/i386/helper.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/target/i386/helper.c b/target/i386/helper.c
index 23ccb23a5b..a3e70a630a 100644
--- a/target/i386/helper.c
+++ b/target/i386/helper.c
@@ -512,9 +512,9 @@ void cpu_x86_inject_mce(Monitor *mon, X86CPU *cpu, int bank,
     }
 }
 
+#ifdef CONFIG_TCG
 static inline target_ulong get_memio_eip(CPUX86State *env)
 {
-#ifdef CONFIG_TCG
     uint64_t data[TARGET_INSN_START_WORDS];
     CPUState *cs = env_cpu(env);
 
@@ -528,10 +528,8 @@ static inline target_ulong get_memio_eip(CPUX86State *env)
     } else {
         return data[0] - env->segs[R_CS].base;
     }
-#else
-    qemu_build_not_reached();
-#endif
 }
+#endif
 
 void cpu_report_tpr_access(CPUX86State *env, TPRAccess access)
 {
-- 
2.41.0

[PATCH 02/14] plugins: Update stale comment

[Philippe Mathieu-Daudé]

"plugin_mask" was renamed as "event_mask" in commit c006147122
("plugins: create CPUPluginState and migrate plugin_mask").

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 plugins/core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/core.c b/plugins/core.c
index 11ca20e626..09c98382f5 100644
--- a/plugins/core.c
+++ b/plugins/core.c
@@ -373,7 +373,7 @@ void qemu_plugin_tb_trans_cb(CPUState *cpu, struct qemu_plugin_tb *tb)
     struct qemu_plugin_cb *cb, *next;
     enum qemu_plugin_event ev = QEMU_PLUGIN_EV_VCPU_TB_TRANS;
 
-    /* no plugin_mask check here; caller should have checked */
+    /* no plugin_state->event_mask check here; caller should have checked */
 
     QLIST_FOREACH_SAFE_RCU(cb, &plugin.cb_lists[ev], entry, next) {
         qemu_plugin_vcpu_tb_trans_cb_t func = cb->f.vcpu_tb_trans;
-- 
2.41.0

[PATCH 03/14] plugins/api: Only include 'exec/ram_addr.h' with system emulation

[Philippe Mathieu-Daudé]

"exec/ram_addr.h" shouldn't be used with user emulation.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 plugins/api.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/api.c b/plugins/api.c
index 8fa5a600ac..eaee344d8e 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -42,10 +42,10 @@
 #include "tcg/tcg.h"
 #include "exec/exec-all.h"
 #include "exec/gdbstub.h"
-#include "exec/ram_addr.h"
 #include "disas/disas.h"
 #include "plugin.h"
 #ifndef CONFIG_USER_ONLY
+#include "exec/ram_addr.h"
 #include "qemu/plugin-memory.h"
 #include "hw/boards.h"
 #else
-- 
2.41.0

[PATCH 04/14] exec: Include missing license in 'exec/cpu-common.h'

[Philippe Mathieu-Daudé]

Commit 1ad2134f91 ("Hardware convenience library") extracted
"cpu-common.h" from "cpu-all.h", which uses the LGPL-2.1+ license.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 include/exec/cpu-common.h | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
index 6d5318895a..8812ba744d 100644
--- a/include/exec/cpu-common.h
+++ b/include/exec/cpu-common.h
@@ -1,8 +1,13 @@
+/*
+ * CPU interfaces that are target independent.
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * SPDX-License-Identifier: LGPL-2.1+
+ */
 #ifndef CPU_COMMON_H
 #define CPU_COMMON_H
 
-/* CPU interfaces that are target independent.  */
-
 #include "exec/vaddr.h"
 #ifndef CONFIG_USER_ONLY
 #include "exec/hwaddr.h"
-- 
2.41.0

[PATCH 05/14] exec/cpu: Indent TARGET_PAGE_foo definitions

[Philippe Mathieu-Daudé]

The TARGET_PAGE_foo definitions are defined with multiple
level of #ifdef'ry. Indent it a bit for clarity.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 include/exec/cpu-all.h | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index e75ec13cd0..eaa59a5cc1 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -139,19 +139,20 @@ static inline void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val
 #ifdef TARGET_PAGE_BITS_VARY
 # include "exec/page-vary.h"
 extern const TargetPageBits target_page;
-#ifdef CONFIG_DEBUG_TCG
-#define TARGET_PAGE_BITS   ({ assert(target_page.decided); target_page.bits; })
-#define TARGET_PAGE_MASK   ({ assert(target_page.decided); \
-                              (target_long)target_page.mask; })
+# ifdef CONFIG_DEBUG_TCG
+#  define TARGET_PAGE_BITS   ({ assert(target_page.decided); \
+                                target_page.bits; })
+#  define TARGET_PAGE_MASK   ({ assert(target_page.decided); \
+                                (target_long)target_page.mask; })
+# else
+#  define TARGET_PAGE_BITS   target_page.bits
+#  define TARGET_PAGE_MASK   ((target_long)target_page.mask)
+# endif
+# define TARGET_PAGE_SIZE    (-(int)TARGET_PAGE_MASK)
 #else
-#define TARGET_PAGE_BITS   target_page.bits
-#define TARGET_PAGE_MASK   ((target_long)target_page.mask)
-#endif
-#define TARGET_PAGE_SIZE   (-(int)TARGET_PAGE_MASK)
-#else
-#define TARGET_PAGE_BITS_MIN TARGET_PAGE_BITS
-#define TARGET_PAGE_SIZE   (1 << TARGET_PAGE_BITS)
-#define TARGET_PAGE_MASK   ((target_long)-1 << TARGET_PAGE_BITS)
+# define TARGET_PAGE_BITS_MIN TARGET_PAGE_BITS
+# define TARGET_PAGE_SIZE    (1 << TARGET_PAGE_BITS)
+# define TARGET_PAGE_MASK    ((target_long)-1 << TARGET_PAGE_BITS)
 #endif
 
 #define TARGET_PAGE_ALIGN(addr) ROUND_UP((addr), TARGET_PAGE_SIZE)
-- 
2.41.0

[PATCH 06/14] exec/cpu: Remove obsolete PAGE_RESERVED definition

[Philippe Mathieu-Daudé]

We stopped using the PAGE_RESERVED definition in commit
50d25c8aec ("accel/tcg: Drop PAGE_RESERVED for CONFIG_BSD").
This completes commit 2e9a5713f0 ("Remove PAGE_RESERVED").

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 include/exec/cpu-all.h | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index eaa59a5cc1..5ea8c4d3ef 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -157,10 +157,6 @@ extern const TargetPageBits target_page;
 
 #define TARGET_PAGE_ALIGN(addr) ROUND_UP((addr), TARGET_PAGE_SIZE)
 
-#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
-/* FIXME: Code that sets/uses this is broken and needs to go away.  */
-#define PAGE_RESERVED  0x0100
-#endif
 /*
  * For linux-user, indicates that the page is mapped with the same semantics
  * in both guest and host.
-- 
2.41.0

[PATCH 07/14] exec/cpu: Remove duplicated PAGE_PASSTHROUGH definition

[Philippe Mathieu-Daudé]

Missed in commit 58771921af ("include/exec: Move PAGE_* macros
to common header"), PAGE_PASSTHROUGH ended being defined twice.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 include/exec/cpu-all.h | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 5ea8c4d3ef..8c3ad7153d 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -157,12 +157,6 @@ extern const TargetPageBits target_page;
 
 #define TARGET_PAGE_ALIGN(addr) ROUND_UP((addr), TARGET_PAGE_SIZE)
 
-/*
- * For linux-user, indicates that the page is mapped with the same semantics
- * in both guest and host.
- */
-#define PAGE_PASSTHROUGH 0x0800
-
 #if defined(CONFIG_USER_ONLY)
 void page_dump(FILE *f);
 
-- 
2.41.0

[PATCH 08/14] exec/cpu: Extract page-protection definitions to page-prot-common.h

[Philippe Mathieu-Daudé]

Extract page-protection definitions from "exec/cpu-all.h"
to "exec/page-prot-common.h".

The list of files requiring the new header was generated
using:

$ git grep -wE \
  'PAGE_(READ|WRITE|EXEC|BITS|VALID|ANON|RESERVED|TARGET_.|PASSTHROUGH)'

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Nicholas Piggin <npiggin@gmail.com>
---
 bsd-user/bsd-mem.h                   |  1 +
 bsd-user/qemu.h                      |  1 +
 include/exec/cpu-all.h               |  1 +
 include/exec/cpu-common.h            | 31 +--------------------
 include/exec/page-prot-common.h      | 41 ++++++++++++++++++++++++++++
 include/semihosting/uaccess.h        |  1 +
 target/arm/cpu.h                     |  1 +
 target/ppc/internal.h                |  1 +
 target/ppc/mmu-radix64.h             |  2 ++
 accel/tcg/cputlb.c                   |  1 +
 accel/tcg/tb-maint.c                 |  1 +
 accel/tcg/user-exec.c                |  1 +
 bsd-user/mmap.c                      |  1 +
 bsd-user/signal.c                    |  1 +
 cpu-target.c                         |  1 +
 hw/ppc/ppc440_bamboo.c               |  1 +
 hw/ppc/sam460ex.c                    |  1 +
 hw/ppc/virtex_ml507.c                |  1 +
 linux-user/arm/cpu_loop.c            |  1 +
 linux-user/elfload.c                 |  1 +
 linux-user/mmap.c                    |  1 +
 linux-user/signal.c                  |  1 +
 linux-user/syscall.c                 |  1 +
 system/physmem.c                     |  1 +
 target/alpha/helper.c                |  1 +
 target/arm/ptw.c                     |  1 +
 target/arm/tcg/m_helper.c            |  1 +
 target/arm/tcg/mte_helper.c          |  1 +
 target/arm/tcg/sve_helper.c          |  1 +
 target/avr/helper.c                  |  1 +
 target/cris/mmu.c                    |  1 +
 target/hppa/mem_helper.c             |  1 +
 target/hppa/translate.c              |  1 +
 target/i386/tcg/sysemu/excp_helper.c |  1 +
 target/loongarch/tcg/tlb_helper.c    |  1 +
 target/m68k/helper.c                 |  1 +
 target/microblaze/helper.c           |  1 +
 target/microblaze/mmu.c              |  1 +
 target/mips/sysemu/physaddr.c        |  1 +
 target/mips/tcg/sysemu/tlb_helper.c  |  1 +
 target/openrisc/mmu.c                |  1 +
 target/ppc/mmu-hash32.c              |  1 +
 target/ppc/mmu-hash64.c              |  1 +
 target/ppc/mmu-radix64.c             |  1 +
 target/ppc/mmu_common.c              |  1 +
 target/ppc/mmu_helper.c              |  1 +
 target/riscv/cpu_helper.c            |  1 +
 target/riscv/pmp.c                   |  1 +
 target/riscv/vector_helper.c         |  1 +
 target/rx/cpu.c                      |  1 +
 target/s390x/mmu_helper.c            |  1 +
 target/s390x/tcg/mem_helper.c        |  1 +
 target/sh4/helper.c                  |  1 +
 target/sparc/ldst_helper.c           |  1 +
 target/sparc/mmu_helper.c            |  1 +
 target/tricore/helper.c              |  1 +
 target/xtensa/mmu_helper.c           |  1 +
 target/xtensa/op_helper.c            |  1 +
 58 files changed, 99 insertions(+), 30 deletions(-)
 create mode 100644 include/exec/page-prot-common.h

diff --git a/bsd-user/bsd-mem.h b/bsd-user/bsd-mem.h
index 21d9bab889..f95472bcab 100644
--- a/bsd-user/bsd-mem.h
+++ b/bsd-user/bsd-mem.h
@@ -56,6 +56,7 @@
 #include <fcntl.h>
 
 #include "qemu-bsd.h"
+#include "exec/page-prot-common.h"
 
 extern struct bsd_shm_regions bsd_shm_regions[];
 extern abi_ulong target_brk;
diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
index 8629f0dcde..4631a3e23b 100644
--- a/bsd-user/qemu.h
+++ b/bsd-user/qemu.h
@@ -34,6 +34,7 @@ extern char **environ;
 #include "target_os_signal.h"
 #include "target.h"
 #include "exec/gdbstub.h"
+#include "exec/page-prot-common.h"
 #include "qemu/clang-tsa.h"
 
 #include "qemu-os.h"
diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 8c3ad7153d..563827b8ec 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -19,6 +19,7 @@
 #ifndef CPU_ALL_H
 #define CPU_ALL_H
 
+#include "exec/page-prot-common.h"
 #include "exec/cpu-common.h"
 #include "exec/memory.h"
 #include "exec/tswap.h"
diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
index 8812ba744d..ced0b1c886 100644
--- a/include/exec/cpu-common.h
+++ b/include/exec/cpu-common.h
@@ -14,6 +14,7 @@
 #endif
 #include "hw/core/cpu.h"
 #include "tcg/debug-assert.h"
+#include "exec/page-prot-common.h"
 
 #define EXCP_INTERRUPT  0x10000 /* async interruption */
 #define EXCP_HLT        0x10001 /* hlt instruction reached */
@@ -208,36 +209,6 @@ G_NORETURN void cpu_loop_exit_atomic(CPUState *cpu, uintptr_t pc);
 G_NORETURN void cpu_loop_exit(CPUState *cpu);
 G_NORETURN void cpu_loop_exit_restore(CPUState *cpu, uintptr_t pc);
 
-/* same as PROT_xxx */
-#define PAGE_READ      0x0001
-#define PAGE_WRITE     0x0002
-#define PAGE_EXEC      0x0004
-#define PAGE_BITS      (PAGE_READ | PAGE_WRITE | PAGE_EXEC)
-#define PAGE_VALID     0x0008
-/*
- * Original state of the write flag (used when tracking self-modifying code)
- */
-#define PAGE_WRITE_ORG 0x0010
-/*
- * Invalidate the TLB entry immediately, helpful for s390x
- * Low-Address-Protection. Used with PAGE_WRITE in tlb_set_page_with_attrs()
- */
-#define PAGE_WRITE_INV 0x0020
-/* For use with page_set_flags: page is being replaced; target_data cleared. */
-#define PAGE_RESET     0x0040
-/* For linux-user, indicates that the page is MAP_ANON. */
-#define PAGE_ANON      0x0080
-
-/* Target-specific bits that will be used via page_get_flags().  */
-#define PAGE_TARGET_1  0x0200
-#define PAGE_TARGET_2  0x0400
-
-/*
- * For linux-user, indicates that the page is mapped with the same semantics
- * in both guest and host.
- */
-#define PAGE_PASSTHROUGH 0x0800
-
 /* accel/tcg/cpu-exec.c */
 int cpu_exec(CPUState *cpu);
 
diff --git a/include/exec/page-prot-common.h b/include/exec/page-prot-common.h
new file mode 100644
index 0000000000..2722ded724
--- /dev/null
+++ b/include/exec/page-prot-common.h
@@ -0,0 +1,41 @@
+/*
+ * QEMU page protection definitions.
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * SPDX-License-Identifier: LGPL-2.1+
+ */
+#ifndef EXEC_PAGE_PROT_COMMON_H
+#define EXEC_PAGE_PROT_COMMON_H
+
+/* same as PROT_xxx */
+#define PAGE_READ      0x0001
+#define PAGE_WRITE     0x0002
+#define PAGE_EXEC      0x0004
+#define PAGE_BITS      (PAGE_READ | PAGE_WRITE | PAGE_EXEC)
+#define PAGE_VALID     0x0008
+/*
+ * Original state of the write flag (used when tracking self-modifying code)
+ */
+#define PAGE_WRITE_ORG 0x0010
+/*
+ * Invalidate the TLB entry immediately, helpful for s390x
+ * Low-Address-Protection. Used with PAGE_WRITE in tlb_set_page_with_attrs()
+ */
+#define PAGE_WRITE_INV 0x0020
+/* For use with page_set_flags: page is being replaced; target_data cleared. */
+#define PAGE_RESET     0x0040
+/* For linux-user, indicates that the page is MAP_ANON. */
+#define PAGE_ANON      0x0080
+
+/* Target-specific bits that will be used via page_get_flags().  */
+#define PAGE_TARGET_1  0x0200
+#define PAGE_TARGET_2  0x0400
+
+/*
+ * For linux-user, indicates that the page is mapped with the same semantics
+ * in both guest and host.
+ */
+#define PAGE_PASSTHROUGH 0x0800
+
+#endif
diff --git a/include/semihosting/uaccess.h b/include/semihosting/uaccess.h
index dd289af8dd..9873157170 100644
--- a/include/semihosting/uaccess.h
+++ b/include/semihosting/uaccess.h
@@ -17,6 +17,7 @@
 #include "exec/cpu-common.h"
 #include "exec/cpu-defs.h"
 #include "exec/tswap.h"
+#include "exec/page-prot-common.h"
 
 #define get_user_u64(val, addr)                                         \
     ({ uint64_t val_ = 0;                                               \
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 17efc5d565..82b88b4883 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -26,6 +26,7 @@
 #include "cpu-qom.h"
 #include "exec/cpu-defs.h"
 #include "exec/gdbstub.h"
+#include "exec/page-prot-common.h"
 #include "qapi/qapi-types-common.h"
 #include "target/arm/multiprocessing.h"
 #include "target/arm/gtimer.h"
diff --git a/target/ppc/internal.h b/target/ppc/internal.h
index 601c0b533f..2af5f9549d 100644
--- a/target/ppc/internal.h
+++ b/target/ppc/internal.h
@@ -20,6 +20,7 @@
 
 #include "exec/breakpoint.h"
 #include "hw/registerfields.h"
+#include "exec/page-prot-common.h"
 
 /* PM instructions */
 typedef enum {
diff --git a/target/ppc/mmu-radix64.h b/target/ppc/mmu-radix64.h
index 4c768aa5cc..1a3fd8f65b 100644
--- a/target/ppc/mmu-radix64.h
+++ b/target/ppc/mmu-radix64.h
@@ -3,6 +3,8 @@
 
 #ifndef CONFIG_USER_ONLY
 
+#include "exec/page-prot-common.h"
+
 /* Radix Quadrants */
 #define R_EADDR_MASK            0x3FFFFFFFFFFFFFFF
 #define R_EADDR_VALID_MASK      0xC00FFFFFFFFFFFFF
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 953c437ba9..fd5234792c 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -21,6 +21,7 @@
 #include "qemu/main-loop.h"
 #include "hw/core/tcg-cpu-ops.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "exec/memory.h"
 #include "exec/cpu_ldst.h"
 #include "exec/cputlb.h"
diff --git a/accel/tcg/tb-maint.c b/accel/tcg/tb-maint.c
index da39a43bd8..717e31e602 100644
--- a/accel/tcg/tb-maint.c
+++ b/accel/tcg/tb-maint.c
@@ -23,6 +23,7 @@
 #include "exec/cputlb.h"
 #include "exec/log.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "exec/tb-flush.h"
 #include "exec/translate-all.h"
 #include "sysemu/tcg.h"
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index 1c621477ad..cb29c4d01b 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -25,6 +25,7 @@
 #include "qemu/rcu.h"
 #include "exec/cpu_ldst.h"
 #include "exec/translate-all.h"
+#include "exec/page-prot-common.h"
 #include "exec/helper-proto.h"
 #include "qemu/atomic128.h"
 #include "trace/trace-root.h"
diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c
index 3ef11b2807..deb384605e 100644
--- a/bsd-user/mmap.c
+++ b/bsd-user/mmap.c
@@ -17,6 +17,7 @@
  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
 #include "qemu/osdep.h"
+#include "exec/page-prot-common.h"
 
 #include "qemu.h"
 
diff --git a/bsd-user/signal.c b/bsd-user/signal.c
index b2faf1d0dd..b19b8dd2e7 100644
--- a/bsd-user/signal.c
+++ b/bsd-user/signal.c
@@ -21,6 +21,7 @@
 #include "qemu/osdep.h"
 #include "qemu/log.h"
 #include "qemu.h"
+#include "exec/page-prot-common.h"
 #include "user/tswap-target.h"
 #include "gdbstub/user.h"
 #include "signal-common.h"
diff --git a/cpu-target.c b/cpu-target.c
index f88649c299..4744b00a8d 100644
--- a/cpu-target.c
+++ b/cpu-target.c
@@ -21,6 +21,7 @@
 #include "qapi/error.h"
 
 #include "exec/target_page.h"
+#include "exec/page-prot-common.h"
 #include "hw/qdev-core.h"
 #include "hw/qdev-properties.h"
 #include "qemu/error-report.h"
diff --git a/hw/ppc/ppc440_bamboo.c b/hw/ppc/ppc440_bamboo.c
index e18f57efce..88a271f725 100644
--- a/hw/ppc/ppc440_bamboo.c
+++ b/hw/ppc/ppc440_bamboo.c
@@ -15,6 +15,7 @@
 #include "qemu/units.h"
 #include "qemu/datadir.h"
 #include "qemu/error-report.h"
+#include "exec/page-prot-common.h"
 #include "net/net.h"
 #include "hw/pci/pci.h"
 #include "hw/boards.h"
diff --git a/hw/ppc/sam460ex.c b/hw/ppc/sam460ex.c
index d42b677898..70278c0472 100644
--- a/hw/ppc/sam460ex.c
+++ b/hw/ppc/sam460ex.c
@@ -21,6 +21,7 @@
 #include "kvm_ppc.h"
 #include "sysemu/device_tree.h"
 #include "sysemu/block-backend.h"
+#include "exec/page-prot-common.h"
 #include "hw/loader.h"
 #include "elf.h"
 #include "exec/memory.h"
diff --git a/hw/ppc/virtex_ml507.c b/hw/ppc/virtex_ml507.c
index d02f330650..e2da13c064 100644
--- a/hw/ppc/virtex_ml507.c
+++ b/hw/ppc/virtex_ml507.c
@@ -25,6 +25,7 @@
 #include "qemu/osdep.h"
 #include "qemu/datadir.h"
 #include "qemu/units.h"
+#include "exec/page-prot-common.h"
 #include "cpu.h"
 #include "hw/sysbus.h"
 #include "hw/char/serial.h"
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
index db1a41e27f..81bd7fac29 100644
--- a/linux-user/arm/cpu_loop.c
+++ b/linux-user/arm/cpu_loop.c
@@ -24,6 +24,7 @@
 #include "cpu_loop-common.h"
 #include "signal-common.h"
 #include "semihosting/common-semi.h"
+#include "exec/page-prot-common.h"
 #include "target/arm/syndrome.h"
 
 #define get_user_code_u32(x, gaddr, env)                \
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index f9461d2844..554251dc02 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -8,6 +8,7 @@
 
 #include "qemu.h"
 #include "user/tswap-target.h"
+#include "exec/page-prot-common.h"
 #include "user/guest-base.h"
 #include "user-internals.h"
 #include "signal-common.h"
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index be3b9a68eb..ecde6b8812 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -20,6 +20,7 @@
 #include <sys/shm.h>
 #include "trace.h"
 #include "exec/log.h"
+#include "exec/page-prot-common.h"
 #include "qemu.h"
 #include "user-internals.h"
 #include "user-mmap.h"
diff --git a/linux-user/signal.c b/linux-user/signal.c
index 05dc4afb52..14abeb0641 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -19,6 +19,7 @@
 #include "qemu/osdep.h"
 #include "qemu/bitops.h"
 #include "gdbstub/user.h"
+#include "exec/page-prot-common.h"
 #include "hw/core/tcg-cpu-ops.h"
 
 #include <sys/ucontext.h>
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 41659b63f5..096694faab 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -25,6 +25,7 @@
 #include "qemu/plugin.h"
 #include "tcg/startup.h"
 #include "target_mman.h"
+#include "exec/page-prot-common.h"
 #include <elf.h>
 #include <endian.h>
 #include <grp.h>
diff --git a/system/physmem.c b/system/physmem.c
index 1a81c226ba..66e61990d2 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -31,6 +31,7 @@
 #endif /* CONFIG_TCG */
 
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "exec/target_page.h"
 #include "hw/qdev-core.h"
 #include "hw/qdev-properties.h"
diff --git a/target/alpha/helper.c b/target/alpha/helper.c
index d6d4353edd..bd8f8bce60 100644
--- a/target/alpha/helper.c
+++ b/target/alpha/helper.c
@@ -21,6 +21,7 @@
 #include "qemu/log.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "fpu/softfloat-types.h"
 #include "exec/helper-proto.h"
 #include "qemu/qemu-print.h"
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 31ae43f60e..cc97f1d74a 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -11,6 +11,7 @@
 #include "qemu/range.h"
 #include "qemu/main-loop.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "cpu.h"
 #include "internals.h"
 #include "cpu-features.h"
diff --git a/target/arm/tcg/m_helper.c b/target/arm/tcg/m_helper.c
index d1f1e02acc..c702781768 100644
--- a/target/arm/tcg/m_helper.c
+++ b/target/arm/tcg/m_helper.c
@@ -16,6 +16,7 @@
 #include "qemu/bitops.h"
 #include "qemu/log.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #ifdef CONFIG_TCG
 #include "exec/cpu_ldst.h"
 #include "semihosting/common-semi.h"
diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c
index d971b81370..8ed5cf7bb6 100644
--- a/target/arm/tcg/mte_helper.c
+++ b/target/arm/tcg/mte_helper.c
@@ -22,6 +22,7 @@
 #include "cpu.h"
 #include "internals.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "exec/ram_addr.h"
 #include "exec/cpu_ldst.h"
 #include "exec/helper-proto.h"
diff --git a/target/arm/tcg/sve_helper.c b/target/arm/tcg/sve_helper.c
index 6853f58c19..add7704bf5 100644
--- a/target/arm/tcg/sve_helper.c
+++ b/target/arm/tcg/sve_helper.c
@@ -21,6 +21,7 @@
 #include "cpu.h"
 #include "internals.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "exec/helper-proto.h"
 #include "tcg/tcg-gvec-desc.h"
 #include "fpu/softfloat.h"
diff --git a/target/avr/helper.c b/target/avr/helper.c
index eeca415c43..aad92520ae 100644
--- a/target/avr/helper.c
+++ b/target/avr/helper.c
@@ -24,6 +24,7 @@
 #include "cpu.h"
 #include "hw/core/tcg-cpu-ops.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "exec/cpu_ldst.h"
 #include "exec/address-spaces.h"
 #include "exec/helper-proto.h"
diff --git a/target/cris/mmu.c b/target/cris/mmu.c
index b574ec6e5b..dee485419d 100644
--- a/target/cris/mmu.c
+++ b/target/cris/mmu.c
@@ -21,6 +21,7 @@
 #include "qemu/osdep.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "mmu.h"
 
 #ifdef DEBUG
diff --git a/target/hppa/mem_helper.c b/target/hppa/mem_helper.c
index 84785b5a5c..1a9b6d4fb5 100644
--- a/target/hppa/mem_helper.c
+++ b/target/hppa/mem_helper.c
@@ -21,6 +21,7 @@
 #include "qemu/log.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "exec/helper-proto.h"
 #include "hw/core/cpu.h"
 #include "trace.h"
diff --git a/target/hppa/translate.c b/target/hppa/translate.c
index 42fa480950..5a121db6b0 100644
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@@ -22,6 +22,7 @@
 #include "disas/disas.h"
 #include "qemu/host-utils.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "tcg/tcg-op.h"
 #include "tcg/tcg-op-gvec.h"
 #include "exec/helper-proto.h"
diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/excp_helper.c
index 7a57b7dd10..be5c69cc26 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -21,6 +21,7 @@
 #include "cpu.h"
 #include "exec/cpu_ldst.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "tcg/helper-tcg.h"
 
 typedef struct TranslateParams {
diff --git a/target/loongarch/tcg/tlb_helper.c b/target/loongarch/tcg/tlb_helper.c
index 57f5308632..8344562888 100644
--- a/target/loongarch/tcg/tlb_helper.c
+++ b/target/loongarch/tcg/tlb_helper.c
@@ -13,6 +13,7 @@
 #include "internals.h"
 #include "exec/helper-proto.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "exec/cpu_ldst.h"
 #include "exec/log.h"
 #include "cpu-csr.h"
diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index 7a91f33b17..d314296622 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -21,6 +21,7 @@
 #include "qemu/osdep.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "exec/gdbstub.h"
 #include "exec/helper-proto.h"
 #include "gdbstub/helpers.h"
diff --git a/target/microblaze/helper.c b/target/microblaze/helper.c
index d25c9eb4d3..e2f17d4848 100644
--- a/target/microblaze/helper.c
+++ b/target/microblaze/helper.c
@@ -21,6 +21,7 @@
 #include "qemu/osdep.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "qemu/host-utils.h"
 #include "exec/log.h"
 
diff --git a/target/microblaze/mmu.c b/target/microblaze/mmu.c
index 234006634e..db2b12a49e 100644
--- a/target/microblaze/mmu.c
+++ b/target/microblaze/mmu.c
@@ -22,6 +22,7 @@
 #include "qemu/log.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 
 static unsigned int tlb_decode_size(unsigned int f)
 {
diff --git a/target/mips/sysemu/physaddr.c b/target/mips/sysemu/physaddr.c
index 5c5184e136..d0ea1d4aab 100644
--- a/target/mips/sysemu/physaddr.c
+++ b/target/mips/sysemu/physaddr.c
@@ -19,6 +19,7 @@
 #include "qemu/osdep.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "../internal.h"
 
 static int is_seg_am_mapped(unsigned int am, bool eu, int mmu_idx)
diff --git a/target/mips/tcg/sysemu/tlb_helper.c b/target/mips/tcg/sysemu/tlb_helper.c
index 119eae771e..302117bb30 100644
--- a/target/mips/tcg/sysemu/tlb_helper.c
+++ b/target/mips/tcg/sysemu/tlb_helper.c
@@ -22,6 +22,7 @@
 #include "cpu.h"
 #include "internal.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "exec/cpu_ldst.h"
 #include "exec/log.h"
 #include "exec/helper-proto.h"
diff --git a/target/openrisc/mmu.c b/target/openrisc/mmu.c
index 603c26715e..6ca7cc023e 100644
--- a/target/openrisc/mmu.c
+++ b/target/openrisc/mmu.c
@@ -22,6 +22,7 @@
 #include "qemu/log.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "gdbstub/helpers.h"
 #include "qemu/host-utils.h"
 #include "hw/loader.h"
diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index 3976416840..da446632c9 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -21,6 +21,7 @@
 #include "qemu/osdep.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "sysemu/kvm.h"
 #include "kvm_ppc.h"
 #include "internal.h"
diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index d645c0bb94..1633a0e5d0 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -21,6 +21,7 @@
 #include "qemu/units.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "qemu/error-report.h"
 #include "qemu/qemu-print.h"
 #include "sysemu/hw_accel.h"
diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c
index 690dff7a49..5977f98689 100644
--- a/target/ppc/mmu-radix64.c
+++ b/target/ppc/mmu-radix64.c
@@ -20,6 +20,7 @@
 #include "qemu/osdep.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "qemu/error-report.h"
 #include "sysemu/kvm.h"
 #include "kvm_ppc.h"
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 751403f1c8..03713e0a90 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -25,6 +25,7 @@
 #include "mmu-hash64.h"
 #include "mmu-hash32.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "exec/log.h"
 #include "helper_regs.h"
 #include "qemu/error-report.h"
diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
index c071b4d5e2..db2dd8c76a 100644
--- a/target/ppc/mmu_helper.c
+++ b/target/ppc/mmu_helper.c
@@ -25,6 +25,7 @@
 #include "mmu-hash64.h"
 #include "mmu-hash32.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "exec/log.h"
 #include "helper_regs.h"
 #include "qemu/error-report.h"
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index fc090d729a..6f0f8ab0b9 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -24,6 +24,7 @@
 #include "internals.h"
 #include "pmu.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "instmap.h"
 #include "tcg/tcg-op.h"
 #include "trace.h"
diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 2a76b611a0..4eff14b3f8 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -25,6 +25,7 @@
 #include "cpu.h"
 #include "trace.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 
 static bool pmp_write_cfg(CPURISCVState *env, uint32_t addr_index,
                           uint8_t val);
diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c
index fa139040f8..c6716cfd30 100644
--- a/target/riscv/vector_helper.c
+++ b/target/riscv/vector_helper.c
@@ -23,6 +23,7 @@
 #include "exec/memop.h"
 #include "exec/exec-all.h"
 #include "exec/cpu_ldst.h"
+#include "exec/page-prot-common.h"
 #include "exec/helper-proto.h"
 #include "fpu/softfloat.h"
 #include "tcg/tcg-gvec-desc.h"
diff --git a/target/rx/cpu.c b/target/rx/cpu.c
index e3dfb09722..b45957c43a 100644
--- a/target/rx/cpu.c
+++ b/target/rx/cpu.c
@@ -22,6 +22,7 @@
 #include "cpu.h"
 #include "migration/vmstate.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "hw/loader.h"
 #include "fpu/softfloat.h"
 #include "tcg/debug-assert.h"
diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c
index fbb2f1b4d4..0b2240e39a 100644
--- a/target/s390x/mmu_helper.c
+++ b/target/s390x/mmu_helper.c
@@ -24,6 +24,7 @@
 #include "sysemu/kvm.h"
 #include "sysemu/tcg.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "trace.h"
 #include "hw/hw.h"
 #include "hw/s390x/storage-keys.h"
diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
index 557831def4..290f84e97c 100644
--- a/target/s390x/tcg/mem_helper.c
+++ b/target/s390x/tcg/mem_helper.c
@@ -25,6 +25,7 @@
 #include "tcg_s390x.h"
 #include "exec/helper-proto.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "exec/cpu_ldst.h"
 #include "hw/core/tcg-cpu-ops.h"
 #include "qemu/int128.h"
diff --git a/target/sh4/helper.c b/target/sh4/helper.c
index 7c6f9d374a..21889caaaa 100644
--- a/target/sh4/helper.c
+++ b/target/sh4/helper.c
@@ -21,6 +21,7 @@
 
 #include "cpu.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "exec/log.h"
 
 #if !defined(CONFIG_USER_ONLY)
diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index 2846a86cc4..b5fd600754 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -23,6 +23,7 @@
 #include "tcg/tcg.h"
 #include "exec/helper-proto.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "exec/cpu_ldst.h"
 #include "asi.h"
 
diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c
index ad1591d9fd..7ff000e820 100644
--- a/target/sparc/mmu_helper.c
+++ b/target/sparc/mmu_helper.c
@@ -21,6 +21,7 @@
 #include "qemu/log.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "qemu/qemu-print.h"
 #include "trace.h"
 
diff --git a/target/tricore/helper.c b/target/tricore/helper.c
index 76bd226370..92312e5b95 100644
--- a/target/tricore/helper.c
+++ b/target/tricore/helper.c
@@ -20,6 +20,7 @@
 #include "hw/registerfields.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 #include "fpu/softfloat-helpers.h"
 #include "qemu/qemu-print.h"
 
diff --git a/target/xtensa/mmu_helper.c b/target/xtensa/mmu_helper.c
index 47063b0a57..453fd37193 100644
--- a/target/xtensa/mmu_helper.c
+++ b/target/xtensa/mmu_helper.c
@@ -33,6 +33,7 @@
 #include "exec/helper-proto.h"
 #include "qemu/host-utils.h"
 #include "exec/exec-all.h"
+#include "exec/page-prot-common.h"
 
 #define XTENSA_MPU_SEGMENT_MASK 0x0000001f
 #define XTENSA_MPU_ACC_RIGHTS_MASK 0x00000f00
diff --git a/target/xtensa/op_helper.c b/target/xtensa/op_helper.c
index 496754ba57..a9048ad6ac 100644
--- a/target/xtensa/op_helper.c
+++ b/target/xtensa/op_helper.c
@@ -28,6 +28,7 @@
 #include "qemu/osdep.h"
 #include "cpu.h"
 #include "exec/helper-proto.h"
+#include "exec/page-prot-common.h"
 #include "qemu/host-utils.h"
 #include "exec/exec-all.h"
 #include "qemu/atomic.h"
-- 
2.41.0

[RFC PATCH 09/14] exec/cpu: Restrict user-specific page definitions

[Philippe Mathieu-Daudé]

User-specific PAGE definitions shouldn't be used on system emulation.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 include/exec/page-prot-common.h | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/include/exec/page-prot-common.h b/include/exec/page-prot-common.h
index 2722ded724..b1fce45c15 100644
--- a/include/exec/page-prot-common.h
+++ b/include/exec/page-prot-common.h
@@ -17,16 +17,22 @@
 /*
  * Original state of the write flag (used when tracking self-modifying code)
  */
+#if defined(CONFIG_USER_ONLY)
 #define PAGE_WRITE_ORG 0x0010
+#endif
 /*
  * Invalidate the TLB entry immediately, helpful for s390x
  * Low-Address-Protection. Used with PAGE_WRITE in tlb_set_page_with_attrs()
  */
 #define PAGE_WRITE_INV 0x0020
 /* For use with page_set_flags: page is being replaced; target_data cleared. */
+#if defined(CONFIG_USER_ONLY)
 #define PAGE_RESET     0x0040
+#endif
 /* For linux-user, indicates that the page is MAP_ANON. */
+#if defined(CONFIG_USER_ONLY)
 #define PAGE_ANON      0x0080
+#endif
 
 /* Target-specific bits that will be used via page_get_flags().  */
 #define PAGE_TARGET_1  0x0200
@@ -36,6 +42,8 @@
  * For linux-user, indicates that the page is mapped with the same semantics
  * in both guest and host.
  */
+#if defined(CONFIG_USER_ONLY)
 #define PAGE_PASSTHROUGH 0x0800
+#endif
 
 #endif
-- 
2.41.0

[PATCH 10/14] exec/user: Restrict 'syscall-trace.h' to user emulation

[Philippe Mathieu-Daudé]

System emulation shouldn't use "user/syscall-trace.h".

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 include/user/syscall-trace.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/include/user/syscall-trace.h b/include/user/syscall-trace.h
index b48b2b2d0a..6926434d9a 100644
--- a/include/user/syscall-trace.h
+++ b/include/user/syscall-trace.h
@@ -10,6 +10,10 @@
 #ifndef SYSCALL_TRACE_H
 #define SYSCALL_TRACE_H
 
+#ifndef CONFIG_USER_ONLY
+#error Cannot include this header from system emulation
+#endif
+
 #include "exec/user/abitypes.h"
 #include "gdbstub/user.h"
 #include "qemu/plugin.h"
-- 
2.41.0

[PATCH 11/14] accel/tcg: Use cpu_loop_exit_requested() in cpu_loop_exec_tb()

[Philippe Mathieu-Daudé]

Do not open-code cpu_loop_exit_requested().

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 accel/tcg/cpu-exec.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 225e5fbd3e..0329c6423e 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -900,8 +900,6 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb,
                                     vaddr pc, TranslationBlock **last_tb,
                                     int *tb_exit)
 {
-    int32_t insns_left;
-
     trace_exec_tb(tb, pc);
     tb = cpu_tb_exec(cpu, tb, tb_exit);
     if (*tb_exit != TB_EXIT_REQUESTED) {
@@ -910,8 +908,7 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb,
     }
 
     *last_tb = NULL;
-    insns_left = qatomic_read(&cpu->neg.icount_decr.u32);
-    if (insns_left < 0) {
+    if (cpu_loop_exit_requested(cpu)) {
         /* Something asked us to stop executing chained TBs; just
          * continue round the main loop. Whatever requested the exit
          * will also have set something else (eg exit_request or
@@ -925,6 +922,8 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb,
     /* Instruction counter expired.  */
     assert(icount_enabled());
 #ifndef CONFIG_USER_ONLY
+    int32_t insns_left;
+
     /* Ensure global icount has gone forward */
     icount_update(cpu);
     /* Refill decrementer and continue execution.  */
-- 
2.41.0

[PATCH 12/14] accel/tcg: Remove pointless initialization of cflags_next_tb

[Philippe Mathieu-Daudé]

cflags_next_tb is always re-initialized in the CPU Reset()
handler in cpu_common_reset_hold(), no need to initialize
it in cpu_common_initfn().

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 hw/core/cpu-common.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index a72d48d9e1..c4175cc4b9 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -255,7 +255,6 @@ static void cpu_common_initfn(Object *obj)
     /* the default value is changed by qemu_init_vcpu() for system-mode */
     cpu->nr_cores = 1;
     cpu->nr_threads = 1;
-    cpu->cflags_next_tb = -1;
 
     qemu_mutex_init(&cpu->work_mutex);
     qemu_lockcnt_init(&cpu->in_ioctl_lock);
-- 
2.41.0

[PATCH 13/14] accel/tcg: Reset TCG specific fields in tcg_cpu_reset_hold()

[Philippe Mathieu-Daudé]

Rather than resetting TCG specific fields in the common
cpu_common_reset_hold(), do it in tcg_cpu_reset_hold().

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 accel/tcg/tcg-accel-ops.c | 3 +++
 hw/core/cpu-common.c      | 2 --
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/accel/tcg/tcg-accel-ops.c b/accel/tcg/tcg-accel-ops.c
index 2c7b0cc09e..be99105ac5 100644
--- a/accel/tcg/tcg-accel-ops.c
+++ b/accel/tcg/tcg-accel-ops.c
@@ -85,6 +85,9 @@ static void tcg_cpu_reset_hold(CPUState *cpu)
     tcg_flush_jmp_cache(cpu);
 
     tlb_flush(cpu);
+
+    qatomic_set(&cpu->neg.icount_decr.u32, 0);
+    cpu->neg.can_do_io = true;
 }
 
 /* mask must never be zero, except for A20 change call */
diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index c4175cc4b9..9b3efba82f 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -127,8 +127,6 @@ static void cpu_common_reset_hold(Object *obj, ResetType type)
     cpu->halted = cpu->start_powered_off;
     cpu->mem_io_pc = 0;
     cpu->icount_extra = 0;
-    qatomic_set(&cpu->neg.icount_decr.u32, 0);
-    cpu->neg.can_do_io = true;
     cpu->exception_index = -1;
     cpu->crash_occurred = false;
     cpu->cflags_next_tb = -1;
-- 
2.41.0

[PATCH 14/14] accel/tcg: Access tcg_cflags with getter / setter

[Philippe Mathieu-Daudé]

Access the CPUState::tcg_cflags via tcg_cflags_has() and
tcg_cflags_set() helpers.

Mechanical change using the following Coccinelle spatch script:

  @@
  expression cpu;
  expression flags;
  @@
  -     cpu->tcg_cflags & flags
  +     tcg_cflags_has(cpu, flags)

  @@
  expression cpu;
  expression flags;
  @@
  -     (tcg_cflags_has(cpu, flags))
  +     tcg_cflags_has(cpu, flags)

  @@
  expression cpu;
  expression flags;
  @@
  -     cpu->tcg_cflags |= flags;
  +     tcg_cflags_set(cpu, flags);

Then manually moving the declarations, and adding both
tcg_cflags_has() and tcg_cflags_set() definitions.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 accel/tcg/internal-common.h             |  3 ++-
 include/exec/cpu-common.h               |  7 +++++++
 include/exec/exec-all.h                 |  3 ---
 accel/tcg/cpu-exec.c                    | 10 ++++++++++
 accel/tcg/tcg-accel-ops.c               |  2 +-
 linux-user/mmap.c                       |  8 ++++----
 linux-user/syscall.c                    |  4 ++--
 target/arm/cpu.c                        |  2 +-
 target/avr/cpu.c                        |  2 +-
 target/hexagon/cpu.c                    |  2 +-
 target/hppa/cpu.c                       |  2 +-
 target/i386/cpu.c                       |  2 +-
 target/i386/helper.c                    |  2 +-
 target/loongarch/cpu.c                  |  2 +-
 target/microblaze/cpu.c                 |  2 +-
 target/mips/tcg/exception.c             |  2 +-
 target/mips/tcg/sysemu/special_helper.c |  2 +-
 target/openrisc/cpu.c                   |  2 +-
 target/riscv/tcg/tcg-cpu.c              |  4 ++--
 target/rx/cpu.c                         |  2 +-
 target/sh4/cpu.c                        |  4 ++--
 target/sparc/cpu.c                      |  2 +-
 target/tricore/cpu.c                    |  2 +-
 23 files changed, 44 insertions(+), 29 deletions(-)

diff --git a/accel/tcg/internal-common.h b/accel/tcg/internal-common.h
index edefd0dcb7..ead53cb8a5 100644
--- a/accel/tcg/internal-common.h
+++ b/accel/tcg/internal-common.h
@@ -9,6 +9,7 @@
 #ifndef ACCEL_TCG_INTERNAL_COMMON_H
 #define ACCEL_TCG_INTERNAL_COMMON_H
 
+#include "exec/cpu-common.h"
 #include "exec/translation-block.h"
 
 extern int64_t max_delay;
@@ -20,7 +21,7 @@ extern int64_t max_advance;
  */
 static inline bool cpu_in_serial_context(CPUState *cs)
 {
-    return !(cs->tcg_cflags & CF_PARALLEL) || cpu_in_exclusive_context(cs);
+    return !tcg_cflags_has(cs, CF_PARALLEL) || cpu_in_exclusive_context(cs);
 }
 
 #endif
diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
index ced0b1c886..a9a6c694ee 100644
--- a/include/exec/cpu-common.h
+++ b/include/exec/cpu-common.h
@@ -178,6 +178,13 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
 void list_cpus(void);
 
 #ifdef CONFIG_TCG
+
+bool tcg_cflags_has(CPUState *cpu, uint32_t flags);
+void tcg_cflags_set(CPUState *cpu, uint32_t flags);
+
+/* current cflags for hashing/comparison */
+uint32_t curr_cflags(CPUState *cpu);
+
 /**
  * cpu_unwind_state_data:
  * @cpu: the cpu context
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 4c5e470581..2cd7b8f61b 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -510,9 +510,6 @@ static inline void tb_set_page_addr1(TranslationBlock *tb,
 #endif
 }
 
-/* current cflags for hashing/comparison */
-uint32_t curr_cflags(CPUState *cpu);
-
 /* TranslationBlock invalidate API */
 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr);
 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t last);
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 0329c6423e..c2f18ac633 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -147,6 +147,16 @@ static void init_delay_params(SyncClocks *sc, const CPUState *cpu)
 }
 #endif /* CONFIG USER ONLY */
 
+bool tcg_cflags_has(CPUState *cpu, uint32_t flags)
+{
+    return cpu->tcg_cflags & flags;
+}
+
+void tcg_cflags_set(CPUState *cpu, uint32_t flags)
+{
+    cpu->tcg_cflags |= flags;
+}
+
 uint32_t curr_cflags(CPUState *cpu)
 {
     uint32_t cflags = cpu->tcg_cflags;
diff --git a/accel/tcg/tcg-accel-ops.c b/accel/tcg/tcg-accel-ops.c
index be99105ac5..7ac5f0c974 100644
--- a/accel/tcg/tcg-accel-ops.c
+++ b/accel/tcg/tcg-accel-ops.c
@@ -62,7 +62,7 @@ void tcg_cpu_init_cflags(CPUState *cpu, bool parallel)
 
     cflags |= parallel ? CF_PARALLEL : 0;
     cflags |= icount_enabled() ? CF_USE_ICOUNT : 0;
-    cpu->tcg_cflags |= cflags;
+    tcg_cflags_set(cpu, cflags);
 }
 
 void tcg_cpu_destroy(CPUState *cpu)
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index ecde6b8812..5d50ad442f 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -960,8 +960,8 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int target_prot,
      */
     if (ret != -1 && (flags & MAP_TYPE) != MAP_PRIVATE) {
         CPUState *cpu = thread_cpu;
-        if (!(cpu->tcg_cflags & CF_PARALLEL)) {
-            cpu->tcg_cflags |= CF_PARALLEL;
+        if (!tcg_cflags_has(cpu, CF_PARALLEL)) {
+            tcg_cflags_set(cpu, CF_PARALLEL);
             tb_flush(cpu);
         }
     }
@@ -1400,8 +1400,8 @@ abi_ulong target_shmat(CPUArchState *cpu_env, int shmid,
      * supported by the host -- anything that requires EXCP_ATOMIC will not
      * be atomic with respect to an external process.
      */
-    if (!(cpu->tcg_cflags & CF_PARALLEL)) {
-        cpu->tcg_cflags |= CF_PARALLEL;
+    if (!tcg_cflags_has(cpu, CF_PARALLEL)) {
+        tcg_cflags_set(cpu, CF_PARALLEL);
         tb_flush(cpu);
     }
 
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 096694faab..a64e8a291d 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6583,8 +6583,8 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
          * generate code for parallel execution and flush old translations.
          * Do this now so that the copy gets CF_PARALLEL too.
          */
-        if (!(cpu->tcg_cflags & CF_PARALLEL)) {
-            cpu->tcg_cflags |= CF_PARALLEL;
+        if (!tcg_cflags_has(cpu, CF_PARALLEL)) {
+            tcg_cflags_set(cpu, CF_PARALLEL);
             tb_flush(cpu);
         }
 
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index a152def241..b9cff9043b 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1938,7 +1938,7 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
 
 #if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY)
     /* Use pc-relative instructions in system-mode */
-    cs->tcg_cflags |= CF_PCREL;
+    tcg_cflags_set(cs, CF_PCREL);
 #endif
 
     /* If we needed to query the host kernel for the CPU features
diff --git a/target/avr/cpu.c b/target/avr/cpu.c
index 71ce62a4c2..f53e1192b1 100644
--- a/target/avr/cpu.c
+++ b/target/avr/cpu.c
@@ -55,7 +55,7 @@ static int avr_cpu_mmu_index(CPUState *cs, bool ifetch)
 static void avr_cpu_synchronize_from_tb(CPUState *cs,
                                         const TranslationBlock *tb)
 {
-    tcg_debug_assert(!(cs->tcg_cflags & CF_PCREL));
+    tcg_debug_assert(!tcg_cflags_has(cs, CF_PCREL));
     cpu_env(cs)->pc_w = tb->pc / 2; /* internally PC points to words */
 }
 
diff --git a/target/hexagon/cpu.c b/target/hexagon/cpu.c
index a56bb4b075..64cc05cca7 100644
--- a/target/hexagon/cpu.c
+++ b/target/hexagon/cpu.c
@@ -257,7 +257,7 @@ static vaddr hexagon_cpu_get_pc(CPUState *cs)
 static void hexagon_cpu_synchronize_from_tb(CPUState *cs,
                                             const TranslationBlock *tb)
 {
-    tcg_debug_assert(!(cs->tcg_cflags & CF_PCREL));
+    tcg_debug_assert(!tcg_cflags_has(cs, CF_PCREL));
     cpu_env(cs)->gpr[HEX_REG_PC] = tb->pc;
 }
 
diff --git a/target/hppa/cpu.c b/target/hppa/cpu.c
index 3831cb6db2..393a81988d 100644
--- a/target/hppa/cpu.c
+++ b/target/hppa/cpu.c
@@ -48,7 +48,7 @@ static void hppa_cpu_synchronize_from_tb(CPUState *cs,
 {
     HPPACPU *cpu = HPPA_CPU(cs);
 
-    tcg_debug_assert(!(cs->tcg_cflags & CF_PCREL));
+    tcg_debug_assert(!tcg_cflags_has(cs, CF_PCREL));
 
 #ifdef CONFIG_USER_ONLY
     cpu->env.iaoq_f = tb->pc;
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index fa1ea3735d..5ff3f92fe4 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -7371,7 +7371,7 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
 
 #if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY)
     /* Use pc-relative instructions in system-mode */
-    cs->tcg_cflags |= CF_PCREL;
+    tcg_cflags_set(cs, CF_PCREL);
 #endif
 
     if (cpu->apic_id == UNASSIGNED_APIC_ID) {
diff --git a/target/i386/helper.c b/target/i386/helper.c
index a3e70a630a..aa6a61cac7 100644
--- a/target/i386/helper.c
+++ b/target/i386/helper.c
@@ -523,7 +523,7 @@ static inline target_ulong get_memio_eip(CPUX86State *env)
     }
 
     /* Per x86_restore_state_to_opc. */
-    if (cs->tcg_cflags & CF_PCREL) {
+    if (tcg_cflags_has(cs, CF_PCREL)) {
         return (env->eip & TARGET_PAGE_MASK) | data[0];
     } else {
         return data[0] - env->segs[R_CS].base;
diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
index bac84dca7a..e488a8fa9c 100644
--- a/target/loongarch/cpu.c
+++ b/target/loongarch/cpu.c
@@ -336,7 +336,7 @@ static bool loongarch_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
 static void loongarch_cpu_synchronize_from_tb(CPUState *cs,
                                               const TranslationBlock *tb)
 {
-    tcg_debug_assert(!(cs->tcg_cflags & CF_PCREL));
+    tcg_debug_assert(!tcg_cflags_has(cs, CF_PCREL));
     set_pc(cpu_env(cs), tb->pc);
 }
 
diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c
index 9eb7374ccd..41ad47d04c 100644
--- a/target/microblaze/cpu.c
+++ b/target/microblaze/cpu.c
@@ -99,7 +99,7 @@ static void mb_cpu_synchronize_from_tb(CPUState *cs,
 {
     MicroBlazeCPU *cpu = MICROBLAZE_CPU(cs);
 
-    tcg_debug_assert(!(cs->tcg_cflags & CF_PCREL));
+    tcg_debug_assert(!tcg_cflags_has(cs, CF_PCREL));
     cpu->env.pc = tb->pc;
     cpu->env.iflags = tb->flags & IFLAGS_TB_MASK;
 }
diff --git a/target/mips/tcg/exception.c b/target/mips/tcg/exception.c
index 13275d1ded..4886d087b2 100644
--- a/target/mips/tcg/exception.c
+++ b/target/mips/tcg/exception.c
@@ -81,7 +81,7 @@ void mips_cpu_synchronize_from_tb(CPUState *cs, const TranslationBlock *tb)
 {
     CPUMIPSState *env = cpu_env(cs);
 
-    tcg_debug_assert(!(cs->tcg_cflags & CF_PCREL));
+    tcg_debug_assert(!tcg_cflags_has(cs, CF_PCREL));
     env->active_tc.PC = tb->pc;
     env->hflags &= ~MIPS_HFLAG_BMASK;
     env->hflags |= tb->flags & MIPS_HFLAG_BMASK;
diff --git a/target/mips/tcg/sysemu/special_helper.c b/target/mips/tcg/sysemu/special_helper.c
index 5baa25348e..9ce5e2ceac 100644
--- a/target/mips/tcg/sysemu/special_helper.c
+++ b/target/mips/tcg/sysemu/special_helper.c
@@ -93,7 +93,7 @@ bool mips_io_recompile_replay_branch(CPUState *cs, const TranslationBlock *tb)
     CPUMIPSState *env = cpu_env(cs);
 
     if ((env->hflags & MIPS_HFLAG_BMASK) != 0
-        && !(cs->tcg_cflags & CF_PCREL) && env->active_tc.PC != tb->pc) {
+        && !tcg_cflags_has(cs, CF_PCREL) && env->active_tc.PC != tb->pc) {
         env->active_tc.PC -= (env->hflags & MIPS_HFLAG_B16 ? 2 : 4);
         env->hflags &= ~MIPS_HFLAG_BMASK;
         return true;
diff --git a/target/openrisc/cpu.c b/target/openrisc/cpu.c
index d711035cf5..fdaaa09fc8 100644
--- a/target/openrisc/cpu.c
+++ b/target/openrisc/cpu.c
@@ -45,7 +45,7 @@ static void openrisc_cpu_synchronize_from_tb(CPUState *cs,
 {
     OpenRISCCPU *cpu = OPENRISC_CPU(cs);
 
-    tcg_debug_assert(!(cs->tcg_cflags & CF_PCREL));
+    tcg_debug_assert(!tcg_cflags_has(cs, CF_PCREL));
     cpu->env.pc = tb->pc;
 }
 
diff --git a/target/riscv/tcg/tcg-cpu.c b/target/riscv/tcg/tcg-cpu.c
index b5b95e052d..40054a391a 100644
--- a/target/riscv/tcg/tcg-cpu.c
+++ b/target/riscv/tcg/tcg-cpu.c
@@ -96,7 +96,7 @@ static void riscv_cpu_synchronize_from_tb(CPUState *cs,
         CPURISCVState *env = &cpu->env;
         RISCVMXL xl = FIELD_EX32(tb->flags, TB_FLAGS, XL);
 
-        tcg_debug_assert(!(cs->tcg_cflags & CF_PCREL));
+        tcg_debug_assert(!tcg_cflags_has(cs, CF_PCREL));
 
         if (xl == MXL_RV32) {
             env->pc = (int32_t) tb->pc;
@@ -890,7 +890,7 @@ static bool riscv_tcg_cpu_realize(CPUState *cs, Error **errp)
     CPURISCVState *env = &cpu->env;
     Error *local_err = NULL;
 
-    CPU(cs)->tcg_cflags |= CF_PCREL;
+    tcg_cflags_set(CPU(cs), CF_PCREL);
 
     if (cpu->cfg.ext_sstc) {
         riscv_timer_init(cpu);
diff --git a/target/rx/cpu.c b/target/rx/cpu.c
index b45957c43a..40f49afc7e 100644
--- a/target/rx/cpu.c
+++ b/target/rx/cpu.c
@@ -46,7 +46,7 @@ static void rx_cpu_synchronize_from_tb(CPUState *cs,
 {
     RXCPU *cpu = RX_CPU(cs);
 
-    tcg_debug_assert(!(cs->tcg_cflags & CF_PCREL));
+    tcg_debug_assert(!tcg_cflags_has(cs, CF_PCREL));
     cpu->env.pc = tb->pc;
 }
 
diff --git a/target/sh4/cpu.c b/target/sh4/cpu.c
index 43e35ec2ca..618aa7154e 100644
--- a/target/sh4/cpu.c
+++ b/target/sh4/cpu.c
@@ -47,7 +47,7 @@ static void superh_cpu_synchronize_from_tb(CPUState *cs,
 {
     SuperHCPU *cpu = SUPERH_CPU(cs);
 
-    tcg_debug_assert(!(cs->tcg_cflags & CF_PCREL));
+    tcg_debug_assert(!tcg_cflags_has(cs, CF_PCREL));
     cpu->env.pc = tb->pc;
     cpu->env.flags = tb->flags & TB_FLAG_ENVFLAGS_MASK;
 }
@@ -74,7 +74,7 @@ static bool superh_io_recompile_replay_branch(CPUState *cs,
     CPUSH4State *env = cpu_env(cs);
 
     if ((env->flags & (TB_FLAG_DELAY_SLOT | TB_FLAG_DELAY_SLOT_COND))
-        && !(cs->tcg_cflags & CF_PCREL) && env->pc != tb->pc) {
+        && !tcg_cflags_has(cs, CF_PCREL) && env->pc != tb->pc) {
         env->pc -= 2;
         env->flags &= ~(TB_FLAG_DELAY_SLOT | TB_FLAG_DELAY_SLOT_COND);
         return true;
diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index 485d416925..685485c654 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -702,7 +702,7 @@ static void sparc_cpu_synchronize_from_tb(CPUState *cs,
 {
     SPARCCPU *cpu = SPARC_CPU(cs);
 
-    tcg_debug_assert(!(cs->tcg_cflags & CF_PCREL));
+    tcg_debug_assert(!tcg_cflags_has(cs, CF_PCREL));
     cpu->env.pc = tb->pc;
     cpu->env.npc = tb->cs_base;
 }
diff --git a/target/tricore/cpu.c b/target/tricore/cpu.c
index 8f9b72c3a0..bdefb84511 100644
--- a/target/tricore/cpu.c
+++ b/target/tricore/cpu.c
@@ -47,7 +47,7 @@ static vaddr tricore_cpu_get_pc(CPUState *cs)
 static void tricore_cpu_synchronize_from_tb(CPUState *cs,
                                             const TranslationBlock *tb)
 {
-    tcg_debug_assert(!(cs->tcg_cflags & CF_PCREL));
+    tcg_debug_assert(!tcg_cflags_has(cs, CF_PCREL));
     cpu_env(cs)->PC = tb->pc;
 }
 
-- 
2.41.0

Re: [PATCH 01/14] target/i386: Simplify get_memio_eip()

[Richard Henderson]

On 4/27/24 08:57, Philippe Mathieu-Daudé wrote:
> The single call to get_memio_eip(), in cpu_report_tpr_access(),
> is protected by a check on tcg_enabled(). Since the call only
> exists when CONFIG_TCG is defined, we can slightly simplify.

Nack, that's not how things work.

By wrapping the whole function in an ifdef, the symbol isn't defined without CONFIG_TCG, 
which means the if (0) { } block cannot compile.


r~

Re: [PATCH 02/14] plugins: Update stale comment

[Richard Henderson]

On 4/27/24 08:57, Philippe Mathieu-Daudé wrote:
> "plugin_mask" was renamed as "event_mask" in commit c006147122
> ("plugins: create CPUPluginState and migrate plugin_mask").
> 
> Signed-off-by: Philippe Mathieu-Daudé<philmd@linaro.org>
> ---
>   plugins/core.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

Re: [PATCH 03/14] plugins/api: Only include 'exec/ram_addr.h' with system emulation

[Richard Henderson]

On 4/27/24 08:57, Philippe Mathieu-Daudé wrote:
> "exec/ram_addr.h" shouldn't be used with user emulation.
> 
> Signed-off-by: Philippe Mathieu-Daudé<philmd@linaro.org>
> ---
>   plugins/api.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)

Acked-by: Richard Henderson <richard.henderson@linaro.org>

r~

Re: [PATCH 04/14] exec: Include missing license in 'exec/cpu-common.h'

[Richard Henderson]

On 4/27/24 08:57, Philippe Mathieu-Daudé wrote:
> Commit 1ad2134f91 ("Hardware convenience library") extracted
> "cpu-common.h" from "cpu-all.h", which uses the LGPL-2.1+ license.
> 
> Signed-off-by: Philippe Mathieu-Daudé<philmd@linaro.org>
> ---
>   include/exec/cpu-common.h | 9 +++++++--
>   1 file changed, 7 insertions(+), 2 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

Re: [PATCH 05/14] exec/cpu: Indent TARGET_PAGE_foo definitions

[Richard Henderson]

On 4/27/24 08:57, Philippe Mathieu-Daudé wrote:
> The TARGET_PAGE_foo definitions are defined with multiple
> level of #ifdef'ry. Indent it a bit for clarity.
> 
> Signed-off-by: Philippe Mathieu-Daudé<philmd@linaro.org>
> ---
>   include/exec/cpu-all.h | 25 +++++++++++++------------
>   1 file changed, 13 insertions(+), 12 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

Re: [PATCH 06/14] exec/cpu: Remove obsolete PAGE_RESERVED definition

[Richard Henderson]

On 4/27/24 08:57, Philippe Mathieu-Daudé wrote:
> We stopped using the PAGE_RESERVED definition in commit
> 50d25c8aec ("accel/tcg: Drop PAGE_RESERVED for CONFIG_BSD").
> This completes commit 2e9a5713f0 ("Remove PAGE_RESERVED").
> 
> Signed-off-by: Philippe Mathieu-Daudé<philmd@linaro.org>
> ---
>   include/exec/cpu-all.h | 4 ----
>   1 file changed, 4 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

Re: [PATCH 07/14] exec/cpu: Remove duplicated PAGE_PASSTHROUGH definition

[Richard Henderson]

On 4/27/24 08:57, Philippe Mathieu-Daudé wrote:
> Missed in commit 58771921af ("include/exec: Move PAGE_* macros
> to common header"), PAGE_PASSTHROUGH ended being defined twice.
> 
> Signed-off-by: Philippe Mathieu-Daudé<philmd@linaro.org>
> ---
>   include/exec/cpu-all.h | 6 ------
>   1 file changed, 6 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

Re: [PATCH 08/14] exec/cpu: Extract page-protection definitions to page-prot-common.h

[Richard Henderson]

On 4/27/24 08:57, Philippe Mathieu-Daudé wrote:
> Extract page-protection definitions from "exec/cpu-all.h"
> to "exec/page-prot-common.h".
> 
> The list of files requiring the new header was generated
> using:
> 
> $ git grep -wE \
>    'PAGE_(READ|WRITE|EXEC|BITS|VALID|ANON|RESERVED|TARGET_.|PASSTHROUGH)'
> 
> Signed-off-by: Philippe Mathieu-Daudé<philmd@linaro.org>
> Acked-by: Nicholas Piggin<npiggin@gmail.com>
> ---

Acked-by: Richard Henderson <richard.henderson@linaro.org>

r~

Re: [RFC PATCH 09/14] exec/cpu: Restrict user-specific page definitions

[Richard Henderson]

On 4/27/24 08:57, Philippe Mathieu-Daudé wrote:
> User-specific PAGE definitions shouldn't be used on system emulation.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
>   include/exec/page-prot-common.h | 8 ++++++++
>   1 file changed, 8 insertions(+)

Come to that, PAGE_WRITE_INV is system only.

Does this clarify or simply spread ifdefs around?
They aren't particularly common at this point...


r~

Re: [PATCH 10/14] exec/user: Restrict 'syscall-trace.h' to user emulation

[Richard Henderson]

On 4/27/24 08:57, Philippe Mathieu-Daudé wrote:
> System emulation shouldn't use "user/syscall-trace.h".
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
>   include/user/syscall-trace.h | 4 ++++
>   1 file changed, 4 insertions(+)
> 
> diff --git a/include/user/syscall-trace.h b/include/user/syscall-trace.h
> index b48b2b2d0a..6926434d9a 100644
> --- a/include/user/syscall-trace.h
> +++ b/include/user/syscall-trace.h
> @@ -10,6 +10,10 @@
>   #ifndef SYSCALL_TRACE_H
>   #define SYSCALL_TRACE_H
>   
> +#ifndef CONFIG_USER_ONLY
> +#error Cannot include this header from system emulation
> +#endif
> +
>   #include "exec/user/abitypes.h"
>   #include "gdbstub/user.h"
>   #include "qemu/plugin.h"

Are we really going to do this for all include/user/ headers?


r~

Re: [PATCH 11/14] accel/tcg: Use cpu_loop_exit_requested() in cpu_loop_exec_tb()

[Richard Henderson]

On 4/27/24 08:57, Philippe Mathieu-Daudé wrote:
> Do not open-code cpu_loop_exit_requested().
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
>   accel/tcg/cpu-exec.c | 7 +++----
>   1 file changed, 3 insertions(+), 4 deletions(-)
> 
> diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
> index 225e5fbd3e..0329c6423e 100644
> --- a/accel/tcg/cpu-exec.c
> +++ b/accel/tcg/cpu-exec.c
> @@ -900,8 +900,6 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb,
>                                       vaddr pc, TranslationBlock **last_tb,
>                                       int *tb_exit)
>   {
> -    int32_t insns_left;
> -
>       trace_exec_tb(tb, pc);
>       tb = cpu_tb_exec(cpu, tb, tb_exit);
>       if (*tb_exit != TB_EXIT_REQUESTED) {
> @@ -910,8 +908,7 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb,
>       }
>   
>       *last_tb = NULL;
> -    insns_left = qatomic_read(&cpu->neg.icount_decr.u32);
> -    if (insns_left < 0) {
> +    if (cpu_loop_exit_requested(cpu)) {
>           /* Something asked us to stop executing chained TBs; just
>            * continue round the main loop. Whatever requested the exit
>            * will also have set something else (eg exit_request or
> @@ -925,6 +922,8 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb,
>       /* Instruction counter expired.  */
>       assert(icount_enabled());
>   #ifndef CONFIG_USER_ONLY
> +    int32_t insns_left;
> +

If you're going to declare in the middle of a block, you might as well delay until the 
initialization a few lines down.


r~

Re: [PATCH 12/14] accel/tcg: Remove pointless initialization of cflags_next_tb

[Richard Henderson]

On 4/27/24 08:57, Philippe Mathieu-Daudé wrote:
> cflags_next_tb is always re-initialized in the CPU Reset()
> handler in cpu_common_reset_hold(), no need to initialize
> it in cpu_common_initfn().
> 
> Signed-off-by: Philippe Mathieu-Daudé<philmd@linaro.org>
> ---
>   hw/core/cpu-common.c | 1 -
>   1 file changed, 1 deletion(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

Re: [PATCH 13/14] accel/tcg: Reset TCG specific fields in tcg_cpu_reset_hold()

[Richard Henderson]

On 4/27/24 08:57, Philippe Mathieu-Daudé wrote:
> Rather than resetting TCG specific fields in the common
> cpu_common_reset_hold(), do it in tcg_cpu_reset_hold().
> 
> Signed-off-by: Philippe Mathieu-Daudé<philmd@linaro.org>
> ---
>   accel/tcg/tcg-accel-ops.c | 3 +++
>   hw/core/cpu-common.c      | 2 --
>   2 files changed, 3 insertions(+), 2 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

Re: [PATCH 14/14] accel/tcg: Access tcg_cflags with getter / setter

[Richard Henderson]

On 4/27/24 08:57, Philippe Mathieu-Daudé wrote:
> Access the CPUState::tcg_cflags via tcg_cflags_has() and
> tcg_cflags_set() helpers.
> 
> Mechanical change using the following Coccinelle spatch script:
> 
>    @@
>    expression cpu;
>    expression flags;
>    @@
>    -     cpu->tcg_cflags & flags
>    +     tcg_cflags_has(cpu, flags)
> 
>    @@
>    expression cpu;
>    expression flags;
>    @@
>    -     (tcg_cflags_has(cpu, flags))
>    +     tcg_cflags_has(cpu, flags)
> 
>    @@
>    expression cpu;
>    expression flags;
>    @@
>    -     cpu->tcg_cflags |= flags;
>    +     tcg_cflags_set(cpu, flags);
> 
> Then manually moving the declarations, and adding both
> tcg_cflags_has() and tcg_cflags_set() definitions.
> 
> Signed-off-by: Philippe Mathieu-Daudé<philmd@linaro.org>
> ---

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

Re: [RFC PATCH 09/14] exec/cpu: Restrict user-specific page definitions

[Philippe Mathieu-Daudé]

On 28/4/24 20:31, Richard Henderson wrote:
> On 4/27/24 08:57, Philippe Mathieu-Daudé wrote:
>> User-specific PAGE definitions shouldn't be used on system emulation.
>>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
>> ---
>>   include/exec/page-prot-common.h | 8 ++++++++
>>   1 file changed, 8 insertions(+)
> 
> Come to that, PAGE_WRITE_INV is system only.
> 
> Does this clarify or simply spread ifdefs around?
> They aren't particularly common at this point...

OK, I removed this patch, renamed as "exec/page-protection.h"
in previous patch and added an entry in the "Overall TCG CPUs"
section in MAINTAINERS.

Re: [PATCH 10/14] exec/user: Restrict 'syscall-trace.h' to user emulation

[Philippe Mathieu-Daudé]

On 28/4/24 20:32, Richard Henderson wrote:
> On 4/27/24 08:57, Philippe Mathieu-Daudé wrote:
>> System emulation shouldn't use "user/syscall-trace.h".
>>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
>> ---
>>   include/user/syscall-trace.h | 4 ++++
>>   1 file changed, 4 insertions(+)
>>
>> diff --git a/include/user/syscall-trace.h b/include/user/syscall-trace.h
>> index b48b2b2d0a..6926434d9a 100644
>> --- a/include/user/syscall-trace.h
>> +++ b/include/user/syscall-trace.h
>> @@ -10,6 +10,10 @@
>>   #ifndef SYSCALL_TRACE_H
>>   #define SYSCALL_TRACE_H
>> +#ifndef CONFIG_USER_ONLY
>> +#error Cannot include this header from system emulation
>> +#endif
>> +
>>   #include "exec/user/abitypes.h"
>>   #include "gdbstub/user.h"
>>   #include "qemu/plugin.h"
> 
> Are we really going to do this for all include/user/ headers?

I'd like to, there are only 2 more files left,
user/tswap-target.h and user/thunk.h.