Re: [Qemu-devel] [PULL 00/27] target-arm queue

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190214190603.25030-1-peter.mayd...@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20190214190603.25030-1-peter.mayd...@linaro.org
Subject: [Qemu-devel] [PULL 00/27] target-arm queue
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
   0d3e41d5ef..0266c739ab  master -> master
 * [new tag]   
patchew/20190214190603.25030-1-peter.mayd...@linaro.org -> 
patchew/20190214190603.25030-1-peter.mayd...@linaro.org
Switched to a new branch 'test'
c903d16f69 gdbstub: Send a reply to the vKill packet.
f41dbe7001 target/arm: Add missing clear_tail calls
a3938310ec target/arm: Use vector operations for saturation
9b991d3ba4 target/arm: Split out FPSCR.QC to a vector field
268d1b9f5d target/arm: Fix set of bits kept in xregs[ARM_VFP_FPSCR]
f1d08942ee target/arm: Split out flags setting from vfp compares
91e223f0f1 target/arm: Fix arm_cpu_dump_state vs FPSCR
764d782f4d target/arm: Fix vfp_gdb_get/set_reg vs FPSCR
47067fd53b target/arm: Remove neon min/max helpers
05f1c9b528 target/arm: Use tcg integer min/max primitives for neon
1f1543646b target/arm: Use vector minmax expanders for aarch32
06f27fadf8 target/arm: Use vector minmax expanders for aarch64
fc2e976aa2 target/arm: Rely on optimization within tcg_gen_gvec_or
1afa20583c hw/arm/armsse: Fix miswiring of expansion IRQs
fdd25e9b24 hw/intc/armv7m_nvic: Allow byte accesses to SHPR1
1827768bd1 MAINTAINERS: Remove Peter Crosthwaite from various entries
991af7236f arm: Allow system registers for KVM guests to be changed by QEMU code
a9636655dd linux-user/elfload: enable HWCAP_CPUID for AArch64
5112145efe target/arm: expose remaining CPUID registers as RAZ
12fd99a4ba target/arm: expose MPIDR_EL1 to userspace
aff8cd32cc target/arm: expose CPUID registers to userspace
1ef1d6626a target/arm: relax permission checks for HWCAP_CPUID registers
ba75efcd06 target/arm: Restructure disas_fp_int_conv
a1f51e target/arm: Force result size into dp after operation
50d5b46b34 target/arm: Fix int128_make128 lo, hi order in paired_cmpxchg64_be
847bae167b target/arm: Implement HACR_EL2
db698e8bd5 target/arm: Fix CRn to be 14 for PMEVTYPER/PMEVCNTR

=== OUTPUT BEGIN ===
1/27 Checking commit db698e8bd558 (target/arm: Fix CRn to be 14 for 
PMEVTYPER/PMEVCNTR)
2/27 Checking commit 847bae167b24 (target/arm: Implement HACR_EL2)
3/27 Checking commit 50d5b46b34cb (target/arm: Fix int128_make128 lo, hi order 
in paired_cmpxchg64_be)
4/27 Checking commit a1f51e5a (target/arm: Force result size into dp after 
operation)
5/27 Checking commit ba75efcd0632 (target/arm: Restructure disas_fp_int_conv)
6/27 Checking commit 1ef1d6626a73 (target/arm: relax permission checks for 
HWCAP_CPUID registers)
7/27 Checking commit aff8cd32cc4a (target/arm: expose CPUID registers to 
userspace)
8/27 Checking commit 12fd99a4baf8 (target/arm: expose MPIDR_EL1 to userspace)
9/27 Checking commit 5112145efe84 (target/arm: expose remaining CPUID registers 
as RAZ)
10/27 Checking commit a9636655dd31 (linux-user/elfload: enable HWCAP_CPUID for 
AArch64)
11/27 Checking commit 991af7236fdf (arm: Allow system registers for KVM guests 
to be changed by QEMU code)
12/27 Checking commit 1827768bd11f (MAINTAINERS: Remove Peter Crosthwaite from 
various entries)
13/27 Checking commit fdd25e9b24c8 (hw/intc/armv7m_nvic: Allow byte accesses to 
SHPR1)
14/27 Checking commit 1afa20583c29 (hw/arm/armsse: Fix miswiring of expansion 
IRQs)
15/27 Checking commit fc2e976aa28e (target/arm: Rely on optimization within 
tcg_gen_gvec_or)
16/27 Checking commit 06f27fadf836 (target/arm: Use vector minmax expanders for 
aarch64)
17/27 Checking commit 1f1543646b22 (target/arm: Use vector minmax expanders for 
aarch32)
18/27 Checking commit 05f1c9b5283e (target/arm: Use tcg integer min/max 
primitives for neon)
19/27 Checking commit 47067fd53bc4 (target/arm: Remove neon min/max helpers)
20/27 Checking commit 764d782f4d64 (target/arm: Fix vfp_gdb_get/set_reg vs 
FPSCR)
ERROR: trailing statements should be on next line
#25: FILE: target/arm/helper.c:84:
+case 1: stl_p(buf, vfp_get_fpscr(env)); return 4;

ERROR: trailing statements should be on next line
#34: FILE: target/arm/helper.c:110:
+case 1: vfp_set_fpscr(env, ldl_p(buf)); return 4;

total: 2 errors, 0 warnings, 16 lines checked

Patch 20/27 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

21/27 Checking commit 91e223f0f1af (target/arm: Fix arm_cpu_dump_state vs FPSCR)
22/27 Checking commit f1d08942ee79 (target/arm: Split out flags setting from 
vfp compares)
23/27 Checking commit 

Re: [Qemu-devel] [PULL 00/15] MIPS queue for February 14th, 2019

[Peter Maydell]

On Thu, 14 Feb 2019 at 17:47, Aleksandar Markovic
 wrote:
>
> From: Aleksandar Markovic 
>
> The following changes since commit 7e407466b1efbd65225cc72fe09c0c5ec79df75b:
>
>   Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into 
> staging (2019-02-14 15:22:29 +)
>
> are available in the git repository at:
>
>   https://github.com/AMarkovic/qemu tags/mips-queue-feb-14-2019
>
> for you to fetch changes up to ba632924450faf6741d299f8feed8150a0c6f884:
>
>   tests/tcg: target/mips: Add tests for MSA logic instructions (2019-02-14 
> 17:47:37 +0100)
>
> 
> MIPS queue for February 14th, 2019
>
>   - MTTCG support for MIPS
>   - The first part of MSA ASE tests
>
> There are several checkpatch warnings that should be all ignored.
>
> 

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.0
for any user-visible changes. (I note that the "MIPS" section is
currently quite empty-looking.)

-- PMM

Re: [Qemu-devel] [PATCH] target-i386: Enhance the stub for kvm_arch_get_supported_cpuid()

[Kamil Rytarowski]

On 14.02.2019 19:44, Paolo Bonzini wrote:
> On 02/02/19 15:45, Kamil Rytarowski wrote:
>>
>> Clang/LLVM on NetBSD with enabled optimization cannot link
>> correct qemu program because of a missing symbol of
>> kvm_arch_get_supported_cpuid() in kvm-stubs.o used by executables.
> 
> Can you please include the full error message?  Usually these things are
> a sign of a bug elsewhere.
> 
> Paolo
> 

Please do replace the current kludge that is sensitive to:
 - compiler behavior that can change with new versions
 - compiler gcc/clang
 - optimization options
 - linux(KVM) - non-linux (no-KVM) build
 - community not actively testing non-linux no-kvm build with
optimization on clang


My patch replaced it makes it work.

Build error:

  LINKi386-bsd-user/qemu-i386
/usr/bin/ld: /usr/lib/libc.so and /usr/lib/crt0.o: warning: multiple
common of `environ'
/usr/bin/ld: target/i386/cpu.o: in function `x86_cpu_filter_features':
/tmp/pkgsrc-tmp/emulators/qemu/work/qemu-3.1.0/target/i386/cpu.c:5047:
undefined reference to `kvm_arch_get_supported_cpuid'
/usr/bin/ld:
/tmp/pkgsrc-tmp/emulators/qemu/work/qemu-3.1.0/target/i386/cpu.c:5048:
undefined reference to `kvm_arch_get_supported_cpuid'
/usr/bin/ld:
/tmp/pkgsrc-tmp/emulators/qemu/work/qemu-3.1.0/target/i386/cpu.c:5049:
undefined reference to `kvm_arch_get_supported_cpuid'
/usr/bin/ld:
/tmp/pkgsrc-tmp/emulators/qemu/work/qemu-3.1.0/target/i386/cpu.c:5050:
undefined reference to `kvm_arch_get_supported_cpuid'
/usr/bin/ld:
/tmp/pkgsrc-tmp/emulators/qemu/work/qemu-3.1.0/target/i386/cpu.c:5051:
undefined reference to `kvm_arch_get_supported_cpuid'
clang-9: error: linker command failed with exit code 1 (use -v to see
invocation)
make[1]: *** [Makefile:199: qemu-i386] Error 1
gmake: *** [Makefile:483: subdir-i386-bsd-user] Error 2
gmake: *** Waiting for unfinished jobs
  LINKx86_64-bsd-user/qemu-x86_64
/usr/bin/ld: /usr/lib/libc.so and /usr/lib/crt0.o: warning: multiple
common of `environ'
/usr/bin/ld: target/i386/cpu.o: in function `x86_cpu_filter_features':
/tmp/pkgsrc-tmp/emulators/qemu/work/qemu-3.1.0/target/i386/cpu.c:5047:
undefined reference to `kvm_arch_get_supported_cpuid'
/usr/bin/ld:
/tmp/pkgsrc-tmp/emulators/qemu/work/qemu-3.1.0/target/i386/cpu.c:5048:
undefined reference to `kvm_arch_get_supported_cpuid'
/usr/bin/ld:
/tmp/pkgsrc-tmp/emulators/qemu/work/qemu-3.1.0/target/i386/cpu.c:5049:
undefined reference to `kvm_arch_get_supported_cpuid'
/usr/bin/ld:
/tmp/pkgsrc-tmp/emulators/qemu/work/qemu-3.1.0/target/i386/cpu.c:5050:
undefined reference to `kvm_arch_get_supported_cpuid'
/usr/bin/ld:
/tmp/pkgsrc-tmp/emulators/qemu/work/qemu-3.1.0/target/i386/cpu.c:5051:
undefined reference to `kvm_arch_get_supported_cpuid'
clang-9: error: linker command failed with exit code 1 (use -v to see
invocation)
make[1]: *** [Makefile:199: qemu-x86_64] Error 1
gmake: *** [Makefile:483: subdir-x86_64-bsd-user] Error 2
*** Error code 2



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 02/25] hw/arm: Express dependencies of the highbank machines with Kconfig

[Peter Maydell]

On Wed, 13 Feb 2019 at 08:38, Thomas Huth  wrote:
>
> Add Kconfig dependencies for the highbank machine (and the midway
> machine).
> This patch is slightly based on earlier work by Ákos Kovács (i.e.
> his "hw/arm/Kconfig: Add ARM Kconfig" patch).
>
> Signed-off-by: Thomas Huth 
> ---
>  default-configs/arm-softmmu.mak |  4 +---
>  hw/arm/Kconfig  | 12 
>  2 files changed, 13 insertions(+), 3 deletions(-)
>
> diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
> index 3baafc4..59734ee 100644
> --- a/default-configs/arm-softmmu.mak
> +++ b/default-configs/arm-softmmu.mak
> @@ -6,6 +6,7 @@ CONFIG_ARM_V7M=y
>  CONFIG_PCI_DEVICES=y
>
>  CONFIG_EXYNOS4=y
> +CONFIG_HIGHBANK=y
>
>  CONFIG_VGA=y
>  CONFIG_NAND=y
> @@ -54,14 +55,12 @@ CONFIG_PL022=y
>  CONFIG_PL031=y
>  CONFIG_PL041=y
>  CONFIG_PL050=y
> -CONFIG_PL061=y
>  CONFIG_PL080=y
>  CONFIG_PL110=y
>  CONFIG_PL181=y
>  CONFIG_PL190=y
>  CONFIG_PL330=y
>  CONFIG_CADENCE=y
> -CONFIG_XGMAC=y

Could you explain the logic for when CONFIG_*=y
lines get deleted from the arm-softmmu.mak?
In this patch PL061 has been deleted, but PL011,
PL022, PL031 have not, though all these devices are
used in both Highbank and in other not-yet-converted
machine types. What's the difference ?

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 0/9] vhost: enable for all targets

[Michael S. Tsirkin]

On Thu, Feb 14, 2019 at 06:35:47PM +0100, Paolo Bonzini wrote:
> See also "[PATCH for-3.2 00/10] vhost: preparation for qgraph
> conversion of vhost-user-test".  Some of the other vhost-user-test
> patches have gone in already, and this is what is left.
> 
> These patches are a prerequisite for both kconfig and qgraph.
> 
> I will probably test them on macOS myself before these are included
> in a pull request, since the previous versions had some issues.
> Michael, let me know if you want me to send the pull request.
> 
> Thanks,
> 
> Paolo

what's the changelog from v1?

> Paolo Bonzini (9):
>   vhost-net: move stubs to a separate file
>   vhost-net-user: add stubs for when no virtio-net device is present
>   vhost: restrict Linux dependency to kernel vhost
>   vhost-user: support cross-endian vnet headers
>   vhost-net: compile it on all targets that have virtio-net.
>   vhost-net: revamp configure logic
>   vhost-user-test: create a main loop per TestServer
>   vhost-user-test: small changes to init_hugepagefs
>   vhost-user-test: create a temporary directory per TestServer
> 
>  backends/Makefile.objs |   5 +-
>  configure  | 102 ++---
>  default-configs/virtio.mak |   4 +-
>  hw/net/Makefile.objs   |   4 +-
>  hw/net/vhost_net-stub.c|  92 ++
>  hw/net/vhost_net.c |  85 ++--
>  hw/virtio/Makefile.objs|   8 ++-
>  hw/virtio/vhost-backend.c  |  12 +++-
>  hw/virtio/vhost-user.c |  13 +++-
>  hw/virtio/vhost.c  |   2 +-
>  include/exec/poison.h  |   1 -
>  net/Makefile.objs  |   4 +-
>  net/net.c  |   2 +-
>  net/vhost-user-stub.c  |  23 +++
>  net/vhost-user.c   |  13 
>  tests/Makefile.include |   5 +-
>  tests/vhost-user-test.c| 160 
> +++--
>  17 files changed, 319 insertions(+), 216 deletions(-)
>  create mode 100644 hw/net/vhost_net-stub.c
>  create mode 100644 net/vhost-user-stub.c
> 
> -- 
> 1.8.3.1

[Qemu-devel] [PULL 25/27] target/arm: Use vector operations for saturation

[Peter Maydell]

From: Richard Henderson 

For same-sign saturation, we have tcg vector operations.  We can
compute the QC bit by comparing the saturated value against the
unsaturated value.

Signed-off-by: Richard Henderson 
Message-id: 20190209033847.9014-12-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/helper.h|  33 +++
 target/arm/translate.h |   4 +
 target/arm/translate-a64.c |  36 
 target/arm/translate.c | 172 +++--
 target/arm/vec_helper.c| 130 
 5 files changed, 331 insertions(+), 44 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 9874c35ea97..923e8e15255 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -641,6 +641,39 @@ DEF_HELPER_FLAGS_6(gvec_fmla_idx_s, TCG_CALL_NO_RWG,
 DEF_HELPER_FLAGS_6(gvec_fmla_idx_d, TCG_CALL_NO_RWG,
void, ptr, ptr, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_5(gvec_uqadd_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_uqadd_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_uqadd_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_uqadd_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_sqadd_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_sqadd_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_sqadd_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_sqadd_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_uqsub_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_uqsub_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_uqsub_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_uqsub_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_sqsub_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_sqsub_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_sqsub_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_sqsub_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+
 #ifdef TARGET_AARCH64
 #include "helper-a64.h"
 #include "helper-sve.h"
diff --git a/target/arm/translate.h b/target/arm/translate.h
index 17748ddfb9d..f25fe756859 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -214,6 +214,10 @@ extern const GVecGen2i ssra_op[4];
 extern const GVecGen2i usra_op[4];
 extern const GVecGen2i sri_op[4];
 extern const GVecGen2i sli_op[4];
+extern const GVecGen4 uqadd_op[4];
+extern const GVecGen4 sqadd_op[4];
+extern const GVecGen4 uqsub_op[4];
+extern const GVecGen4 sqsub_op[4];
 void gen_cmtst_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b);
 
 /*
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index bd9a1d09e72..dbce24fe32c 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -10952,6 +10952,22 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 }
 
 switch (opcode) {
+case 0x01: /* SQADD, UQADD */
+tcg_gen_gvec_4(vec_full_reg_offset(s, rd),
+   offsetof(CPUARMState, vfp.qc),
+   vec_full_reg_offset(s, rn),
+   vec_full_reg_offset(s, rm),
+   is_q ? 16 : 8, vec_full_reg_size(s),
+   (u ? uqadd_op : sqadd_op) + size);
+return;
+case 0x05: /* SQSUB, UQSUB */
+tcg_gen_gvec_4(vec_full_reg_offset(s, rd),
+   offsetof(CPUARMState, vfp.qc),
+   vec_full_reg_offset(s, rn),
+   vec_full_reg_offset(s, rm),
+   is_q ? 16 : 8, vec_full_reg_size(s),
+   (u ? uqsub_op : sqsub_op) + size);
+return;
 case 0x0c: /* SMAX, UMAX */
 if (u) {
 gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_umax, size);
@@ -11047,16 +11063,6 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 genfn = fns[size][u];
 break;
 }
-case 0x1: /* SQADD, UQADD */
-{
-static NeonGenTwoOpEnvFn * const fns[3][2] = {
-{ gen_helper_neon_qadd_s8, gen_helper_neon_qadd_u8 },
-{ gen_helper_neon_qadd_s16, gen_helper_neon_qadd_u16 },
-{ gen_helper_neon_qadd_s32, gen_helper_neon_qadd_u32 },
-};
-genenvfn = fns[size][u];
-

[Qemu-devel] [PULL 16/27] target/arm: Use vector minmax expanders for aarch64

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20190209033847.9014-3-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/translate-a64.c | 35 ++-
 1 file changed, 14 insertions(+), 21 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 08c13484cd7..bd9a1d09e72 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -10952,6 +10952,20 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 }
 
 switch (opcode) {
+case 0x0c: /* SMAX, UMAX */
+if (u) {
+gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_umax, size);
+} else {
+gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_smax, size);
+}
+return;
+case 0x0d: /* SMIN, UMIN */
+if (u) {
+gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_umin, size);
+} else {
+gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_smin, size);
+}
+return;
 case 0x10: /* ADD, SUB */
 if (u) {
 gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_sub, size);
@@ -3,27 +11127,6 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 genenvfn = fns[size][u];
 break;
 }
-case 0xc: /* SMAX, UMAX */
-{
-static NeonGenTwoOpFn * const fns[3][2] = {
-{ gen_helper_neon_max_s8, gen_helper_neon_max_u8 },
-{ gen_helper_neon_max_s16, gen_helper_neon_max_u16 },
-{ tcg_gen_smax_i32, tcg_gen_umax_i32 },
-};
-genfn = fns[size][u];
-break;
-}
-
-case 0xd: /* SMIN, UMIN */
-{
-static NeonGenTwoOpFn * const fns[3][2] = {
-{ gen_helper_neon_min_s8, gen_helper_neon_min_u8 },
-{ gen_helper_neon_min_s16, gen_helper_neon_min_u16 },
-{ tcg_gen_smin_i32, tcg_gen_umin_i32 },
-};
-genfn = fns[size][u];
-break;
-}
 case 0xe: /* SABD, UABD */
 case 0xf: /* SABA, UABA */
 {
-- 
2.20.1

[Qemu-devel] [PULL 24/27] target/arm: Split out FPSCR.QC to a vector field

[Peter Maydell]

From: Richard Henderson 

Change the representation of this field such that it is easy
to set from vector code.

Signed-off-by: Richard Henderson 
Message-id: 20190209033847.9014-11-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h |  5 -
 target/arm/helper.c  | 19 +++
 target/arm/neon_helper.c |  2 +-
 target/arm/vec_helper.c  |  2 +-
 4 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index bfc05c796a5..84ae6849c2f 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -577,11 +577,13 @@ typedef struct CPUARMState {
 ARMPredicateReg preg_tmp;
 #endif
 
-uint32_t xregs[16];
 /* We store these fpcsr fields separately for convenience.  */
+uint32_t qc[4] QEMU_ALIGNED(16);
 int vec_len;
 int vec_stride;
 
+uint32_t xregs[16];
+
 /* Scratch space for aa32 neon expansion.  */
 uint32_t scratch[8];
 
@@ -1427,6 +1429,7 @@ void vfp_set_fpscr(CPUARMState *env, uint32_t val);
 #define FPCR_FZ16   (1 << 19)   /* ARMv8.2+, FP16 flush-to-zero */
 #define FPCR_FZ (1 << 24)   /* Flush-to-zero enable bit */
 #define FPCR_DN (1 << 25)   /* Default NaN enable bit */
+#define FPCR_QC (1 << 27)   /* Cumulative saturation bit */
 
 static inline uint32_t vfp_get_fpsr(CPUARMState *env)
 {
diff --git a/target/arm/helper.c b/target/arm/helper.c
index d4b7eca30a7..55e9b77bb10 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -12704,8 +12704,7 @@ static inline int vfp_exceptbits_from_host(int 
host_bits)
 
 uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
 {
-int i;
-uint32_t fpscr;
+uint32_t i, fpscr;
 
 fpscr = env->vfp.xregs[ARM_VFP_FPSCR]
 | (env->vfp.vec_len << 16)
@@ -12716,8 +12715,11 @@ uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
 /* FZ16 does not generate an input denormal exception.  */
 i |= (get_float_exception_flags(>vfp.fp_status_f16)
   & ~float_flag_input_denormal);
-
 fpscr |= vfp_exceptbits_from_host(i);
+
+i = env->vfp.qc[0] | env->vfp.qc[1] | env->vfp.qc[2] | env->vfp.qc[3];
+fpscr |= i ? FPCR_QC : 0;
+
 return fpscr;
 }
 
@@ -12764,10 +12766,19 @@ void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t 
val)
  * (which are stored in fp_status), and the other RES0 bits
  * in between, then we clear all of the low 16 bits.
  */
-env->vfp.xregs[ARM_VFP_FPSCR] = val & 0xffc8;
+env->vfp.xregs[ARM_VFP_FPSCR] = val & 0xf7c8;
 env->vfp.vec_len = (val >> 16) & 7;
 env->vfp.vec_stride = (val >> 20) & 3;
 
+/*
+ * The bit we set within fpscr_q is arbitrary; the register as a
+ * whole being zero/non-zero is what counts.
+ */
+env->vfp.qc[0] = val & FPCR_QC;
+env->vfp.qc[1] = 0;
+env->vfp.qc[2] = 0;
+env->vfp.qc[3] = 0;
+
 changed ^= val;
 if (changed & (3 << 22)) {
 i = (val >> 22) & 3;
diff --git a/target/arm/neon_helper.c b/target/arm/neon_helper.c
index 3249005b627..ed1c6fc41ce 100644
--- a/target/arm/neon_helper.c
+++ b/target/arm/neon_helper.c
@@ -15,7 +15,7 @@
 #define SIGNBIT (uint32_t)0x8000
 #define SIGNBIT64 ((uint64_t)1 << 63)
 
-#define SET_QC() env->vfp.xregs[ARM_VFP_FPSCR] |= CPSR_Q
+#define SET_QC() env->vfp.qc[0] = 1
 
 #define NEON_TYPE1(name, type) \
 typedef struct \
diff --git a/target/arm/vec_helper.c b/target/arm/vec_helper.c
index 37f338732e3..65a18af4e0d 100644
--- a/target/arm/vec_helper.c
+++ b/target/arm/vec_helper.c
@@ -36,7 +36,7 @@
 #define H4(x)  (x)
 #endif
 
-#define SET_QC() env->vfp.xregs[ARM_VFP_FPSCR] |= CPSR_Q
+#define SET_QC() env->vfp.qc[0] = 1
 
 static void clear_tail(void *vd, uintptr_t opr_sz, uintptr_t max_sz)
 {
-- 
2.20.1

Re: [Qemu-devel] [PATCH v2] ppc: add host-serial and host-model machine attributes

[P J P]

+-- On Wed, 13 Feb 2019, David Gibson wrote --+
| > +
| > +object_class_property_add_str(oc, "host-serial",
| > +machine_get_host_serial, machine_set_host_serial,
| > +_abort);
| > +object_class_property_set_description(oc, "host-serial",
| > +"Set host's system-id to use", _abort);
| > +
| > +object_class_property_add_str(oc, "host-model",
| > +machine_get_host_model, machine_set_host_model,
| > +_abort);
| > +object_class_property_set_description(oc, "host-model",
| > +"Set host's model-id to use", _abort);
| 
| You're adding properties to *all* machines, for something that's only
| used on the PAPR machine.  That doesn't seem right.

I tried to figure out about adding these options to only spapr machine, but it 
does not seem straight forward as above.
 
| >  spapr_machine_4_0_class_options(mc);
| >  compat_props_add(mc->compat_props, hw_compat_3_1, hw_compat_3_1_len);
| > +compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat));
| 
| I'm still not convinced maintaining super-strict backwards compat at
| the expense of security is a good tradeoff here, but since the code's
| already written, let's run with it.

I think current patch will provide a way to help fix the security issue, we 
can revise it further if required.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

[Qemu-devel] [PULL 17/27] target/arm: Use vector minmax expanders for aarch32

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20190209033847.9014-4-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/translate.c | 25 +++--
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index eaa6e297384..61760dab917 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -6368,6 +6368,25 @@ static int disas_neon_data_insn(DisasContext *s, 
uint32_t insn)
 tcg_gen_gvec_cmp(u ? TCG_COND_GEU : TCG_COND_GE, size,
  rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size);
 return 0;
+
+case NEON_3R_VMAX:
+if (u) {
+tcg_gen_gvec_umax(size, rd_ofs, rn_ofs, rm_ofs,
+  vec_size, vec_size);
+} else {
+tcg_gen_gvec_smax(size, rd_ofs, rn_ofs, rm_ofs,
+  vec_size, vec_size);
+}
+return 0;
+case NEON_3R_VMIN:
+if (u) {
+tcg_gen_gvec_umin(size, rd_ofs, rn_ofs, rm_ofs,
+  vec_size, vec_size);
+} else {
+tcg_gen_gvec_smin(size, rd_ofs, rn_ofs, rm_ofs,
+  vec_size, vec_size);
+}
+return 0;
 }
 
 if (size == 3) {
@@ -6533,12 +6552,6 @@ static int disas_neon_data_insn(DisasContext *s, 
uint32_t insn)
 case NEON_3R_VQRSHL:
 GEN_NEON_INTEGER_OP_ENV(qrshl);
 break;
-case NEON_3R_VMAX:
-GEN_NEON_INTEGER_OP(max);
-break;
-case NEON_3R_VMIN:
-GEN_NEON_INTEGER_OP(min);
-break;
 case NEON_3R_VABD:
 GEN_NEON_INTEGER_OP(abd);
 break;
-- 
2.20.1

[Qemu-devel] [PULL 27/27] gdbstub: Send a reply to the vKill packet.

[Peter Maydell]

From: Sandra Loosemore 

Per the GDB remote protocol documentation

https://sourceware.org/gdb/current/onlinedocs/gdb/Packets.html#index-vKill-packet

the debug stub is expected to send a reply to the 'vKill' packet.  At
least some versions of GDB crash if the gdb stub simply exits without
sending a reply.  This patch fixes QEMU's gdb stub to conform to the
expected behavior.

Note that QEMU's existing handling of the legacy 'k' packet is
correct: in that case GDB does not expect a reply, and QEMU does not
send one.

Signed-off-by: Sandra Loosemore 
Message-id: 1550008033-26540-1-git-send-email-san...@codesourcery.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 gdbstub.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gdbstub.c b/gdbstub.c
index ff19579452d..bc774ae9925 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1361,6 +1361,7 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 break;
 } else if (strncmp(p, "Kill;", 5) == 0) {
 /* Kill the target */
+put_packet(s, "OK");
 error_report("QEMU: Terminated via GDBstub");
 exit(0);
 } else {
-- 
2.20.1

[Qemu-devel] [PULL 10/27] linux-user/elfload: enable HWCAP_CPUID for AArch64

[Peter Maydell]

From: Alex Bennée 

Userspace programs should (in theory) query the ELF HWCAP before
probing these registers. Now we have implemented them all make it
public.

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Message-id: 20190205190224.2198-6-alex.ben...@linaro.org
Signed-off-by: Peter Maydell 
---
 linux-user/elfload.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 775a36ccdda..3a50d587ff0 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -580,6 +580,7 @@ static uint32_t get_elf_hwcap(void)
 
 hwcaps |= ARM_HWCAP_A64_FP;
 hwcaps |= ARM_HWCAP_A64_ASIMD;
+hwcaps |= ARM_HWCAP_A64_CPUID;
 
 /* probe for the extra features */
 #define GET_FEATURE_ID(feat, hwcap) \
-- 
2.20.1

[Qemu-devel] [PULL 09/27] target/arm: expose remaining CPUID registers as RAZ

[Peter Maydell]

From: Alex Bennée 

There are a whole bunch more registers in the CPUID space which are
currently not used but are exposed as RAZ. To avoid too much
duplication we expand ARMCPRegUserSpaceInfo to understand glob
patterns so we only need one entry to tweak whole ranges of registers.

Signed-off-by: Alex Bennée 
Message-id: 20190205190224.2198-5-alex.ben...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h|  3 +++
 target/arm/helper.c | 26 +++---
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 7c31e5a2d10..f0334413ece 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2474,6 +2474,9 @@ typedef struct ARMCPRegUserSpaceInfo {
 /* Name of register */
 const char *name;
 
+/* Is the name actually a glob pattern */
+bool is_glob;
+
 /* Only some bits are exported to user space */
 uint64_t exported_bits;
 
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 77c73056948..5ac335f598c 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6109,19 +6109,27 @@ void register_cp_regs_for_features(ARMCPU *cpu)
   .fixed_bits= 0x0011 },
 { .name = "ID_AA64PFR1_EL1",
   .exported_bits = 0x00f0 },
+{ .name = "ID_AA64PFR*_EL1_RESERVED",
+  .is_glob = true },
 { .name = "ID_AA64ZFR0_EL1"   },
 { .name = "ID_AA64MMFR0_EL1",
   .fixed_bits= 0xff00 },
 { .name = "ID_AA64MMFR1_EL1"  },
+{ .name = "ID_AA64MMFR*_EL1_RESERVED",
+  .is_glob = true },
 { .name = "ID_AA64DFR0_EL1",
   .fixed_bits= 0x0006 },
 { .name = "ID_AA64DFR1_EL1"   },
-{ .name = "ID_AA64AFR0_EL1"   },
-{ .name = "ID_AA64AFR1_EL1"   },
+{ .name = "ID_AA64DFR*_EL1_RESERVED",
+  .is_glob = true },
+{ .name = "ID_AA64AFR*",
+  .is_glob = true },
 { .name = "ID_AA64ISAR0_EL1",
   .exported_bits = 0x00fff0f0 },
 { .name = "ID_AA64ISAR1_EL1",
   .exported_bits = 0x00f0 },
+{ .name = "ID_AA64ISAR*_EL1_RESERVED",
+  .is_glob = true },
 REGUSERINFO_SENTINEL
 };
 modify_arm_cp_regs(v8_idregs, v8_user_idregs);
@@ -7020,8 +7028,17 @@ void modify_arm_cp_regs(ARMCPRegInfo *regs, const 
ARMCPRegUserSpaceInfo *mods)
 ARMCPRegInfo *r;
 
 for (m = mods; m->name; m++) {
+GPatternSpec *pat = NULL;
+if (m->is_glob) {
+pat = g_pattern_spec_new(m->name);
+}
 for (r = regs; r->type != ARM_CP_SENTINEL; r++) {
-if (strcmp(r->name, m->name) == 0) {
+if (pat && g_pattern_match_string(pat, r->name)) {
+r->type = ARM_CP_CONST;
+r->access = PL0U_R;
+r->resetvalue = 0;
+/* continue */
+} else if (strcmp(r->name, m->name) == 0) {
 r->type = ARM_CP_CONST;
 r->access = PL0U_R;
 r->resetvalue &= m->exported_bits;
@@ -7029,6 +7046,9 @@ void modify_arm_cp_regs(ARMCPRegInfo *regs, const 
ARMCPRegUserSpaceInfo *mods)
 break;
 }
 }
+if (pat) {
+g_pattern_spec_free(pat);
+}
 }
 }
 
-- 
2.20.1

Re: [Qemu-devel] [PATCH] hw/i386/pc: run the multiboot loader before the PVH loader

[Michael S. Tsirkin]

On Thu, Feb 14, 2019 at 07:02:16PM +0100, Stefano Garzarella wrote:
> Some multiboot images could be in the ELF format. In the current
> implementation QEMU fails because we try to load these images
> as a PVH image.
> 
> In order to fix this issue, we should try multiboot first (we
> already check the multiboot magic header before to load it).
> If it is not a multiboot image, we can try the PVH loader.
> 
> Fixes: ab969087da6 ("pvh: Boot uncompressed kernel using direct boot ABI", 
> 2019-01-15)
> Reported-by: Paolo Bonzini 
> Signed-off-by: Stefano Garzarella 

Reviewed-by: Michael S. Tsirkin 

Paolo can you pls merge since you did the pvh things?

> ---
>  hw/i386/pc.c | 17 +++--
>  1 file changed, 11 insertions(+), 6 deletions(-)
> 
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index 3889eccdc3..207c267093 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -1209,6 +1209,17 @@ static void load_linux(PCMachineState *pcms,
>  if (ldl_p(header+0x202) == 0x53726448) {
>  protocol = lduw_p(header+0x206);
>  } else {
> +/*
> + * This could be a multiboot kernel. If it is, let's stop treating it
> + * like a Linux kernel.
> + * Note: some multiboot images could be in the ELF format (the same 
> of
> + * PVH), so we try multiboot first since we check the multiboot magic
> + * header before to load it.
> + */
> +if (load_multiboot(fw_cfg, f, kernel_filename, initrd_filename,
> +   kernel_cmdline, kernel_size, header)) {
> +return;
> +}
>  /*
>   * Check if the file is an uncompressed kernel file (ELF) and load 
> it,
>   * saving the PVH entry point used by the x86/HVM direct boot ABI.
> @@ -1262,12 +1273,6 @@ static void load_linux(PCMachineState *pcms,
>  
>  return;
>  }
> -/* This looks like a multiboot kernel. If it is, let's stop
> -   treating it like a Linux kernel. */
> -if (load_multiboot(fw_cfg, f, kernel_filename, initrd_filename,
> -   kernel_cmdline, kernel_size, header)) {
> -return;
> -}
>  protocol = 0;
>  }
>  
> -- 
> 2.20.1

[Qemu-devel] [PULL 13/27] hw/intc/armv7m_nvic: Allow byte accesses to SHPR1

[Peter Maydell]

The code for handling the NVIC SHPR1 register intends to permit
byte and halfword accesses (as the architecture requires). However
the 'case' line for it only lists the base address of the
register, so attempts to access bytes other than the first one
end up in the "bad write" default logic. This bug was added
accidentally when we split out the SHPR1 logic from SHPR2 and
SHPR3 to support v6M.

Fixes: 7c9140afd594 ("nvic: Handle ARMv6-M SCS reserved registers")
Signed-off-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
---
The Zephyr RTOS happens to access SHPR1 byte at a time,
which is how I spotted this.
---
 hw/intc/armv7m_nvic.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 790a3d95849..ab822f42514 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -1841,7 +1841,7 @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr 
addr,
 }
 }
 break;
-case 0xd18: /* System Handler Priority (SHPR1) */
+case 0xd18 ... 0xd1b: /* System Handler Priority (SHPR1) */
 if (!arm_feature(>cpu->env, ARM_FEATURE_M_MAIN)) {
 val = 0;
 break;
@@ -1956,7 +1956,7 @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr 
addr,
 }
 nvic_irq_update(s);
 return MEMTX_OK;
-case 0xd18: /* System Handler Priority (SHPR1) */
+case 0xd18 ... 0xd1b: /* System Handler Priority (SHPR1) */
 if (!arm_feature(>cpu->env, ARM_FEATURE_M_MAIN)) {
 return MEMTX_OK;
 }
-- 
2.20.1

[Qemu-devel] [PULL 23/27] target/arm: Fix set of bits kept in xregs[ARM_VFP_FPSCR]

[Peter Maydell]

From: Richard Henderson 

Given that we mask bits properly on set, there is no reason
to mask them again on get.  We failed to clear the exception
status bits, 0x9f, which means that the wrong value would be
returned on get.  Except in the (probably normal) case in which
the set clears all of the bits.

Simplify the code in set to also clear the RES0 bits.

Signed-off-by: Richard Henderson 
Message-id: 20190209033847.9014-10-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/helper.c | 15 ---
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 28e45f0f0ba..d4b7eca30a7 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -12707,7 +12707,7 @@ uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
 int i;
 uint32_t fpscr;
 
-fpscr = (env->vfp.xregs[ARM_VFP_FPSCR] & 0xffc8)
+fpscr = env->vfp.xregs[ARM_VFP_FPSCR]
 | (env->vfp.vec_len << 16)
 | (env->vfp.vec_stride << 20);
 
@@ -12749,7 +12749,7 @@ static inline int vfp_exceptbits_to_host(int 
target_bits)
 void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
 {
 int i;
-uint32_t changed;
+uint32_t changed = env->vfp.xregs[ARM_VFP_FPSCR];
 
 /* When ARMv8.2-FP16 is not supported, FZ16 is RES0.  */
 if (!cpu_isar_feature(aa64_fp16, arm_env_get_cpu(env))) {
@@ -12758,12 +12758,13 @@ void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t 
val)
 
 /*
  * We don't implement trapped exception handling, so the
- * trap enable bits are all RAZ/WI (not RES0!)
+ * trap enable bits, IDE|IXE|UFE|OFE|DZE|IOE are all RAZ/WI (not RES0!)
+ *
+ * If we exclude the exception flags, IOC|DZC|OFC|UFC|IXC|IDC
+ * (which are stored in fp_status), and the other RES0 bits
+ * in between, then we clear all of the low 16 bits.
  */
-val &= ~(FPCR_IDE | FPCR_IXE | FPCR_UFE | FPCR_OFE | FPCR_DZE | FPCR_IOE);
-
-changed = env->vfp.xregs[ARM_VFP_FPSCR];
-env->vfp.xregs[ARM_VFP_FPSCR] = (val & 0xffc8);
+env->vfp.xregs[ARM_VFP_FPSCR] = val & 0xffc8;
 env->vfp.vec_len = (val >> 16) & 7;
 env->vfp.vec_stride = (val >> 20) & 3;
 
-- 
2.20.1

[Qemu-devel] [PULL 21/27] target/arm: Fix arm_cpu_dump_state vs FPSCR

[Peter Maydell]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Message-id: 20190209033847.9014-8-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index 103b4f1821a..b871a11ba69 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -13641,7 +13641,7 @@ void arm_cpu_dump_state(CPUState *cs, FILE *f, 
fprintf_function cpu_fprintf,
 i * 2 + 1, (uint32_t)(v >> 32),
 i, v);
 }
-cpu_fprintf(f, "FPSCR: %08x\n", (int)env->vfp.xregs[ARM_VFP_FPSCR]);
+cpu_fprintf(f, "FPSCR: %08x\n", vfp_get_fpscr(env));
 }
 }
 
-- 
2.20.1

[Qemu-devel] [PULL 07/27] target/arm: expose CPUID registers to userspace

[Peter Maydell]

From: Alex Bennée 

A number of CPUID registers are exposed to userspace by modern Linux
kernels thanks to the "ARM64 CPU Feature Registers" ABI. For QEMU's
user-mode emulation we don't need to emulate the kernels trap but just
return the value the trap would have done. To avoid too much #ifdef
hackery we process ARMCPRegInfo with a new helper (modify_arm_cp_regs)
before defining the registers. The modify routine is driven by a
simple data structure which describes which bits are exported and
which are fixed.

Signed-off-by: Alex Bennée 
Message-id: 20190205190224.2198-3-alex.ben...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h| 21 
 target/arm/helper.c | 59 +
 2 files changed, 80 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index c92c097b449..7c31e5a2d10 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2464,6 +2464,27 @@ static inline void define_one_arm_cp_reg(ARMCPU *cpu, 
const ARMCPRegInfo *regs)
 }
 const ARMCPRegInfo *get_arm_cp_reginfo(GHashTable *cpregs, uint32_t 
encoded_cp);
 
+/*
+ * Definition of an ARM co-processor register as viewed from
+ * userspace. This is used for presenting sanitised versions of
+ * registers to userspace when emulating the Linux AArch64 CPU
+ * ID/feature ABI (advertised as HWCAP_CPUID).
+ */
+typedef struct ARMCPRegUserSpaceInfo {
+/* Name of register */
+const char *name;
+
+/* Only some bits are exported to user space */
+uint64_t exported_bits;
+
+/* Fixed bits are applied after the mask */
+uint64_t fixed_bits;
+} ARMCPRegUserSpaceInfo;
+
+#define REGUSERINFO_SENTINEL { .name = NULL }
+
+void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods);
+
 /* CPWriteFn that can be used to implement writes-ignored behaviour */
 void arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
  uint64_t value);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 88cf4976039..b2abaf5b225 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6109,6 +6109,30 @@ void register_cp_regs_for_features(ARMCPU *cpu)
   .resetvalue = cpu->pmceid1 },
 REGINFO_SENTINEL
 };
+#ifdef CONFIG_USER_ONLY
+ARMCPRegUserSpaceInfo v8_user_idregs[] = {
+{ .name = "ID_AA64PFR0_EL1",
+  .exported_bits = 0x000f000f00ff,
+  .fixed_bits= 0x0011 },
+{ .name = "ID_AA64PFR1_EL1",
+  .exported_bits = 0x00f0 },
+{ .name = "ID_AA64ZFR0_EL1"   },
+{ .name = "ID_AA64MMFR0_EL1",
+  .fixed_bits= 0xff00 },
+{ .name = "ID_AA64MMFR1_EL1"  },
+{ .name = "ID_AA64DFR0_EL1",
+  .fixed_bits= 0x0006 },
+{ .name = "ID_AA64DFR1_EL1"   },
+{ .name = "ID_AA64AFR0_EL1"   },
+{ .name = "ID_AA64AFR1_EL1"   },
+{ .name = "ID_AA64ISAR0_EL1",
+  .exported_bits = 0x00fff0f0 },
+{ .name = "ID_AA64ISAR1_EL1",
+  .exported_bits = 0x00f0 },
+REGUSERINFO_SENTINEL
+};
+modify_arm_cp_regs(v8_idregs, v8_user_idregs);
+#endif
 /* RVBAR_EL1 is only implemented if EL1 is the highest EL */
 if (!arm_feature(env, ARM_FEATURE_EL3) &&
 !arm_feature(env, ARM_FEATURE_EL2)) {
@@ -6385,6 +6409,15 @@ void register_cp_regs_for_features(ARMCPU *cpu)
 .opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_W,
 .type = ARM_CP_NOP | ARM_CP_OVERRIDE
 };
+#ifdef CONFIG_USER_ONLY
+ARMCPRegUserSpaceInfo id_v8_user_midr_cp_reginfo[] = {
+{ .name = "MIDR_EL1",
+  .exported_bits = 0x },
+{ .name = "REVIDR_EL1"},
+REGUSERINFO_SENTINEL
+};
+modify_arm_cp_regs(id_v8_midr_cp_reginfo, id_v8_user_midr_cp_reginfo);
+#endif
 if (arm_feature(env, ARM_FEATURE_OMAPCP) ||
 arm_feature(env, ARM_FEATURE_STRONGARM)) {
 ARMCPRegInfo *r;
@@ -6966,6 +6999,32 @@ void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
 }
 }
 
+/*
+ * Modify ARMCPRegInfo for access from userspace.
+ *
+ * This is a data driven modification directed by
+ * ARMCPRegUserSpaceInfo. All registers become ARM_CP_CONST as
+ * user-space cannot alter any values and dynamic values pertaining to
+ * execution state are hidden from user space view anyway.
+ */
+void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods)
+{
+const ARMCPRegUserSpaceInfo *m;
+ARMCPRegInfo *r;
+
+for (m = mods; m->name; m++) {
+for (r = regs; r->type != ARM_CP_SENTINEL; r++) {
+if (strcmp(r->name, m->name) == 0) {
+r->type = ARM_CP_CONST;
+r->access = 

[Qemu-devel] [PULL 26/27] target/arm: Add missing clear_tail calls

[Peter Maydell]

From: Richard Henderson 

Fortunately, the functions affected are so far only called from SVE,
so there is no tail to be cleared.  But as we convert more of AdvSIMD
to gvec, this will matter.

Signed-off-by: Richard Henderson 
Message-id: 20190209033847.9014-13-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/vec_helper.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/target/arm/vec_helper.c b/target/arm/vec_helper.c
index 10f17e4b5cf..dfc635cf9a5 100644
--- a/target/arm/vec_helper.c
+++ b/target/arm/vec_helper.c
@@ -638,6 +638,7 @@ void HELPER(NAME)(void *vd, void *vn, void *stat, uint32_t 
desc)  \
 for (i = 0; i < oprsz / sizeof(TYPE); i++) {  \
 d[i] = FUNC(n[i], stat);  \
 } \
+clear_tail(d, oprsz, simd_maxsz(desc));   \
 }
 
 DO_2OP(gvec_frecpe_h, helper_recpe_f16, float16)
@@ -688,6 +689,7 @@ void HELPER(NAME)(void *vd, void *vn, void *vm, void *stat, 
uint32_t desc) \
 for (i = 0; i < oprsz / sizeof(TYPE); i++) {   \
 d[i] = FUNC(n[i], m[i], stat); \
 }  \
+clear_tail(d, oprsz, simd_maxsz(desc));\
 }
 
 DO_3OP(gvec_fadd_h, float16_add, float16)
-- 
2.20.1

[Qemu-devel] [PULL 06/27] target/arm: relax permission checks for HWCAP_CPUID registers

[Peter Maydell]

From: Alex Bennée 

Although technically not visible to userspace the kernel does make
them visible via a trap and emulate ABI. We provide a new permission
mask (PL0U_R) which maps to PL0_R for CONFIG_USER builds and adjust
the minimum permission check accordingly.

Signed-off-by: Alex Bennée 
Message-id: 20190205190224.2198-2-alex.ben...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h| 12 
 target/arm/helper.c |  6 +-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 47238e42458..c92c097b449 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2226,6 +2226,18 @@ static inline bool cptype_valid(int cptype)
 #define PL0_R (0x02 | PL1_R)
 #define PL0_W (0x01 | PL1_W)
 
+/*
+ * For user-mode some registers are accessible to EL0 via a kernel
+ * trap-and-emulate ABI. In this case we define the read permissions
+ * as actually being PL0_R. However some bits of any given register
+ * may still be masked.
+ */
+#ifdef CONFIG_USER_ONLY
+#define PL0U_R PL0_R
+#else
+#define PL0U_R PL1_R
+#endif
+
 #define PL3_RW (PL3_R | PL3_W)
 #define PL2_RW (PL2_R | PL2_W)
 #define PL1_RW (PL1_R | PL1_W)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index e1ef2f35237..88cf4976039 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6857,7 +6857,11 @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
 if (r->state != ARM_CP_STATE_AA32) {
 int mask = 0;
 switch (r->opc1) {
-case 0: case 1: case 2:
+case 0:
+/* min_EL EL1, but some accessible to EL0 via kernel ABI */
+mask = PL0U_R | PL1_RW;
+break;
+case 1: case 2:
 /* min_EL EL1 */
 mask = PL1_RW;
 break;
-- 
2.20.1

[Qemu-devel] [PULL 18/27] target/arm: Use tcg integer min/max primitives for neon

[Peter Maydell]

From: Richard Henderson 

The 32-bit PMIN/PMAX has been decomposed to scalars,
and so can be trivially expanded inline.

Signed-off-by: Richard Henderson 
Message-id: 20190209033847.9014-5-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/translate.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index 61760dab917..103b4f1821a 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -4760,10 +4760,10 @@ static inline void gen_neon_rsb(int size, TCGv_i32 t0, 
TCGv_i32 t1)
 }
 
 /* 32-bit pairwise ops end up the same as the elementwise versions.  */
-#define gen_helper_neon_pmax_s32  gen_helper_neon_max_s32
-#define gen_helper_neon_pmax_u32  gen_helper_neon_max_u32
-#define gen_helper_neon_pmin_s32  gen_helper_neon_min_s32
-#define gen_helper_neon_pmin_u32  gen_helper_neon_min_u32
+#define gen_helper_neon_pmax_s32  tcg_gen_smax_i32
+#define gen_helper_neon_pmax_u32  tcg_gen_umax_i32
+#define gen_helper_neon_pmin_s32  tcg_gen_smin_i32
+#define gen_helper_neon_pmin_u32  tcg_gen_umin_i32
 
 #define GEN_NEON_INTEGER_OP_ENV(name) do { \
 switch ((size << 1) | u) { \
-- 
2.20.1

[Qemu-devel] [PULL 22/27] target/arm: Split out flags setting from vfp compares

[Peter Maydell]

From: Richard Henderson 

Minimize the code within a macro by splitting out a helper function.
Use deposit32 instead of manual bit manipulation.

Signed-off-by: Richard Henderson 
Message-id: 20190209033847.9014-9-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/helper.c | 45 +++--
 1 file changed, 27 insertions(+), 18 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 8eedce113c1..28e45f0f0ba 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -12871,31 +12871,40 @@ float64 VFP_HELPER(sqrt, d)(float64 a, CPUARMState 
*env)
 return float64_sqrt(a, >vfp.fp_status);
 }
 
+static void softfloat_to_vfp_compare(CPUARMState *env, int cmp)
+{
+uint32_t flags;
+switch (cmp) {
+case float_relation_equal:
+flags = 0x6;
+break;
+case float_relation_less:
+flags = 0x8;
+break;
+case float_relation_greater:
+flags = 0x2;
+break;
+case float_relation_unordered:
+flags = 0x3;
+break;
+default:
+g_assert_not_reached();
+}
+env->vfp.xregs[ARM_VFP_FPSCR] =
+deposit32(env->vfp.xregs[ARM_VFP_FPSCR], 28, 4, flags);
+}
+
 /* XXX: check quiet/signaling case */
 #define DO_VFP_cmp(p, type) \
 void VFP_HELPER(cmp, p)(type a, type b, CPUARMState *env)  \
 { \
-uint32_t flags; \
-switch(type ## _compare_quiet(a, b, >vfp.fp_status)) { \
-case 0: flags = 0x6; break; \
-case -1: flags = 0x8; break; \
-case 1: flags = 0x2; break; \
-default: case 2: flags = 0x3; break; \
-} \
-env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
-| (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fff); \
+softfloat_to_vfp_compare(env, \
+type ## _compare_quiet(a, b, >vfp.fp_status)); \
 } \
 void VFP_HELPER(cmpe, p)(type a, type b, CPUARMState *env) \
 { \
-uint32_t flags; \
-switch(type ## _compare(a, b, >vfp.fp_status)) { \
-case 0: flags = 0x6; break; \
-case -1: flags = 0x8; break; \
-case 1: flags = 0x2; break; \
-default: case 2: flags = 0x3; break; \
-} \
-env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
-| (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fff); \
+softfloat_to_vfp_compare(env, \
+type ## _compare(a, b, >vfp.fp_status)); \
 }
 DO_VFP_cmp(s, float32)
 DO_VFP_cmp(d, float64)
-- 
2.20.1

[Qemu-devel] [PULL 19/27] target/arm: Remove neon min/max helpers

[Peter Maydell]

From: Richard Henderson 

These are now unused.

Signed-off-by: Richard Henderson 
Message-id: 20190209033847.9014-6-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/helper.h  | 12 
 target/arm/neon_helper.c | 12 
 2 files changed, 24 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 53a38188c66..9874c35ea97 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -276,18 +276,6 @@ DEF_HELPER_2(neon_cge_s16, i32, i32, i32)
 DEF_HELPER_2(neon_cge_u32, i32, i32, i32)
 DEF_HELPER_2(neon_cge_s32, i32, i32, i32)
 
-DEF_HELPER_2(neon_min_u8, i32, i32, i32)
-DEF_HELPER_2(neon_min_s8, i32, i32, i32)
-DEF_HELPER_2(neon_min_u16, i32, i32, i32)
-DEF_HELPER_2(neon_min_s16, i32, i32, i32)
-DEF_HELPER_2(neon_min_u32, i32, i32, i32)
-DEF_HELPER_2(neon_min_s32, i32, i32, i32)
-DEF_HELPER_2(neon_max_u8, i32, i32, i32)
-DEF_HELPER_2(neon_max_s8, i32, i32, i32)
-DEF_HELPER_2(neon_max_u16, i32, i32, i32)
-DEF_HELPER_2(neon_max_s16, i32, i32, i32)
-DEF_HELPER_2(neon_max_u32, i32, i32, i32)
-DEF_HELPER_2(neon_max_s32, i32, i32, i32)
 DEF_HELPER_2(neon_pmin_u8, i32, i32, i32)
 DEF_HELPER_2(neon_pmin_s8, i32, i32, i32)
 DEF_HELPER_2(neon_pmin_u16, i32, i32, i32)
diff --git a/target/arm/neon_helper.c b/target/arm/neon_helper.c
index c2c6491a83e..3249005b627 100644
--- a/target/arm/neon_helper.c
+++ b/target/arm/neon_helper.c
@@ -581,12 +581,6 @@ NEON_VOP(cge_u32, neon_u32, 1)
 #undef NEON_FN
 
 #define NEON_FN(dest, src1, src2) dest = (src1 < src2) ? src1 : src2
-NEON_VOP(min_s8, neon_s8, 4)
-NEON_VOP(min_u8, neon_u8, 4)
-NEON_VOP(min_s16, neon_s16, 2)
-NEON_VOP(min_u16, neon_u16, 2)
-NEON_VOP(min_s32, neon_s32, 1)
-NEON_VOP(min_u32, neon_u32, 1)
 NEON_POP(pmin_s8, neon_s8, 4)
 NEON_POP(pmin_u8, neon_u8, 4)
 NEON_POP(pmin_s16, neon_s16, 2)
@@ -594,12 +588,6 @@ NEON_POP(pmin_u16, neon_u16, 2)
 #undef NEON_FN
 
 #define NEON_FN(dest, src1, src2) dest = (src1 > src2) ? src1 : src2
-NEON_VOP(max_s8, neon_s8, 4)
-NEON_VOP(max_u8, neon_u8, 4)
-NEON_VOP(max_s16, neon_s16, 2)
-NEON_VOP(max_u16, neon_u16, 2)
-NEON_VOP(max_s32, neon_s32, 1)
-NEON_VOP(max_u32, neon_u32, 1)
 NEON_POP(pmax_s8, neon_s8, 4)
 NEON_POP(pmax_u8, neon_u8, 4)
 NEON_POP(pmax_s16, neon_s16, 2)
-- 
2.20.1

[Qemu-devel] [PULL 04/27] target/arm: Force result size into dp after operation

[Peter Maydell]

From: Richard Henderson 

Rather than a complex set of cases testing for writeback,
adjust DP after performing the operation.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20190206052857.5077-2-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/translate.c | 32 
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index 66cf28c8cbe..eb258958768 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -3970,6 +3970,7 @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
 tcg_gen_or_i32(tmp, tmp, tmp2);
 tcg_temp_free_i32(tmp2);
 gen_vfp_msr(tmp);
+dp = 0; /* always a single precision result */
 break;
 }
 case 7: /* vcvtt.f16.f32, vcvtt.f16.f64 */
@@ -3993,20 +3994,25 @@ static int disas_vfp_insn(DisasContext *s, uint32_t 
insn)
 tcg_gen_or_i32(tmp, tmp, tmp2);
 tcg_temp_free_i32(tmp2);
 gen_vfp_msr(tmp);
+dp = 0; /* always a single precision result */
 break;
 }
 case 8: /* cmp */
 gen_vfp_cmp(dp);
+dp = -1; /* no write back */
 break;
 case 9: /* cmpe */
 gen_vfp_cmpe(dp);
+dp = -1; /* no write back */
 break;
 case 10: /* cmpz */
 gen_vfp_cmp(dp);
+dp = -1; /* no write back */
 break;
 case 11: /* cmpez */
 gen_vfp_F1_ld0(dp);
 gen_vfp_cmpe(dp);
+dp = -1; /* no write back */
 break;
 case 12: /* vrintr */
 {
@@ -4047,10 +4053,12 @@ static int disas_vfp_insn(DisasContext *s, uint32_t 
insn)
 break;
 }
 case 15: /* single<->double conversion */
-if (dp)
+if (dp) {
 gen_helper_vfp_fcvtsd(cpu_F0s, cpu_F0d, cpu_env);
-else
+} else {
 gen_helper_vfp_fcvtds(cpu_F0d, cpu_F0s, cpu_env);
+}
+dp = !dp; /* result size is opposite */
 break;
 case 16: /* fuito */
 gen_vfp_uito(dp, 0);
@@ -4084,15 +4092,19 @@ static int disas_vfp_insn(DisasContext *s, uint32_t 
insn)
 break;
 case 24: /* ftoui */
 gen_vfp_toui(dp, 0);
+dp = 0; /* always an integer result */
 break;
 case 25: /* ftouiz */
 gen_vfp_touiz(dp, 0);
+dp = 0; /* always an integer result */
 break;
 case 26: /* ftosi */
 gen_vfp_tosi(dp, 0);
+dp = 0; /* always an integer result */
 break;
 case 27: /* ftosiz */
 gen_vfp_tosiz(dp, 0);
+dp = 0; /* always an integer result */
 break;
 case 28: /* ftosh */
 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
@@ -4126,20 +4138,8 @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
 return 1;
 }
 
-/* Write back the result.  */
-if (op == 15 && (rn >= 8 && rn <= 11)) {
-/* Comparison, do nothing.  */
-} else if (op == 15 && dp && ((rn & 0x1c) == 0x18 ||
-  (rn & 0x1e) == 0x6)) {
-/* VCVT double to int: always integer result.
- * VCVT double to half precision is always a single
- * precision result.
- */
-gen_mov_vreg_F0(0, rd);
-} else if (op == 15 && rn == 15) {
-/* conversion */
-gen_mov_vreg_F0(!dp, rd);
-} else {
+/* Write back the result, if any.  */
+if (dp >= 0) {
 gen_mov_vreg_F0(dp, rd);
 }
 
-- 
2.20.1

[Qemu-devel] [PULL 20/27] target/arm: Fix vfp_gdb_get/set_reg vs FPSCR

[Peter Maydell]

From: Richard Henderson 

The components of this register is stored in several
different locations.

Signed-off-by: Richard Henderson 
Message-id: 20190209033847.9014-7-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 7653aa6a50a..8eedce113c1 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -81,7 +81,7 @@ static int vfp_gdb_get_reg(CPUARMState *env, uint8_t *buf, 
int reg)
 }
 switch (reg - nregs) {
 case 0: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSID]); return 4;
-case 1: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSCR]); return 4;
+case 1: stl_p(buf, vfp_get_fpscr(env)); return 4;
 case 2: stl_p(buf, env->vfp.xregs[ARM_VFP_FPEXC]); return 4;
 }
 return 0;
@@ -107,7 +107,7 @@ static int vfp_gdb_set_reg(CPUARMState *env, uint8_t *buf, 
int reg)
 }
 switch (reg - nregs) {
 case 0: env->vfp.xregs[ARM_VFP_FPSID] = ldl_p(buf); return 4;
-case 1: env->vfp.xregs[ARM_VFP_FPSCR] = ldl_p(buf); return 4;
+case 1: vfp_set_fpscr(env, ldl_p(buf)); return 4;
 case 2: env->vfp.xregs[ARM_VFP_FPEXC] = ldl_p(buf) & (1 << 30); return 4;
 }
 return 0;
-- 
2.20.1

[Qemu-devel] [PULL 15/27] target/arm: Rely on optimization within tcg_gen_gvec_or

[Peter Maydell]

From: Richard Henderson 

Since we're now handling a == b generically, we no longer need
to do it by hand within target/arm/.

Reviewed-by: David Gibson 
Signed-off-by: Richard Henderson 
Message-id: 20190209033847.9014-2-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/translate-a64.c |  6 +-
 target/arm/translate-sve.c |  6 +-
 target/arm/translate.c | 12 +++-
 3 files changed, 5 insertions(+), 19 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 2f849a6951d..08c13484cd7 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -10652,11 +10652,7 @@ static void disas_simd_3same_logic(DisasContext *s, 
uint32_t insn)
 gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_andc, 0);
 return;
 case 2: /* ORR */
-if (rn == rm) { /* MOV */
-gen_gvec_fn2(s, is_q, rd, rn, tcg_gen_gvec_mov, 0);
-} else {
-gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_or, 0);
-}
+gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_or, 0);
 return;
 case 3: /* ORN */
 gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_orc, 0);
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index b15b615ceb3..3a2eb515664 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -280,11 +280,7 @@ static bool trans_AND_zzz(DisasContext *s, arg_rrr_esz *a)
 
 static bool trans_ORR_zzz(DisasContext *s, arg_rrr_esz *a)
 {
-if (a->rn == a->rm) { /* MOV */
-return do_mov_z(s, a->rd, a->rn);
-} else {
-return do_vector3_z(s, tcg_gen_gvec_or, 0, a->rd, a->rn, a->rm);
-}
+return do_vector3_z(s, tcg_gen_gvec_or, 0, a->rd, a->rn, a->rm);
 }
 
 static bool trans_EOR_zzz(DisasContext *s, arg_rrr_esz *a)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index eb258958768..eaa6e297384 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -6294,15 +6294,9 @@ static int disas_neon_data_insn(DisasContext *s, 
uint32_t insn)
 tcg_gen_gvec_andc(0, rd_ofs, rn_ofs, rm_ofs,
   vec_size, vec_size);
 break;
-case 2:
-if (rn == rm) {
-/* VMOV */
-tcg_gen_gvec_mov(0, rd_ofs, rn_ofs, vec_size, vec_size);
-} else {
-/* VORR */
-tcg_gen_gvec_or(0, rd_ofs, rn_ofs, rm_ofs,
-vec_size, vec_size);
-}
+case 2: /* VORR */
+tcg_gen_gvec_or(0, rd_ofs, rn_ofs, rm_ofs,
+vec_size, vec_size);
 break;
 case 3: /* VORN */
 tcg_gen_gvec_orc(0, rd_ofs, rn_ofs, rm_ofs,
-- 
2.20.1

[Qemu-devel] [PULL 05/27] target/arm: Restructure disas_fp_int_conv

[Peter Maydell]

From: Richard Henderson 

For opcodes 0-5, move some if conditions into the structure
of a switch statement.  For opcodes 6 & 7, decode everything
at once with a second switch.

Signed-off-by: Richard Henderson 
Message-id: 20190206052857.5077-3-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/translate-a64.c | 94 --
 1 file changed, 49 insertions(+), 45 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index e002251ac6f..2f849a6951d 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -6541,68 +6541,72 @@ static void disas_fp_int_conv(DisasContext *s, uint32_t 
insn)
 int type = extract32(insn, 22, 2);
 bool sbit = extract32(insn, 29, 1);
 bool sf = extract32(insn, 31, 1);
+bool itof = false;
 
 if (sbit) {
-unallocated_encoding(s);
-return;
+goto do_unallocated;
 }
 
-if (opcode > 5) {
-/* FMOV */
-bool itof = opcode & 1;
-
-if (rmode >= 2) {
-unallocated_encoding(s);
-return;
-}
-
-switch (sf << 3 | type << 1 | rmode) {
-case 0x0: /* 32 bit */
-case 0xa: /* 64 bit */
-case 0xd: /* 64 bit to top half of quad */
-break;
-case 0x6: /* 16-bit float, 32-bit int */
-case 0xe: /* 16-bit float, 64-bit int */
-if (dc_isar_feature(aa64_fp16, s)) {
-break;
-}
-/* fallthru */
-default:
-/* all other sf/type/rmode combinations are invalid */
-unallocated_encoding(s);
-return;
-}
-
-if (!fp_access_check(s)) {
-return;
-}
-handle_fmov(s, rd, rn, type, itof);
-} else {
-/* actual FP conversions */
-bool itof = extract32(opcode, 1, 1);
-
-if (rmode != 0 && opcode > 1) {
-unallocated_encoding(s);
-return;
+switch (opcode) {
+case 2: /* SCVTF */
+case 3: /* UCVTF */
+itof = true;
+/* fallthru */
+case 4: /* FCVTAS */
+case 5: /* FCVTAU */
+if (rmode != 0) {
+goto do_unallocated;
 }
+/* fallthru */
+case 0: /* FCVT[NPMZ]S */
+case 1: /* FCVT[NPMZ]U */
 switch (type) {
 case 0: /* float32 */
 case 1: /* float64 */
 break;
 case 3: /* float16 */
-if (dc_isar_feature(aa64_fp16, s)) {
-break;
+if (!dc_isar_feature(aa64_fp16, s)) {
+goto do_unallocated;
 }
-/* fallthru */
+break;
 default:
-unallocated_encoding(s);
-return;
+goto do_unallocated;
 }
-
 if (!fp_access_check(s)) {
 return;
 }
 handle_fpfpcvt(s, rd, rn, opcode, itof, rmode, 64, sf, type);
+break;
+
+default:
+switch (sf << 7 | type << 5 | rmode << 3 | opcode) {
+case 0b01100110: /* FMOV half <-> 32-bit int */
+case 0b01100111:
+case 0b11100110: /* FMOV half <-> 64-bit int */
+case 0b11100111:
+if (!dc_isar_feature(aa64_fp16, s)) {
+goto do_unallocated;
+}
+/* fallthru */
+case 0b0110: /* FMOV 32-bit */
+case 0b0111:
+case 0b10100110: /* FMOV 64-bit */
+case 0b10100111:
+case 0b11001110: /* FMOV top half of 128-bit */
+case 0b1100:
+if (!fp_access_check(s)) {
+return;
+}
+itof = opcode & 1;
+handle_fmov(s, rd, rn, type, itof);
+break;
+
+default:
+do_unallocated:
+unallocated_encoding(s);
+return;
+}
+break;
 }
 }
 
-- 
2.20.1

[Qemu-devel] [PULL 03/27] target/arm: Fix int128_make128 lo, hi order in paired_cmpxchg64_be

[Peter Maydell]

From: Catherine Ho 

The lo,hi order is different from the comments. And in commit
1ec182c33379 ("target/arm: Convert to HAVE_CMPXCHG128"), it changes
the original code logic. So just restore the old code logic before this
commit:
do_paired_cmpxchg64_be():
cmpv = int128_make128(env->exclusive_high, env->exclusive_val);
newv = int128_make128(new_hi, new_lo);

This fixes a bug that would only be visible for big-endian
AArch64 guest code.

Fixes: 1ec182c33379 ("target/arm: Convert to HAVE_CMPXCHG128")
Signed-off-by: Catherine Ho 
Reviewed-by: Richard Henderson 
Message-id: 1548985244-24523-1-git-send-email-catherine.h...@gmail.com
[PMM: added note that bug only affects BE guests]
Signed-off-by: Peter Maydell 
---
 target/arm/helper-a64.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index 101fa6d3eaa..70850e564d3 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -583,8 +583,8 @@ uint64_t HELPER(paired_cmpxchg64_be)(CPUARMState *env, 
uint64_t addr,
  * High and low need to be switched here because this is not actually a
  * 128bit store but two doublewords stored consecutively
  */
-Int128 cmpv = int128_make128(env->exclusive_val, env->exclusive_high);
-Int128 newv = int128_make128(new_lo, new_hi);
+Int128 cmpv = int128_make128(env->exclusive_high, env->exclusive_val);
+Int128 newv = int128_make128(new_hi, new_lo);
 Int128 oldv;
 uintptr_t ra = GETPC();
 uint64_t o0, o1;
-- 
2.20.1

[Qemu-devel] [PULL 14/27] hw/arm/armsse: Fix miswiring of expansion IRQs

[Peter Maydell]

In commit 91c1e9fcbd7548db368 where we added dual-CPU support to
the ARMSSE, we set up the wiring of the expansion IRQs via nested
loops: the outer loop on 'i' loops for each CPU, and the inner loop
on 'j' loops for each interrupt. Fix a typo which meant we were
wiring every expansion IRQ line to external IRQ 0 on CPU 0 and
to external IRQ 1 on CPU 1.

Fixes: 91c1e9fcbd7548db368 ("hw/arm/armsse: Support dual-CPU configuration")
Signed-off-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/arm/armsse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c
index 5d53071a5a0..9a8c49547db 100644
--- a/hw/arm/armsse.c
+++ b/hw/arm/armsse.c
@@ -565,7 +565,7 @@ static void armsse_realize(DeviceState *dev, Error **errp)
 /* Connect EXP_IRQ/EXP_CPUn_IRQ GPIOs to the NVIC's lines 32 and up */
 s->exp_irqs[i] = g_new(qemu_irq, s->exp_numirq);
 for (j = 0; j < s->exp_numirq; j++) {
-s->exp_irqs[i][j] = qdev_get_gpio_in(cpudev, i + 32);
+s->exp_irqs[i][j] = qdev_get_gpio_in(cpudev, j + 32);
 }
 if (i == 0) {
 gpioname = g_strdup("EXP_IRQ");
-- 
2.20.1

[Qemu-devel] [PULL 12/27] MAINTAINERS: Remove Peter Crosthwaite from various entries

[Peter Maydell]

Peter Crosthwaite hasn't had the bandwidth to do code review or
other QEMU work for some time now -- remove his email address
from MAINTAINERS file entries so we don't bombard him with
patch emails.

Signed-off-by: Peter Maydell 
Message-id: 20190207181422.4907-1-peter.mayd...@linaro.org
---
 MAINTAINERS | 4 
 1 file changed, 4 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index e170a4c7337..ffb029f63ac 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -110,7 +110,6 @@ Guest CPU cores (TCG):
 --
 Overall
 L: qemu-devel@nongnu.org
-M: Peter Crosthwaite 
 M: Richard Henderson 
 R: Paolo Bonzini 
 S: Maintained
@@ -1345,7 +1344,6 @@ F: tests/virtio-scsi-test.c
 T: git https://github.com/bonzini/qemu.git scsi-next
 
 SSI
-M: Peter Crosthwaite 
 M: Alistair Francis 
 S: Maintained
 F: hw/ssi/*
@@ -1356,7 +1354,6 @@ F: tests/m25p80-test.c
 
 Xilinx SPI
 M: Alistair Francis 
-M: Peter Crosthwaite 
 S: Maintained
 F: hw/ssi/xilinx_*
 
@@ -1766,7 +1763,6 @@ F: qom/cpu.c
 F: include/qom/cpu.h
 
 Device Tree
-M: Peter Crosthwaite 
 M: Alexander Graf 
 S: Maintained
 F: device_tree.c
-- 
2.20.1

[Qemu-devel] [PULL 00/27] target-arm queue

[Peter Maydell]

The following changes since commit 0d3e41d5efd638a0c5682f6813b26448c3c51624:

  Merge remote-tracking branch 
'remotes/vivier2/tags/trivial-branch-pull-request' into staging (2019-02-14 
17:42:25 +)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git 
tags/pull-target-arm-20190214

for you to fetch changes up to 497bc12b1b374ecd62903bf062229bd93f8924af:

  gdbstub: Send a reply to the vKill packet. (2019-02-14 18:45:49 +)


target-arm queue:
 * gdbstub: Send a reply to the vKill packet
 * Improve codegen for neon min/max and saturating arithmetic
 * Fix a bug in clearing FPSCR exception status bits
 * hw/arm/armsse: Fix miswiring of expansion IRQs
 * hw/intc/armv7m_nvic: Allow byte accesses to SHPR1
 * MAINTAINERS: Remove Peter Crosthwaite from various entries
 * arm: Allow system registers for KVM guests to be changed by QEMU code
 * linux-user: support HWCAP_CPUID which exposes ID registers to user code
 * Fix bug in 128-bit cmpxchg for BE Arm guests
 * Implement (no-op) HACR_EL2
 * Fix CRn to be 14 for PMEVTYPER/PMEVCNTR


Aaron Lindsay OS (1):
  target/arm: Fix CRn to be 14 for PMEVTYPER/PMEVCNTR

Alex Bennée (5):
  target/arm: relax permission checks for HWCAP_CPUID registers
  target/arm: expose CPUID registers to userspace
  target/arm: expose MPIDR_EL1 to userspace
  target/arm: expose remaining CPUID registers as RAZ
  linux-user/elfload: enable HWCAP_CPUID for AArch64

Catherine Ho (1):
  target/arm: Fix int128_make128 lo, hi order in paired_cmpxchg64_be

Peter Maydell (5):
  target/arm: Implement HACR_EL2
  arm: Allow system registers for KVM guests to be changed by QEMU code
  MAINTAINERS: Remove Peter Crosthwaite from various entries
  hw/intc/armv7m_nvic: Allow byte accesses to SHPR1
  hw/arm/armsse: Fix miswiring of expansion IRQs

Richard Henderson (14):
  target/arm: Force result size into dp after operation
  target/arm: Restructure disas_fp_int_conv
  target/arm: Rely on optimization within tcg_gen_gvec_or
  target/arm: Use vector minmax expanders for aarch64
  target/arm: Use vector minmax expanders for aarch32
  target/arm: Use tcg integer min/max primitives for neon
  target/arm: Remove neon min/max helpers
  target/arm: Fix vfp_gdb_get/set_reg vs FPSCR
  target/arm: Fix arm_cpu_dump_state vs FPSCR
  target/arm: Split out flags setting from vfp compares
  target/arm: Fix set of bits kept in xregs[ARM_VFP_FPSCR]
  target/arm: Split out FPSCR.QC to a vector field
  target/arm: Use vector operations for saturation
  target/arm: Add missing clear_tail calls

Sandra Loosemore (1):
  gdbstub: Send a reply to the vKill packet.

 target/arm/cpu.h   |  50 -
 target/arm/helper.h|  45 +---
 target/arm/translate.h |   4 +
 gdbstub.c  |   1 +
 hw/arm/armsse.c|   2 +-
 hw/intc/armv7m_nvic.c  |   4 +-
 linux-user/elfload.c   |   1 +
 target/arm/helper-a64.c|   4 +-
 target/arm/helper.c| 228 
 target/arm/kvm32.c |  20 +---
 target/arm/kvm64.c |   2 +
 target/arm/machine.c   |   2 +-
 target/arm/neon_helper.c   |  14 +--
 target/arm/translate-a64.c | 171 +++---
 target/arm/translate-sve.c |   6 +-
 target/arm/translate.c | 251 ++---
 target/arm/vec_helper.c| 134 +++-
 MAINTAINERS|   4 -
 18 files changed, 687 insertions(+), 256 deletions(-)

[Qemu-devel] [PULL 02/27] target/arm: Implement HACR_EL2

[Peter Maydell]

HACR_EL2 is a register with IMPDEF behaviour, which allows
implementation specific trapping to EL2. Implement it as RAZ/WI,
since QEMU's implementation has no extra traps. This also
matches what h/w implementations like Cortex-A53 and A57 do.

Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
Message-id: 20190205181218.8995-1-peter.mayd...@linaro.org
---
 target/arm/helper.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index bd9f6050eca..e1ef2f35237 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4434,6 +4434,9 @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
   .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 0,
   .access = PL2_RW,
   .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = "HACR_EL2", .state = ARM_CP_STATE_BOTH,
+  .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 7,
+  .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
 { .name = "ESR_EL2", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .opc1 = 4, .crn = 5, .crm = 2, .opc2 = 0,
   .access = PL2_RW,
@@ -4666,6 +4669,9 @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
   .cp = 15, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 0,
   .access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.hcr_el2),
   .writefn = hcr_writelow },
+{ .name = "HACR_EL2", .state = ARM_CP_STATE_BOTH,
+  .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 7,
+  .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
 { .name = "ELR_EL2", .state = ARM_CP_STATE_AA64,
   .type = ARM_CP_ALIAS,
   .opc0 = 3, .opc1 = 4, .crn = 4, .crm = 0, .opc2 = 1,
-- 
2.20.1

[Qemu-devel] [PULL 11/27] arm: Allow system registers for KVM guests to be changed by QEMU code

[Peter Maydell]

At the moment the Arm implementations of kvm_arch_{get,put}_registers()
don't support having QEMU change the values of system registers
(aka coprocessor registers for AArch32). This is because although
kvm_arch_get_registers() calls write_list_to_cpustate() to
update the CPU state struct fields (so QEMU code can read the
values in the usual way), kvm_arch_put_registers() does not
call write_cpustate_to_list(), meaning that any changes to
the CPU state struct fields will not be passed back to KVM.

The rationale for this design is documented in a comment in the
AArch32 kvm_arch_put_registers() -- writing the values in the
cpregs list into the CPU state struct is "lossy" because the
write of a register might not succeed, and so if we blindly
copy the CPU state values back again we will incorrectly
change register values for the guest. The assumption was that
no QEMU code would need to write to the registers.

However, when we implemented debug support for KVM guests, we
broke that assumption: the code to handle "set the guest up
to take a breakpoint exception" does so by updating various
guest registers including ESR_EL1.

Support this by making kvm_arch_put_registers() synchronize
CPU state back into the list. We sync only those registers
where the initial write succeeds, which should be sufficient.

Signed-off-by: Peter Maydell 
Reviewed-by: Alex Bennée 
Tested-by: Alex Bennée 
Tested-by: Dongjiu Geng 
---
 target/arm/cpu.h |  9 -
 target/arm/helper.c  | 27 +--
 target/arm/kvm32.c   | 20 ++--
 target/arm/kvm64.c   |  2 ++
 target/arm/machine.c |  2 +-
 5 files changed, 38 insertions(+), 22 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index f0334413ece..bfc05c796a5 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2535,18 +2535,25 @@ bool write_list_to_cpustate(ARMCPU *cpu);
 /**
  * write_cpustate_to_list:
  * @cpu: ARMCPU
+ * @kvm_sync: true if this is for syncing back to KVM
  *
  * For each register listed in the ARMCPU cpreg_indexes list, write
  * its value from the ARMCPUState structure into the cpreg_values list.
  * This is used to copy info from TCG's working data structures into
  * KVM or for outbound migration.
  *
+ * @kvm_sync is true if we are doing this in order to sync the
+ * register state back to KVM. In this case we will only update
+ * values in the list if the previous list->cpustate sync actually
+ * successfully wrote the CPU state. Otherwise we will keep the value
+ * that is in the list.
+ *
  * Returns: true if all register values were read correctly,
  * false if some register was unknown or could not be read.
  * Note that we do not stop early on failure -- we will attempt
  * reading all registers in the list.
  */
-bool write_cpustate_to_list(ARMCPU *cpu);
+bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
 
 #define ARM_CPUID_TI915T  0x54029152
 #define ARM_CPUID_TI925T  0x54029252
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 5ac335f598c..7653aa6a50a 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -264,7 +264,7 @@ static bool raw_accessors_invalid(const ARMCPRegInfo *ri)
 return true;
 }
 
-bool write_cpustate_to_list(ARMCPU *cpu)
+bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync)
 {
 /* Write the coprocessor state from cpu->env to the (index,value) list. */
 int i;
@@ -273,6 +273,7 @@ bool write_cpustate_to_list(ARMCPU *cpu)
 for (i = 0; i < cpu->cpreg_array_len; i++) {
 uint32_t regidx = kvm_to_cpreg_id(cpu->cpreg_indexes[i]);
 const ARMCPRegInfo *ri;
+uint64_t newval;
 
 ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
 if (!ri) {
@@ -282,7 +283,29 @@ bool write_cpustate_to_list(ARMCPU *cpu)
 if (ri->type & ARM_CP_NO_RAW) {
 continue;
 }
-cpu->cpreg_values[i] = read_raw_cp_reg(>env, ri);
+
+newval = read_raw_cp_reg(>env, ri);
+if (kvm_sync) {
+/*
+ * Only sync if the previous list->cpustate sync succeeded.
+ * Rather than tracking the success/failure state for every
+ * item in the list, we just recheck "does the raw write we must
+ * have made in write_list_to_cpustate() read back OK" here.
+ */
+uint64_t oldval = cpu->cpreg_values[i];
+
+if (oldval == newval) {
+continue;
+}
+
+write_raw_cp_reg(>env, ri, oldval);
+if (read_raw_cp_reg(>env, ri) != oldval) {
+continue;
+}
+
+write_raw_cp_reg(>env, ri, newval);
+}
+cpu->cpreg_values[i] = newval;
 }
 return ok;
 }
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
index bd51eb43c86..a75e04cc8f3 100644
--- a/target/arm/kvm32.c
+++ b/target/arm/kvm32.c
@@ -387,24 +387,8 @@ int kvm_arch_put_registers(CPUState *cs, int level)
 return ret;
 }
 
-/* Note that we do not 

Re: [Qemu-devel] [PATCH v2 0/9] vhost: enable for all targets

[Michael S. Tsirkin]

On Thu, Feb 14, 2019 at 06:35:47PM +0100, Paolo Bonzini wrote:
> See also "[PATCH for-3.2 00/10] vhost: preparation for qgraph
> conversion of vhost-user-test".  Some of the other vhost-user-test
> patches have gone in already, and this is what is left.
> 
> These patches are a prerequisite for both kconfig and qgraph.
> 
> I will probably test them on macOS myself before these are included
> in a pull request, since the previous versions had some issues.
> Michael, let me know if you want me to send the pull request.
> 
> Thanks,
> 
> Paolo

Not sure why, it's all vhost so my tree seems appropriate.
BTW for the future, can you please try fixing the subject so all patches
have "v2"? I think it's generated by some tool you use,
and it seems that others are using it as well with the
same result. Makes it harder to see which patch belongs where.


> Paolo Bonzini (9):
>   vhost-net: move stubs to a separate file
>   vhost-net-user: add stubs for when no virtio-net device is present
>   vhost: restrict Linux dependency to kernel vhost
>   vhost-user: support cross-endian vnet headers
>   vhost-net: compile it on all targets that have virtio-net.
>   vhost-net: revamp configure logic
>   vhost-user-test: create a main loop per TestServer
>   vhost-user-test: small changes to init_hugepagefs
>   vhost-user-test: create a temporary directory per TestServer
> 
>  backends/Makefile.objs |   5 +-
>  configure  | 102 ++---
>  default-configs/virtio.mak |   4 +-
>  hw/net/Makefile.objs   |   4 +-
>  hw/net/vhost_net-stub.c|  92 ++
>  hw/net/vhost_net.c |  85 ++--
>  hw/virtio/Makefile.objs|   8 ++-
>  hw/virtio/vhost-backend.c  |  12 +++-
>  hw/virtio/vhost-user.c |  13 +++-
>  hw/virtio/vhost.c  |   2 +-
>  include/exec/poison.h  |   1 -
>  net/Makefile.objs  |   4 +-
>  net/net.c  |   2 +-
>  net/vhost-user-stub.c  |  23 +++
>  net/vhost-user.c   |  13 
>  tests/Makefile.include |   5 +-
>  tests/vhost-user-test.c| 160 
> +++--
>  17 files changed, 319 insertions(+), 216 deletions(-)
>  create mode 100644 hw/net/vhost_net-stub.c
>  create mode 100644 net/vhost-user-stub.c
> 
> -- 
> 1.8.3.1

[Qemu-devel] [PULL 01/27] target/arm: Fix CRn to be 14 for PMEVTYPER/PMEVCNTR

[Peter Maydell]

From: Aaron Lindsay OS 

This bug was introduced in:
commit 5ecdd3e47cadae83a62dc92b472f1fe163b56f59
target/arm: Finish implementation of PM[X]EVCNTR and PM[X]EVTYPER

Signed-off-by: Aaron Lindsay 
Reported-by: Laurent Desnogues 
Reviewed-by: Laurent Desnogues 
Message-id: 20190205135129.19338-1-aa...@os.amperecomputing.com
Signed-off-by: Peter Maydell 
---
 target/arm/helper.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 520ceea7a41..bd9f6050eca 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5855,25 +5855,25 @@ void register_cp_regs_for_features(ARMCPU *cpu)
 char *pmevtyper_name = g_strdup_printf("PMEVTYPER%d", i);
 char *pmevtyper_el0_name = g_strdup_printf("PMEVTYPER%d_EL0", i);
 ARMCPRegInfo pmev_regs[] = {
-{ .name = pmevcntr_name, .cp = 15, .crn = 15,
+{ .name = pmevcntr_name, .cp = 15, .crn = 14,
   .crm = 8 | (3 & (i >> 3)), .opc1 = 0, .opc2 = i & 7,
   .access = PL0_RW, .type = ARM_CP_IO | ARM_CP_ALIAS,
   .readfn = pmevcntr_readfn, .writefn = pmevcntr_writefn,
   .accessfn = pmreg_access },
 { .name = pmevcntr_el0_name, .state = ARM_CP_STATE_AA64,
-  .opc0 = 3, .opc1 = 3, .crn = 15, .crm = 8 | (3 & (i >> 3)),
+  .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 8 | (3 & (i >> 3)),
   .opc2 = i & 7, .access = PL0_RW, .accessfn = pmreg_access,
   .type = ARM_CP_IO,
   .readfn = pmevcntr_readfn, .writefn = pmevcntr_writefn,
   .raw_readfn = pmevcntr_rawread,
   .raw_writefn = pmevcntr_rawwrite },
-{ .name = pmevtyper_name, .cp = 15, .crn = 15,
+{ .name = pmevtyper_name, .cp = 15, .crn = 14,
   .crm = 12 | (3 & (i >> 3)), .opc1 = 0, .opc2 = i & 7,
   .access = PL0_RW, .type = ARM_CP_IO | ARM_CP_ALIAS,
   .readfn = pmevtyper_readfn, .writefn = pmevtyper_writefn,
   .accessfn = pmreg_access },
 { .name = pmevtyper_el0_name, .state = ARM_CP_STATE_AA64,
-  .opc0 = 3, .opc1 = 3, .crn = 15, .crm = 12 | (3 & (i >> 3)),
+  .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 12 | (3 & (i >> 3)),
   .opc2 = i & 7, .access = PL0_RW, .accessfn = pmreg_access,
   .type = ARM_CP_IO,
   .readfn = pmevtyper_readfn, .writefn = pmevtyper_writefn,
-- 
2.20.1

[Qemu-devel] [PULL 08/27] target/arm: expose MPIDR_EL1 to userspace

[Peter Maydell]

From: Alex Bennée 

As this is a single register we could expose it with a simple ifdef
but we use the existing modify_arm_cp_regs mechanism for consistency.

Signed-off-by: Alex Bennée 
Message-id: 20190205190224.2198-4-alex.ben...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/helper.c | 21 ++---
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index b2abaf5b225..77c73056948 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3657,13 +3657,6 @@ static uint64_t mpidr_read(CPUARMState *env, const 
ARMCPRegInfo *ri)
 return mpidr_read_val(env);
 }
 
-static const ARMCPRegInfo mpidr_cp_reginfo[] = {
-{ .name = "MPIDR", .state = ARM_CP_STATE_BOTH,
-  .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
-  .access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_RAW },
-REGINFO_SENTINEL
-};
-
 static const ARMCPRegInfo lpae_cp_reginfo[] = {
 /* NOP AMAIR0/1 */
 { .name = "AMAIR0", .state = ARM_CP_STATE_BOTH,
@@ -6451,6 +6444,20 @@ void register_cp_regs_for_features(ARMCPU *cpu)
 }
 
 if (arm_feature(env, ARM_FEATURE_MPIDR)) {
+ARMCPRegInfo mpidr_cp_reginfo[] = {
+{ .name = "MPIDR_EL1", .state = ARM_CP_STATE_BOTH,
+  .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
+  .access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_RAW },
+REGINFO_SENTINEL
+};
+#ifdef CONFIG_USER_ONLY
+ARMCPRegUserSpaceInfo mpidr_user_cp_reginfo[] = {
+{ .name = "MPIDR_EL1",
+  .fixed_bits = 0x8000 },
+REGUSERINFO_SENTINEL
+};
+modify_arm_cp_regs(mpidr_cp_reginfo, mpidr_user_cp_reginfo);
+#endif
 define_arm_cp_regs(cpu, mpidr_cp_reginfo);
 }
 
-- 
2.20.1

Re: [Qemu-devel] [PATCH 00/11] Enable build and install of our rST docs

[Peter Maydell]

On Thu, 14 Feb 2019 at 18:46, Paolo Bonzini  wrote:
>
> On 14/02/19 16:24, Peter Maydell wrote:
> > It does check, but I forgot to make the makefiles pay attention
> > to the check.
> >
> > That's very irritating that Fedora is using a weird filename for
> > the tool -- what is their justification for doing that?
> > I suppose we'll have to make configure cope :-(
>
> They do have sphinx-build but it uses Python 2.  If you only install the
> Python 3 version, you get sphinx-build-3

OK, so we could just make configure require "sphinx-build"
and fall back to "no docs if you don't have the tool";
that's not so bad.

thanks
-- PMM

Re: [Qemu-devel] [PULL v2 07/12] target/mips: Update ITU to utilize SAARI and SAAR CP0 registers

[Aleksandar Markovic]

> From: Peter Maydell 
> Sent: Thursday, February 14, 2019 7:40 PM
> To: Aleksandar Markovic
> Cc: QEMU Developers; Aleksandar Markovic
> Subject: Re: [PULL v2 07/12] target/mips: Update ITU to utilize SAARI and 
> SAAR CP0 registers
> 
> On Fri, 18 Jan 2019 at 16:59, Aleksandar Markovic
>  wrote:
> >
> > From: Yongbok Kim 
> >
> > Update ITU to utilize SAARI and SAAR CP0 registers.
> 
> Hi; Coverity complains (CID 1398648) about this bit of code:
> 
> > -static void itc_reconfigure(MIPSITUState *tag)
> > +void itc_reconfigure(MIPSITUState *tag)
> >  {
> >  uint64_t *am = >ITCAddressMap[0];
> >  MemoryRegion *mr = >storage_io;
> > @@ -92,6 +92,12 @@ static void itc_reconfigure(MIPSITUState *tag)
> >  uint64_t size = (1 * KiB) + (am[1] & ITC_AM1_ADDR_MASK_MASK);
> >  bool is_enabled = (am[0] & ITC_AM0_EN_MASK) != 0;
> >
> > +if (tag->saar_present) {
> > +address = ((*(uint64_t *) tag->saar) & 0xE000ULL) << 4;
> > +size = 1 << ((*(uint64_t *) tag->saar >> 1) & 0x1f);
> > +is_enabled = *(uint64_t *) tag->saar & 1;
> > +}
> > +
> 
> because the "1 << ..." calculation of size is done as a 32-bit
> signed integer which may then be unintentionally sign-extended
> into the 64-bit result. Using "1ULL" instead of "1" on the LHS
> of the shift would fix this.
> 

Thanks, I'll try to integrate the fix soon.

Aleksandar

> thanks
> -- PMM
 

[Qemu-devel] coverity detected issue in contrib/elf2dmp/main.c

[Peter Maydell]

Hi; Coverity detected an issue in contrib/elf2dmp/main.c (CID 1398641).
In this loop:

for (; KernBase >= 0xf780; KernBase -= PAGE_SIZE) {
nt_start_addr = va_space_resolve(, KernBase);
if (!nt_start_addr) {
continue;
}

if (*(uint16_t *)nt_start_addr == 0x5a4d) { /* MZ */
break;
}
}

we might end exiting with nt_start_addr == NULL, if we go all
the way through the address range without finding anything
and the loop terminates via the "KernBase >= 0xf780"
condition.

However, we don't check for this, so we will then segfault
in pe_get_pdb_symstore_hash(), which assumes it's passed a non-NULL
address.

I guess we should be checking for nt_start_addr == NULL at the
end of the loop and treating it as a fatal error?

thanks
-- PMM

[Qemu-devel] [PATCH] migration/rdma: Fix qemu_rdma_cleanup null check

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

If the migration fails before the channel is open (e.g. a bad
address) we end up in the cleanup with rdma->channel==NULL.

Spotted by Coverity: CID 1398634
Fixes: fbbaacab2758cb3f32a0
Signed-off-by: Dr. David Alan Gilbert 
---
 migration/rdma.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/migration/rdma.c b/migration/rdma.c
index 54a3c11540..9fa3b176eb 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -2321,7 +2321,9 @@ static void qemu_rdma_cleanup(RDMAContext *rdma)
 rdma->connected = false;
 }
 
-qemu_set_fd_handler(rdma->channel->fd, NULL, NULL, NULL);
+if (rdma->channel) {
+qemu_set_fd_handler(rdma->channel->fd, NULL, NULL, NULL);
+}
 g_free(rdma->dest_blocks);
 rdma->dest_blocks = NULL;
 
-- 
2.20.1

Re: [Qemu-devel] [PULL 7/8] usb-mtp: breakup MTP write into smaller chunks

[Peter Maydell]

On Wed, 30 Jan 2019 at 07:41, Gerd Hoffmann  wrote:
>
> From: Bandan Das 
>
> For every MTP_WRITE_BUF_SZ copied, this patch writes it to file before
> getting the next block of data. The file is kept opened for the
> duration of the operation but the sanity checks on the write operation
> are performed only once when the write operation starts. Additionally,
> we also update the file size in the object metadata once the file has
> completely been written.
>
> Suggested-by: Gerd Hoffman 
> Signed-off-by: Bandan Das 
> Message-id: 20190129131908.27924-3-...@redhat.com
> Signed-off-by: Gerd Hoffmann 

Hi; Coverity has spotted a couple of issues with this patch:


> +static void usb_mtp_update_object(MTPObject *parent, char *name)
> +{
> +MTPObject *o =
> +usb_mtp_object_lookup_name(parent, name, strlen(name));
> +
> +if (o) {
> +lstat(o->path, >stat);

CID 1398651: We don't check the return value of this lstat() for failure.

> +}
> +}
> +
>  static void usb_mtp_write_data(MTPState *s)
>  {
>  MTPData *d = s->data_out;

[...]

> +case WRITE_CONTINUE:
> +case WRITE_END:
> +rc = write_retry(d->fd, d->data, d->data_offset,
> + d->offset - d->data_offset);
> +if (rc != d->data_offset) {
>  usb_mtp_queue_result(s, RES_STORE_FULL, d->trans,
>   0, 0, 0, 0);
>  goto done;
> +}
> +if (d->write_status != WRITE_END) {
> +return;

CID 1398642: This early-return case in usb_mtp_write_data() returns
from the function without doing any of the cleanup (closing file,
freeing data, etc). Possibly it should be "goto done;" instead ?
The specific thing Coverity complains about is the memory pointed
to by "path".

thanks
-- PMM

Re: [Qemu-devel] [PATCH 00/11] Enable build and install of our rST docs

[Paolo Bonzini]

On 14/02/19 16:24, Peter Maydell wrote:
> It does check, but I forgot to make the makefiles pay attention
> to the check.
> 
> That's very irritating that Fedora is using a weird filename for
> the tool -- what is their justification for doing that?
> I suppose we'll have to make configure cope :-(

They do have sphinx-build but it uses Python 2.  If you only install the
Python 3 version, you get sphinx-build-3.

I think it will be switched in Fedora 30, but I'm not sure.

Paolo

Re: [Qemu-devel] [PATCH] target-i386: Enhance the stub for kvm_arch_get_supported_cpuid()

[Paolo Bonzini]

On 02/02/19 15:45, Kamil Rytarowski wrote:
> 
> Clang/LLVM on NetBSD with enabled optimization cannot link
> correct qemu program because of a missing symbol of
> kvm_arch_get_supported_cpuid() in kvm-stubs.o used by executables.

Can you please include the full error message?  Usually these things are
a sign of a bug elsewhere.

Paolo

Re: [Qemu-devel] [PATCH] target-i386: Enhance the stub for kvm_arch_get_supported_cpuid()

[Kamil Rytarowski]

Ping?

On 02.02.2019 15:45, Kamil Rytarowski wrote:
> This improves the commit:
> "target-i386: Fix build by providing stub kvm_arch_get_supported_cpuid()"
> r. 2140cfa51d59177815f5b82e94ac48fb24909aba
> 
> Clang/LLVM on NetBSD with enabled optimization cannot link
> correct qemu program because of a missing symbol of
> kvm_arch_get_supported_cpuid() in kvm-stubs.o used by executables.
> 
> There are more than a single one kvm-stub.c and several types
> of possible programs such as bsd-user ones. the previous workaround
> does not work reliably for all use-cases. Instead of reworking
> the stubs and linking rules, move the workaround from a code that
> depends on the __OPTIMIZE__ builtin compiler flag, build option (KVM),
> compiler and arrangement of linking rules to a simple macro in a
> shared header with all the users that defines fallback dummy
> implementation, ignoring whether it is optimized out or not.
> 
> Signed-off-by: Kamil Rytarowski 
> ---
>  include/sysemu/kvm.h   | 13 +
>  target/i386/kvm-stub.c | 10 --
>  2 files changed, 13 insertions(+), 10 deletions(-)
> 
> diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
> index a6d1cd190f..93d3c0f0b3 100644
> --- a/include/sysemu/kvm.h
> +++ b/include/sysemu/kvm.h
> @@ -459,8 +459,21 @@ int kvm_vm_check_extension(KVMState *s, unsigned int 
> extension);
>  kvm_vcpu_ioctl(cpu, KVM_ENABLE_CAP, );   \
>  })
>  
> +#ifdef CONFIG_KVM
>  uint32_t kvm_arch_get_supported_cpuid(KVMState *env, uint32_t function,
>uint32_t index, int reg);
> +#else
> +/*
> + * This function is only called inside conditionals which we
> + * rely on the compiler to optimize out when CONFIG_KVM is not
> + * defined.
> + */
> +#define kvm_arch_get_supported_cpuid(a, b, c, d) \
> +({   \
> +abort(); \
> +0;   \
> +})
> +#endif
>  uint32_t kvm_arch_get_supported_msr_feature(KVMState *s, uint32_t index);
>  
>  
> diff --git a/target/i386/kvm-stub.c b/target/i386/kvm-stub.c
> index e7a673e5db..9ce8566700 100644
> --- a/target/i386/kvm-stub.c
> +++ b/target/i386/kvm-stub.c
> @@ -29,16 +29,6 @@ bool kvm_enable_x2apic(void)
>  {
>  return false;
>  }
> -
> -/* This function is only called inside conditionals which we
> - * rely on the compiler to optimize out when CONFIG_KVM is not
> - * defined.
> - */
> -uint32_t kvm_arch_get_supported_cpuid(KVMState *env, uint32_t function,
> -  uint32_t index, int reg)
> -{
> -abort();
> -}
>  #endif
>  
>  bool kvm_hv_vpindex_settable(void)
> 




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PULL v2 07/12] target/mips: Update ITU to utilize SAARI and SAAR CP0 registers

[Peter Maydell]

On Fri, 18 Jan 2019 at 16:59, Aleksandar Markovic
 wrote:
>
> From: Yongbok Kim 
>
> Update ITU to utilize SAARI and SAAR CP0 registers.

Hi; Coverity complains (CID 1398648) about this bit of code:

> -static void itc_reconfigure(MIPSITUState *tag)
> +void itc_reconfigure(MIPSITUState *tag)
>  {
>  uint64_t *am = >ITCAddressMap[0];
>  MemoryRegion *mr = >storage_io;
> @@ -92,6 +92,12 @@ static void itc_reconfigure(MIPSITUState *tag)
>  uint64_t size = (1 * KiB) + (am[1] & ITC_AM1_ADDR_MASK_MASK);
>  bool is_enabled = (am[0] & ITC_AM0_EN_MASK) != 0;
>
> +if (tag->saar_present) {
> +address = ((*(uint64_t *) tag->saar) & 0xE000ULL) << 4;
> +size = 1 << ((*(uint64_t *) tag->saar >> 1) & 0x1f);
> +is_enabled = *(uint64_t *) tag->saar & 1;
> +}
> +

because the "1 << ..." calculation of size is done as a 32-bit
signed integer which may then be unintentionally sign-extended
into the 64-bit result. Using "1ULL" instead of "1" on the LHS
of the shift would fix this.

thanks
-- PMM

Re: [Qemu-devel] [PATCH] migration/rdma: unegister fd handler

[Dr. David Alan Gilbert]

* Peter Maydell (peter.mayd...@linaro.org) wrote:
> On Tue, 22 Jan 2019 at 19:08, Dr. David Alan Gilbert (git)
>  wrote:
> >
> > From: "Dr. David Alan Gilbert" 
> >
> > Unregister the fd handler before we destroy the channel,
> > otherwise we've got a race where we might land in the
> > fd handler just as we're closing the device.
> >
> > (The race is quite data dependent, you just have to have
> > the right set of devices for it to trigger).
> >
> > Corresponds to RH bz: https://bugzilla.redhat.com/show_bug.cgi?id=101
> >
> > Signed-off-by: Dr. David Alan Gilbert 
> > ---
> >  migration/rdma.c | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/migration/rdma.c b/migration/rdma.c
> > index 9b2e7e10aa..54a3c11540 100644
> > --- a/migration/rdma.c
> > +++ b/migration/rdma.c
> > @@ -2321,6 +2321,7 @@ static void qemu_rdma_cleanup(RDMAContext *rdma)
> >  rdma->connected = false;
> >  }
> >
> > +qemu_set_fd_handler(rdma->channel->fd, NULL, NULL, NULL);
> >  g_free(rdma->dest_blocks);
> >  rdma->dest_blocks = NULL;
> 
> Hi -- this patch makes coverity complain (CID 1398634),
> because here we use rdma->channel without checking that it is NULL,
> but later in the function we have an "if (rdma->channel)" test.
> Should this code be conditional on rmda->channel being non-NULL,
> or is the later test incorrect?

Yes, it's got a point - I can seg that.

I'll post a fix.

Dave

> thanks
> -- PMM
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PULL 00/14] Trivial branch patches

[Peter Maydell]

On Thu, 14 Feb 2019 at 10:58, Laurent Vivier  wrote:
>
> The following changes since commit 0b5e750bea635b167eb03d86c3d9a09bbd43bc06:
>
>   Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
> into staging (2019-02-12 10:53:37 +)
>
> are available in the Git repository at:
>
>   git://github.com/vivier/qemu.git tags/trivial-branch-pull-request
>
> for you to fetch changes up to 96566d09aa105ee04cbc1c9539cf8a9a40e8e422:
>
>   configure: improve usbfs check (2019-02-14 11:46:30 +0100)
>
> 
> - some configure updates (HAX/NetBSD, remove "wav", 
> -Waddress-of-packed-member)
> - remove deprecated options
> - some trace and error cleanup
> - typo fixes
>

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.0
for any user-visible changes.

-- PMM

Re: [Qemu-devel] [RFC] memory: use memory_region_init_ram() instead of memory_region_allocate_system_memory()

[Peter Maydell]

On Thu, 14 Feb 2019 at 14:07, Igor Mammedov  wrote:
> Also some boards (ab)use memory_region_allocate_system_memory(), calling it 
> several
> times to allocate various fixed sized chunks of RAM and ROMs, which is 
> problematic
> to map to a single initial RAM Machine::memdev backend and is currently 
> broken if
> -mem-path points to a not hugepage pool.

These boards are buggy and we could fix them, if we wanted to
keep the existing API. We should in that case add assertions
that memory_region_allocate_system_memory() is called once and
only once, which would let "make check" enforce the rule.

thanks
- PMM

[Qemu-devel] QEMU xen coverity issues

[Peter Maydell]

Hi; we've just done another Coverity run, and it's pulled up some
issues in the recently changed Xen code. Rather than track them
back to exactly which patches in the recent refactorings resulted
in them, I figured I'd just list them here. Could you take a
look at them, please ?

(1) CID 1398635: xen_block_complete_aio(): identical code in two branches

In hw/block/dataplane/xen_block_complete_aio():

the first switch has this code:
case BLKIF_OP_WRITE:
case BLKIF_OP_FLUSH_DISKCACHE:
if (!request->req.nr_segments) {
break;
}
break;

so the if() doesn't do anything. What was this supposed to be?

(2) Not spotted by coverity, but in a later switch in the same function:

switch (request->req.operation) {
case BLKIF_OP_WRITE:
case BLKIF_OP_FLUSH_DISKCACHE:
if (!request->req.nr_segments) {
break;
}
case BLKIF_OP_READ:

If a switch case is supposed to fall through it should be
explicitly marked with a "/* fall through */" comment.

(3) CID 1398638: unused value in xen_block_set_vdev():

In hw/block/xen-block.c xen_block_set_vdev():

if (vdev->type == XEN_BLOCK_VDEV_TYPE_DP) {
if (qemu_strtoul(p, , 10, >disk)) {
goto invalid;
}

if (*end == 'p') {
p = (char *) ++end;/* this assignment is unused */
if (*end == '\0') {
goto invalid;
}
}
} else {
vdev->disk = vbd_name_to_disk(p, );
}

if (*end != '\0') {
p = (char *)end;
[...]

The assignment to p which I've marked with a comment above
is never used, because we will either goto 'invalid' (which never
uses 'p') or we will take the "if (*end != '\0')" path which
overwrites 'p'. What is the intention here ?

(4) CID 1398640: vbd_name_to_disk() integer overflow:

In hw/block/xen-block.c vbd_name_to_disk(), if the name string
passed in is empty or doesn't start with a lowercase alphabetic
character, then we end the while loop with disk == 0. Then
we return "disk - 1" which underflows to UINT_MAX. This isn't
documented as being an error return for the function and the
caller doesn't check for it.

(5) CID 1398649: resource leak in xen_block_drive_create():

In hw/block/xen-block.c xen_block_drive_create() Coverity
complains that the call "driver_layer = qdict_new()" allocates
memory that's leaked because we don't save the pointer anywhere
but don't deallocate it before the end of the function either.
Coverity is not great at understanding our refcounting objects,
but this does look like either we're missing a qobject_unref()
or something should be keeping hold of the dictionary. Probably
best to ask a block layer expert.

thanks
-- PMM

Re: [Qemu-devel] [PATCH] gdbstub: Send a reply to the vKill packet.

[Sandra Loosemore]

On 2/14/19 10:48 AM, Peter Maydell wrote:

On Tue, 12 Feb 2019 at 21:52, Sandra Loosemore  wrote:


Per the GDB remote protocol documentation

https://sourceware.org/gdb/current/onlinedocs/gdb/Packets.html#index-vKill-packet

the debug stub is expected to send a reply to the 'vKill' packet.  At
least some versions of GDB crash if the gdb stub simply exits without
sending a reply.  This patch fixes QEMU's gdb stub to conform to the
expected behavior.

Note that QEMU's existing handling of the legacy 'k' packet is
correct: in that case GDB does not expect a reply, and QEMU does not
send one.

Signed-off-by: Sandra Loosemore 


Thanks, applied to target-arm.next.

As an aside, do you know if there is any kind of test suite for
the remote protocol that implementors of a debug stub can use to
check that they're conforming to it?


Well, I discovered this problem by running the GDB testsuite (using QEMU 
for nios2-elf target with the other target-specific patches I recently 
posted).  I'm not sure if it's designed to exhaustively test the entire 
remote protocol, but it does a pretty good job of covering user-visible 
GDB features that depend on the remote target doing something 
reasonable, even if it's just saying "Huh?  I don't know how to do 
that."  :-)


-Sandra

[Qemu-devel] [PULL 11/15] tests/tcg: target/mips: Add tests for MSA bit counting instructions

[Aleksandar Markovic]

From: Aleksandar Markovic 

Add tests for MSA bit counting instructions. This includes following
instructions:

  * NLOC.B - number of leading ones (bytes)
  * NLOC.H - number of leading ones (halfwords)
  * NLOC.W - number of leading ones (words)
  * NLOC.D - number of leading ones (doublewords)
  * NLZC.B - number of leading zeros (bytes)
  * NLZC.H - number of leading zeros (halfwords)
  * NLZC.W - number of leading zeros (words)
  * NLZC.D - number of leading zeros (doublewords)
  * PCNT.B - population count / number of ones (bytes)
  * PCNT.H - population count / number of ones (halfwords)
  * PCNT.W - population count / number of ones (words)
  * PCNT.D - population count / number of ones (doublewords)

Each test consists of 80 test cases, so altogether there are 960 test
cases.

Reviewed-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
---
 .../user/ase/msa/bit-counting/test_msa_nloc_b.c| 144 +
 .../user/ase/msa/bit-counting/test_msa_nloc_d.c| 144 +
 .../user/ase/msa/bit-counting/test_msa_nloc_h.c| 144 +
 .../user/ase/msa/bit-counting/test_msa_nloc_w.c| 144 +
 .../user/ase/msa/bit-counting/test_msa_nlzc_b.c| 144 +
 .../user/ase/msa/bit-counting/test_msa_nlzc_d.c| 144 +
 .../user/ase/msa/bit-counting/test_msa_nlzc_h.c| 144 +
 .../user/ase/msa/bit-counting/test_msa_nlzc_w.c| 144 +
 .../user/ase/msa/bit-counting/test_msa_pcnt_b.c| 144 +
 .../user/ase/msa/bit-counting/test_msa_pcnt_d.c| 144 +
 .../user/ase/msa/bit-counting/test_msa_pcnt_h.c| 144 +
 .../user/ase/msa/bit-counting/test_msa_pcnt_w.c| 144 +
 12 files changed, 1728 insertions(+)
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-counting/test_msa_nloc_b.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-counting/test_msa_nloc_d.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-counting/test_msa_nloc_h.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-counting/test_msa_nloc_w.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-counting/test_msa_nlzc_b.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-counting/test_msa_nlzc_d.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-counting/test_msa_nlzc_h.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-counting/test_msa_nlzc_w.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-counting/test_msa_pcnt_b.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-counting/test_msa_pcnt_d.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-counting/test_msa_pcnt_h.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-counting/test_msa_pcnt_w.c

diff --git a/tests/tcg/mips/user/ase/msa/bit-counting/test_msa_nloc_b.c 
b/tests/tcg/mips/user/ase/msa/bit-counting/test_msa_nloc_b.c
new file mode 100644
index 000..eb46290
--- /dev/null
+++ b/tests/tcg/mips/user/ase/msa/bit-counting/test_msa_nloc_b.c
@@ -0,0 +1,144 @@
+/*
+ *  Test program for MSA instruction NLOC.B
+ *
+ *  Copyright (C) 2018  Wave Computing, Inc.
+ *  Copyright (C) 2018  Aleksandar Markovic 
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see .
+ *
+ */
+
+#include 
+#include 
+
+#include "../../../include/wrappers_msa.h"
+#include "../../../include/test_inputs.h"
+#include "../../../include/test_utils.h"
+
+#define TEST_COUNT_TOTAL (PATTERN_INPUTS_COUNT + RANDOM_INPUTS_COUNT)
+
+
+int32_t main(void)
+{
+char *instruction_name = "NLOC.B";
+int32_t ret;
+uint32_t i;
+struct timeval start, end;
+double elapsed_time;
+
+uint64_t b128_result[TEST_COUNT_TOTAL][2];
+uint64_t b128_expect[TEST_COUNT_TOTAL][2] = {
+{ 0x0808080808080808ULL, 0x0808080808080808ULL, },/*   0  */
+{ 0xULL, 0xULL, },
+{ 0x0101010101010101ULL, 0x0101010101010101ULL, },
+{ 0xULL, 0xULL, },
+{ 0x0202020202020202ULL, 0x0202020202020202ULL, },
+{ 0xULL, 0xULL, },
+{ 0x0301000301000301ULL, 0x0003010003010003ULL, },
+{ 0x0202ULL, 0x02020200ULL, },
+{ 0x0404040404040404ULL, 0x0404040404040404ULL, },/*   8  */
+{ 

Re: [Qemu-devel] [PATCH v6 00/18] ARM virt: Initial RAM expansion and PCDIMM/NVDIMM support

[Auger Eric]

Hi Peter,

On 2/14/19 6:35 PM, Peter Maydell wrote:
> On Tue, 5 Feb 2019 at 17:33, Eric Auger  wrote:
>> This series aims to bump the 255GB RAM limit in machvirt and to
>> support device memory in general, and especially PCDIMM/NVDIMM.
> 
>> Functionally, the series is split into 3 parts:
>> 1) bump of the initial RAM limit [1 - 10] and change in
>>the memory map
>> 2) Support of PC-DIMM [11 - 14]
>> 3) Support of NV-DIMM [15 - 18]
>>
>> 1) can be upstreamed before 2 and 2 can be upstreamed before 3.
> 
> Hi Eric; sorry I haven't reviewed this series earlier. I think
> that 1-10 are pretty near to ready to go in; maybe the easiest
> path is to do a respin of just those with the review issues fixed?

No problem. Thank you for the review.

Yes I will quickly respin the patches you reviewed.

> 
> I'm a long way from being expert in the PC-DIMM/NV-DIMM stuff, so
> I'm going to be reliant on other people to review those parts.
> 
> I don't know if your series needs anything from linux-headers
> which isn't already in QEMU master after the update to match
> 5.0rc1 -- if not you could drop the header-sync patch.
5.0-rc1 should be OK so I think I can drop the header sync.

Thanks

Eric
> 
> thanks
> -- PMM
> 

[Qemu-devel] [PULL 02/15] target/mips: reimplement SC instruction emulation and use cmpxchg

[Aleksandar Markovic]

From: Leon Alrae 

Completely rewrite conditional stores handling. Use cmpxchg.

This eliminates need for separate implementations of SC instruction
emulation for user and system emulation.

Signed-off-by: Leon Alrae 
Signed-off-by: Miodrag Dinic 
Signed-off-by: Aleksandar Markovic 
Acked-by: Alex Bennée 
Tested-by: Emilio G. Cota 
Reviewed-by: Richard Henderson 
---
 linux-user/mips/cpu_loop.c |  73 ---
 target/mips/cpu.h  |   4 --
 target/mips/helper.c   |   6 +--
 target/mips/helper.h   |   2 -
 target/mips/op_helper.c|  27 --
 target/mips/translate.c| 123 -
 6 files changed, 44 insertions(+), 191 deletions(-)

diff --git a/linux-user/mips/cpu_loop.c b/linux-user/mips/cpu_loop.c
index d0f62ec..61dc90d 100644
--- a/linux-user/mips/cpu_loop.c
+++ b/linux-user/mips/cpu_loop.c
@@ -392,70 +392,6 @@ static const uint8_t mips_syscall_args[] = {
 #  undef MIPS_SYS
 # endif /* O32 */
 
-static int do_store_exclusive(CPUMIPSState *env)
-{
-target_ulong addr;
-target_ulong page_addr;
-target_ulong val;
-uint32_t val_wp = 0;
-uint32_t llnewval_wp = 0;
-int flags;
-int segv = 0;
-int reg;
-int d;
-int wp;
-
-addr = env->lladdr;
-page_addr = addr & TARGET_PAGE_MASK;
-start_exclusive();
-mmap_lock();
-flags = page_get_flags(page_addr);
-if ((flags & PAGE_READ) == 0) {
-segv = 1;
-} else {
-reg = env->llreg & 0x1f;
-d = (env->llreg & 0x20) != 0;
-wp = (env->llreg & 0x40) != 0;
-if (!wp) {
-if (d) {
-segv = get_user_s64(val, addr);
-} else {
-segv = get_user_s32(val, addr);
-}
-} else {
-segv = get_user_s32(val, addr);
-segv |= get_user_s32(val_wp, addr);
-llnewval_wp = env->llnewval_wp;
-}
-if (!segv) {
-if (val != env->llval && val_wp == llnewval_wp) {
-env->active_tc.gpr[reg] = 0;
-} else {
-if (!wp) {
-if (d) {
-segv = put_user_u64(env->llnewval, addr);
-} else {
-segv = put_user_u32(env->llnewval, addr);
-}
-} else {
-segv = put_user_u32(env->llnewval, addr);
-segv |= put_user_u32(env->llnewval_wp, addr + 4);
-}
-if (!segv) {
-env->active_tc.gpr[reg] = 1;
-}
-}
-}
-}
-env->lladdr = -1;
-if (!segv) {
-env->active_tc.PC += 4;
-}
-mmap_unlock();
-end_exclusive();
-return segv;
-}
-
 /* Break codes */
 enum {
 BRK_OVERFLOW = 6,
@@ -597,15 +533,6 @@ done_syscall:
 info.si_code = TARGET_TRAP_BRKPT;
 queue_signal(env, info.si_signo, QEMU_SI_FAULT, );
 break;
-case EXCP_SC:
-if (do_store_exclusive(env)) {
-info.si_signo = TARGET_SIGSEGV;
-info.si_errno = 0;
-info.si_code = TARGET_SEGV_MAPERR;
-info._sifields._sigfault._addr = env->active_tc.PC;
-queue_signal(env, info.si_signo, QEMU_SI_FAULT, );
-}
-break;
 case EXCP_DSPDIS:
 info.si_signo = TARGET_SIGILL;
 info.si_errno = 0;
diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index f10e016..eccee37 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -876,10 +876,8 @@ struct CPUMIPSState {
  */
 target_ulong lladdr; /* LL virtual address compared against SC */
 target_ulong llval;
-target_ulong llnewval;
 uint64_t llval_wp;
 uint32_t llnewval_wp;
-target_ulong llreg;
 uint64_t CP0_LLAddr_rw_bitmask;
 int CP0_LLAddr_shift;
 /*
@@ -1156,8 +1154,6 @@ enum {
 
 EXCP_LAST = EXCP_TLBRI,
 };
-/* Dummy exception for conditional stores.  */
-#define EXCP_SC 0x100
 
 /*
  * This is an internally generated WAKE request line.
diff --git a/target/mips/helper.c b/target/mips/helper.c
index 8988452..944f094 100644
--- a/target/mips/helper.c
+++ b/target/mips/helper.c
@@ -1463,10 +1463,8 @@ void QEMU_NORETURN do_raise_exception_err(CPUMIPSState 
*env,
 {
 CPUState *cs = CPU(mips_env_get_cpu(env));
 
-if (exception < EXCP_SC) {
-qemu_log_mask(CPU_LOG_INT, "%s: %d %d\n",
-  __func__, exception, error_code);
-}
+qemu_log_mask(CPU_LOG_INT, "%s: %d %d\n",
+  __func__, exception, error_code);
 cs->exception_index = exception;
 env->error_code = error_code;
 
diff --git a/target/mips/helper.h b/target/mips/helper.h
index 8872c46..a6d687e 100644
--- a/target/mips/helper.h
+++ b/target/mips/helper.h
@@ -13,10 +13,8 @@ DEF_HELPER_4(swr, void, env, tl, tl, int)
 
 #ifndef CONFIG_USER_ONLY
 DEF_HELPER_3(ll, tl, env, tl, int)

[Qemu-devel] [PATCH] hw/i386/pc: run the multiboot loader before the PVH loader

[Stefano Garzarella]

Some multiboot images could be in the ELF format. In the current
implementation QEMU fails because we try to load these images
as a PVH image.

In order to fix this issue, we should try multiboot first (we
already check the multiboot magic header before to load it).
If it is not a multiboot image, we can try the PVH loader.

Fixes: ab969087da6 ("pvh: Boot uncompressed kernel using direct boot ABI", 
2019-01-15)
Reported-by: Paolo Bonzini 
Signed-off-by: Stefano Garzarella 
---
 hw/i386/pc.c | 17 +++--
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 3889eccdc3..207c267093 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1209,6 +1209,17 @@ static void load_linux(PCMachineState *pcms,
 if (ldl_p(header+0x202) == 0x53726448) {
 protocol = lduw_p(header+0x206);
 } else {
+/*
+ * This could be a multiboot kernel. If it is, let's stop treating it
+ * like a Linux kernel.
+ * Note: some multiboot images could be in the ELF format (the same of
+ * PVH), so we try multiboot first since we check the multiboot magic
+ * header before to load it.
+ */
+if (load_multiboot(fw_cfg, f, kernel_filename, initrd_filename,
+   kernel_cmdline, kernel_size, header)) {
+return;
+}
 /*
  * Check if the file is an uncompressed kernel file (ELF) and load it,
  * saving the PVH entry point used by the x86/HVM direct boot ABI.
@@ -1262,12 +1273,6 @@ static void load_linux(PCMachineState *pcms,
 
 return;
 }
-/* This looks like a multiboot kernel. If it is, let's stop
-   treating it like a Linux kernel. */
-if (load_multiboot(fw_cfg, f, kernel_filename, initrd_filename,
-   kernel_cmdline, kernel_size, header)) {
-return;
-}
 protocol = 0;
 }
 
-- 
2.20.1

[Qemu-devel] [PULL 05/15] hw/mips_cpc: kick a VP when putting it into Run statewq

[Aleksandar Markovic]

From: Miodrag Dinic 

While testing mttcg VP0 could get stuck in a loop waiting for other
VPs to come up (which never actually happens). To fix this, kick VPs
while they are being powered up by Cluster Power Controller in an
async task which is triggered once the host thread is being spawned.

Signed-off-by: Miodrag Dinic 
Signed-off-by: Leon Alrae 
Signed-off-by: Aleksandar Markovic 
Acked-by: Alex Bennée 
Reviewed-by: Alex Bennée 
---
 hw/misc/mips_cpc.c | 17 +++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/hw/misc/mips_cpc.c b/hw/misc/mips_cpc.c
index 6d34574..712d842 100644
--- a/hw/misc/mips_cpc.c
+++ b/hw/misc/mips_cpc.c
@@ -30,6 +30,14 @@ static inline uint64_t cpc_vp_run_mask(MIPSCPCState *cpc)
 return (1ULL << cpc->num_vp) - 1;
 }
 
+static void mips_cpu_reset_async_work(CPUState *cs, run_on_cpu_data data)
+{
+MIPSCPCState *cpc = (MIPSCPCState *) data.host_ptr;
+
+cpu_reset(cs);
+cpc->vp_running |= 1ULL << cs->cpu_index;
+}
+
 static void cpc_run_vp(MIPSCPCState *cpc, uint64_t vp_run)
 {
 CPUState *cs = first_cpu;
@@ -37,8 +45,13 @@ static void cpc_run_vp(MIPSCPCState *cpc, uint64_t vp_run)
 CPU_FOREACH(cs) {
 uint64_t i = 1ULL << cs->cpu_index;
 if (i & vp_run & ~cpc->vp_running) {
-cpu_reset(cs);
-cpc->vp_running |= i;
+/*
+ * To avoid racing with a CPU we are just kicking off.
+ * We do the final bit of preparation for the work in
+ * the target CPUs context.
+ */
+async_safe_run_on_cpu(cs, mips_cpu_reset_async_work,
+  RUN_ON_CPU_HOST_PTR(cpc));
 }
 }
 }
-- 
2.7.4

Re: [Qemu-devel] [RFC] memory: use memory_region_init_ram() instead of memory_region_allocate_system_memory()

[Paolo Bonzini]

On 14/02/19 15:07, Igor Mammedov wrote:
> Also some boards (ab)use memory_region_allocate_system_memory(), calling it 
> several
> times to allocate various fixed sized chunks of RAM and ROMs, which is 
> problematic
> to map to a single initial RAM Machine::memdev backend and is currently 
> broken if
> -mem-path points to a not hugepage pool.

This is certainly a good idea.  However, I'm not sure why you would need
a memdev property on the Machine instead of just allowing 1 -numa node,
which is what really is.

Thanks,

Paolo

Re: [Qemu-devel] [PATCH] scsi-cd: Fix crash after remote cdrom detached

[Paolo Bonzini]

On 14/02/19 13:27, Xiang Zheng wrote:
> There is a small window between the twice blk_is_available in
> scsi_disk_emulate_command which would cause crash due to the later
> assertion if the remote cdrom is detached in this window.
> 
> So this patch replaces assertions with return to avoid qemu crash.
> 
> Signed-off-by: Xiang Zheng 
> ---
> The qemu error log shows:
> 
> qemu-system-aarch64: /home/qemu/hw/scsi/scsi-disk.c:1896: 
> scsi_disk_emulate_command: Assertion `blk_is_available(s->qdev.conf.blk)' 
> failed.
> 2019-02-15 04:35:18.592: shutting down, reason=crashed

Is this with virtio-scsi-dataplane?

Paolo

Re: [Qemu-devel] [PATCH] gdbstub: Send a reply to the vKill packet.

[Peter Maydell]

On Tue, 12 Feb 2019 at 21:52, Sandra Loosemore  wrote:
>
> Per the GDB remote protocol documentation
>
> https://sourceware.org/gdb/current/onlinedocs/gdb/Packets.html#index-vKill-packet
>
> the debug stub is expected to send a reply to the 'vKill' packet.  At
> least some versions of GDB crash if the gdb stub simply exits without
> sending a reply.  This patch fixes QEMU's gdb stub to conform to the
> expected behavior.
>
> Note that QEMU's existing handling of the legacy 'k' packet is
> correct: in that case GDB does not expect a reply, and QEMU does not
> send one.
>
> Signed-off-by: Sandra Loosemore 

Thanks, applied to target-arm.next.

As an aside, do you know if there is any kind of test suite for
the remote protocol that implementors of a debug stub can use to
check that they're conforming to it?

-- PMM

[Qemu-devel] [PULL 09/15] tests/tcg: target/mips: Add a header with test utilities

[Aleksandar Markovic]

From: Aleksandar Markovic 

Add a header that contains test utilities. For now, it contains
only a function for checking and printing test results for bit
counting and similar MSA instructions.

Reviewed-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
---
 tests/tcg/mips/include/test_utils.h | 78 +
 1 file changed, 78 insertions(+)
 create mode 100644 tests/tcg/mips/include/test_utils.h

diff --git a/tests/tcg/mips/include/test_utils.h 
b/tests/tcg/mips/include/test_utils.h
new file mode 100644
index 000..82f4b5b
--- /dev/null
+++ b/tests/tcg/mips/include/test_utils.h
@@ -0,0 +1,78 @@
+/*
+ *  Header file for test utilities
+ *
+ *  Copyright (C) 2018  Wave Computing, Inc.
+ *  Copyright (C) 2018  Aleksandar Markovic 
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see .
+ *
+ */
+
+#ifndef TEST_UTILS_H
+#define TEST_UTILS_H
+
+#include 
+#include 
+#include 
+#include 
+
+#define PRINT_RESULTS 1
+
+
+static inline int32_t check_results(char *instruction_name,
+uint32_t test_count,
+double elapsed_time,
+uint64_t *b128_result,
+uint64_t *b128_expect)
+{
+#if PRINT_RESULTS
+uint32_t ii;
+printf("\n");
+for (ii = 0; ii < test_count; ii++) {
+uint64_t a, b;
+memcpy(, (b128_result + 2 * ii), 8);
+memcpy(, (b128_result + 2 * ii + 1), 8);
+if (ii % 8 != 0) {
+printf("{ 0x%016llxULL, 0x%016llxULL, },\n", a, b);
+} else {
+printf("{ 0x%016llxULL, 0x%016llxULL, },/* %3d  */\n",
+   a, b, ii);
+}
+}
+printf("\n");
+#endif
+uint32_t i;
+uint32_t pass_count = 0;
+uint32_t fail_count = 0;
+
+printf("%s:   ", instruction_name);
+for (i = 0; i < test_count; i++) {
+if (b128_result[i] == b128_expect[i]) {
+pass_count++;
+} else {
+fail_count++;
+}
+}
+
+printf("PASS: %3d   FAIL: %3d   elapsed time: %5.2f ms\n",
+   pass_count, fail_count, elapsed_time);
+
+if (fail_count > 0) {
+return -1;
+} else {
+return 0;
+}
+}
+
+#endif
-- 
2.7.4

Re: [Qemu-devel] [PATCH v2 0/7] ui/cocoa: Use OSX's main loop

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190214102816.3393-1-peter.mayd...@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20190214102816.3393-1-peter.mayd...@linaro.org
Subject: [Qemu-devel] [PATCH v2 0/7] ui/cocoa: Use OSX's main loop
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 t [tag update]
patchew/20190214102816.3393-1-peter.mayd...@linaro.org -> 
patchew/20190214102816.3393-1-peter.mayd...@linaro.org
Switched to a new branch 'test'
0538b64902 ui/cocoa: Perform UI operations only on the main thread
9c813776c5 ui/cocoa: Subclass NSApplication so we can implement sendEvent
ee910daa7f ui/cocoa: Don't call NSApp sendEvent directly from handleEvent
475c73329c ui/cocoa: Move console/device menu creation code up in file
84187b00a1 ui/cocoa: Factor out initial menu creation
ec9d2d35f1 ui/cocoa: Use the pixman image directly in switchSurface
31e3ce4546 ui/cocoa: Ensure we have the iothread lock when calling into QEMU

=== OUTPUT BEGIN ===
1/7 Checking commit 31e3ce4546b9 (ui/cocoa: Ensure we have the iothread lock 
when calling into QEMU)
2/7 Checking commit ec9d2d35f160 (ui/cocoa: Use the pixman image directly in 
switchSurface)
3/7 Checking commit 84187b00a139 (ui/cocoa: Factor out initial menu creation)
4/7 Checking commit 475c73329cdd (ui/cocoa: Move console/device menu creation 
code up in file)
5/7 Checking commit ee910daa7f20 (ui/cocoa: Don't call NSApp sendEvent directly 
from handleEvent)
ERROR: trailing whitespace
#42: FILE: ui/cocoa.m:152:
+$

total: 1 errors, 0 warnings, 122 lines checked

Patch 5/7 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

6/7 Checking commit 9c813776c52a (ui/cocoa: Subclass NSApplication so we can 
implement sendEvent)
7/7 Checking commit 0538b64902ce (ui/cocoa: Perform UI operations only on the 
main thread)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20190214102816.3393-1-peter.mayd...@linaro.org/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[Qemu-devel] [PULL 13/15] tests/tcg: target/mips: Add tests for MSA interleave instructions

[Aleksandar Markovic]

From: Aleksandar Markovic 

Add tests for MSA interleave instructions. This includes following
instructions:

  * ILVEV.B - interleave even (bytes)
  * ILVEV.H - interleave even (halfwords)
  * ILVEV.W - interleave even (words)
  * ILVEV.D - interleave even (doublewords)
  * ILVOD.B - interleave odd (bytes)
  * ILVOD.H - interleave odd (halfwords)
  * ILVOD.W - interleave odd (words)
  * ILVOD.D - interleave odd (doublewords)
  * ILVL.B - interleave left (bytes)
  * ILVL.H - interleave left (halfwords)
  * ILVL.W - interleave left (words)
  * ILVL.D - interleave left (doublewords)
  * ILVR.B - interleave right (bytes)
  * ILVR.H - interleave right (halfwords)
  * ILVR.W - interleave right (words)
  * ILVR.D - interleave right (doublewords)

Each test consists of 80 test cases, so altogether there are 1280
test cases.

Reviewed-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
---
 .../user/ase/msa/interleave/test_msa_ilvev_b.c | 153 +
 .../user/ase/msa/interleave/test_msa_ilvev_d.c | 153 +
 .../user/ase/msa/interleave/test_msa_ilvev_h.c | 153 +
 .../user/ase/msa/interleave/test_msa_ilvev_w.c | 153 +
 .../mips/user/ase/msa/interleave/test_msa_ilvl_b.c | 153 +
 .../mips/user/ase/msa/interleave/test_msa_ilvl_d.c | 153 +
 .../mips/user/ase/msa/interleave/test_msa_ilvl_h.c | 153 +
 .../mips/user/ase/msa/interleave/test_msa_ilvl_w.c | 153 +
 .../user/ase/msa/interleave/test_msa_ilvod_b.c | 153 +
 .../user/ase/msa/interleave/test_msa_ilvod_d.c | 153 +
 .../user/ase/msa/interleave/test_msa_ilvod_h.c | 153 +
 .../user/ase/msa/interleave/test_msa_ilvod_w.c | 153 +
 .../mips/user/ase/msa/interleave/test_msa_ilvr_b.c | 153 +
 .../mips/user/ase/msa/interleave/test_msa_ilvr_d.c | 153 +
 .../mips/user/ase/msa/interleave/test_msa_ilvr_h.c | 153 +
 .../mips/user/ase/msa/interleave/test_msa_ilvr_w.c | 153 +
 16 files changed, 2448 insertions(+)
 create mode 100644 tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvev_b.c
 create mode 100644 tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvev_d.c
 create mode 100644 tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvev_h.c
 create mode 100644 tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvev_w.c
 create mode 100644 tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvl_b.c
 create mode 100644 tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvl_d.c
 create mode 100644 tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvl_h.c
 create mode 100644 tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvl_w.c
 create mode 100644 tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvod_b.c
 create mode 100644 tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvod_d.c
 create mode 100644 tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvod_h.c
 create mode 100644 tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvod_w.c
 create mode 100644 tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvr_b.c
 create mode 100644 tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvr_d.c
 create mode 100644 tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvr_h.c
 create mode 100644 tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvr_w.c

diff --git a/tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvev_b.c 
b/tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvev_b.c
new file mode 100644
index 000..5cf8627
--- /dev/null
+++ b/tests/tcg/mips/user/ase/msa/interleave/test_msa_ilvev_b.c
@@ -0,0 +1,153 @@
+/*
+ *  Test program for MSA instruction ILVEV.B
+ *
+ *  Copyright (C) 2018  Wave Computing, Inc.
+ *  Copyright (C) 2018  Aleksandar Markovic 
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see .
+ *
+ */
+
+#include 
+#include 
+
+#include "../../../../include/wrappers_msa.h"
+#include "../../../../include/test_inputs.h"
+#include "../../../../include/test_utils.h"
+
+#define TEST_COUNT_TOTAL (\
+(PATTERN_INPUTS_SHORT_COUNT) * (PATTERN_INPUTS_SHORT_COUNT) + \
+(RANDOM_INPUTS_SHORT_COUNT) * (RANDOM_INPUTS_SHORT_COUNT))
+
+
+int32_t main(void)
+{
+char 

[Qemu-devel] [PULL 01/15] target/mips: compare virtual addresses in LL/SC sequence

[Aleksandar Markovic]

From: Leon Alrae 

Do only virtual addresses comaprisons in LL/SC sequence emulations.

Until this patch, physical addresses had been compared in SC part of
LL/SC sequence, even though such comparisons could be avoided. Getting
rid of them allows throwing away SC helpers and having common SC
implementations in user and system mode, avoiding the need for two
separate implementations selected by #ifdef CONFIG_USER_ONLY.

Correct guest software should not rely on LL/SC if they accesses the
same physical address via different virtual addresses or if page
mapping gets changed between LL/SC due to manipulating TLB entries.
MIPS Instruction Set Manual clearly says that an RMW sequence must
use the same address in the LL and SC (virtual address, physical
address, cacheability and coherency attributes must be identical).
Otherwise, the result of the SC is not predictable. This patch takes
advantage of this fact and removes the virtual->physical address
translation from SC helper.

lladdr served as Coprocessor 0 LLAddr register which captures physical
address of the most recent LL instruction, and also lladdr was used
for comparison with following SC physical address. This patch changes
the meaning of lladdr - now it will only keep the virtual address of
the most recent LL. Additionally, CP0_LLAddr field is introduced which
is the actual Coperocessor 0 LLAddr register that guest can access.

Signed-off-by: Leon Alrae 
Signed-off-by: Miodrag Dinic 
Signed-off-by: Aleksandar Markovic 
Acked-by: Alex Bennée 
Reviewed-by: Aleksandar Markovic 
---
 target/mips/cpu.h   |  3 ++-
 target/mips/machine.c   |  7 ---
 target/mips/op_helper.c | 29 +
 target/mips/translate.c |  4 ++--
 4 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index 473d26d..f10e016 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -867,13 +867,14 @@ struct CPUMIPSState {
 #define CP0C5_NFExists 0
 int32_t CP0_Config6;
 int32_t CP0_Config7;
+uint64_t CP0_LLAddr;
 uint64_t CP0_MAAR[MIPS_MAAR_MAX];
 int32_t CP0_MAARI;
 /* XXX: Maybe make LLAddr per-TC? */
 /*
  * CP0 Register 17
  */
-uint64_t lladdr;
+target_ulong lladdr; /* LL virtual address compared against SC */
 target_ulong llval;
 target_ulong llnewval;
 uint64_t llval_wp;
diff --git a/target/mips/machine.c b/target/mips/machine.c
index 1341ab1..70d277d 100644
--- a/target/mips/machine.c
+++ b/target/mips/machine.c
@@ -214,8 +214,8 @@ const VMStateDescription vmstate_tlb = {
 
 const VMStateDescription vmstate_mips_cpu = {
 .name = "cpu",
-.version_id = 17,
-.minimum_version_id = 17,
+.version_id = 18,
+.minimum_version_id = 18,
 .post_load = cpu_post_load,
 .fields = (VMStateField[]) {
 /* Active TC */
@@ -293,9 +293,10 @@ const VMStateDescription vmstate_mips_cpu = {
 VMSTATE_INT32(env.CP0_Config3, MIPSCPU),
 VMSTATE_INT32(env.CP0_Config6, MIPSCPU),
 VMSTATE_INT32(env.CP0_Config7, MIPSCPU),
+VMSTATE_UINT64(env.CP0_LLAddr, MIPSCPU),
 VMSTATE_UINT64_ARRAY(env.CP0_MAAR, MIPSCPU, MIPS_MAAR_MAX),
 VMSTATE_INT32(env.CP0_MAARI, MIPSCPU),
-VMSTATE_UINT64(env.lladdr, MIPSCPU),
+VMSTATE_UINTTL(env.lladdr, MIPSCPU),
 VMSTATE_UINTTL_ARRAY(env.CP0_WatchLo, MIPSCPU, 8),
 VMSTATE_INT32_ARRAY(env.CP0_WatchHi, MIPSCPU, 8),
 VMSTATE_UINTTL(env.CP0_XContext, MIPSCPU),
diff --git a/target/mips/op_helper.c b/target/mips/op_helper.c
index aebad24..44f2626 100644
--- a/target/mips/op_helper.c
+++ b/target/mips/op_helper.c
@@ -349,15 +349,15 @@ static inline hwaddr do_translate_address(CPUMIPSState 
*env,
   target_ulong address,
   int rw, uintptr_t 
retaddr)
 {
-hwaddr lladdr;
+hwaddr paddr;
 CPUState *cs = CPU(mips_env_get_cpu(env));
 
-lladdr = cpu_mips_translate_address(env, address, rw);
+paddr = cpu_mips_translate_address(env, address, rw);
 
-if (lladdr == -1LL) {
+if (paddr == -1LL) {
 cpu_loop_exit_restore(cs, retaddr);
 } else {
-return lladdr;
+return paddr;
 }
 }
 
@@ -370,7 +370,8 @@ target_ulong helper_##name(CPUMIPSState *env, target_ulong 
arg, int mem_idx)  \
 } \
 do_raise_exception(env, EXCP_AdEL, GETPC());  \
 } \
-env->lladdr = do_translate_address(env, arg, 0, GETPC()); \
+env->CP0_LLAddr = do_translate_address(env, arg, 0, GETPC()); \
+env->lladdr = arg;\
 env->llval = do_##insn(env, arg, mem_idx, GETPC());   \
 return env->llval; 

Re: [Qemu-devel] [PATCH] migration/rdma: unegister fd handler

[Peter Maydell]

On Tue, 22 Jan 2019 at 19:08, Dr. David Alan Gilbert (git)
 wrote:
>
> From: "Dr. David Alan Gilbert" 
>
> Unregister the fd handler before we destroy the channel,
> otherwise we've got a race where we might land in the
> fd handler just as we're closing the device.
>
> (The race is quite data dependent, you just have to have
> the right set of devices for it to trigger).
>
> Corresponds to RH bz: https://bugzilla.redhat.com/show_bug.cgi?id=101
>
> Signed-off-by: Dr. David Alan Gilbert 
> ---
>  migration/rdma.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/migration/rdma.c b/migration/rdma.c
> index 9b2e7e10aa..54a3c11540 100644
> --- a/migration/rdma.c
> +++ b/migration/rdma.c
> @@ -2321,6 +2321,7 @@ static void qemu_rdma_cleanup(RDMAContext *rdma)
>  rdma->connected = false;
>  }
>
> +qemu_set_fd_handler(rdma->channel->fd, NULL, NULL, NULL);
>  g_free(rdma->dest_blocks);
>  rdma->dest_blocks = NULL;

Hi -- this patch makes coverity complain (CID 1398634),
because here we use rdma->channel without checking that it is NULL,
but later in the function we have an "if (rdma->channel)" test.
Should this code be conditional on rmda->channel being non-NULL,
or is the later test incorrect?

thanks
-- PMM

[Qemu-devel] [PULL 03/15] hw/mips_int: hold BQL for all interrupt requests

[Aleksandar Markovic]

From: Aleksandar Markovic 

Make sure BQL is held for all interrupt requests.

For MTTCG-enabled configurations, handling soft and hard interrupts
between vCPUs must be properly locked. By acquiring BQL, make sure
all paths triggering an IRQ are synchronized.

Signed-off-by: Miodrag Dinic 
Signed-off-by: Aleksandar Markovic 
Acked-by: Alex Bennée 
Reviewed-by: Alex Bennée 
---
 hw/mips/mips_int.c  | 12 
 target/mips/op_helper.c | 21 +++--
 2 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/hw/mips/mips_int.c b/hw/mips/mips_int.c
index 48192d2..5ddeb15 100644
--- a/hw/mips/mips_int.c
+++ b/hw/mips/mips_int.c
@@ -21,6 +21,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/main-loop.h"
 #include "hw/hw.h"
 #include "hw/mips/cpudevs.h"
 #include "cpu.h"
@@ -32,10 +33,17 @@ static void cpu_mips_irq_request(void *opaque, int irq, int 
level)
 MIPSCPU *cpu = opaque;
 CPUMIPSState *env = >env;
 CPUState *cs = CPU(cpu);
+bool locked = false;
 
 if (irq < 0 || irq > 7)
 return;
 
+/* Make sure locking works even if BQL is already held by the caller */
+if (!qemu_mutex_iothread_locked()) {
+locked = true;
+qemu_mutex_lock_iothread();
+}
+
 if (level) {
 env->CP0_Cause |= 1 << (irq + CP0Ca_IP);
 
@@ -56,6 +64,10 @@ static void cpu_mips_irq_request(void *opaque, int irq, int 
level)
 } else {
 cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
 }
+
+if (locked) {
+qemu_mutex_unlock_iothread();
+}
 }
 
 void cpu_mips_irq_init_cpu(MIPSCPU *cpu)
diff --git a/target/mips/op_helper.c b/target/mips/op_helper.c
index 943a7ea..8c53b3b 100644
--- a/target/mips/op_helper.c
+++ b/target/mips/op_helper.c
@@ -17,7 +17,6 @@
  * License along with this library; if not, see .
  */
 #include "qemu/osdep.h"
-#include "qemu/main-loop.h"
 #include "cpu.h"
 #include "internal.h"
 #include "qemu/host-utils.h"
@@ -905,11 +904,7 @@ target_ulong helper_mftc0_tcschefback(CPUMIPSState *env)
 
 target_ulong helper_mfc0_count(CPUMIPSState *env)
 {
-int32_t count;
-qemu_mutex_lock_iothread();
-count = (int32_t) cpu_mips_get_count(env);
-qemu_mutex_unlock_iothread();
-return count;
+return (int32_t)cpu_mips_get_count(env);
 }
 
 target_ulong helper_mfc0_saar(CPUMIPSState *env)
@@ -1594,9 +1589,7 @@ void helper_mtc0_hwrena(CPUMIPSState *env, target_ulong 
arg1)
 
 void helper_mtc0_count(CPUMIPSState *env, target_ulong arg1)
 {
-qemu_mutex_lock_iothread();
 cpu_mips_store_count(env, arg1);
-qemu_mutex_unlock_iothread();
 }
 
 void helper_mtc0_saari(CPUMIPSState *env, target_ulong arg1)
@@ -1685,9 +1678,7 @@ void helper_mttc0_entryhi(CPUMIPSState *env, target_ulong 
arg1)
 
 void helper_mtc0_compare(CPUMIPSState *env, target_ulong arg1)
 {
-qemu_mutex_lock_iothread();
 cpu_mips_store_compare(env, arg1);
-qemu_mutex_unlock_iothread();
 }
 
 void helper_mtc0_status(CPUMIPSState *env, target_ulong arg1)
@@ -1741,9 +1732,7 @@ void helper_mtc0_srsctl(CPUMIPSState *env, target_ulong 
arg1)
 
 void helper_mtc0_cause(CPUMIPSState *env, target_ulong arg1)
 {
-qemu_mutex_lock_iothread();
 cpu_mips_store_cause(env, arg1);
-qemu_mutex_unlock_iothread();
 }
 
 void helper_mttc0_cause(CPUMIPSState *env, target_ulong arg1)
@@ -2587,16 +2576,12 @@ target_ulong helper_rdhwr_synci_step(CPUMIPSState *env)
 
 target_ulong helper_rdhwr_cc(CPUMIPSState *env)
 {
-int32_t count;
 check_hwrena(env, 2, GETPC());
 #ifdef CONFIG_USER_ONLY
-count = env->CP0_Count;
+return env->CP0_Count;
 #else
-qemu_mutex_lock_iothread();
-count = (int32_t)cpu_mips_get_count(env);
-qemu_mutex_unlock_iothread();
+return (int32_t)cpu_mips_get_count(env);
 #endif
-return count;
 }
 
 target_ulong helper_rdhwr_ccres(CPUMIPSState *env)
-- 
2.7.4

[Qemu-devel] [PULL 15/15] tests/tcg: target/mips: Add tests for MSA logic instructions

[Aleksandar Markovic]

From: Aleksandar Markovic 

Add tests for MSA logic instructions. This includes following
instructions:

  * AND.V - logical AND
  * NOR.V - logical NOR
  * OR.V - logical OR
  * XOR.V - logical XOR

Each test consists of 80 test cases, so altogether there are 320
test cases.

Reviewed-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
---
 tests/tcg/mips/user/ase/msa/logic/test_msa_and_v.c | 153 +
 tests/tcg/mips/user/ase/msa/logic/test_msa_nor_v.c | 153 +
 tests/tcg/mips/user/ase/msa/logic/test_msa_or_v.c  | 153 +
 tests/tcg/mips/user/ase/msa/logic/test_msa_xor_v.c | 153 +
 4 files changed, 612 insertions(+)
 create mode 100644 tests/tcg/mips/user/ase/msa/logic/test_msa_and_v.c
 create mode 100644 tests/tcg/mips/user/ase/msa/logic/test_msa_nor_v.c
 create mode 100644 tests/tcg/mips/user/ase/msa/logic/test_msa_or_v.c
 create mode 100644 tests/tcg/mips/user/ase/msa/logic/test_msa_xor_v.c

diff --git a/tests/tcg/mips/user/ase/msa/logic/test_msa_and_v.c 
b/tests/tcg/mips/user/ase/msa/logic/test_msa_and_v.c
new file mode 100644
index 000..51b256f
--- /dev/null
+++ b/tests/tcg/mips/user/ase/msa/logic/test_msa_and_v.c
@@ -0,0 +1,153 @@
+/*
+ *  Test program for MSA instruction AND.V
+ *
+ *  Copyright (C) 2018  Wave Computing, Inc.
+ *  Copyright (C) 2018  Aleksandar Markovic 
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see .
+ *
+ */
+
+#include 
+#include 
+
+#include "../../../../include/wrappers_msa.h"
+#include "../../../../include/test_inputs.h"
+#include "../../../../include/test_utils.h"
+
+#define TEST_COUNT_TOTAL (\
+(PATTERN_INPUTS_SHORT_COUNT) * (PATTERN_INPUTS_SHORT_COUNT) + \
+(RANDOM_INPUTS_SHORT_COUNT) * (RANDOM_INPUTS_SHORT_COUNT))
+
+
+int32_t main(void)
+{
+char *instruction_name = "AND.V";
+int32_t ret;
+uint32_t i, j;
+struct timeval start, end;
+double elapsed_time;
+
+uint64_t b128_result[TEST_COUNT_TOTAL][2];
+uint64_t b128_expect[TEST_COUNT_TOTAL][2] = {
+{ 0xULL, 0xULL, },/*   0  */
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xe38e38e38e38e38eULL, 0x38e38e38e38e38e3ULL, },
+{ 0x1c71c71c71c71c71ULL, 0xc71c71c71c71c71cULL, },
+{ 0xULL, 0xULL, },/*   8  */
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },/*  16  */
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xa28a28a28a28a28aULL, 0x28a28a28a28a28a2ULL, },
+{ 0x0820820820820820ULL, 0x8208208208208208ULL, },
+{ 0xULL, 0xULL, },/*  24  */
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0x4104104104104104ULL, 0x1041041041041041ULL, },
+{ 0x1451451451451451ULL, 0x4514514514514514ULL, },
+{ 0xULL, 0xULL, },/*  32  */
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 

Re: [Qemu-devel] [PULL 09/26] target/arm: Don't clear supported PMU events when initializing PMCEID1

[Peter Maydell]

On Mon, 28 Jan 2019 at 18:11, Peter Maydell  wrote:
>
> From: Aaron Lindsay OS 
>
> A bug was introduced during a respin of:
>
> commit 57a4a11b2b281bb548b419ca81bfafb214e4c77a
> target/arm: Add array for supported PMU events, generate 
> PMCEID[01]_EL0



> @@ -1113,13 +1115,16 @@ uint64_t get_pmceid(CPUARMState *env, unsigned which)
>  /* We do not currently support events in the 0x40xx range */
>  assert(cnt->number <= 0x3f);
>
> -if ((cnt->number & 0x20) == (which << 6) &&
> -cnt->supported(env)) {
> -pmceid |= (1 << (cnt->number & 0x1f));
> +if (cnt->supported(>env)) {
>  supported_event_map[cnt->number] = i;
> +uint64_t event_mask = 1 << (cnt->number & 0x1f);

Coverity complains about this line (CID 1398645). The
RHS is evaluated using 32-bit signed arithmetic (because
cnt->number is uint16_t and so integer promotion means it
ends up working with the 'int' type. If cnt->number is
31 then this means that the assignment will do an
unintended sign-extension that sets the top 32 bits
of event_mask.

Fix is probably just to use "1ULL" instead of "1" on the LHS of <<.


> +if (cnt->number & 0x20) {
> +cpu->pmceid1 |= event_mask;
> +} else {
> +cpu->pmceid0 |= event_mask;
> +}
>  }
>  }
> -return pmceid;
>  }

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 0/7] ui/cocoa: Use OSX's main loop

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190214102816.3393-1-peter.mayd...@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v2 0/7] ui/cocoa: Use OSX's main loop
Message-id: 20190214102816.3393-1-peter.mayd...@linaro.org
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]  patchew/20190214102816.3393-1-peter.mayd...@linaro.org -> 
patchew/20190214102816.3393-1-peter.mayd...@linaro.org
 - [tag update]  patchew/cover.1549857716.git.bala...@eik.bme.hu -> 
patchew/cover.1549857716.git.bala...@eik.bme.hu
Submodule 'capstone' (https://git.qemu.org/git/capstone.git) registered for 
path 'capstone'
Submodule 'dtc' (https://git.qemu.org/git/dtc.git) registered for path 'dtc'
Submodule 'roms/QemuMacDrivers' (https://git.qemu.org/git/QemuMacDrivers.git) 
registered for path 'roms/QemuMacDrivers'
Submodule 'roms/SLOF' (https://git.qemu.org/git/SLOF.git) registered for path 
'roms/SLOF'
Submodule 'roms/ipxe' (https://git.qemu.org/git/ipxe.git) registered for path 
'roms/ipxe'
Submodule 'roms/openbios' (https://git.qemu.org/git/openbios.git) registered 
for path 'roms/openbios'
Submodule 'roms/openhackware' (https://git.qemu.org/git/openhackware.git) 
registered for path 'roms/openhackware'
Submodule 'roms/qemu-palcode' (https://git.qemu.org/git/qemu-palcode.git) 
registered for path 'roms/qemu-palcode'
Submodule 'roms/seabios' (https://git.qemu.org/git/seabios.git/) registered for 
path 'roms/seabios'
Submodule 'roms/seabios-hppa' (https://github.com/hdeller/seabios-hppa.git) 
registered for path 'roms/seabios-hppa'
Submodule 'roms/sgabios' (https://git.qemu.org/git/sgabios.git) registered for 
path 'roms/sgabios'
Submodule 'roms/skiboot' (https://git.qemu.org/git/skiboot.git) registered for 
path 'roms/skiboot'
Submodule 'roms/u-boot' (https://git.qemu.org/git/u-boot.git) registered for 
path 'roms/u-boot'
Submodule 'roms/u-boot-sam460ex' (https://git.qemu.org/git/u-boot-sam460ex.git) 
registered for path 'roms/u-boot-sam460ex'
Submodule 'tests/fp/berkeley-softfloat-3' 
(https://github.com/cota/berkeley-softfloat-3) registered for path 
'tests/fp/berkeley-softfloat-3'
Submodule 'tests/fp/berkeley-testfloat-3' 
(https://github.com/cota/berkeley-testfloat-3) registered for path 
'tests/fp/berkeley-testfloat-3'
Submodule 'ui/keycodemapdb' (https://git.qemu.org/git/keycodemapdb.git) 
registered for path 'ui/keycodemapdb'
Cloning into 'capstone'...
Submodule path 'capstone': checked out 
'22ead3e0bfdb87516656453336160e0a37b066bf'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '88f18909db731a627456f26d779445f84e449536'
Cloning into 'roms/QemuMacDrivers'...
Submodule path 'roms/QemuMacDrivers': checked out 
'90c488d5f4a407342247b9ea869df1c2d9c8e266'
Cloning into 'roms/SLOF'...
Submodule path 'roms/SLOF': checked out 
'a5b428e1c1eae703bdd62a3f527223c291ee3fdc'
Cloning into 'roms/ipxe'...
Submodule path 'roms/ipxe': checked out 
'de4565cbe76ea9f7913a01f331be3ee901bb6e17'
Cloning into 'roms/openbios'...
Submodule path 'roms/openbios': checked out 
'441a84d3a642a10b948369c63f32367e8ff6395b'
Cloning into 'roms/openhackware'...
Submodule path 'roms/openhackware': checked out 
'c559da7c8eec5e45ef1f67978827af6f0b9546f5'
Cloning into 'roms/qemu-palcode'...
Submodule path 'roms/qemu-palcode': checked out 
'51c237d7e20d05100eacadee2f61abc17e6bc097'
Cloning into 'roms/seabios'...
Submodule path 'roms/seabios': checked out 
'a698c8995ffb2838296ec284fe3c4ad33dfca307'
Cloning into 'roms/seabios-hppa'...
Submodule path 'roms/seabios-hppa': checked out 
'1ef99a01572c2581c30e16e6fe69e9ea2ef92ce0'
Cloning into 'roms/sgabios'...
Submodule path 'roms/sgabios': checked out 
'cbaee52287e5f32373181cff50a00b6c4ac9015a'
Cloning into 'roms/skiboot'...
Submodule path 'roms/skiboot': checked out 
'e0ee24c27a172bcf482f6f2bc905e6211c134bcc'
Cloning into 'roms/u-boot'...
Submodule path 'roms/u-boot': checked out 
'd85ca029f257b53a96da6c2fb421e78a003a9943'
Cloning into 'roms/u-boot-sam460ex'...
Submodule path 'roms/u-boot-sam460ex': checked out 
'60b3916f33e617a815973c5a6df77055b2e3a588'
Cloning into 'tests/fp/berkeley-softfloat-3'...
Submodule path 'tests/fp/berkeley-softfloat-3': checked out 
'b64af41c3276f97f0e181920400ee056b9c88037'
Cloning into 'tests/fp/berkeley-testfloat-3'...
Submodule path 'tests/fp/berkeley-testfloat-3': checked out 
'5a59dcec19327396a011a17fd924aed4fec416b3'
Cloning into 'ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
Switched to a new branch 'test'
8d76c56 ui/cocoa: Perform UI operations only on the main thread
3aee068 ui/cocoa: Subclass NSApplication so we can 

[Qemu-devel] [PULL 12/15] tests/tcg: target/mips: Add wrappers for MSA interleave instructions

[Aleksandar Markovic]

From: Aleksandar Markovic 

Add wrappers for MSA interleave instructions.

Reviewed-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
---
 tests/tcg/mips/include/wrappers_msa.h | 39 +++
 1 file changed, 39 insertions(+)

diff --git a/tests/tcg/mips/include/wrappers_msa.h 
b/tests/tcg/mips/include/wrappers_msa.h
index 8f8d00b..3017ed5 100644
--- a/tests/tcg/mips/include/wrappers_msa.h
+++ b/tests/tcg/mips/include/wrappers_msa.h
@@ -54,4 +54,43 @@ DO_MSA__WD__WS(PCNT_W, pcnt.w)
 DO_MSA__WD__WS(PCNT_D, pcnt.d)
 
 
+#define DO_MSA__WD__WS_WT(suffix, mnemonic)\
+static inline void do_msa_##suffix(void *input1, void *input2, \
+   void *output)   \
+{  \
+   __asm__ volatile (  \
+  "move $t0, %0\n\t"   \
+  "ld.d $w11, 0($t0)\n\t"  \
+  "move $t0, %1\n\t"   \
+  "ld.d $w12, 0($t0)\n\t"  \
+  #mnemonic " $w10, $w11, $w12\n\t"\
+  "move $t0, %2\n\t"   \
+  "st.d $w10, 0($t0)\n\t"  \
+  :\
+  : "r" (input1), "r" (input2), "r" (output)   \
+  : "t0", "memory" \
+   );  \
+}
+
+DO_MSA__WD__WS_WT(ILVEV_B, ilvev.b)
+DO_MSA__WD__WS_WT(ILVEV_H, ilvev.h)
+DO_MSA__WD__WS_WT(ILVEV_W, ilvev.w)
+DO_MSA__WD__WS_WT(ILVEV_D, ilvev.d)
+
+DO_MSA__WD__WS_WT(ILVOD_B, ilvod.b)
+DO_MSA__WD__WS_WT(ILVOD_H, ilvod.h)
+DO_MSA__WD__WS_WT(ILVOD_W, ilvod.w)
+DO_MSA__WD__WS_WT(ILVOD_D, ilvod.d)
+
+DO_MSA__WD__WS_WT(ILVL_B, ilvl.b)
+DO_MSA__WD__WS_WT(ILVL_H, ilvl.h)
+DO_MSA__WD__WS_WT(ILVL_W, ilvl.w)
+DO_MSA__WD__WS_WT(ILVL_D, ilvl.d)
+
+DO_MSA__WD__WS_WT(ILVR_B, ilvr.b)
+DO_MSA__WD__WS_WT(ILVR_H, ilvr.h)
+DO_MSA__WD__WS_WT(ILVR_W, ilvr.w)
+DO_MSA__WD__WS_WT(ILVR_D, ilvr.d)
+
+
 #endif
-- 
2.7.4

[Qemu-devel] [PATCH 2/9] vhost-net-user: add stubs for when no virtio-net device is present

[Paolo Bonzini]

hw/net/vhost_net.c needs functions that are declared in net/vhost-user.c: the
vhost-user code is always compiled into QEMU, only the constructor
net_init_vhost_user is unreachable.  Also, net/vhost-user.c needs functions
declared in hw/virtio/vhost-stub.c even if no virtio device exists.

Break this dependency.  First, add a minimal version of net/vhost-user.c,
with no functionality and no dependency on vhost code.  Second, #ifdef out
the calls back to net/vhost-user.c from hw/net/vhost_net.c.

While at it, this patch fixes the CONFIG_VHOST_NET_USE*D* typo.

Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <1543851204-41186-3-git-send-email-pbonz...@redhat.com>
Reviewed-by: Thomas Huth 
Signed-off-by: Paolo Bonzini 
---
 configure |  2 +-
 hw/net/vhost_net.c|  4 
 net/Makefile.objs |  4 +++-
 net/net.c |  2 +-
 net/vhost-user-stub.c | 23 +++
 5 files changed, 32 insertions(+), 3 deletions(-)
 create mode 100644 net/vhost-user-stub.c

diff --git a/configure b/configure
index fbd0825..7ac76ec 100755
--- a/configure
+++ b/configure
@@ -6579,7 +6579,7 @@ if test "$vhost_scsi" = "yes" ; then
   echo "CONFIG_VHOST_SCSI=y" >> $config_host_mak
 fi
 if test "$vhost_net" = "yes" && test "$vhost_user" = "yes"; then
-  echo "CONFIG_VHOST_NET_USED=y" >> $config_host_mak
+  echo "CONFIG_VHOST_NET_USER=y" >> $config_host_mak
 fi
 if test "$vhost_crypto" = "yes" ; then
   echo "CONFIG_VHOST_CRYPTO=y" >> $config_host_mak
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index b901306..2a300ee 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -193,6 +193,7 @@ struct vhost_net *vhost_net_init(VhostNetOptions *options)
 }
 
 /* Set sane init value. Override when guest acks. */
+#ifdef CONFIG_VHOST_NET_USER
 if (net->nc->info->type == NET_CLIENT_DRIVER_VHOST_USER) {
 features = vhost_user_get_acked_features(net->nc);
 if (~net->dev.features & features) {
@@ -202,6 +203,7 @@ struct vhost_net *vhost_net_init(VhostNetOptions *options)
 goto fail;
 }
 }
+#endif
 
 vhost_net_ack_features(net, features);
 
@@ -413,10 +415,12 @@ VHostNetState *get_vhost_net(NetClientState *nc)
 case NET_CLIENT_DRIVER_TAP:
 vhost_net = tap_get_vhost_net(nc);
 break;
+#ifdef CONFIG_VHOST_NET_USER
 case NET_CLIENT_DRIVER_VHOST_USER:
 vhost_net = vhost_user_get_vhost_net(nc);
 assert(vhost_net);
 break;
+#endif
 default:
 break;
 }
diff --git a/net/Makefile.objs b/net/Makefile.objs
index b2bf88a..df2b409 100644
--- a/net/Makefile.objs
+++ b/net/Makefile.objs
@@ -3,7 +3,9 @@ common-obj-y += socket.o
 common-obj-y += dump.o
 common-obj-y += eth.o
 common-obj-$(CONFIG_L2TPV3) += l2tpv3.o
-common-obj-$(CONFIG_POSIX) += vhost-user.o
+common-obj-$(call land,$(CONFIG_VIRTIO_NET),$(CONFIG_VHOST_NET_USER)) += 
vhost-user.o
+common-obj-$(call land,$(call 
lnot,$(CONFIG_VIRTIO_NET)),$(CONFIG_VHOST_NET_USER)) += vhost-user-stub.o
+common-obj-$(CONFIG_ALL) += vhost-user-stub.o
 common-obj-$(CONFIG_SLIRP) += slirp.o
 common-obj-$(CONFIG_VDE) += vde.o
 common-obj-$(CONFIG_NETMAP) += netmap.o
diff --git a/net/net.c b/net/net.c
index 5dcff7f..f3a3c54 100644
--- a/net/net.c
+++ b/net/net.c
@@ -961,7 +961,7 @@ static int (* const 
net_client_init_fun[NET_CLIENT_DRIVER__MAX])(
 [NET_CLIENT_DRIVER_BRIDGE]= net_init_bridge,
 #endif
 [NET_CLIENT_DRIVER_HUBPORT]   = net_init_hubport,
-#ifdef CONFIG_VHOST_NET_USED
+#ifdef CONFIG_VHOST_NET_USER
 [NET_CLIENT_DRIVER_VHOST_USER] = net_init_vhost_user,
 #endif
 #ifdef CONFIG_L2TPV3
diff --git a/net/vhost-user-stub.c b/net/vhost-user-stub.c
new file mode 100644
index 000..52ab4e1
--- /dev/null
+++ b/net/vhost-user-stub.c
@@ -0,0 +1,23 @@
+/*
+ * vhost-user-stub.c
+ *
+ * Copyright (c) 2018 Red Hat, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "clients.h"
+#include "net/vhost_net.h"
+#include "net/vhost-user.h"
+#include "qemu/error-report.h"
+#include "qapi/error.h"
+
+int net_init_vhost_user(const Netdev *netdev, const char *name,
+NetClientState *peer, Error **errp)
+{
+error_setg(errp, "vhost-user requires frontend driver virtio-net-*");
+return -1;
+}
-- 
1.8.3.1

[Qemu-devel] [PULL 14/15] tests/tcg: target/mips: Add wrappers for MSA logic instructions

[Aleksandar Markovic]

From: Aleksandar Markovic 

Add wrappers for MSA logic instructions.

Reviewed-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
---
 tests/tcg/mips/include/wrappers_msa.h | 5 +
 1 file changed, 5 insertions(+)

diff --git a/tests/tcg/mips/include/wrappers_msa.h 
b/tests/tcg/mips/include/wrappers_msa.h
index 3017ed5..7a77fb9 100644
--- a/tests/tcg/mips/include/wrappers_msa.h
+++ b/tests/tcg/mips/include/wrappers_msa.h
@@ -92,5 +92,10 @@ DO_MSA__WD__WS_WT(ILVR_H, ilvr.h)
 DO_MSA__WD__WS_WT(ILVR_W, ilvr.w)
 DO_MSA__WD__WS_WT(ILVR_D, ilvr.d)
 
+DO_MSA__WD__WS_WT(AND_V, and.v)
+DO_MSA__WD__WS_WT(NOR_V, nor.v)
+DO_MSA__WD__WS_WT(OR_V, or.v)
+DO_MSA__WD__WS_WT(XOR_V, xor.v)
+
 
 #endif
-- 
2.7.4

[Qemu-devel] [PATCH 5/9] vhost-net: compile it on all targets that have virtio-net.

[Paolo Bonzini]

This shows a preexisting bug: if a KVM target did not have virtio-net enabled,
it would fail with undefined symbols when vhost was enabled.  This must now
be fixed, lest targets that have no virtio-net fail to compile.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Paolo Bonzini 
Reviewed-by: Thomas Huth 
Message-Id: <1543851204-41186-5-git-send-email-pbonz...@redhat.com>
---
 configure   | 11 ---
 hw/net/Makefile.objs|  4 ++--
 hw/net/vhost_net.c  |  4 +---
 include/exec/poison.h   |  1 -
 tests/Makefile.include  |  5 +
 tests/vhost-user-test.c | 16 +++-
 6 files changed, 19 insertions(+), 22 deletions(-)

diff --git a/configure b/configure
index 7ac76ec..4553c17 100755
--- a/configure
+++ b/configure
@@ -6578,7 +6578,10 @@ fi
 if test "$vhost_scsi" = "yes" ; then
   echo "CONFIG_VHOST_SCSI=y" >> $config_host_mak
 fi
-if test "$vhost_net" = "yes" && test "$vhost_user" = "yes"; then
+if test "$vhost_net" = "yes" ; then
+  echo "CONFIG_VHOST_NET=y" >> $config_host_mak
+fi
+if test "$vhost_net_user" = "yes" ; then
   echo "CONFIG_VHOST_NET_USER=y" >> $config_host_mak
 fi
 if test "$vhost_crypto" = "yes" ; then
@@ -7354,12 +7357,6 @@ if supported_xen_target $target; then
 fi
 if supported_kvm_target $target; then
 echo "CONFIG_KVM=y" >> $config_target_mak
-if test "$vhost_net" = "yes" ; then
-echo "CONFIG_VHOST_NET=y" >> $config_target_mak
-if test "$vhost_user" = "yes" ; then
-echo "CONFIG_VHOST_USER_NET_TEST_$target_name=y" >> 
$config_host_mak
-fi
-fi
 fi
 if supported_hax_target $target; then
 echo "CONFIG_HAX=y" >> $config_target_mak
diff --git a/hw/net/Makefile.objs b/hw/net/Makefile.objs
index acfaea5..ea63715 100644
--- a/hw/net/Makefile.objs
+++ b/hw/net/Makefile.objs
@@ -37,8 +37,8 @@ obj-$(CONFIG_PSERIES) += spapr_llan.o
 obj-$(CONFIG_XILINX_ETHLITE) += xilinx_ethlite.o
 
 obj-$(CONFIG_VIRTIO_NET) += virtio-net.o
-obj-$(CONFIG_VHOST_NET) += vhost_net.o
-common-obj-$(call lnot,$(CONFIG_VHOST_NET)) += vhost_net-stub.o
+common-obj-$(call land,$(CONFIG_VIRTIO_NET),$(CONFIG_VHOST_NET)) += vhost_net.o
+common-obj-$(call lnot,$(call land,$(CONFIG_VIRTIO_NET),$(CONFIG_VHOST_NET))) 
+= vhost_net-stub.o
 common-obj-$(CONFIG_ALL) += vhost_net-stub.o
 
 obj-$(CONFIG_ETSEC) += fsl_etsec/etsec.o fsl_etsec/registers.o \
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index ae3ca23..be3cc88 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -25,8 +25,6 @@
 
 
 #include 
-#include 
-#include 
 #include 
 #include 
 
@@ -134,7 +132,7 @@ static int vhost_net_get_fd(NetClientState *backend)
 return tap_get_fd(backend);
 default:
 fprintf(stderr, "vhost-net requires tap backend\n");
-return -EBADFD;
+return -ENOSYS;
 }
 }
 
diff --git a/include/exec/poison.h b/include/exec/poison.h
index ecdc83c..1a7a57b 100644
--- a/include/exec/poison.h
+++ b/include/exec/poison.h
@@ -86,7 +86,6 @@
 #pragma GCC poison CONFIG_XTENSA_DIS
 
 #pragma GCC poison CONFIG_LINUX_USER
-#pragma GCC poison CONFIG_VHOST_NET
 #pragma GCC poison CONFIG_KVM
 #pragma GCC poison CONFIG_SOFTMMU
 
diff --git a/tests/Makefile.include b/tests/Makefile.include
index b39e989..048cf56 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -209,10 +209,7 @@ check-qtest-i386-$(CONFIG_USB_XHCI_NEC) += 
tests/usb-hcd-xhci-test$(EXESUF)
 check-qtest-i386-y += tests/cpu-plug-test$(EXESUF)
 check-qtest-i386-y += tests/q35-test$(EXESUF)
 check-qtest-i386-y += tests/vmgenid-test$(EXESUF)
-check-qtest-i386-$(CONFIG_VHOST_USER_NET_TEST_i386) += 
tests/vhost-user-test$(EXESUF)
-ifeq ($(CONFIG_VHOST_USER_NET_TEST_i386),)
-check-qtest-x86_64-$(CONFIG_VHOST_USER_NET_TEST_x86_64) += 
tests/vhost-user-test$(EXESUF)
-endif
+check-qtest-i386-$(CONFIG_VHOST_NET_USER) += tests/vhost-user-test$(EXESUF)
 check-qtest-i386-$(CONFIG_TPM_CRB) += tests/tpm-crb-swtpm-test$(EXESUF)
 check-qtest-i386-$(CONFIG_TPM_CRB) += tests/tpm-crb-test$(EXESUF)
 check-qtest-i386-$(CONFIG_TPM_TIS) += tests/tpm-tis-swtpm-test$(EXESUF)
diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
index d961bd0..cdbdf3d 100644
--- a/tests/vhost-user-test.c
+++ b/tests/vhost-user-test.c
@@ -27,10 +27,13 @@
 #include "libqos/malloc-pc.h"
 #include "hw/virtio/virtio-net.h"
 
-#include 
-#include 
-#include 
+#include "standard-headers/linux/vhost_types.h"
+#include "standard-headers/linux/virtio_ids.h"
+#include "standard-headers/linux/virtio_net.h"
+
+#ifdef CONFIG_LINUX
 #include 
+#endif
 
 
 #define QEMU_CMD_MEM" -m %d -object memory-backend-file,id=mem,size=%dM," \
@@ -459,6 +462,7 @@ static void chr_read(void *opaque, const uint8_t *buf, int 
size)
 g_mutex_unlock(>data_mutex);
 }
 
+#ifdef CONFIG_LINUX
 static const char *init_hugepagefs(const char *path)
 {
 struct statfs fs;
@@ -485,6 +489,7 @@ static const char *init_hugepagefs(const char *path)
 
 return path;
 }
+#endif
 
 static TestServer *test_server_new(const 

[Qemu-devel] [PULL 00/15] MIPS queue for February 14th, 2019

[Aleksandar Markovic]

From: Aleksandar Markovic 

The following changes since commit 7e407466b1efbd65225cc72fe09c0c5ec79df75b:

  Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into 
staging (2019-02-14 15:22:29 +)

are available in the git repository at:

  https://github.com/AMarkovic/qemu tags/mips-queue-feb-14-2019

for you to fetch changes up to ba632924450faf6741d299f8feed8150a0c6f884:

  tests/tcg: target/mips: Add tests for MSA logic instructions (2019-02-14 
17:47:37 +0100)


MIPS queue for February 14th, 2019

  - MTTCG support for MIPS
  - The first part of MSA ASE tests

There are several checkpatch warnings that should be all ignored.



Aleksandar Markovic (11):
  hw/mips_int: hold BQL for all interrupt requests
  target/mips: introduce MTTCG-enabled builds
  tests/tcg: target/mips: Remove an unnecessary file
  tests/tcg: target/mips: Add a header with test inputs
  tests/tcg: target/mips: Add a header with test utilities
  tests/tcg: target/mips: Add wrappers for MSA bit counting instructions
  tests/tcg: target/mips: Add tests for MSA bit counting instructions
  tests/tcg: target/mips: Add wrappers for MSA interleave instructions
  tests/tcg: target/mips: Add tests for MSA interleave instructions
  tests/tcg: target/mips: Add wrappers for MSA logic instructions
  tests/tcg: target/mips: Add tests for MSA logic instructions

Goran Ferenc (1):
  target/mips: hold BQL in mips_vpe_wake()

Leon Alrae (2):
  target/mips: compare virtual addresses in LL/SC sequence
  target/mips: reimplement SC instruction emulation and use cmpxchg

Miodrag Dinic (1):
  hw/mips_cpc: kick a VP when putting it into Run statewq

 configure  |   3 +
 hw/mips/mips_int.c |  12 ++
 hw/misc/mips_cpc.c |  17 ++-
 linux-user/mips/cpu_loop.c |  73 --
 target/mips/cpu.h  |   9 +-
 target/mips/helper.c   |   6 +-
 target/mips/helper.h   |   2 -
 target/mips/machine.c  |   7 +-
 target/mips/op_helper.c|  76 +++---
 target/mips/translate.c| 127 ++---
 tests/tcg/mips/include/test_inputs.h   | 122 
 tests/tcg/mips/include/test_utils.h|  78 +++
 tests/tcg/mips/include/wrappers_msa.h  | 101 ++
 tests/tcg/mips/mips64-dspr2/.directory |   2 -
 .../user/ase/msa/bit-counting/test_msa_nloc_b.c| 144 +++
 .../user/ase/msa/bit-counting/test_msa_nloc_d.c| 144 +++
 .../user/ase/msa/bit-counting/test_msa_nloc_h.c| 144 +++
 .../user/ase/msa/bit-counting/test_msa_nloc_w.c| 144 +++
 .../user/ase/msa/bit-counting/test_msa_nlzc_b.c| 144 +++
 .../user/ase/msa/bit-counting/test_msa_nlzc_d.c| 144 +++
 .../user/ase/msa/bit-counting/test_msa_nlzc_h.c| 144 +++
 .../user/ase/msa/bit-counting/test_msa_nlzc_w.c| 144 +++
 .../user/ase/msa/bit-counting/test_msa_pcnt_b.c| 144 +++
 .../user/ase/msa/bit-counting/test_msa_pcnt_d.c| 144 +++
 .../user/ase/msa/bit-counting/test_msa_pcnt_h.c| 144 +++
 .../user/ase/msa/bit-counting/test_msa_pcnt_w.c| 144 +++
 .../user/ase/msa/interleave/test_msa_ilvev_b.c | 153 +
 .../user/ase/msa/interleave/test_msa_ilvev_d.c | 153 +
 .../user/ase/msa/interleave/test_msa_ilvev_h.c | 153 +
 .../user/ase/msa/interleave/test_msa_ilvev_w.c | 153 +
 .../mips/user/ase/msa/interleave/test_msa_ilvl_b.c | 153 +
 .../mips/user/ase/msa/interleave/test_msa_ilvl_d.c | 153 +
 .../mips/user/ase/msa/interleave/test_msa_ilvl_h.c | 153 +
 .../mips/user/ase/msa/interleave/test_msa_ilvl_w.c | 153 +
 .../user/ase/msa/interleave/test_msa_ilvod_b.c | 153 +
 .../user/ase/msa/interleave/test_msa_ilvod_d.c | 153 +
 .../user/ase/msa/interleave/test_msa_ilvod_h.c | 153 +
 .../user/ase/msa/interleave/test_msa_ilvod_w.c | 153 +
 .../mips/user/ase/msa/interleave/test_msa_ilvr_b.c | 153 +
 .../mips/user/ase/msa/interleave/test_msa_ilvr_d.c | 153 +
 .../mips/user/ase/msa/interleave/test_msa_ilvr_h.c | 153 +
 .../mips/user/ase/msa/interleave/test_msa_ilvr_w.c | 153 +
 tests/tcg/mips/user/ase/msa/logic/test_msa_and_v.c | 153 +
 

[Qemu-devel] [PULL 10/15] tests/tcg: target/mips: Add wrappers for MSA bit counting instructions

[Aleksandar Markovic]

From: Aleksandar Markovic 

Add a header that contains wrappers around MSA instructions assembler
invocations. For now, only bit counting instructions (NLOC, NLZC, and
PCNT; each in four data format flavors) are supported.

Reviewed-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
---
 tests/tcg/mips/include/wrappers_msa.h | 57 +++
 1 file changed, 57 insertions(+)
 create mode 100644 tests/tcg/mips/include/wrappers_msa.h

diff --git a/tests/tcg/mips/include/wrappers_msa.h 
b/tests/tcg/mips/include/wrappers_msa.h
new file mode 100644
index 000..8f8d00b
--- /dev/null
+++ b/tests/tcg/mips/include/wrappers_msa.h
@@ -0,0 +1,57 @@
+/*
+ *  Header file for wrappers around MSA instructions assembler invocations
+ *
+ *  Copyright (C) 2018  Wave Computing, Inc.
+ *  Copyright (C) 2018  Aleksandar Markovic 
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see .
+ *
+ */
+
+#ifndef WRAPPERS_MSA_H
+#define WRAPPERS_MSA_H
+
+
+#define DO_MSA__WD__WS(suffix, mnemonic)   \
+static inline void do_msa_##suffix(void *input, void *output)  \
+{  \
+   __asm__ volatile (  \
+  "move $t0, %0\n\t"   \
+  "ld.d $w11, 0($t0)\n\t"  \
+  #mnemonic " $w10, $w11\n\t"  \
+  "move $t0, %1\n\t"   \
+  "st.d $w10, 0($t0)\n\t"  \
+  :\
+  : "r" (input), "r" (output)  \
+  : "t0", "memory" \
+   );  \
+}
+
+DO_MSA__WD__WS(NLOC_B, nloc.b)
+DO_MSA__WD__WS(NLOC_H, nloc.h)
+DO_MSA__WD__WS(NLOC_W, nloc.w)
+DO_MSA__WD__WS(NLOC_D, nloc.d)
+
+DO_MSA__WD__WS(NLZC_B, nlzc.b)
+DO_MSA__WD__WS(NLZC_H, nlzc.h)
+DO_MSA__WD__WS(NLZC_W, nlzc.w)
+DO_MSA__WD__WS(NLZC_D, nlzc.d)
+
+DO_MSA__WD__WS(PCNT_B, pcnt.b)
+DO_MSA__WD__WS(PCNT_H, pcnt.h)
+DO_MSA__WD__WS(PCNT_W, pcnt.w)
+DO_MSA__WD__WS(PCNT_D, pcnt.d)
+
+
+#endif
-- 
2.7.4

[Qemu-devel] [PULL 08/15] tests/tcg: target/mips: Add a header with test inputs

[Aleksandar Markovic]

From: Aleksandar Markovic 

The file tests/tcg/mips/include/test_inputs.h is planned to
contain various test inputs. For now, it contains 64 128-bit
pattern inputs (alternating groups od ones and zeroes) and
16 128-bit random inputs.

Reviewed-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
---
 tests/tcg/mips/include/test_inputs.h | 122 +++
 1 file changed, 122 insertions(+)
 create mode 100644 tests/tcg/mips/include/test_inputs.h

diff --git a/tests/tcg/mips/include/test_inputs.h 
b/tests/tcg/mips/include/test_inputs.h
new file mode 100644
index 000..c173d58
--- /dev/null
+++ b/tests/tcg/mips/include/test_inputs.h
@@ -0,0 +1,122 @@
+/*
+ *  Header file for pattern and random test inputs
+ *
+ *  Copyright (C) 2018  Wave Computing, Inc.
+ *  Copyright (C) 2018  Aleksandar Markovic 
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see .
+ *
+ */
+
+#ifndef TEST_INPUTS_H
+#define TEST_INPUTS_H
+
+#include 
+
+
+#define PATTERN_INPUTS_COUNT  64
+#define PATTERN_INPUTS_SHORT_COUNT 8
+
+uint64_t b128_pattern[PATTERN_INPUTS_COUNT][2] = {
+{ 0xULL, 0xULL, },   /*   0 */
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xE38E38E38E38E38EULL, 0x38E38E38E38E38E3ULL, },
+{ 0x1C71C71C71C71C71ULL, 0xC71C71C71C71C71CULL, },
+{ 0xF0F0F0F0F0F0F0F0ULL, 0xF0F0F0F0F0F0F0F0ULL, },   /*   8 */
+{ 0x0F0F0F0F0F0F0F0FULL, 0x0F0F0F0F0F0F0F0FULL, },
+{ 0xF83E0F83E0F83E0FULL, 0x83E0F83E0F83E0F8ULL, },
+{ 0x07C1F07C1F07C1F0ULL, 0x7C1F07C1F07C1F07ULL, },
+{ 0xFC0FC0FC0FC0FC0FULL, 0xC0FC0FC0FC0FC0FCULL, },
+{ 0x03F03F03F03F03F0ULL, 0x3F03F03F03F03F03ULL, },
+{ 0xFE03F80FE03F80FEULL, 0x03F80FE03F80FE03ULL, },
+{ 0x01FC07F01FC07F01ULL, 0xFC07F01FC07F01FCULL, },
+{ 0xFF00FF00FF00FF00ULL, 0xFF00FF00FF00FF00ULL, },   /*  16 */
+{ 0x00FF00FF00FF00FFULL, 0x00FF00FF00FF00FFULL, },
+{ 0xFF803FE00FF803FEULL, 0x00FF803FE00FF803ULL, },
+{ 0x007FC01FF007FC01ULL, 0xFF007FC01FF007FCULL, },
+{ 0xFFC00FFC00FFC00FULL, 0xFC00FFC00FFC00FFULL, },
+{ 0x003FF003FF003FF0ULL, 0x03FF003FF003FF00ULL, },
+{ 0xFFE003FF800FFE00ULL, 0x3FF800FFE003FF80ULL, },
+{ 0x001FFC007FF001FFULL, 0xC007FF001FFC007FULL, },
+{ 0xFFF000FFF000FFF0ULL, 0x00FFF000FFF000FFULL, },   /*  24 */
+{ 0x000FFF000FFF000FULL, 0xFF000FFF000FFF00ULL, },
+{ 0xFFF8003FFE000FFFULL, 0x8003FFE000FFF800ULL, },
+{ 0x0007FFC001FFF000ULL, 0x7FFC001FFF0007FFULL, },
+{ 0xFFFC000FFFC000FFULL, 0xFC000FFFC000FFFCULL, },
+{ 0x0003FFF0003FFF00ULL, 0x03FFF0003FFF0003ULL, },
+{ 0xFFFE0003FFF8000FULL, 0xFFE0003FFF8000FFULL, },
+{ 0x0001FFFC0007FFF0ULL, 0x001FFFC0007FFF00ULL, },
+{ 0xULL, 0xULL, },   /*  32 */
+{ 0xULL, 0xULL, },
+{ 0x80003FFFE000ULL, 0x080003FFFE00ULL, },
+{ 0x7FFFC0001FFFULL, 0xF7FFFC0001FFULL, },
+{ 0xCC00ULL, 0x00CCULL, },
+{ 0x33FFULL, 0xFF33ULL, },
+{ 0xE380ULL, 0x000E3FFFULL, },
+{ 0x1C7FULL, 0xFFF1C000ULL, },
+{ 0xF0F0ULL, 0xF0FFULL, },   /*  40 */
+{ 0x0F0FULL, 0x0F00ULL, },
+{ 0xF83EULL, 0x0F83ULL, },
+{ 0x07C1ULL, 0xF07CULL, },
+{ 0xFC0FULL, 0xC0FCULL, },
+{ 0x03F0ULL, 0x3F03ULL, },
+{ 0xFE03ULL, 0xF80FE000ULL, },
+{ 0x01FCULL, 0x07F01FFFULL, },
+{ 0xFF00ULL, 0xFF00FF00ULL, },   /*  48 */
+{ 0x00FFULL, 0x00FF00FFULL, },
+{ 0xFF803FFFULL, 0xFFE00FF8ULL, },
+{ 0x007FC000ULL, 0x001FF007ULL, },
+{ 0xFFC00FFFULL, 0xFFFC00FFULL, },
+{ 0x003FF000ULL, 0x0003FF00ULL, },
+{ 0xFFE003FFULL, 0x800FULL, },
+{ 0x001FFC00ULL, 0x7FF0ULL, },
+{ 0xFFF000FFULL, 0xF000ULL, 

[Qemu-devel] [PATCH 6/9] vhost-net: revamp configure logic

[Paolo Bonzini]

Detect all invalid configurations (e.g. mingw32 with vhost-user,
non-Linux with vhost-kernel).  As a collateral benefit, all vhost-kernel
backends can be now disabled if one wants to reduce the attack surface.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Paolo Bonzini 
Reviewed-by: Thomas Huth 
Message-Id: <1543851204-41186-6-git-send-email-pbonz...@redhat.com>
---
 configure | 89 +++
 hw/virtio/Makefile.objs   |  4 +--
 hw/virtio/vhost-backend.c |  4 +--
 3 files changed, 63 insertions(+), 34 deletions(-)

diff --git a/configure b/configure
index 4553c17..6d58718 100755
--- a/configure
+++ b/configure
@@ -368,10 +368,10 @@ libattr=""
 xfs=""
 tcg="yes"
 membarrier=""
-vhost_net="no"
-vhost_crypto="no"
-vhost_scsi="no"
-vhost_vsock="no"
+vhost_net=""
+vhost_crypto=""
+vhost_scsi=""
+vhost_vsock=""
 vhost_user=""
 kvm="no"
 hax="no"
@@ -782,6 +782,7 @@ case $targetos in
 MINGW32*)
   mingw32="yes"
   hax="yes"
+  vhost_user="no"
   audio_possible_drivers="dsound sdl"
   if check_include dsound.h; then
 audio_drv_list="dsound"
@@ -882,10 +883,6 @@ Linux)
   linux="yes"
   linux_user="yes"
   kvm="yes"
-  vhost_net="yes"
-  vhost_crypto="yes"
-  vhost_scsi="yes"
-  vhost_vsock="yes"
   QEMU_INCLUDES="-I\$(SRC_PATH)/linux-headers -I$PWD/linux-headers 
$QEMU_INCLUDES"
   supported_os="yes"
   libudev="yes"
@@ -1261,11 +1258,7 @@ for opt do
   ;;
   --disable-vhost-crypto) vhost_crypto="no"
   ;;
-  --enable-vhost-crypto)
-  vhost_crypto="yes"
-  if test "$mingw32" = "yes"; then
-  error_exit "vhost-crypto isn't available on win32"
-  fi
+  --enable-vhost-crypto) vhost_crypto="yes"
   ;;
   --disable-vhost-scsi) vhost_scsi="no"
   ;;
@@ -1470,11 +1463,11 @@ for opt do
   ;;
   --disable-vhost-user) vhost_user="no"
   ;;
-  --enable-vhost-user)
-  vhost_user="yes"
-  if test "$mingw32" = "yes"; then
-  error_exit "vhost-user isn't available on win32"
-  fi
+  --enable-vhost-user) vhost_user="yes"
+  ;;
+  --disable-vhost-kernel) vhost_kernel="no"
+  ;;
+  --enable-vhost-kernel) vhost_kernel="yes"
   ;;
   --disable-capstone) capstone="no"
   ;;
@@ -1506,14 +1499,6 @@ for opt do
   esac
 done
 
-if test "$vhost_user" = ""; then
-if test "$mingw32" = "yes"; then
-vhost_user="no"
-else
-vhost_user="yes"
-fi
-fi
-
 case "$cpu" in
 ppc)
CPU_CFLAGS="-m32"
@@ -1736,8 +1721,12 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   linux-aio   Linux AIO support
   cap-ng  libcap-ng support
   attrattr and xattr support
-  vhost-net   vhost-net acceleration support
-  vhost-cryptovhost-crypto acceleration support
+  vhost-net   vhost-net kernel acceleration support
+  vhost-vsock virtio sockets device support
+  vhost-scsi  vhost-scsi kernel target support
+  vhost-cryptovhost-user-crypto backend support
+  vhost-kernelvhost kernel backend support
+  vhost-user  vhost-user backend support
   spice   spice
   rbd rados block device (rbd)
   libiscsiiscsi support
@@ -1763,7 +1752,6 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   jemallocjemalloc support
   avx2AVX2 optimization support
   replication replication support
-  vhost-vsock virtio sockets device support
   opengl  opengl support
   virglrenderer   virgl rendering support
   xfsctl  xfsctl support
@@ -1780,7 +1768,6 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   parallels   parallels image format support
   sheepdogsheepdog block driver support
   crypto-afalgLinux AF_ALG crypto backend driver
-  vhost-user  vhost-user support
   capstonecapstone disassembler support
   debug-mutex mutex debugging support
   libpmem libpmem support
@@ -2171,6 +2158,45 @@ else
   l2tpv3=no
 fi
 
+#
+# vhost interdependencies and host support
+
+# vhost backends
+test "$vhost_user" = "" && vhost_user=yes
+if test "$vhost_user" = "yes" && test "$mingw32" = "yes"; then
+  error_exit "vhost-user isn't available on win32"
+fi
+test "$vhost_kernel" = "" && vhost_kernel=$linux
+if test "$vhost_kernel" = "yes" && test "$linux" != "yes"; then
+  error_exit "vhost-kernel is only available on Linux"
+fi
+
+# vhost-kernel devices
+test "$vhost_scsi" = "" && vhost_scsi=$vhost_kernel
+if test "$vhost_scsi" = "yes" && test "$vhost_kernel" != "yes"; then
+  error_exit "--enable-vhost-scsi requires --enable-vhost-kernel"
+fi
+test "$vhost_vsock" = "" && vhost_vsock=$vhost_kernel
+if test "$vhost_vsock" = "yes" && test "$vhost_kernel" != "yes"; then
+  error_exit "--enable-vhost-vsock requires --enable-vhost-kernel"
+fi
+
+# vhost-user backends
+test "$vhost_net_user" = "" && vhost_net_user=$vhost_user
+if test "$vhost_net_user" = "yes" && test "$vhost_user" = "no"; then
+  

[Qemu-devel] [PULL 07/15] tests/tcg: target/mips: Remove an unnecessary file

[Aleksandar Markovic]

From: Aleksandar Markovic 

Remove a file that was added long time ago by mistake. The commit
that introduced this file was commit d70080c4 (from 2012).

Reviewed-by: Aleksandar Rikalo 
Acked-by: Alex Bennée 
Reviewed-by: Eric Blake 
Signed-off-by: Aleksandar Markovic 
---
 tests/tcg/mips/mips64-dspr2/.directory | 2 --
 1 file changed, 2 deletions(-)
 delete mode 100644 tests/tcg/mips/mips64-dspr2/.directory

diff --git a/tests/tcg/mips/mips64-dspr2/.directory 
b/tests/tcg/mips/mips64-dspr2/.directory
deleted file mode 100644
index c75a914..000
--- a/tests/tcg/mips/mips64-dspr2/.directory
+++ /dev/null
@@ -1,2 +0,0 @@
-[Dolphin]
-Timestamp=2012,8,3,16,41,52
-- 
2.7.4

[Qemu-devel] [PULL 06/15] target/mips: introduce MTTCG-enabled builds

[Aleksandar Markovic]

From: Aleksandar Markovic 

Introduce MTTCG-enabled QEMU builds for mips32, mipsn32, and mips64.

Signed-off-by: Miodrag Dinic 
Signed-off-by: Aleksandar Markovic 
Acked-by: Alex Bennée 
Reviewed-by: Alex Bennée 
---
 configure | 3 +++
 target/mips/cpu.h | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/configure b/configure
index fbd0825..f0f7518 100755
--- a/configure
+++ b/configure
@@ -7192,11 +7192,13 @@ case "$target_name" in
 target_compiler=$cross_cc_microblaze
   ;;
   mips|mipsel)
+mttcg="yes"
 TARGET_ARCH=mips
 target_compiler=$cross_cc_mips
 echo "TARGET_ABI_MIPSO32=y" >> $config_target_mak
   ;;
   mipsn32|mipsn32el)
+mttcg="yes"
 TARGET_ARCH=mips64
 TARGET_BASE_ARCH=mips
 target_compiler=$cross_cc_mipsn32
@@ -7204,6 +7206,7 @@ case "$target_name" in
 echo "TARGET_ABI32=y" >> $config_target_mak
   ;;
   mips64|mips64el)
+mttcg="yes"
 TARGET_ARCH=mips64
 TARGET_BASE_ARCH=mips
 target_compiler=$cross_cc_mips64
diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index eccee37..a10eeb0 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -11,6 +11,8 @@
 #include "exec/cpu-defs.h"
 #include "fpu/softfloat.h"
 
+#define TCG_GUEST_DEFAULT_MO (0)
+
 struct CPUMIPSState;
 
 typedef struct CPUMIPSTLBContext CPUMIPSTLBContext;
-- 
2.7.4

[Qemu-devel] [PULL 04/15] target/mips: hold BQL in mips_vpe_wake()

[Aleksandar Markovic]

From: Goran Ferenc 

Hold BQL whenever mips_vpe_wake() is invoked.

Without this patch, MIPS MT with MTTCG enabled triggers an abort in
tcg_handle_interrupt() due to an unlocked access to cpu_interrupt().
This patch makes sure that the BQL is held in this case.

Signed-off-by: Goran Ferenc 
Signed-off-by: Miodrag Dinic 
Signed-off-by: Aleksandar Markovic 
Acked-by: Alex Bennée 
Reviewed-by: Alex Bennée 
---
 target/mips/op_helper.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target/mips/op_helper.c b/target/mips/op_helper.c
index 8c53b3b..0f272a5 100644
--- a/target/mips/op_helper.c
+++ b/target/mips/op_helper.c
@@ -17,6 +17,7 @@
  * License along with this library; if not, see .
  */
 #include "qemu/osdep.h"
+#include "qemu/main-loop.h"
 #include "cpu.h"
 #include "internal.h"
 #include "qemu/host-utils.h"
@@ -638,7 +639,9 @@ static inline void mips_vpe_wake(MIPSCPU *c)
 /* Don't set ->halted = 0 directly, let it be done via cpu_has_work
because there might be other conditions that state that c should
be sleeping.  */
+qemu_mutex_lock_iothread();
 cpu_interrupt(CPU(c), CPU_INTERRUPT_WAKE);
+qemu_mutex_unlock_iothread();
 }
 
 static inline void mips_vpe_sleep(MIPSCPU *cpu)
-- 
2.7.4

[Qemu-devel] [PATCH 4/9] vhost-user: support cross-endian vnet headers

[Paolo Bonzini]

vhost-user already has a way to communicate the endianness of the guest
via the vring endianness messages.  The vring endianness always matches
the vnet header endianness so there is no need to do anything else in
the backend.

Reviewed-by: Marc-André Lureau 
Signed-off-by: Paolo Bonzini 
Message-Id: <1543851204-41186-9-git-send-email-pbonz...@redhat.com>
---
 net/vhost-user.c | 13 +
 1 file changed, 13 insertions(+)

diff --git a/net/vhost-user.c b/net/vhost-user.c
index a39f9c9..cd9659d 100644
--- a/net/vhost-user.c
+++ b/net/vhost-user.c
@@ -172,6 +172,17 @@ static void net_vhost_user_cleanup(NetClientState *nc)
 qemu_purge_queued_packets(nc);
 }
 
+static int vhost_user_set_vnet_endianness(NetClientState *nc,
+  bool enable)
+{
+/* Nothing to do.  If the server supports
+ * VHOST_USER_PROTOCOL_F_CROSS_ENDIAN, it will get the
+ * vnet header endianness from there.  If it doesn't, negotiation
+ * fails.
+ */
+return 0;
+}
+
 static bool vhost_user_has_vnet_hdr(NetClientState *nc)
 {
 assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_USER);
@@ -193,6 +204,8 @@ static NetClientInfo net_vhost_user_info = {
 .cleanup = net_vhost_user_cleanup,
 .has_vnet_hdr = vhost_user_has_vnet_hdr,
 .has_ufo = vhost_user_has_ufo,
+.set_vnet_be = vhost_user_set_vnet_endianness,
+.set_vnet_le = vhost_user_set_vnet_endianness,
 };
 
 static gboolean net_vhost_user_watch(GIOChannel *chan, GIOCondition cond,
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH 3/4] mips_fulong2e: Dynamically generate SPD EEPROM data

[BALATON Zoltan]

Hello,

On Thu, 14 Feb 2019, Aleksandar Markovic wrote:

The machine comes with 256M memory module by default but it's
upgradable so it could have different memory size. There was a TODO
comment to replace static SPD EEPROM data with dynamically generated
one to support this. Now that we have a function for that, it's easy
to do. Although this would allow larger RAM sizes, the peculiar memory
map of the machine may need some special handling to map it as low and
high memory. Because I don't know what the correct place would be for
highmem, I've left memory size fixed at 256M for now and TODO is moved
there instead.

Signed-off-by: BALATON Zoltan 
---
 hw/mips/mips_fulong2e.c | 31 +--
 1 file changed, 13 insertions(+), 18 deletions(-)



Hello, Zoltan.

Thank you for your work in this area. I genarally support this series.
(When can we expect v2? I would like to integrate this series before
4.0 soft freeze planned for March 12th.)


I plan to submit v2 definitely before freeze (maybe this week end or next 
week) I was just waiting for review comments and to see what happens to 
the ati-vga patch this depends on.



However, I have just a couple of questions:

1. Is this series dependent on the patches outside of this series?
(meaning, the functionality won't work unless those other patches
are in the tree?)


To quote my original cover letter:

"my recent via-ide changes and the separately submitted
hw/display: Add basic ATI VGA emulation
patch and after this series the pmon_2e.bin firmware from
https://mirrors.cloud.tencent.com/loongson/pmon/
can actually run and appears to work. I could not find an image to
boot so I could not test that further but this appears to be an
improvement that worth submitting now."

Maybe this wasn't clear but only the last patch in this series 
(mips_fulong2e: Add on-board graphics chip) depends on the separate 
ati-vga patch mentioned above, the rest are not dependent on anything 
else. My via changes are already merged through the ide tree so those are 
already in master.



2. Can you spell out the test procedure that you used, after this
series (and possibly other needed patches) is applied?


I've tried:

qemu-system-mips64el -M fulong2e -bios pmon_2e.bin

with the pmon ROM image from the above link. I've also tried booting some 
Linux kernel but I could not find a suitable iso so if anyone is aware of 
a boot CD or image that should work on real hardware I could try that. I 
think Debian 8.11.0 should boot but needs external kernels which I don't 
have. Maybe Philippe can add to this what he tested.



3. What exactly this series fixes, or improves?


The series improves the fulong2e machine model to work with its original 
firmware. Previously it needed some modified firmware which was not 
available so this actually makes this board a bit more useful.




Thanks again!

Aleksandar


diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index 10e6ed585a..eec6fd02c8 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -214,20 +214,6 @@ static void main_cpu_reset(void *opaque)
 }
 }

-static const uint8_t eeprom_spd[0x80] = {
-0x80,0x08,0x07,0x0d,0x09,0x02,0x40,0x00,0x04,0x70,
-0x70,0x00,0x82,0x10,0x00,0x01,0x0e,0x04,0x0c,0x01,
-0x02,0x20,0x80,0x75,0x70,0x00,0x00,0x50,0x3c,0x50,
-0x2d,0x20,0xb0,0xb0,0x50,0x50,0x00,0x00,0x00,0x00,
-0x00,0x41,0x48,0x3c,0x32,0x75,0x00,0x00,0x00,0x00,
-0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-0x00,0x00,0x00,0x9c,0x7b,0x07,0x00,0x00,0x00,0x00,
-0x00,0x00,0x00,0x00,0x48,0x42,0x35,0x34,0x41,0x32,
-0x35,0x36,0x38,0x4b,0x4e,0x2d,0x41,0x37,0x35,0x42,
-0x20,0x30,0x20
-};
-
 static void vt82c686b_southbridge_init(PCIBus *pci_bus, int slot, qemu_irq 
intc,
I2CBus **i2c_bus, ISABus **p_isa_bus)
 {
@@ -284,7 +270,6 @@ static void network_init (PCIBus *pci_bus)

 static void mips_fulong2e_init(MachineState *machine)
 {
-ram_addr_t ram_size = machine->ram_size;
 const char *kernel_filename = machine->kernel_filename;
 const char *kernel_cmdline = machine->kernel_cmdline;
 const char *initrd_filename = machine->initrd_filename;
@@ -292,7 +277,10 @@ static void mips_fulong2e_init(MachineState *machine)
 MemoryRegion *address_space_mem = get_system_memory();
 MemoryRegion *ram = g_new(MemoryRegion, 1);
 MemoryRegion *bios = g_new(MemoryRegion, 1);
+ram_addr_t ram_size = machine->ram_size;
 long bios_size;
+uint8_t *spd_data;
+Error *err = NULL;
 int64_t kernel_entry;
 PCIBus *pci_bus;
 ISABus *isa_bus;
@@ -306,7 +294,7 @@ static void mips_fulong2e_init(MachineState *machine)

 qemu_register_reset(main_cpu_reset, cpu);

-/* fulong 2e has 256M ram. */
+/* TODO: support more than 256M RAM as highmem */
 ram_size = 256 * MiB;


This particular patch about SPD EEPROM just removes the 

[Qemu-devel] [PATCH 1/9] vhost-net: move stubs to a separate file

[Paolo Bonzini]

There is no reason for CONFIG_VHOST_NET to be specific to a single target;
it is a host feature that can be add to all targets, as long as they support
the virtio-net device.  Currently CONFIG_VHOST_NET depends on CONFIG_KVM,
but ioeventfd support is present in the core memory API and works with
other accelerators as well.

As a first step, move the vhost-net stubs to a separate file.  Later, they
will become conditional on CONFIG_VIRTIO_NET, which is not available in .c
files.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
Signed-off-by: Paolo Bonzini 
Message-Id: <1543851204-41186-2-git-send-email-pbonz...@redhat.com>
---
 hw/net/Makefile.objs|  4 ++-
 hw/net/vhost_net-stub.c | 92 +
 hw/net/vhost_net.c  | 74 ---
 3 files changed, 95 insertions(+), 75 deletions(-)
 create mode 100644 hw/net/vhost_net-stub.c

diff --git a/hw/net/Makefile.objs b/hw/net/Makefile.objs
index a43351a..acfaea5 100644
--- a/hw/net/Makefile.objs
+++ b/hw/net/Makefile.objs
@@ -37,7 +37,9 @@ obj-$(CONFIG_PSERIES) += spapr_llan.o
 obj-$(CONFIG_XILINX_ETHLITE) += xilinx_ethlite.o
 
 obj-$(CONFIG_VIRTIO_NET) += virtio-net.o
-obj-y += vhost_net.o
+obj-$(CONFIG_VHOST_NET) += vhost_net.o
+common-obj-$(call lnot,$(CONFIG_VHOST_NET)) += vhost_net-stub.o
+common-obj-$(CONFIG_ALL) += vhost_net-stub.o
 
 obj-$(CONFIG_ETSEC) += fsl_etsec/etsec.o fsl_etsec/registers.o \
fsl_etsec/rings.o fsl_etsec/miim.o
diff --git a/hw/net/vhost_net-stub.c b/hw/net/vhost_net-stub.c
new file mode 100644
index 000..aac0e98
--- /dev/null
+++ b/hw/net/vhost_net-stub.c
@@ -0,0 +1,92 @@
+/*
+ * vhost-net support
+ *
+ * Copyright Red Hat, Inc. 2010
+ *
+ * Authors:
+ *  Michael S. Tsirkin 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "net/net.h"
+#include "net/tap.h"
+#include "net/vhost-user.h"
+
+#include "hw/virtio/virtio-net.h"
+#include "net/vhost_net.h"
+#include "qemu/error-report.h"
+
+
+uint64_t vhost_net_get_max_queues(VHostNetState *net)
+{
+return 1;
+}
+
+struct vhost_net *vhost_net_init(VhostNetOptions *options)
+{
+error_report("vhost-net support is not compiled in");
+return NULL;
+}
+
+int vhost_net_start(VirtIODevice *dev,
+NetClientState *ncs,
+int total_queues)
+{
+return -ENOSYS;
+}
+void vhost_net_stop(VirtIODevice *dev,
+NetClientState *ncs,
+int total_queues)
+{
+}
+
+void vhost_net_cleanup(struct vhost_net *net)
+{
+}
+
+uint64_t vhost_net_get_features(struct vhost_net *net, uint64_t features)
+{
+return features;
+}
+
+void vhost_net_ack_features(struct vhost_net *net, uint64_t features)
+{
+}
+
+uint64_t vhost_net_get_acked_features(VHostNetState *net)
+{
+return 0;
+}
+
+bool vhost_net_virtqueue_pending(VHostNetState *net, int idx)
+{
+return false;
+}
+
+void vhost_net_virtqueue_mask(VHostNetState *net, VirtIODevice *dev,
+  int idx, bool mask)
+{
+}
+
+int vhost_net_notify_migration_done(struct vhost_net *net, char* mac_addr)
+{
+return -1;
+}
+
+VHostNetState *get_vhost_net(NetClientState *nc)
+{
+return 0;
+}
+
+int vhost_set_vring_enable(NetClientState *nc, int enable)
+{
+return 0;
+}
+
+int vhost_net_set_mtu(struct vhost_net *net, uint16_t mtu)
+{
+return 0;
+}
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index e037db6..b901306 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -23,7 +23,6 @@
 #include "qemu/error-report.h"
 
 
-#ifdef CONFIG_VHOST_NET
 #include 
 #include 
 #include 
@@ -449,76 +448,3 @@ int vhost_net_set_mtu(struct vhost_net *net, uint16_t mtu)
 
 return vhost_ops->vhost_net_set_mtu(>dev, mtu);
 }
-
-#else
-uint64_t vhost_net_get_max_queues(VHostNetState *net)
-{
-return 1;
-}
-
-struct vhost_net *vhost_net_init(VhostNetOptions *options)
-{
-error_report("vhost-net support is not compiled in");
-return NULL;
-}
-
-int vhost_net_start(VirtIODevice *dev,
-NetClientState *ncs,
-int total_queues)
-{
-return -ENOSYS;
-}
-void vhost_net_stop(VirtIODevice *dev,
-NetClientState *ncs,
-int total_queues)
-{
-}
-
-void vhost_net_cleanup(struct vhost_net *net)
-{
-}
-
-uint64_t vhost_net_get_features(struct vhost_net *net, uint64_t features)
-{
-return features;
-}
-
-void vhost_net_ack_features(struct vhost_net *net, uint64_t features)
-{
-}
-
-uint64_t vhost_net_get_acked_features(VHostNetState *net)
-{
-return 0;
-}
-
-bool vhost_net_virtqueue_pending(VHostNetState *net, int idx)
-{
-return false;
-}
-
-void vhost_net_virtqueue_mask(VHostNetState *net, VirtIODevice *dev,
-  int idx, bool mask)
-{
-}
-
-int vhost_net_notify_migration_done(struct vhost_net 

Re: [Qemu-devel] [PATCH v2 0/7] ui/cocoa: Use OSX's main loop

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190214102816.3393-1-peter.mayd...@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20190214102816.3393-1-peter.mayd...@linaro.org
Subject: [Qemu-devel] [PATCH v2 0/7] ui/cocoa: Use OSX's main loop
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
8d76c56d6c ui/cocoa: Perform UI operations only on the main thread
3aee068a7c ui/cocoa: Subclass NSApplication so we can implement sendEvent
1da7a6a150 ui/cocoa: Don't call NSApp sendEvent directly from handleEvent
07e0180720 ui/cocoa: Move console/device menu creation code up in file
ae490d83db ui/cocoa: Factor out initial menu creation
4b0ac50558 ui/cocoa: Use the pixman image directly in switchSurface
c83f0eb31d ui/cocoa: Ensure we have the iothread lock when calling into QEMU

=== OUTPUT BEGIN ===
1/7 Checking commit c83f0eb31d04 (ui/cocoa: Ensure we have the iothread lock 
when calling into QEMU)
2/7 Checking commit 4b0ac5055867 (ui/cocoa: Use the pixman image directly in 
switchSurface)
3/7 Checking commit ae490d83dba7 (ui/cocoa: Factor out initial menu creation)
4/7 Checking commit 07e018072093 (ui/cocoa: Move console/device menu creation 
code up in file)
5/7 Checking commit 1da7a6a15059 (ui/cocoa: Don't call NSApp sendEvent directly 
from handleEvent)
ERROR: trailing whitespace
#41: FILE: ui/cocoa.m:152:
+$

total: 1 errors, 0 warnings, 122 lines checked

Patch 5/7 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

6/7 Checking commit 3aee068a7c6a (ui/cocoa: Subclass NSApplication so we can 
implement sendEvent)
7/7 Checking commit 8d76c56d6c33 (ui/cocoa: Perform UI operations only on the 
main thread)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20190214102816.3393-1-peter.mayd...@linaro.org/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[Qemu-devel] [PATCH 9/9] vhost-user-test: create a temporary directory per TestServer

[Paolo Bonzini]

This makes the tests more independent, and also the source and destination
TestServers in the migration test.

Reviewed-by: Marc-André Lureau 
Signed-off-by: Paolo Bonzini 
Message-Id: <1543851204-41186-15-git-send-email-pbonz...@redhat.com>
---
 tests/vhost-user-test.c | 77 ++---
 1 file changed, 35 insertions(+), 42 deletions(-)

diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
index 516e31c..1c550aa 100644
--- a/tests/vhost-user-test.c
+++ b/tests/vhost-user-test.c
@@ -142,6 +142,8 @@ typedef struct TestServer {
 gchar *socket_path;
 gchar *mig_path;
 gchar *chr_name;
+const gchar *mem_path;
+gchar *tmpfs;
 CharBackend chr;
 int fds_num;
 int fds[VHOST_MEMORY_MAX_NREGIONS];
@@ -163,9 +165,6 @@ static TestServer *test_server_new(const gchar *name);
 static void test_server_free(TestServer *server);
 static void test_server_listen(TestServer *server);
 
-static const char *tmpfs;
-static const char *root;
-
 enum test_memfd {
 TEST_MEMFD_AUTO,
 TEST_MEMFD_YES,
@@ -173,7 +172,7 @@ enum test_memfd {
 };
 
 static char *get_qemu_cmd(TestServer *s,
-  int mem, enum test_memfd memfd, const char *mem_path,
+  int mem, enum test_memfd memfd,
   const char *chr_opts, const char *extra)
 {
 if (memfd == TEST_MEMFD_AUTO && qemu_memfd_check(0)) {
@@ -188,7 +187,7 @@ static char *get_qemu_cmd(TestServer *s,
 } else {
 return g_strdup_printf(QEMU_CMD_MEM QEMU_CMD_CHR
QEMU_CMD_NETDEV QEMU_CMD_NET "%s", mem, mem,
-   mem_path, s->chr_name, s->socket_path,
+   s->mem_path, s->chr_name, s->socket_path,
chr_opts, s->chr_name, extra);
 }
 }
@@ -507,6 +506,8 @@ static const char *init_hugepagefs(void)
 static TestServer *test_server_new(const gchar *name)
 {
 TestServer *server = g_new0(TestServer, 1);
+char template[] = "/tmp/vhost-test-XX";
+const char *tmpfs;
 
 server->context = g_main_context_new();
 server->loop = g_main_loop_new(server->context, FALSE);
@@ -514,6 +515,14 @@ static TestServer *test_server_new(const gchar *name)
 /* run the main loop thread so the chardev may operate */
 server->thread = g_thread_new(NULL, thread_function, server->loop);
 
+tmpfs = mkdtemp(template);
+if (!tmpfs) {
+g_test_message("mkdtemp on path (%s): %s", template, strerror(errno));
+}
+g_assert(tmpfs);
+
+server->tmpfs = g_strdup(tmpfs);
+server->mem_path = init_hugepagefs() ? : server->tmpfs;
 server->socket_path = g_strdup_printf("%s/%s.sock", tmpfs, name);
 server->mig_path = g_strdup_printf("%s/%s.mig", tmpfs, name);
 server->chr_name = g_strdup_printf("chr-%s", name);
@@ -559,7 +568,7 @@ static void test_server_listen(TestServer *server)
 
 static void test_server_free(TestServer *server)
 {
-int i;
+int i, ret;
 
 /* finish the helper thread and dispatch pending sources */
 g_main_loop_quit(server->loop);
@@ -570,6 +579,18 @@ static void test_server_free(TestServer *server)
 g_main_loop_unref(server->loop);
 g_main_context_unref(server->context);
 
+unlink(server->socket_path);
+g_free(server->socket_path);
+
+unlink(server->mig_path);
+g_free(server->mig_path);
+
+ret = rmdir(server->tmpfs);
+if (ret != 0) {
+g_test_message("unable to rmdir: path (%s): %s",
+   server->tmpfs, strerror(errno));
+}
+
 qemu_chr_fe_deinit(>chr, true);
 
 for (i = 0; i < server->fds_num; i++) {
@@ -580,12 +601,6 @@ static void test_server_free(TestServer *server)
 close(server->log_fd);
 }
 
-unlink(server->socket_path);
-g_free(server->socket_path);
-
-unlink(server->mig_path);
-g_free(server->mig_path);
-
 g_free(server->chr_name);
 g_assert(server->bus);
 qpci_free_pc(server->bus);
@@ -691,7 +706,7 @@ static void test_read_guest_mem(const void *arg)
  "read-guest-memfd" : "read-guest-mem");
 test_server_listen(server);
 
-qemu_cmd = get_qemu_cmd(server, 512, memfd, root, "", "");
+qemu_cmd = get_qemu_cmd(server, 512, memfd, "", "");
 
 s = qtest_start(qemu_cmd);
 g_free(qemu_cmd);
@@ -726,7 +741,7 @@ static void test_migrate(void)
 test_server_listen(s);
 test_server_listen(dest);
 
-cmd = get_qemu_cmd(s, 2, TEST_MEMFD_AUTO, root, "", "");
+cmd = get_qemu_cmd(s, 2, TEST_MEMFD_AUTO, "", "");
 from = qtest_start(cmd);
 g_free(cmd);
 
@@ -739,7 +754,7 @@ static void test_migrate(void)
 g_assert_cmpint(size, ==, (2 * 1024 * 1024) / (VHOST_LOG_PAGE * 8));
 
 tmp = g_strdup_printf(" -incoming %s", uri);
-cmd = get_qemu_cmd(dest, 2, TEST_MEMFD_AUTO, root, "", tmp);
+cmd = get_qemu_cmd(dest, 2, TEST_MEMFD_AUTO, "", tmp);
 g_free(tmp);
 to = 

Re: [Qemu-devel] [PATCH v6 00/18] ARM virt: Initial RAM expansion and PCDIMM/NVDIMM support

[Peter Maydell]

On Tue, 5 Feb 2019 at 17:33, Eric Auger  wrote:
> This series aims to bump the 255GB RAM limit in machvirt and to
> support device memory in general, and especially PCDIMM/NVDIMM.

> Functionally, the series is split into 3 parts:
> 1) bump of the initial RAM limit [1 - 10] and change in
>the memory map
> 2) Support of PC-DIMM [11 - 14]
> 3) Support of NV-DIMM [15 - 18]
>
> 1) can be upstreamed before 2 and 2 can be upstreamed before 3.

Hi Eric; sorry I haven't reviewed this series earlier. I think
that 1-10 are pretty near to ready to go in; maybe the easiest
path is to do a respin of just those with the review issues fixed?

I'm a long way from being expert in the PC-DIMM/NV-DIMM stuff, so
I'm going to be reliant on other people to review those parts.

I don't know if your series needs anything from linux-headers
which isn't already in QEMU master after the update to match
5.0rc1 -- if not you could drop the header-sync patch.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v6 09/18] hw/arm/virt: Implement kvm_type function for 4.0 machine

[Peter Maydell]

On Tue, 5 Feb 2019 at 17:33, Eric Auger  wrote:
>
> This patch implements the machine class kvm_type() callback.
> It returns the max IPA shift needed to implement the whole GPA
> range including the RAM and IO regions located beyond.
> The returned value in passed though the KVM_CREATE_VM ioctl and
> this allows KVM to set the stage2 tables dynamically.
>
> At this stage the RAM limit still is limited to 255GB.
>
> Setting all the existing highmem IO regions beyond the RAM
> allows to have a single contiguous RAM region (initial RAM and
> possible hotpluggable device memory). That way we do not need
> to do invasive changes in the EDK2 FW to support a dynamic
> RAM base.
>
> Signed-off-by: Eric Auger 
>
> ---
>
> v5 -> v6:
> - add some comments
> - high IO region cannot start before 256GiB
> ---
>  hw/arm/virt.c | 52 +--
>  include/hw/arm/virt.h |  2 ++
>  2 files changed, 52 insertions(+), 2 deletions(-)
>
> diff --git a/hw/arm/virt.c b/hw/arm/virt.c
> index 2b15839d0b..b90ffc2e5d 100644
> --- a/hw/arm/virt.c
> +++ b/hw/arm/virt.c
> @@ -1366,6 +1366,7 @@ static uint64_t virt_cpu_mp_affinity(VirtMachineState 
> *vms, int idx)
>
>  static void virt_set_memmap(VirtMachineState *vms)
>  {
> +MachineState *ms = MACHINE(vms);
>  hwaddr base;
>  int i;
>
> @@ -1375,7 +1376,17 @@ static void virt_set_memmap(VirtMachineState *vms)
>  vms->memmap[i] = a15memmap[i];
>  }
>
> -vms->high_io_base = 256 * GiB; /* Top of the legacy initial RAM region */
> +/*
> + * We now compute the base of the high IO region depending on the
> + * amount of initial and device memory. The device memory start/size
> + * is aligned on 1GiB. We never put the high IO region below 256GiB
> + * so that if maxram_size is < 255GiB we keep the legacy memory map
> + */
> +vms->high_io_base = ROUND_UP(GiB + ms->ram_size, GiB) +
> +ROUND_UP(ms->maxram_size - ms->ram_size, GiB);

I don't understand this expression...

> +if (vms->high_io_base < 256 * GiB) {
> +vms->high_io_base = 256 * GiB;
> +}
>  base = vms->high_io_base;
>
>  for (i = VIRT_LOWMEMMAP_LAST; i < ARRAY_SIZE(extended_memmap); i++) {
> @@ -1386,6 +1397,7 @@ static void virt_set_memmap(VirtMachineState *vms)
>  vms->memmap[i].size = size;
>  base += size;
>  }
> +vms->highest_gpa = base - 1;
>  }
>
>  static void machvirt_init(MachineState *machine)
> @@ -1402,7 +1414,9 @@ static void machvirt_init(MachineState *machine)
>  bool firmware_loaded = bios_name || drive_get(IF_PFLASH, 0, 0);
>  bool aarch64 = true;
>
> -virt_set_memmap(vms);
> +if (!vms->extended_memmap) {
> +virt_set_memmap(vms);
> +}
>
>  /* We can probe only here because during property set
>   * KVM is not available yet
> @@ -1784,6 +1798,36 @@ static HotplugHandler 
> *virt_machine_get_hotplug_handler(MachineState *machine,
>  return NULL;
>  }
>
> +/*
> + * for arm64 kvm_type [7-0] encodes the IPA size shift
> + */
> +static int virt_kvm_type(MachineState *ms, const char *type_str)
> +{
> +VirtMachineState *vms = VIRT_MACHINE(ms);
> +int max_vm_phys_shift = kvm_arm_get_max_vm_phys_shift(ms);
> +int max_pa_shift;
> +
> +vms->extended_memmap = true;
> +
> +virt_set_memmap(vms);
> +
> +max_pa_shift = 64 - clz64(vms->highest_gpa);
> +
> +if (max_pa_shift > max_vm_phys_shift) {
> +error_report("-m and ,maxmem option values "
> + "require an IPA range (%d bits) larger than "
> + "the one supported by the host (%d bits)",
> + max_pa_shift, max_vm_phys_shift);
> +   exit(1);
> +}

Presumably we should have some equivalent check for TCG, so
that we don't let the user create a setup which wants more
bits of physical address than the TCG CPU allows ?

> +/*
> + * By default we return 0 which corresponds to an implicit legacy
> + * 40b IPA setting. Otherwise we return the actual requested IPA
> + * logsize
> + */
> +return max_pa_shift > 40 ? max_pa_shift : 0;
> +}
> +
>  static void virt_machine_class_init(ObjectClass *oc, void *data)
>  {
>  MachineClass *mc = MACHINE_CLASS(oc);
> @@ -1808,6 +1852,7 @@ static void virt_machine_class_init(ObjectClass *oc, 
> void *data)
>  mc->cpu_index_to_instance_props = virt_cpu_index_to_props;
>  mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a15");
>  mc->get_default_cpu_node_id = virt_get_default_cpu_node_id;
> +mc->kvm_type = virt_kvm_type;
>  assert(!mc->get_hotplug_handler);
>  mc->get_hotplug_handler = virt_machine_get_hotplug_handler;
>  hc->plug = virt_machine_device_plug_cb;
> @@ -1911,6 +1956,9 @@ static void virt_machine_3_1_options(MachineClass *mc)
>  {
>  virt_machine_4_0_options(mc);
>  compat_props_add(mc->compat_props, hw_compat_3_1, hw_compat_3_1_len);
> +
> +/* extended memory map is 

[Qemu-devel] [PATCH 7/9] vhost-user-test: create a main loop per TestServer

[Paolo Bonzini]

This makes the tests more independent and removes the need to defer 
test_server_free
via an idle event source.

Reviewed-by: Marc-André Lureau 
Signed-off-by: Paolo Bonzini 
Message-Id: <1543851204-41186-13-git-send-email-pbonz...@redhat.com>
---
 tests/vhost-user-test.c | 53 +
 1 file changed, 27 insertions(+), 26 deletions(-)

diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
index cdbdf3d..33030e0 100644
--- a/tests/vhost-user-test.c
+++ b/tests/vhost-user-test.c
@@ -146,6 +146,9 @@ typedef struct TestServer {
 int fds_num;
 int fds[VHOST_MEMORY_MAX_NREGIONS];
 VhostUserMemory memory;
+GMainContext *context;
+GMainLoop *loop;
+GThread *thread;
 GMutex data_mutex;
 GCond data_cond;
 int log_fd;
@@ -495,6 +498,12 @@ static TestServer *test_server_new(const gchar *name)
 {
 TestServer *server = g_new0(TestServer, 1);
 
+server->context = g_main_context_new();
+server->loop = g_main_loop_new(server->context, FALSE);
+
+/* run the main loop thread so the chardev may operate */
+server->thread = g_thread_new(NULL, thread_function, server->loop);
+
 server->socket_path = g_strdup_printf("%s/%s.sock", tmpfs, name);
 server->mig_path = g_strdup_printf("%s/%s.mig", tmpfs, name);
 server->chr_name = g_strdup_printf("chr-%s", name);
@@ -524,13 +533,13 @@ static void test_server_create_chr(TestServer *server, 
const gchar *opt)
 Chardev *chr;
 
 chr_path = g_strdup_printf("unix:%s%s", server->socket_path, opt);
-chr = qemu_chr_new(server->chr_name, chr_path, NULL);
+chr = qemu_chr_new(server->chr_name, chr_path, server->context);
 g_free(chr_path);
 
 g_assert_nonnull(chr);
 qemu_chr_fe_init(>chr, chr, _abort);
 qemu_chr_fe_set_handlers(>chr, chr_can_read, chr_read,
- chr_event, NULL, server, NULL, true);
+ chr_event, NULL, server, server->context, true);
 }
 
 static void test_server_listen(TestServer *server)
@@ -538,10 +547,19 @@ static void test_server_listen(TestServer *server)
 test_server_create_chr(server, ",server,nowait");
 }
 
-static gboolean _test_server_free(TestServer *server)
+static void test_server_free(TestServer *server)
 {
 int i;
 
+/* finish the helper thread and dispatch pending sources */
+g_main_loop_quit(server->loop);
+g_thread_join(server->thread);
+while (g_main_context_pending(NULL)) {
+g_main_context_iteration(NULL, TRUE);
+}
+g_main_loop_unref(server->loop);
+g_main_context_unref(server->context);
+
 qemu_chr_fe_deinit(>chr, true);
 
 for (i = 0; i < server->fds_num; i++) {
@@ -563,13 +581,6 @@ static gboolean _test_server_free(TestServer *server)
 qpci_free_pc(server->bus);
 
 g_free(server);
-
-return FALSE;
-}
-
-static void test_server_free(TestServer *server)
-{
-g_idle_add((GSourceFunc)_test_server_free, server);
 }
 
 static void wait_for_log_fd(TestServer *s)
@@ -728,7 +739,7 @@ static void test_migrate(void)
   sizeof(TestMigrateSource));
 ((TestMigrateSource *)source)->src = s;
 ((TestMigrateSource *)source)->dest = dest;
-g_source_attach(source, NULL);
+g_source_attach(source, s->context);
 
 /* slow down migration to have time to fiddle with log */
 /* TODO: qtest could learn to break on some places */
@@ -825,6 +836,7 @@ connect_thread(gpointer data)
 static void test_reconnect_subprocess(void)
 {
 TestServer *s = test_server_new("reconnect");
+GSource *src;
 char *cmd;
 
 g_thread_new("connect", connect_thread, s);
@@ -842,7 +854,10 @@ static void test_reconnect_subprocess(void)
 /* reconnect */
 s->fds_num = 0;
 s->rings = 0;
-g_idle_add(reconnect_cb, s);
+src = g_idle_source_new();
+g_source_set_callback(src, reconnect_cb, s, NULL);
+g_source_attach(src, s->context);
+g_source_unref(src);
 g_assert(wait_for_fds(s));
 wait_for_rings_started(s, 2);
 
@@ -974,8 +989,6 @@ int main(int argc, char **argv)
 const char *hugefs;
 int ret;
 char template[] = "/tmp/vhost-test-XX";
-GMainLoop *loop;
-GThread *thread;
 
 g_test_init(, , NULL);
 
@@ -997,10 +1010,6 @@ int main(int argc, char **argv)
 }
 #endif
 
-loop = g_main_loop_new(NULL, FALSE);
-/* run the main loop thread so the chardev may operate */
-thread = g_thread_new(NULL, thread_function, loop);
-
 if (qemu_memfd_check(0)) {
 qtest_add_data_func("/vhost-user/read-guest-mem/memfd",
 GINT_TO_POINTER(TEST_MEMFD_YES),
@@ -1028,14 +1037,6 @@ int main(int argc, char **argv)
 
 /* cleanup */
 
-/* finish the helper thread and dispatch pending sources */
-g_main_loop_quit(loop);
-g_thread_join(thread);
-while (g_main_context_pending(NULL)) {
-g_main_context_iteration (NULL, TRUE);
-}
-g_main_loop_unref(loop);
-
 ret = 

Re: [Qemu-devel] [PULL 0/1] Block patches

[Peter Maydell]

On Thu, 14 Feb 2019 at 04:33, Stefan Hajnoczi  wrote:
>
> The following changes since commit 0b5e750bea635b167eb03d86c3d9a09bbd43bc06:
>
>   Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
> into staging (2019-02-12 10:53:37 +)
>
> are available in the Git repository at:
>
>   git://github.com/stefanha/qemu.git tags/block-pull-request
>
> for you to fetch changes up to 42824b4d16da56a50ff4027f6cd22378e0e2666e:
>
>   virtio-blk: set correct config size for the host driver (2019-02-13 
> 16:18:17 +0800)
>
> 
> Pull request
>
> Fix a virtio-blk migration regression.
>

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.0
for any user-visible changes.

-- PMM

[Qemu-devel] [PATCH v2 0/9] vhost: enable for all targets

[Paolo Bonzini]

See also "[PATCH for-3.2 00/10] vhost: preparation for qgraph
conversion of vhost-user-test".  Some of the other vhost-user-test
patches have gone in already, and this is what is left.

These patches are a prerequisite for both kconfig and qgraph.

I will probably test them on macOS myself before these are included
in a pull request, since the previous versions had some issues.
Michael, let me know if you want me to send the pull request.

Thanks,

Paolo

Paolo Bonzini (9):
  vhost-net: move stubs to a separate file
  vhost-net-user: add stubs for when no virtio-net device is present
  vhost: restrict Linux dependency to kernel vhost
  vhost-user: support cross-endian vnet headers
  vhost-net: compile it on all targets that have virtio-net.
  vhost-net: revamp configure logic
  vhost-user-test: create a main loop per TestServer
  vhost-user-test: small changes to init_hugepagefs
  vhost-user-test: create a temporary directory per TestServer

 backends/Makefile.objs |   5 +-
 configure  | 102 ++---
 default-configs/virtio.mak |   4 +-
 hw/net/Makefile.objs   |   4 +-
 hw/net/vhost_net-stub.c|  92 ++
 hw/net/vhost_net.c |  85 ++--
 hw/virtio/Makefile.objs|   8 ++-
 hw/virtio/vhost-backend.c  |  12 +++-
 hw/virtio/vhost-user.c |  13 +++-
 hw/virtio/vhost.c  |   2 +-
 include/exec/poison.h  |   1 -
 net/Makefile.objs  |   4 +-
 net/net.c  |   2 +-
 net/vhost-user-stub.c  |  23 +++
 net/vhost-user.c   |  13 
 tests/Makefile.include |   5 +-
 tests/vhost-user-test.c| 160 +++--
 17 files changed, 319 insertions(+), 216 deletions(-)
 create mode 100644 hw/net/vhost_net-stub.c
 create mode 100644 net/vhost-user-stub.c

-- 
1.8.3.1

[Qemu-devel] [PATCH 8/9] vhost-user-test: small changes to init_hugepagefs

[Paolo Bonzini]

After the conversion to qgraph, the equivalent of "main" will be in
a constructor and will run even if the tests are not being requested.
Therefore, it should not assert that init_hugepagefs succeeds and will
be called when creating the TestServer.  This patch changes the prototype
of init_hugepagefs, this way the next patch looks nicer.

Reviewed-by: Marc-André Lureau 
Signed-off-by: Paolo Bonzini 
Message-Id: <1543851204-41186-14-git-send-email-pbonz...@redhat.com>
---
 tests/vhost-user-test.c | 26 ++
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
index 33030e0..516e31c 100644
--- a/tests/vhost-user-test.c
+++ b/tests/vhost-user-test.c
@@ -465,14 +465,20 @@ static void chr_read(void *opaque, const uint8_t *buf, 
int size)
 g_mutex_unlock(>data_mutex);
 }
 
-#ifdef CONFIG_LINUX
-static const char *init_hugepagefs(const char *path)
+static const char *init_hugepagefs(void)
 {
+#ifdef CONFIG_LINUX
+const char *path = getenv("QTEST_HUGETLBFS_PATH");
 struct statfs fs;
 int ret;
 
+if (!path) {
+return NULL;
+}
+
 if (access(path, R_OK | W_OK | X_OK)) {
 g_test_message("access on path (%s): %s\n", path, strerror(errno));
+abort();
 return NULL;
 }
 
@@ -482,17 +488,21 @@ static const char *init_hugepagefs(const char *path)
 
 if (ret != 0) {
 g_test_message("statfs on path (%s): %s\n", path, strerror(errno));
+abort();
 return NULL;
 }
 
 if (fs.f_type != HUGETLBFS_MAGIC) {
 g_test_message("Warning: path not on HugeTLBFS: %s\n", path);
+abort();
 return NULL;
 }
 
 return path;
-}
+#else
+return NULL;
 #endif
+}
 
 static TestServer *test_server_new(const gchar *name)
 {
@@ -986,7 +996,6 @@ static void test_multiqueue(void)
 
 int main(int argc, char **argv)
 {
-const char *hugefs;
 int ret;
 char template[] = "/tmp/vhost-test-XX";
 
@@ -1001,14 +1010,7 @@ int main(int argc, char **argv)
 }
 g_assert(tmpfs);
 
-root = tmpfs;
-#ifdef CONFIG_LINUX
-hugefs = getenv("QTEST_HUGETLBFS_PATH");
-if (hugefs) {
-root = init_hugepagefs(hugefs);
-g_assert(root);
-}
-#endif
+root = init_hugepagefs() ? : tmpfs;
 
 if (qemu_memfd_check(0)) {
 qtest_add_data_func("/vhost-user/read-guest-mem/memfd",
-- 
1.8.3.1

[Qemu-devel] [PATCH 3/9] vhost: restrict Linux dependency to kernel vhost

[Paolo Bonzini]

vhost-user does not depend on Linux; it can run on any POSIX system.  Restrict
vhost-kernel to Linux in hw/virtio/vhost-backend.c, everything else can be
compiled on all POSIX systems.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
Message-Id: <1543851204-41186-4-git-send-email-pbonz...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 backends/Makefile.objs |  5 ++---
 default-configs/virtio.mak |  4 ++--
 hw/net/vhost_net.c |  3 +--
 hw/virtio/Makefile.objs|  8 +---
 hw/virtio/vhost-backend.c  | 12 ++--
 hw/virtio/vhost-user.c | 13 -
 hw/virtio/vhost.c  |  2 +-
 7 files changed, 33 insertions(+), 14 deletions(-)

diff --git a/backends/Makefile.objs b/backends/Makefile.objs
index 717fcbd..ff619d3 100644
--- a/backends/Makefile.objs
+++ b/backends/Makefile.objs
@@ -9,10 +9,9 @@ common-obj-$(CONFIG_POSIX) += hostmem-file.o
 common-obj-y += cryptodev.o
 common-obj-y += cryptodev-builtin.o
 
-ifeq ($(CONFIG_VIRTIO),y)
+ifeq ($(CONFIG_VIRTIO_CRYPTO),y)
 common-obj-y += cryptodev-vhost.o
-common-obj-$(call land,$(CONFIG_VHOST_USER),$(CONFIG_LINUX)) += \
-cryptodev-vhost-user.o
+common-obj-$(CONFIG_VHOST_CRYPTO) += cryptodev-vhost-user.o
 endif
 
 common-obj-$(CONFIG_LINUX) += hostmem-memfd.o
diff --git a/default-configs/virtio.mak b/default-configs/virtio.mak
index ecb4420..b653aa0 100644
--- a/default-configs/virtio.mak
+++ b/default-configs/virtio.mak
@@ -1,5 +1,5 @@
-CONFIG_VHOST_USER_SCSI=$(call land,$(CONFIG_VHOST_USER),$(CONFIG_LINUX))
-CONFIG_VHOST_USER_BLK=$(call land,$(CONFIG_VHOST_USER),$(CONFIG_LINUX))
+CONFIG_VHOST_USER_SCSI=$(CONFIG_VHOST_USER)
+CONFIG_VHOST_USER_BLK=$(CONFIG_VHOST_USER)
 CONFIG_VIRTIO=y
 CONFIG_VIRTIO_9P=$(CONFIG_VIRTFS)
 CONFIG_VIRTIO_BALLOON=y
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index 2a300ee..ae3ca23 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -18,14 +18,13 @@
 #include "net/tap.h"
 #include "net/vhost-user.h"
 
+#include "standard-headers/linux/vhost_types.h"
 #include "hw/virtio/virtio-net.h"
 #include "net/vhost_net.h"
 #include "qemu/error-report.h"
 
 
-#include 
 #include 
-#include 
 #include 
 #include 
 #include 
diff --git a/hw/virtio/Makefile.objs b/hw/virtio/Makefile.objs
index d335dd0..ce542e7 100644
--- a/hw/virtio/Makefile.objs
+++ b/hw/virtio/Makefile.objs
@@ -2,15 +2,18 @@ ifeq ($(CONFIG_VIRTIO),y)
 common-obj-y += virtio-bus.o
 obj-y += virtio.o
 
+obj-$(call lor,$(CONFIG_VHOST_USER),$(CONFIG_LINUX)) += vhost.o vhost-backend.o
+common-obj-$(call lnot,$(call lor,$(CONFIG_VHOST_USER),$(CONFIG_LINUX))) += 
vhost-stub.o
+obj-$(CONFIG_VHOST_USER) += vhost-user.o
+
 common-obj-$(CONFIG_VIRTIO_RNG) += virtio-rng.o
 common-obj-$(CONFIG_VIRTIO_PCI) += virtio-pci.o
 common-obj-$(CONFIG_VIRTIO_MMIO) += virtio-mmio.o
 obj-$(CONFIG_VIRTIO_BALLOON) += virtio-balloon.o
 obj-$(CONFIG_VIRTIO_CRYPTO) += virtio-crypto.o
 obj-$(call land,$(CONFIG_VIRTIO_CRYPTO),$(CONFIG_VIRTIO_PCI)) += 
virtio-crypto-pci.o
-
-obj-$(CONFIG_LINUX) += vhost.o vhost-backend.o vhost-user.o
 obj-$(CONFIG_VHOST_VSOCK) += vhost-vsock.o
+
 ifeq ($(CONFIG_VIRTIO_PCI),y)
 obj-$(CONFIG_VHOST_VSOCK) += vhost-vsock-pci.o
 obj-$(CONFIG_VHOST_USER_BLK) += vhost-user-blk-pci.o
@@ -28,5 +31,4 @@ obj-$(CONFIG_VIRTIO_SERIAL) += virtio-serial-pci.o
 endif
 endif
 
-common-obj-$(call lnot,$(call land,$(CONFIG_VIRTIO),$(CONFIG_LINUX))) += 
vhost-stub.o
 common-obj-$(CONFIG_ALL) += vhost-stub.o
diff --git a/hw/virtio/vhost-backend.c b/hw/virtio/vhost-backend.c
index 7f09efa..e0f0bb7 100644
--- a/hw/virtio/vhost-backend.c
+++ b/hw/virtio/vhost-backend.c
@@ -9,11 +9,14 @@
  */
 
 #include "qemu/osdep.h"
-#include 
-#include 
 #include "hw/virtio/vhost.h"
 #include "hw/virtio/vhost-backend.h"
 #include "qemu/error-report.h"
+#include "standard-headers/linux/vhost_types.h"
+
+#ifdef CONFIG_LINUX
+#include 
+#include 
 
 static int vhost_kernel_call(struct vhost_dev *dev, unsigned long int request,
  void *arg)
@@ -265,18 +268,23 @@ static const VhostOps kernel_ops = {
 .vhost_set_iotlb_callback = vhost_kernel_set_iotlb_callback,
 .vhost_send_device_iotlb_msg = vhost_kernel_send_device_iotlb_msg,
 };
+#endif
 
 int vhost_set_backend_type(struct vhost_dev *dev, VhostBackendType 
backend_type)
 {
 int r = 0;
 
 switch (backend_type) {
+#ifdef CONFIG_LINUX
 case VHOST_BACKEND_TYPE_KERNEL:
 dev->vhost_ops = _ops;
 break;
+#endif
+#ifdef CONFIG_VHOST_USER
 case VHOST_BACKEND_TYPE_USER:
 dev->vhost_ops = _ops;
 break;
+#endif
 default:
 error_report("Unknown vhost backend type");
 r = -1;
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 564a31d..0d6c64e 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -27,8 +27,12 @@
 #include 
 #include 
 #include 
-#include 
+
+#include "standard-headers/linux/vhost_types.h"
+
+#ifdef CONFIG_LINUX
 #include 
+#endif
 
 #define 

Re: [Qemu-devel] [PATCH v2 5/7] ui/cocoa: Don't call NSApp sendEvent directly from handleEvent

[Peter Maydell]

On Thu, 14 Feb 2019 at 17:04, BALATON Zoltan  wrote:
>
> On Thu, 14 Feb 2019, Peter Maydell wrote:
> > Currently the handleEvent method will directly call the NSApp
> > sendEvent method for any events that we want to let OSX deal
> > with. When we rearrange the event handling code, the way that
> > we say "let OSX have this event" is going to change. Prepare
> > for that by refactoring so that handleEvent returns a flag
> > indicating whether it consumed the event.
> >
> > Suggested-by: BALATON Zoltan 
> > Signed-off-by: Peter Maydell 
> > ---

> > +static bool bool_with_iothread_lock(BoolCodeBlock block)
> > +{
> > +bool locked = qemu_mutex_iothread_locked();
> > +bool val;
> > +
>
> Git complained about extra white space in the end of the empty line above
> but not sure if it was added during mailing or you have it in the original
> patch.

Almost certainly an error in the original patch. I'll fix it.

> > +if (!locked) {
> > +qemu_mutex_lock_iothread();
> > +}
> > +val = block();
> > +if (!locked) {
> > +qemu_mutex_unlock_iothread();
> > +}
> > +return val;
> > +}
> > +
> > // Mac to QKeyCode conversion
> > const int mac_to_qkeycode_map[] = {
> > [kVK_ANSI_A] = Q_KEY_CODE_A,
> > @@ -320,8 +336,8 @@ - (void) grabMouse;
> > - (void) ungrabMouse;
> > - (void) toggleFullScreen:(id)sender;
> > - (void) handleMonitorInput:(NSEvent *)event;
> > -- (void) handleEvent:(NSEvent *)event;
> > -- (void) handleEventLocked:(NSEvent *)event;
> > +- (bool) handleEvent:(NSEvent *)event;
> > +- (bool) handleEventLocked:(NSEvent *)event;
> > - (void) setAbsoluteEnabled:(BOOL)tIsAbsoluteEnabled;
> > /* The state surrounding mouse grabbing is potentially confusing.
> >  * isAbsoluteEnabled tracks qemu_input_is_absolute() [ie "is the emulated
> > @@ -664,15 +680,16 @@ - (void) handleMonitorInput:(NSEvent *)event
> > }
> > }
> >
> > -- (void) handleEvent:(NSEvent *)event
> > +- (bool) handleEvent:(NSEvent *)event
> > {
> > -with_iothread_lock(^{
> > -[self handleEventLocked:event];
> > +return bool_with_iothread_lock(^{
> > +return [self handleEventLocked:event];
> > });
> > }
>
> If this is only ever used for this one method, wouldn't it be easier to
> move locking to the method below (even with some goto after setting a ret
> variable to unlock at the end of the method where now it returns in the
> middle, but maybe it could even be done without goto as the whole code is
> one big switch that can be exited with break and an if that can be skipped
> by a flag)? That may be easier to follow than this method within block
> within method and then you wouldn't need bool_with_iothread_lock and
> neither handleEvent. Unless there's something I'm missing which makes this
> convoluted way needed.

The aim was to avoid having to do changes to handleEvent's code flow
in order to do "run it with the lock held"; it also means that the
invariant "we always unlock the lock" is easy to confirm, whereas
if you do the lock/unlock inside a single handleEvent method you have
to look for whether it was done right in early-exit cases. It's
a bit less of a convincing argument than it was in v1 (where we were
making no changes to handleEvent at all other than wrapping it in a
lock), but I think it still makes sense this way.

> Other than that
> Reviewed-by: BALATON Zoltan 

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 2/7] ui/cocoa: Use the pixman image directly in switchSurface

[BALATON Zoltan]

On Thu, 14 Feb 2019, Peter Maydell wrote:

Currently the switchSurface method takes a DisplaySurface. We want
to change our DisplayChangeListener's dpy_gfx_switch callback
to do this work asynchronously on a different thread. The caller
of the switch callback will free the old DisplaySurface
immediately the callback returns, so to ensure that the
other thread doesn't access freed data we need to switch
to using the underlying pixman image instead. The pixman
image is reference counted, so we will be able to take
a reference to it to avoid it vanishing too early.

In this commit we only change the switchSurface method
to take a pixman image, and keep the flow of control
synchronous for now.

Signed-off-by: Peter Maydell 


Reviewed-by: BALATON Zoltan 

Regards,
BALATON Zoltan


---
ui/cocoa.m | 17 +
1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/ui/cocoa.m b/ui/cocoa.m
index 2931c751fd..9d23732ff9 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -315,7 +315,7 @@ @interface QemuCocoaView : NSView
BOOL isAbsoluteEnabled;
BOOL isMouseDeassociated;
}
-- (void) switchSurface:(DisplaySurface *)surface;
+- (void) switchSurface:(pixman_image_t *)image;
- (void) grabMouse;
- (void) ungrabMouse;
- (void) toggleFullScreen:(id)sender;
@@ -495,12 +495,13 @@ - (void) setContentDimensions
}
}

-- (void) switchSurface:(DisplaySurface *)surface
+- (void) switchSurface:(pixman_image_t *)image
{
COCOA_DEBUG("QemuCocoaView: switchSurface\n");

-int w = surface_width(surface);
-int h = surface_height(surface);
+int w = pixman_image_get_width(image);
+int h = pixman_image_get_height(image);
+pixman_format_code_t image_format = pixman_image_get_format(image);
/* cdx == 0 means this is our very first surface, in which case we need
 * to recalculate the content dimensions even if it happens to be the size
 * of the initial empty window.
@@ -522,10 +523,10 @@ - (void) switchSurface:(DisplaySurface *)surface
CGDataProviderRelease(dataProviderRef);

//sync host window color space with guests
-screen.bitsPerPixel = surface_bits_per_pixel(surface);
-screen.bitsPerComponent = surface_bytes_per_pixel(surface) * 2;
+screen.bitsPerPixel = PIXMAN_FORMAT_BPP(image_format);
+screen.bitsPerComponent = DIV_ROUND_UP(screen.bitsPerPixel, 8) * 2;

-dataProviderRef = CGDataProviderCreateWithData(NULL, 
surface_data(surface), w * 4 * h, NULL);
+dataProviderRef = CGDataProviderCreateWithData(NULL, 
pixman_image_get_data(image), w * 4 * h, NULL);

// update windows
if (isFullscreen) {
@@ -1625,7 +1626,7 @@ static void cocoa_switch(DisplayChangeListener *dcl,
NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];

COCOA_DEBUG("qemu_cocoa: cocoa_switch\n");
-[cocoaView switchSurface:surface];
+[cocoaView switchSurface:surface->image];
[pool release];
}

Re: [Qemu-devel] [PATCH v2 6/7] ui/cocoa: Subclass NSApplication so we can implement sendEvent

[BALATON Zoltan]

On Thu, 14 Feb 2019, Peter Maydell wrote:

When we switch away from our custom event handling, we still want to
be able to have first go at any events our application receives,
because in full-screen mode we want to send key events to the guest,
even if they would be menu item activation events. There are several
ways we could do that, but one simple approach is to subclass
NSApplication so we can implement a custom sendEvent method.
Do that, but for the moment have our sendEvent just invoke the
superclass method.

Signed-off-by: Peter Maydell 


Reviewed-by: BALATON Zoltan 

Regards,
BALATON Zoltan


---
New patch in v2
---
ui/cocoa.m | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/ui/cocoa.m b/ui/cocoa.m
index 5a84e1aea7..184fbd877d 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -1478,6 +1478,17 @@ - (void)adjustSpeed:(id)sender

@end

+@interface QemuApplication : NSApplication
+@end
+
+@implementation QemuApplication
+- (void)sendEvent:(NSEvent *)event
+{
+COCOA_DEBUG("QemuApplication: sendEvent\n");
+[super sendEvent: event];
+}
+@end
+
static void create_initial_menus(void)
{
// Add menus
@@ -1691,7 +1702,7 @@ int main (int argc, const char * argv[]) {
ProcessSerialNumber psn = { 0, kCurrentProcess };
TransformProcessType(, kProcessTransformToForegroundApplication);

-[NSApplication sharedApplication];
+[QemuApplication sharedApplication];

create_initial_menus();

Re: [Qemu-devel] [PATCH v2 5/7] ui/cocoa: Don't call NSApp sendEvent directly from handleEvent

[BALATON Zoltan]

On Thu, 14 Feb 2019, Peter Maydell wrote:

Currently the handleEvent method will directly call the NSApp
sendEvent method for any events that we want to let OSX deal
with. When we rearrange the event handling code, the way that
we say "let OSX have this event" is going to change. Prepare
for that by refactoring so that handleEvent returns a flag
indicating whether it consumed the event.

Suggested-by: BALATON Zoltan 
Signed-off-by: Peter Maydell 
---
New patch in v2
---
ui/cocoa.m | 49 ++---
1 file changed, 34 insertions(+), 15 deletions(-)

diff --git a/ui/cocoa.m b/ui/cocoa.m
index 2d943b6e2a..5a84e1aea7 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -129,8 +129,9 @@
NSTextField *pauseLabel;
NSArray * supportedImageFileTypes;

-// Utility function to run specified code block with iothread lock held
+// Utility functions to run specified code block with iothread lock held
typedef void (^CodeBlock)(void);
+typedef bool (^BoolCodeBlock)(void);

static void with_iothread_lock(CodeBlock block)
{
@@ -144,6 +145,21 @@ static void with_iothread_lock(CodeBlock block)
}
}

+static bool bool_with_iothread_lock(BoolCodeBlock block)
+{
+bool locked = qemu_mutex_iothread_locked();
+bool val;
+


Git complained about extra white space in the end of the empty line above 
but not sure if it was added during mailing or you have it in the original 
patch.



+if (!locked) {
+qemu_mutex_lock_iothread();
+}
+val = block();
+if (!locked) {
+qemu_mutex_unlock_iothread();
+}
+return val;
+}
+
// Mac to QKeyCode conversion
const int mac_to_qkeycode_map[] = {
[kVK_ANSI_A] = Q_KEY_CODE_A,
@@ -320,8 +336,8 @@ - (void) grabMouse;
- (void) ungrabMouse;
- (void) toggleFullScreen:(id)sender;
- (void) handleMonitorInput:(NSEvent *)event;
-- (void) handleEvent:(NSEvent *)event;
-- (void) handleEventLocked:(NSEvent *)event;
+- (bool) handleEvent:(NSEvent *)event;
+- (bool) handleEventLocked:(NSEvent *)event;
- (void) setAbsoluteEnabled:(BOOL)tIsAbsoluteEnabled;
/* The state surrounding mouse grabbing is potentially confusing.
 * isAbsoluteEnabled tracks qemu_input_is_absolute() [ie "is the emulated
@@ -664,15 +680,16 @@ - (void) handleMonitorInput:(NSEvent *)event
}
}

-- (void) handleEvent:(NSEvent *)event
+- (bool) handleEvent:(NSEvent *)event
{
-with_iothread_lock(^{
-[self handleEventLocked:event];
+return bool_with_iothread_lock(^{
+return [self handleEventLocked:event];
});
}


If this is only ever used for this one method, wouldn't it be easier to 
move locking to the method below (even with some goto after setting a ret 
variable to unlock at the end of the method where now it returns in the 
middle, but maybe it could even be done without goto as the whole code is 
one big switch that can be exited with break and an if that can be skipped 
by a flag)? That may be easier to follow than this method within block 
within method and then you wouldn't need bool_with_iothread_lock and 
neither handleEvent. Unless there's something I'm missing which makes this 
convoluted way needed.


Other than that
Reviewed-by: BALATON Zoltan 

Regards,
BALATON Zoltan


-- (void) handleEventLocked:(NSEvent *)event
+- (bool) handleEventLocked:(NSEvent *)event
{
+/* Return true if we handled the event, false if it should be given to OSX 
*/
COCOA_DEBUG("QemuCocoaView: handleEvent\n");
int buttons = 0;
int keycode = 0;
@@ -743,8 +760,7 @@ - (void) handleEventLocked:(NSEvent *)event
if (keycode == Q_KEY_CODE_F) {
switched_to_fullscreen = true;
}
-[NSApp sendEvent:event];
-return;
+return false;
}

// default
@@ -759,12 +775,12 @@ - (void) handleEventLocked:(NSEvent *)event
// enable graphic console
case '1' ... '9':
console_select(key - '0' - 1); /* ascii math */
-return;
+return true;

// release the mouse grab
case 'g':
[self ungrabMouse];
-return;
+return true;
}
}
}
@@ -781,7 +797,7 @@ - (void) handleEventLocked:(NSEvent *)event
// don't pass the guest a spurious key-up if we treated this
// command-key combo as a host UI action
if (!isMouseGrabbed && ([event modifierFlags] & 
NSEventModifierFlagCommand)) {
-return;
+return true;
}

if (qemu_console_is_graphic(NULL)) {
@@ -875,7 +891,7 @@ - (void) handleEventLocked:(NSEvent *)event
mouse_event = false;
break;
default:
-[NSApp sendEvent:event];
+return false;
}

if 

Re: [Qemu-devel] [PATCH 42/52] i386: express dependencies with Kconfig

[Paolo Bonzini]

On 14/02/19 17:54, Michael S. Tsirkin wrote:
> On Thu, Feb 14, 2019 at 05:47:08PM +0100, Paolo Bonzini wrote:
>> On 01/02/19 16:05, Philippe Mathieu-Daudé wrote:
>>> This lacks a DISPLAY dependency?
>>>
>>> $ i386-softmmu/qemu-system-i386 -M q35
>>> qemu-system-i386: Unknown device 'VGA' for bus 'PCIE'
>>> Aborted (core dumped)
>>
>> If you got this with --without-default-devices, then it's intended behavior.
>>
>> VGA_PCI is selected via CONFIG_PCI_DEVICES.
> 
> OK but I guess as a follow-up patch we can hide things that don't work,
> or select things that are required?

It is not required; if you use "-nodefaults" you can build without
CONFIG_VGA_PCI (the failure mode is horrible, granted; it's the same
today if you modify pci.mak).  The documentation explains this for
--without-default-devices:

  When QEMU is built with this option, the user will probably
  want to change some lines in the first group, for example like this::

CONFIG_PCI_DEVICES=y
#CONFIG_TEST_DEVICES=n

  and/or pick a subset of the devices in those device groups.

Paolo

[Qemu-devel] [PATCH v1] tests: Add a simple device_del test for PCI devices

[David Hildenbrand]

The issue with testing asynchronous unplug requests it that they usually
require a running guest to handle the request. However, to test if
unplug of PCI devices works, we can apply a nice little trick on some
architectures:

On system reset, x86 ACPI, s390x and spapr will perform the unplug,
resulting in the device of interest to get deleted and a DEVICE_DELETED
event getting sent.

On s390x, we still get a warning
qemu-system-s390x: -device virtio-mouse-pci,id=dev0:
warning: Plugging a PCI/zPCI device without the 'zpci' CPU feature
enabled; the guest will not be able to see/use this device

This will be fixed soon, when we enable the zpci CPU feature always
(Conny already has a patch for this queued).

Cc: Collin Walling 
Cc: Cornelia Huck 
Cc: Pierre Morel 
Cc: Michael S. Tsirkin 
Cc: Marcel Apfelbaum 
Cc: David Gibson 
Cc: Greg Kurz 
Cc: Igor Mammedov 
Cc: Eduardo Habkost 
Cc: Thomas Huth 
Cc: Laurent Vivier 
Cc: Paolo Bonzini 
Signed-off-by: David Hildenbrand 
---
 tests/Makefile.include  |   4 ++
 tests/device_del-test.c | 103 
 2 files changed, 107 insertions(+)
 create mode 100644 tests/device_del-test.c

diff --git a/tests/Makefile.include b/tests/Makefile.include
index b39e989f72..713e5e23a7 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -192,6 +192,7 @@ check-qtest-i386-$(CONFIG_ISA_IPMI_KCS) += 
tests/ipmi-kcs-test$(EXESUF)
 # check-qtest-i386-$(CONFIG_ISA_IPMI_BT) += tests/ipmi-bt-test$(EXESUF)
 check-qtest-i386-y += tests/i440fx-test$(EXESUF)
 check-qtest-i386-y += tests/fw_cfg-test$(EXESUF)
+check-qtest-i386-y += tests/device_del-test$(EXESUF)
 check-qtest-i386-y += tests/drive_del-test$(EXESUF)
 check-qtest-i386-$(CONFIG_WDT_IB700) += tests/wdt_ib700-test$(EXESUF)
 check-qtest-i386-y += tests/tco-test$(EXESUF)
@@ -256,6 +257,7 @@ check-qtest-ppc-$(CONFIG_M48T59) += 
tests/m48t59-test$(EXESUF)
 
 check-qtest-ppc64-y += $(check-qtest-ppc-y)
 check-qtest-ppc64-$(CONFIG_PSERIES) += tests/spapr-phb-test$(EXESUF)
+check-qtest-ppc64-$(CONFIG_PSERIES) += tests/device_del-test$(EXESUF)
 check-qtest-ppc64-$(CONFIG_POWERNV) += tests/pnv-xscom-test$(EXESUF)
 check-qtest-ppc64-y += tests/migration-test$(EXESUF)
 check-qtest-ppc64-$(CONFIG_PSERIES) += tests/rtas-test$(EXESUF)
@@ -310,6 +312,7 @@ check-qtest-s390x-$(CONFIG_SLIRP) += 
tests/test-netfilter$(EXESUF)
 check-qtest-s390x-$(CONFIG_POSIX) += tests/test-filter-mirror$(EXESUF)
 check-qtest-s390x-$(CONFIG_POSIX) += tests/test-filter-redirector$(EXESUF)
 check-qtest-s390x-y += tests/drive_del-test$(EXESUF)
+check-qtest-s390x-y += tests/device_del-test$(EXESUF)
 check-qtest-s390x-y += tests/virtio-ccw-test$(EXESUF)
 check-qtest-s390x-y += tests/cpu-plug-test$(EXESUF)
 check-qtest-s390x-y += tests/migration-test$(EXESUF)
@@ -750,6 +753,7 @@ tests/ipoctal232-test$(EXESUF): tests/ipoctal232-test.o
 tests/qom-test$(EXESUF): tests/qom-test.o
 tests/test-hmp$(EXESUF): tests/test-hmp.o
 tests/machine-none-test$(EXESUF): tests/machine-none-test.o
+tests/device_del-test$(EXESUF): tests/device_del-test.o
 tests/drive_del-test$(EXESUF): tests/drive_del-test.o $(libqos-virtio-obj-y)
 tests/nvme-test$(EXESUF): tests/nvme-test.o $(libqos-pc-obj-y)
 tests/pvpanic-test$(EXESUF): tests/pvpanic-test.o
diff --git a/tests/device_del-test.c b/tests/device_del-test.c
new file mode 100644
index 00..cbc3e78e56
--- /dev/null
+++ b/tests/device_del-test.c
@@ -0,0 +1,103 @@
+/*
+ * QEMU device_del handling
+ *
+ * Copyright (C) 2019 Red Hat Inc.
+ *
+ * Authors:
+ *  David Hildenbrand 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "libqtest.h"
+#include "qapi/qmp/qdict.h"
+#include "qapi/qmp/qstring.h"
+
+static void device_del_request(const char *id)
+{
+QDict *resp;
+
+resp = qmp("{'execute': 'device_del', 'arguments': { 'id': %s } }", id);
+g_assert(qdict_haskey(resp, "return"));
+qobject_unref(resp);
+}
+
+static void system_reset(void)
+{
+QDict *resp;
+
+resp = qmp("{'execute': 'system_reset'}");
+g_assert(qdict_haskey(resp, "return"));
+qobject_unref(resp);
+}
+
+static void wait_device_deleted_event(const char *id)
+{
+QDict *resp, *data;
+QObject *device;
+QString *qstr;
+
+/*
+ * Other devices might get removed along with the removed device. Skip
+ * these.
+ */
+for (;;) {
+resp = qtest_qmp_eventwait_ref(global_qtest, "DEVICE_DELETED");
+data = qdict_get_qdict(resp, "data");
+if (!data) {
+qobject_unref(resp);
+continue;
+}
+device = qdict_get(data, "device");
+if (!device) {
+qobject_unref(resp);
+continue;
+}
+qstr = qobject_to(QString, device);
+g_assert(qstr);
+if (!strcmp(qstring_get_str(qstr), id)) {
+qobject_unref(data);
+

Re: [Qemu-devel] [PATCH v6 06/18] hw/boards: Add a MachineState parameter to kvm_type callback

[Peter Maydell]

On Tue, 5 Feb 2019 at 17:33, Eric Auger  wrote:
>
> On ARM, the kvm_type will be resolved by querying the KVMState.
> Let's add the MachineState handle to the callback so that we
> can retrieve the  KVMState handle. in kvm_init, when the callback
> is called, the kvm_state variable is not yet set.
>
> Signed-off-by: Eric Auger 
> Acked-by: David Gibson 
> [ppc parts]
> ---
>  accel/kvm/kvm-all.c   | 2 +-
>  hw/ppc/mac_newworld.c | 3 +--
>  hw/ppc/mac_oldworld.c | 2 +-
>  hw/ppc/spapr.c| 2 +-
>  include/hw/boards.h   | 2 +-
>  5 files changed, 5 insertions(+), 6 deletions(-)
>


> diff --git a/include/hw/boards.h b/include/hw/boards.h
> index 02f114085f..425d2c86a6 100644
> --- a/include/hw/boards.h
> +++ b/include/hw/boards.h
> @@ -171,7 +171,7 @@ struct MachineClass {
>  void (*init)(MachineState *state);
>  void (*reset)(void);
>  void (*hot_add_cpu)(const int64_t id, Error **errp);
> -int (*kvm_type)(const char *arg);
> +int (*kvm_type)(MachineState *ms, const char *arg);
>
>  BlockInterfaceType block_default_type;
>  int units_per_default_bus;
> --

Can you add a line to the struct's documentation comment for the
@kvm_type field, please ?

We're rather inconsistent about what we name the MachineState*
parameter in methods here:
 "state" x 1   (init)
 "machine" x 3 (get_hotplug_handler, cpu_index_to_instance_props,
possible_cpu_arch_ids)
 "ms" x 1 (get_default_cpu_node_id)

It would probably be better to follow the most common option
rather than one of the rarer ones.

Otherwise
Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH v6 05/18] hw/arm/virt: Split the memory map description

[Peter Maydell]

On Tue, 5 Feb 2019 at 17:33, Eric Auger  wrote:
>
> In the prospect to introduce an extended memory map supporting more
> RAM, let's split the memory map array into two parts:
>
> - the former a15memmap contains regions below and including the RAM
> - extended_memmap, only initialized with entries located after the RAM.
>   Only the size of the region is initialized there since their base
>   address will be dynamically computed, depending on the top of the
>   RAM (initial RAM at the moment), with same alignment as their size.
>
> This new split will allow to grow the RAM size without changing the
> description of the high regions.

This change makes it clear that "a15memmap" is badly misnamed.
I think we should change it to "base_memmap" here.

>
> The patch also moves the memory map setup into machvirt_init().
> The rationale is the memory map will be soon affected by the
> kvm_type() call that happens after virt_instance_init() and
> before machvirt_init().
>
> At that point the memory map is not changed, ie. the initial RAM can

"At this point" ?

> grow up to 256GiB. Then come the high IO regions with same layout as
> before.
>
> Signed-off-by: Eric Auger 
>
> ---
> v5 -> v6
> - removal of many macros in units.h
> - introduce the virt_set_memmap helper
> - new computation for offsets of high IO regions
> - add comments
> ---
>  hw/arm/virt.c | 45 ++-
>  include/hw/arm/virt.h | 14 ++
>  2 files changed, 50 insertions(+), 9 deletions(-)
>
> diff --git a/hw/arm/virt.c b/hw/arm/virt.c
> index a1955e7764..2b15839d0b 100644
> --- a/hw/arm/virt.c
> +++ b/hw/arm/virt.c
> @@ -29,6 +29,7 @@
>   */
>
>  #include "qemu/osdep.h"
> +#include "qemu/units.h"
>  #include "qapi/error.h"
>  #include "hw/sysbus.h"
>  #include "hw/arm/arm.h"
> @@ -149,11 +150,20 @@ static const MemMapEntry a15memmap[] = {
>  [VIRT_PCIE_PIO] =   { 0x3eff, 0x0001 },
>  [VIRT_PCIE_ECAM] =  { 0x3f00, 0x0100 },
>  [VIRT_MEM] ={ 0x4000, RAMLIMIT_BYTES },
> +};
> +
> +/*
> + * Highmem IO Regions: This memory map is floating, located after the RAM.
> + * Each IO region offset will be dynamically computed, depending on the
> + * top of the RAM, so that its base get the same alignment as the size,
> + * ie. a 512GiB region will be aligned on a 512GiB boundary.

I think you should say here that if there is less than 256GiB of RAM
then the floating area starts at the 256GiB mark.

> + */
> +static MemMapEntry extended_memmap[] = {
>  /* Additional 64 MB redist region (can contain up to 512 redistributors) 
> */
> -[VIRT_HIGH_GIC_REDIST2] =   { 0x40ULL, 0x400 },
> -[VIRT_HIGH_PCIE_ECAM] = { 0x401000ULL, 0x1000 },
> -/* Second PCIe window, 512GB wide at the 512GB boundary */
> -[VIRT_HIGH_PCIE_MMIO] = { 0x80ULL, 0x80ULL },
> +[VIRT_HIGH_GIC_REDIST2] =   { 0x0, 64 * MiB },
> +[VIRT_HIGH_PCIE_ECAM] = { 0x0, 256 * MiB },
> +/* Second PCIe window */
> +[VIRT_HIGH_PCIE_MMIO] = { 0x0, 512 * GiB },
>  };
>
>  static const int a15irqmap[] = {
> @@ -1354,6 +1364,30 @@ static uint64_t virt_cpu_mp_affinity(VirtMachineState 
> *vms, int idx)
>  return arm_cpu_mp_affinity(idx, clustersz);
>  }

Otherwise
Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH 0/4] target/arm: Reduce overhead of cpu_get_tb_cpu_state

[Emilio G. Cota]

On Wed, Feb 13, 2019 at 20:06:48 -0800, Richard Henderson wrote:
> We've talked about this before, caching state to reduce the
> amount of computation that happens looking up each TB.
> 
> I know that Peter has been concerned that we would not be able to 
> reliably maintain all of the places that need to be updates to
> keep this up-to-date.
> 
> Well, modulo dirty tricks within linux-user, it appears as if
> exception delivery and return, plus after every TB-ending write
> to a system register is sufficient.
> 
> There seems to be a noticable improvement, although wall-time
> is harder to come by -- all of my system-level measurements
> include user input, and my user-level measurements seem to be
> too small to matter.

Thanks for this!

Some SPEC06int user-mode numbers (before vs. after)

   aarch64-linux-user speedup for SPEC06int (test set)
  Host: Intel(R) Xeon(R) Gold 6142 CPU @ 2.60GHz

  2 +-+
| |
1.9 |-+.a+-+r...+-|
|+-+  |
|* *  |
1.8 |-+..*.*+-|
|   +-+  * *  |
1.7 |-+.+-+...+-+*.*...+-+..+-|
|   * * +-+   * ** *   +-+|
1.6 |-+.*.*..|*.**.*+-+*.*..+-|
|   * * *|*   * ** *+-+* *|
1.5 |-+.*.*.*|*...*.**.**.**.*..+-|
|   * * +-+   * ** ** ** *|
|   * * * *   * ** ** ** *|
1.4 |-+.*.*.*.*...*.**.**.**.*+-+-|
|   * *   +-+   * *   * ** ** ** ** * |
1.3 |-+.*.*...+-+...*.*...*.**.**.**.**.*-|
| +-+   * *   * *   * *   * ** ** ** ** * |
1.2 |-+-+...*.*...*.*...*.*...*.**.**.**.**.*-|
| * *   * *   * *   * *   * ** ** ** ** * |
| * *   * *   * *+-+* *   * ** ** ** ** * |
1.1 |-*.*...*.*...*.**.**.*...*.**.**.**.**.*-|
| * *+-+* *+-+* ** ** *+-+* ** ** ** ** * |
  1 +-+
  400.per401.b40344454462.li464471.483.xalangeomean
 png: https://imgur.com/RjkYYJ5

That is, a 1.4x average speedup.

Emilio

Re: [Qemu-devel] [PATCH v2 3/7] ui/cocoa: Factor out initial menu creation

[BALATON Zoltan]

On Thu, 14 Feb 2019, Peter Maydell wrote:

Factor out the long code sequence in main() which creates
the initial set of menus. This will make later patches
which move initialization code around a bit clearer.

Signed-off-by: Peter Maydell 


Reviewed-by: BALATON Zoltan 

Regards,
BALATON Zoltan


---
ui/cocoa.m | 78 --
1 file changed, 41 insertions(+), 37 deletions(-)

diff --git a/ui/cocoa.m b/ui/cocoa.m
index 9d23732ff9..0b1cd31543 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -1461,43 +1461,8 @@ - (void)adjustSpeed:(id)sender

@end

-
-int main (int argc, const char * argv[]) {
-
-gArgc = argc;
-gArgv = (char **)argv;
-int i;
-
-/* In case we don't need to display a window, let's not do that */
-for (i = 1; i < argc; i++) {
-const char *opt = argv[i];
-
-if (opt[0] == '-') {
-/* Treat --foo the same as -foo.  */
-if (opt[1] == '-') {
-opt++;
-}
-if (!strcmp(opt, "-h") || !strcmp(opt, "-help") ||
-!strcmp(opt, "-vnc") ||
-!strcmp(opt, "-nographic") ||
-!strcmp(opt, "-version") ||
-!strcmp(opt, "-curses") ||
-!strcmp(opt, "-display") ||
-!strcmp(opt, "-qtest")) {
-return qemu_main(gArgc, gArgv, *_NSGetEnviron());
-}
-}
-}
-
-NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
-
-// Pull this console process up to being a fully-fledged graphical
-// app with a menubar and Dock icon
-ProcessSerialNumber psn = { 0, kCurrentProcess };
-TransformProcessType(, kProcessTransformToForegroundApplication);
-
-[NSApplication sharedApplication];
-
+static void create_initial_menus(void)
+{
// Add menus
NSMenu  *menu;
NSMenuItem  *menuItem;
@@ -1581,6 +1546,45 @@ int main (int argc, const char * argv[]) {
menuItem = [[[NSMenuItem alloc] initWithTitle:@"Window" action:nil 
keyEquivalent:@""] autorelease];
[menuItem setSubmenu:menu];
[[NSApp mainMenu] addItem:menuItem];
+}
+
+int main (int argc, const char * argv[]) {
+
+gArgc = argc;
+gArgv = (char **)argv;
+int i;
+
+/* In case we don't need to display a window, let's not do that */
+for (i = 1; i < argc; i++) {
+const char *opt = argv[i];
+
+if (opt[0] == '-') {
+/* Treat --foo the same as -foo.  */
+if (opt[1] == '-') {
+opt++;
+}
+if (!strcmp(opt, "-h") || !strcmp(opt, "-help") ||
+!strcmp(opt, "-vnc") ||
+!strcmp(opt, "-nographic") ||
+!strcmp(opt, "-version") ||
+!strcmp(opt, "-curses") ||
+!strcmp(opt, "-display") ||
+!strcmp(opt, "-qtest")) {
+return qemu_main(gArgc, gArgv, *_NSGetEnviron());
+}
+}
+}
+
+NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
+
+// Pull this console process up to being a fully-fledged graphical
+// app with a menubar and Dock icon
+ProcessSerialNumber psn = { 0, kCurrentProcess };
+TransformProcessType(, kProcessTransformToForegroundApplication);
+
+[NSApplication sharedApplication];
+
+create_initial_menus();

// Create an Application controller
QemuCocoaAppController *appController = [[QemuCocoaAppController alloc] 
init];